JAP Security : German Anon.

Guest · Wed Feb 09, 2005 12:28 pm

Here's the link:

http://anon.inf.tu-dresden.de/index_en.html

This is a great anonymous utility, giving you the ability to conduct your travels , without the possiblity, of being tracked or traced.

Using High encryption, and multiple legal safe severs, spread out over a large constantly changing network, You can feel safe, that your ip address, is not accesable to third parties,.

admin

MargaretThatcher · Wed Feb 16, 2005 6:59 am

JAP has been compromised. The developers have included a facility to allow the tracing of connections through the mixes. You can use JAP to hide traffic from you ISP, but don't rely on it for anything more than that.

TOR is likely a better solution.

http://tor.eff.org

Username · Guest

Hubbard, you are giving yourself away. Wink

MargaretThatcher · Fri Feb 18, 2005 3:23 am

What's a nice boy like you doing in a place like this? Laughing

Username02 · Guest

Oh, Maggie, Maggie May, they've taken you away... :(

Shall you forever remain on this side?

Guest · Wed Feb 23, 2005 5:15 am

One problem with Synthetica is that it is based on phpBB, which uses IP addresses to control user sessions. Because the exit node and hence IP of the TOR proxy changes during use, forum sessions will keep closing and you'll have to keep getting logged out if you use TOR.

MistaMiyagi · Dream Team

Guest,

Thanks for the heads up. This is concerning, but the only alternative that seems immediately available to me is to use cookies, which are equally damning. Would you have any suggestions on a better session identifier? If you do, it might be able to be implemented quickly. We're all ears as to a method to make this TOR / mix compatible.

Thanks,
MM

monkichi · Thu Feb 24, 2005 5:19 am

The only way I can think of is to turn off IP checking in phpBB. phpBB creates a random number as part of each session ID. To prevent session hijacking, whereby someone discovers a session ID and uses it to takeover that session, phpBB combines the random number with the initial IP address. Of course, to an extent, this is now futile for Synthetica because a lot of connections will be connecting from the same IP address anyway (e.g. the JAP proxy).

I am not an expert on this area, but BB authentication seems to be a problem. Personally, I would not use IPs anyway due to privacy concerns.

I would feel more secure using TOR and SSL, and take the risk of a session hijack. I'm not sure if phpBB can do cookie based sessions. If it could, I would prefer that (people should have configured their browsers to store session based cookies anyway). I suppose this is why the Hive was cookie based.