I zap Google cookies but it tracks me by IP - what else?

Discussion in 'Computer Security' started by WM, Jan 20, 2006.

  1. WM

    Yozzi Guest

    Or you could use an anonymous proxy!?

    Go to http://fosi.ural.net - there's an anonymous proxy browser utility
    Yozzi, Jan 22, 2006
    1. Advertisements

  2. WM

    WM Guest

    Tried it a few times before but it just doesn't seem to work. It
    can't find any anon proxies.
    WM, Jan 23, 2006
    1. Advertisements

  3. WM

    Urchiba Guest

    ISTR that Yahoo search was powered by Google.
    Urchiba, Jan 23, 2006
  4. WM

    Zak Guest

    I can say that what you describe for cable users agrees with my
    own experience.
    Zak, Jan 23, 2006
  5. WM

    Zak Guest

    Yes, this works nicely if a bit slowly.
    Zak, Jan 23, 2006
  6. WM

    Zak Guest

    ANd your Google cookie will need massaging too.
    Zak, Jan 23, 2006
  7. WM

    Zak Guest

    Zak, Jan 23, 2006
  8. This is really poor advice.

    Anonymous proxies aren't anonymous. They're usually misconfigured machines
    whose owners are likely to log everything you do for a time before they
    shut them down on you.
    No, go to http://tor.eff.org and use that.
    George Orwell, Jan 23, 2006
  9. WM

    Donnie Guest

    Ok, well see later today and the rest of the week what happens. I bet
    everytime the news mentions google, someone will sell.
    Would you have been able to get in on the IPO?
    That's true but as EFF said, if they were really concerned about privacy,
    they wouldn't have logged so much for so long.
    Donnie, Jan 23, 2006
  10. Execpt that it's NOT anonymous. Proxify.com could be the NSA for all you
    know, which would make it LESS secure than just going to Google and doing
    the search.

    No single point of contact can make you anonymous. Period. It's simply not
    possible no matter what the snake oil peddlers tell you.
    George Orwell, Jan 23, 2006
  11. WM

    usenet Guest

    Not anonymous no, but I still think that using a server which is used
    by lots of other people as well is a fairly good ploy. If there are
    (say) 50 developers using a Sun system to do their web browsing who is
    going to know who browsed what? I suppose it might be possible to
    trace the X connections to the Sun system but there wouldn't be any
    history of what had been browsed still.
    usenet, Jan 23, 2006
  12. You miss the point entirely.... there IS no "ploy" that's going to work.
    You're relying on a fallacy called security through obscurity. Such things
    can not, and never should be even considered as an option. It's very
    simple math. You're either protected from this sort of snooping, or you
    are not. Period.
    Anybody with access to the Sun system, or anyone who can gain access to
    it. That would include the owners of the system, anyone who worked with
    that system in any sort of administrative capacity, anyone who could crack
    that system's security, and anyone who can exert enough legal or illegal
    pressure on any of the above to get them to transfer THEIR access.

    IOW, a whole boat load of people could, and the most likely ones would be
    the very same people you're trying to hide from. Your "anonymous" Sun
    proxy is a minor speed bump to them, at the very best.
    And you know this.... how? Unless you own that machine you don't, and if
    you DO own it you're browsing from your own machine and defeating the
    whole idea of being "anonymous". :)

    There's very few choices out there if you want to have any sort of
    realistic anonymity. They're all mathematically proved secure though, and
    assumed by most to be practically unbreakable. I personally wouldn't look
    any further than Tor and remailers. Between them they can handle almost
    any sort of traffic you can imagine, and do so fairly reliably for a good
    number of people which means your "blending in" criteria is met. :)

    Anonymous proxies are NOT anonymous or secure. In a lot of cases you're
    less secure using them than you are surfing naked. You have no way of
    knowing if the "proxy" you're using is run by someone who specifically set
    it up for the purposes of snooping, and I'd wager my left nut that such
    proxies exist. Both paid, and "open". It's silly to even think they don't.
    And those would be the ones that would look the most tempting because
    their owners would let them run, as opposed to the moderately safe
    open proxies that are discovered and immediately shut down.

    If you want to use anonymous proxies or "subscription services" by all
    means feel free. You can even delude yourself all you want into
    believing you're in any way safe. But PLEASE don't mislead other people
    to believing that ANY single point of contact or real time, connection
    based system can give them any real security at all. they may be
    sufficient to hide you from lesser net kooks, but there's no way in HELL
    they'll stand up to a dedicated attacker, or any sort of government snoop.
    Just ain't gonna happen brother... :(
    Borked Pseudo Mailed, Jan 23, 2006
  13. WM

    usenet Guest

    Pardon! What I was saying was that anyone running a browser on said
    server will appear to be browsing from the same IP address. Thus
    Google's (or whoever's) records will not be able to say who was
    browsing, only that someone from that IP address was browsing.

    How will they know? You are assuming that the information is there to
    be found, I'm not sure that it is and/or that you can't make it
    unavailable. Say I log in as root (not su to root) and browse for a
    while and then log off. Who has been browsing? There's no personal
    record at all.

    It's a corporate machine used by lots of people. Yes, it's one of
    those people browsing but there's no record of who.
    usenet, Jan 23, 2006
  14. That's completely irrelevant. And FWIW, partially incorrect. You have no
    way of knowing for sure what information is forwarded to Google through
    an "anonymous proxy".

    I know first hand of cases where these proxies were made far from
    anonymous by their admins for a time so that "targets" would have a good
    eye full of exactly who was "attacking" them, before shutting the proxy
    down to outside use.

    Again, you're not in any way technically anonymous, and any perception of
    anonymity is a crap shoot. Because of this, if you have any desire to
    seriously mask you identity at all you HAVE to choose some other method.
    /me Shakes head....

    The question is how would they NOT know?
    I take it you're not familiar with the *nix world?

    In a typical *nix setup all logins are recorded by origin. If you log in
    you're doing so from a specific machine. That machine has a name or
    address. That information *IS* logged in conjunction with your alleged
    root login. And at the machine your logging in from is a nice record of
    who was logged in at the same time of the remote "root" login. I see these
    sorts of things in my logs every single day as a matter of fact. Usually
    failed logins from script kiddies trying to crack my root through a rate
    limited SSH daemon that doesn't even allow root <snicker>, and logins from
    various machines both locally and remotely. Each end every one logged with
    the origin IP, time, etc...

    And even if a given system is configured not to log, that can be changed
    by any nefarious admin, attacker, or court order.
    You are quite mistaken. Not only will there likely be an easy trail to
    follow by default, it's possible to make the trail even more pronounced.
    Hell, most unauthorized attempts or failed logins to my SSH servers
    trigger boiler plate emails sent to the offender's abuse/admin addresses
    with an incredible amount of information about the offender.

    Took a couple months of tweaking, but I hardly ever even SEE them any more
    unless I go looking it's so automatic. And the same thing could be done
    for web browsing to certain "bad sites" from within my network if I so
    desired, regardless of where you're logging in from or what account
    you're using. Unless of course you truly ARE anonymous when you get here.

    IOW, Tor. :)
    George Orwell, Jan 23, 2006
  15. WM

    Winged Guest

    No they are not concerned about the privacy of your searches, but they
    are concerned about the privacy of their data and a principle.

    Googles motto of "do no harm" is a significantly better behavior than
    that behaviors displayed by other Internet search engines and
    advertisers. Personally, I hope Google succeeds in their refusal not to
    release data because of the precedent this case will set.

    The Internet is considered a public place legally. As a user of the
    net, we can not expect more privacy as we would in any public place.
    Users may try for anonymity, and can succeed for the most part, but if
    the government has enough interest to intercept and record (yes if
    interested they will record all commo streams in case of prosecution)
    you should always assume the communication may be revealed. Federal law
    requires the ISP to reserve 10% of their bandwidth for federal
    monitoring if requested. TOR or other issue only protect you to a point
    however one only need to track one communication back to its source,
    then all that is required is monitoring all communications at that
    source. If they are looking at you, you would never know until they
    tightened the noose.

    Just as I would never kill someone in a public place in front of
    witnesses, I would avoid breaking laws on the Internet which should
    also be considered a public place. But then again, I don't look good in
    orange or stripes and i tend to avoid breaking laws which would make
    this a concern. One should always be acutely aware that someone "may"
    be watching.

    I am more concerned about data collected by non-governmental agencies
    and the vast amount of data being collected by nosy folks with no right
    to know. You should see the audit trails being built with credit cards
    that correlates very well your habits, behaviors and lifestyle. That
    data is kept long term and is very identifiable.

    Winged, Jan 24, 2006
  16. WM

    Donnie Guest

    Hey, don't get me wrong. I hope that Google wins just like you and I see it
    as a precedent too.
    Donnie, Jan 24, 2006
  17. I don't buy it, not for a second. If they're worried aboput anything it's
    their wallets. this marked is driven by click counts and Google is the big
    dog. they have the most to loose by far. A 1% drop in ad hits at Yahoo is
    chump change compared to a .05% change at Google. Anything that makes them
    look bad costs them millions.

    Mark my words.... after and "acceptable" period of resistance google will
    cave. And that time will be long before any real legal action is taken
    against them. they'll yap about not having any choice, and hand over
    everything and then some.
    Bull. The Internet is public or private depending on what YOU as a user
    agree to. My VPN between work and home is all Internet, and not public at
    That's what dummy traffic and latency are for.
    Only? To do this they need to compromise an entire chain, or break strong
    encryption. Which foil beanie theory do you subscribe to?

    ? then all that is required is
    Lett'm look. I generate over 100 times the real traffic I generate in
    simple fluff. Hell, sometimes I make simultaneous connections to the same
    place encrypted and not just to confuse the issue further. :)
    George Orwell, Jan 24, 2006
  18. WM

    usenet Guest

    I'm not talking about proxies! I'm talking about a corporate server
    machine available to tens or hundreds of employees who don't
    necessarily log on as themselves to use the machine.

    Thus the rest of your rant is irrelevant.
    I've only been working with Unix systems since around 1980.
    Cobblers, what if I log in on the console?
    usenet, Jan 24, 2006
  19. You most certainly are talking about proxies, even if you don't recognize
    them as such. And the rest applied to **any** connection no matter how
    badly you want to discard it by calling it names.

    You're straw grabbing, and it's not a pretty sight. If you're logging in
    at some console you're giving away two out of three pieces of the "who are
    you" puzzle by default... the "when" and "where". And you're making the
    "who" part trivial to figure out. Even being one of a hundred
    possibilities is light years from being any one of ALL the possibilities.

    Your "console" scenario is in fact less anonymous than a known good public
    proxy in a lot of ways. Not to mention the fact that if they exist at all
    in the real world they're few, far between, and either grossly mismanaged
    resources or corporate honeypots used to trap nefarious employees who are
    stupid enough to think that "console" is going to make them in any way,
    shape, or form anonymous.
    Obviously not, at least not in any sort of administrative capacity. Or
    maybe you just have a gross misunderstanding of basic security concepts.
    In any case you knowledge base is sorely lacking.
    Logged. The concept of "here" is a location, and an easier one to discover
    than a map that points to "over there". :) Being physically AT a terminal
    with a public facing exposure removes huge chunks of what real anonymity
    depends on.
    George Orwell, Jan 24, 2006
  20. WM

    usenet Guest

    Stop being so condescending, I haven't "pulled seniority" but I do
    have long and extensive experience in the Unix world. While we're
    about it - what are your experience and qualifications?

    In a "typical" Unix setup - maybe, but that certainly doesn't apply to
    all and doesn't apply to ours at present.
    Yes, but the point I was making was that you *still* don't know who it
    was that logged in, just that it was one of several (tens, hundreds
    maybe) people who have access to that terminal/machine.

    In addition our machines have *lots* of effectively non-personal
    logins which are used a lot. What do you do if you find that 'fsbmgr'
    has been browsing?
    usenet, Jan 24, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.