http://www.pcworld.com/article/id,127200-c,onlineprivacy/article.html

...sounds cool...i'm gonna play with it for awhile...i'm a bit concerned about the slower surf times, maybe i'll just try and get back into a dial-up frame of mind...
EIP

Your own ISP can still track your every move, no matter what fancy software you might run.

They are tied into your modem (of whatever sort) so easily bypass any safety measure you might have.

THAT is the real security issue at hand these days, now that they will be holding your surfing logs for 2 years......

it's no slower then if you already use TOR and privoxy and the only time the slow down is an issue is when you're trying to view porn.

Your own ISP can still track your every move, no matter what fancy software you might run.

They are tied into your modem (of whatever sort) so easily bypass any safety measure you might have.

THAT is the real security issue at hand these days, now that they will be holding your surfing logs for 2 years......
Partially true...if you are connecting to a proxy, they will only have logs of the fact that connected to that proxy most likely, not the site you eventually ended up at.

It's still possible for someone to snoop your traffic and view the address that you are ultimately visiting in the actual messages themselves that are being sent to the proxy, but this is not the type of thing an ISP would go to the time and expense of keeping in records. So basically unless someone had some specific reason to target you, it would probably be enough to use proxies and browser like this to keep safe.

However if you require full secrecy from everyone including your ISP there are services out there that will route all your traffic through proxies AND encrypt the traffic so that the messages themselves can't be read to infer their eventual destination or content. The catch here is do you trust whoever you're paying to provide this service to keep your data secret. Playing devils advocate for a second, is it a red flag that you purchase a service like this in the first place? After all who needs it other than someone who's doing something wrong?

Nope, sorry...

When you type in a URL for a website, say here for instance, that data is what they look at.
It still has to get from you to the proxy.....THRU YOUR MODEM and all the pipes from you, to your ISP, thru all the backbones and where ever else in all those hops and finally to the proxy.
Every bit of this data is logged by your ISP.

Do you honestly think you have some super encryption that they cannot crack in seconds if they so choose ?

I really don't care if you think running 1024 bit super secret PGP with a kung fu grip is secure, the actual fact is that it is not.
Argue with me on that till the cows come home, it doesn't change the fact that you can brute force PGP and you can dictionary attack PGP in mere seconds on a real computer like the NSA and the DEA have (go read about the IBM super computers like code blue and blue gene and ASC purple).

The only way to be safe is to pirate a wireless signal, or unplug.

^^^^^^ true dat^^^^
a bro at my isp said if it's you they want and your legal then you are fucked. hotspots or peggybacking is the best way to go, i think atleast.
FF

yea....................aint it great when all your neighbors have wifi, lol, choice of 3 or 4 routes all the time

yea....................aint it great when all your neighbors have wifi, lol, choice of 3 or 4 routes all the time

My recommendation is for a Linksys SRX wireless G card.
It's the funky looking triple antenna dude.
I have one in my workstation and can pull in over 30 routers sitting right here....a little "aircrack" and I can hop on any one of them.....and hide my tracks (MAC spoofing anyone?).

With my lappy it gets really fun :D
I know exactly where they laid the FIOS lines around here and how to snoop for the FIOS homes....

Damn I'm bad.

Nope, sorry...

When you type in a URL for a website, say here for instance, that data is what they look at.
It still has to get from you to the proxy.....THRU YOUR MODEM and all the pipes from you, to your ISP, thru all the backbones and where ever else in all those hops and finally to the proxy.
Every bit of this data is logged by your ISP.

Do you honestly think you have some super encryption that they cannot crack in seconds if they so choose ?

I really don't care if you think running 1024 bit super secret PGP with a kung fu grip is secure, the actual fact is that it is not.
Argue with me on that till the cows come home, it doesn't change the fact that you can brute force PGP and you can dictionary attack PGP in mere seconds on a real computer like the NSA and the DEA have (go read about the IBM super computers like code blue and blue gene and ASC purple).

The only way to be safe is to pirate a wireless signal, or unplug.
You don't get it. There are services that allow you to send all traffic to a 3rd party using encryption. All the ISP or anyone else can see is that you are sending to this third party. If they look at the content of the message they will see a jumbled mess.

I am very confident when I say that there is no way someone is going to break strong PGP encryption. The fastest computer in the world dedicated solely to that task would not be able to accomplish the feat for years. It's computationally infeasible even multiplying the power of todays computers several times. I have read a couple research papers on Blue gene and its many orders of magnitude away from being fast enough to crack pgp.

Provide 1 shred of legitimite evidence that PGP can be broken in this thread and I will send you my entire next harvest. It is nothing but conspiracy theory propagated by people who have no understanding of the mathematics behind PGP that think it is breakable.

