GMAIL and TOR, what the heck!!! GMAIL finds my IP :-((

Hey Fellas,

Lately, I was checking all my Privacy filters and Firewalls and IDS, and when i checked on my Tor and Vidalia, guess what?

GMAIL was showing up my real IP, from my ISP, and not the one which i was spoofing, however, when i checked @ whatismyip they showed the one which was spoofed using Tor>>

so, guess what, Google is really upto something fishy?

why the hell on earth they would step ahead and extract your private info, other than for legal purposes.

I know it is possible to get this information in java/ JS

now, There are two ways java/javascript can be used to get your IP:
1. your IP is read from a variable, then it is transmitted to the
server,
2. a connection is made back to the server (royally ignoring your proxy
settings) and this allows the server to read your IP (gateway).

Method 1 is quite natural and is bound to be used by conventional web
sites. Method 2 is more tricky and a web site making this could be
blamed because ignoring the proxy settings of the browser isn’t
right.

A way to avoid that your IP is revealed through Method 1 is to stay
behind a NAT router: in this case what is read from the variable is
your internal address, which is worthless.

Against Method 2 one can identify the outgoing traffic and block it,
but this breaks the workflow of the application.

so, the best way is to avoid using such services  :-DD

Need all your comments.

Thanks

Nitin Kushwaha

CHFI.CEH.SCSCA.CIW-SA.MCSE.MCSA.MCP.ITIL

Categories: Basics, Browsers, ComputerForensics, DigitalForensics, Googled, Hot and Latest, IncidentResponse, MyOwn, Personal, Techno, Uncategorized | 2 Comments

Post navigation

2 thoughts on “GMAIL and TOR, what the heck!!! GMAIL finds my IP :-((

  1. ugottobekidding

    Is there an offshore email provider or proxy that google can’t glean your information from, legally or otherwise?

    Perhaps a lawsuit against google for stealing your info would work?

  2. kuroswami

    Well, disable JS/Java and Gmail won’t know your IP address. Their basic HTML interface works well enough.

    The real problem with Gmail is that they won’t let you create new account with JS disabled if you’re on Tor (at least that was the case for me).

    BTW, if you need all our comments, allow anonymous commenting, you can’t expect in this age for somebody to register just to leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: