Just a heads up for all you peeps seeking anonymity and or privacy on the net. I saw this article on Ha.ckers.org – De-anonymizing Tor and Detecting Proxies
Daaaaaaamn!! That’s some scary shit for those of us just trying to keep a bit of privacy on the net. Some of us just want to look at some titties without the whole net following us around. Some of us want to study some information perceived clandestine by our governments. (Note: Germany just made posting penetration testing tools illegal!! See Darknet)
There’s alot of information to cover here and some of it just plain confused me at first, so I summarized what I saw as potential bullet points in the article.
Follow the jump to read the rest:
I read the whole article including the comments. Check it:
Worried about cross browser possibilities? -
Nice and inspiring post.
I deferred my bedtime a bit to put up a cross-browser version: http://hackademix.net/2007/09/26/cross-browser-proxy-unmasking/
Rather than turning your JS+Java PoC into a Java Applet (too much easy), I used Flash.
Someone checked web based anonimizers -
Achraf Says: September 27th, 2007 at 4:21 am
it does seem to work with anonymizers
i tried this
So that kinda sucks, but at least we know the fallibility of TOR and other proxies. The good news is that Janus VM seems to keep you hidden.
September 27th, 2007 at 9:53 am
This is why JanusVM and other transparent proxy approaches work so well. It is easier to anonymize applications and there is no side channel leakage when some plugin or browser helper calls out directly instead of using browser proxy settings.
With all that said, the aspects of de-anonymizing TOR and detecting proxies is a very complicated issue for admins and users alike. I recommend that you read the COMPLETE original article HERE. There’s just too much information that you might want to review in the article AND the comments.
Anyhew, just FYI on all this. Big ups to Ha.ckers.org on the hyper informative article.
Keep hacking. Keep learning.
As an aside: TMBBITW DOES NOT support the use of Tor or Jap for malicious or just plain evil (for lack of a better word) purposes. I only advocate a certain amount of privacy for the average net user. In other words, don’t be a dick or a sick fuck with these apps cause it poisons that app for the rest of us. Good thing we have solid white hats out there always watching. The net community can regulate itself, and it should. Otherwise we wind up with governments that don’t know jack shit about life on the net, series of tubes anyone, forcing poorly informed, intrusive regulations down our throats. Now go be nice.