[tor-talk] How to force redirect each application through separate SocksPorts? (preventing identity correlation)
proper at secure-mail.biz
proper at secure-mail.biz
Thu Jun 28 09:17:43 UTC 2012
freebsd-listen at fabiankeil.de wrote:
> <proper at secure-mail.biz> wrote:
>
> > <freebsd-listen at fabiankeil.de> wrote:
> > > That's incorrect. Privoxy can change the forwarding settings based
> on
> > > tags:
> > >
> > > http://www.privoxy.org/user-manual/actions-file.html#CLIENT-HEADER-TAGGER
>
> >
> > Excuse me, if I misunderstood. It doesn't look like anyone done that
>
> > ever before (and documented that online). And for that reason, it were
>
> > nice, if you could create two examples.
>
> The documentation above has been available for years and already
> contains an example. Are you looking for something specific that
> the current documentation doesn't answer?
>
> > You suggest tagging the applications by user agent and forward-override?
>
>
> Yes.
>
> > That sounds like a nightmare.
>
> I've been doing it for years and think it's convenient,
> but of course it's a matter of opinion.
>
> > I wouldn't know how to find gpg's user
>
> > agent, other than digging into the source code. And if they decide the
>
> > change the user agent with the next version of gpg, the function gets
>
> > broken.
>
> The User-Agent can be discovered by letting the proxy (or nc) log it.
> It is also usually constant between updates, so checking it once
> per update should do.
>
> gpg doesn't seem to set a User-Agent, but that not a problem
> as you can either let it use the default forwarding proxy or
> change the forwarding based on other criteria like the address
> of the keyserver.
>
> Fabian
Imho it's very improbable, that a significant amount of people will be able to do it that way. It's also complicated and error prone (human mistakes).
I am working on an anonymous operating system (TorBOX [1]) and made a modification to torsocks, called uwt [2].
Using uwt breaks down to "sudo ip=127.0.0.1 port=9053 uwt apt-get update" or "ip=127.0.0.1 port=9054 uwt gpg". It's also possible to create wrapper scripts, which do that in an automated way. (Documented under [2].) It's only a hack and a clean solution is much desirable.
Feature request:
I don't know how much effort it were or how much time you still like to spend on privoxy... Could you add a feature?
- privoxy may provide multiple (http) listen ports
- each (http) listen port may be forwarded to a different parent proxy ip/port
[1] https://trac.torproject.org/projects/tor/wiki/doc/TorBOX
[2] https://trac.torproject.org/projects/tor/wiki/doc/torsocks
______________________________________________________
powered by Secure-Mail.biz - anonymous and secure e-mail accounts.
More information about the tor-talk
mailing list