What's new
  • ICMag with help from Phlizon, Landrace Warden and The Vault is running a NEW contest for Christmas! You can check it here. Prizes are: full spectrum led light, seeds & forum premium access. Come join in!

Tor: An anonymous Internet communication system

pipeline

Cannabotanist
ICMag Donor
Veteran
well i ended up uninstalling because 3 times my comp shut off while using google earth. Thats a good point though Mrgrowem.
 
Was going to post up a thread on tor after a haxor friend of mine suggested it..

I'm glad were on the scene too, way to go ImBoggled :thumbs up:
 

HappyHemphog

Active member
Mrgrowem said:
Hello all,

I just noticed something I don't like about Tor. Tor seems to connect or at the very least request information from servers we may not want to make contact with. I'm sure this is not a concern or is it? I have found Tor making udp and tcp requests from enemy servers like the DOD, ACS, military installations, common government and all sorts of other machines. I found this by looking at my firewall logs. Why would Tor be doing this ? There must be several Tor servers that belong to the government that are allowed into the onion forrest. Can someone who understands the process better chime in here ? I think its a huge risk to have government servers of any kind in the Tor onion forrest of servers.
In reading the info at the Tor website, no information of this nature is discussed. Worse yet is that any onion server along the way COULD see your data. I recall that any onion server along the route could be compromised with a less than desirable computer operator "read hacker". Any comments ?


Yes, anyone can and does run Tor servers, including the military. They use Tor for security purposes just like we do. The data is encrytped (yeah, it's not uber strong, but it takes effort to crack it to prevent casual sniffing) and beyond the first server, no one knows your IP.

It's possible to tweak your Tor configuration to not use these routers as well as specify ones you will accept implicitly.

If your that concerned, if LEO taps you at your ISP, there is nothing out there to protect you, so you might as well cancel your "internets".

I will continue to do what I can to leave as few dots behind as possible. The less dots, the harder it is for LEO to play connect the dots. Just like burglars, they will pass on me for someone that's easier to investigate and prosecute.

Cheers!
Hempy
 

Underground Man

Active member
Mrgrowem said:
Worse yet is that any onion server along the way COULD see your data.

not true. Onion routing was developed to solve this problem.

http://www.onion-router.net/Summary.html said:
Each Onion Router can only identify adjacent Onion Routers along the route. Before sending data over an anonymous connection, the first Onion Router adds a layer of encryption for each Onion Router in the route. As data moves through the anonymous connection, each Onion Router removes one layer of encryption, so it finally arrives as plaintext. This layering occurs in the reverse order for data moving back to the initiator. Data passed along the anonymous connection appears different at each Onion Router, so data cannot be tracked en route and compromised Onion Routers cannot cooperate. When the connection is broken, all information about the connection is cleared at each Onion Router.
 

Mrgrowem

Active member
Underground Man,

Hey, thanks for that info. What I said wasn't a statement, I just wasn't sure. Your finding and posting that info eases my mind somewhat. So far the only thing about Tor/Privoxy is the speed issue. Another thing I do is create white noise, run Winamp in the internet radio/internet TV mode while I'm using Tor/Privoxy.
 
G

Guest

Awesome!!! Worked the 1st time around!!

only problem is that it can be quite slow at times, much slower tham my 2006-broadband-induced-impatience can withstand, but w/e
 
Last edited:

BigToke

Bio-Bucket Specialist *********
Veteran
……………..Tor Revisited ~ it has been some time since I last sounded the trumpet of warning over the use of Tor-Proxy, so let me see if I can be a little clearer about this.

………………First off I installed the Tor-Proxy program on my OS running Mozilla Firefox to further show the good people at IC the pit-falls of using such a program.

………………So here we go, I will add snap-shots so you can follow my findings ~ let it be known that I am attempting to show that the Tor-Proxy program will connect most of the time to US proxy-servers; now if that’s not a big-enough pit-fall for ya I don’t know what is.

………………...So I am setting here on the IC-Servers from my location and I am going to open a new browser window and while I’m still connected to the IC-Severs I am going to direct my second browser to go http://www.stayinvisible.com/cgi-bin/iptest.cgi then I will click the button that says Try to guess my IP

and here is the result of the IP test: I will copy that IP.


now I am going to use another program to track this IP to find out what country it is in, because that is important!! The name of the program is Neo Trace Pro




…………………although I have just shown a common pit-fall in this program let me just say that it is still one of the better ones that I have used, but be aware that there are pit-falls in this proxy-program but it is still by far better than nothing………..it is my opinion that one could tweaked this program to only connect to out of country proxy-servers.


