An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 3 of 4 < 1 2 3 4 >
Topic Options
#44031 - 03/17/17 08:09 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: kevs
PS,JOE, where are setting, Low Medium etc? Can't find.

Click on the onion icon to the left of the URL bar. I am often guilty of not reading the manual, but I found it helpful with TOR.
_________________________
joemikeb • moderator

Top
#44034 - 03/17/17 11:22 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Excellent Joe Thanks, It was great to finally see, the no fingerprinting result.
Do you think if one is running a test with Google they would count the search as they would see it's from Tor?

Anyway to get this groove with Safari, Firefox etc? maybe disable java?

Top
#44039 - 03/18/17 10:13 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: keys
Anyway to get this groove with Safari, Firefox etc? maybe disable java?

Unless Apple rewrites WebKit to use something like the TOR network (essentially a multipoint VPN), you have only a very limited number of fonts on your system, you disable JavaScript, and several other factors the answer is probably NO. You can already deactivate JavaScript (do not confuse Java and JavaScript they are totally unrelated. Many web sites will not work if JavaScript is disabled, including virtually all e-commerce or financial sites.)

As I said TOR is based on Mozilla (a.k.a. Firefox) so those are related.

UPDATE ON iOS BROWSERS: Onion Browser's Panopticlick results on signature hiding are equivocable. With Disconnect running, trackers of both kind are disabled and but the signature hiding test does not complete. I am interpreting that as there is at least partial signature hiding. Given the fact that Onion uses the TOR network, I am using it as my secure iOS browser.
_________________________
joemikeb • moderator

Top
#44041 - 03/18/17 02:23 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe.

I don't know if you can answer: But if one runs test on Google, (which is my project0, they discount anything if they think coming from a proxy.

1) Is Tor similar to a proxy?
2) Would Google discount as they see you are on Tor which is such a rare browser?

What is Onion, parent commpany of Tor?
Good discover Tor, did you stumble upon it?
Did you try the Chrome add on Rubber Glove?

I just did test disabling java script on Safari, no help, no benefit. So Safari, FF, Chrome, those just wont achieve a not being fingerprinted result ever correct? Was not until I changed the setting to Max on Tor that that was achived. Maybe Tor has a secret sauce or something normal browsers dont?

Joe, did not understand the "update on ios browsers" too much:
What is "disconnect"? Oh... you are saying that Tor is not great on ios, but better than nothing?

Top
#44052 - 03/19/17 08:13 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: kevs
I don't know if you can answer: But if one runs test on Google, (which is my project0, they discount anything if they think coming from a proxy.

1) Is Tor similar to a proxy?
2) Would Google discount as they see you are on Tor which is such a rare browser?
I will answer your question with a quote and a comment:
Originally Posted By: Wikipedia
In computer networks, a proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers.[1] A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems.[2] Today, most proxies are web proxies, facilitating access to content on the World Wide Web, providing anonymity and may be used to bypass IP address blocking.
The TOR network is essentially a network of proxy servers scattered around the globe. The communications between these servers are heavily encrypted and in my experience there are always three different servers in the route. These servers are operated voluntarily and TOR actively recruits users to act as servers in the network. Only Google can answer the question of whether TOR is blocked or not. They can't shoot you for trying.
Originally Posted By: kevs
What is Onion, parent commpany of Tor?
TOR is an acronym for The Onion Router. There is no company per. se., it is an open source project springing from a Defense Advanced Projects Agency (DARPA) project released into the public domain. The network is called the TOR network and the technique used in the network is called "onion routing" because it resembles the layers of an onion. You may have run across it as a technology undergirding the illicit sharing of copyright materials via BitTorrent. (Before you ask, I do not participate in BitTorrent, I believe copyright holders have a right to fair compensation for their work. If the work is overpriced, I do not use it.)

See this Wikipedia article for full details on TOR.
Originally Posted By: kevs
Good discover Tor, did you stumble upon it?
This thread got me started looking for a solution and in my research, I came across TOR. Given today's internet environment I decided to give it a try, and surprise, it works albeit with limitations.
Originally Posted By: kevs
Did you try the Chrome add on Rubber Glove?
No, because others had already indicated a lack of success with Rubber Glove and I saw no reason to "beat a dead horse".
Originally Posted By: kevs
I just did test disabling java script on Safari, no help, no benefit. So Safari, FF, Chrome, those just wont achieve a not being fingerprinted result ever correct? Was not until I changed the setting to Max on Tor that that was achived. Maybe Tor has a secret sauce or something normal browsers dont?

