[jamuir at scs.carleton.ca: [Geowanking] IP geolocation]

[coderman]

On 4/21/06, Eugen Leitl <eugen at leitl.org> wrote:
> ... As a side-result, in exploring the use of proxy
> servers as an evasionary tactic, to our surprise we found that we were
> able to extract an end-client IP address even for a browser protected by
> Tor/Privoxy (designed to anonymize browsing), provided Java is enabled.

i believe you can do this with flash as well, and javascript should
probably be disabled for good measure along with any other active
scripting.

browsers are a horrible interface from a security and privacy
perspective.  i've actually toyed with using lynx/links as requesting
agent saving to text with a caching proxy to constrain the various
info leakage holes that might be exploited in a browser used for
anonymous surfing. (got distracted by other tasks before getting it
into a usable state)

i'd be curious to know how various people / projects are attacking
this kind of leakage.