[AktiviX-discuss] Practical Security Advice for Campaigns and Activists

[Zak]

Max Gastone wrote:

> Proxies are useful in some situations, but I think they are often
> over-estimated as a tool. Something worth nothing though is that many
> of the bigger ISPs have their own proxies which you can use.

But I suspect most of these proxies retain logs of all activity through
them.
Squid, in its default configuration, will log which IP requested which
URL at what time. This includes the content of any GET form submissions,
although not POST submissions.

> Tor looks quite interesting and sounds like it is adapting some of
> the interesting parts of Publius and P2P, but unless it too is
> encrypted right from the client end then it to will not protect
> against a direct line tap.

It is -- Tor is basically the TCP/IP-level equivalent of anonymous
remailers. The only unencrypted communication is that from the exit node
to the real server (if the URL is not https://). Of course, this opens
up the risk of a dodgy exit node manipulating your session in malicious
ways... (anyone can set up an exit node, whereas for normal internet
traffic, there are specific routers you would have to compromise to do
this). https-over-Tor is a very nice way of browsing though, if you can
put up with the speed penalty. Of course it won't protect you against
keyloggers or other spy devices/software on your own computer...

Z