[tor-talk] Tor and Google error / CAPTCHAs.
Alec Muffett
alec.muffett at gmail.com
Sun Oct 2 22:33:26 UTC 2016
On 1 October 2016 at 16:10, <blobby at openmailbox.org> wrote:
> I didn't explain myself very well. With the proxychains tool (
> http://proxychains.sourceforge.net/) you can write something like:
>
[...deletia...]
So:
- person uses tor to connect to socks proxy provider
- person authenticates (?) to socks proxy provider
- person traverses socks proxy prover to connect to end service
This sound like putting a condom on top of another condom after cutting a
hole in the first one, but hey, if you think it's worthwhile and fun, knock
yourself out. :-)
The problem is that the SOCKS IP itself may be "bad" (perhaps even as "bad"
> as an exit node IP) and hence Gmail, FB, etc, still discriminate (and hence
> demand additional proof).
>
Also that. Basically you are just shifting (say) Google's knowledge of
what IP address from
"possibly a Tor user, amongst all the spam that Tor emanates"
to:
"traffic sourced from some shitty open (or authenticated?) random SOCKS
relay, who know what the fuck this is?"
In short, you're making <COMPANY'S> job of picking out good traffic from
bad, _way_ harder.
But, hey, maybe you're masochistic / sadistic / both? :-)
Since SOCKS IPs, like exit node IPs, can be selected by country and
> (sometimes) via city, it's possible to have an IP which is in the city in
> which the webmail or social network person resides.
>
Geolocation is not the only the only fruit, in the authentication fruit
salad; I even alluded to this in the original blogpost ("...appears to be
connecting from Australia at one moment may the next appear to be in Sweden
or Canada") - but with this comes the realisation that geolocation can be
faked to appear normal, too.
-a
--
http://dropsafe.crypticide.com/aboutalecm
More information about the tor-talk
mailing list