As I reported previously my results were the same as yours in terms of hiding, and yes TOR does have a "secret sauce". Simply stated although the TOR browser uses the Mozilla engine used in Firefox and a variety of other browsers, it is designed and built from the ground up to hide the digital fingerprint and as an open source project there are hundreds, even thousands of developers all over the world working to keep it that way.
Originally Posted By: kevs
Joe, did not understand the "update on ios browsers" too much:
What is "disconnect"?
Disconnect is an iOS app that essentially does the same thing Badger (open source and recommended by Panopticlick) does for MacOS. It sets up a dummy proxy server that effectively blocks merchant tracking and invisible tracking cookies. I use Disconnect on my iPhone and I{Pad and Badger on my Macs and regardless of which browser I am using Panopticlick indicates tracking is blocked.

Originally Posted By: kevs
Oh... you are saying that Tor is not great on ios, but better than nothing?

  1. The TOR browser does not run on iOS
  2. There are several iOS browsers that claim to be base on TOR, but as far as I can tell that only means they use "Onion Routing" either on the TOR network or in a couple of cases their own and have little or no impact on signature hiding. VPN.
  3. The Onion router on iOS is the work of a single individual but appears to have been based on some version of the Onion Router and appears to offer some degree of digital signature hiding in addition to onion routing, but the Panopticlick results are equivocal.
_________________________
joemikeb • moderator

Top
#44064 - 03/20/17 09:22 AM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Joe, got this today from Tor and Google, what think? Google beats Tor? They asked for a captcha

About this page

Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

Ah.. did not see your long answer when I posted this above. Great info, thanks Joe. Will look for disconnect.. for iphone. I use badger now on desktop for Firefox. I never imagined there could be add ons to phone browser but yes?

I'm finding Badger is not causing the enormous headaches that Ghostery would. I have to bail on Ghostery.


Edited by kevs (03/20/17 11:46 AM)

Top
#44067 - 03/20/17 12:43 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: kevs
I never imagined there could be add ons to phone browser but yes?

I'm finding Badger is not causing the enormous headaches that Ghostery would. I have to bail on Ghostery.

There are over 100 ad blocking plugins/addons for Safari in the App Store on the iPhone and iPad. Safari plugins/addons are installed and setup as individual apps then "attached to" or "activated in" Safari using Settings > Safari > Content Blockers.

Disguise...
  • ...works at the system network level not at the browser level
  • ...is not attached to or activated in the browser
  • ..works for all browsers on iOS including those built into apps
I gave up on Ghostery several months ago, but I do keep Cookie Stumbler around to cleanup accumulated cookies to speed things up.
_________________________
joemikeb • moderator

Top
#44068 - 03/20/17 01:05 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, so Badger is the replacement for Ghostery, correct?

What does cookie stumbler do?

What do you make of Google saying the see unusual activity while one is in Tor? odd?

Top
#44069 - 03/20/17 01:31 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: kevs
Thanks Joe, so Badger is the replacement for Ghostery, correct?
Functionally Ghostery does more, but Badger effectively blocks cookies of all sorts from phoning home.
Originally Posted By: keys
What does cookie stumbler do?
Allows you to specify which cookies to keep and then every night sweeps all the undesired reporting cookies from your system.
Originally Posted By: keys
What do you make of Google saying the see unusual activity while one is in Tor? odd?
Probably the Onion Routing that hides your actual location. There are workarounds that are suggested for use in countries that make uncontrolled internet access illegal.
_________________________
joemikeb • moderator

Top
#44070 - 03/20/17 01:37 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, did not understand this:

"Probably the Onion Routing that hides your actual location. There are workarounds that are suggested for use in countries that make uncontrolled internet access illegal."

Question is how does Google know I'm at the same computer, I thought the whole point is, I have no fingerprint.

I don't see a cookie stumbler in firefox which I use the most. If you have one for FF you love let me know. I think I see a few hundred cookies on my computer. The cookies I don't care about slows things down at the point you could notice?

