Set up a webproxy to TOR - tor-proxy.net

Robert Hogan robert at roberthogan.net
Mon Sep 24 20:25:47 UTC 2007


On Monday 24 September 2007 02:22:34 Ricky Fitz wrote:
> Am Sonntag, den 23.09.2007, 20:50 -0400 schrieb tor-op at hermetix.org:
> > On Mon, Sep 24, 2007 at 12:42:31AM +0200, Ricky Fitz wrote:
> > > It is running on the same server my TOR-Server is running (called
> > > GrossATuin).
> >
> > Does your proxy use a separate Tor client, do you exclude your node as
> > as an entry?
>
> No, it does not use a seperate Tor-Client. Therefore it doesn't make
> sense to exklude my node. It uses the Tor-Session which runs as a
> tor-node. So if you spy on the traffic of the server, you will not be
> able to see, which traffic is from routing traffic for acting as a
> server, and which from acting as a client. I think that's safer than
> using a second client.
>

So is your cgi-proxy routing everything to an instance of privoxy/polipo 
running on your machine or directly to the tor socks port? 

If it is routing everything to privoxy/polipo, what configuration are you 
using?

I think it is this sort of detail that phobos has in mind.


> > I was wondering recently about the security implications of such a setup.
> >
> > I was thinking of using a vpn to access my Tor server. From there, all
> > vpn traffic would be proxied through another tor instance running in
> > client mode with no bw limitations. Would that be more secure because a
> > tor server is already running there or less secure because, if in some
> > way, the traffic from the two instances could be differenciated and the
> > vpn connections would make the whole system less secure because they
> > would allow timing and statistical attacks relating vpn traffic to the
> > second tor traffic?
>
> I really don't know, if it will be possible to identify the
> vpn-connection because of the data which is transferred. But it would be
> possible, to see that there is another service running than tor. Also,
> what Bluestar is doubled. If we build a VPN from my server to yours, not
> only me is theoretical able to spy on the traffic, but also you. (Not
> that I want to say I do not trust you, but it kills the advantages of
> onion-system.
>

I think the answer is 'less secure'. That vpn link to bluestar88 is used only 
by you and it contains all your anonymous traffic on one little pipe over the 
internet. Unless the link is padded to camouflage inactivity that has to make 
things easier for an observer.


-- 

Browse Anonymously Anywhere	- http://anonymityanywhere.com
TorK	- KDE Anonymity Manager	- http://tork.sf.net
KlamAV	- KDE Anti-Virus 	- http://www.klamav.net



More information about the tor-talk mailing list