DISCUSSION: Application level anonymity AND privacy

Lets discuss.

Tor - only http/tcp, no UDP. So Tor is not good for application level anonymity.
I2P - cant send UDP traffic over I2P to hosts on the Internet. I2P is designed for in-network communication and only provides very limited support for communicating with hosts on the Internet. To my knowledge there is currently no way to route UDP traffic to Internet hosts through I2P.
VPN - lets not even go there. (read "AND privacy")
RDPs, elite proxies - Maybe. If you are that way inclined (unauthorized access to a machine). But not if you are whitehat like myself. These mostly fall into the lack-of-privacy category like VPNs.

 

a VPN is site to site. 1 pc to another to extend your private network securely over the internet. That's a VPN. You don't get much more secure than that. Straight encrypted tunnel.
Going thru a proxy is a connectivity service.
Https provides encryption so does ftp. Anonymity is not the best encryption or whatever. Its not to stand out. A hundred thousand users looking the same is better than one standing out with highest encryption etc etc

Your wrong about I2P btw
http://en.wikipedia.org/wiki/I2P

 

Secure, yes. Anonymous, no. Why even mention this when we all know that u have to trust a third party.

Yes, we know. And your point is?

Actually, no. You can only connect to eepsites and some specific i2p applications but thats about it. I am talking about the worldwideweb, not a "hidden service" within the I2P network.

 

with a VPN there's no need to hide your ip. Your extending your private network eg from your office computers to your home computer. You don't need to hide your ip from yourself. But you need to secure the data going thru that tunnel. That's a VPN. There's no third party involved.

Me chaining up 3 elite proxies your going to have a hard time getting my ip.

 

Spooney, though you are a very informative poster, and i have read some quality posts by you, you are just missing the point here. We are not trying to connect our office network to home network just for encryption and security. We also want to be anonymous to surf anonymously on the net. VPNs were priginally designed for security/privacy and not anonymity but nowadays anonymity is the main reason why anyone would buy a vpn. I think u are confusing yourself with my SSH tunnel post.

Proxies are not as secure as people think. Every chain has a link. And it links back to you. (obv not an issue for blackhats. but is for us)

 

I'm trying to explain to you what a VPN really is. When you mention the word provider then its not a VPN. Then its a connectivity service.
Elite proxies got its advantages. It doesn't show your behind a proxy. It looks like your real ip. Plus you can chain them up you can hide behind three of them.
The Web site sees the IP address of the proxy server, not your PC's IP address. It can't read your cookies, see your history list or examine your clipboard and cache because your PC is never in direct contact with it. You're able to surf without a trace.
You can get proxies easy
http://www.atomintersoft.com/high_anonymity_elite_proxy_list
Here Is one that updates their proxy servers every couple of minutes. A lot of elite ones.
http://www.ip-adress.com/proxy_list/

Now with proxies the main thing is you need something to manage them.

For me the best one is Charon. Its free. You can filter them, it fetches the proxies from the sites for you plus it enables you to test one proxy through another. It shows you if the proxy is anon, its speed, ping time everything. It has multiple Judges to test the proxies for level of anonymity.

To chain them up after Charon has seperated the good from the bad I use freecap which you can import the file from Charon. You can force any program that doesn't have a native proxy support through it as well.

Tor. Is excellent. Everyone helps everyone to be anonymous yet no one knows of each other. Good way to show it surf google with tor. Google doesn't like anonymity. With tor it shows you with the captcha every couple of minutes complaining.

Another thing a person can do is to look for socks4A/5 proxies. I normally use superscan and scan ip adress ranges on port 1080 for them or you can use a application called socks proxy finder. It gets over 200 servers at one go which you can save to a text file and load up in Charon to do the rest for you

 

VPN - lets not even go there. (read "AND privacy")

What do you mean let's not even go there?

Different forms of VPN can be anonymous and private, so I don't know what you are getting at.

