Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

JAP,TOR,Socks Proxy ,Tunneling and Stunnel

34 views
Skip to first unread message

611 Folsom Street

unread,
Sep 30, 2008, 8:28:47 AM9/30/08
to
I'm still a bit unclear about the following points, perhaps the privacy
gurus here can explain.

1) What is the major difference between JAP and TOR? Is it merely that
Tor is a socks proxy that allows a suitably "sockified" app to connect
with it, while JAP is strictly for HTTP only?

2) When you sockify a app and run it through TOR , your isp is hidden
from whatever you connect to right? But what about your ISP? Can it see
where you are connecting to? Or does it merely see you connecting to the
socks proxy?

3)What is tunneling?

4)Stunnel appears to encrypt connections so no-one can see what is being
sent right? How does this interact with Tor or JAP?

Thanks
--
http://tinyurl.com/65pba5

Ari

unread,
Sep 30, 2008, 8:50:13 AM9/30/08
to

http://www.panta-rhei.dyndns.org/pan...dEncryptionFaq

Is a very interesting and detailed guide on how to use Tor, Privoxy,
Stunnel, Freecap and DCPP.

1. JAP is an HTTP proxy but can handle HTTP, HTTPS and FTP protocols.
It has a limited number of mixes you can connect to so performance can
be slow. The client is written in Java so should run on any system where
a Java Runtime Environment is available. All traffic is encrypted using
128-bit AES. The JAP client may soon be able to connect to Tor servers
(see the comment about JAP at the bottom).

Tor uses SOCKS and has more servers available. It should be able to
handle any application that can be SOCKSified (not just web/file
transfers). Versions are available for Linux/UNIX and Windows but not
others (Apple OSX users may be able to use the FreeBSD version). All
traffic is encrypted using 128-bit AES.

2. Since both Tor and JAP encrypt traffic, all your ISP will able to
see is the encrypted traffic being sent to the first Tor node/JAP mix.

3. Tunneling is using one protocol to carry headers and data for
another - for example you could include file transfer protocol commands
within an HTTP request to allow it to pass through a firewall that only
allowed HTTP. For tunneling to work, it must go to a server that
"unwraps" the protocol at the other end. Tunneling can include
encryption and authentication but does not have to.

4. Stunnel allows you to tunnel network connections within an SSL
(HTTPS) connection providing encryption. It must connect to a stunnel
server which then decrypts the data. It does not provide anonymity on
its own but a network of stunnel servers randomly routing data between
themselves multiple times should give the same level of protection as
Tor or JAP.

--
http://www.youtube.com/watch?v=fJVydzNJrno

611 Folsom Street

unread,
Sep 30, 2008, 8:52:28 AM9/30/08
to

1) Can your ISP see where you are connecting to?

2) Can your destination figure out your orginating ip

3) Are the contents you send secure against prying eyes on route?

I'm less concerned with 1, but it's nice to have if possible.

If I use Tor or JAPS I'm automatically assued of 1)+2) no? But it won't
protect the contents from being intercepted between the last mix and the
final destination?

What if I use a simple annoymizer service? Or just Stunnel?

Ari

unread,
Sep 30, 2008, 8:55:44 AM9/30/08
to
On Tue, 30 Sep 2008 08:52:28 -0400, 611 Folsom Street wrote:

> 1) Can your ISP see where you are connecting to?

They will be able to see a connection to the first server of JAP or Tor
but not where they connect to in turn - so they will not know the
ultimate destination. Assuming that you are running a firewall, this
should report the same information - as will a netstat command run from
a command prompt window.



> 2) Can your destination figure out your orginating ip

Not from the traffic alone - it will appear to come from the last server
in Tor/JAP. However Java or Javascript can be used to find this
information from your browser (hence the reason for using Proxomitron or
another web filter to stop this). To see what information your browser
reveals, visit a site like BrowserSpy or Leader Network Tools.

It is also possible for a webpage to include Java/Javascript code
designed to cause a browser to make a direct connection bypassing any
proxies. Aside from blocking all Java/Javascript, the best defence
against this is to use your firewall to restrict your browser to
contacting the proxy only.



> 3) Are the contents you send secure against prying eyes on route?

While encrypted, yes. However since the desintation expects unencrypted
traffic, the final stage (between the last Tor/JAP server and the
destination) will be in the clear. For someone to identify it as your
traffic though, they need to monitor every server of Tor/JAP and perform
traffic analysis to link it with your (encrypted) incoming request. The
only groups with these sort of resources are likely to be the TLA
agencies (hence both Tor/JAP warn against relying on their systems for
"strong anonymity"). However to prevent ISP logging or website tracking,
these systems should be more than adequate.

> What if I use a simple annoymizer service? Or just Stunnel?

Since these only involve one intermediate server (rather than a whole
network), traffic analysis is much easier - meaning that they would
offer less anonymity. However (as mentioned above) a network of Stunnel
servers routing connections at random would give equivalent protection
(this is basically how Tor/JAP work).
--
http://www.youtube.com/watch?v=fJVydzNJrno

Ari

unread,
Sep 30, 2008, 9:02:56 AM9/30/08
to

Sparky

unread,
Sep 30, 2008, 9:36:52 AM9/30/08
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

611 Folsom Street wrote:

> I'm still a bit unclear about the following points, perhaps the privacy
> gurus here can explain.
>
> 1) What is the major difference between JAP and TOR? Is it merely that
> Tor is a socks proxy that allows a suitably "sockified" app to connect
> with it, while JAP is strictly for HTTP only?

That's probably the single largest difference from the user's
perspective. They're similar in concept, with your traffic being
encrypted multiple times and routed through several servers in such a
way that those servers can't collate your activity with an identity.
There's some "under the hood" differences, and the JAP network is
considerably smaller than the Tor network last I knew, but in practical
terms they're quite similar.

> 2) When you sockify a app and run it through TOR , your isp is hidden
> from whatever you connect to right?

You mean your IP address, right?

Yes, it is.

> But what about your ISP? Can it see
> where you are connecting to? Or does it merely see you connecting to the
> socks proxy?

Tor is a "SOCKS proxy" only at the local host typically. Beyond that
it's more of a simple connection based network of servers. So no,
technically your ISP can't see a SOCKS connection.

Your ISP sees only an encrypted connection to whatever entry node your
copy of Tor selects. They know you're using Tor, but can not know
anything about the content of that connection, or where it's ultimately
being made to.

> 3)What is tunneling?

Tunneling is using some third party server or service as an
intermediary or "relay", in such a way that all your tunneled activity
passes through and appears to originate from that third party.
Practical tunneling differs from simple proxying in that the connection
to the tunnel server (VPN, SSH, etc.) is secure, and you normally "log
in" to that server. But technically, even a plain vanilla HTTP proxy is
a "tunnel".

> 4)Stunnel appears to encrypt connections so no-one can see what is
> being sent right? How does this interact with Tor or JAP?

Stunnel, or SSL in general, extends the functionality of JAP/Tor by
securing content beyond the scope of those networks. For example,
without an SSL secured connection a Tor exit node could see everything
in your connection to http://gmail.com. Your login name, password, and
the content of everything you read or write to be sure. SSL keeps that
information out of the hands of the exit node and everyone between that
exit node and Gmail.

Stunnel also adds functionality to software that doesn't support SSL by
serving as a locally running "tunnel" or proxy, accepting plain vanilla
connections on one end and making SSL secured connections on the other.

And yes, I do realize Gmail doesn't even allow plain HTTP connections.
It's only an example. ;)

-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAkjiK1IACgkQUZCI41IC43igZwCfVPAGnHbck7ZfuF/JZuT03syE
X5QAoKaujR/L05LD/8KugT3SU8x45pZR
=r+bN
-----END PGP SIGNATURE-----

Sparky

unread,
Sep 30, 2008, 9:47:58 AM9/30/08
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

611 Folsom Street wrote:

Using JAP or Tor, no.

>
> 2) Can your destination figure out your orginating ip

Ditto

>
> 3) Are the contents you send secure against prying eyes on route?

Yes and no. :)

For JAP/Tor alone content is secure right up to the point it reaches
the last hop in whatever "chain" each software uses. At the exit node
Tor and JAP obviously cease to be a factor at all, so everything is
laid out naked for anyone to see. It is, however, still anonymous as
long as there's nothing in that content which identifies you.

>
> I'm less concerned with 1, but it's nice to have if possible.
>
> If I use Tor or JAPS I'm automatically assued of 1)+2) no? But it won't
> protect the contents from being intercepted between the last mix and the
> final destination?

Exactly. For that you need to either make secure connections "natively"
like you do when you visit https://whatever.com with a web browser that
supports SSL (pretty much all of them), or use something like Stunnel
to establish that SSL connection for you.

>
> What if I use a simple annoymizer service? Or just Stunnel?

There's no such thing as a "simple anonymizer service", they're not
really anonymous, and Stunnel doesn't afford you any anonymity at all.
Using those tools alone (without JAP or Tor) you give up 1 and 2, and
possibly 3. :(

-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAkjiLgEACgkQUZCI41IC43g6FgCeNojx4UAq/GJNuh5ojU0DS3bw
IvAAnAqEZ1btY/pcYMc7HwNcYnB/xtoQ
=GZS8
-----END PGP SIGNATURE-----

Ari

unread,
Sep 30, 2008, 10:37:13 AM9/30/08
to
On Tue, 30 Sep 2008 13:36:52 +0000 (UTC), Sparky wrote:

> Stunnel, or SSL in general, extends the functionality of JAP/Tor by
> securing content beyond the scope of those networks. For example,
> without an SSL secured connection a Tor exit node could see everything
> in your connection to http://gmail.com. Your login name, password, and
> the content of everything you read or write to be sure. SSL keeps that
> information out of the hands of the exit node and everyone between that
> exit node and Gmail.

This is an important point, it is a known vulnerability without knowing
who runs many of these Tor nodes.



> Stunnel also adds functionality to software that doesn't support SSL by
> serving as a locally running "tunnel" or proxy, accepting plain vanilla
> connections on one end and making SSL secured connections on the other.
>
> And yes, I do realize Gmail doesn't even allow plain HTTP connections.
> It's only an example. ;)

Do you mean Port 80?

Anonymous Remailer (austria)

unread,
Sep 30, 2008, 2:31:29 PM9/30/08
to

Ari wrote:

> On Tue, 30 Sep 2008 13:36:52 +0000 (UTC), Sparky wrote:
>
> > Stunnel, or SSL in general, extends the functionality of JAP/Tor by
> > securing content beyond the scope of those networks. For example,
> > without an SSL secured connection a Tor exit node could see everything
> > in your connection to http://gmail.com. Your login name, password, and
> > the content of everything you read or write to be sure. SSL keeps that
> > information out of the hands of the exit node and everyone between that
> > exit node and Gmail.
>
> This is an important point, it is a known vulnerability without knowing
> who runs many of these Tor nodes.

It's not a "vulnerability" you moron, it's common sense. Normal
people, and by normal I mean not like you, wouldn't dare log into
their email or bank/whatever sites without SSL.

So what in your tiny little pea of a brain sees this as something
that unique to Tor, JAP, or anything else?

>
> > Stunnel also adds functionality to software that doesn't support SSL by
> > serving as a locally running "tunnel" or proxy, accepting plain vanilla
> > connections on one end and making SSL secured connections on the other.
> >
> > And yes, I do realize Gmail doesn't even allow plain HTTP connections.
> > It's only an example. ;)
>
> Do you mean Port 80?

Did the poster say anything about ports?

No, nitwit, he did not. Try surfing to www.gmail.com. You're
redirected to a secure connection before the first bit of html is
transmitted. Imagine that.

Ari

unread,
Sep 30, 2008, 9:52:56 PM9/30/08
to
On Tue, 30 Sep 2008 20:31:29 +0200 (CEST), Anonymous Remailer (austria)
wrote:

>> This is an important point, it is a known vulnerability without knowing
>> who runs many of these Tor nodes.
>

> It's not a "vulnerability" you...

Whoa there, you with toner powder all over your face. When I ee advice
on how to count widgjits By Idjits, I'll click my heels. As a Working
Stiff, me being The Man, of course, you'll run like Mercury driven by an
ingrained response much akin to Step N Fetchit.

<snigger>

Off with you, tell all the lads on the manufacturing beltline how a 401K
is "actually equity in The Copmany"

lol

Barry Margolin

unread,
Oct 1, 2008, 1:22:26 AM10/1/08
to
In article <6kelugF...@mid.individual.net>,
Ari <DROPTheJo...@gmail.comCAPITALLETTERS> wrote:

> > 2) Can your destination figure out your orginating ip
>
> Not from the traffic alone - it will appear to come from the last server
> in Tor/JAP. However Java or Javascript can be used to find this
> information from your browser (hence the reason for using Proxomitron or
> another web filter to stop this). To see what information your browser
> reveals, visit a site like BrowserSpy or Leader Network Tools.

