Tor & application-firewall support
john.r.moser at gmail.com
Tue Apr 24 13:03:19 UTC 2012
On 04/24/2012 08:49 AM, Paul Campbell wrote:
> There's been some discussion on this mailing list about
> application-firewalls, and I wanted to say a word about Ubuntu's
> inability to filter internet connections at the application-level.
It's doable, just not pretty.
> I work as a freelance journalist. On many occasions I recommend the use
> of Tor to sources in middle eastern and southeast Asian countries. For
> their own safety, they need an anonymous way to upload things to the
> internet and in general to communicate online.
Immediately assuming you've got the technical profile of a ZDNet columnist.
> When needing to use Tor, the source will activate the firewall
> software's user-created "Tor Profile" and then start a Tor browsing
> session. When finished browsing, the source will close Tor and change
> the firewall settings from the "Tor Profile" back to the default profile
> which in general allows all applications to connect to the internet.
> This setup ensures that no other applications "accidentally" connect to
> the internet during an active Tor session and "reveal" the source's true
> IP address.
A connection from your IP address doesn't "reveal" your source address.
The source address from your computer is stamped on every TOR packet:
it's possible to determine that you're using TOR, regardless.
Blocking other connections unrelated to TOR won't hide what you're doing
under TOR; and having other connections (say to your e-mail, IRC, P2P,
non-sensitive Web sites, etc.) doesn't jeopardize the secrecy of your
Aside, has anyone considered that actively aiding a sovereign nation's
population in accessing materials restricted from the general
population's view is an active attack on that nation's procedurally
declared national security, and a direct act of war? Not defending
tyranny, just saying: you are committing an act of war. If we have
extradition treaties with these people, it's perfectly reasonable for
you to be arrested and shipped over there; and if our government refuses
to do so, then the logical response in kind is for them to start bombing
Some things are worth getting bloody for, and some things carry the
implications but in practice those implications never pan out. You
probably won't get extradited and nobody is going to start lobbing nukes
just because of people helping crack the Great Arab Firewall. They
could though; it's actually a reasonable response.
> Paul Campbell
More information about the Ubuntu-devel-discuss