Trying to mention TOR, I2P and proxies in the same paragraph with VPN and sounding like you're ditching VPN is ridiculous, when you compare it to TOR, I2P and a proxy...

A good VPN is far better then TOR, I2P and proxies and I stress the word here, 'good'

Without getting technical here so others can understand, there is simply a lot more going on with TOR, I2P and proxies to trust when compared to a good VPN.

Let someone else explain all the technicalities here, but honestly, a good VPN is much better then TOR.I2P and proxies....

Spooony what makes you think because someone offers a VPN service it's not a VPN? Of course there a VPN providers...

You can also chain up anything, VPN/proxy/tor proxy/proxy/tor/VPN, etc, etc...

Please don't make it seem like you can only chain proxies, you can chain up all sorts of connections in all various ways...

Spooony I also did the proxy thing, like these sites you are listing here, 15 years ago before I knew any better.

Yes there is the possibility some of these are public you find out there and some people even offer real public open ones to help with the fight against privacy and so on, but the majority are not open or public, they just happen to be proxies used by a school or a business as an example that need them for their own purposes and people find them and call them open and public and they're not.

You want to talk and about TRUST here, forget it with all these so called open proxies you have no idea who you are connecting to, no one should ever go out and use all these so called open public proxies unless it's some place that really offers their own.

Now Tuvpn does happen to offer their own proxies you can use;

www.tuvpn.com

How good is Tuvpn, I don't really know, but the idea here is to stick to hopefully a reputable business that offers proxies and use them like this...

 

Ok lets call it a 'VPN' for now. But a VPN they can see your behind proxy. I do a dns lookup on your ip I know your hiding behind something. Ok your connected via ssl lets strip it away.

That's where elite proxy got the advantage. Its dns lookup doesn't say XXXVPN. It doesn't throw out a host name even so it looks a person sitting behind his pc with his real ip.

 

If it's a good VPN it doesn't matter what can be seen, no one will know who or what it is as well...

With a good VPN you know who you are dealing with. All these so called proxy lists you are showing, you have no idea who you are connecting to, do you? You don't, BIG RISK, BAD!

A proxy has no advantage over a good VPN.

1. The VPN is safer, as in SSL, an elite proxy isn't...

2. VPN works on the network layer (of the OSI), as opposed to the proxy, which is working on the application layer..

3. A good VPN is also a secure encrypted tunnel a proxy is not...

4. VPN is not vulnerable at the application layer, a proxy is. Flash / Java / JS / ActiveX / Plugins can bypass the connection/proxy settings of native SSH tunnels and proxies.

You might want to start looking too at IPsec, maybe you forgot this is also a VPN...

In big business, that knows how to run business, they use some form of VPN, they don't run proxy servers.

No WORLD CLASS business runs a proxy server facing open to the web, that's total BS and all these so called proxy lists out there are all BS too, all you're doing is piggy back riding off some open connection that's out there and sooner or later it get's closed why because the stupid admin didn't realize his server was going to get owned.

And if there are any decent proxies out there, then it has to be setup and run by some legitimate business and I don't mean these so called proxy sites that make you pay to their special list either, LOL....

I don't mess with proxies, they're nonsense when compared to a good vpn so I don't follow that rubbish, but I do know one company that offers proxies as I mentioned before, Tuvpn, this is what you really want to look for.

Spooony read about IPsec; (It's a standard and no proxy is going to stand up against that)

https://secure.wikimedia.org/wikipedia/en/wiki/IPsec

Oh and SecureSystem, VPN is not on the application level either, it works at the network level. Also as far as having REAL safety, security privacy and anonymity, it will never be as good on the application level as the networking layer...

STAY AWAY FROM THOSE PROXY LISTS PEOPLE - DANGEROUS!

 

Yes I do. The proxy details is there. Port everything. Not every block is going to run a proxy that supports the connect command. Using proxies that don't support the connect command or ain't socks 4A/5 is a bad idea

Their the same. One is you pay for trust.