BTW, there is one newspaper, I would remove their cookies manually when they say,you have reached your article limit. It worked till recently. Any idea why that does not work now?

Top
#44072 - 03/20/17 04:05 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
That was the "onion routing" that is used by The Onion Router (TOR) not TOR itself. In fact any browser can report itself to be almost any other browser and this information can used by sophisticated web sites to feed pages compatible with the browser in use.

Cookie Stumbler is a third party app that can be downloaded from WriteIt Studios or the App Store and runs on MacOS, IOS, and Windows. It cleans cookies on Chrome, Safari, iCab, Opera, Firefox, and whatever Microsoft calls its browser these days.

I have no way of knowing about the newspaper, but it sounds as if they have simply gotten smarter in blocking those trying to get something for nothing.
_________________________
joemikeb • moderator

Top
#44073 - 03/20/17 04:49 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, finally:
(unless I missed your answer), if you can guess...


How does Google know I'm at the same computer, I thought the whole point is, I have no fingerprint."

Top
#44074 - 03/20/17 05:21 PM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: keys
Our systems have detected unusual traffic from your computer network. This page checks to see if it's really you sending the requests, and not a robot. Why did this happen?

If you could not receive a message directed specifically to you, you would be unable to receive anything from the internet. Lacking any further data I would say this message does not imply your browser is uniquely recognized. It addresses your network and since you are using TOR that would be the TOR Onion Routing Network.
_________________________
joemikeb • moderator

Top
#44075 - 03/20/17 06:06 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Ah interesting Joe, I assumed Google knows it was my computer making those searches, but in the end, I was not able to continue with Google... any opinion on that? Maybe it was glitch.

Top
#44082 - 03/21/17 07:47 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Having no idea what the issue with Google is, I have nothing to base an opinion on one way or the other. I have no idea what you are doing, or why there is an issue with Google, but have you considered your own web site and domain? There are any number of companies willing to host a web site complete with email and will helo you register a domain name for a very reasonable fee.

A DuckDuckGo search for "web hosting" will get you a lot of options. I doubt that would solve your GMail/email issues however.
_________________________
joemikeb • moderator

Top
#44083 - 03/21/17 08:23 AM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, I have several domains and email, but how does that tie into this?

The G mail issues, from my research with friends and googling the issue is that Gmail is over aggressive. Google Gmail legit emails to spam. Still, just infuriating, imaging the quintessential white list a email company should provide is that if someone emails you the person replying should be white listed. Not with Gmail. A prospective client can email me, unsolicited, and my reply might go to spam. I wish Google had not gotten into email, and stayed with search. Gmail will lump people who send a newsletter to 100 softball members with a Viagra spammers sending million.

Back to Tor, great find, thanks! I realized how powerful it is really. Before, one could hide an ip, but then the fingerprint issue was discovered, so only true anonymity would be the library, but Tor brings the library to your house!

Top
#44084 - 03/21/17 09:38 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: keys
Gmail will lump people who send a newsletter to 100 softball members with a Viagra spammers sending million.
The number of recipients in an email is still considered one of the most reliable indicators of spamming and that isn't just Google, it is industry wide. It was institutionalized as a virtual standard when various state and federal agencies began putting severe pressure on major email providers to prevent their networks from being used to distribute spam. Some providers set the maximum number of recipients as low as 10 or 15. That goes back 20 to 25 years in the earliest days of spamming. That was the progenitor of email services such as Constant Contact.

A lot of time and money has gone into software and techniques for identifying potential spam originating in or going to ISP networks, but there are $billions to be made with spam so some of the most highly paid programmers in the world spend their days figuring out how to get around every block that is set up. In the past it was estimated that over 60% of email traffic was spam. The fact our mailboxes are not overflowing with spam is a testament to how effective Google and others have been in blocking spam.

