Forum Thread: Increasing Anonymity

Increasing Anonymity

Hey,

Well its been a long time since i asked a Question on forms.Well it seems that i have a Question for you guys.i was using proxy's but i have a doubt that they can be honey pot.

So my Question is can i channel all my Internet traffic to tor and using use proxy's for extra protection.
Well i hope you understand what i am trying to say here.I will be very thankful to you guys if you could help me out.

-LiGHTNinG

41 Responses

Well of course you could but it wouldn't make much sense because if TOR gives you an address but you use a proxy there's no use for TOR because the address it gave you will be overwritten by the proxy (it can happen the opposite)...for example what you could do is put your main OS under TOR traffic and use Kali in a VirtualBox running proxy or/and with a VPN

But remember that TOR isn't really as good as proxy these days

Using TOR to connect to a proxy is much more secure because the IP of the TOR exit node is sent to the proxy, not your real IP address.

And let's be honest, like TripHat mentioned a lot of times on here, 99% of people being found on TOR is simply because they are incredibly stupid.

-Phoenix750

You're absolutely right...but if people knows about TOR being "compromised" why they keep using it?????

It depends upon who you want to remain anonymous from. If you want to remain anonymous from Google and the other Internet traffic monitoring companies, it works great. If you want to remain anonymous from most law enforcement, it works great. If you want to remain anonymous from the NSA, it does NOT work.

But wait...NSA is a law enforcement isn't it?

NSA is no law enforcement... it's more like the GOD MODE of the internet.

OOOOO...Ok i didn't know that thanks!

The NSA is an advanced law enforcement.

And OTW, I have to disagree with you there that TOR or I2P or any other darknet won't work to help you hide from the NSA. as I explained in my article on how to hide from the NSA, all you will need is an encrypted connection to a country outside the US. If your exit node is outside the US, TOR or I2P may be a perfect solution. Ofcourse, you will always need to be careful.

Then again, we only know what we are being told. For all we know, the NSA already compromised the AES encryption.

The same goes for Google and other law enforcement agencies.

Nothing is true, everything is permitted (now I'm curious how many of you will recognize these words).

-Phoenix750

Assassin's Creed?I mean...the last words

Well I am surprised someone played this great game (I hope you never played Unity, because that game was a huge flop. Rogue, on the other hand, was awesome.)

-Phoenix750

You're right...if you don't mind may I ask your age?
Because in your Bio you wrote that you're [redacted]...is that true?

[redacted]. Turning [redacted] on [redacted]

-Phoenix750

I'm [redacted] too...[redacted] the [redacted]

> Talking in anonimity thread
> Revealing full date of birth

Damnit guys... I hope that's a fake date.

Can't be too concerned about anonymity when you are publishing your birthdate on a public forum.

There may be millions of people with our same birth day...

But you're both right OTW and TRIPHAT

To be honest TripHat, OTW is right. I don't have many reasons to stay anonymous from law enforcement!

-Phoenix750

I second you on that.

-Phoenix750

There are about 19 million people with your month and day birthdate. There are about 500,000 with that precise date of birth and when I narrow to industrialized countries, that narrows it down to less than 100,000. If I further narrow to those with Internet access, it brings it closer to 50,000 and those who visit hacking websites , probably in the range of 100.

You just gave up your identity.

You got me there...but what if i told you that i am using proxychain ?

Now that I have narrowed you down to less than 1 in 100 people on the planet, the rest is easy.

But how were you able to do that?

He can look at the frequency of your posts and guess the timezone, for example, even without knowing your location with the IP.

Oh ok...(I don't Know much about administration on a website)

That was a really interesting and sad article. Good to know that what they are capable of.

NSA compromised AES long ago.

They did? for as far as I know, AES is the most robust public encryption algorithm in the world! Are there any alternatives to AES?

-Phoenix750

Phoenix750:

You are right, AES is the most robust PUBLIC encryption algorithm in the world, but NSA cracked it long ago. With the horsepower they have, they can crack almost any encryption, if they need to. To make life easier for them, any encryption algorithm MUST provide a "backdoor" to the NSA or be in violation of US law. Just ask Phil Zimmerman.

I heard of it ...but how is that possible?...AES has quite the protection with its 128 key

You gave everyone in the world you birthdate on a public forum. You obviously are not concerned about anonymity.

OTW is right on this one. The reason I gave my birthdate on here is because I am not concerned by law enforcement knocking at my door. I am just a 16 year old white hat hacker, hobbyist electronic engineer/inventor/hardware hacker, and a tech enthusiast. I am not some cyber criminal who stole over 300 million USD by hacking a bank or caused a country-wide blackout. I try to stay on the good side of the law, and so far I've succeeded in it, so why should I be so paranoid?

-Phoenix750

I know you're a good guy, but still, I wouldn't reveal my information so lightly. They call it 'personal data' for a reason. Besides, LEA are not the only one that might target you. You are indeed a skilled guy, someone might want to break into your accounts, steal your projects, and what else. It's not uncommon that blackhats target whitehats back. Mitnick has been pwned more than once since he joined the bright side for example.

Valid points, except for the projects. My projects are in almost all cases completely open source and can be easily found on the web. Once i post my plans for my EMP device on here (yes, I came up with a working design that would cost somewhere around 150 euros to build), all a black hat would need to do is google "Phoenix750 EMP device".

But you make sense, though.

-Phoenix750

True, and also because if:

You => Proxy => Tor => Victim

and proxy is watched, they will know your tor traffic at worst, but at best it will make their job easier at tracing you with a correlation attack (just like they were your rogue guard if you connect to Tor directly without proxy)

TL;DR

This is a bad idea in any scenario, you are adding a weak link in the security chain, not considering the raise in network latency.

Best solution I think would be:

You => TOR/I2P => Proxy => Target

-Phoenix750

Wouldn't it be better ?

You => TOR/I2P => VPN => Proxy => Target

Sometimes
You => Tor => Target
is just enough, sometimes
You => Tor => Proxy => Target
is required because target won't accept traffic from exit nodes.

Like OTW said, it all depends who you want to hide from....

firstly i would like to thanks everyone for responding to my thread specially Sir OTW .

Well secondly i have a request Sir OTW if you make a tutorial on Tor => Proxy i will be vary thankful to you.if you can understand what i am trying to say here

I am also looking forward to Nullbyte IRC it would be great

-LiGHTNinG

Share Your Thoughts

  • Hot
  • Active