TOR is not really that anonymous

I'm using TOR Vidalia bundle. Here's a simple challenge to anyone:

1. Launch Vidalia. Connected. Activate firefox TOR button. Check IP anonymous OK.

2. Go to tinychat.com, get into any channel (remember the URL) and get banned. Stop TOR.

3. Close your browser, clear your cookies whatever (eg. using ccleaner, delete users> profilename> appdata> roaming> macromedia & adobe> flash player)

4. Start TOR, get new identity. Check IP different IP OK.

5. Go tinychat.com, get into the same channel URL. Still banned.



This does not happen when I'm using VPN (with several server options) alone or running TOR on top of VPN.

 

Tinychat.com obviously doesn't allow TOR clients so I'm not sure what you're trying to achieve here. By trying to get there via TOR you are banning the TOR exit node, not yourself. Eventually you will run out of unbanned nodes.

 

It's not about start or exit nodes. I presume Tinychat traces SOCKS which TOR has it exposed.

By default, TOR is using SOCKS 5 which causes the webcam channel not to load up at all. When I change TOR setting to SOCKS 4, webcam channel can load up but banned (if previously banned).

This is a serious concern especially to newbies out there who thought TOR is totally anonymous which is not, based on my own testings.


.

 

Tor only protects at OSI Layer 7 (application layer). Leaks and fingerprinting is very easy at this level. Try loading Tor through JanusVM, which VPNs your Tor connection.

 

I think you need to run some more test.

What might be happening is, as Steve said, you're leaking your real IP somehow. When I connect to tinychat.com and enter a channel, my firewall tells me that my browser is trying to bypass Tor and connect directly.

This is common with multimedia. My guess is that half (or more) of the people that use Tor don't understand that certain plug-ins will attempt to bypass Tor.

As for why you're getting banned, I'm not sure. But there's nothing wrong with Tor. I've been using it for 5 years with no problems.

But I'm not sure I understand the logic that because you've experienced a problem that you think you've suddenly found a major whole in Tor when hundreds of thousands of people have been using it for years. That's not the logical conclusion.

 

Not sure what went wrong. Tried to connect VPN for JanusVM but error 800.



I'm using Windows 7 x64


.

 

FYI, JanusVM is but one way to use Tor properly. I use a firewall personally, but this is probably one of the more complex techniques (although it's not too bad).

There are other ways besides JanusVM and the firewall technique. I'm not up on all the techniques (because I've always used a firewall), but here's another thread that discusses this issue.

https://www.wilderssecurity.com/showthread.php?t=294005

 

JanusVM isn't just a firewall. It is a VPN, which is the distinguishing factor of why it is better than Tor alone or Tor + Firewall, specifically on Windows machines, because Tor sidechannels/leaks typically only work on non-VPNed connections.

 

I agree. I never made a comment about JanusVM being just a firewall. I'm not too familiar with it in fact. So, I can't comment on it other than to say that I've seen positive reviews of it.

But, by the same token, I was saying that a firewall is adequate to protect Tor. I've never had a leak with a firewall that's been configured properly.

 

You answered it yourself
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#SoImtotallyanonymousifIuseTor

 

Yeah just use TOR over VPN in the meantime

 

so that's a video/audio/text flash client running on YOUR computer. It likely tries to connect to the server via RTMP on port 1935, fall back is 443, and then final fallback, port 80.

Maybe if you were to block ports 1935 & 443. But as someone else said, this seems futile, as i'm sure 100's & maybe 1000's of people before you have been banned from this site before & tried entering via public proxies & got banned again. If you're one these 'trolls' (as the kids say) then public accessed proxies are not for you as a fellow trolls would likely have already exhausted the IP's, and a good admin would have them banned anyway.