Tor and Java

Tor protects my IP address, it doesn't "clean up" the data that I send
over it (and nor should it, I guess). Unfortunately, the browser can
access my "system properties" and my host address through Java and
Javascript. I don't particularly care about things like my OS type and
CPU and screen resolution, but I _do_ want to keep my originating IP
address private -- that's why I'm using Tor in the first place.

Is there some way of "cloaking" my ip address at my machine? Can I
create an ethernet alias and have Java only see 192.168.01 or something
like that?

I know you guys like to see a "legitimate purpose" for something; I
think protecting my privacy when I'm legitimately about my business is
legitimate enough.
--
P_J

Re: Tor and Java

Prester Jacques wrote:
[Tor and Java]
> Is there some way of "cloaking" my ip address at my machine?

I don't know one beside using NAT and a local address on the machine
running Java.

Yours,
VB.
--
"If you want to play with a piece of windows software that makes you
click all over the place, there's always minesweeper."

Kyle Stedman about "Personal Firewalls" in c.s.f

Re: Tor and Java

Prester Jacques sez:
....
> Is there some way of "cloaking" my ip address at my machine? Can I
> create an ethernet alias and have Java only see 192.168.01 or something
> like that?

You can rewrite source IP address in all outgoing packets, it
isn't that hard. The side effect is that replies will not get
to your computer. (I'd suggest rewriting it to 192.168.0.1 --
this way your packets will not make it past the nearest router
and save the rest of us a bit of bandwidth.)

HTH
Dima
--
Well, lusers are technically human. -- Red Drag Diva

Re: Tor and Java

Prester Jacques wrote:
> Tor protects my IP address, it doesn't "clean up" the data that I send
> over it (and nor should it, I guess). Unfortunately, the browser can
> access my "system properties" and my host address through Java and
> Javascript. I don't particularly care about things like my OS type and
> CPU and screen resolution, but I _do_ want to keep my originating IP
> address private -- that's why I'm using Tor in the first place.
>
> Is there some way of "cloaking" my ip address at my machine? Can I
> create an ethernet alias and have Java only see 192.168.01 or something
> like that?

Why don't you simply disable Java?

> I know you guys like to see a "legitimate purpose" for something; I
> think protecting my privacy when I'm legitimately about my business is
> legitimate enough.

I know something about your private address anyway: It's a private one.
Damn, who cares?

Re: Tor and Java

Sebastian Gottschalk wrote:
> Why don't you simply disable Java?

Because it's sometimes useful.

Yours,
VB.
--
"If you want to play with a piece of windows software that makes you
click all over the place, there's always minesweeper."

Kyle Stedman about "Personal Firewalls" in c.s.f

Re: Tor and Java

Volker Birk wrote:
> Sebastian Gottschalk wrote:
>> Why don't you simply disable Java?
>
> Because it's sometimes useful.

That's why whitelisting exists.

Anyway, any Java or JavaScript will permit session and client tracking,
not matter if you disallow access to the (private) IP address as one of
many identification values.