Thread: Network-Parents can watch meh

Originally Posted by Ynot

think of it like SSL encryption for secure websites
Can your ISP view credit card info when you buy something online? no.

True, but that's a secure system. The public key cartography system is really good.

Most websites/downloads don't go through the hassle of SSL encryption. If you're using Limewire, the ISP can see and log whatever you're downloading. They most likely aren't, unless you are on the terrorist watch list (have an arab sounding name, are a registered democrat, or a legitimate terrorist)

Oh. so private trackers are ok to be on.
its not like I download popular music.
Or that I even download, I just wanted to know.
I think I will do this then.
Is there a way to do it free?

Originally Posted by ninja9578

Most websites/downloads don't go through the hassle of SSL encryption. If you're using Limewire, the ISP can see and log whatever you're downloading.

Exactly,
which is why you setup your own encrypted proxy

instructions assume Debian based linux distro (inc. Ubuntu)

1) Personal Proxy Server

Rent a shell account on a server somewhere (can be in another country if you're really paranoid)

Most good server renting companies will offer fixed bandwidth tiers, with unlimited usage
Eg. http://www.positive-internet.com/zhosting.html
that's £10 / month
(you can team up with a few people to cut the cost further)

just as an example, lets say your rented server is located at
server123.rent-a-shell.com
and you can log onto it, using username tony

Code:

ssh [email protected]

will ssh into your server


2) Port Forwarding

Lets forward outgoing traffic, from your machine, on port 3333 to your new server

Code:

ssh -ND 3333 [email protected]

put this in with the other startup scripts in /etc/init.d/
so it'll execute automatically when you log in

Just for clarity,
all connections made on your machine to port 3333 will be piped (fully encrypted) via SSH to the server
The server will then "execute" the communication, and pipe back (fully encrypted) via SSH the responses to your machine


3a) Using the proxy

Most network-centric apps have native support for proxies
web browsers do, as do most good email clients and torrent clients

edit your global network settings, and specify a socks5 proxy
proxy address: localhost:3333

(remember, all traffic that hits your machine on port 3333 will be piped through to the server)

Don't alter per-app settings
edit your global system wide network settings
now all apps that support proxying will proxy


3b) Using the proxy (part 2)

however, some apps have no native support for proxying
this is where a wrapper library is needed

Install tsocks

Code:

sudo apt-get install tsocks

tsocks is a transparent network forwarder
(similar in operation to wine, or pulseaudio in how it overloads core OS functions)

configure tsocks to forward all connections to localhost:3333

Code:

sudo gedit /etc/tsocks.conf

alter tsocks config to match

Code:

server = localhost
server_port = 3333

To proxy through the server with an app that doesn't natively support proxying, call the app with the tsocks library

Code:

tsocks application

as I said, similar to wine or pulseaudio in the way it intercepts raw system calls

Code:

wine application

Visual Example:

You have setup everything as above

What the end-user experiences

- In firefox, you navigate to www.dodgy-website.com
- Dodgy website loads in your browser

from the end-users perspective, it's no different than having a direct connection to the website

What actually happens

You


- Firefox proxy's the request to localhost:3333

- localhost:3333 is tunneled via SSH to your rented shell account - Red line

- Server "reads" network request and acts on it (server sends request to retrieve html page from www.dodgy-website.com) - Green line

- Dodgy website sends html page to server - Green line

- Server sends back retrieved communication, via SSH to your machine - Red line

- Dodgy website loads in your browser

Why can't people just use Windows? Takes 3 seconds to setup a VPN on there.

this isn't a VPN....
this is tunnelling all TCP connections through SSH

VPN is completely overkill for just anonymous network traffic for one user

VPN, as I said, shines when you have a number of satellite offices needing shared resources (file, print, intranet, IM servers) using the internet for physical connections

tunneling through SSH is just a bit cheaper than a VPN

This is £10 / month
you post costings for a VPN setup

*edit*
plus, to setup a client on an existing VPN network indeed "takes 3 seconds"
but have you ever setup the actual VPN server?
I'm guessing not
LDAP & Kerberos are pains in the arse to setup, and extremely time consuming and fiddly to do right

I posted in here I thought.
I said Thanks Ynot you are a god!!!!!! lol.
I will do this when I get some money on paypal.
Also, is there a free way of doing this?
Like this
http://ubuntuforums.org/showthread.php?t=827506
would changing my IP work also? But I would have to change it like everyday right?
Are there any programs in the package maniger that would do this Ynot?

I don't see what changing your IP would do in your case

from looking at the blurb for that program, I think this is for people hopping between home & work with a laptop, and having to manually change configs depending on where they are
(but this is what DHCP is for)

*edit*
as for a free way,

you need to separate yourself from your dad, network-wise
You need access to a 3rd party machine to proxy things through that your dad cannot access (or monitor)
this means paying for an external host
I don't see any other way to do it

Ok, thanks for the help Ynot, I will end up doing what you suggested.
Would using this be easier?
www.relakks.com
Then I wouldn't have to worry about commands would I?
And what is the deal with VPN?