Menu
▾
▴
[proxyTools-users] Re: [noCensorship] Saudi ISP's
|
From: wayne <wa...@ny...> - 2003-01-04 00:55:22
|
> From: Activate0 <act...@ya...> > Subject: [noCensorship] Saudi ISP's > To: noc...@fr... CC: pro...@sf... > Hi Wayne, > > Some ISP's can log the phone number that access their > service, is it possible to hide such info. from the > ISP?. If you were a celebrity, or a heavy, they may disable the caller-ID that sends that information, but not for just anyone. There are other mechanisms available to find your number anyway. People who need to worry about this sort of thing use empty apartments with a phone relay installed there :-) Under a fake name. And a booby trap to let them know that they've been tracked back to that relay. Internet cafes, or a laptop at a pay phone are slightly easier ways to remain anonymous. :-) > When using proxytools, is it safer than using a proxy > on a non-standard port ?. Not in the default mode. By default, localProxy tries many ways to get you out, and some of those are logged easily. You can disable the strategies you consider dangerous if you want to, of course. You can reduce it's funcionality down to the use of a single non-standard port proxy if you want. Or to a single CONNECT tunnel proxy if you want. LocalProxy is certainly more confusing in their log files though! Any automated log file analysis would be showing strange results. > Is it possible for the ISP to know what sites have > been visited when using an open proxy on a > non-standard port?. Yes. If they use any kind of network monitor and analysis software, it's easy. Also if they are using a transparent proxy, it's possible in principle to log network web-type requests on non-standard ports along with normal user's standard port web requests. > Thanks, I've said this many times, but it bears repeating. If they have access to the wire, they can see every single bit of data you send and receive. In your case, the ISPs there have access only to any data you send to them on that wire, but it amounts to almost the same thing. I say almost, because you can always dial out to the USA, for example, to bypass the ISP. If that data is unencrypted, they can determine exactly what you are doing (with little effort these days, using software designed to do exactly that). The only way out of this dilemma is to encrypt the data; then they can only see where it's going and that it is encrypted. Ssh to a shell account outside is currently the easiest and best way to implement this. With that, you can set up a Socks proxy or static port forwards to any network services you need (except for those using a few complicated protocols). All encrypted from your computer through to the shell account. There are other ways, using free and paid servers, but they all have speed, limitation and reliability problems. And trust problems! Do you expect that <your commercial encrypted proxy service here> would thumb their nose at Law Enforcement Agencies requesting a log of your activities? No. With a shell account, you at least have more control. You can choose one in a country where such things as Carnivore forced onto ISPs networks by the FBI just doesn't happen. Or where the ISP is privacy conscious and free-speech sympathetic, so you know they won't turn over the logs without good reasons (or a fight). The decision depends on your personal threat model. What you're risking, how much effort/money you're willing to expend to avoid each of those risks, and what you think the probability values actually are. I wrote a paper on that. It's part of the /help docs in proxyTools. Take a look. I'm maintaining it, so if there are questions within it's brief that are unanswered or answers that are unclear, let me know. Personally, I think getting encrypted data past the censors and out to the free world is enough, so I recommend Panix (New York) shells. Even though I think there is a chance they have Carnivore installed and that there is a chance they will be required to implement more monitoring in future. At least I know they hate the idea. Oops .. rambling again. :-) -- wa...@ny... http://proxytools.sourceforge.net/ |
