Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > anonymous proxies

Reply
Thread Tools

anonymous proxies

 
 
Leythos
Guest
Posts: n/a
 
      11-18-2004
In article <419c8d05$0$1754$(E-Mail Removed)>, nothere@
3er343!!.da says...
>
>
> Leythos wrote:
> >
> > In article <419b723d$0$1721$(E-Mail Removed)>, nothere@
> > 3er343!!.da says...
> > >
> > >
> > > Leythos wrote:
> > > >
> > > > In article <(E-Mail Removed)>, http://www.velocityreviews.com/forums/(E-Mail Removed)
> > > > says...
> > > > > sorry im too gullable for my own good, i can see now why it would be a
> > > > > stupid thing to trsut anyone but myself
> > > >
> > > > You've almost go it, but I think you are trying to be sarcastic. What
> > > > you have to ask yourself is "How do I know I can trust someone providing
> > > > the proxy". If you can't find compelling reason as to why you trust
> > > > them, then your trust is misplaced.
> > > >
> > > > --
> > > > --
> > > > (E-Mail Removed)
> > > > (Remove 999 to reply to me)
> > >
> > > All good advice.... You might like to check out Tor, if you haven't
> > > tried it already. I have checked it out to the best of my ability. It
> > > certainly anonymises one's browsing. It's also open source and free.
> > > AFAICT the only problem from a privacy viewpoint is that anyone can act
> > > as a server.

> >
> > First, I don't have a need to hide, so I don't need to be anonymous.
> >
> > Second, if you are connecting to anyone else's computer, as the proxy,
> > then you have no real expectation of anonymity.
> >
> > Sure, you might be able to surf without the destination site knowing
> > your source address, but the proxy knows who you are and what you are
> > requesting....

>
> As far as Tor is concerned, only the first layer of the onion (i.e. the
> first server) knows your real ip address. Let's call that server N. N+1
> knows only the ip address of N. N+2 knows only the ip address of N+1.
> The exit node, N+j, does indeed know the destination ip address, but the
> source ip address (your ip address) is not known to it, nor is it known
> to all the preceding nodes, except node N. BTW Tor provides substantial
> documentation on how it works.
>
> Therefore your statement that "the proxy knows who you are and what you
> are requesting" is not true in the case of Tor. Or, to absolutely
> quality it, is not true AFAICT.


Wrong, the first proxy knows who you are, and the second knows who the
first is, and so it goes - so, it's true that you can't be sure you are
really anonymous.

> Of course the whole thing could be a CIA or NSA scam....but that's
> another matter entirely.I doubt whether it is because of the number ofp
> layers involved and the open source nature of Tor.


Add the fact that a human setup the servers in every location and you
have to do more than trust the technology, you have to trust the people
that run the servers. The technology works, that's not the issue, it's
how much pressure does it take to break the human side into revealing
who you are...

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
 
 
 
Terry Grateenshutz
Guest
Posts: n/a
 
      11-18-2004


Leythos wrote:
>
> In article <419c8d05$0$1754$(E-Mail Removed)>, nothere@
> 3er343!!.da says...
> >
> >
> > Leythos wrote:
> > >
> > > In article <419b723d$0$1721$(E-Mail Removed)>, nothere@
> > > 3er343!!.da says...
> > > >
> > > >
> > > > Leythos wrote:
> > > > >
> > > > > In article <(E-Mail Removed)>, (E-Mail Removed)
> > > > > says...
> > > > > > sorry im too gullable for my own good, i can see now why it would be a
> > > > > > stupid thing to trsut anyone but myself
> > > > >
> > > > > You've almost go it, but I think you are trying to be sarcastic. What
> > > > > you have to ask yourself is "How do I know I can trust someone providing
> > > > > the proxy". If you can't find compelling reason as to why you trust
> > > > > them, then your trust is misplaced.
> > > > >
> > > > > --
> > > > > --
> > > > > (E-Mail Removed)
> > > > > (Remove 999 to reply to me)
> > > >
> > > > All good advice.... You might like to check out Tor, if you haven't
> > > > tried it already. I have checked it out to the best of my ability. It
> > > > certainly anonymises one's browsing. It's also open source and free.
> > > > AFAICT the only problem from a privacy viewpoint is that anyone can act
> > > > as a server.
> > >
> > > First, I don't have a need to hide, so I don't need to be anonymous.
> > >
> > > Second, if you are connecting to anyone else's computer, as the proxy,
> > > then you have no real expectation of anonymity.
> > >
> > > Sure, you might be able to surf without the destination site knowing
> > > your source address, but the proxy knows who you are and what you are
> > > requesting....

