[Full-disclosure] UnAnonymizer

[Peter Besenbruch]

Michael Holstein wrote:
>> The 'trick' is to obtain this information regardless of proxy settings 
>> and in the case of SOCKS4, be able to identify your real DNS servers. 
>> This is accomplished using a custom DNS service along with a Java 
>> applet that abuses the DatagramSocket/GetByName APIs to bypass any 
>> configured proxy. The source code of the applet is online as well:
>> - http://metasploit.com/research/misc/decloak/HelloWorld.java
> 
> Smart TOR users are using Firefox + NoScript + Flashblock to begin with 
> .. and you'd really have to be stupid/trusting to allow Javascript (and 
> even dumber still to allow Java Applets) when you're trying to be 
> anonymous.

As I normally do. Let's also mention that settings in Adblock and 
entries in the hosts file could mess up the experiment. For those not 
familiar with the Noscript extension, it can be set to block Flash as 
well. Flash itself can also be configured for tighter privacy, though if 
I were serious about anonymity, I wouldn't trust it.

> Using a WRT54g+Linux+Tor (or running the TOR router on a seperate 
> machine) prevents this entirely since *all* traffic is routed into TOR 
> and anything that's not falls into the bitbucket.

Here is a person that wants a SLOOOOW connection. ;)

> Those that wish to be anonymous .. always will be :)

Let's not forget that those wanting anonymity make mistakes like the 
rest of us. That's the kind of thing that Moore is trying to capitalize 
on. Some simply don't like the tracking associated with having a fixed 
IP, therefore the stakes behind a revealed IP are fairly low. The stakes 
go up when someone engages in bad behavior, or when his/her Web browsing 
habits arouse government interest.

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky