GlockTalk.com
Home Forums Classifieds Blogs Today's Posts Search Social Groups



  
SIGN-UP
Notices

Glock Talk
Welcome To The Glock Talk Forums.
Reply
 
Thread Tools Display Modes
Old 01-26-2013, 08:52   #26
g29andy
CLM Number 197
Charter Lifetime Member
 
g29andy's Avatar
 
Join Date: Jan 2001
Location: TN
Posts: 3,615


also, hotspot shield vpn subscription allows you to install on 5 pc/macs, as well as iPhones and iPads. Great for using public wifi hotspots.
g29andy is offline   Reply With Quote
Old 01-26-2013, 08:56   #27
GlockFanWA
Senior Member
 
Join Date: Sep 2012
Location: Washington
Posts: 346
Something else to consider

http://www.tunnelbear.com/
GlockFanWA is offline   Reply With Quote
Old 01-26-2013, 11:21   #28
Don H
Senior Member
 
Don H's Avatar
 
Join Date: Dec 2005
Posts: 4,913
edit...

Last edited by Don H; 02-05-2013 at 03:10..
Don H is offline   Reply With Quote
Old 01-26-2013, 14:14   #29
AZson
Senior Member
 
AZson's Avatar
 
Join Date: Oct 2005
Location: Tucson
Posts: 3,015
FireFox has a start privet browsing in its Tools.
__________________
G17 G27 G29 G35 G38 NRA GSSF
NEED A GOOD GUN? See your local ATF (AKA F-troop) agent. He will get you one fast and furiously.
AZson is offline   Reply With Quote
Old 01-31-2013, 14:09   #30
Never Nervous
Senior Member
 
Never Nervous's Avatar
 
Join Date: Aug 2009
Location: Metro ATL
Posts: 2,226
Quote:
Originally Posted by sbhaven View Post
Thank you. Great info

NN
__________________
____________________________________________
"Religion is for people who are afraid to go to hell. Spiritually is for people who have already been there."
Never Nervous is offline   Reply With Quote
Old 02-01-2013, 14:34   #31
12smile
Member
 
12smile's Avatar
 
Join Date: Apr 2008
Posts: 92
so far so good with Tor.

It starts it's own browser (based on Firefox I believe) and I go to sites that limit access (like a newspaper that has limited free article access per month) and they don't know who I am.

It is clearly slower that regular browsing but it is going around the world a few times first

Will try TAILS on a flash drive next.
12smile is offline   Reply With Quote
Old 02-01-2013, 23:37   #32
Manco
Member
 
Manco's Avatar
 
Join Date: Jan 2013
Posts: 37
www.hidemyass.com
Manco is offline   Reply With Quote
Old 02-02-2013, 03:33   #33
12smile
Member
 
12smile's Avatar
 
Join Date: Apr 2008
Posts: 92
Quote:
Originally Posted by Manco View Post
Of all the anonimizers I found hidemy ass to be the slowest.

unblockedatschool.com was good
12smile is offline   Reply With Quote
Old 02-02-2013, 18:22   #34
harrygunner
Senior Member
 
Join Date: Sep 2010
Posts: 406
Too bad geekiness is needed for DIY projects. I understand the OP said he's not a geek. Just throwing this out there for general info.

I set up a VPN+proxy in a Linux virtual machine. Hosted it in a server farm. Created VPN public/private keys for the immediate family so they can also access the proxy via the VPN.

Didn't do it primarily for autonomy, rather as a way of tunneling pass wi-fi hot/hotel spots when I use my phone or laptop to access websites.

I did authorize only a few header fields to be passed by the proxy. A dozen or more fields are blocked, including the 'Referer' field.

