Blog has been shut down
This blog has been shut down in September 2012. A read-only version is available for archiving purpose. If you want to leave a comment please write an email to r.a@posteo.net.
ra`s fnord[blog] |
This blog has been shut down in September 2012. A read-only version is available for archiving purpose. If you want to leave a comment please write an email to r.a@posteo.net.
An easy and secure way for anonymous internet usage:
To start using the internet anonymously you just have to start both VMs Tor gateway VM and Tor workstation VM. As soon as they they finished booting, you can use the anonymous internet access through the Tor workstation. If you want to stop using the internet anonymously, just power down both VMs.
The goal of this article is to provide a solution to use the internet anonymously in an easy and secure way. Anonymous as in no one but you must be able to tell that you are communication with a certain receiver (like browsing a website: No one must know that you are surfing that certain website). A way to use the internet anonymously is to use an internet connection that can not be tracked down to your person and a computer that has no information stored about you. Which means quite an effort every single time you want to use the internet anonymously. For an internet connection that can not be tracked down to your person, software like Tor has been developed to accomplish this also over a non-anonymous internet connection. Checking if the computer has no information stored about you, can not be handled by the Tor software and must be handled by the user! Currently there is one major problem if you want to use the internet anonymously: You really do have to understand the functioning of computer networks and the Tor software to a degree that is far away from being trivial – otherwise you might probably use the software in an insecure way. Let me give you some examples:
Which is why I want to discuss a new approach that is at least as secure as the last one above (#3) but additionally should be quite easy to use:
To start using the internet anonymously you just have to start both VMs Tor gateway VM and Tor workstation VM. As soon as they finished booting, you can use the anonymous internet access through the Tor workstation. If you want to stop using the internet anonymously, just power down both VMs. The task of routing traffic through the Tor network has been moved to the Tor gateway VM. So you do not have to modify your local system any more then installing Virtualbox and importing both VMs. You do have a preconfigured Tor workstation ready to use that boots within a minute and you can be sure to anonymously use the internet. The Tor gateway runs OpenWRT Linux using just about 8Mb of disk space and 32Mb of RAM. It boots in less then 3 seconds and transparently routes all traffic generated within the Tor gateway itself and every traffic coming on the virtual internal interface “tor” through the Tor network. You do not need to do anything but start when you want to use Tor and stop the VM when you finished. The Tor workstation runs Micro Core Linux using about 120Mb of disk space and 192Mb of RAM. It boots in less then a minute and has some browsers (Firefox, Chromium and Opera) and a terminal installed. It only stores information within a session. So if you shut it down and boot it again it does not have any information about the previous session. Of course you are not forced to use the Tor workstation. You can use any other VM (Linux, Windows, AmigaOS, just any TCP/IP capable Operating System). Just configure the network settings of the VM (in Virtualbox Settings->Network->Adapter attached to internal network “tor”). Please report, if you encounter any unwanted behavior or find any problems! Also do so if you have got any suggestions to improve the VMs or this approach as a whole. Side note: The content of the communication between you (Tor workstation VM) and any receiver (e.g. a website) is necessarily only encrypted within the Tor network. So if you open an unencrypted connection to any receiver the Tor exit node which in fact opens the connection to the receiver is able to see the content of the connection. So do not send any sensible information like passwords over unencrypted connections!
Information for developers
There is a git repository available for building the Tor gateway image from scratch. Feedback and patches are welcome.
To use the fast gateway you need to change the internal network of workstation VM to “torfast”.
The IBM/Lenovo X60s has two Mini-PCI-Express slots: One for a WLAN and the other for WWAN-device.
IBM/Lenovo whitelists some device according to their PCI IDs in the BIOS. So if you want to use a WLAN or WWAN card that has not been “blessed” by IBM/Lenovo you will see the error “1802″ or “1804″, the BIOS will disable the device and it can not be used by the operating system.
“Zender” did a lot of work and published information on how to bypass that errors. If you want the direct URL to the BIOS modifications contact me as Zender does not want the URL to be publicly available.
Using his BIOS modification and the instructions on thinkwiki I put together a BIOS update CDROM-ISO to upgrade the BIOS from an external USB-CDROM which I tested on my X60s but it should also work on X60. Two notes: If you already have the latest BIOS version, you have to downgrade the BIOS first and if you have a custom logo you have to remove that (and than apply it again).
