Re: three privacy questions
- From: Dan Williams <dcbw redhat com>
- To: Matej Kovacic <matej kovacic owca info>
- Cc: networkmanager-list gnome org
- Subject: Re: three privacy questions
- Date: Fri, 19 Dec 2008 17:23:44 -0500
On Tue, 2008-12-16 at 12:43 +0100, Matej Kovacic wrote:
> Hi,
>
> I am new on the list, and I subscribed, because I have three questions.
>
> First is about VPN's.
>
> In VPN settings there is an option to automatically connect to VPN.
> However, this is not working, I have to connect to VPN manually, after I
> am connected to the internet.
Correct, this does not yet work. The approach we're going to take is to
somehow tie a VPN connection to a device connection, such that when the
device connection is activated, the VPN will be too.
> Second is about secure and insecure networks.
>
> It would be fine to have a special "security" option for all networks.
> If user marks network as secure, nothing really happens after s/he
> connects to that network.
>
> But if user marks network as not secure (or - does not mark it as
> secure), then immediatelly after computer is connected to the internet,
> VPN connection is established. If VPN connection cannot be established
> access to internet is blocked, and user warned about security. However,
> user should have an option to manually confirm s/he wants to use
> insecure network, but that would not be done automatically.
Could do, though remember that NetworkManager will never connect to a
wifi network you haven't specifically told it to connect to. What we
could do is use the notification bubbles to bring the insecurity of the
network to the user's attention. Further on, we'll make it possible for
administrators to disallow connections to insecure networks as well, via
PolicyKit.
> The same should happen when VPN connection drops. Now I am using VPN
> connection on a public WiFi and if VPN drops, there is fallback to
> insecure open Wifi. If I do not notice that, I am using insecure
> network, which is really bad...
If the VPN is tied to the device connection, the VPN would get
re-started automatically if that 'Connect automatically' option was
checked. I don't think there's yet a good way to block internet traffic
until the VPN is up (though some iptables magic might allow that, but it
would be tricky), but if we can't do that, some traffic could escape
outside the VPN while it was down. I don't think we should tear down
the *entire* connection, because it takes a long time to reconnect a
device connection in some cases. So the ideal solution here would be
iptables blockage of any traffic out of the device (except VPN traffic
of course) until the VPN was back up.
>
> Third is about anonymity.
>
> You probably know Tor project: http://www.torproject.org/. Tor is an
> anonimisation software, some kind of powerful network proxy.
>
> In order to be really anonymous, user must have appropriate netwokr
> settings. H. D. Moore developed interesting application (here:
> http://www.metasploit.com/data/decloak/) to test the true anonymity of
> the user. The problem is, that different applications use different
> network settings so it is possible to reveal true IP address of the user.
>
> So, would be possible to add anoymity feature in Network Manager.
> Sometnihg like "I want to use internet anoymously" switch, which will
> set all user's TCP connections to Tor network?
This could be done through a dispatcher script at the moment... I
assume this is just routing magic?
Dan
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]