privoxy (was Re: ipv6)

Eugen Leitl eugen at leitl.org
Mon Aug 9 15:30:19 UTC 2004 

On Mon, Aug 09, 2004 at 10:54:39AM -0400, Patrick McFarland wrote:
> On Mon, 9 Aug 2004 16:29:34 +0200, Eugen Leitl <eugen at leitl.org> wrote:
> > Anonymizing proxies are largely useless, if Mallory sees the last leg to the journey
> > (browser<-->proxy).
> 
> Yeah. Thats why you need to run your own privoxy and tor, so that you

I'd rather have the traffic remixing part done on a fast machine close 
to one of the Internet backbones. I haven't installed tor/privoxy on the 
home network behind my ADSL, but I suspect it will be slow. Tor/privoxy as is
is already pretty slow (so I'm using two instances of a browser: one proxied,
for secure use, and one with direct connection). 

Also, such an open proxy is a useful resource for other users, provided it's
not a major vulnerability for my box.

> control the machine that is the last leg. (This is why I'm not too
> much of a fan of an outside proxy, you can still be tracked to your
> box by the owner of the proxy. Do a little man in the middle attack

I am the owner of the proxy, in this case.

> and someone inbetween can insert their own proxy and others can watch

If it's an Stunnel with certs signed by my own CA, I'll see a MITM (active
attack is very different from passive listening in terms of resources
required, and leaks information that you're being attacked -- passive
listening is undetectable, at least on a classical link).

> your traffic too.)
>  
> > It's largely a hypothetical threat, I hope (everybody: please don't feel
> > compelled to prove me wrong, if you're reading it).
> 
> I don't believe in the hypotheticalness of a threat. If it can be
> exploited even a tiny little bit, then it's an issue.

The only machine immune to attacks is one unplugged, and locked in a
secure vault. And then, only maybe.

Such a machine is however not very useful. I don't expect perfect protection,
and use such services with that expectation in mind. 

-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07078, 11.61144            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
http://moleculardevices.org         http://nanomachines.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20040809/10515017/attachment.pgp>

More information about the tor-dev mailing list