Cookies, flash & Java see REAL IP thru VPN?

Hi bit of a newbie question here, I have heard many folk on the net suggest its best to disable flash when surfing since there is always a risk adobe or another 3rd party could see your REAL ip address, even if you used a VPN service.

I have also heard if one logs into there email account, online banking, even with skype and with a VPN on, this again can reveal your true IP address.

But how do they do this and is it as bad as it sounds and should I worry ?

 

That's a complicated question. I'll start with cookies. Let's say that you're browsing while connected to your VPN, and some website sets a cookie, or maybe a third-party cookie. And let's say that you're using the same browser later, after disconnecting the VPN. If you haven't deleted those cookies, and you browse a site that owns one of them, the site could correlate your real and VPN IP addresses.

Any document that can call resources from the Internet, such as PDFs and Word documents, can accomplish the same result. It doesn't matter whether you download it with the VPN or without. It's just that it can "call home" whenever you open it. But you can lock that stuff down in the apps that you're using. Flash and Shockwave are more aggressive about making Internet calls, but they won't leak if the VPN connection is properly routed and firewalled.

All bets are off with Java and Javascript vulnerabilities. First, there's little reason to have Java enabled in your browser, even if you need JRE for Java apps. Even with Countermail, for example, you only need Java enabled in your browser for setting up an account.

Most of the Web is unusable without Javascript. But using NoScript and AdBlock Plus, and allowing just enough to see what you want, is fairly safe. However, if you get hit through a vulnerability, there's not much hope.

Even so, if a machine doesn't know its true IP address, it can't reveal it. That's why it's prudent to segregate/compartmentalize apps from networking. Whonix does that for Tor. That's why I keep pushing pfSense VMs.

Anyway, that's enough for now, no?

 

thanks mirimir as always

Yeah I have always left java on, just figured I need it for logging in and on bank sites, and emails etc, I don't play those web games though etc

I will try it with java disabled.

I use to run Noscript but found it frustrating I leave adblock plus on, even minor things like ordering something off paypal or ebay or wondering why an icon or box would not load on some random site so left it off my to do list lol Do you feel its best to keep it?

I agree to compartmentalize everything, running virtual box and os or linux or whonix, at least your spreading your level of use, I still gotta start doing that properly.

 

De nada

Are you sure that you mean Java? On Linux, at least, Java isn't even installed by default. And, even if you install JRE, it won't be enabled on your browser unless you specifically do that after installation.

I suspect that you're thinking of Javascript. They're totally unrelated, except through their names, and that was a dumb move.

It's safest to use both NoScript and Adblock Plus, and only allow the scripts that you need on the sites that you need them on. It does reduce your anonymity. But if you want to be anonymous, just use Tails in read-only mode, and don't access sites that require Javascript

Good "Be prepared!" as they say

 

I checked in addons manager under firefox under plugins on win7 and I saw java platform se and java deployment kit enabled, so disabled them both ?

must have installed it, anyhow does not seem to effect browsing sites yet!

Yeah may need to look back into no scrip addon..... although not looking forward to adding and whitelist and blacklist and issues again

always sound advise as always, thx.

 

I don't have Java installed on my computer. As far as I know I have no need for it.

I use Sandboxie with all of my browsers and I delete the sandbox after each use, so there is no chance of a cookie persisting.

 

There are cool things that use Java:

• Freenet
• I2P
• Countermail
• various cross-platform apps written by lazy people

Tahoe-LAFS, at least, uses Python

 

Thanks. So far it doesn't look like I need it. But if I ever do I guess I'll just have to install it. I have heard that I2P is pretty cool but I have nrvrt tried it.

I did try Freenet a long time ago but I couldn't figure out how to see anything there. The other thing too is I am afraid of having other people's stuff stored on my computer. That gives me the creeps. So I am a little afraid of freenet.

 

Would running VPN + VM solve the problem? Or should we now also run VPN + VM + VPN?

