[Nottingham] Web browsing through SSH tunnel

[Jim Moore]

Danny King wrote:
> Hello,
>
> If I'm running a web proxy that uses a SSH tunnel from localhost to a
> computer somewhere else on the Internet, can my network overlords spy
> on me? Can anyone else spy on me? Could a local user on localhost spy
> on me?
>
> (I have firefox set to get dns queries to use the proxy too).
>
> I followed instructions from
> https://calomel.org/firefox_ssh_proxy.html if anyone is interested.
>
> Disclaimer: I'm not being evil, just value my privacy. I'm reading 1984.
>
> Also, has anyone heard of the Bradford Dissolvable Agent? It's a bash
> script I had to run to gain access to my university network but I'm
> not sure what it does (and I don't like the way it deletes itself
> after running)
>
> Thanks!
>
>   
All an encrypted tunnel tells an eavesdropper is that there is traffic, 
not the content thereof. If the eavesdropper is anything to do with 
local law enforcement or national security, this activity could be all 
the excuse they need to impound your equipment and even yourself for 
further investigation. Indefinitely.

A Bradford Dissolvable Agent, or BDA, is a policy compliance test client 
that a lot of academic networks require users to run on their own 
equipment before allowing access to the network. It is designed to run 
then delete itself, leaving behind a cookie (or even a unique hash) that 
tells the network on connection and DHCP query, that the client system 
has already run and met the conditions of the BDA compliance test. If 
that cookie is not present, then the client system is denied access and 
the user directed to run the BDA again. This is common on LAN situations 
(moreso on clusters since it'd do no good for an outside machine to 
access the network and make the whole damn lot fall over - I've had it 
happen and it ain't pretty, so now I use a BDA on all the nodes), and 
would be a good policy for a small ISP to use since it locks a client 
account to a single machine.

Cheers,

TLP