BTW.........Mrgrowem ~
I did the tec-lab-research that your suggesting. I'm pretty well convinced when comparing tor and privoxy to other programs that attempt to mask your web browsing, that Tor/Privoxy are pretty powerful.
Hummm……….maybe you could explain to all of us here at IC about your most fantastic “tec-lab-research” method, I for one would be most interested.

Perhaps you should do some research so next time you won't get snagged in your own trap.
I think you’ll find that anyone that knows me here at IC, knows that I do my research and would not open my mouth other wise.

It may not be the magic peel but its better than most. It's also an open source coded program, which gives it the power of the many and, it's in the learning stage. I'm not trying to convince you. Like you said, people can use whatever program they like. I do think that your unduly harsh with whatever your conceptions happen to be about the program, steering some who could use it the wrong way. Its almost impossible to deliver open source code with the intentions of deceit, anyone can use and read the code its programmed with. Unlike the code written by the likes of Microsoft, all in secret.
In closing, no program of this type is perfect, yet....For the time being it's damn sure better then nothing.
………….now that’s the smartest thing I’ve heard you say so far….
 
Last edited:
G

Guest

edit: tor can make things VERY slow sometimes
and it doesnt even connect all the time

EEK
 

HappyHemphog

Active member
Big Toke, since you seem to have a firm grasp of how Tor works, you must then be aware that you can configure Tor to NOT use certain routers as well as specifiy servers you will implicitly allow.

Of course this is a little advanced for most users, but if your that paranoid, it's something you should learn how to do.

No one ever said Tor was perfect, in fact, it's quite easy to get around it on a webpage and get your IP. An embedded Java app in the page has the ability to expose your IP regardless of ANY proxy. This is because Java has direct access to your internet connection and can open a socket on any port.

Of course, if your one of those paranoid types, you would have already turned Java off.

My point is, and always will be, anything you do to hide your tracks will make it that much harder for LEO. Make it harder on LEO and he's likely to look for an easier target.

Cheers!
Hempy
 

Underground Man

Active member
BigToke said:
Tor-Proxy program will connect most of the time to US proxy-servers; now if that’s not a big-enough pit-fall for ya I don’t know what is.

This is not a pitfall at all.

The connection has to come out somewhere! its not news that you can determine the physical location of that server. Tor is supposed to make it difficult/impossible to determine YOUR ip. Who cares where traffic appears to come from as long as its not traceable to you.

besides, as Hemphog mentioned, tor now allows you to pick your exit nodes.

Its true that nothing can offer 100% security. this doesn't mean people should give up and not take any security measures. I still lock my front door when I know it could probably kicked in or the lock picked.
 

Underground Man

Active member
HappyHemphog said:
An embedded Java app in the page has the ability to expose your IP regardless of ANY proxy. This is because Java has direct access to your internet connection and can open a socket on any port.

Of course, if your one of those paranoid types, you would have already turned Java off.

I think most browsers by default don't allow java apps to make network connections. I'm sure alot of people have explicitly allowed it though.
 

HappyHemphog

Active member
Underground Man said:
I think most browsers by default don't allow java apps to make network connections. I'm sure alot of people have explicitly allowed it though.

If that were the case, the Java chat applet on this site would not work. It bypasses Tor entirely. And yes, I've configured Java to proxy thru Tor/Privoxy but it still goes around it.

Cheers!
Hempy
 

BigToke

Bio-Bucket Specialist *********
Veteran
………………you two fellows (HappyHemphog & Underground Man) seem to have everything under control, would it be to much to ask if you could put something on the table besides just words I mine, I have walked you thru my findings ……………..so how about you two give us a good walk thru of your findings that’s far enough don’t you think? Or is ALL you two have to afar is just WORDS!!

Hay I have a great idea, how about you two show the rest of us how we can configure Tor-Proxy so that it only connects to out of US proxy-servers, now that would be sweet or would you like for me to show you that to?
 
G

Guest

Whenever I use tor and use google, it sometimes sends me to the chinese google, or the denmark google, or something...and I have to turn tor off in order to get to the REAL google (when using it through mozilla firefox)

why is this?
 
Because it detects you coming from a Chinese proxy, or a danish one, or whatever, and automatically sends you to the appropriate language version of google.
 

Buckwheat

New member
So I am setting here on the IC-Servers from my location and I am going to open a new browser window and while I’m still connected to the IC-Severs I am going to direct my second browser to go http://www.stayinvisible.com/cgi-bin/iptest.cgi then I will click the button that says Try to guess my IP
You have to turn off Java....if you do it won't show your true IP. You can leave Java Script on so some of the functions on this board still work but Java has to be off.
 
Top