Tor-Firefox-Proxomitron

Discussion in 'privacy technology' started by Liquidslam, Dec 4, 2005.

Thread Status:
Not open for further replies.
  1. I'll accept your some sort of apology.

    Try not to be so insecure next time, nobody said 'your' method is bad.
    And if I were a glory hound, I would point out that the second link in post #17 was actually a post of mine!!!!!

    And being an equally glory hound, I would say that paranoid2k's #24 just repeats points I've already made. :)

    Bah, I already mentioned this link way back in 2003! :) :)

    Just kidding.
     
  2. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    With sarcastic comments like this, what do you expect?
    How many names do you have?
     
  3. Just poking fun at you, look at your own post #17 again.

    Some of the deviladvocates are not me.
     
  4. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    I'm looking.......What is soooooo bad about post #17 that gives you such a h@#* ono_Oo_Oo_O??

    Anyway, as P2K has clearly stated, it's probably worth checking both varients out, before we condemn.
    I have tested both, and after using the Proxo method with several headaches configuring it to suite my needs, i've gone for the easy option(extensions).
     
  5. It's not bad, just over anxious. As you admitted you jumped in without reading my post #15.

    There you go again being overly sensitive. Show me any sentence where I or paranoid2k or anyone for that matter *condemn* . Nobody was condemning anything. Just stating why someone might conceviably prefer one method rather than another that's all.

    In fact if you read my post #15, you can see I was explaining how the whole big mess began with the firefox flaw and slowly evolved to the complicated mess we have today. And the implication was that people made a virtue out of necessity.

    Seriously this is silly, for someone who claims to be knowledgable about firewalls, shouldnt you be spending your time teaching people about firewallso_O
     
  6. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Right, enough is enough.
    For the original question(whatever that was), please bear in mind both suggestions, as they both work/tested. Proxo is very difficult to configure, however there is an abundance of info on how to do so(castlecops being my favourite).

    Good day to you all, goodnight.:D

    Edit: Oops spelling error!!

    Edit Edit: P2K, reference this thread 'Run application' - Privoxy/Tor, as promised, this is my solution.

    Thank you.
     
    Last edited: Dec 9, 2005
  7. bent

    bent Guest

  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Yes, I've had this issue too - it is apparently due to new Tor exit nodes needing to be registered with Google so that it then permits a higher volume of requests from them.

    In the meantime, you may find the Proxomitron Google-Scroogle redirector filter a suitable workaround (not to mention another string to Proxomitron's bow...).
     
  9. bent

    bent Guest

    wow. That was a lot to absorb and try to understand. I did not see any of those folders in proxomitron.
     
  10. This seem to be a very "often temporary failure" I don't think I can accept so much of this -

     
  11. loansome

    loansome Guest

    lol - that was easy. I fixed it.
     
  12. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    How did you fix it,, mate??
     
  13. Liquidslam

    Liquidslam Registered Member

    Joined:
    Apr 1, 2005
    Posts:
    15
    I just now checked back with this thread for the first time in two weeks and am amazed at the number of replies that came in and the overall professional level. None of the one-eyed leading the blind stuff that I've encountered on some other forums. I see I should have become a member of this one a long time ago.
     
  14. tony62

    tony62 Registered Member

    Joined:
    Aug 26, 2005
    Posts:
    214
    Location:
    UK
    Glad we could all help.........and entertain:)

    EDIT: After experimenting alot with both Firefox Extensions and Proxomitron, i've decided to stick with Proxo. Although i learned alot with the Extensions, proxo does offer better control over the pages you are viewing(just alot more difficult to troubleshoot).
     
  15. _john

    _john Guest

    HI all. I'm very new to this and managed to set it up and it works.

    whatismyip.com cannot detect my True IP. BUT.. whenever I visit this site:

    https://www.grc.com/x/ne.dll?bh0bkyd2

    It detects it. How come?
     
  16. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    The GRC URL is using the https (encrypted web access) protocol - you need to ensure that your browser is set up to use Tor for https as well as http traffic.
     
  17. -john

    -john Guest

    No wonder. the (s) at the end of http.

    I can't find it in FireFox.. all I have are:

    http
    ssl
    ftp
    Gopher
    Socks

    I can't find (https)

    Also is it safe to Log into Forum while using Tor? Will my username password be compromised?
     
  18. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    ssl (Secure Sockets Layer) = https
    Without Tor any http data you send is sent in the clear and visible to your ISP and anyone else with access to your local network (or any part of the route followed by your request as it travels to Wilders). With Tor it is sent encrypted to the Tor network and is only "in the clear" when it exits Tor - it has to be decrypted at this stage since the server you are contacting expects unencrypted data. With https, traffic is encrypted all the way with Tor adding extra levels of encryption.

    The benefit of using Tor (and similar systems) is that the website you contact does not know where you are (assuming you are running a web filter to disable Java/ActiveX applets which could be used to find this out) and your ISP/local administrator cannot determine what sites you are visiting.

    As for username/password data, usernames for vBulletin forums (like this one) are send in the clear while the password is scrambled (it is actually sent hashed using MD5). Therefore even if someone did pick up your login data they would not be able to determine the password.
     


  19. Practically speaking though you don't need to fill in anything in the "SSL proxy" field in the browser??

    If you are using the proxomitron+Tor method, you need to setup proxomitron via the method posted in your thread about dangers of HTTPS

    then it seems just putting 127.0.0.1 in the normal "http proxy" field is enough, proxomitron itself handles HTTPS automatically theno_O?

    If you use the method discovered, invented ,trademarked, copyrighted and patented by Tony62 it seems just filling in the 127.0.0.1 for the socks field is enough as well.

    This (second thing) surprised me when i was testing it a while ago. i dont really understand the whole business.



    Personally I wouldn't do HTTPS + Tor for stuff like ebanking. Just plain HTTPS is enough. I mean ISPs can't really snoop in and see the content (what kinds of transactions are happening, or see your password) though they can see the site (bank site) you are connecting . For most people except for terrorists or drugdealers trying to hide the flow of transactions this isn't important.

    Right?

    And on the flip side, you generally (though the paranoid certainly can dream up scenarios where this isn't true) don't need to be annoymous to your bank either. They have far more sensitive information on your then your current ip.

    Right?

    Well you of course a simple naive hashing of the password alone isn't sufficient, because of the possibility of a replay attack. Because in such a case They don't actually need your password, just capture the hashed md5, and it's as good as the password.

    You already know this of course, i'm just saying.
     
  20. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,633
  21. Yes of course, the link i made to dangers of HTTPS also links to those files.

    But Tony62's method doesnt even need this, and it still works with HTTPS sites!!!
     
  22. axnz

    axnz Guest

    TOR alone can do all that with no other programs like Proximitron and PRIVOXY?

    I have Priv/proximitron and TOR running right now and have set it up but there are a lot I don't know yet. So my first question is: What can "TOR" alone do for me?
     
  23. devilish

    devilish Guest

    Tor alone can do that yes for both HTTP and HTTPS if you follow the instructions given here http://www.imperialviolet.org/deerpark.html.

    Whether HTTPS is available is however up to the server you are visiting, you cannot control this with or without proxomitron/privoxy.

    Sidenote: I'm still amazed this method alone handles HTTPS as well without any special setup. Guess it shows what i know about socks proxies. LOL.


    The long detailed reason why people use priv/proxomitron instead of straight Tor +firefox is described here in post #15 of this thread. Don't worry if it's confusing.

    For simplicity, I now follow the lead of Tony62 by recommending the method described here http://www.imperialviolet.org/deerpark.html . Just browser+Tor is enough.

    You don't have to care if the site is http or https, that setting alone will ensure Tor is used.
     
  24. axnzz

    axnzz Guest

    THank. I managed to configurated for FireFox and I'm using Proximitron to filter out web junks. One question I have is the "use remote proxy" in Proximitron. I have set it up to hide my IP but it lag my browsing so I don't use it that much that mean I leave it "unchecked".

    So that mean my IP will be visible to the sites that I visit. Regardless of whether my IP is hidden or not TOR still hide the site I go to from my ISP. Correct?
     
  25. devilish

    devilish Guest

    HUH? which method are you using? The link i gave is a method that does not involve proxomitron/privoxy at all.

    Are you using A)Tor+proxomitron+ privoxy?

    or B)Tor+Proxomitron(sockified with sockcap or freecap)?

    or C)Tor + Privoxy?

    Or just D)Tor alone?

    I do not recommend C) because it cannot handle HTTPS.

    If you are using Method B) , you don't need to check "use remote proxy" to use Tor

    If you are using Method A) which I suspect you are, You definitely need to check "use remote proxy" to chain it to privoxy. Otherwise you won't be using Tor!

    Method A is this

    Firefox---> Proxomitron--->Privocy--->Tor--->website

    Check remote proxy in proxomitron tells proxomitron to forward to Privoxy, and privoxy will then forward to Tor. If you break up the chain by not checking the box you get

    Firefox-->proxomitron--->website

    You are not using Tor at all!


    No! No! No!

    When Tor is on, you gain both benefits together. If Tor is not on, you lose both!

    Proxomitron/Privoxy do not hide your ip from websites, neither do they hide activity from your ISP.


    If this is not clear, please give exact details on what you are doing. Otherwise we are just wasting time.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.