Which episode has something about secure browsing for open wifi?

[badbass]

Hey you must be saying WTF by now but this is a question I get all the time and something I need to brush up on. You should be saying don't you have work to do. Again you guys are awesome....

[psydT0ne]

I use TAILS dude...live TOR distro :)

https://tails.boum.org/

[Armaal]

Hey you must be saying WTF by now but this is a question I get all the time and something I need to brush up on. You should be saying don't you have work to do. Again you guys are awesome....

Use TOR browser can provide you "HTTPS everywere" pre-installed and use VPN (from TOR community)

If you like Chrome (best browser experience for me) you can add this excellent plugin..

Chrome Connectivity Diag (from Google Dev)

(and HTTPS everywhere also)

https://chrome.google.com/webstore/detail/chrome-connectivity-diagn/eemlkeanncmjljgehlbplemhmdmalhdc?hl=fr

Edited October 17, 2014 by Armaal

[Armaal]

Interesting router using TOR system

Anonabox

https://www.kickstarter.com/projects/augustgermar/anonabox-a-tor-hardware-router

Edited October 14, 2014 by Armaal

[cooper]

Hahaha! Awesome!

The guy raised 45 times his target amount with still 28 days on the clock.

Seriously, TOR isn't that hard. It wasn't roughly 10 years ago when I gave it a shot just to see what it was and by all accounts it's gotten easier. Why do people need a separate device to do it for them?

And if it's such a big deal for you to have this, wouldn't it be easier to have your router do it? I would be amazed if DDWRT doesn't have something to provide this for you.

[cooper]

And of course the Anonabox is shaping up to be another fine example of a poorly thought out idea.

https://twitter.com/Sc00bzT/status/522471884177547264

http://yro.slashdot.org/story/14/10/15/2256212/anonabox-accused-of-lying-about-its-product-being-open-source-on-kickstarter

Specific items to worry about is that it's supposedly not open source, comes with a default password on its integrated AP and they're basically reselling a $20 router with a modestly modified OpenWRT for $50.

[liv3vil]

hey cooper, you make some interesting points, but i am wondering can you shed some light on these links?

http://www.ibtimes.com/tor-safe-anonymous-browser-hacked-suspects-keeping-quiet-privacy-advocates-shaken-1645210

http://www.infosecurity-magazine.com/news/tor-is-not-as-safe-as-you-may-think/

is this legit, has tor really been compromised, and i also seen a video on youtube about tor and how the nsa is tracking people on it now (or they can track you a bit faster now anyway), from what i have heard you arent anonymous anymore even with tor running properly. is there truly such a thing as anonymity on the net anymore?

[cooper]

Your second link is over a year old now so I'm not going to look into it - if it was very worrying, there would be more waves about it.

I looked into the first article you linked to and found this blog post on the Tor project website they're referring but not linking to in which the attack was confirmed.

To say Tor was "compromised" I feel is going a step too far. From how I read it they were likely able to identify (where 'identify' probably means IP address) the publisher of a hidden service as well as a client looking up (as opposed to 'making use of') a hidden service. Since the attack involved their controlled node becoming a Hidden Service Directory, this is where the 'compromise' took place.

As you know, Tor relays your traffic through multiple relay nodes before it reaches its intended destination. The attack involves providing a marker on the data packets at the Tor protocol level. If your nodes make up the first and last node in a single chain, the 'single chain' being identified by that marker, you've just identified one user accessing one service. This is the entire depth of knowledge gathered by this attack and fairly hard to defend against though I believe they're doing so by changing the way the relay chain is constructed and by treating those markers differently, though I'm not certain about the latter.

To quote that Tor blog post I linked:

"So the good news is traffic confirmation attacks aren't new or surprising, but the bad news is that they still work. See https://blog.torproject.org/blog/one-cell-enough for more discussion."

And in general, your question "is there truly such a thing as anonymity on the net anymore?" is slightly misguided. The question is wether there really ever had been any anonimity to begin with. If you consider the amount of hoops people need to jump through to aqcuire any semblance of anonimity, I'm leaning towards a resounding 'No'. We're not losing it, we're discovering just how little we actually have.

The good news is that, at least for the time being, your actual traffic is still safe when using the appropriate protocols, so long as the machine you're interacting with has itself not been compromised.

Edited October 22, 2014 by Cooper

[liv3vil]

i didnt realize the one link was a year old sorry.

ill read that link you posted as well. and yes i guess the question i asked was a bit misguided,

i guess the best way for anonymity is use a live cd, hooked up to your neighbors wifi, and running tor

[fugu]

i know this is a little late, but I read some where that tor is vulnerable to organizations that have a lot of resources, by which they set up thier own entry, middle, and exit relays, then the flood other servers (DDOS) to force traffic onto thier own setup. This allows them to track right back to the source. Anyone else hear anything like that?

[cooper]

https://forums.hak5.org/index.php?/topic/34067-81-of-tor-users-can-be-de-anonymised/

[fugu]

lol, um yeah thank you. I did probably read it from this site, just where you pointed to.