Privacy and anonymous browsing

Discussion in 'privacy technology' started by Kas, Dec 26, 2008.

Thread Status:
Not open for further replies.
  1. Kas

    Kas Registered Member

    Joined:
    Sep 29, 2008
    Posts:
    147
    Location:
    Bedfordshire - Rip-Off Britain
    Can anybody shed light on this ?

    I use various proxies like Vtunnel and dozens more available to hide my identity on the net. Reasons are fundamental, anonymity.

    It works fine most of the time, but I have found some sites that seem to know my real IP even though I am going through a proxy server !

    I get flash come up saying exactly where I am and knowing the details of my system.

    Why is it that using these proxies a site knows MY REAL IP ? I thought that the only IP such sites see is the meaningless proxy IP. After all, that is the specific purpose of these proxy servers - to hide MY real IP.

    Help !

    WOW !!!!!
    Did`nt I start something with my little ditty ?
    It sure is getting awfully technical, quite left me behind, but I find reading all these comments super-interesting.
    It`s great to read the Q & A of experts.
    That SteveTX is an absolute wizard, the grand master of all knowledge. No kidding, I mean it.
    Steve - you are obviously VERY tied up with XeroBank and the XB Browser, sounds like you created it. Wonderful stuff - I have a huge impulse to download the freebie version and try it.
    Keep going chaps - it is better than buying a text book, reading all your expert comments.

    :argh:
     
    Last edited: Dec 29, 2008
  2. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    This is because you are using bad/cheap/free/poorly implemented proxies like tunnels/http/ssl/tor. Those are easily bypassed. You need full VPN and browser that can clear flash cookies to defeat these trackers.
     
  3. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    Kas, can you post url's of those web sites that can reveal your real IP? Please, post them.
     
  4. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Leonid,

    In January we'll be posting a public tool that does just that. Defeats vidalia, tunnels, http, and everything short of a vpn connection, and it doesn't rely on flash at all. :)

    Steve
     
  5. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    SteveTX, Tor is very safe if everything is configured in a proper way by a user. I'm not saying it can't fail. Everything can fail. However, in some aspects, it is even more safe then a payed VPN. VPN is replacing your ISP. They are claiming that they are not storing the logs. However, I am sure this is not true. VPN providers are probably regularily raided by the cops. Closely watched.

    Even if Tor fails, I don't really care. I have nothing incriminating to hide (nothing I do on the internet is considered to be criminal in my country). I just want anonimity, privacy. And it isn't that much easy to inject malware in Tor if you have configured Firefox the right way. You don't even need torbutton if most of extensions and all plugins are disabled, history, java, javascript.

    Tor is mostly dangerous for users who are relying on torbutton. Torbutton is dissadvantage in my opinion. It does not work properly. It's not disabling even half of the stuff that it should. However, if you disable everything yourself, manually, and if you are a client only, not a relay, it's hard to screw you up. Very hard.
     
  6. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Leonid,

    Check my above post. It is all about implementation, and injecting traffic is very easy for tor exit nodes. Not easy for script kiddies to compromise the network, but easy for anyone malicious who knows a bit about vulnerabilities. Implementation is the real issue, in my opinion.

    If you take a look, the implementation that tor now uses was the one we recommended to them, and what one of my guys participated in writing forthem. My guys now recommend that everyone go to vpn for their proxy implementation because everything else can be defeated. And in january we'll prove it, just like before. :)

    Quality of the network such as tor or whatever is an after-the-fact consideration. Anyone not using VPN for layer 4 access control is going to be demonstrated to not be anonymous.

    Steve
     
  7. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    SteveTX, I don't believe in anything I didn't see. Can't wait to see it.

    However, I never thought Tor was unbreakable. I only think it's not easy to catch a user if everything is configured the right way. I mean, you can maybe inject malware at some point, but, will I notice it? Will you be able to find out what exactly I was doing in the last month? At some point you can make it fail, but it's not like you came to the ISP or VPN headquarters with the court order to read the logs, or had remote control of my comp for months.