If you're using a NAT router, the IP that it will get from the browser
is your private IP behind the router. This isn't very useful to them.

BrowserSpy shows this as the "local address". It also displays "IP
address", but it's getting this from the HTTP connection, and if you go
through a TOR or JAP it will be the address of the last hop, not your
originating IP.

--
Barry Margolin, bar...@alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***

occam

unread,
Oct 1, 2008, 1:45:45 AM10/1/08
to
Ari wrote:
> On Tue, 30 Sep 2008 08:28:47 -0400, 611 Folsom Street wrote:

>>
>> Thanks
>
> http://www.panta-rhei.dyndns.org/pan...dEncryptionFaq
>

I get address not found.
anyone?

Ari

unread,
Oct 1, 2008, 4:49:31 AM10/1/08
to
On Tue, 30 Sep 2008 20:31:29 +0200 (CEST), Anonymous Remailer (austria)
wrote:

>>> Stunnel also adds functionality to software that doesn't support SSL by

>>> serving as a locally running "tunnel" or proxy, accepting plain vanilla
>>> connections on one end and making SSL secured connections on the other.
>>>
>>> And yes, I do realize Gmail doesn't even allow plain HTTP connections.
>>> It's only an example. ;)
>>
>> Do you mean Port 80?
>
> Did the poster say anything about ports?

Did I click my heels? Back to the cotton then. Instead of picking your
nose.

Cyberiade.it Anonymous Remailer

unread,
Oct 2, 2008, 12:57:06 PM10/2/08
to
Ari wrote:

> On Tue, 30 Sep 2008 20:31:29 +0200 (CEST), Anonymous Remailer (austria)
> wrote:
>
> >> This is an important point, it is a known vulnerability without knowing
> >> who runs many of these Tor nodes.
> >
> > It's not a "vulnerability" you...
>
> Whoa there, you with toner powder all over your face. When I ee advice
> on how to count widgjits By Idjits, I'll click my heels. As a Working
> Stiff, me being The Man, of course, you'll run like Mercury driven by an
> ingrained response much akin to Step N Fetchit.

Bloody hell. That's even more nonsensical than your usual spew.

Here's a bit of wisdom for your useless ass: Life is 10% what
happens to you, and 90% how you react to it.

Try not being a 100% loser for a change. You might actually gain a
little self respect. Seriously.


Dave U. Random

unread,
Oct 2, 2008, 12:27:31 PM10/2/08
to
Ari wrote:

> On Tue, 30 Sep 2008 20:31:29 +0200 (CEST), Anonymous Remailer (austria)
> wrote:
>
> >> This is an important point, it is a known vulnerability without knowing
> >> who runs many of these Tor nodes.
> >
> > It's not a "vulnerability" you...
>
> Whoa there, you with toner powder all over your face. When I ee advice
> on how to count widgjits By Idjits, I'll click my heels. As a Working
> Stiff, me being The Man, of course, you'll run like Mercury driven by an
> ingrained response much akin to Step N Fetchit.

Bloody hell. That's even more nonsensical than your usual spew.

Ari

unread,
Oct 2, 2008, 2:45:18 PM10/2/08
to
On Thu, 2 Oct 2008 18:27:31 +0200 (CEST), Dave U. Random wrote:

>>>> This is an important point, it is a known vulnerability without knowing
>>>> who runs many of these Tor nodes.
>>>
>>> It's not a "vulnerability" you...
>>
>> Whoa there, you with toner powder all over your face. When I ee advice
>> on how to count widgjits By Idjits, I'll click my heels. As a Working
>> Stiff, me being The Man, of course, you'll run like Mercury driven by an
>> ingrained response much akin to Step N Fetchit.
>
> Bloody hell. That's even more nonsensical than your usual spew.

Here, here My Little Trick Pony, I clicked my heels 8 hours ago, best ye
get your as in gear more quickly.

To: The Laborer
From: The Man

Ari

unread,
Oct 2, 2008, 2:45:52 PM10/2/08
to
On 2 Oct 2008 18:57:06 +0200, Cyberiade.it Anonymous Remailer wrote:

> Try not being a 100% loser for a change.

