How easy can my ISP know?

Hello... I've been really paranoid with regards to my privacy since I've receive anonymous calls from a guy... From the threads here, I've learned that my ISP can really know which sites I've visited... My question, is how easy? Would that be as easy as just a few clicks or would they have to install expensive software and make mind-boggling procedures?

I'm from a third world country so im still using dial-up and using Prepaid cards (I hope you can relate to this! ) I have also used website copiers (during off-peak hours, when its free!)

Do you know of any free software that can prevent my ISP from prying? I've read about Secretmakerhttp://www.secretmaker.com will it help?

Thanks a lot,

Titing

 

as and added question, If my ISP would like to do so, can it know what password I use to log-on to this forum? what else can an ISP know about me aside from the sites I've visited... Thanks a lot!

 

Qute easy, they'd just have to grep the logs and yes, they could see the details of your user logon as it's passed in plain text. The software you point to won't help you with your concerns, you'd need to use an anonymous proxy like Tor or JAP - or a similar pay service -- the two linked to are free and both services will prevent traffic analysis.

 

Thanks a lot! But somehow that information frightens me, Now I know my ISP can see what password I use when I open my e-mail account and all other stuff over the net. From where I come from, there are no laws regarding privacy over the net. A psycho ISP employee could weild a lot of power...

 

Hi titing3000

When you send an email everythings is transmitted in clear within internet:
your ID, your password (yes! :-( ), and the content of your email...

This is easy to check with a packet sniffer such as Packetyzer from Network Chemistry
http://www.networkchemistry.com/products/packetyzer/

And this is only an example.

For email one possible solution for you is to used Gmail (Gmail used SSL/TLS) + encrypted email with gnuPG (Thunderbird + Enigmail)...

But this is only for email ( not taking in account the DNS requests ...)

Thunderbird
http://www.mozilla.com/thunderbird/

Enigmail
https://addons.mozilla.org/thunderbird/71/

GnuPG
http://www.gnupg.org/(en)/index.html

If you need an invitation for a Gmail account just tell me...

To have a more complete privacy solution you may used Tor as said Dog but on dial-up line it will be slow... (may be this is the price for privacy?)

Tor:
http://tor.eff.org

 

Aside from TOR and JAP...is there any other anonymous proxy to use that will not slow down surfing?

 

Hi sweater

With an "anonymous proxy" you're "anonymous" for the web site you visit...

This not prevent traffic analysis from the ISP (or the proxy itself...).

When you established a connection to this proxy:

1- the DNS request announce to the "whole world" where you're going

2- the communications between your PC and the proxy is done from your PC to your ISP server and many other "middle-man" servers to the proxy server itself...

These communications : PC <-> ISP server <-> "middle-man" servers <-> anon-proxy are in clear ...

The only things anonymous here is your IP address for the site you visit with the anon-proxy:

PC <-> ISP server <-> "Middle-man" servers < your IP is known> anon-proxy < your IP appear to be the one of the proxy> web site you visit

(you may check this with tracert to have an idea of this [beware: tracert do not give the exact routing of your connections...] See wikipedia about this...)

 

Unless encrypted. Assume nothing is private. That is just the way I think of it. Keep it in mind is the wise way to communicate over the net.

Also remember the hundreds of thousands of messages and data unencrypted and encrypted going across these servers. Who in the world has time to check all that.

Authorities are likely looking for key words and phrases with search tools and destination contact points for security reasons. They have no interest in most. You are a spec of sand on the beach as long as you are doing no wrong. Relax and enjoy life do not get worked up over such worrys.

 

Sweater,

Using any type of proxy will slow your connection down. You are inserting one or more servers between you and the destination.

Now whether that slow down is acceptable is up to the individual.
A chain of proxies or JAP or TOR will be slower than just a single proxy.
JAP and TOR will be more anonymous than a single proxy.

 

Food for thought: Can GMail be trusted any more than your ISP?

