GMAIL and TOR, what the heck!!! GMAIL finds my IP :-((

August 16, 2010

Hey Fellas,

Lately, I was checking all my Privacy filters and Firewalls and IDS, and when i checked on my Tor and Vidalia, guess what?

GMAIL was showing up my real IP, from my ISP, and not the one which i was spoofing, however, when i checked @ whatismyip they showed the one which was spoofed using Tor>>

so, guess what, Google is really upto something fishy?

why the hell on earth they would step ahead and extract your private info, other than for legal purposes.

I know it is possible to get this information in java/ JS

now, There are two ways java/javascript can be used to get your IP:
1. your IP is read from a variable, then it is transmitted to the
server,
2. a connection is made back to the server (royally ignoring your proxy
settings) and this allows the server to read your IP (gateway).

Method 1 is quite natural and is bound to be used by conventional web
sites. Method 2 is more tricky and a web site making this could be
blamed because ignoring the proxy settings of the browser isn’t
right.

A way to avoid that your IP is revealed through Method 1 is to stay
behind a NAT router: in this case what is read from the variable is
your internal address, which is worthless.

Against Method 2 one can identify the outgoing traffic and block it,
but this breaks the workflow of the application.

so, the best way is to avoid using such services  :-DD

Need all your comments.

Thanks

Nitin Kushwaha

CHFI.CEH.SCSCA.CIW-SA.MCSE.MCSA.MCP.ITIL

Advertisement