Anonymous Google Earth over Tor

I'm probably not the first one to notice this, but you can actually use Google Earth anonymously (upon first glance at least) over Tor. It seems all the traffic (downloads of maps and textures etc.) goes over port 80 (http) and 443 (https), which can easily be anonymized with Tor (read an older post of mine for details on Tor).

Just type

export http_proxy=http://127.0.0.1:8118/
export HTTP_PROXY=http://127.0.0.1:8118/

and set up Privoxy and Tor correctly, then start Google Earth in the same xterm and you're done. I haven't looked closely at the protocol Google Earth uses (any articles available on that?) but upon a quick glance in Ethereal / Wireshark all traffic is torified, not even DNS requests are leaked. Technical explanation: the Google Earth binary uses libcurl internally, which honors the http_proxy environment variable.

However, that's not a guarantee that you're 100% anonymous, as Goole Earth could send some unique identifier (e.g. MAC address, hard drive ID etc.) to their servers which would spoil your anonymity.

Btw, I actually discovered this accidentally because I have the above HTTP_PROXY lines in my .bashrc, so most of my HTTP traffic is anonymized by default...

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Type Where?

Just type export http_proxy=http://127.0.0.1:8118/

Type???? Where

rolf.krohna@gmail.com

http_proxy

On your linux console/shell/xterm.

proxychains googleearth

I launch and use it successfuly through proxychains 3.1 on Ubuntu 8.10: changed command to "proxychains googleearth" under shortcut settings of shortcut to Google Earth.
ProxyChains was configured to let GE out thru Tor directly (SOCKS5 127.0.0.1:9050) without additional proxy like privoxy or polipo. No DNS leaks, cool. Only drawback is approximately x2 slowdown (half of normal GE speed) of detailing/drawing map.

DNS problem...

After conversation with people on tor's irc channel and examining tor's logs, it seems proxychains does dns resolution outside of tor's network. For details and consequences of this see https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#SOCKSAndDNS

Workaround

To workaround this ProxyChains' DNS problem i set up Tor to intercept DNS queries system-wide and resolve them through Tor's network :

1) added "DNSPort 53" without quotes as a new line to torcc (config file of Tor);

2) changed my current network connection's settings with the help of WICD to add "127.0.0.1" without quotes as a static DNS server. This also probably can be done with the help of Network Manager, but on my box Network Manager was resetting "127.0.0.1" to "192.168.1.1" after every reboot;
OR this can be done by editing /etc/resolv.conf to add/change line "nameserver 127.0.0.1" without quotes on systems without GUI network config tool.

Now GE can be launched safely by executing "proxychains googleearth".

P.S.: by the way, system-wide DNS' interception by Tor is useful not only for GE, but for other apps that are configured to go out through Tor on socks4/socks5 127.0.0.1:9050 --you simply don't bother if these apps use safe DNS connections or unsafe because in any case DNS queries won't be leaked (to ISP).

DNS

Hm, that may be a solution in some situations, but be careful with that. You usually do not want all traffic (not even all of DNS) to go through Tor. Putting random traffic into Tor which may contain identifying personal information, passwords and so on will not only leak those details (unless you additionally encrypt etc.) but will also spoil your anonymity. Even from DNS queries I think it may be feasible to deduct who you are if you really route all DNS requests over Tor.

E.g. if you resolve a login.somebank.com, then someuser.someshop.com, and some other names which may give hints about you, over time an attacker may well be able to determine who you are just from the list of names you want to resolve.

Uwe.

Re:DNS

I guess you are right about possible consequences of using such setup. Thanks for sharing your opinion. I haven's thought about it from this point of view.
Hopefully (I'm pretty sure it's so) DNS connections don't pass any identifying personal information like passwords to Tor's exit nodes which would be very bad. Currently my main concern is to hide DNS connections from ISP. This is more practical goal for me now than preventing a potential attacker on Tor's exit node from identifying who i am.

working with IE too...

Actually this trick works too in windows, as googleearth use the
proxy settings from internet explorer.
I had to use it to bypass it's censorship by my country's ISP (in Morocco).

Is this different than going

Is this different than going to google's website while torbutton is enabled?

Google.com vs. Google Earth

Well, yes, because it's about anonymizing (hopefully, at least) Google Earth usage, not google.com searches.

Uwe.