Most cases your connecting thru a http proxy or https. With a elite proxy its the same. Elite proxy is not a protocol its just a anonymity level. Elite proxies can be socks 4A/5, https etc etc

No software turns your pc into a web proxy and a socks proxy that can be used by your applications. Which still go thru another proxy (VPN) its the same thing. Sockscap, freecap. Have a look what it does

Nope. Again both are proxies. It depends on the protocol you choose

A VPN is not a antivirus. It will hide your ip if the application communicates in band. Same as a proxy. They do not remove tracking cookies or wash the headers.

IPSEC is site to site like a real VPN is. There's no provider. Its extending your private network over the internet. You connecting to your offices. You don't need any third party involvement in that.

In big business you don't use third party servers. You use VPN site to site connections. Your employees will be the ones using 'VPNs' with third party servers trying to bypass your filtering to get onto facebook .

no world class business make use of a $6.99 a month 3rd party service to hide their ip. They will use site to site VPN and have their own server on both ends. No third parties involved.

They use $45000 firewalls for starters with VPNs build in configured and cared by IT persons who knows more than the VPN providers personal do.

Again. VPN, connectivity service difference.

please look up what a VPN is. OpenVPN is a replacement for Ipsec as it has the advantages of both Ipsec and SSL/TLS.
Google OpenVPN because your confused between a VPN and a connectivity service.

A VPN does not include a third party. Again its site to site.

no the internet is dangerous. Only secure protection from dangers of the internet is a Open Gap firewall i.e. Pull the plug.

The list was just a example btw. I told him what I was doing. I did not tell him to do it.

 

@Dasfox - And your definition of a good provider is? One that doesnt keep logs, one based in multiple unfriendly jurisdictions? How do you know? Your argument in favor of vpns, or anything anonymity-related, fails when you bring "trust" into the equation. Please dont recommend xb or another such service. It's not really private and one cant verify the anonymity of the thing.
Also, proxies are not a bad example. Yes, public proxies are a waste of time. But cant reject them outright.
Just remember that any sort of anonymity network is far better than any "good" or even "great" vpn. It doesnt have to be slow and you can encrypt your communications to a vpn's level.

@Spooney - Freecap and sockscap are alright. So is proxifier. But the issue with these is that most applications leak. And vpn is a way around that as DasFox suggested but then again there's the "trust" issue with a vpn. Now, for TCP application, Tor (modified to use only fast nodes) is the best. But I still havent found a decent anonymity solution for all protocols.
Regarding proxies, I do agree with DasFox to a point. Even elite ones are not really a resistance to any global adversary and the chain can eventually be traced back to the source. Anonymity-networks, if used properly, are best.

 

I'm on a mobile network. In our country its easier and cheaper to get connected via a broadband modem via a cellular service. No matter what a provider says, it's not a real Internet connection (i.e. it is not using TCP/IP). Mobile networks emulate some protocols from the TCP/IP protocol suite, among them TCP, UDP and ICMP. They only do it to a certain degree andin most cases the emulation is not entirely transparent (for example, many providers reduce the quality of JPEG images when browsing Internet web pages to conserve bandwidth). To avoid applications running into timeouts all the time, many signal a successful TCP SYN-SYNACK-ACK handshake even though an end-to-end connection hasn't been established yet.
So whenever I connect my imei gets logged. That's a tracking cookie that can't be removed. Using a VPN will not have the benefit like on dsl does because mobile broadband have to go through a ARP proxy before getting onto the internet. I can use one to make my routing a bit better but that's about it. Also with online games a connectivity service helps me even out the lag. So proxies for me is no problem. I can emulate a sort of lan connection with a virtual machine but like I said with proxies you need a good manager. I know what my browser sents thanks to http headers live and tamper data. Also I have found at lots of places of a VPN ip being blacklisted because of other users causing problems from it. Site admins just ban the ip. Had my users account deleted using them so I chose the proxy way. I have a good manager so I always get my ones to chain up that supports the connect command

