[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Fwd: Re: Library Defeats Tor
On Fri, 28 Sep 2007 15:02:53 -0700, mark485anderson@xxxxxx said:
>
> On Thu, 27 Sep 2007 21:20:42 -0500 (CDT), "Scott Bennett"
> <bennett@xxxxxxxxxx> said:
> > On Thu, 27 Sep 2007 19:05:27 -0700 mark485anderson@xxxxxx wrote:
> >
> > >On Thu, 27 Sep 2007 19:52:30 -0500 (CDT), "Scott Bennett"
> > ><bennett@xxxxxxxxxx> said:
> > >> On Thu, 27 Sep 2007 20:35:58 -0400 Watson Ladd
> > >> <watsonbladd@xxxxxxxxx>
> > >> wrote:
> > >> >mark485anderson@xxxxxx wrote:
> > >> >> Then after agreeing to the TOS, you are able to connect to tor servers,=
> > >> >
> > >> >> but all dns requests go through a library computer IP, such that they
> > >> >> can see and record where you are going. I am not sure if they can see
> > >> >> the TCP content, but the UDP (which I assume is the dns lookups are all=
> > >> >
> > >> >> being monitored and probably logged by the library server through which=
> > >> >
> > >> >> you are connected. Firewall logs clearly show the outgoing and incoming=
> > >> >
> > >> >> DNS packets to the library IP. Rest of connections to Tor servers in th=
> > >> >e
> > >> >> firewall log appear normal.
> > >> >Make sure to run DNS queries over tor if anonymity is important.
> > >>
> > >> Absolutely. Check your privoxy configuration file to make sure its
> > >> first line is
> > >>
> > >> forward-socks4a / localhost:9050 .
> > >
> > >already is
> > >
> > Okay. Good.
> > >>
> > >> If you're using some other port than 9050, change that accordingly.
> > >> Other
> > >> programs, e.g. PuTTY, will need to be configured, too, if you use them.
> > >> In the case of PuTTY, each remote login site that you configure to be
> > >> proxied through tor will need to be set to use socks5 and to do DNS name
> > >> lookups at the proxy end (see "Proxy" under "Connection").
> > >>
> > >> >>=20
> > >> >> I have not run a sniffer yet on this, because my laptop is old and it
> > >> >> might not be able to handle it. But tor anonymity is obviously shot whe=
> > >> >n
> > >> >> connecting to their wifi nodes. I believe I tried to block the DNS
> > >> >> lookups to the Library IP with privoxy generic block rules and then I\
> > >> >Using socks-4a should fix this.
> > >
> > >already set to sock 4a
> > >
> > >>
> > >> Right. Or socks5, though privoxy doesn't yet appear to support
> > >> that.
> > >
> > >did you just start using tor?
> > >
> > About 2.5 years so far.
> > >>
> > >> >> could not load any web pages, indicating again that the dns requests ar=
> > >> >e
> > >> >> first being routed to the library machine, where they are, of course,
> > >> >> logged (and maybe sent off to the FBI, if your reading muslim materials=
> > >> >,
> > >> >> haha).
> > >> >Now are these DNS requests for sites you are browsing? It sounds like
> >
> > I think the question posed here may reveal the answer.
>
> Already answered that I think, the dns requests APPEAR to be made each
> time a new url is looked up and not in looking up tor servers, but I
> will only know for certain when I run the sniffer, if that is possible
> on my laptop.
>
>
> >
> > >> >that is the case, but I just want to make sure.
> > >>
> > >> Most public wireless locations use no encryption at all. In these
> > >> situations, things like tor and SSH are about the only significant
> > >> privacy
> > >> protection most users have.
> > >
> > >no problem with tor and other wifi connections, dns goes to tor, hence
> > >my OP title LIBRARY DEFEATS TOR
> > >Tentative Conclusion: Tor cannot be used with any confidence on
> > >publically maintained machines, but there is no reference to this on the
> > >tor website; nor any real illumination from this group, so far. I
> > >suppose now someone is going to tell me to disable javascript and
> > >cookies, ;-) The encryption is SUPPOSED to occur at the client before it
> > >even gets to any outside server, but obviously this is not happening as
> > >the dns requests are being subverted. Perhaps the traffic is being
> > >shuttled from the kernel OS to a library server. IOW tor should provide
> > >the encryption necessary and no wifi encryption should be needed. I will
> > >see if I can run a sniffer to find out exactly what's happening.
> > >
> > Yes, and I think that may be why Watson asked the question I noted
> > above. Tor does its own name server queries for two purposes: 1) to
> > provide exit service when running in server mode, 2) to look up addresses
> > of other tor servers, regardless of mode. These are normal operations
> > and reveal only those activities. When you are using it in a public
> > location, I assume that it is running only as a client. So that returns
> > us to the question of exactly what kinds of addresses is tor looking up?
>
> the laptop appears to be getting web site dns translations from a
> library node rather than from tor, which allows tracking and profiling.
> each time a new url is introduced I get a firewall dns request in the
> log.
>
> > Are they only the addresses of other tor servers? Or do they also
> > include the addresses of the web sites you're trying to reach?
> > Would you also please double check your browser configuration to
> > make sure it is forwarding everything through privoxy? If you're using
> > a firefox plug-in module like Torbutton, switchproxy, or foxyproxy, have
> > you accidentally disabled the proxy?
>
> nope, don't use those, the browser is always set to go through privoxy.
> will do some further testing and try to report back, but suprised not
> more answers to this post. certainly others should have experienced this
> problem.
>
> >
> >
> > Scott Bennett, Comm. ASMELG, CFIAG
> > **********************************************************************
> > * Internet: bennett at cs.niu.edu *
> > *--------------------------------------------------------------------*
> > * "A well regulated and disciplined militia, is at all times a good *
> > * objection to the introduction of that bane of all free governments *
> > * -- a standing army." *
> > * -- Gov. John Hancock, New York Journal, 28 January 1790 *
> > **********************************************************************
> --
>
> mark485anderson@xxxxxx
>
> --
> http://www.fastmail.fm - A no graphics, no pop-ups email service
>
--
mark485anderson@xxxxxx
--
http://www.fastmail.fm - mmm... Fastmail...