Re: Are There Any Web Based Remailers Left?

Sheik Yurbhuti <sheikyurbhuti@xxxxxxxxxxx> wrote in
news:0TZXBBMZ38872.1790856481@xxxxxxxxxxxxxxxx:

I am not saying that *,*,*,someproxy is more secure than *,*,*,*.
Rather I am saying that *,*,*,someproxy is no weaker than *,*,*.

And that is precisely where your error lies. It certainly *is* weaker,
all other things being equal. You will repeatedly appear to come from
"someproxy" at any given site, as well as across multiple sites. This
partitions you while allowing Tor to select rotating exit nodes and
using them to connect to various sites, or even the same site
repeatedly, will not.


Once again with feeling: There is NOTHING preventing you from changing
the last hop proxy as often as you wish.


(And BTW *,*,*,* is not available for Tor.)

Useless quibbling.


No, it's not quibbling: my method of a well-applied four-hop proxy (3 Tor
plus 1) is stronger (and certainly not weaker) than a well-applied three-
hop proxy (3 Tor). And 4 hops cannot be achieved with Tor.


And, just for the record, many proxies are anonymous
(header-stripping) and some are encrypted (https - not as many as I
would like, but some).

Header stripping is not anonymity. These proxies add nothing to your
anonymity. They're easily compromised, or possibly compromised from the
beginning.


No one said header stripping was anonymity - that's your strawman. But a
end-hop proxy that does not support REMOTE_ADDR or HTTP_FORWARDED_FOR
does add considerable strength. One that supports https as well is even
better. And you won't find my end proxies in Tor's directories!

So, if the end proxy is compromised or transparent I am only effectively
reduced back to standard three-hop Tor; if not, my method is stronger.
Either way it's not weaker.


Where do you get this "same exit [proxy] all the time" ***? I have
repeatedly said - and described how! - it can be changed as often as
desired.

That was your "rewrite" after being pressed on your original advice.


There's no rewrite. I have not said one shouldn't rotate proxies. Don't
lay your inattention or incomprehension at my door.


You've also conveniently avoided describing how frequently you rotate
proxies, and from what size pool of proxies. Which is of course because
you'd either have to admit your method was marginally less secure than
using Tor alone, or admit that you realize you have to "duplicate"
Tor's exit proxy policy to reattain that level of anonymity.


I don't have to duplicate Tor's proxies for the end proxy. Any proxy
will do. Some add minimal strength, others add quite a bit of strength.
None detract from strength.


At which point we're back to proxies being non-anonymous by nature, and
the fact that they add nothing at all to your anonymity in any case. :)


Proxies are not non-anonymous by nature. Even when used alone, they
provide varying degrees of protection ranging from nearly none to fairly
good (depending on the adversary/threat model and the features of the
proxy). Added on to a Tor chain they can add considerable value.

Wanna go round again?

Regards,

.