[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Library Defeats Tor

On Thu, 27 Sep 2007 19:52:30 -0500 (CDT), "Scott Bennett"
<bennett@xxxxxxxxxx> said:
>      On Thu, 27 Sep 2007 20:35:58 -0400 Watson Ladd
>      <watsonbladd@xxxxxxxxx>
> wrote:
> >mark485anderson@xxxxxx wrote:
> >> Then after agreeing to the TOS, you are able to connect to tor servers,=
> >
> >> but all dns requests go through a library computer IP, such that they
> >> can see and record where you are going. I am not sure if they can see
> >> the TCP content, but the UDP (which I assume is the dns lookups are all=
> >
> >> being monitored and probably logged by the library server through which=
> >
> >> you are connected. Firewall logs clearly show the outgoing and incoming=
> >
> >> DNS packets to the library IP. Rest of connections to Tor servers in th=
> >e
> >> firewall log appear normal.
> >Make sure to run DNS queries over tor if anonymity is important.
>      Absolutely.  Check your privoxy configuration file to make sure its
> first line is
> forward-socks4a / localhost:9050 .

already is

> If you're using some other port than 9050, change that accordingly. 
> Other
> programs, e.g. PuTTY, will need to be configured, too, if you use them.
> In the case of PuTTY, each remote login site that you configure to be
> proxied through tor will need to be set to use socks5 and to do DNS name
> lookups at the proxy end (see "Proxy" under "Connection").
> >>=20
> >> I have not run a sniffer yet on this, because my laptop is old and it
> >> might not be able to handle it. But tor anonymity is obviously shot whe=
> >n
> >> connecting to their wifi nodes. I believe I tried to block the DNS
> >> lookups to the Library IP with privoxy generic block rules and then I\
> >Using socks-4a should fix this.

already set to sock 4a

>      Right.  Or socks5, though privoxy doesn't yet appear to support
>      that.

did you just start using tor?

> >> could not load any web pages, indicating again that the dns requests ar=
> >e
> >> first being routed to the library machine, where they are, of course,
> >> logged (and maybe sent off to the FBI, if your reading muslim materials=
> >,
> >> haha).
> >Now are these DNS requests for sites you are browsing? It sounds like
> >that is the case, but I just want to make sure.
>      Most public wireless locations use no encryption at all.  In these
> situations, things like tor and SSH are about the only significant
> privacy
> protection most users have.

no problem with tor and other wifi connections, dns goes to tor, hence
Tentative Conclusion: Tor cannot be used with any confidence on
publically maintained machines, but there is no reference to this on the
tor website; nor any real illumination from this group, so far.  I
suppose now someone is going to tell me to disable javascript and
cookies, ;-) The encryption is SUPPOSED to occur at the client before it
even gets to any outside server, but obviously this is not happening as
the dns requests are being subverted. Perhaps the traffic is being
shuttled from the kernel OS to a library server. IOW tor should provide
the encryption necessary and no wifi encryption should be needed. I will
see if I can run a sniffer to find out exactly what's happening.

>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************

http://www.fastmail.fm - IMAP accessible web-mail