I'm on a mobile network. In our country its easier and cheaper to get connected via a broadband modem via a cellular service. No matter what a provider says, it's not a real Internet connection (i.e. it is not using TCP/IP). Mobile networks emulate some protocols from the TCP/IP protocol suite, among them TCP, UDP and ICMP. They only do it to a certain degree andin most cases the emulation is not entirely transparent (for example, many providers reduce the quality of JPEG images when browsing Internet web pages to conserve bandwidth). To avoid applications running into timeouts all the time, many signal a successful TCP SYN-SYNACK-ACK handshake even though an end-to-end connection hasn't been established yet.
So whenever I connect my imei gets logged. That's a tracking cookie that can't be removed. Using a VPN will not have the benefit like on dsl does because mobile broadband have to go through a ARP proxy before getting onto the internet. I can use one to make my routing a bit better but that's about it. Also with online games a connectivity service helps me even out the lag. So proxies for me is no problem. I can emulate a sort of lan connection with a virtual machine but like I said with proxies you need a good manager. I know what my browser sents thanks to http headers live and tamper data. Also I have found at lots of places of a VPN ip being blacklisted because of other users causing problems from it. Site admins just ban the ip. Had my users account deleted using them so I chose the proxy way. I have a good manager so I always get my ones to chain up that supports the connect command

you using a VPN with a provider (connectivity service) means your also using a proxy service. Its the same thing only difference is you have agreed terms with the one where a public one you don't. But its not a different protocol. Its a proxy as well. If your surfing on websites ,most of the time your connecting to http so the last connection to the site will be unencrypted. Your still open to man in the middle attack. You connection to the VPN server will be secure.
For getting your ip part. No unless they get access to the logs of that proxy service. In my case all three of them. Not much getting hold of the guys running them. Also good luck for any authority trying to subpoena one of them.

 

A proxy and vpn are not the same.

PROXY = APPLICATION LAYER
VPN = NETWORK LAYER

1. Proxy = Application layer, why, how do you use a proxy?

2. VPN is a network layer, why, how do you use a vpn?

3. With respect to both 1 & 2 because they both happen on different layers, this is how you can see some of the basic differences...

4. OpenVPN is not a replacement for IPsec because IPsec is a PROTOCOL STANDARD, OpenVPN is an implementation of a VPN.

1-4 are the simple facts of a VPN vs PROXY, because they happen on different layers.

The only thing dangerous here is the misinformation being spread in this post about what a proxy and vpn is!

And as far as TRUST with a VPN provider I'm not talking about the rubbish fly by night $5 a month VPNs either...

And no using these so called Public Open Proxies are never a good idea, because you never know who you are connecting to and the simple fact that these are just open networks some admin or person didn't know how to close. After all why do you think you see all those so called open public proxy lists change all the time and that so called open proxy you were using one day is gone the next? Because it's not open and free, you've just taken advantage of the stupidity of that Network Admin and actually got on their network.

Using all these so called public open proxies is not legal either people! The only real thing as a true open public proxy is when some business as I pointed out before like Tuvpn offers a proxy, beyond this, all the others, you are illegally using, so beware!

While we're at it Spoony you might want to go back and try explaining your own words here below, because you've been saying one thing here, then another on a different post below. And if you're going to stick to what you are saying below and can even understand your own words, then by your own definition below you have just confirmed all along what I've been saying;

---> PROXY = APPLICATION LAYER - VPN = NETWORK LAYER.

 

I said in this post as well a VPN is not a connectivity service.

VPN -> site to site
Connectivity Service -> so 'called VPN where there's a provider involved.

I just said VPN because I don't want to confuse anyone because they call a service where you pay someone to use their proxy a VPN. So for the sake of it I said VPN because I dont want to say post after post what a VPN really is.

You seem to know the protocols of a VPN but don't seem to understand the rest. A VPN is a site to site. That means extending your private network over the internet to another private network. There is no third party servers involved. You don't need to hide your ip from yourself because your connecting to your own private network.

