Torpark: The Anonymous Portable Browser Hacktivismo releases Firefox based privacy app Users in our Security forum point out that Hacktivismo, an international group of computer security experts and human rights workers, just released Torpark, an anonymous, fully portable Web browser based on Mozilla Firefox. From their press release: "[The] anonymous, fully portable Web browser [is] based on Mozilla Firefox. Torpark comes pre-configured, requires no installation, can run off a USB memory stick, and leaves no tracks behind in the browser or computer. Torpark is a highly modified variant of Portable Firefox, that uses the TOR (The Onion Router) network to anonymize the connection between the user and the website that is being visited. When a user logs onto the Internet, a unique IP address is assigned to manage the computer’s identity. Each website the user visits can see and log the user’s IP address. Hostile governments and data thieves can easily monitor this interaction to correlate activity and pinpoint a user’s identity.
Torpark causes the IP address seen by the website to change every few minutes to frustrate eavesdropping and mask the requesting source. For example, a user could be surfing the Internet from a home computer in Ghana, and it might appear to websites that the user was coming from a university computer in Germany or any other country with servers in the TOR network." Those interested can find the download here, though users in our forums have had a little trouble getting it working.
|
 sman83
join:2004-11-09
Urbana, IL | Sounds interesting I am downloading and going to try this I want the anonymity it "says" it can provide. | |
|  | scareg
join:2003-10-27
Walla Walla, WA | Re: Sounds interesting Sounds interesting but does seem to have one serious flaw. Below is a speed test while using it.
dslreports.com speed test result on 2006-09-20 14:05:14 EST:
49 / 99
Your download speed : 49 kbps or 6.2 KB/sec.
Your upload speed is much faster than down.. have you tweaked?
Your upload speed : 99 kbps or 12.3 KB/sec. | |
| | | | | Re: Sounds interesting I haven't looked at the specs for the browser, but my guess is that it's probably using an anonymous web proxy server which will result in really slow speeds. | |
|
|  technickPremium
join:2000-12-16
Wheat Ridge, CO
kudos:1 | Ive been using torpark a few days now, its not bad at all. One of the coolest parts is its completely portable and works great on a usb thumb drive. | |
| | Reviews:
 ·RoadRunner Cable
| I've had torpark for months now.. It is nice, but slow.
However, you'll never get to my website on torpark. I've scripted a blacklist of tor IP addresses, and update the list hourly..
While tor can be used for good, it is also used for bad. Many spammers and spam harvesters go through tor now. Many IRC networks also block tor for the same reasons. | |
|
| | *cough* surfing porn sites *cough* I mean..cmon.. | |
| |  tapeloopNot bad at all, really.Premium
join:2004-06-27
Airstrip One
kudos:1 | Re: *cough* surfing porn sites *cough* There might be a few dissidents in China or NK that would find this sort of thing useful too. | |
| | |  roamer1sticking it out at you
join:2001-03-24
Atlanta, GA | Re: *cough* surfing porn sites *cough* said by tapeloop:There might be a few dissidents in China or NK that would find this sort of thing useful too. China, sure, but North Korea? AIUI, there isn't any Internet in North Korea...not even an "intranet Internet" like the one in Cuba. The North Korean state media mouthpiece's web site is hosted in, of all places, Japan.
-SC
--
"it seems like all you ever buy is Abercrombie and cell phones" --a friend | |
| | | | | | Re: *cough* surfing porn sites *cough* Certainly in the Middle East it could be of value. Several Islamic countries are currently blocking blog sites, flickr, myspace, Israeli sites, etc.
While I don't that perverts might use the site, please don't discount the legitimate users out there. | |
| | | | tapeloopNot bad at all, really.Premium
join:2004-06-27
Airstrip One
kudos:1 | said by roamer1:said by tapeloop:There might be a few dissidents in China or NK that would find this sort of thing useful too. China, sure, but North Korea? AIUI, there isn't any Internet in North Korea...not even an "intranet Internet" like the one in Cuba. The North Korean state media mouthpiece's web site is hosted in, of all places, Japan. -SC You're right, NK is so closed off it's not even funny anymore.
According to this chap they still have intranet at least. In any case, TOR won't do them much good.
»www.militaryphotos.net/forums/sh···?t=82755
--
I cannot stand demagoguery. If you disagree with my stance, you're a blithering twit. You're not a twit, are you? | |
|
|  BF69Premium
join:2004-07-28
Camden, TN | Exactly. If someone is that ashamed of going to porn sites maybe they shouldn't be at porn sites. | |
| | | | what in the world makes you think this is just about visiting porn sites? Maybe you haven't caught any of the recent news where the White House wants to tap into anything they feel like, without laws in support, and without approval of the house or senate. There's no free country here anymore. If you believe that you have a right to privacy, these are the sort of lengths you will now have to go to, to achieve it.
--
The best things in life are free...(after rebate and free shipping!) | |
| | | | | Re: *cough* surfing porn sites *cough* Yes, and with your friendly ISP being required to implement CALEA by May 14th 2007, Big Bro could definately be looking over your shoulder, maybe it's not just surfers in N. Korea (if any), Iran and China, etc. that should worry. | |
|
 dvWhat was that?Premium
join:2005-04-19
Goleta, CA | Reasonably secure Its a great idea, everything inside the browser STAYS inside the browser.. completely randomized secure proxying makes it a surefire way of anonymity | |
| | | | Re: Reasonably secure This will be fun...  | |
| |  peter_mPremium
join:2005-07-13
Canada, QC | You know what they say... What happens in TorPak, stays in TorPak | |
|
| | using it now My laptop is old and crappy and my connection is crappy, but this app doesnt seem to crappy. | |
|
1 edit | "Torpark causes the IP address seen by the website " Ok, maybe I'm talking out my xxx, but, first of all, the remote computer doesn't need the browser to tell it the IP of the computer. There are several other ways for the server to get your IP that have nothing to do w/ the browser.
Second, how would the server to know where to send the page information (i.e. the webpages), or am I misunderstanding the http transaction? If http still works, this would certainly cause issues w/ session/login based websites.
Edit: Ok so its going through a "dynamic proxy", it still really doesn't impress me much. The ability to surf w/o being tracked on the compyter itself screams doing stuff youshouldn't be at work/school. | |
| | | | | | | Re: "Torpark causes the IP address seen by the website " Governmental watching is an understandable concern, and the proxy server concept is sound, but the ability to be stealt on the computer itself(i.e History) Really doesn't do much to circumvent this, unless the government actually comes and seizes your actual equipment.
I also wasn't saying that I wold want to be doing anything unscrupulus at work/school, or for that matter that it was the ONLY reason. This is probably the most common reason that it will be used for anyway.
My primary point was that this is NOT a miraculus fix all cure. Although it makes it more difficult to track you, it doesn't make it impossible. If an opperssive government, or anyone w/ enough skill, wants to know something They will find out. | |
| | | | peter_mPremium
join:2005-07-13
Canada, QC | Re: "Torpark causes the IP address seen by the website " said by j0nnyb1aze:If an oppressive government, or anyone w/ enough skill, wants to know something They will find out. I always assumed TOR was a bunch of random relay servers that didn't keep any logs... How can they trace?
Peter | |
| | | | | | | Re: "Torpark causes the IP address seen by the website " even on the homepage for tor, they make it clear that there are certain scenarios under which privacy can fail.I don't think there is any system or software available that could really promise you with certainty that privacy will be 100% absolute.
The thing is though that most or all of those possibilities for privacy failing would only occur if some entity was already attempting to see what you were doing online. In other words, you are already being tracked for some reason. If that's not the case, and you are just attempting to prevent the collection of information by the gov't. for some 'mystery' use that they now tell you is necessary, then this system should be fine. BY THE WAY, FOR ANY OF THESE PROXY SOFTWARES TO WORK PROPERLY YOU MUST HAVE JAVA TURNED OFF ON YOUR COMPUTER. IF JAVA IS ON, THEY WILL BE ABLE TO GET YOUR IP, PROXY OR NOT.
--
The best things in life are free...(after rebate and free shipping!) | |
| | | | | | peter_mPremium
join:2005-07-13
Canada, QC | Re: "Torpark causes the IP address seen by the website " said by robie88:FOR ANY OF THESE PROXY SOFTWARES TO WORK PROPERLY YOU MUST HAVE JAVA TURNED OFF ON YOUR COMPUTER. IF JAVA IS ON, THEY WILL BE ABLE TO GET YOUR IP, PROXY OR NOT. I'm guessing not Sun Java but rather javascript? | |
| | | | | | |  tcp1Premium
join:2000-04-17
Herndon, VA
 ·Verizon FiOS
| Re: "Torpark causes the IP address seen by the website " No, he means Sun Java, but he's being a bit vague.
Java (as in an applet) runs in its own VM, which means it's really running as it's own program locally on your machine - it's just enclosed in the browser at the interface level. Yes, Java applets running in a web browser do have stricter security restrictions than Java stand-alone applications outside the browser, however it's rather trivial for the Java applet to make its own HTTP connection and then send your local IP address to any server.
Javascript, on the other hand (which, by the way, has absolutely NOTHING to do with Java, and is related only by name), runs strictly in "browserspace", and is limited to the facilities given to it by the browser. | |
| | | | | | | | peter_mPremium
join:2005-07-13
Canada, QC
1 edit | Re: "Torpark causes the IP address seen by the website " I haven't written a line of code in over 10 years but I know the difference between the two. Just needed to know which...
