I will describe a setup which allows you to run your browser traffic through an encrypted tunnel. And using Firefox, even your DNS lookups will use that tunnel instead of talking to the local (possibly monitored) DNS server. There is one catch: you have to have a shell account on a remote SSH server.

This article uses a less-known feature of OpenSSH which is that the ssh client can create a SOCKS proxy.

Suppose you have a shell account “alien” on a remote server “safehaven.net”. Using ssh you can quickly setup a local SOCKS proxy using the following command (assuming you are running this command as non-root, you can only make your SOCKS proxy listen on non-privileged ports – anything higher than port 1024 is unprivileged):

$ ssh -D 8888 alien@safehaven.net

Once your ssh client connects to that remote server, your local computer’s port 8888 will now act as a SOCKS proxy which enables encrypted traffic to the Internet for all applications that can use SOCKS proxies.

You then configure Firefox to use a SOCKS proxy; the proxy’s hostname will be “127.0.0.1” and the port is of course “8888“.

This is enough to hide your browsing (the URLs you access as well as the data you retrieve in your browser) from any 3rd party. But… your computer is still consulting a local DNS server for the hostname lookups. Anyone can still sniff that traffic and guess what you are doing. Even if your computer uses one of the many “free” DNS services on the Internet (like Google’s public DNS addresses 8.8.8.8 and 8.8.4.4), your DNS lookups can possibly be monitored on the local network.

So, there is one more setting in Firefox which you have to to change in order to alter its DNS lookup behaviour. In your Firefox entry bar, type “about:config” which will show the low-level configuration options for the browser, most of which are not accessible through its “normal” GUI. Look for the entry:

network.proxy.socks_remote_dns

which will have the value of “false” by default. Change its value to “true” by double-clicking it. From then on, Firefox will use the DNS server at the remote end of the SOCKS proxy instead of the locally configured DNS server, thereby effectively hiding your browsing from anyone. If you happen to be in a situation where  you know that DNS lookups are being filtered or spoofed, this is your secure way out of this ugliness.

Eric

Is your head in the clouds yet?

For years now, I have been waiting for Google’s promise of free online storage, called the “GDrive“. In the meantime Google (and it’s competitors) have made it much easier to store your data online in various ways (look at Picasa Web Albums, Google Docs, Gmail etc), but that is not quite the same.

With the current expansion of “cloud computing” -  yet another small step toward the Matrix becoming reality – it was just a matter of time to see new free cloud services emerging.

One of those cloud services made a click in my brain the moment I saw it. Dropbox gives you a free 2.5 GB of online “cloud” storage. As if this is not enough, the Dropbox folks increase your storage limit with 250MB increments – also for free – when you go through the Dropbox tutorial, and/or invide your friends to use the service as well. You can buy even more storage , if you need it.

What exactly does it do? Well, think of it as a two interconnected “boxes”, one on your own computer and the other on the Internet, in which you store your files. In fact, the manifestation of that “dropbox” is just a directory on your local computer. Everything in the local Dropbox is immediately synchronized with the server’s Dropbox. It is a real-time backup facility! Beware of modifying large files though – because any change to a file inside the Dropbox triggers it’s upload to the server. That will eat your bandwidth if the file would be hundreds of megabytes in size.

By installing Dropbox on another computer using the same account, you are able to access your online backup there as well. The Dropbox on the other computer will be synchronized with the server – i.e. all files on the server will be downloaded to that computer. Dropbox is intelligent enough to allow multiple people using the same Dropbox at the same time! If more than one person changes the same file (so that two versions of that file will be uploaded to  the server) you end up with all versions of the file being stored on the server with slightly changed filenames, nothing gets deleted. Bonus: the changed files that were uploaded to the server by the other person’s Dropbox, will find their way to your own local dropbox and vice versa. The synchronization works both ways.

I have been using Dropbox for a while now and it works very well for me. It is platform independent (clients for Linux, Windows and Mac are available).  It has built-in collaboration: you can share a directory in your Dropbox. When someone joins a shared folder, the folder appears inside their Dropbox, and syncs to their computers automatically. You can even make  files available to people who themselves have no dropbox account: one directory in your dropbox is considered “public”, and that is how it is named too. Every file in that directory is publicly accessible using a web browser.

In true alien tradition, I created a Slackware package which gives you the dropbox-client, a system tray applet. Depending on your DE, it will either start dolphin (in KDE4), or thunar (in XFCE), or whatever application is your default file manager when you click the applet’s icon. The first time this Dropbox client starts (from the system menu or by running /usr/bin/dropbox), you will be asked to fill in your account data and if you did not download the server component yourself, the client will proceed to download the binary closed-source dropbox server and install that to ~/.dropbox-dist/ (yes, the program lives in your homedirectory). Oh, I hear your “gulp!” but it is really basic stuff, and you will find it easy to setup.

If you do not care for a GUI because you run a server, you’re not left out in the cold. You can simply forget my package, and download the dropbox daemon yourself. There is a page on the Dropbox Wiki which explains the steps.

Enough talk! Get Dropbox at http://www.dropbox.com/ or even better, use my referral link https://www.dropbox.com/referrals/NTM2MTg1MzY5 to create your account. Using the referral gives you and me both an additional 250 MB of free online storage (up to a maximum of 8 GB bonus space).

And remember: backups are important! It can not be stressed enough. However, if you intend to save sensitive data in your dropbox, be sure to encrypt that first, for instance using KeePass or Truecrypt, both programs are cross-platform (Linux and Windows).

Take care,  Eric