    Just my thought.
     
  8. Kas

    Kas Registered Member

    Joined:
    Sep 29, 2008
    Posts:
    147
    Location:
    Bedfordshire - Rip-Off Britain
    This problem has happened only about 5 times over the past few weeks, it seems a recent one, perhaps only 6 months old, but I never took a note of the websites where it did. They were one-off websites and thus I took no notice of their URL or other details. They were NOT offensive or porno sites, just ordinary sites that came up on search which I clicked to enter.

    I panicked a shade when this happened and quickly clicked my Home page to get rid of the site and come off the proxy. I cannot remember them now. It was so worrying that I did a full Spyware and AV scan each time after checking all the cookies etc. I could. Even cleared the Index.dat files.

    If the proxy IP is a fictitious one, then something else my URL ? is getting through in the proxy data, otherwise how would they know my real address ?
    AFTER-THOUGHT
    ----------------
    Could it be that these sites load a session cookie onto my PC even though I am using a proxy ? My data then goes via this cookie, which is then cleared on log out ?
     
    Last edited: Dec 26, 2008
  9. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
  10. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Considering we've broken it so many times, I think that is a good position.

    :D
     
  11. Leonid

    Leonid Registered Member

    Joined:
    Dec 23, 2008
    Posts:
    42
    SteveTX, why laughing? I am not a computer expert. But, can't you tell us how do you do it? Are you sure that the user would not notice anything? I have many tools installed here. Bufer overflow protection included. You would pass all that and get in? Also firewall is alerting about every single thing.
     
  12. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Not laughing, I just can't disclose the whole trick. If you're running tor, and a modern browser, that is all it takes. run tor from inside a virtual machine, using a vpn implementation, and you'll be immune to nearly everything.
     
  13. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,328
    Location:
    Here, There and Everywhere
    You need to be using Firefox with NoScript, which you can toggle what you want to allow. Java is a big no-no. A proxy won't help you if you're running with Java.

    Or, you can just get XeroBank or ShadowVPN. That's the better option.
     
  14. Kas

    Kas Registered Member

    Joined:
    Sep 29, 2008
    Posts:
    147
    Location:
    Bedfordshire - Rip-Off Britain
    I am posting a "reply", not to myself but in the hope you very helpful people will clarify a problem associated with the responses I have already received.

    It is suggested I use FIREFOX and TOR. Getting interested, I looked up these facilities on the net and read all about them. It seemed a dream and I was going to download FIREFOX and later TOR, they are both free, then I decided to look up "problems" with these systems.

    There were so many problems stated on the net search that I backed off immediately. Users have had many problems with both, to the extent that their Windows and IE systems do not work. One solution was even to UNINSTALL Windows and start again !

    My system works perfectly and the last thing I want is a mass of spaghetti that goes nowhere except into a back hole of trouble.

    I am confused, since FIREFOX is used extensively and good reports of TOR are given. BUT, with the myriad of troubles stated on the net by users, I have no confidence to go for them.

    I do have the Google toolbar and find it so useful that I will NOT delete it. TOR suggested it is a threat and should be deleted. Not for me, I like it too much.

    Your comments are very much welcome.

    :blink:
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Kas,

    If you use xB Browser, you don't have to configure anything and it won't affect your operating system or alter your current programs. It is modular and doesn't rely on using your existing firefox or other programs. Only if those program try to hook into your xB Browser experience are they blocked out. And if you don't like it the uninstall is included and can instantly be deleted. To activate it for Tor, you want it to select "Free" mode when you install it.

    Steve
     
  16. Kas

    Kas Registered Member

    Joined:
    Sep 29, 2008
    Posts:
    147
    Location:
    Bedfordshire - Rip-Off Britain
    Hi SteveTX,
    I have not got Firefox yet, I backed off due to the reasons given in my note.
    Whilst being a tech. guy with lots of engineering and main frame computer user/programmer experience - I am not a PC expert.
    UM-ER ? Wot is an " xB Browser " ? :oops:
     
  17. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    xB Browser is a free anonymous web browser with everything already built-in and preconfigured.
     