Laptops and phones are given a virtual network address to access the VPN's virtual network that the proxy listens to for connections. For the "smart" phone, I installed Firefox-beta and used "about:config" to have it use the VPN virtual network instead of the wi-fi network.
__________________
People who've had to deal with their karma are more interesting to talk to.
harrygunner is offline   Reply With Quote
Old 02-02-2013, 21:32   #35
abimelech
Member
 
abimelech's Avatar
 
Join Date: Aug 2010
Location: NE Ohio
Posts: 39
Quote:
Originally Posted by Linux3 View Post
When you think you are surfing anonymously go to this site and test it out.
https://www.grc.com/x/ne.dll?bh0bkyd2
Used this running Privoxy and passed just fine.
__________________
Why does a slight tax increase cost you two hundred dollars and a substantial tax cut saves you thirty cents?
abimelech is offline   Reply With Quote
Old 02-04-2013, 21:35   #36
Linux3
Senior Member
 
Linux3's Avatar
 
Join Date: Dec 2008
Posts: 1,396
Quote:
Originally Posted by IGotIt View Post
Any site that starts out with
"Your privacy is under attack!" is just full of crap. If it knew what I am running, if it actually tried to probed my system then the response would be different.
Is this a maleware site?
__________________
It it's not on fire,
It's a software problem.

Linux3 is offline   Reply With Quote
Old 02-05-2013, 02:56   #37
Don H
Senior Member
 
Don H's Avatar
 
Join Date: Dec 2005
Posts: 4,913
edit.....

Last edited by Don H; 02-05-2013 at 03:10..
Don H is offline   Reply With Quote
Old 02-05-2013, 15:05   #38
harrygunner
Senior Member
 
Join Date: Sep 2010
Posts: 406
I believe 'startpage' is referring to Google and how it helps bypass some of Google's tracking by acting as a proxy that does not pass on your IP address.

Google is in the business of gathering information on Internet users' interests. It does it in a number of clever, but insidious ways.

Some:

- Offers DNS services. Easy way to logs queries to websites.
- Gmail to parse email content.
- google-analytics embedded in web pages
- Browser "features" to "keep us safe" where our visits are passed to Google
by the browser.
- Web development tools with links back to Google.
- Bought doubleclick.net since it's embedded in a lot of web pages.
- App stores, including several alias sites that don't have 'google' in their name.
- Search engine.

'startpage' addresses the last. The rest require you to take some steps.

Every time you visit Glock Talk, Google logs it. This web page we are looking at now has links to www.googletagservices.com, ajax.googleapis.com and google-analytics.com

In my VPN/proxy I took advantage of Linux's DNS resolution features to resolve logging sites to 'localhost'. You can do the same on your local box (even on Windows. e.g see http://labnol.blogspot.com/2004/10/t...osts-file.html ).
__________________
People who've had to deal with their karma are more interesting to talk to.
harrygunner is offline   Reply With Quote
Old 02-05-2013, 17:09   #39
GenX
Senior Member
 
Join Date: Aug 2009
Location: Idaho
Posts: 448
Send a message via Yahoo to GenX
If I remember correctly, startpage is the search engine used in TAILS.
GenX is offline   Reply With Quote
Old 02-05-2013, 17:33   #40
jdavionic
NRA Member
 
jdavionic's Avatar
 
Join Date: May 2008
Posts: 11,816
Interesting thread. I've got to catch up in times. I look at safes and start getting tons of ads that are all safes. Not a big deal...just seems little intrusive.
__________________
- JD

"No matter how bad it gets, if you're still alive it's just another bad day."
jdavionic is offline   Reply With Quote
Old 02-10-2013, 02:20   #41
bill4282
Member
 
Join Date: Jul 2009
Posts: 81
I installed spy hunter and all this nonsense stopped. Blocks undesirables as soon as detected
bill4282 is offline   Reply With Quote
Old 02-10-2013, 12:58   #42
jdeere_man
CLM Number 26
Charter Lifetime Member
 
jdeere_man's Avatar
 
Join Date: Feb 2007
Location: NW Missouri
Posts: 3,538
I just tried TOR ( hadn't used it before) and my browsing experience was pretty slow compared to my regular connection. Almost slow enough I'm not sure I could put up with it unless I really thought I needed to.

I immediately got advertisements in German, so it was fairly clear it was routing my traffic around the world a few times. I think I was showing an IP address out of Sweden actually. If you want true IP anonymity it is the way to go probably.

The incognito, inprivate browsing, etc in the regular browsers isn't going to really going to make you difficult to find because it is still routing your traffic right to and from your regular ip address.

I'm curious about the vpn option harry gunner mentioned. I'm certainly techie, but I might need more explanation. I have a VPN I use currently to connect to a LAN at a business, but it doesn't route all traffic to there (though I could configure it to). But I also don't want all my traffic going thru their internet connection!
__________________
Be weary of a summit that begins with sharing bread; for the sated man is at his weakest.
jdeere_man is offline   Reply With Quote
Old 02-10-2013, 14:12   #43
jdeere_man
CLM Number 26
Charter Lifetime Member
 
jdeere_man's Avatar
 
Join Date: Feb 2007
Location: NW Missouri
Posts: 3,538
Sorry if this seems like a thread hijack, but what would you think of using vpntunnel com (same as vpntunnel.se) and using my router to establish a vpn using pptp or open vpn (unsure if that is the same open vpn they support?). It is a dd-wrt router and supports both as far as I can tell, but have not experience with either. That would effectively cover all my network traffic.
__________________
Be weary of a summit that begins with sharing bread; for the sated man is at his weakest.
jdeere_man is offline   Reply With Quote
Old 02-10-2013, 15:18   #44
md2lgyk
Senior Member
 
Join Date: Mar 2001
Location: WV
Posts: 2,896
Quote:
Originally Posted by vram74 View Post
Adblock Plus + Ghostery should stop the trackers well enough.
That's what I use. And also a Firefox add-on called Priv3. I get virtually no ads on any web page.
__________________
"The great object is, that every man be armed. Everyone who is able may have a gun." - Patrick Henry
md2lgyk is offline   Reply With Quote
Old 02-11-2013, 00:21   #45
harrygunner
Senior Member
 
Join Date: Sep 2010
Posts: 406
'jdeere_man' and others, please forgive the wall of text. It is that kind of a question. This is a description of what I did. Others can add to the discussion or ask for more details on particular issues.

* Why I did it. 1) I use my laptop while traveling and use either hotel/motel wireless or coffee shop wireless. 2) I don't trust "smart phones" and didn't get a G4 Internet plan for the few times I'd dare to connect my phone to Internet. I only connect over Wi-Fi hotspots. I wanted a way to tunnel past all the hotspot threats before hitting the 'net.

* Overview: VM running Linux with a OpenVPN server and 'tinyproxy' proxy. Laptop and Android phone runs OpenVPN client.

The VPN/proxy virtual machine (VM): Runs a 64bit RHEL6 clone with 512MB RAM and one virtual CPU. Any Linux distribution should work. One virtual NIC is bridged to the host physical NIC that routes traffic to the Internet.

I kept the installation to a minimum, but did a custom installation to make sure I had all the services I needed. Mainly looked for programs to support 'libvirt' since I use on KVM on the host as the hypervisor. Also wanted development tools so I could compile source code as needed.

I did not install the X Window System or a GUI. I either SSH in directly or connect through a serial console from the host to configure/maintain the VM. The final VM file is about 3.6GB in size. The disk size is not fixed and will grow as needed. But I don't expect it to grow since I didn't install a caching proxy.

One could use VirtualBox instead of KVM to build the VM host and machine. Probably easier. Runs on Windows as well. I didn't because my use is business/personal and did not want to worry about Oracle's license for the extension pack.

Another option is VMware. We've build VM's on that for clients, but there was no need for me to spend money when KVM is around.

I decided to install 'OpenVPN' and 'tinyproxy' on the VM. I chose OpenVPN because there's a OpenVPN client app available for my Android phone. I trust that app more than the native VPN app that comes with Android. Plus, it's more secure than M.S. PPTP. L2TP is a bear to set up under a OpenSwan VPN server and I would have wanted to go that way to use RSA instead of shared secrets.

