[tor-talk] catastrophe: ip-api.com sees me

Dash Four mr-4 at bitmessage.ch
Thu Feb 8 20:04:43 UTC 2018


Roger Dingledine wrote:
> Using any browser with Tor besides Tor Browser is usually a bad idea:
> https://www.torproject.org/docs/faq#TBBOtherBrowser
I disagree with that statement. It is certainly _not_ a bad idea, provided you know what you are doing.

I don't use TBB, except when I am in "internet cafe" setup/environment (which is pretty rare in my case).

For all other cases, I use regular browser, which routes all traffic locally (using the loopback device only) and traverses it over encrypted tunnel to my tor 
machine (all using 2 distinctly different subnets), which in turn routes it out via a 3rd machine that is connected to the real world via a VPN.

My "browser traffic" passes through 3 different firewalls before it gets out, so the chances of something going astray are close to nil.

I tend to keep tor at arms length - in my DMZ subnet - and that is how it should be. OK, admittedly, not the garden-variety setup, but it served me well over 
the years and I have no complaints.

As far as ip-api.com goes, they use the old "rawsocket" trick to bypass normal traffic/firewall rules - pretty amateurish.

> 
> You can read more about all the fixes in Tor Browser here:
> https://www.torproject.org/projects/torbrowser/design/
> 
> Chrome, Opera, and others all have bugs that allow a website to route
> traffic around the configured proxy -- and in some cases allow a website
> to bypass VPNs too.
> 
> Stay safe out there,
> --Roger
> 




More information about the tor-talk mailing list