 

Yes, running a VPN in the host and using a VM for browsing would protect you. You'd be vulnerable to exploits that can break out of the VM. But it's my impression that such exploits are still rare, and would presumably be reserved for high-value targets.

Running a second VPN on the VM, so it tunnels through the VPN running on the host, improves your anonymity somewhat. Adding Tor to the mix would increase your anonymity a lot. For example, you could run a VPN on the host, plus the Whonix Tor gateway and workstation VMs. Using the Whonix workstation VM, you'd be browsing with Tor tunneled through the host VPN.

You could also run another Linux VM, which is running a second VPN. That way, you could do somewhat-private work on the Linux VM, and very-private work on the Whonix workstation VM. However, you would need to have all VMs shut down, and also shut down the VPN running on the host, in order to do non-private work using your true name. While you could do that through the host VPN, with the VMs running, it would reduce the anonymity provided by the VPN->VPN chain.

 

Excelent thread.

I don't know how to set a VM, so I'm using Comodo Virtual Kiosk. Is it ok?

In a VM, cookies, java , flash, does not know your real IP? Or I have to reset Kiosk every time I leave?

I running a VPN in my notebook, set automaticaly for a software, PIA manager. Running Kiosk (VM?) and then running TOR, it will go inside the VPN tunnel? Is it a good way for privacy?

Thanks in advance guys.

 

I don't know Comodo Virtual Kiosk.

Generally, when you're running a VPN and Tor together on a machine, Tor will tunnel through the VPN. But it's best to use Tor Browser Bundle, because its version of Firefox is tweaked to improve anonymity, and browser connections outside Tor are blocked.

The best way to easily use Tor is running VirtualBox and Whonix. If you're running a VPN on the host, the Whonix gateway connects through it. Whonix is well locked down, so you can use just about any TCP-based app on it without leaks.

 

you can achieve what you want by using sandboxie (paid version preferably).
create two separate sandboxes. use on for vpn surfing and create a dedicated web browser shortcut for that sandbox on desktop, set sandbox content to be deleted on exit. force everything run in that sandbox and restrict internet connection for everything except desired software.

create one more sandbox for your regular connection and set it as you please.

that's it (well roughly).

 

Thanks IMDB, I'll try it, but I'm just learning many stuff here, it will take sometime in order I can accomplish your sugestion.

 

Thanks Mirimir. I have already created a VM with VB and I will try whonix. I am reading your guides, congratulations, very good.

Actually, I guess I only need a good, trusted and reliable VPN. But now I got an itchy and I think I have a new hobby by now...lets see what I can achieve in the near future...it is a learning curve...

Thanks to you all

Cheers

 

Mirimir:

Can you please explain your comments on pfsense VPN? Honestly, I have never heard of pfsense.

Thank you ...

 

pfSense is an open-source router/firewall OS that's based on FreeBSD. It includes many features that are otherwise readily available only on very expensive equipment for enterprise use. And there are versions for just about any hardware.

For one's primary Internet connection, it's prudent to have at least a NAT router/firewall between the modem and LAN. There may be an integrated box, but all of the components should be there.

pfSense VMs serve the same function as VPN clients. Each pfSense VM hosts a virtual LAN (a VirtualBox internal network). That virtual LAN is isolated from the VPN tunnel just as the primary LAN is isolated from the Internet. Incoming traffic from the VPN tunnel is blocked, just as incoming traffic from the Internet is blocked by the primary LAN router/firewall.

Separating the router/firewall from the workspace in separate VMs also protects against successful exploits on the workspace. Even if they hose the workspace, they can't (unless they're very capable) mess with the router/firewall and learn the Internet gateway IP address that the router/firewall WAN can see.

I've recently found that pfSense VMs also make good Tor gateways. But I haven't yet learned how to lock them down well enough to rely on. Whonix is my standard

 

Thanks for that.