Software to protect privacy on the net?

TheBigCheese · 12 Jun 2009 at 21:23

Hi guys

I've searched the forums and the only info I can find is from 2006 so hopefully it's OK asking again.

I bought a computer mag the other day, PC Pro I think and bundled on the disc was a full program to allow you to be anonymous on the net, whether it changes your IP or what I have no idea but I thought I'd give it a whirl.

Typically I can't find the disc now and the mag is at the office until Monday...can anyone give me any recommendations for software to keep your browsing hidden /mask your IP etc?

It doesn't matter about on the local machine, just to stop websites/companies harvesting details etc.

Many thanks

P.S. Mods - I'm sure this is a legitimate thread and can't violate any rules/legalities...after all the sofware was on the front of a national magazine lol. However if it does violate any ToS, please free to delete the thread and whoops, sorry!

Burnsy2023 · 12 Jun 2009 at 21:41

Have alook at the TOR network

TheBigCheese · 12 Jun 2009 at 23:33

Oooh cracking thanks, sounds good

As it clearly states on the website it's not an all in one solution though, is there a program that does it all for you, rather than having to be intergrated with IE and Firefox?

Burnsy2023 · 12 Jun 2009 at 23:43

TheBigCheese said:
Oooh cracking thanks, sounds good

As it clearly states on the website it's not an all in one solution though, is there a program that does it all for you, rather than having to be intergrated with IE and Firefox?

Not that I know of.

Joop · 12 Jun 2009 at 23:45

safe guard?

Ratbag · 13 Jun 2009 at 06:28

The fabled Admuncher has an IP scramble feature.......

eXor · 13 Jun 2009 at 12:27

Tor is awesome.

Get the Vidalia bundle and Torbutton.

Use http://whatismyip.com/ to test.

Spam 'Clear private data' religiously.

TheBigCheese · 13 Jun 2009 at 15:18

Many thanks for the post guys

I have installed Vidalia and Torbutton as suggested, and using Firefox it does seem to work, apparently I'm in Spain now lol.

A couple of things I am confused about though...

I have two new icons in my system tray, connection to the Tor network and Privoxy, which suggest that the program is working outside Firefox...but when I connect to whatismyip by IE, it still shows my real one which is a bit confusing (I use a combination of IE and Firefox so ideally it would work on both of them).

Also, does that mean it only protects the info that is sent via Firefox (and IE if I can get it to work).

What about p2p? I am currently seeding the new version of Open Office, would that still be giving out my real info as it's not contained in Firefox but is going by UTorrent instead? :confused:

Fourstar · 13 Jun 2009 at 16:08

Maybe you need to set up the proxy settings manually for each application?

p2p use over tor is discouraged as it swamps the limited bandwidth available and is consequently uber slow (so I've read).

One thing to bear in mind with tor is anonymity. The exit node you use has access to both your ip address and all your traffic. Do you trust it? Know who is actually running it? This guy used exit nodes in his control to harvest over 1000 email account logon credentials including embassy staff then published them..

If you are not doing anything illegal you could try one of the vpn providers to shield you identity. I can't make any recommendations having never used any but this thread has some suggestions: http://www.webhostingtalk.com/showthread.php?t=744334

eXor · 13 Jun 2009 at 16:32

Fourstar said:
One thing to bear in mind with tor is anonymity. The exit node you use has access to both your ip address and all your traffic. Do you trust it? Know who is actually running it?

Yes. You need to use SSL encryption, if you're transmitting sensitive information.

I wonder if there are PAYG servers for this sort of thing? Instead of paying for a whole month / year, you pay by the minute or by data transferred?

Fourstar · 13 Jun 2009 at 18:12

eXor said:
Yes. You need to use SSL encryption, if you're transmitting sensitive information.

But there is still the chance of a man-in-the-middle attack from EvilTorExit unless you are careful with certificates.

Another thing that came to mind is that Firefox by default will still send DNS requests through your local connection rather than the tor link. While your isp/employer won't know the content they will still know you connected to bikersingimpsuits.com. There is an option to change this but I can't remember what it is and it may have been done when the tor plugin installed. This could presumably also effect other applications.

eXor said:
I wonder if there are PAYG servers for this sort of thing? Instead of paying for a whole month / year, you pay by the minute or by data transferred?

When I had a look earlier this one was free and offered 1gig max a month. This one is prepay. No monthly fees and active till you use the amount you bought.

eXor · 13 Jun 2009 at 18:38

Fourstar said:
But there is still the chance of a man-in-the-middle attack from EvilTorExit unless you are careful with certificates.

Interesting. Not that I'd access online banking via Tor... but if I did, would a MITM attack be a concern? I'm assuming that Barclays run a pretty tight ship.

Fourstar · 13 Jun 2009 at 21:23

eXor said:
Interesting. Not that I'd access online banking via Tor... but if I did, would a MITM attack be a concern? I'm assuming that Barclays run a pretty tight ship.

There shouldn't be a problem.

Here is a description of the process I am thinking of. It should only effect domains that have self signed keys.

I did however come across this article describing an attack on mozilla.com by getting a Certificate Authority to issue a certificate a person not in control of the domain. This could allow a MITM attack on a major site.

miniyazz · 13 Jun 2009 at 23:08

Darknet might also be worth a google. Few pounds a month subscription, routes your traffic through an anonymysing proxy in Sweden or some such place.

tolien · 13 Jun 2009 at 23:22

Bear in mind that you don't know who's running the Tor exit nodes - it could just be some random person.

For Tor to be even remotely anonymous you have to trust the person running that exit node because, by definition, what they're sending on is unencrypted* and thus trivially read.

Fourstar said:
Another thing that came to mind is that Firefox by default will still send DNS requests through your local connection rather than the tor link.

It shouldn't if you've set it to use a proxy; it should use the proxy for DNS requests (and indeed it does, in my experience).

*unless you're using online banking et al, in which case you're using SSL (and the end node operator knows someone's connecting to $site but that's all), and you won't just click through Firefox/IE/Chrome's invalid certificate warning, will you?

Fourstar · 14 Jun 2009 at 00:56

tolien said:
It shouldn't if you've set it to use a proxy; it should use the proxy for DNS requests (and indeed it does, in my experience).

It was the case a few years ago when I was experimenting with tunneling through ssh.

The setting is network.proxy.socks_remote_dns under about:config and appears to still default to false. (I haven't tried setting up a proxy to see if it changes)

Here is a little more on the subject. I can't find anything concrete on whether an up to date Firefox does leak DNS by default.

zzzJonny · 14 Jun 2009 at 15:10

You might have been using a version of some sort of VPN software.

Things like Tor and JAP are good for free, but can be slow and you can't be sure about your data. I heard that some data like usernames and passwords were intercepted from Tor before.

Mattus · 14 Jun 2009 at 23:19

What kind of thing are you doing which requires you to be so private? :confused:

By the nature of how it works, Tor tends to be hideously slow. Going for some kind of VPN that you trust is the better solution.