Web Anonymity and Security

[miss_neus]

OK, so I have just got a new laptop and I thought It was about time that I started reducing my "Footprint" as it were on the internet, I've played about with proxy's before but never really bothered with them unless I needed to.

I recently downloaded and installed TOR and also visited JonDonym, installed the JonDoFox and used the TOR proxy with it, I also have it set to automatically block scripts, cookies and adds. I have WideCap running with Firefox plugins and Java running through its proxies (It was configured using a guide on the JonDonym site).

I am still uncertain to whether or not it is working properly, I have visited a couple of whatismyip sites to check and it seems to be OK.

I'm wondering If any of you guys have anything like this set up and If you can tell me if it is reliable or if you are still able to trace it back to my original IP. Also If this is not reliable can people please suggest other things.

Thanks.


p.s.

I am often getting this message;

Your authentication hash has been invalidated. Please <a href="http://www.hackthissite.org/?logout">clear your hashes</a> and relogin.

especially when trying to complete the Basic Mission's, if anyone can tell me a solution It would be much appreciated, I have allowed cookies and scripting for hackthissite.org but not for kontera.com.

[Goatboy]

That seems way overkill for daily use. I personally only take 3 or 4 measures most of the time, then beef it up when I need to. I use HTTPSEverywhere to force encryption to most sites where I have profiles. I use GoogleSharing not because I really need to, but to support the project. When out of the house, I have arp-spoof detection running just in case. Finally, I sometimes will use a proxy if I'm not interested in showing up in logs for any reason.

For the times when I really need it, I find that the TOR bundle works nicely. A determined person with sufficient resources will be able to get to you given enough time, but TOR is safe enough in most cases that you don't need to worry.

As for the authentication thing, that is most likely due to your privacy settings. We use various checks to make sure you're the same person that you claim to be, so doing anything with cookies or scripts might possibly invalidate that.

[miss_neus]

OK, thanks for that, I was just testing these things out, having never used them before I like to get an idea of what their uses are and how reliable they would be, should I need to use them. I'm only just really getting into stuff like this so its good to know what is of use and what is a waste of time.

Is there a particular plugin or setting within firefox that I should use to force HTTPS, I've never bothered in the past unless it was on a credit card site.

As for ARP-spoofing I very rarely use my laptop outside the house, unless I'm on the road and then It would be in a services somewhere.

[Phantom Wolf]

As for the authentication thing, that is most likely due to your privacy settings. We use various checks to make sure you're the same person that you claim to be, so doing anything with cookies or scripts might possibly invalidate that.

Is it possible that TOR is causing this?

[Goatboy]

Entirely possible, just not sure how likely. The fact that he's using TOR combined with a bunch of other third-party shit is probably the cause of some internal conflict. Daddy issues, perhaps?

[tgoe]

The commonest hole is Flash (Flash data is shared between each browser you use). I wrote a tiny js app a while back to help mitigate this: http://my.opera.com/grump82/blog/2010/12/27/lsomanager (alpha quality). Some other things to think about:

* Which browser settings allow evercookie to function?
* How unique is my setup?:
https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent
https://panopticlick.eff.org/

[Knoble]

- "For the times when I really need it, I find that the TOR bundle works nicely. A determined person with sufficient resources will be able to get to you given enough time, but TOR is safe enough in most cases that you don't need to worry."

I've been looking into this a bit, and all I've been able to find is some information on exit node sniffing and injecting malicious code into applets through patched servers and shit. Also, having control of the entire node path of a certain user negates Tor completely. But, I was wondering what you were implying in terms of Tor's vulnerabilities, perhaps you could direct me to a source. Thanks.