You don't browse the internet with a VPN. You don't pay anyone to use their server because then its not a VPN. A VPN is one straight tunnel from one private network to another. That's a VPN. So stop using the word provider and VPN in the same line.

Using a proxy service is illegal? So paying someone to use their proxy service like a connectivity service must all be Illegal then.

You don't browse the internet with someones else's IP and call it a VPN. Once you say the word provider then its not a VPN.

For application layer you seem to understand iy wrong. OpenVPN is SSL/TLS with the advantages of Ipsec. Once you use a third party server to browse the internet all it does is turning your pc into a socks proxy for your applications. Your not going to use Opera or firefox in a VPN. Your not going to browse your home pc with a internet browser.

 

Explain what this stripping of SSL is you mean?

With a VPN if they didn't setup a DNS PTR record, let alone one with a value that announces you're using a proxy or vpn service then you're not getting anything.

VPN= Virtual Private Network, I know what it is and I know that VPN supports various protocols and that VPN is not a protocol, IPsec is...

We need to get back to the basics here that can be explained in simple terms so others can understand it too.

Try to explain these in simple terms others can understand because they can be explained in simple terms...

1. How do you use a proxy?

2. How do you use a VPN?

3. Why do you think because you use a so called VPN service this is not a VPN and you can't surf the internet with it?

And I said using all the so called open public proxies that you typically find on the internet with a list that keeps getting updated like every 24 hrs are illegal. I didn't saying using proxies was illegal if it's being provided by a reputable company that offers this service, I also explained this like three times and you keep repeating this, that shows me you are not paying attention to this conversation.

So show the community of Wilders what you think is a reputable Proxy service?

 

man-in-the-middle

Proxy - a server setup designed to offer either firewall security or faster access to cached content normally accessible only through slower connections.
Proxy server - is the software installed on some network server. The main purpose of this software is to relay traffic between two network hosts (client and server), sometimes this software does some data caching (usually this is performed by HTTP proxies). If your browser is configured to work through the proxy server then all your network traffic will go through that proxy server.

You install the software then create a tunnel between client and server with keys created by you or a other party. Edit your config file. Exclude the routes then you connect

A VPN is a site to site tunnel. Let me say this one more time. A VPN is a site to site tunnel.

Proof it. Show me the law that states that.

Tor, Your-freedom, hidemyass, Cyberghost, Loki, Creating your own with India web proxy, +":8080" +":3128" +":1080" +":443" +":1080" filetype:txt OR filetype:html

read this

http://soft.rosinstrument.com/lib/Technical/Proxy_Docs/rfc2817.txt-ps100-pn1

 

Just to clarify a few things in this post that are misunderstood or misreported:

1) A VPN is a site to site tunnel. This tunnel is created between computer A and computer B. All data is encrypted between them (usually AES-256 Bit). This is NOT SSL and can NOT be attacked with SSL strip. However there are some MITM attacks against some VPN protocols. These require capturing the handshake and attacking it. VPN's are used for SECURE and (under some circumstances) Anonymous browsing.


2) A VPN can be used for anonymous surfing. DNS Leaks only occur if a poorly written application(s) or connection is used (openVPN has (had?) these issues). You CAN mitigate this your self by changing you DNS. (Who uses there ISP's any ways?)


3) Proxies are web ONLY. This means http and https traffic is being sent from your computer (A) to the proxy (B) and then to the web site (c) the website sees the proxy (B). Any 12 year old could trace the IP back to the proxy. and about 99% of proxies will turn over data with NO warrant. even so called "elite" proxies - It has and does happen all the time - you are trusting a third party. Proxies also do NOT stop websites from discovering you by other means (Cookies, bugs, javascript, referrer ID's etc.). Not to mention applications running that are NOT going through the proxy.

4) TOR, i2p, etc. are the only REAL way to stay 100% anonymous (provided you use TAILS or configure applications properly. TOR has SECURITY issues not ANONYMITY issues. No one has EVER been tracked through TOR or i2p. Passwords and data have been stolen however. (Tunnel a VPN through TOR to fix that issue).

Anonymity increase as so:

Proxy --> VPN ---> TOR /i2p --> Combination of them

Proxies have been defeated in many ways - I don't get why people trust them so much. TOR has been proven again and again use it or a VPN or both.

(Feel free to disagree )

 

So we can be clear here, I know what all this is, I'm not asking you to explain to me anything, I asked for a simple answer so others can understand...

Let's try this again with a PROXY...

You go out find your proxy from some site now you are sitting here looking at your computer saying, ok I'm new to all this, how am I going to use a proxy and connect to the internet to surf?

At least you explained the VPN simple enough for others, the proxy not so simple for others to still grasp how they are going to use one for themselves...

Got it now?

THANKS

Let's also not relate everything to the conversation like this is for Windows only, as in reference to response over DNS leaks, well we don't get leaks in OSX/Unix/Linux with proper routing tables, we do however get them in Windows...

Thanks for a better explanation here for others to understand...

Proxies are lame, they are the application layer with more vulnerability, where VPN on the networking layer is more secure...

TOR has security issues, LOL, that's a good enough reason to stay away!

Security should always be the first rule of order for anyone, if not, then we all have our computer priorities backwards...

Privacy and anonymity should never taken precedence over security, because when you loose that, you can loose it all and then it doesn't matter...

 

Agreed on all of that. Yes the DNS leak is Windows only

 

Not sure if this is the thread to post.

i was not able to chat through tor browser when login hotmail account.

is there a service that i can run browser normally e.g. internet banking while still chatting msn anonymously...

can we select program or application to run remotely through vpn?

 

Please, let's be careful here people how we are discussing this, so far it's been sounding like using a VPN is bad because of the trust needed...

The truth is for everything that is being discussed here, TRUST is a big issue with all of them, so please, let's not place anyone thing in this category like it out weights them all because it doesn't...

I don't care what you use, because if you're not running your own servers, then there has to be a level of trust for all of them to be looked at, proxy, tor, vpn, etc...

But, the reason I will tend to favor a VPN at this point in time, until someone can really step into Wilders with some real technical proof to the contrary is that a GOOD VPN that you can trust, through communication, questions you've asked, the company has a reputation already in place, known credentials, etc., and you know this is a reputable business, it's going to be hard to out do something like this.

Simple point in case, take Comodo for example they offer a VPN, also the people of OpenVPN have their own VPN service, now are we really going to sit back with companies as legitimate as these and say we need to worry about trust? This is just the point and example I'm trying to make because there are real legitimate companies around the world offering VPN...

https://www.shieldexchange.com/
http://www.comodo.com/trustconnect/

Cheers...

 

VPNs connect machines on different networks -- clients to servers (although sometimes it's more symmetrical than that). Typically, those machines are routers, and the result is a virtual ethernet connection between the networks that they host.

Enterprises typically use VPNs to connect multiple locations. Individuals, as you say, typically use VPNs to connect their work computers and home networks. Consultants use them to connect to their clients' networks.

However, VPNs connections are frequently used in other contexts. For example, when one establishes an OpenVPN connection to a "privacy/anonymity" service, the OpenVPN server may be a standalone proxy server ("one-hop") or it may be a geographically distributed virtual network ("multi-hop"). Multi-hop networks are typically crowded, with many users sharing each exit IP, and they multiplex traffic with peers. Although some one-hop services allow users to "roll their own" virtual networks, one doesn't get crowding and multiplexing that way (unless one runs a service, with many users, and has peers).

One can also establish VPN connections with other "enthusiasts". Google Anonet and "bogon network" for more on that. Please be aware, however, that botnets are a popular application, so be very careful who you peer with

 

Are these elite proxies dangerous? I use them on forums such as this when I want to post because the elite ones allow forum logins. My goal is only to hide my browsing from my ISP. Right now I am using wilders in HTTPS on an elite proxy from Austria. I've often wondered how risky this is as far as picking up viruses and maleware etc.