> >
> > As far as Tor is concerned, only the first layer of the onion (i.e. the
> > first server) knows your real ip address. Let's call that server N. N+1
> > knows only the ip address of N. N+2 knows only the ip address of N+1.
> > The exit node, N+j, does indeed know the destination ip address, but the
> > source ip address (your ip address) is not known to it, nor is it known
> > to all the preceding nodes, except node N. BTW Tor provides substantial
> > documentation on how it works.
> >
> > Therefore your statement that "the proxy knows who you are and what you
> > are requesting" is not true in the case of Tor. Or, to absolutely
> > quality it, is not true AFAICT.

>
> Wrong, the first proxy knows who you are, and the second knows who the
> first is, and so it goes - so, it's true that you can't be sure you are
> really anonymous.
>
> > Of course the whole thing could be a CIA or NSA scam....but that's
> > another matter entirely.I doubt whether it is because of the number ofp
> > layers involved and the open source nature of Tor.

>
> Add the fact that a human setup the servers in every location and you
> have to do more than trust the technology, you have to trust the people
> that run the servers. The technology works, that's not the issue, it's
> how much pressure does it take to break the human side into revealing
> who you are...
>
> --
> --
> (E-Mail Removed)
> (Remove 999 to reply to me)


Yes, agreed. But let's hope that we haven't yet reached that particular
human side yet -- at least not with Tor users

FWIW, with Tor, even if an admin on any server node, other than N, were
forced to give over the logs, as I understand it there still wouldn't be
much (if any) chance of tracing the original source ip address. At any
rate the vulnerabilities of Tor, including human factors ones are well
discussed in the literature.

I'm not particularly advocating Tor BTW. It just seems the best of
what's available if one is interested in that increasingly scarce
commodity called privacy.

regards,

Terry
 
Reply With Quote
 
 
 
 
Leythos
Guest
Posts: n/a
 
      11-18-2004
In article <419d0136$0$1738$(E-Mail Removed)>, nothere@
3er343!!.da says...
> Yes, agreed. But let's hope that we haven't yet reached that particular
> human side yet -- at least not with Tor users


But, and my statement stands, if you don't know the owners of the
Proxies, then you have no reasonable expectation of privacy.

While you have HOPE of privacy, without being certain who owns/operates
the servers, all you really have is an assumption or blind faith.

Are people really gullable enough to trust something on blind faith -
when they are trying to hide what they are doing from the very people
that have the ability to setup these simple proxies?

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
Terry Grateenshutz
Guest
Posts: n/a
 
      11-19-2004


Leythos wrote:
>
> In article <419d0136$0$1738$(E-Mail Removed)>, nothere@
> 3er343!!.da says...
> > Yes, agreed. But let's hope that we haven't yet reached that particular
> > human side yet -- at least not with Tor users

>
> But, and my statement stands, if you don't know the owners of the
> Proxies, then you have no reasonable expectation of privacy.
>
> While you have HOPE of privacy, without being certain who owns/operates
> the servers, all you really have is an assumption or blind faith.
>
> Are people really gullable enough to trust something on blind faith -
> when they are trying to hide what they are doing from the very people
> that have the ability to setup these simple proxies?
>
> --
> --
> (E-Mail Removed)
> (Remove 999 to reply to me)


I think we're kind of diverging here and being a bit cross-purposed.I do
not dispute your fundamental logic as regards proxies in general. You
are right and make a valid point.

I do say, however, that Tor is different. You do not have to take it on
blind faith. You can specify your exit server (say Z)and first server
(say A). Or you can even set up a colleague's (someone you know) PC as a
server and use that as A or Z. Now providing that server A and server Z
are not compromised in some way, your browsing will be anonymous since
any intermediate server, even if compromised, would not have access to
your source IP address.