There is no question spam blocking techniques are annoying to "people who send a newsletter to 100 softball members" but to me it beats getting a couple of hundred spam messages every day. By the way, many "viagra spammers" send their junk through bot infected PCs using barebones SMTP servers installed on the infected PC to get around any limit on number of recipients by bypassing the provider's SMTP servers entirely. Others use SMTP servers in China, Russia, etc. that aren't worried about U.S. or E.U. regulations.
Originally Posted By: keys
Back to Tor, great find, thanks! I realized how powerful it is really. Before, one could hide an ip, but then the fingerprint issue was discovered, so only true anonymity would be the library, but Tor brings the library to your house!
FYI, I logged into my Google account today using TOR at the Medium security setting and both times had to verify I was by entering a code number texted to the cell phone associated with my account. So even at the Medium security setting Google apparently did not recognize my browser as one that had logged on to the same account half an hour earlier. cool


Edited by joemikeb (03/21/17 09:40 AM)
Edit Reason: *#A$%^@ SPELL CHECKER
_________________________
joemikeb • moderator

Top
#44085 - 03/21/17 10:14 AM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe. I use email tied to a url I own with spam sieve, so spam is not an issue.

Gmail is a disaster, I brought up the softball, as I really have a friend who runs a softball club, he loves Google and Gmail, and said he did have to send notices through Google groups now, not email, as his members (who are his members!), receive his alerts in their spam folder. And I have clients emailing me and my replies go to their spam, it's insanity.

Well if you are logging into your Google account, that would be reason not to need Tor, as you are showing your cards fully.?

But I just saying Tor is amazing as it does both the IP and the fingerprint trick in one. Now if that IP is recognized as a proxy is another issue.

Top
#44086 - 03/21/17 01:18 PM Re: Private window does not hide identity? [Re: kevs]
artie505 Online


Registered: 08/04/09
Originally Posted By: kevs
Well if you are logging into your Google account, that would be reason not to need Tor, as you are showing your cards fully.?

By the same token, doesn't it suggest that you may be able to open a new account at each visit with Tor?
_________________________
The new Great Equalizer is the SEND button.

In Memory Of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Top
#44089 - 03/21/17 05:04 PM Re: Private window does not hide identity? [Re: artie505]
kevs Offline


Registered: 12/07/09
Sad news Joe, I just did a risk score on the first proxy that came up, with my MaxMind account, and it rated 90 chance of fraud.

Which means if you if someone really smart is wondering about your IP while on Tor they will know it's fishy. But you can still get stuff done as long as it's not related to them analyzing the source.

Top
#44094 - 03/22/17 08:11 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
TOR has never claimed that it cannot be detected. Some countries ban the use of TOR and Onion Routing, but there are work arounds for that. You might try using one of those workarounds for more security. For absolute security, do not use the internet.

When you have questions about TOR the official advice is…
  1. Read through the FAQ and the Documentation
  2. See if your question is asked or answered on our StackExchange page. If it isn't, please consider asking it there! Then everybody else can benefit from your question and the answer to it.
  3. Join the #tor irc channel, state the issue, and wait patiently for help.
  4. Read through the archives of the mailing lists to see if anybody else has raised your issue recently. Note that you need to subscribe to the mailing lists before you can post.

For example I found a couple of FAQs that perhaps relate to some of the issues you have had with Google.
Originally Posted By: TOR FAQ
Google makes me solve a CAPTCHA or tells me I have spyware installed.

This is a known and intermittent problem; it does not mean that Google considers Tor to be spyware.

When you use Tor, you are sending queries through exit relays that are also shared by thousands of other users. Tor users typically see this message when many Tor users are querying Google in a short period of time. Google interprets the high volume of traffic from a single IP address (the exit relay you happened to pick) as somebody trying to "crawl" their website, so it slows down traffic from that IP address for a short time.

An alternate explanation is that Google tries to detect certain kinds of spyware or viruses that send distinctive queries to Google Search. It notes the IP addresses from which those queries are received (not realizing that they are Tor exit relays), and tries to warn any connections coming from those IP addresses that recent queries indicate an infection.

To our knowledge, Google is not doing anything intentionally specifically to deter or block Tor use. The error message about an infected machine should clear up again after a short time.

Gmail warns me that my account may have been compromised.

Sometimes, after you've used Gmail over Tor, Google presents a pop-up notification that your account may have been compromised. The notification window lists a series of IP addresses and locations throughout the world recently used to access your account.

In general this is a false alarm: Google saw a bunch of logins from different places, as a result of running the service via Tor, and decided it was a good idea to confirm the account was being accessed by it's rightful owner.

