29 replies to this topic

[imok]

The 46 Best-ever Freeware Utilities
http://http://www.te...e_utilities.htm
From the free monthly newsletter "Support Alert"
Subscribe link is at the top of the above page.

Best Free Anonymous Surfing Service Updated March 1, 2005
There are lots of reasons folks have for wanting to surf anonymously, ranging from simple paranoia to possibly being murdered by a malevolent foreign government. Whatever the reasons, commercial services that offer anonymity are doing real well. However one of the best services JAP, is totally free. In fact JAP is perhaps a little too good. That's why the German Police insisted in 2004 that a backdoor be put into the product to allow interception of child pornographers. This was done but subsequently removed as a result of court action by JAP. An alternative to JAP is another system called Tor. However the US Navy origin of Tor gives rise to the suspicion that this system may indeed have a permanent backdoor. Whatever, both JAP and Tor offer a level of secrecy that is better than many commercial systems. However expect your surfing to slow down as you'll be relayed through a chain of servers. You'll also need to change your browser settings to work through a proxy.
http://anon.inf.tu-dresden.de/index_en.html
http://tor.eff.org/

[dukex]

Thank you kindly bookmarked for future use.

Peace...

[Hippie3]

copied to the vaults

[pacingthecage]

TOR

After doing a good amount of research on methods for anonymous surfing, I have decided to place my bets on Tor. The following are my conclusions and info links which influenced my decision:

The only way to remain anonymous is to use a proxy server in some form or another. A proxy server is a kind of buffer between your computer and the Internet resources you are accessing. There are numerous websites offering free proxy servers all over the world. What with our government increasingly infringing on our privacies, it would seem that if one were to use a proxy server, it would be better to use one that is offshore - authorities can and have requested logs from proxy servers in order to trace original IP addresses.
The idea is that if your proxy is offshore somewhere, it might be more difficult for authorities to trace you as laws are not always reciprical in other countries. Also, some proxy servers state that they purge logs often (only every few days or so), but nothing is assured. Also, regular proxies are NOT encrypted.

There are ways to chain proxy servers together in order to confuse those who would attempt to find origins (and you can still be traced), but that is more difficult and beyond my computer skills right now, and as I will explain later, there is no need for it because now we have Tor!

Anonymous Proxy Servers

Anonymous proxy servers hide your IP address and thereby prevent your from unauthorized access to your computer through the Internet. They do not provide anyone with your IP address and effectively hide any information about you and your reading interests. Besides that, they don’t even let anyone know that you are surfing through a proxy server. Anonymous proxy servers can be used for all kinds of Web-services, such as Web-Mail (MSN Hot Mail, Yahoo mail), web-chat rooms, FTP archives, etc. ProxySite.com - a place where the huge list of public proxies is compiled. In a database you always can find the most modern lists, the Proxy are checked every minute, and the list is updated daily from various sources. The system uses the latest algorithm for set and sortings of servers by proxy, servers for anonymous access are checked. However, most anonymous proxy servers maintain logs for at least a few days before purging in case of an abuse of their proxy (they'll turn over logs to authorities, if requested or subpoened, and the original IP address can be traced).

TOR

Tor is an Onion Routing program based on the onion routing originally developed by the U.S. Naval Research Lab to shield government (military/intelligence) employees online activities from corporate or government eyes. The Navy is financing Tor because it wants to hide the identity of government employees who have long used anonymous communications systems for intelligence gathering and politically sensitive negotiations.

Tor has perfect forward secrecy. It works like this: Messages, or packets of information, are sent through a distributed network of randomly selected servers, or nodes, each of which knows only its predecessor and successor. Messages flowing through this network are unwrapped by a symmetric encryption key at each server that peels off one layer and reveals instructions for the next downstream node. Even the onion routers themselves can't figure out who and where you are. One drawback is slower surfing as a result of the routing. I use dial-up and have noticed slightly slower speeds while using Tor, but I think the trade-off is worthwhile when I desire anonymity. You can still use your browser without Tor for regular speeds. When you want anonymity, get into Firefox, Privoxy auto-kicks in, turn Tor on and your ready to go! Very simple.

"The point of the Tor system is to spread the traffic over multiple points of control so that no one person or company has the ability to link people," said programmer Roger Dingledine. Dingledine and Nick Mathewson, both based in Boston, are building Tor as a research platform with a worldwide community of open-source software developers.

The security of the Tor service is proportional to the number of nodes in the system. Tor is slowly scaling and looking for tens of thousands of participants who can provide enough nodes to prevent the service from being compromised by what the project website describes as "curious telcos and brute-force attacks."

Tor vs JAP: Backdoors?

Some question the integrity of Tor as it is financed by the US military. Is there a backdoor? Why has the US Navy opened Tor for the public?