You probably would argue that if I really did know the difference, then I should know that javascript is not what he was talking about. Well to this I have to answer that a few week ago someone talked about javascript's ability to scan private IPs behind a router and reporting them. I think it was in a recent "security now" pod-cast but I'm not 100% sure. Not remembering the exact details, javascript still sounds suspicious to me. Anyone know what I'm talking about? (I'm not sure I do  ) | |
|
| | | | | | | | apologies if I wasn't clear. You should really disable both. If you are using firefox you will find it in "options"/ "content"--- just uncheck both boxes.
If you want to test what I'm talking about, just go to the whois page on this website (in the tools area). Try going there through a proxy server with java on, and you will see that it may or may not immediately pick up your real ip address. If it picks up the ip of the proxy, you can then do a second test on that page where it invites you to use the "java applet" to check. If the first test showed your proxy ip, and you still have java on, the second test with the java applet should should show your real ip immediately. If you turn off java in firefox and then try that java applet again, nothing is going to happen, the whois test will be unable to catch your real ip. Simply put, without a zillion dollar tracking setup that the likes of the CIA probably has available, the only thing left to track you when you are using a proxy, is through these small java programs. If java is off, no one will know your ip through a proxy, unless the owner of the proxy server winds up handing it out to a third party.
Finally, in terms of unchecking both java and javascript, you may find that just unchecking one or the other will still protect you on the whois test on this site, however programs can be constructed through either and you should really have both off to be safe. What I do, is I keep one browser on my computer that is specifically for anonymous browsing. No add-ons with that browser, no java, just the absolute basics going through a proxy configuration that I set up and just leave alone so that there are no mistakes made.
hope that helps.
--
The best things in life are free...(after rebate and free shipping!) | |
| | | | | | | | peter_mPremium
join:2005-07-13
Canada, QC
1 edit | Re: "Torpark causes the IP address seen by the website " said by robie88:No add-ons with that browser, no java, just the absolute basics going through a proxy configuration that I set up and just leave alone so that there are no mistakes made. No flash player as well I guess... Sound advice, thanx.
EDIT: TorPak has both Java (sun) and Javascript enabled in the browser options.... weird! | |
|
| | Why? Why do people need to hide which websites they go to...? I don't care who looks where I go because I have nothing to hide. | |
| |  reub2000Premium
join:2001-12-28
Evanston, IL | Re: Why? You don't, but someone might. | |
| | |  John GaltForward, MarchPremium
join:2004-09-30
Happy Camp
kudos:2 | Re: Why? said by reub2000:You don't, but someone might. Jihad!! Allah Akbar...
We now return to our regularly scheduled program...
--
A is A | |
|
| RayWPremium
join:2001-09-01
Layton, UT
kudos:1 | said by motoracer:Why do people need to hide which websites they go to...? I don't care who looks where I go because I have nothing to hide. That is because you live in a country where you are pretty much free to do what you want. You can do postings that called Clinton a perv and/or cussed out Bush, and no one comes knocking on your door at 2 AM with 20 bully boys.
Now in several countries like some of those in the Middle East and China, write the wrong thing or if you are seen looking at material that says your leaders have a problem and how good life is elsewhere, then you might want to hide who you are.
--
I am not lost, I find myself every time. | |
| |  tsu9
join:2001-08-17
Wheeling, IL
2 edits | Nobody but you needs to know. Even if you elect to have no privacy, that doens't mean everyone else should follow your bold, nude lifestyle.
You might not value your privacy, but others definately do (even yours). Feel lucky you have the choice. | |
| | | peter_mPremium
join:2005-07-13
Canada, QC | Re: Why? said by tsu9:that doens't mean everyone else should follow your bold, nude lifestyle. Remember, he's got nothing to hide... his life must be boring | |
|
|  IsaacGoldingGet over it.Premium
join:2003-08-29
Jersey Shore, PA | So here is a scenario.
Lets say you live in China and your not too happy with the govt and you saw something that the govt "allgedly" covered up.
You know your ISP monitors all of your traffic and it does so at the govt's direction so you can't post this info you know onto some public web site without getting caught by your ISP. But you do manage to get a copy of torpark from another freind who is also anti govt. You put torpark on some thumbdrive and go plug it into your computer.
You use Torpark and post your information up on to "websiteX" and the word gets out. You go hide thumbdrive far and away from PC. (no tracks)
A few weeks later the Govt "spooks" discover the info on some web site and the come to your area and confiscate everybodys computer within 2 miles of the incident. But your computer is clean... You hid the USB drive some time ago... and your ISP has no traceable records of you visiting "siteX". They will have traffic from you to the first TOR router but since that changes from router to router they don't have much. Not enough to link you to the posting on "siteX" So your off the hook.
