Freenet

Yes, I'm also curious about Freenet. Does anyone here actually use it?

You seem to be implying that Freenet can do everything Tor can do and more. Correct me if I'm wrong but with Freenet, you can't access the internet, only the Freenet private network. So, that begs the question of how big Freenet really is. How much can I really do there? I don't really want to start unless I get a hardy thumbs up from someone. What about speeds?

Thanks

 

I must not have phrased it very well. That's what I meant by with Tor you get on the Internet and with Freenet you get on Freenet. The best thing to do is give it a try. It's certainly not for everyone. There is a "DarkNet" (think a group of connected friends...encrypted computer connections...that you can only get to if you are invited to join) and an "OpenNet" (think browsing open connections...nodes... much like we do with the WWW). Tor would be like a huge OpenNet. The "DarkNet" is all about data distribution and storage that 2 or more people can setup and form a trusted and encrypted channel and it's virtually untouchable.

I'll tell you something many don't stress about FreeNet: Use full-disk encryption on your computer. People think the presence of container encryption or erasing utilities tip off LE that somebody has "something to hide", the presence of FN is unfairly seen as some sort of smoking gun, even though FreeNet's DarkNet nodes are used everyday for perfectly legal reasons.

Here's a good place to start: http://wiki.freenetproject.org/FrequentlyAskedQuestions

 

I want to thank you for pointing out the firewall "save" here. I have been using SSH to connect to my OpenVPN (XeroBank) box to access the net and thought I was leak proof thanks to Privoxy. Unfortunately, Kyle Williams's DeAnonymizer pointed out that two Apple Quicktime URIs (Items 13 and 14) were bypassing the SSH tunnel entirely, actually revealing my true IP. After putting the kaibosh on Ports 80 and 21, I feel the leaks are resolved. I also caught several Windows processes bypassing my anonymized network tunnel (like Panda Cloud Antivirus).

I installed Comodo Firewall (but may revert back to Windows 7's built-in firewall since it now handles outbound traffic) and need to continue to find the best way to route all my laptop's traffic through my SSH tunnel, over to my XeroBank box.

 

The thanks should go to Kyle. He's quietly doing the work.

I'm going to rant again, so get ready. The problem here is that 99% of the information out there is complete nonsense. If anyone talks about leaks at all, it's this garbage about DNS leaks, all the while not realizing that it's much more than a DNS leak. Your computer is connecting directly with the website.

And to make matters worse, the offered solution almost invariably centers around shutting off java, adding privoxy, etc. The Tor documentation is as much to blame as anything else. The correct solution is not to trust the application period. You feed it the proxy settings, then use a firewall to make sure it follows those settings. Unless, of course you're using a specially designed browser (e.g. Xerobrowser) or VM (e.g. JanusVM).

If you give some more information, I might be able to help with setting the proper rules. What rule are you currently using (e.g. for Firefox)? What port is the SSH client listening on?

I don't use SSH, but I think the firewall settings would be the same as with Tor. Just allow the app to only access the localhost, and you should be leak-proof.

Regarding the Windows processes bypassing your SSH tunnel, I'm not sure how you could route everything on your system through SSH. But, then again, I don't use it so I may not know it's full capabilities. I thought you had to tell the app to access the port that the SSH client is listening on. Regarding the antivirus, I'm guessing you can specify a proxy, but even if it escaped the tunnel, I doubt that's a security risk. It's just an antivirus.


@ Lockbox

Freenet looks interesting. I'll put it in my queue of new things to try. BTW, the link you provided is missing a forward slash.

 

In Windows Networking (Control Panel), I assigned Port 8118 for HTTP and HTTPS and Port 8080 to SOCKS5.

Privoxy (latest beta) listens on Port 8118 and then forwards that data on to Port 8080, which is SOCKS5.

For Firefox, Thunderbird, and VLC, I use Mozilla's built-in port forwarding to send everything to Port 8080 (SOCKS5).

It's MSIE, Opera, Chrome, and many other programs that don't support native SOCKS5 forwarding that worry me.

This is correct. I just need to find the most elegant way to do it.

You mean you don't use Windows? That would work, but feel I am safer with my fairly decent knowledge of Windows, rather than jumping with no knowledge over to Linux.

 

I think we have a failure to communicate. It's probably my fault.

I use Windows XP. I don't use SSH. I know of no way to globally send all your computer's traffic over a proxy.

Windows Networking in the Control Panel? I'm not familiar with that. I don't see that option in the Control Panel. But don't take that as me saying it's not possible. I'm just not familiar with it. I always do it application by application when I want to use a proxy (aside from VPN of course).

Regarding configuring the firewall to globally leak-proof all of your traffic, good luck with that. It will take some creativity for sure.

 

(Moving through the crowd, all excited about the record-breaking egg eating about to take place...)

Alright, stand back you pedestrians, this ain't no automobile accident.
-- Dragline, in Cool Hand Luke (1967)

 

I think what I am going to do is install a second copy of OpenVPN on my laptop and just use that straight to XeroBank. I think I got SSH to work with tunneling traffic OK to my one box that already had OpenVPN on it, but there may be other (unseen) things I missed. Installing OpenVPN on my laptop will do away with all that doubt and will not miss anything.

This was a good exercise for me, if if it brought me back to where I started.

 

Well.....

Just as long as you know that VPNs have various ways they can leak as well. This is most notable when the VPN cuts out, at which point all traffic will resume without the VPN. There are basically two strategies to combat this.

1. https://xerobank.com/support/articles/how-to-prevent-vpn-dns-leaks/

Global technique but less effective. It only prevents local DNS requests (both with and without the VPN running). Applications that don't need to do those requests will still work when the VPN cuts out (e.g. torrents).


2. Use a firewall. The specifics depend on the firewall but it's generally more complicated than the first technique. It should also be completely effective if the VPN cuts out.


I feel like the bad guy here, but it seems there's nothing for Windows that's fully leak-proof. You have to take care to plug the potential leaks. I don't know what leak-proofing technology is incorporated into Xerobank, but the above statements are generalizations about VPNs.