TOR question?

Discussion in 'privacy technology' started by personguy666, Mar 3, 2012.

Thread Status:
Not open for further replies.
  1. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    I was on facebook w/ tor and got the message "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.

    Are you sure you want to continue sending this information?"
    clicked continue does that make ip visible?
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Not the IP - just everything you sent.
     
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    And not just visible -- modifiable.
     
  4. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    Wait dosent facebook already see all it you post?
    also is this answer on ya correcto_O
     
  5. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    btw what do you mean modifiable??
     
  6. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Although Tor can provide quite strong anonymity, configuring applications to safely work with it is nontrivial. If an application isn't properly configured, it can leak your true IP address. Unless you really know what you're doing, it's best to just use TAILS -- or at least TBB. And don't mess with them.
     
  7. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I'm referring to man in the middle attacks.
     
  8. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    So was ip leaked?
    and whats a man in the middle?
     
  9. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    oh and also btw js isnt "disabled" in tor by default...what is this.
     
  10. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    and tor bundles supposed to auto config.
     
  11. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
  12. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    I have no clue ;) Try this -http://ip-check.info/?lang=en

    Seriously? If I weren't so polite, I'd give you a LMGTFY link ;)
     
  13. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    It used to be, but people kept adding it to watch YouTube, so they gave up. Use NoScript, and be careful what you enable.
     
  14. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's true. But it won't route non-browser traffic through Tor.
     
  15. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    In a typical (And incredibly simplified) connection you have

    A (the user)
    Z (The server/ the website ie: FAcebook)

    So you send information from A to Z and information comes back Z to A.

    In a MITM attack it goes A to C to Z where C is a hacker.

    When you use HTTPS the content between A and Z is encrypted and the hacker can't read or manipulate the data.

    When there is unencrpyted content on the page the hacker can modify that data and read it. This means they can insert scripts that read your page or anything else that they like.
     
  16. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    i cant use the ip check link because i clicked continue yesterday.
    just worried whether i should continue using that fb account
    kuz i rly dont wanna disable it cause i clicked that
    btw what does js have to do w/ youtube?
    youtube vids don't work on tor even tho js is by default on...
     
  17. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
  18. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    cmon guys i need a final answr
     
  19. m0unds

    m0unds Guest

    there's no way to know whether your IP leaked based on the information you provided.

    also, why use an anonymizer on a social network? o_O
     
  20. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Even anons like to be social ;)
     
  21. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    i was on my alt account
    fb always bans my alt accts and even sees thru proxy so i use tor.
    i made a page and clicked on "use facebook as page" and got the message.
    used the latest tor bundle version, all default.
    my question, is the click of "continue" alone enough to reveal ip?
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    That's a generic warning from Firefox. It's warning you that, even though you're on an "encrypted" page, you're about to send unencrypted data to it (or somewhere, anyway). Without more information, I can't even guess why that would have happened.

    But it doesn't mean much about whether your IP is being revealed or not. It's possible that the page was hacked. But even Metasploit's decloak.net (which no longer runs for me, by the way) can get true IPs if Tor is properly configured. Also, if Facebook were getting your IP through a correctly coded HTTPS page, you wouldn't get that warning anyway.
     
  23. m0unds

    m0unds Guest

    haha, social anonymity..sounds like a recipe for no social interaction :p

    if *everything* in the browser goes over TOR (HTTPS, HTTP) then it's very unlikely that it would have been exposed.

    all that prompt is saying is "hey, the page you're looking at now is SSL encrypted, but this form or link clicking on or submitting isn't" it's just making you aware that while the page is encrypted, whatever you're clicking on is going out over HTTP.

    *EDIT* mirimir beat me to it, haha
     
  24. personguy666

    personguy666 Registered Member

    Joined:
    Mar 3, 2012
    Posts:
    66
    k then last q.
    does tor bundle always warn u in case of annoymity leaks?
     
  25. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    "Always"? No, it couldn't. There are many ways to leak, and TBB could never detect many of them. I'd use TAILS, because everything (the OS, other apps, etc) has been optimized for using Tor, not just the browser. You might want to subscribe to -https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
     
Loading...
Thread Status:
Not open for further replies.