Even though this may be a biproduct of using the service via tor, that doesn't mean you can entirely ignore the warning. It is probably a false positive, but it might not be since it is possible for someone to hijack your Google cookie.

Cookie hijacking is possible by either physical access to your computer or by watching your network traffic. In theory only physical access should compromise your system because Gmail and similar services should only send the cookie over an SSL link. In practice, alas, it's way more complex than that.

And if somebody did steal your google cookie, they might end up logging in from unusual places (though of course they also might not). So the summary is that since you're using Tor, this security measure that Google uses isn't so useful for you, because it's full of false positives. You'll have to use other approaches, like seeing if anything looks weird on the account, or looking at the timestamps for recent logins and wondering if you actually logged in at those times.

You might find This page on Pluggable transports helpful in working around any blocking of TOR.


Edited by joemikeb (03/22/17 08:18 AM)
Edit Reason: pluggable transports
_________________________
joemikeb • moderator

Top
#44100 - 03/22/17 12:18 PM Re: Private window does not hide identity? [Re: joemikeb]
kevs Offline


Registered: 12/07/09
Thanks Joe, good info, some it a bit too much for me...
But Tor is good if you want a unique ID, and especially no fingerprint. Their IPs though are known ones, but for what it is, it's very cool.

I don't know actually of a list of "good" proxies, that rate as legit, and not fraud. So that one remains an intangible.

Top
#44101 - 03/22/17 05:56 PM Re: Private window does not hide identity? [Re: kevs]
kevs Offline


Registered: 12/07/09
And last question Joe! Doubt you will know, but wonder is way to use Tor at a Starbucks or friends house, and use their IP and not Tors? Then you have a totally respected IP and unique fingerprint-- or are you bound by Tor IP?

And I think Tor is on iphone for $1.00.... app store.

Top
#44108 - 03/23/17 08:14 AM Re: Private window does not hide identity? [Re: kevs]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: kevs
And last question Joe! Doubt you will know, but wonder is way to use Tor at a Starbucks or friends house, and use their IP and not Tors? Then you have a totally respected IP and unique fingerprint-- or are you bound by Tor IP?
Every time you log onto the internet from a different location, you have a new IP address and TOR does its best to hide that. The first thing TOR does when it starts up is initialize its connection to TOR's Onion Routing Network and it will do that no matter what the connection to the internet is or where it is. Support for the Onion Routing Network is a prime reason for TOR's existence and essential to hiding the actual physical location of the user.

If you are a skilled programmer with time on your hands you could download the TOR source code and make the use of the Onion Routing network optional, but I doubt that would ever accepted back into the main TOR project. I don't think it would accomplish what you want anyway.
Originally Posted By: keys
And I think Tor is on iphone for $1.00.... app store.
According to TOR they are "working on a version for iOS but it is not available yet". My guess is hiding the digital signature requires access to parts of the iOS tht Apple will not permit. Not that Apple is opposed to digital signature hiding, but it would open potential security vulnerabilities Apple wants to keep tightly locked for security reasons.

There are a number of browsers in the iTunes app store claiming a basis in TOR, but I tested every one of them with Panopticlick and only The Onion Browser showed any digital signature hiding and that was equivocal because the test could/would not complete. The others either used the onion routing network or in a couple of cases a proprietary VPN for which they charge a substantial monthly or annual fee. I did not test those becasue I was unwilling to pay the fee. For several months there was a TOR browser offered on the iTunes App Store, but it was a phony and Apple eventually pulled it. There is a version of the TOR browser for Android devices called OrBot.

I have joined TOR's Mailing Lists and I will be keeping my eyes and ears open for an iOS version when it is released.
_________________________
joemikeb • moderator

Top
#44109 - 03/23/17 09:27 AM Re: Private window does not hide identity? [Re: joemikeb]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Keys, I think most of your questions and concerns are covered in detail in the TOR FAQ, but admittedly they are quite extensive and can be intimidating to a less technical reader. However if you will read...
I think that will cover most of your concerns and perhaps clear up a few concepts and possibly misconceptions in the process.
_________________________
joemikeb • moderator

Top
Page 3 of 4 < 1 2 3 4 >

Moderator:  alternaut, dianne, MacManiac