BTW what would you suggest as an alternative?

regards,

Terry
 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      11-19-2004
In article <419e51af$0$1738$(E-Mail Removed)>, nothere@
3er343!!.da says...
> Now providing that server A and server Z
> are not compromised in some way, your browsing will be anonymous since
> any intermediate server, even if compromised, would not have access to
> your source IP address.


So, unless you trust server A, you don't really know if your actions are
being tracked. This is the way I look at it - say the owner of server B
starts loggin all the traffic from server A, then server B owner sues
server A owner, server A owner turns over all logs to server B owner,
now Server B owner knows who is using his server.

> BTW what would you suggest as an alternative?


Except for places that restrict freedom, like Chnia, I can't understand
anyone needing to hide from their own action. Unless they are doing
something unethical, immoral, or illegal, I can't picture a valid reason
for it. Heck, even if they are trying to hide their surfing habits from
Work, it's still unethical, and still going to get them fired. Maybe in
China I could use a use for it, but once the first hop is detected as a
proxy they'll just shoot them

I would suggest that people learn to not be afraid/ashamed of where they
are surfing or they quit surfing there.




--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
Terry Grateenshutz
Guest
Posts: n/a
 
      11-21-2004


Leythos wrote:
>
> In article <419e51af$0$1738$(E-Mail Removed)>, nothere@
> 3er343!!.da says...
> > Now providing that server A and server Z
> > are not compromised in some way, your browsing will be anonymous since
> > any intermediate server, even if compromised, would not have access to
> > your source IP address.

>
> So, unless you trust server A, you don't really know if your actions are
> being tracked. This is the way I look at it - say the owner of server B
> starts loggin all the traffic from server A, then server B owner sues
> server A owner, server A owner turns over all logs to server B owner,
> now Server B owner knows who is using his server.
>
> > BTW what would you suggest as an alternative?

>
> Except for places that restrict freedom, like Chnia, I can't understand
> anyone needing to hide from their own action. Unless they are doing
> something unethical, immoral, or illegal, I can't picture a valid reason
> for it. Heck, even if they are trying to hide their surfing habits from
> Work, it's still unethical, and still going to get them fired. Maybe in
> China I could use a use for it, but once the first hop is detected as a
> proxy they'll just shoot them
>
> I would suggest that people learn to not be afraid/ashamed of where they
> are surfing or they quit surfing there.
>
>
>
> --
> --
> (E-Mail Removed)
> (Remove 999 to reply to me)



I'm not sure about the feasibility of the first point since server A and
B are changed every few minutes by the Tor system.

As for your second, are you not assuming that shame and fear are always
base motives? What about the genuine and decent need for privacy by
professionals, executives, investigative journalists, etc. They are
concerned (fear if you like) for privacy to protect not only themselves
but also customers, clients and informants.

Despite this, I tend to agree with your main conclusion. If one really
wants privacy use someone else's PC, 'cause if you're caught trying to
cover your tracks, for whatever reason, -- then as you rightly say, if
it's a totalitarian regime they'll simply nab you, or worse.

regards,

Terry
 
Reply With Quote
 
Richard
Guest
Posts: n/a
 
      11-25-2004
You could use JAP. Its free and open source.
Only problem is, it was compromized a few years ago, but they have
fixed that now. Whether they can be trusted again is questionable,
but they are probably more trusted than some random proxy you get from
a website like www.atomintersoft.com
JAP bounces your connections off a chain of proxies (called mixes)
which encrypt the communication to prevent packet sniffing by your
ISP.



--
Visit my computer security and privacy website:
http://computer-security.no-ip.info
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Is this a local anonymous class or a member anonymous class Reporter Java 3 05-12-2007 05:23 AM
help with an anonymous array of anonymous hashes noeldamonmiller@gmail.com Perl Misc 1 02-10-2005 01:08 AM
Proxies, anyone? mad scientist Firefox 3 10-31-2004 05:22 AM
what loads proxies? =?Utf-8?B?bWtsYXBw?= ASP .Net 10 02-03-2004 06:55 PM
Calling com proxies from asp.net Ryan ASP .Net 0 12-11-2003 02:22 PM



Advertisments