Comments on: paranoid browsing with squid http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/ code is freedom -- patching my itch Wed, 09 Jul 2008 11:18:30 +0000 http://wordpress.org/?v=2.1.3 By: Oppressed http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/#comment-564 Oppressed Thu, 12 Jul 2007 01:56:14 +0000 http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/#comment-564 Thank you, thank you. This is awesome. This is also necessary in oppressive nations where they fiddle with DNS servers to block certain content (that is, using SSH SOCKS with local DNS is useless because the DNS lookup itself cannot be trusted). I'm not going to say where this is, but let's just say they are hosting the 2008 Olympics. Thank you, thank you. This is awesome. This is also necessary in oppressive nations where they fiddle with DNS servers to block certain content (that is, using SSH SOCKS with local DNS is useless because the DNS lookup itself cannot be trusted). I’m not going to say where this is, but let’s just say they are hosting the 2008 Olympics.

]]> By: SB http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/#comment-573 SB Tue, 27 Nov 2007 19:05:40 +0000 http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/#comment-573 I've been using IPCop and its SSH and Squid to surf through. I am not picking up and DNS 'leaks' with a packet sniffer either. However, I would like to know if you could tell me: A: When my port forwarded traffic goes to localhost:9999 then gets forwarded through the shell to Squid on port 800, does Squid not handle all the DNS? B: if I use -D in my plink.exe batch file, I am able to use Socks in FF, but otherwise, I'm using an http proxy. Is one method preferred over another? My overall concern is unfiltered access to sites I need but also privacy. I don't want anyone snooping on my DNS. I'm looking at IronKey and other Tor on a stick ideas and am wondering if you have any other suggestions. I'd like to be anonymous, so my ISP isn't watching all I do either. Thanks. I’ve been using IPCop and its SSH and Squid to surf through. I am not picking up and DNS ‘leaks’ with a packet sniffer either. However, I would like to know if you could tell me:
A: When my port forwarded traffic goes to localhost:9999 then gets forwarded through the shell to Squid on port 800, does Squid not handle all the DNS?
B: if I use -D in my plink.exe batch file, I am able to use Socks in FF, but otherwise, I’m using an http proxy. Is one method preferred over another?

My overall concern is unfiltered access to sites I need but also privacy. I don’t want anyone snooping on my DNS.

I’m looking at IronKey and other Tor on a stick ideas and am wondering if you have any other suggestions. I’d like to be anonymous, so my ISP isn’t watching all I do either. Thanks.

]]> By: KC http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/#comment-574 KC Mon, 03 Dec 2007 20:00:50 +0000 http://www.outflux.net/blog/archives/2006/12/07/paranoid-browsing-with-squid/#comment-574 (In response to SB's post above) Answer to Question A: In this situation, Squid is performing the DNS lookups for you. Your computer would resolve 'localhost' without a DNS lookup, data for your HTTP traffic is sent over the port forwarding tunnel created by SSH and Squid will attempt to fulfill your HTTP requests by performing its own DNS lookups originating from its location. Answer to Question B: Both methods accomplish the same amount of encryption and "hiding", assuming you've configured Firefox like the article says (by going to about:config). With Squid, you would have an added layer of caching which may or may not be useful. In an asymmetric Internet connection like consumer-grade cable or DSL, the caching is of no practical use because download bandwidth is so much more than upload bandwidth. (In response to SB’s post above)

Answer to Question A: In this situation, Squid is performing the DNS lookups for you. Your computer would resolve ‘localhost’ without a DNS lookup, data for your HTTP traffic is sent over the port forwarding tunnel created by SSH and Squid will attempt to fulfill your HTTP requests by performing its own DNS lookups originating from its location.

Answer to Question B: Both methods accomplish the same amount of encryption and “hiding”, assuming you’ve configured Firefox like the article says (by going to about:config). With Squid, you would have an added layer of caching which may or may not be useful. In an asymmetric Internet connection like consumer-grade cable or DSL, the caching is of no practical use because download bandwidth is so much more than upload bandwidth.

]]>