Web Anonymity and Security

Discuss the many weaknesses of browser security and ways to mitigate the threat

Web Anonymity and Security

Post by miss_neus on Wed Apr 20, 2011 3:17 pm
([msg=56520]see Web Anonymity and Security[/msg])

OK, so I have just got a new laptop and I thought It was about time that I started reducing my "Footprint" as it were on the internet, I've played about with proxy's before but never really bothered with them unless I needed to.

I recently downloaded and installed TOR and also visited JonDonym, installed the JonDoFox and used the TOR proxy with it, I also have it set to automatically block scripts, cookies and adds. I have WideCap running with Firefox plugins and Java running through its proxies (It was configured using a guide on the JonDonym site).

I am still uncertain to whether or not it is working properly, I have visited a couple of whatismyip sites to check and it seems to be OK.

I'm wondering If any of you guys have anything like this set up and If you can tell me if it is reliable or if you are still able to trace it back to my original IP. Also If this is not reliable can people please suggest other things.

Thanks.


p.s.

I am often getting this message;

Your authentication hash has been invalidated. Please <a href="http://www.hackthissite.org/?logout">clear your hashes</a> and relogin.

especially when trying to complete the Basic Mission's, if anyone can tell me a solution It would be much appreciated, I have allowed cookies and scripting for hackthissite.org but not for kontera.com.
miss_neus
New User
New User
 
Posts: 7
Joined: Mon Apr 18, 2011 5:54 pm
Blog: View Blog (0)


Re: Web Anonymity and Security

Post by Goatboy on Wed Apr 20, 2011 3:54 pm
([msg=56522]see Re: Web Anonymity and Security[/msg])

That seems way overkill for daily use. I personally only take 3 or 4 measures most of the time, then beef it up when I need to. I use HTTPSEverywhere to force encryption to most sites where I have profiles. I use GoogleSharing not because I really need to, but to support the project. When out of the house, I have arp-spoof detection running just in case. Finally, I sometimes will use a proxy if I'm not interested in showing up in logs for any reason.

For the times when I really need it, I find that the TOR bundle works nicely. A determined person with sufficient resources will be able to get to you given enough time, but TOR is safe enough in most cases that you don't need to worry.

As for the authentication thing, that is most likely due to your privacy settings. We use various checks to make sure you're the same person that you claim to be, so doing anything with cookies or scripts might possibly invalidate that.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2819
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Web Anonymity and Security

Post by miss_neus on Wed Apr 20, 2011 5:05 pm
([msg=56527]see Re: Web Anonymity and Security[/msg])

OK, thanks for that, I was just testing these things out, having never used them before I like to get an idea of what their uses are and how reliable they would be, should I need to use them. I'm only just really getting into stuff like this so its good to know what is of use and what is a waste of time.

Is there a particular plugin or setting within firefox that I should use to force HTTPS, I've never bothered in the past unless it was on a credit card site.

As for ARP-spoofing I very rarely use my laptop outside the house, unless I'm on the road and then It would be in a services somewhere.
miss_neus
New User
New User
 
Posts: 7
Joined: Mon Apr 18, 2011 5:54 pm
Blog: View Blog (0)


Re: Web Anonymity and Security

Post by Phantom Wolf on Wed Apr 20, 2011 5:21 pm
([msg=56530]see Re: Web Anonymity and Security[/msg])

Goatboy wrote:As for the authentication thing, that is most likely due to your privacy settings. We use various checks to make sure you're the same person that you claim to be, so doing anything with cookies or scripts might possibly invalidate that.

Is it possible that TOR is causing this?
"Well it isn't my fault. I shouldn't have been allowed to do something to crash it." "No, you shouldn't have been allowed to buy a computer in the first place"
Phantom Wolf
Poster
Poster
 
Posts: 271
Joined: Wed Mar 03, 2010 8:45 pm
Blog: View Blog (0)


Re: Web Anonymity and Security

Post by Goatboy on Wed Apr 20, 2011 6:59 pm
([msg=56537]see Re: Web Anonymity and Security[/msg])

Entirely possible, just not sure how likely. The fact that he's using TOR combined with a bunch of other third-party shit is probably the cause of some internal conflict. Daddy issues, perhaps?
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2819
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Web Anonymity and Security

Post by tgoe on Thu Apr 21, 2011 3:45 am
([msg=56573]see Re: Web Anonymity and Security[/msg])

The commonest hole is Flash (Flash data is shared between each browser you use). I wrote a tiny js app a while back to help mitigate this: http://my.opera.com/grump82/blog/2010/12/27/lsomanager (alpha quality). Some other things to think about:

* Which browser settings allow evercookie to function?
* How unique is my setup?:
https://www.eff.org/deeplinks/2010/01/tracking-by-user-agent
https://panopticlick.eff.org/
User avatar
tgoe
Contributor
Contributor
 
Posts: 643
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Web Anonymity and Security

Post by Knoble on Sat Feb 11, 2012 4:15 am
([msg=64280]see Re: Web Anonymity and Security[/msg])

- "For the times when I really need it, I find that the TOR bundle works nicely. A determined person with sufficient resources will be able to get to you given enough time, but TOR is safe enough in most cases that you don't need to worry."

I've been looking into this a bit, and all I've been able to find is some information on exit node sniffing and injecting malicious code into applets through patched servers and shit. Also, having control of the entire node path of a certain user negates Tor completely. But, I was wondering what you were implying in terms of Tor's vulnerabilities, perhaps you could direct me to a source. Thanks.
Knoble
New User
New User
 
Posts: 10
Joined: Fri Oct 29, 2010 12:54 pm
Blog: View Blog (0)



Return to Web

Who is online

Users browsing this forum: No registered users and 0 guests