 

Your ISP knows everything! How can they possibly not know, unless all your traffic is encrypted? Your internet traffic passes through their servers everytime you surf the net.

Well, there is no 100% foolproof security solution in this world.

 

DNS requests are resolved through TOR.

Your ISP will know your IP (duh) but won't know what your final destination is.

Tor is set up so that no one agent knows both your IP and your final destination.

 

I think that would be a great advice.... I guess I should'nt mess with any of the ISP representatives here... they might find ways to blackmail me....

So how do you know if its encrypted? When I order thru the net, using my credit cards, is that safe?

 

Hi AJohn

Gmail used SSL/TLS : combined with encrypted email this is a reasonable solution. Please note that I don't trust my ISP : Bell Sympatico. (Eastern Canada)

- They are M$ "pal"...
- They makes traffic analysis
- and so on...
but they are not "!"$%||;-((# !!!" as AOL (AO Hell) ;-)

 

Hi titing3000

Check in your browser: in Firefox the address field is in yellow when you are in a crypted connection (HTTPS port 443 on the server)...

Instead of paying directly with your credit card why you don't use PayPal ?
http://www.paypal.com/

With the PayPal service the seller have no information about your credit card... That's better, no?

 

Hi Brinn

I'm running a Tor server...

DNS request are (hardly) resolved within Tor as you know. I have to combined Tor with Privoxy (as usual) and FreeCap for some applications.

And there's still DNS leaks. The only way I found to avoid this is to block
all DNS requests with my rules set firewall (LNS). Even my Exit policies deny
port 53 there are some DNS leaks from Tor...

 

I have no problems with DNS leaks. Something is amiss with your configuration.

 

Hi Brinn

Tor have DNS leaks.
I block these leaks with my FW.


;-)

 

Your setup is incorrect. I have no such problems. My computer doesn't even make the attempt at a DNS request when I have Tor switched on. I've parsed my firewall logs and find no DNS leaks.

List everything you use that needs internet access. If you use Firefox, list all the extensions you use. A copy of your Privoxy main configuration might show something too. Let's see if we can diagnose this.

 

As far as I see from the lots of posts titing3000 just got confused.

So titing3000, as dog said - use Tor or Jap and all your problems are solved. They provide encrypted connections and that is their main purpose. If you use one of them nobody can see the content you exchange and this includes all usernames, passwords and mails. And since you are on dial-up (which is slow) it is slightly better to use Tor because it's a lil bit more secure (dns, more intermediate nodes, etc.).

Just go to Tor's homepage and learn how to make it.

 

For a dialup connection, JAP would be an easier choice than Tor since the Tor client has to download a list of servers to start with, which can take at least a few minutes on a good dialup connection (it is several hundred K in size and growing).

As for DNS requests in Tor, these are done by the exit server (i.e. setting an exit policy blocking port 53 access is a *very bad* idea since it prevents anyone from accessing domains, making your system effectively useless as an exit node). The oft-discussed issue of DNS-leakage is a SOCKS v4 problem which can be addressed by using Privoxy or other SOCKS 4a software as a proxy.

All traffic in Tor is encrypted except for the last stage (between the exit server and the website) - this can't be encrypted since the website in question is expecting traffic in the clear. In theory this means that an exit-server operator can monitor which sites are being accessed but they have no way (without co-operation from the other 2 relay servers) of finding out whose traffic it is - unless that traffic includes personal information (e.g. your real name). Your ISP would only be able to see encrypted traffic going towards a Tor server.

JAP is similar (encrypted traffic in, clear traffic out) but it uses fewer relay servers (only one with the default Dresden service) so the operator could track users if they wished - it is however better than any commercial proxy/anonymising service where the payment method gives the operator a link to your real identity (there may be some offering anonymous means of payment, but most don't - Paypal is not anonymous!).

HTTPS encryption (used by most sites for credit card details) will conceal data but not the connection itself (so your ISP will be able to tell you are visiting www.myshop.com but not what you did there). HTTPS can be run over JAP/Tor, which is what happens when you visit a https: site using these systems (in which case, the exit traffic would be encrypted also).

