Namecoin Forum

The first secure, decentralized, human-meaningful naming system.
https://forum.namecoin.org/

tor, i2p, .bit and opennic portable suite

https://forum.namecoin.org/viewtopic.php?f=9&t=1291

Page 1 of 1

tor, i2p, .bit and opennic portable suite

Posted: Mon Oct 14, 2013 10:35 am
by virtual_master
An interesting bundle, I saw it on reddit
http://www.reddit.com/r/onions/comments ... t_opennic/

Re: tor, i2p, .bit and opennic portable suite

Posted: Mon Oct 14, 2013 12:46 pm
by phelix
+1

Re: tor, i2p, .bit and opennic portable suite

Posted: Mon Oct 14, 2013 7:08 pm
by biolizard89
virtual_master wrote:An interesting bundle, I saw it on reddit
http://www.reddit.com/r/onions/comments ... t_opennic/
This looks extremely dangerous. Here's the source code:

Code: Select all

//PAC file by AyrA for various projects
//Get your own at https://ayra.ch/PAC

function FindProxyForURL(url, host)
{
		//I2P does not supports socks for some reason, even since SOCKS V5 has DNS support.
	var I2P="PROXY home.ayra.ch:4444";
		//Public TOR Proxy
		//1067 is used by AyrA. Hey it's my PAC file!
	var TOR="PROXY home.ayra.ch:1067";
		//Alternative Proxy for .bit Names
	var ALT="PROXY home.ayra.ch:9876";
		//Direct connection without a proxy
	var DIR="DIRECT";
	
	//Redirect .I2P to I2P proxy
	if (shExpMatch(host,"*.i2p"))
	{
		return I2P;
	}

	//Redirect .onion to TOR proxy
	if (shExpMatch(host,"*.onion"))
	{
		return TOR;
	}

	//Redirect .bit and OpenNIC to ALT-DNS proxy
	if (
		shExpMatch(host,"*.bit") ||
		shExpMatch(host,"*.bbs") ||
		shExpMatch(host,"*.dyn") ||
		shExpMatch(host,"*.free") ||
		shExpMatch(host,"*.fur") ||
		shExpMatch(host,"*.geek") ||
		shExpMatch(host,"*.gopher") ||
		shExpMatch(host,"*.glue") ||
		shExpMatch(host,"*.indy") ||
		shExpMatch(host,"*.ing") ||
		shExpMatch(host,"*.micro") ||
		shExpMatch(host,"*.neo") ||
		shExpMatch(host,"*.null") ||
		shExpMatch(host,"*.oss") ||
		shExpMatch(host,"*.oz") ||
		shExpMatch(host,"*.parody") ||
		shExpMatch(host,"*.pirate"))
	{
		return ALT;
	}

	//Route everything directly
	return DIR;
}
It's routing all your Tor/I2P/Namecoin/OpenNIC traffic through an unencrypted, non-private proxy run by the author of this bundle. There is no way to know what this proxy is doing with your data. All security/privacy advantages of Tor/I2P/Namecoin are useless with this bundle, and in fact this is worse than clearnet in terms of security/privacy (because the author's proxy can see all your data and hijack it at will).

I would strongly recommend avoiding this bundle.

Re: tor, i2p, .bit and opennic portable suite

Posted: Tue Oct 15, 2013 10:03 am
by phelix
biolizard89 wrote:
virtual_master wrote:An interesting bundle, I saw it on reddit
http://www.reddit.com/r/onions/comments ... t_opennic/
This looks extremely dangerous. Here's the source code:

...

It's routing all your Tor/I2P/Namecoin/OpenNIC traffic through an unencrypted, non-private proxy run by the author of this bundle. There is no way to know what this proxy is doing with your data. All security/privacy advantages of Tor/I2P/Namecoin are useless with this bundle, and in fact this is worse than clearnet in terms of security/privacy (because the author's proxy can see all your data and hijack it at will).

I would strongly recommend avoiding this bundle.
Thanks for the heads up!

Re: tor, i2p, .bit and opennic portable suite

Posted: Tue Oct 15, 2013 10:21 am
by virtual_master
Thank you for analyzing it.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited