Viewing a single comment thread. View all comments

smartypants said () (edited )

Does the port-forward affect layered encryption?

hopping adds no real benefit, other than perhaps protecting you from COMPROMISED machines logging raw connections along the way. most VPN companies, excluding ExpressVPN, have been in the news as compromised by nation states, even NORD VPN last year.

HTTPS protocol, by design , prevents man in the middle, and not even VPNS or ISPs know anything about your URL you are using, not even the domain name, just the IP address and the fact that you are requesting a port 443 HTTPS connection.

DNS traffic deduces domain name target, but IP already zeros in target unless using VPNs.

HTTPS is secure, but sadly, once connected to https://ramble.pw or any https site, backdoor exploits added to tor browser , by NSA/CIA, in the form of "ACCIDENTAL CODE SUBMISSIONS" to tor browser used in TAILS, leaks your IP to the target. This means...

... that using one or even a chain of VPNS can have the ENDPOINT (https://ramble.pw or ISP of https://ramble.pw) exploit your TAILS tor browser via javascript (typically), or WebRTC (in the past) to LEARN YOUR ACTUAL TRUE IP ADDRESS!!!

This means that the HTTPS encrpyted traffic is still secure, end to end, but your IP address can still be logged using VPNS, by the endpoint.

Thse ways and means show up in federal court cases when FBI is forced to reveal tactics under a Judges order in court trials.

They for years tor browser in TAILS had hidden backdoors proven if you read the release notes of TAILS TAILS too? Yup, Even the famous https://tails.boum.org/

...had WebRTC enabled by accident (or by mossad on purpose) in past versions of TAILS, and if you read ALL THE CHANGE NOTES OF ALL VERSIONS you will learn I am telling the truth on the one little note they fessed up.

https://medium.com/@blackVPN/critical-windows-exploit-webrtc-can-expose-your-real-location-ip-address-even-when-using-a-vpn-4555d2fd280d

https://www.exploit-db.com/exploits/44403/

https://blog.ipvanish.com/webrtc-security-hole-leaks-real-ip-addresses/

https://thehackernews.com/2015/02/webrtc-leaks-vpn-ip-address.html

https://www.reddit.com/r/VPN/comments/2tva1o/websites_can_now_use_webrtc_to_determine_your/

That is NOT the only weakness in Tor browser, there were other non-WebRTC leaks!!!! Javascript (required for every free speech social site) and (required for Cloudflare) had exploits in summer 2019 that leaked endpoint IP addresses, and even allowed kernel level OS alteration on Mac OS using TAILS!!!!!! Many years of tails exploits prior too.

NO large web browser should EVER be trusted not to divulge IP addresses over VPN

Anyone trusting using TAILS along with its graphical browser, is a patsy. The rest are in prison already if they were criminals.

Only use text messaging , not a graphical web browser, when using TAILS, or tor services and VPNs! No fancy web browsers!

Even better, use a "one time visit" concealing gait and face, to a coffee shop.

Remember TOR/TAILS often runs unstoppable javascript using exploits by FBI, such as the infamous recent noscript vulnerability!...

https://www.netsparker.com/blog/web-security/noscript-vulnerability-tor-browser/

javascript code can cause lots of problems for your anonymity, and even root your machine , as in summer of 2019.

HTML5 fingerprints and indestructible cookies also thwart SOME VPN users too :

https://33bits.wordpress.com/2010/02/18/cookies-supercookies-and-ubercookies-stealing-the-identity-of-web-visitors/

25% of sites fingerprint you using javascript (CloudFlare and others, require javascript to connect)

2020.08 : A quarter of the Alexa Top 10K websites are using browser fingerprinting scripts! https://www.zdnet.com/article/a-quarter-of-the-alexa-top-10k-websites-are-using-browser-fingerprinting-scripts/

In 2021, hundreds of research papers on novel fingerprinting techniques of browsers exist, and even I designed some using html5 graphics, not yet widely known by other researchers and not yet stopped in Google Chrome.

TAILS? use HiddenVM too

If you must try t connect to a https web site anonymously, use a hidden privacy VM OS and a set of privacy tools, at a public wifi :

https://github.com/aforensics/HiddenVM

https://news.ycombinator.com/item?id=22492343

There are many reasons why you may want to use HiddenVM.

whonix OS! inside HiddenVM, for TAILS on a USB, for coffeeshops or libraries: ...

I SUGGEST if you do not need OSX or Windows, to install Whonix secure Tor anonymization and TAILS inside your HiddenVM !!!
https://www.whonix.org/

TL/DR : NO CONNECTIONS MADE FROM YOUR HOME ARE SAFE FROM FBI/NSA if using a BROWSER, vs text chat. Hopping does nothing to protect HTTPS more than it already provides

2

div1337 said ()

"No fancy web browsers"

What about lynx?

1

smartypants said () (edited )

I kind of meant not to run any browser or if so avoid javascript. but... Lynx?

for safety, Lynx doesn't support Javascript, but many web sites, including dark net ones, idiotically require javascript.

Links...?

Lynx and elinks does not support JavaScript, but Links does: sudo apt-get install links then to compile Links with JavaScript support, use the configure option --enable-javascript ... etc

https://softwarerecs.stackexchange.com/questions/11678/text-based-browser-that-runs-javascript

I would avoid the javascript entirely if possible, or use a remote proxy doing all the javascript and rerendering back through tor to your location

1

overvalley OP said ()

This analysis is good for my edification. I'm reading some of the sources and will have some related questions later on.

1