“Building an auditory and visual stimulation device with EEG feedback loop. An open source software and hardware approach for controllable brainwave entrainment.” is the title of my bachelor thesis.
More populistic I could say this is about finding out if it is possible to build a device which lets a human sleep and wake up again purposely.
Sounds interesting? Do not hesitate to read the thesis and/or leave a comment!
So far I had three different TOR setups:
Each of these setups has different disadvantages and neither fits my requirements:
One solution might be to transparently route a VM through the TOR network so that a VM does not need to be modified in any way. It is quite simple and should work on all OS although I just tried it on a Linux host. As already said, the VM can run any OS!
The host must to redirect all TCP packets to a transparent SOCKS proxy which itself forwards the packets to a TOR client. UDP packets with destination port 53 are redirected to a small script which puts the payload into a TCP packet and forwards it to a TOR client. This is necessary because TOR itself can only handle TCP packets. The host must drop all other packets coming from the VM.
How this works under a Linux host:
iptables -A OUTPUT -t nat -p tcp -m owner –uid-owner torbob -j REDIRECT –to-ports 31337
iptables -A OUTPUT -t nat -p udp –dport 53 -m owner –uid-owner torbob -j REDIRECT –to-ports 1253
iptables -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp –dport 31337 -m owner –uid-owner torbob -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1/32 -p udp -m udp –dport 1253 -m owner –uid-owner torbob -j ACCEPT
iptables -A OUTPUT -m owner –uid-owner torbob -j LOG
iptables -A OUTPUT -m owner –uid-owner torbob -j DROP
iptables -A OUTPUT -t nat -d 127.0.0.1/32 -p tcp -m tcp –dport 445 -m owner –uid-owner torbob -j RETURN
iptables -A OUTPUT -t nat -d 127.0.0.1/32 -p tcp -m tcp –dport 139 -m owner –uid-owner torbob -j RETURN
iptables -A OUTPUT -d 127.0.0.1/32 -p udp -m udp –dport 137 -m owner –uid-owner torbob -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp –dport 445 -m owner –uid-owner torbob -j ACCEPT
iptables -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp –dport 139 -m owner –uid-owner torbob -j ACCEPT
Eine sehr nette Mindfuck-Installation entdeckt vor ca 2 Wochen vor dem Eingang zum Freihaus:
A few days ago I wanted to quickly send a file through my instant messaging client which neither worked through xmpp nor icq. It came to my mind that I keep having this problem for years now and having to send files through email sucks.
So I decided to write a small script which is executed from the context menu of konqueror or dolphin (kde file browsers). It compresses a file or directory, sets a password and uploads it to filefactory.com .
Eine meines Erachtens begrüßenswerte Petition.
If you are concered about your privacy while browsing you probably know about cookies and handle them properly (delete them automatically when closing a browser session, block all cookies except whitelisted ones, ..).
Macromedia/Adobe introduced something similar to cookies called “Local Shared Object” in Flash6. Unfortunately browsers (at least Firefox) currently do not handle Flash cookies easily. If you tell your browser to clear its cookies they simply persist.
I was very surprised by the vast amount of flash cookies located on my system. Take a look yourself “~/.macromedia/Flash_Player/#SharedObjects/” for Linux, “~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/” for Mac OS X or “%APPDATA%\Macromedia\Flash Player\#SharedObjects\” for Windows XP/Vista.
Two Flash cookies on my system are related to a browser game all others were not needed and I deleted them. You can configure your flash preferences at Adobe. If you want to deny all Flash cookies you need to set the amount of disk space that can be used to “None” at the “Global Storage Settings”. You will then be asked everytime a Flash object wants to set a cookies unless you also enable “Never ask again”.
Zuerst wird der Animationsfilm “Goldschmied Fabian – Gib mir die Welt +5%” gezeigt und danach hält Nicolas Hofer seinen Vortrag “Die Evolution des Geldbilds”.
Für mich bisher die beste Erklärung zu unserem Geldsystem in einem Video. Auch wenn es insgesamt recht lange dauert (2:18h), kann ich es jedem Interessiertem empfehlen.