TOR was developed at the request of the Navy to help hide the fact that certain activities were coming from Navy devices (like, for instance, they may not want Navy-owned IPs showing up in webserver logs). This is something that the gov't reconnaissance folks will want. The interesting thing is, they *have* to open it, otherwise people will still know it's a government system, since it came from the government anonymizer. If they really want sites to not know that the government is looking at them, they have to let everyone use it, so that the anonymizer is no longer a "government" thing.

Dingeldine said the developers of another online anonymity project, called JAP (http://anon.inf.tu-d...e/index_en.html), were forced by the German government to insert a backdoor into the program and were barred from revealing it (apparently because of child pornographers). If anyone insisted on similar measures for Tor, Dingledine said the community of open-source developers who analyze source-code changes for each Tor revision would expose it -- as they did with JAP. (Google JAP, the story is all over the web).

"The reason Tor works is that it's free and available software," said Dingledine. "If it was a closed source or a proprietary system, there is no way to know."

It is my belief that Tor is the best anonymizing method to date. Currently, Tor development is supported by the Electronic Frontier Foundation (http://www.eff.org/). EFF is a nonprofit group of passionate people — lawyers, technologists, volunteers, and visionaries — working to protect your digital rights. Between the EFF and the privacy-rights oriented volunteers who run a growing list of Tor servers, IF a backdoor is found (and they're watching for one) alarms will sound loud. I'd guess that probably the only organization that has the capability to monitor a Tor user successfully would be a US intelligence/reconaissance agency, specifically the National Security Agency who specializes in all things encrypted and electronic.

I have monitored my IP address while using Tor and it changes almost everytime I visit a new website. I use http://www.all-nettools.com/toolbox
in order to see if my path can be followed while using Tor and it shows 7-14 different IP's, none of which are mine, but WHOIS search shows Amsterdam, London, California, Canada, Harvard Computer Lab in Boston, Germany, etc, etc.........and Tor servers are growing.

I'm currently running the newest version (experimental) v0.1.0.2.

Recommended that you use Mozilla Firefox and install Privoxy (instructions for setup on Tor website) for use with Tor.

Tor - http://tor.eff.org/

Privoxy - http://www.privoxy.org/

links about onion routing and Tor:

http://tor.freehaven...tor-design.html

http://www.wired.com...8,64464,00.html

http://yro.slashdot....2352235&tid=158

http://www.onion-router.net/

http://wiki.noreply....onRouter/TorFAQ

military links:

http://www.darpa.mil/

http://www.onr.navy.mil/



*this post was made while using Tor.

[vrooota]

interesting, sounds like something I should look into but I don't like the fact that the navy developed it. There has to be a back door. Why would they let the program out of their control?

[the_other_chap]

Just trying it out now...

edit:
Looks good. I'm not noticing any difference in speed (1Mb broadband) and my IP address certainly appears to be hidden.

[pacingthecage]

interesting, sounds like something I should look into but I don't like the fact that the navy developed it. There has to be a back door. Why would they let the program out of their control?

the answer to that is part of what i posted above:

"TOR was developed at the request of the Navy to help hide the fact that certain activities were coming from Navy devices (like, for instance, they may not want Navy-owned IPs showing up in webserver logs). This is something that the gov't reconnaissance folks will want. The interesting thing is, they *have* to open it, otherwise people will still know it's a government system, since it came from the government anonymizer. If they really want sites to not know that the government is looking at them, they have to let everyone use it, so that the anonymizer is no longer a "government" thing."

and about a 'backdoor':

"Currently, Tor development is supported by the Electronic Frontier Foundation (http://www.eff.org/). EFF is a nonprofit group of passionate people — lawyers, technologists, volunteers, and visionaries — working to protect your digital rights. Between the EFF and the privacy-rights oriented volunteers who run a growing list of Tor servers, IF a backdoor is found (and they're watching for one) alarms will sound loud."

That's what happened with the JAP network. JAP developers were silent when the German Feds forced them to create a backdoor, but users/servers discovered it - several months after the fact. JAP now maintains that they closed the backdoor after winning their case in court, but no one trusts them anymore.

The Electronic Frontier Foundation have been leading the fight for freedom, privacy, anonymity, etc. "in the electronic frontier" for many, many years. I wouldn't recomend using a service of some flight-by-night organization when we have EFF's Tor. The EFF is a group with a very clear record of standing in the right side of things. Check out their website. And, because of this, I consider the Tor system to be far more trustworthy than any other similar thing I know of, including anonymizing proxy sites.

Tor will not guarantee that there is no backdoor. They do make the disclaimer 'Do not rely on it for strong anonymity'. They do say that one of the only ways that Tor could be compromised is if some organization or entity took over (signed up) for a majority of servers, effectively taking over the Tor network.

Apparently, if you want to volunteer to be a Tor server-router, there is some sort of screening process that the network puts you through, don't ask me what it is because I am not one and don't know, but I will say that I saw it mentioned somewhere? that anyone who runs a server has to be prepared to take political and/or gov't heat (EFF would prolly provide lawyers if need be, ask them) and the Tor routers I've seen genuinely seem to be concerned with privacy rights and electronic freedom (when you run Tor watch the subversive-sounding screen names it routes you through), and thats why they volunteer to run servers.

Many (or most) are involved with the Electronic Frontiers Foundation (link above), which says even more about motivations for becoming a server. That's key. These folks know how to watch for backdoors, too. Many are computer science people.

As the network grows, the more secure it becomes because of the sheer number of onion-routers and/or network watchdogs. Or so the theory goes.

[vrooota]

Tor will not guarantee that there is no backdoor. They do make the disclaimer 'Do not rely on it for strong anonymity'. They do say that one of the only ways that Tor could be compromised is if some organization or entity took over (signed up) for a majority of servers, effectively taking over the Tor network.

.

How do we know that the govt doesn't already have control of a majority of servers? Not to sound too paranoid or distrusting but there just seems to be red flags all over this kind of stuff. Ziplip shut down, correct? They said their service no longer complied with US privacy laws. I don't think the govt would hesitate for a second to take control/advantage of its own software if they really wanted too. Anyway, i wish good luck to anyone who tries this but my surfing speeds can't take any more damage. Hopefully I'm just the nobody below tthe radar anyway
peace

[the_other_chap]

Have you set up the proxy information in Firefox?
http://www.mozilla.o...ions#connection



If you've left Tor and Privoxy at their defaults, the proxy info you need is:
IP Address: 127.0.0.1
Port: 8118
Tick the "manual proxy configuration" button and enter the above info. Tick the "use same proxy for all protocols" box.

Restart Firefox, and you should be OK.

[the_other_chap]

Hmmm, odd. My setup is nearly the same except that I'm using Mozilla (1.7.3) and it works fine.
Tor doesn't appear to display much apart from a couple of lines every now & then.

Did you put "forward-socks4a / localhost:9050 . " in the privoxy config file (config.txt) as recommended in the Tor documentation?
http://tor.eff.org/c...doc.html#client

[pacingthecage]

Step by step Tor setup:

running Tor on Windows (link is illustrated):
http://tor.eff.org/c...-doc-win32.html

1.Make sure you have Mozilla Firefox. You can use Internet Explorer, but there's no reason to be using IE browser anymore when Firefox is a far superior browser. If you don't have it, get it. Trust me on this.
www.getfirefox.com

2.Download Tor and complete Tor Setup Wizard.

3..Download Privoxy.

4. Now you need to configure Privoxy to use Tor:

a.)Open Privoxy's main config file by selecting it from Start Menu|All Programs: Privoxy>Edit Config>Main Configuration

b.) You should see a little config.txt notepad window. At the very top of the notepad window add the line (copy and paste it):

forward-socks4a / localhost:9050 .

Don't forget to add the dot at the end. The easiest way is to select the above line and copy/paste it into the file. Be sure to save.

Now Privoxy is all set up.

5. Configure Firefox to use Tor:

a.) Open Firefox.

b.) At the top click Tools>Options...

c.) Go down to Connection, click Connection Settings...

d.) make sure you click Manual Proxy Configuration.

e.) where it says HTTP Proxy and SSL Proxy type:

localhost

f.) in both "port" spaces after type:

8118

and click OK.

Now your done.

Just make sure that Tor is on and Privoxy is enabled and go test your IP address at:
http://www.junkbuste...cgi-bin/privacy
or
http://www.network-tools.com/

I have used Tor while having AOL as my internet provider, it works fine as long as your browsing through Firefox and not AOL.

For those using Macs, here are the setup instructions:
http://tor.eff.org/c...or-doc-osx.html

[the_other_chap]

That's exactly right, no # mark in front of the forward-socks....etc. bit.

the # signs are there to let the program know that anything following the # on that line is a comment, and should be ignored, so lines with "real" config info don't have them.

[pacingthecage]

Great.

Just remember, when you want to surf with Tor, just open Firefox and Privoxy will automatically kick in (just be sure Privoxy is enabled and leave it that way). But you have to be sure Tor is on (the black Tor window should be open and saying "Tor has successfully opened a circuit. Look's like it's working.") for it all to work. If you desire to use Firefox without Tor, you have to disable the Manual Proxy Configuration in Firefox (Tools>Options>ConnectionSettings) and enable Direct Connection to the Internet.

I often check my IP address (http://www.all-nettools.com/toolbox) when I'm using Tor and keep a list just to see how many IP's i've been disguised under and how often, if ever, some of them get repeated. Also, I do a WHOIS search on those IP's to see where their coming from and who their registered to. Pretty interesting stuff. Many offshore - some i've been routed through:

Canada
The Netherlands
Germany
Australia
Indonesia

You also have to remember that Tor is also onion-routing you through several other routers first.

[imok]

You have all made this a much better thread.
Thanks for helping :)