[continued from previous message]   
      
   >and secure your Internet activity from Tor exit nodes because the   
   >connection between the exit node to the proxy is not encrypted, not   
   >one, but two parties may log and manipulate your clear traffic now. If   
   >you're using proxies in this way, you'll want to pay for them   
   >anonymously (cash in the mail [beware of your fingerprint and printer   
   >fingerprint], Liberty Reserve, well-laundered Bitcoin, etc) or use   
   >free proxies.   
   >One way to do that is proxychains. Another way would be to use a   
   >Transparent Proxy and then either proxify (set proxy settings) or   
   >socksify (use helper applications to force your application to use a   
   >proxy) the programs you want to chain inside your Transparent Proxy   
   >client machine.   
   >You -> X -> Tor -> X   
   >No research whether this is technically possible. Remember that this   
   >is likely a very poor plan because [#You-Tor-X you -> Tor -> X] is   
   >already a really poor plan.   
   >You -> your own (local) VPN server -> Tor   
   >This is different from above. You do not have to pay a VPN provider   
   >here as you host your own local VPN server. This won't protect you   
   >from your ISP of seeing you connect to Tor and this also won't   
   >protect you from spying Tor exit servers.   
   >This is done to enforce, that all your traffic routes through Tor   
   >without any leaks. Further read: TorVPN. If you want this, it may   
   >unnecessary to use VPN, a simple Tor-Gateway may be easier, for   
   >example Whonix.   
   >VPN/SSH Fingerprinting   
   >Using a VPN or SSH does not provide strong guarantees of hiding your   
   >the fact you are using Tor from your ISP. VPN's and SSH's are   
   >vulnerable to an attack called Website traffic fingerprinting ^1^. Very   
   >briefly, it's a passive eavesdropping attack, although the adversary   
   >only watches encrypted traffic from the VPN or SSH, the adversary can   
   >still guess what website is being visited, because all websites have   
   >specific traffic patterns. The content of the transmission is still   
   >hidden, but to which website one connects to isn't secret anymore.   
   >There are multiple research papers on that topic. ^2^ Once the premise   
   >is accepted, that VPN's and SSH's can leak which website one is   
   >visiting with a high accuracy, it's not difficult to imagine, that   
   >also encrypted Tor traffic hidden by a VPN's or SSH's could be   
   >classified. There are no research papers on that topic.   
   >What about Proxy Fingerprinting? It has been said above already, that   
   >connections to proxies are not encrypted, therefore this attack isn't   
   >even required against proxies, since proxies can not hide the fact,   
   >you're using Tor anyway.   
   >,, ^1^ See Tor Browser Design for a general definition and   
   >introduction into Website traffic fingerprinting.   
   >^2^ See slides for Touching from a Distance: Website Fingerprinting   
   >Attacks and Defenses. There is also a research paper from those   
   >authors. Unfortunately, it's not free. However, you can find free ones   
   >using search engines. Good search terms include "Website Fingerprinting   
   >VPN". You'll find multiple research papers on that topic.   
   [end quote; see also: https://www.danner-net.de/omom/tutorwme.htm]   
      
   Tor Browser 13.5.4 (2024-9-17):   
   https://blog.torproject.org/new-release-tor-browser-1354/   
   >New Release: Tor Browser 13.5.4   
   >by morgan | September 17, 2024   
   >Tor Browser 13.5.4 is now available from the Tor Browser download page   
   >https://www.torproject.org/download/   
   >and also from our distribution directory.   
   >https://www.torproject.org/dist/torbrowser/13.5.4/   
   >This version includes important security updates to Firefox.   
   >Send us your feedback   
   >If you find a bug or have a suggestion for how we could improve this   
   >release, please let us know.   
   >Full changelog   
   >The full changelog since Tor Browser 13.5.3 is:   
   >*All Platforms   
   >  Updated NoScript to 11.4.37   
   >  Updated OpenSSL to 3.0.15   
   >*Windows + macOS + Linux   
   >  Bug tor-browser#41835: Review default search engine options   
   >*Android   
   >  Bug tor-browser#43124: Implement a migration procedure for Android   
   >  Bug tor-browser#43145: Backport Android security fix from 130.0.1   
   >*Build System   
   >  All Platforms   
   >   Bug tor-browser-build#41229: Migrate OpenSSL download location to   
   >   github releases   
   >  macOS   
   >   Bug tor-browser-build#41231: Use var/browser_release_date in tools/   
   >   signing/gatekeeper-bundling.sh   
   [end quote]   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)