'tinyproxy' is a straightforward non-caching proxy, all I need.

The VPN server is secured in several ways: SELinux, OSSEC, iptables configured to block out entire continents or countries and to drop malformed packets, etc. The firewall also forwards local traffic to/from the virtual 'tun' network that OpenVPN creates. Proxy runs as 'nobody'. Multiple partitions that are either immutable or mounted as 'noexec,nosuid,nodev'. Swap, /tmp and /var/tmp are set up with 'cryptsetup' and a random key. The proxy only allows connections from the non-routable virtual network established by OpenVPN. So no direct outside access to the proxy.

The client programs use the DNS I assigned on the VPN/proxy, OpenDNS. So, a hacker/cracker at a Wi-Fi hotspot attempting to spoof DNS won't succeed. Also, I did not register the IP to associate it with a URL, so clients don't need DNS to find the VPN, just it's IP address. As I mentioned before, sites in the business of tracking are mapped to '127.0.0.1' by the /etc/hosts file on the VPN/proxy. So, they don't see my traffic at all.

My main concern is security over autonomy, but I may add the 'polipo' proxy to the VPN. It can easily chain to 'Tor'. i.e. the proxy on the VPN would direct traffic to 'Tor'. 'polipo' would listen on a separate port on the same virtual network OpenVPN creates. So, if I wanted more autonomy, I would simply change the port number in my web browser proxy setting.

'tinyproxy' allows you to enable "anonymous proxying" and to specify which fields to pass in the connection packet header. You can even block the 'User-Agent' to make it harder for sites to characterize you by the OS, browser that you use. But, some sites will brand you a threat and block you. GlockTalk doesn't care. I generally allow it along with 'Host', 'Authorization' and 'Cookie'. Cookies are useful to websites and are less of a concern if they are deleted when the browser closes. All the packet header fields are described here: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

* Authentication: I used a separate VM with no Internet access as a certificate authority (CA) to sign the public and private keys for all parties. I did it all using 'openssl'. But, OpenVPN offers something called "easy-rsa" that's supposed to make this task easier.

The private key for the phone should be password protected. You will be asked for it when you configure the client.

The Android OpenVPN client (and apparently the Windows client) needs a PKCS12 formatted cert/privatekey combination file. A Linux client wants the public certificate and private key in separate files. I used 'openssl', but 'easy-rsa' might do that for you.

You will need four or five files on clients and six on Linux server:

- server.conf on the server
- client.conf on a Linux client or nearly the same file with name changed to client.ovpn on Android or Windows.
- dh2048.pem Diffie-Hellman signing certificate. (on server only, not clients)
- public certificate of the CA (never the CA private key)
- CA signed public certificate for the phone (or laptop), CA signed private key for the phone (or laptop). These two are adjoined as a single file on Android (or Windows).
- OpenVPN's ta.key (OpenVPN's HMAC to strengthen safety of TLS handshaking. Thwarts Wi-Fi spoofing. 'OpenVPN' provides a simple command to create it.)

I placed the five files on a microSD and plugged it into my Android phone. The OpenVPN client setup picked up the files off of 'external_sd'.

* The phone: I installed 'OpenVPN Connect' from https://play.google.com/store/apps/d...penvpn.openvpn and 'Firefox Beta' from https://play.google.com/store/apps/d...fox_beta&hl=en

'OpenVPN Connect' is also available for iOS from https://itunes.apple.com/us/app/open...590379981?mt=8

The native web browser on Android has no way to change how to connect to Internet. Fortunately, Firefox-beta provides a way. No GUI for that, one must use 'about:config'.

* Laptop: Easier. Used same tar.gz source I compiled on the server to compile/install on my laptop. Used a .conf for clients instead of servers. Web browsers have a GUI dialog for setting up proxies.

In both cases, I went to a site that shows the IP address I'm using to confirm I'm using the proxy. Then from my phone, I entered a nonexistent site name to make sure the 'OpenDNS' page showed up for such sites (proving the phone is using DNS configured on the VPN).
__________________
People who've had to deal with their karma are more interesting to talk to.

Last edited by harrygunner; 02-12-2013 at 21:52..
harrygunner is offline   Reply With Quote
Old 02-12-2013, 18:38   #46
jdeere_man
CLM Number 26
Charter Lifetime Member
 
jdeere_man's Avatar
 
Join Date: Feb 2007
Location: NW Missouri
Posts: 3,538
harrygunner, thank you very much for the detailed information and taking the time to post it!

I'm trying to get my router to connect to vpntunnel.se using openvpn. the connection establishes according to the log, but i cannot pass traffic to the outside world once the connection comes up.
__________________
Be weary of a summit that begins with sharing bread; for the sated man is at his weakest.
jdeere_man is offline   Reply With Quote
Old 02-12-2013, 21:50   #47
harrygunner
Senior Member
 
Join Date: Sep 2010
Posts: 406
I just went to 'vpntunnel.se' to see what they do. Not a lot of tech support. However, the openvpn client you download from their site changes the routing tables on the device that's running the openvpn client. The new route directs traffic from your client side to Sweden, or other of their sites in other countries.

Can you elaborate on "get my router to connect to vpntunnel.se using openvpn"?
__________________
People who've had to deal with their karma are more interesting to talk to.
harrygunner is offline   Reply With Quote
Old 02-13-2013, 06:26   #48
sbhaven
Senior Member
 
sbhaven's Avatar
 
Join Date: Jun 2008
Location: Constitution State
Posts: 4,646
Quote:
Originally Posted by harrygunner View Post
Can you elaborate on "get my router to connect to vpntunnel.se using openvpn"?
There are some routers and or router firmware (like DD-WRT and TomatoUSB) that have OpenVPN built in. It allows the router to be configured as a VPN client so it can connect to another VPN endpoint/server. This way one's entire network can go over the VPN tunnel rather than just one individual computer.

DD-WRT OpenVPN
TomatoUSB OpenVPN
__________________
Currently hiding behind enemy lines in a Blue State.

Last edited by sbhaven; 02-13-2013 at 06:27..
sbhaven is offline   Reply With Quote
Old 02-14-2013, 12:00   #49
harrygunner
Senior Member
 
Join Date: Sep 2010
Posts: 406
I'm posting this using Tor. All this talk of autonomy had me add 'Tor' to my VPN/proxy. Running a separate SOCKS capable proxy on another port chains traffic to the Tor client. The Tor client connects to Tor relays.

Tor is slow, but an interesting function if I ever feel a need to be more autonomous.
__________________
People who've had to deal with their karma are more interesting to talk to.
harrygunner is offline   Reply With Quote
Old 02-15-2013, 17:09   #50
jdeere_man
CLM Number 26
Charter Lifetime Member
 
jdeere_man's Avatar
 
Join Date: Feb 2007
Location: NW Missouri
Posts: 3,538
Quote:
Originally Posted by sbhaven View Post
There are some routers and or router firmware (like DD-WRT and TomatoUSB) that have OpenVPN built in. It allows the router to be configured as a VPN client so it can connect to another VPN endpoint/server. This way one's entire network can go over the VPN tunnel rather than just one individual computer.

DD-WRT OpenVPN
TomatoUSB OpenVPN
Yes, you're correct. I'm using DD-WRT. My router connects, but I can't pass traffic. I need to mess with it more tonight I haven't had enough time yet to figure it all out.

I want to use the router so I can pass all traffic from multiple machines and a network server.
__________________
Be weary of a summit that begins with sharing bread; for the sated man is at his weakest.
jdeere_man is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT -6. The time now is 08:00.



Homepage
FAQ
Forums
Calendar
Advertise
Gallery
GT Wiki
GT Blogs
Social Groups
Classifieds


Users Currently Online: 1,252
390 Members
862 Guests

Most users ever online: 2,244
Nov 11, 2013 at 11:42