Here is an example of the kind of service I'm talking about - http://www.anonymizer.com/consumer/products/total_net_shield/

Technically savvy Web users require sophisticated online identity protection that provides them total control over their privacy. Anonymizer Total Net Shield works by creating an encrypted "virtual tunnel" to and from your computer to shield you from even the most complex methods of online spying and snooping. Total Net Shield is similar to the secure Virtual Private Networks (VPN) that corporations use, but it's designed for personal use.

Secure tunneling creates an impregnable Secure Shell (SSH) connection from your computer to your destination site, protecting you from man in the middle (MITM) attacks and evil twin scams.

MITM attackers are able to read, insert, and modify online communications between two parties without either one knowing that their communications had been compromised. Total Net Shield protects you from this attack by encrypting all of your online communications with SSH tunneling.

Evil twins trick wireless users into connecting a laptop or PDA to a tainted hotspot by posing as a legitimate wi-fi provider at the airport or your local coffee shop. Once you connect to their wireless network, the evil twins can watch your online activities and steal your confidential information. Total Net Shield safeguards you from this threat by encrypting all of your online activities so the evil twins are unable to access your passwords, credit card numbers, and other personal information.

With your Total Net Shield email address, you can communicate with confidence knowing that your emails are encrypted. In addition, it keeps your chat, instant messaging, and newsgroup communications secure and confidential.

edit: oh god n2ishun is dickcheese isnt it? I might as well not argue then I'm talking to a brick wall. A dense dense brick wall...

Here's a review of your uber bitchen software (hint: it was the 2nd hit in google)

General Comments
Anonymizer Software: 1. File Shredder assumes all files are named with roman characters and can not handle international file names. Useless for multi-lingual applications. 2. Anonymous Surfing 2005 only appears to work for non-admin users, but does not work at all. Note that the claim 'no special configuration is required' is incorrect in light of this fault. There may be many people out there who are not anonymized even though they think they are. This is a problem because one should not be surfing the web with an administrative account, nor using an administrative account for everyday use. WORKAROUND: Do not install the software - use the web-based service instead. If you are using your software visit test sites to confirm whether it is working. No error messages are displayed by this fault - it behaves as if it is working! 3. Company is hard to contact. Took a lot of e-mailing and several phone calls to finally receive an e-mail that acknowledged the bug but offered no solution. The technical support e-mail address was 'undeliverable', no receipts from the online support form or any other email address.


From..
http://www.reviewcentre.com/review165932.html

I won't even post all the many fine pirated versions of total_net_shield_2006 nor will I even post the release groups.....

Must be coded really well if it's pirated and no ones downloading it :D

But, you go on with your bad self thinking there's a free lunch and you're invited.

Foo.

Well I never claimed it was a "free lunch", I provided it as an example of how your internet traffic can be completely encrypted and hidden from your isp. NOTHING you just posted calls its security into question only its ease of use. No one is downloading it most likely because you need a paid subscription to connect to their server.

What you don't seem to understand is between your computer and thier proxy server and only about 20 hops.
Your modem is the first one.
Umm.....exactly HOW do you think they bypass this ?
No matter what you use, no matter how encrypted, YOUR DATA TRAVELS AND CAN BE TRACED TO IT'S DESTINATION!

What is so hard for you to understand about that ?

They know who you are, they know who you contacted, they can record the data stream.

If the encryption was that good, they COULD NOT SELL IT IN THE US OR CANADA.

You really haven't got a clue about this kind of thing do you ?

http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLG,GGLG:2005-20,GGLG:en&q=AT%26T+data+logging

Click that link, it's a google search for "AT&T data logging".
Umm, you know, where they are recording the data for the NSA ?
Yes, even data simply transferred inside the US.
ALL DATA.
Period.

Are you really so naive as to think the NSA can't crack your whimpy little encryption in seconds ?
Dude, they have the source code.
You can EASILY reverse the source code to decrypt.
You really don't know this shit do you?

What you don't seem to understand is between your computer and thier proxy server and only about 20 hops.
Your modem is the first one.
Umm.....exactly HOW do you think they bypass this ?
No matter what you use, no matter how encrypted, YOUR DATA TRAVELS AND CAN BE TRACED TO IT'S DESTINATION!

What is so hard for you to understand about that ?

They know who you are, they know who you contacted, they can record the data stream.
OK let me explain it for the third time. If you use a service that works in the same manner as anonymizer, this is not a problem. Yes, your isp sees exactly what you are sending and who it is going to. However, everything you send goes to exactly the same place, the anonymizer server in this case. The anonymizer server then sends your traffic where it needs to go.

Your isp sees that every single packet you send is sent to the anonymizer server, and every packet you receive is from the anonymizer server. If they try to look at the content of these packets they will find that they are encrypted. It doesn't matter how many hops the packets go through. At each hop the only thing that will evident is that the traffic is going to the anonymizer server.

