Another Method to Block Java Hijinks

[James Muir]

norvid wrote:
> Hello
> 
> I have another method that may block Java hijinks that can allow a
> site to determine your real IP.  This one allows you to use the normal
> default browser settings.  You do not have to turn off all sorts of
> scripts.  You probably should still block cookies.
> 
> Use a firewall with settings which block the browser from accessing
> the internet but allows Privoxy access.  Set up your firewall this
> way.  Now to test obviously all you need do is turn the firewall off
> and on.
> 
> Go to this page to test:
> http://stayinvisible.com/cgi-bin/iptest.cgi
> This page uses a Java applet to reveal your real IP.
> It will guess mine when the firewall is off but fails to when the
> firewall is on.
> 
> Now test your IP without the firewall but while turning off Java.  You
> should see that the test will not reveal your IP.  Don't worry about
> javascript.  It has nothing to do with it on this particular page.
> 
> I'm throwing this out here as potentially another way to protect your
> privacy while using Tor and depending on the firewall used it may be
> easier to set up than turning off all sorts of browser functionality.

I've heard that properly configuring a firewall can be tricky.  In any 
case, using a firewall still doesn't protect from Java applets reading 
identifying information locally and sending it back through the 
anonymous connection.

In my opinion, I think its best just to disable Java, and all the other 
plugins mentioned in the warning on the download page.

You may be interested to know that there is a Live CD which bundles Tor 
and some ipchains rules.  It is mentioned in the Tor FAQ -- see "Virtual 
Privacy Machine":

http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ

-James