It is highly unlikely that an ISP is going to attempt to blackmail its customers by revealing private data gleaned from traffic analysis but there is the risk of such data being sold to marketers, collected by governments (many Western countries now require ISPs to log such data) or being disclosed due to subpoenas/court action. As such, routine use of anonymising proxies like JAP/Tor should be considered basic privacy self-defence - but do bear in mind that further steps need to be taken to counter user tracking via cookies or surreptitious HTTPS connections.

 

Hi Paranoid2000


A)

«In 2003, JAP was backdoored by the German BKA. The backdoor was removed afterwards, but it led to people distrusting the software.»
Ref.:
http://en.wikipedia.org/wiki/Java_Anon_Proxy

It's true that Jap is better for a dialup connection when it's online... ;-)

I'm running a Tor server with this exit policy:
accept 22, 80, 119, 143, 443
not 53 ...

If not allowing port 53 in my policies makes my exit node useless
how to explain:

1- that this policies is possible in the Tor server parameters?

2- that many Tor server have this policy with to complains from anybodies
[check in gmane.network.tor.user, the mailing list for or-talk accessible from NNTPS Gmane server]

3- I'm giving 50 KBytes/sec on the bandwith I pay and be sure
this bandwith is fully used by Tor users (more than me...) on ports
allowed by my policies. [I Have my firewall log to prove this. ;-) ]

Did my exit policy is wrong? May be !

I'll ask this question in the or-talk mailing list !!!


DNS leaks with Tor is a real problem and I hope it will be fixed. Using sock4 third party programs such as Privoxy or FreeCap solve only one part of this problem.

Personnaly I'm working on this issue with the best of my knowledge and, as far as I know, even with an exit policy blocking port 53 there is DNS leaks from Tor and not only my applications... (blocked by a special rule on my firewall.) This may be checked with a packet sniffer for example.

May be a solution (for a future release of Tor) is to used the Distributed Hash Table technics to deal with the translation URL <-> IP ...

B) About the HTTPS connexions problems (and leaks) It's seems that the same problem happen with GMAIL used within a web browser...

Ref:
"Using Gmail (with Tor) is a bad idea Fabian Keil" in or-talk mailing list.

I hope that titing3000 will find a solution with all these posts.

Best regards,

 

The "backdoor" wasn't removed but the German police's attempt to collect data with it was overturned on appeal - see AN.ON erneut gegen Bundeskriminalamt erfolgreich (German, Babelfish English translation here).

This, by the way, can also happen with Tor's client (Tor's developers may be US-based but the US administration has shown itself more than willing to act "extra-legally" in the past). Both are open source so such attempts could be detected, and it should be noted that the JAP team went out of their way to make the modifications required as obvious as possible.

Because DNS queries will be routed via another Tor exit node allowing port 53 access instead. This may slow web access further though since a separate path would have to be opened for these.

If you are running an exit node, then the Tor server will do DNS lookups in order to service incoming requests (although if you block these via an exit policy, these will go to another node instead). This is actually useful since your ISP, even if it was keeping track of DNS lookups (quite impractical, considering the volume of traffic involved) would have no way of telling which were from you and which were from your Tor server - thereby giving you anonymity via deniability ("It wasn't me, guv...").

I think it unlikely that Tor will try to change or replace DNS - it would pose too many problems.

I don't know why that should be. Tor will provide good anonymity with any web-based email service - the only way GMail could find your real address is by using Java (hence the need to filter Java/ActiveX applets by default) and this applies to any webpage. Https: page are far harder to filter (Proxomitron with SSLeay/OpenSSL or Firefox extensions being 2 filters that can handle HTTPS) so this may have been what Fabian was alluding to.

 

Hi Paranoid2000

Thank you for this complete answer.

Things are more clear for me now.
So I'll checked this and I'll changed my exit policies.


Best regards,

 

Glad to have helped - and thanks for contributing to the Tor network.