Are you really so naive as to think the NSA can't crack your whimpy little encryption in seconds ?
Dude, they have the source code.
You can EASILY reverse the source code to decrypt.
You really don't know this shit do you?
PGP is open source. Everyone has the source code (here it is http://www.pgpi.org/products/pgp/versions/freeware/winxp/8.0/). Yet no one can break it. I will send you a photocopy of the relevant chapters from cryptography textbook if you want to read them and learn a thing or two (not that you would understand the mathematics behind it). You CANNOT easily reverse the souce code to decrypt PGP. The functions used to encrypt are one-way functions. That is, it is very easy to do the encryption but there exists no computationally efficient algorithm to reverse the function and perform the decryption without knowing the private key.

The algorithms used to implement the frequently used encryption techniques like Diffie-Hellman, triple DES, AES, etc are all well known. Feel free to look them up on wikipedia or the like. The beauty of these techniques is that it doesn't matter that you know exactly how the encryption was performed....without the secret key you are shit out of luck.

And Norton anti-virus works too :D

And Norton anti-virus works too :D
What can I say, your logic is flawless. If there are some vulnerabilities in norton antivirus then what JackStraw says about encryption is wrong. How can I counter a cogent argument such as this? I might as well give up.... :cry:

Diffie-Hellman is cute, but I like Daphne Bigelow much much more :)

Actually the word is "Sapient", my logic is "sapient".
www.dictionary.com <-- that should help you.

See, common computer users think that Norton works, it is held in high esteem by them as being the best due to reputation.
You'll even get mid level IT workers that will say "but I have the corporate version" and still think it's the shit.

It is bloated crap on a disc.

Now we get guys like JackStraw that think "hey PGP is the shit, it's unbreakable".
You listed a program above you tought was the shit too.....

Now we have the NSA.
Thier soul task during WWII was to crack codes.
They have been doing it ever since.
They are the best in the world at that, they have teams dedicated souly to cracking complex code.

Headquarters for the National Security Agency is at Fort George G. Meade, Maryland, approximately ten miles (16 km) northeast of Washington, D.C. NSA has its own exit off the Baltimore-Washington Parkway labeled "NSA Employees Only". The scale of the operations at the NSA is hard to determine from unclassified data, but one clue is the electricity usage of NSA's headquarters. NSA's budget for electricity exceeds US$21 million per year

Well, I'd say that should give you a slight idea.

Now we have *some* info that *might* be relevant....but who knows, secret agencies are...uhh...secret....

NSA has been involved in debates about public policy, both as a behind-the-scenes adviser to other departments, and directly during and after Vice Admiral Bobby Ray Inman's directorship.

The NSA was embroiled in controversy concerning its involvement in the creation of the Data Encryption Standard (DES), a standard and public block cipher used by the US government. During development by IBM in the 1970s, the NSA recommended changes to the algorithm. There was suspicion the agency had deliberately weakened the algorithm sufficiently to enable it to eavesdrop if required. The suspicions were that a critical component — the so-called S-boxes — had been altered to insert a "backdoor"; and that the key length had been reduced, making it easier for the NSA to discover the key using massive computing power.

However, the public reinvention of the technique known as differential cryptanalysis suggested that one of the changes (to the S-boxes) had actually been suggested to harden the algorithm against this -- then publicly unknown -- method of attack; differential cryptanalysis remained publicly unknown until it was independently reinvented and published some decades later. On the other hand the shortening of the cryptographic key from 128 bits, as recommended in IBM submission, to an effective key of only 56 bits in length, has been interpreted as an intentional weakening of the algorithm by the NSA, making possible an exhaustive search for the key by those with sufficient computer power and funding.

Because of concerns that widespread use of strong cryptography would hamper government use of wiretaps, the NSA proposed the concept of key escrow in 1993 and introduced the Clipper chip that would offer stronger protection than DES but would allow access to encrypted data by authorized law enforcement officials. The proposal was strongly opposed and went nowhere.

Possibly because of previous controversy, the involvement of NSA in the selection of a successor to DES, the Advanced Encryption Standard (AES), was limited to hardware performance testing (see AES competition).

NSA was a major player in the debates of the 1990s regarding the export of cryptography. Cryptographic software and hardware had long been classed with fighter planes, tanks, cannons, and atomic bombs as controllable munitions. Restrictions on export were reduced but not eliminated in 1996.

The NSA/CSS has, at times, attempted to restrict the publication of academic research into cryptography; for example, the Khufu and Khafre block ciphers.


Yea, you're right, it's unbreakable by the NSA.....(as-fucking-if).

So, what do you guys think of Torpark, as it is the subject of this thread.?

It sure seems easier to use than spend 20 minutes findinga secure proxy that won't include an header forward.

A

My recommendation is for a Linksys SRX wireless G card.
It's the funky looking triple antenna dude.
I have one in my workstation and can pull in over 30 routers sitting right here....a little "aircrack" and I can hop on any one of them.....and hide my tracks (MAC spoofing anyone?).

How does one go about this MAC spoofing...further more how does one remain safe when browsing, posting, ect while using a neighborhood open router?

I'm going to look into that card as my built in totally sucks.

later
PL