  18. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    My God you should definitely get Firefox. I don't mean with tor or anything, but just to use. It is so much better than IE that it's hard to describe. There may be problems with Firefox and tor added, but firefox is a good browser. Are you using Internet Explorer?
     
  19. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Hi Steve I ave been meaning to ask you some things. First, I could not get XB Machine to work so I will have to contact you when I get back home. I am out of town. But I DEFINITELY want to start using it. But here are some qusetions about Tor.

    1. So you are saying that even if you have scripts blocked, you can reveal a person's true IP if they are using tor?

    2. When someone injects something from the exit node (did I say that right?), does that do more than just reveal your true IP? Does Sandboxie add some good protection from bad tor nods?...protection of any kind?

    3. What if I installed the Tor Vidalia bundle and fired it up while conected to Xerobank VPN? Would it only be able to bypass Tor and see the VPN IP?

    4. You said that Xerobank is firewalled and that nothing uninvited would get in. Would this apply in the above scenario with Tor running overtop of the VPN? The reason I wonder is because if Tor is encrypted then how could XB monitor what was coming in?

    5. Is this method that you use able to reveal a true IP while using JanusVM?

    6. What if I was running XB Machine with Tor overtop of the VPN? Would that be safe.

    7. How well known is this method that you and your buddies have devised? Is it something that websites are already using as far as you know? Or is it pretty new?

    8. Obviously Tor sucks pretty much and is just too slow and cranky....and obviously not safe. But it's fun to play with and if I want to use a different IP then it comes in handy. But now that XB will be offering several IP choices (which I am very excited about :D ), I have a question. When a website sees the Canadian exit node or the Dutch exit node, do they know that we are using Xerobank? Or are these exit nodes used by other services?....and if so are there are lot of people using them? I would think the more the merrier.
     
  20. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    No surprise there. Kyle and I are discussing an idea that will be a new implementation of xB Machine.

    We have many ways of doing it. And we also can bypass noscript. I suspect other hackers would figure out ways to do these things too.

    Sandboxie doesn't really add any real protection, it isn't running a program virtualized, it's running it naked and trying to protect the usage of memory after the fact. If you're hacked, your hacked. And your browser can break out of sandboxie without issue by calling a mimetype/plugin.

    If it busted through tor, it would only then see your XeroBank IP. As for Tor Vidalia, don't install it. It is the most vulnerable implementation of Tor. Avoid at all costs. Only use JanusVM or TorVM to access Tor.

    I don't think tor can traverse the XeroBank's massive network address translation without running uPNP protocol.

    You wouldn't be able to reveal a true IP while using JanusVM. Their implementation is awesome.

    The more tor you have involved, the less safe it is. Tor isn't just a one-way tunnel. Evil exits turn it into a two-way tunnel because they send traffic back to your machine. This traffic can break through tor and get into your browser or break through your browser and get into your machine, or even take control of tor and make it do evil things.

    We like to think we are cutting edge, but hackers love tor. It's the perfect place to perform MITM attacks. I expect there are unknown attacks being performed on the network and nobody is aware of it. I know that we have such capabilities, and it wouldn't be very humble to presume we are the only ones who have discovered such treasures.

    Yes, they can tell it is an anonymous network if they subscribe to a good geoip service. Why? Because they buy xerobank subscriptions so they can try and figure out our IP addresses. Companies like Maxmind keep active subscriptions to us.

    XeroBank is like an octopus. It has it's own core network with double hops, and then we are branching out with other brands for each geographic location so 1-hop users like ShadowVPN get to mix with XB traffic, increasing everyone's anonymity.
     
