topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Monday March 18, 2024, 10:59 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Anonymous I-net surfing ?  (Read 5474 times)

Lightening

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 13
    • View Profile
    • Donate to Member
Anonymous I-net surfing ?
« on: December 13, 2008, 09:36 PM »

Does anyone have expertise in this area? 
Let's assume we all "delete all" of our browsing history and use CCLEANER before we log off each time for security reasons.  Lets also assume we are not doing anything illegal and we are not worried about someone in our household discovering where we went.  That said - Is there a reason a person needs to surf the net anonymously?  If the answer is yes, are there any software recommendations?  Over the last five years I have had my credit card number stolen twice.  Both times the banks told me it was part of a greater I-net scam of some type.  I lost nothing, the fradulent charges were taken off my account,  and the card numbers were changed.         Thoughts?  Thanks. :tellme:

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Anonymous I-net surfing ?
« Reply #1 on: December 14, 2008, 09:28 AM »
The question is: is there a reason to NOT surf anonymously? It is not "do I have something to hide" but "do I want EVERYONE to see it"?

However, anonymity is but one part of security. Using TOR you can cover your tracks a little better. But you also want to make sure to use https when submitting sensitive information; and always ask: "do they really really need this information"?

It were nice if we had secure communications (no sniffing agents in the middle) and plausible deniability (no officer, it wasn't me).

What we do have is a little more secure ways of communication (by encryption) but no plausible deniability.

However all this does not help, when the site we use is operated by less nice people. And we do not have a usable way of checking their credibility, their "reputation": certificates can be and are forged, DNS is poisoned.

All I can say is: be careful whom you are dealing with.

In German "Trau, schau wem"

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Anonymous I-net surfing ?
« Reply #2 on: December 14, 2008, 10:06 AM »
I would never do anything involving credit card numbers or site logins using TOR, https or not.
- carpe noctem

housetier

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 1,321
    • View Profile
    • Donate to Member
Re: Anonymous I-net surfing ?
« Reply #3 on: December 14, 2008, 04:36 PM »
yes indeed, TOR can give one a false sense of security.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Anonymous I-net surfing ?
« Reply #4 on: December 17, 2008, 02:57 PM »
Anonymous I-net surfing is a myth.

Every TCP/IP packet going from point A to point B contains the identifying IP address of both A & B, it's part of the protocol, there is no geting around it. Using a proxy only complicates things a bit...it doesn't make it impossible to identify you.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Anonymous I-net surfing ?
« Reply #5 on: December 17, 2008, 05:29 PM »
Every TCP/IP packet going from point A to point B contains the identifying IP address of both A & B, it's part of the protocol, there is no geting around it. Using a proxy only complicates things a bit...it doesn't make it impossible to identify you.
A packet going through TOR will not have A as source IP when it reaches B, just like a server won't see 192.168.x.x (or whatever other internal LAN IP) when going through a NATing router.

But there are attacks against the network that, if the attacker is dedicated enough, can let him trace entry- and exit points (if he can control both, iirc?) and thus determine your traffic. Not super-trivial though.
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,646
    • View Profile
    • Donate to Member
Re: Anonymous I-net surfing ?
« Reply #6 on: December 17, 2008, 10:58 PM »
Nothing social engineering, or a warrant couldn't fix... :)

I'll have to investigate this TOR thing when I have time.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Anonymous I-net surfing ?
« Reply #7 on: December 18, 2008, 02:36 AM »
A warrant by itself won't help you - the idea behind TOR is that you get routed through multiple hosts (just like peels of onion), each host obviously only knows about destination and previous host.

So you either need to get warrants for all boxes (while the connection is active), or perform the "control both exit and entry points" attack, in order to trace a connection.
- carpe noctem