TOR question?

I was on facebook w/ tor and got the message "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

Are you sure you want to continue sending this information?"
clicked continue does that make ip visible?

 

Not the IP - just everything you sent.

 

And not just visible -- modifiable.

 

Wait dosent facebook already see all it you post?
also is this answer on ya correct

 

btw what do you mean modifiable??

 

Although Tor can provide quite strong anonymity, configuring applications to safely work with it is nontrivial. If an application isn't properly configured, it can leak your true IP address. Unless you really know what you're doing, it's best to just use TAILS -- or at least TBB. And don't mess with them.

 

I'm referring to man in the middle attacks.

 

So was ip leaked?
and whats a man in the middle?

 

oh and also btw js isnt "disabled" in tor by default...what is this.

 

and tor bundles supposed to auto config.

 

bumpkins

 

I have no clue Try this -http://ip-check.info/?lang=en

Seriously? If I weren't so polite, I'd give you a LMGTFY link

 

It used to be, but people kept adding it to watch YouTube, so they gave up. Use NoScript, and be careful what you enable.

 

That's true. But it won't route non-browser traffic through Tor.

 

In a typical (And incredibly simplified) connection you have

A (the user)
Z (The server/ the website ie: FAcebook)

So you send information from A to Z and information comes back Z to A.

In a MITM attack it goes A to C to Z where C is a hacker.

When you use HTTPS the content between A and Z is encrypted and the hacker can't read or manipulate the data.

When there is unencrpyted content on the page the hacker can modify that data and read it. This means they can insert scripts that read your page or anything else that they like.

 

i cant use the ip check link because i clicked continue yesterday.
just worried whether i should continue using that fb account
kuz i rly dont wanna disable it cause i clicked that
btw what does js have to do w/ youtube?
youtube vids don't work on tor even tho js is by default on...

 

so wut?

 

cmon guys i need a final answr

 

there's no way to know whether your IP leaked based on the information you provided.

also, why use an anonymizer on a social network?

 

Even anons like to be social

 

i was on my alt account
fb always bans my alt accts and even sees thru proxy so i use tor.
i made a page and clicked on "use facebook as page" and got the message.
used the latest tor bundle version, all default.
my question, is the click of "continue" alone enough to reveal ip?

 

That's a generic warning from Firefox. It's warning you that, even though you're on an "encrypted" page, you're about to send unencrypted data to it (or somewhere, anyway). Without more information, I can't even guess why that would have happened.

But it doesn't mean much about whether your IP is being revealed or not. It's possible that the page was hacked. But even Metasploit's decloak.net (which no longer runs for me, by the way) can get true IPs if Tor is properly configured. Also, if Facebook were getting your IP through a correctly coded HTTPS page, you wouldn't get that warning anyway.

 

haha, social anonymity..sounds like a recipe for no social interaction

if *everything* in the browser goes over TOR (HTTPS, HTTP) then it's very unlikely that it would have been exposed.

all that prompt is saying is "hey, the page you're looking at now is SSL encrypted, but this form or link clicking on or submitting isn't" it's just making you aware that while the page is encrypted, whatever you're clicking on is going out over HTTP.

*EDIT* mirimir beat me to it, haha

 

k then last q.
does tor bundle always warn u in case of annoymity leaks?

 

"Always"? No, it couldn't. There are many ways to leak, and TBB could never detect many of them. I'd use TAILS, because everything (the OS, other apps, etc) has been optimized for using Tor, not just the browser. You might want to subscribe to -https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk