Does Dresden Mix notice me?

Discussion in 'privacy technology' started by febainy, Jul 25, 2014.

Thread Status:
Not open for further replies.
  1. febainy

    febainy Registered Member

    Joined:
    Feb 11, 2014
    Posts:
    48
    I have set JonDo network setting to Tor address and port, Do the Dresden Mix operators know my local IP address or IP address from Tor exit node?
     
  2. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Are you using JonDonym's Tor client to run Tor through JonDonym? Or are you wanting to run JonDonym via Tor. I'm presuming that it's the later.

    When you say "Tor address and port", I presume that you mean "127.0.0.1:9050" (SocksPort) or "127.0.0.1:9040" (TransPort). Right? Which one? If so, JonDonym entry mixes know only the Tor exit IP address.

    But there's another issue: DNS lookup. I don't know how JonDonym handles that. Firefox, for example, has the built-in preference "network.proxy.socks_remote_dns" that, when set "yes", directs DNS lookups to Tor's SocksPort. The Tor client encapsulates DNS requests, and sends them through the active circuit to the exit relay.

    Apps without such features need instead to use Tor's DnsPort, which does essentially the same thing, except through a separate circuit. For that to work, you must set 127.0.0.1 as the system DNS server.

    Also, it's crucial to configure firewall rules that allow only Tor to access the Internet, and allow DNS requests (port 53) only to 127.0.0.1/32.
     
  3. febainy

    febainy Registered Member

    Joined:
    Feb 11, 2014
    Posts:
    48
    Why when we talking about internet anonymity most of times we don't talk about DNS leakage, which can make the ISP knows where you come from and what site you are visiting, it's about anonymity too.
     
  4. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Most people probably don't even know what DNS is, let alone why leaks are problematic.
     
  5. febainy

    febainy Registered Member

    Joined:
    Feb 11, 2014
    Posts:
    48
    Yes I configured network.proxy.socks_remote_dns be true, is that would make the URL send to JAP network to resolve and they only know the exit node send the URL without knowing real IP address send to JAP?
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    Yes, that should be fine for the browser. But you'll need to setup DNS lookup properly for other apps. If you don't want to deal with that, I recommend using Whonix with JonDonym. The easiest way to do that would be running the JonDonym client in a pfSense VM. See http://anonymous-proxy-servers.net/forum/viewtopic.php?f=9&t=8417&view=previous
     
Loading...
Thread Status:
Not open for further replies.