Of course this is just an example. And its not a perfect one. But it gets the point across.
Here is more info on TOR & how it works and doesnt work: »wiki.noreply.org/noreply/TheOnio···tections
--
My photos are for sale | |
| | | |
| tcp1Premium
join:2000-04-17
Herndon, VA Reviews:
·Verizon FiOS
| Hi Motoracer. Could you please send me a complete list of every site you've visited in the last week? If you don't mind, also list the stores you went to, the books you've read, the TV shows you've watched, and the newspaper you buy. (We'd like to know if it's a left-leaning or right-leaning one). Also, if you listen to the radio, please list the shows, specifically political talk shows.
I'm not going to tell you why I want this information, but since you've got nothing to hide, you shouldn't care. I'll also say it's none of your business why I want it; but that shouldn't matter - you don't mind, right?
(I'm kidding of course, but your statement is equally as ridiculous, and this is the "line" given by everyone who thinks that the only people who want privacy are "bad guys". ) | |
|
 pnh102Reptiles Are Cuddly And PrettyPremium
join:2002-05-02
Mount Airy, MD | How Do They Know This Works? TOR has already been proven to be a failure as the recent busts by the non-oppressive German government have shown. How can the creators of this software be sure that a repressive regime won't be able to trace traffic browsed by this software as well?
--
Only SHATNER is Kirk. | |
| |
See 9 replies to this post | |
 maartenaElmoPremium
join:2002-05-10
Orange, CA
kudos:1
·AT&T U-Verse
 ·DIRECTV
| Doesn't work for drawball.com Drawball.com is a site where people can paint in a flash environment, and it registered the amount of ink you have left on IP address.
I installed Torpark on 2 PC's, one of which had NEVER used drawball.com, but both PC's are connected through the same router.
Both PC's registered the amount of ink I had left based on my internet IP adress.
So it seems that with Flash you can still register the IP adress of the actual visitor.
--
"Any society that would give up a little liberty to gain a little security will deserve neither and lose both" -
Benjamin Franklin, Founding Father. | |
| |
1 edit | Re: Doesn't work for drawball.com I just tried it...and couldn't get it to work. All websites don't load (even on multiple new IP's). | |
| | | | | Re: Doesn't work for drawball.com Hmmm...it's working fine for me with a clean default install. Firefox has never been on this machine before so there was no residue to deal with.
As for Flash registering IP addresses...you might want to check to make sure it is not retrieving that some other way than through the addresses the server sees. I can assure you (through testing with a webserver) that the server has no clue where you are. It gets the proxy address you see at the bottom right of the screen. | |
| | | |
1 edit | Re: Doesn't work for drawball.com ... | |
|
| tcp1Premium
join:2000-04-17
Herndon, VA Reviews:
·Verizon FiOS
| Flash runs as a Java Applet or an ActiveX control / Netscape plug in - depending on your browser.
Please understand that these things are NOT running within the true confines of the browser; they run in their own virtual machines, and have direct access to some local system functions and the network stack.
Torpark will absolutely anonymize all HTTP browsing. However, Flash, Java, ActiveX, and other such things are really equivalent to running a separate program on your system - they're just set in the browser's interface (and can be accessed by the browser.)
Torpark anonymizes HTTP traffic sent through browser posts and requests only. As another poster said (and I clarified), you must turn off Java, plug-ins, and anything like ActiveX to have any real anonymity guarantees. | |
|
| | | | | Re: this is kind of scary the same thing that would happen if a waiter got your credit card number at a restaurant and then passed it along to someone to use to make an illegal purchase. that has nothing to do with tor, though.
Look, with every protection of freedom that you get, there is always some manner in which it could potentially be abused. that doesn't mean that you therefore have some de facto excuse to take away people's freedom.
--
The best things in life are free...(after rebate and free shipping!) | |
| | | | tcp1Premium
join:2000-04-17
Herndon, VA Reviews:
·Verizon FiOS
| You'd dispute the charge and not be held liable, just like if someone picked up one of your receipts off of the ground or generated your number via an algorithm.
Folks, I know this is an aside, but using a credit card online is not a risky activity! Credit card holders are not liable for unauthorized charges on their card, period.
When you dispute a charge with your credit card company, please don't think they send out the FBI and SWAT teams along with CSI to track down the perp's IP address.
No, they just charge back the merchant, say "You should have verified better; that's your responsibility as stated in your merchant agreement", and the merchant is stuck with it.
No Dragnet or crazy private eye stuff involved; it's just routine business for credit card companies. | |
|
| | |
| |
|
|
·
·