Try not posting the same thing three times, you st00pid clod. lol

astr...@yahoo.com

unread,
Oct 2, 2008, 8:44:14 PM10/2/08
to
> > Tor or JAP.
>
> 1) Can your ISP see where you are connecting to?

Tor uses three hops, the first does not understand where the last hop
will be let alone the destination.

> 2) Can your destination figure out your orginating ip

In you web browser if you have your java on it definitely could
browsing web sites. Read about tor vulnerabilities.

> 3) Are the contents you send secure against prying eyes on route?

Until the last tor hop, if the end site you connect to is encrypted
it's secure all the way. end to end encryption.

> I'm less concerned with 1, but it's nice to have if possible.

Do you mean not seeing it's connected to a tor server, as far as I
know it's possible to use a proxy before
the first hop and even after the last, if the last is 4ncrypted even
better.

> If I use Tor or JAPS I'm automatically assued of 1)+2) no? But it won't
> protect the contents from being intercepted between the last mix and the
> final destination?

Jap is obsolete, at least for web browsing. Tor uses three server hops
and only the last server could see
the content to and from.

>
> What if I use a simple annoymizer service? Or just Stunnel?

I found anon services to only be as trustworthy as the government. It
is an it isn't.

With stunnel you need an ssl proxy server and it will need your ip to
work. You can however instruct stunnel to tunnel the connection
through a proxy.

If you share what you are trying to accomplish you would be better
helped.

astr...@yahoo.com

unread,
Oct 2, 2008, 10:13:58 PM10/2/08
to

Stunnel is used to make applications that don't have native ssl tls
support be able to connect to encryption
enabled servers.

Like many usenet nntp clients don't have ssl support, so set the
stunnel script to accept localhost:1026
and remote_server.usenet.com:563

(563 is the default encrypted NNTP port, but any service, usenet pop3
http, can be on any port.)


Then take usenet client without native support and set usenet server
settings localhost:1026

Localhost is local machine, also known as 127.0.0.1

1026 and above are not restricted service ports.

Ok to sum it up in the end if a server does not have encryption then
stunnel will not make an encrypted connection

astr...@yahoo.com

unread,
Oct 2, 2008, 10:55:27 PM10/2/08
to

611 Folsom Street wrote:
> I'm still a bit unclear about the following points, perhaps the privacy
> gurus here can explain.
>
> 1) What is the major difference between JAP and TOR? Is it merely that
> Tor is a socks proxy that allows a suitably "sockified" app to connect
> with it, while JAP is strictly for HTTP only?

Tor by default blocks ports that have been abused and used up the bulf
of resources. Like p2p and NNTP

> 2) When you sockify a app and run it through TOR , your isp is hidden
> from whatever you connect to right? But what about your ISP? Can it see
> where you are connecting to? Or does it merely see you connecting to the
> socks proxy?

Just the tor server and an encrypted stream. Tor uses privoxy and that
tunnels the IP address through tor
instead of using the ISPs dns server.

To get a better understanding install wireshark, OK nobody would
expect you to understand this right away.
I still don't know what is happening. Then use encrypted connection
and unencrypted connection.

The encrypted one with tor and privoxy will not show any readable
information and no IP resolving, like
google.com, if it's working right the only IP resolving you will see
will be from other apps. Keep in mind that firefox has the4 newsticker
tab, delete that if you don't want unsolicited IP resolving with fire
fox.

Then unencrypted, that is what a network (wireshark) sniffer can see.
Works the same with all connection, protocols.


> 3)What is tunneling?

Tunneling a process through a server to a final destination. It's kind
of complicated, but simple also. If you were to use stunnel you need a
server to tunnel through to a final destination. Like usenet though a
open proxy, to a usenet server.

> 4)Stunnel appears to encrypt connections so no-one can see what is being
> sent right? How does this interact with Tor or JAP?

I'm not sure you can stunnel through tor, Jap I haven't used for ever.
Jap is not exactly secure if government
asks for access. Stunnel needs a server that accepts encrypted
comments, alone it does no encryption.

> Thanks
> --
> http://tinyurl.com/65pba5

astr...@yahoo.com

unread,
Oct 2, 2008, 11:27:08 PM10/2/08
to

Ari wrote:
> On Tue, 30 Sep 2008 08:52:28 -0400, 611 Folsom Street wrote:
>
> > 1) Can your ISP see where you are connecting to?
>
> They will be able to see a connection to the first server of JAP or Tor
> but not where they connect to in turn - so they will not know the
> ultimate destination. Assuming that you are running a firewall, this
> should report the same information - as will a netstat command run from
> a command prompt window.