  21. badjoey

    badjoey Registered Member

    Joined:
    Dec 9, 2008
    Posts:
    50
    steve so your shadow vpn is going to have a netherlands ip or will you be offering a choice of countries and also with xerobank i asked you before about adding a usa server and you said that would be up and running anytime and that was like 2 weeks ago so any word on this usa ip or has it been canned.also you said in an earlier post that because xerobank uses multiple hops it does not matter where you set up the ip in regards to all of europe keeping data logs starting in jan 2009.well i dont understand how that is going to make a difference.if you set up an ip in netherlands than regardless of whether it makes one hop or 10 hops is the netherlands govt not going to have a record of all traffic passing thru its country and does this also not apply to every country in the EU. just looking for a little clarification here cause over 90% of the anonymous vpn services being offered on the net right now are set up in the EU and from my standpoint as of jan 2009 these places can no longer be considered anonymous.
    most hardcore people i have talked to have told me eastern europe and russia are probably a persons best bet for true anonymity cause 99% of the time they do not cooperate with outside police and govt agencies.
    so why not set up there or like venezuela or argentina.just wondering is all.
     
  22. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128


    thats why i thourt perfect privacy was a good candidate because they have servers in the country's you mention but the prices i think for people who only do general surfing is alot the same as xerobank 2 hop prices just to high for general surfing
     
  23. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Correct.


    This is still going strong. It is one of the 9 brands we are releasing in the next few weeks. We actually have 2 USA brands coming, but they do different things.

    This is the difference between XeroBank and everyone else, truly. If you took someone like perfect privacy and compared them, this is where their anonymity falls apart and is only privacy if they use encryption.

    Your traffic through PP goes from you, to one node, to another, and exits. One single netflow to follow. It's like a single string you can follow from source to destination using data logging.

    XeroBank uses advanced anonymity techniques, and break datalogging trails in addition. We let our users select their exit country, and we handle the incoming route to make sure they pass through a node that does not have datalogging, if their exit had datalogging. If you are selecting a Netherlands exit node, we automatically select a USA entry node or somesuch. Our routing is jurisdictionally aware, and it keeps up with the laws for you. For example, none of our system allow email to exit through Switzerland. Why? They log all email traffic. If you're connected through our Canada exit node, we quietly reroute it through another country. Why? Because we are avoiding pitfalls of where your data gets logged or retained, and you shouldn't have to worry about it.

    We then also have a special connection that is called "multiplexing". This is where your netflow "string" is broken down into hundreds of strings, and retwined with thousands of other users to form big ropes. One when it reaches the exit node is it untwined from the rest of the user data, and sent out and then returned to you "multiplexed" in this way again. This means there is no simple string to follow, even if there was datalogging on all the countries the nodes were in. It is an anonymity technique that chops up and mixes all the data with everyone elses data packets and then resorts them later.

    Any 1-hop system that doesn't use packet mixing cannot be considered anonymous. Only privacy at best. Doesn't matter where they are.

    Don't believe it. Russia has ZERO anonymity on it's own. It has only two Internet Exchanges (optical cable centralization hubs), both of which are heavily monitored. If you are using a proxy in russia, you can be sure your activities are known.

    We are. Not venezuela or argentina. They have secret data logging that would make your head spin. Communist countries are rightfully paranoid, and so they monitor all internet traffic heavily. Not to mention south american traffic is god awefully slow for the most part. It is all about "peering". Meaning all other things aside, is there good connection quality between your datacenter and mine. Why? The internet isn't flat. It has hills and valleys and mountains and blackholes.

    Let it be known we do have a russian exit node we will be releasing for XeroBank, and a south american one.
     
  24. geazer40

    geazer40 Registered Member

    Joined:
    Jun 11, 2008
    Posts:
    128

    good points also will shadow users get to use more than 1 ip they currently have now and if so how many roughly
     
  25. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    The fewer the IPs per traffic, the higher the crowding/anonymity. We will increase IPs as per crowding optimization. Too many IPs means too little crowding means bad anonymity.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.