Yes netstat will show all connections your computer is connected to.
Same as the ISP can see, nothing after the TORT server(s)

> > 2) Can your destination figure out your orginating ip
>
> Not from the traffic alone - it will appear to come from the last server
> in Tor/JAP. However Java or Javascript can be used to find this
> information from your browser (hence the reason for using Proxomitron or
> another web filter to stop this). To see what information your browser
> reveals, visit a site like BrowserSpy or Leader Network Tools.
>
> It is also possible for a webpage to include Java/Javascript code
> designed to cause a browser to make a direct connection bypassing any
> proxies.

Same goes with FTP so change web browser settings to use tor with FTP,
TOR doesn't do FTP but it is good to block unintended connections. Use
all settings with tor.

Aside from blocking all Java/Javascript, the best defence
> against this is to use your firewall to restrict your browser to
> contacting the proxy only.

Likewise flash can reveal an IP address, So use IE for flash sites and
don't let flash be installed on firefox.

Barry Margolin

unread,
Oct 3, 2008, 6:03:12 PM10/3/08
to
In article
<20801acf-af95-44b9...@d1g2000hsg.googlegroups.com>,
astr...@yahoo.com wrote:

> Likewise flash can reveal an IP address, So use IE for flash sites and
> don't let flash be installed on firefox.

If you're behind a NAT router, Flash, Java, and JavaScript will only
know your private IP, not your routable IP. So it's not a big deal in
this case.

Cyberiade.it Anonymous Remailer

unread,
Oct 6, 2008, 9:46:02 AM10/6/08
to
Barry Margolin wrote:

> In article
> <20801acf-af95-44b9...@d1g2000hsg.googlegroups.com>,
> astr...@yahoo.com wrote:
>
> > Likewise flash can reveal an IP address, So use IE for flash sites and
> > don't let flash be installed on firefox.
>
> If you're behind a NAT router, Flash, Java, and JavaScript will only
> know your private IP, not your routable IP. So it's not a big deal in
> this case.

WRONG!

The more common functions for determining local IP addresses will
return non-routeables, but there's been numerous examples of Java
especially performing little tricks like DNS lookups or
establishing side channel connections that TOR/JAP don't manage to
discover public IP addresses.

Never, NEVER make anonymous connsctions with that crap enabled.
Shut off Java/JS, flash, cookies, everything. And don't rely on
things like Privoxy to filter them either unless you absolutely
have to. Disable them completely. Privoxy is as likely to fail as
your browser's proxy settings.

>

Sparky

unread,
Oct 6, 2008, 12:10:34 PM10/6/08
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Cyberiade.it Anonymous Remailer wrote:

> Barry Margolin wrote:
>
>> In article
>> <20801acf-af95-44b9...@d1g2000hsg.googlegroups.com>,
>> astr...@yahoo.com wrote:
>>
>> > Likewise flash can reveal an IP address, So use IE for flash sites and
>> > don't let flash be installed on firefox.
>>
>> If you're behind a NAT router, Flash, Java, and JavaScript will only
>> know your private IP, not your routable IP. So it's not a big deal in
>> this case.
>
> WRONG!
>
> The more common functions for determining local IP addresses will
> return non-routeables, but there's been numerous examples of Java
> especially performing little tricks like DNS lookups or
> establishing side channel connections that TOR/JAP don't manage to
> discover public IP addresses.

Has any of this ever been actually demonstrated to be a threat in the
real world? Have you a cite, perchance. :)

>
> Never, NEVER make anonymous connsctions with that crap enabled.
> Shut off Java/JS, flash, cookies, everything. And don't rely on
> things like Privoxy to filter them either unless you absolutely
> have to. Disable them completely. Privoxy is as likely to fail as
> your browser's proxy settings.

I agree with this 100%. It's not just common sense, it's what Tor's
maintainers recommend. Disable the crap if you can... fall back to
Privoxy/Polipo if you must.

-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAkjqNqsACgkQUZCI41IC43h+GACeNUkVviLeMCUl45rnFBFT/FTF
eU4AnRcPtCA5jeeJsMJRbkkLMLOxhiyb
=J4Ol
-----END PGP SIGNATURE-----

0 new messages