On Thu, 2006-10-05 at 11:41, Alexander W. Janssen wrote: > OK, well, i checked that whistlersmother as well and got this picture: > http://cjoint.com/data/kfr4jmDAsY.htm
I've read or skimmed the entire thread which seems to have ended midday Thu, 10-5. Friday morning I clicked on a Cnet newsletter link: http://ct.cnet-ssa.cnet.com/clicks?t=13228073-17329da91d4282a70255804e6ba2f6d5-bf&s=5&fs=0 Tor was enabled in Firefox and I got a page almost identical to the one Alexander posted above, except it it had Cnet.com at the top. At some subsequent time I copied the URL into an open copy of Firefox, and got a somewhat similar page, except it had a variety of graphic content that made the page look much slicker. I wondered what was going on. Is Cnet blocking anonymous traffic? I tried a browser not using Tor, and got a normal Cnet page with the expected content. I then tried three other anonymizing services, The Cloak, Anonymouse, and HideMyAss with the same URL. All got the same correct result as the non Tor browser. While reading this thread, when I saw Alexander's screen capture, I realized that was just about what I'd seen Friday morning and tried Firefox with Tor again and saw the expected Cnet page. I've tried multiple times since, over a couple hours and each time got the right page. I am very skeptical of one of the hypotheses, that web hosting services are blocking Tor access. If a provider did this without an explicit policy and or informing their customers that this was part of their practices, they could easily be liable for any lost value for every hosted site that had any decrease in traffic as a result of such blocking. Second why would any hosting service care who visited its clients web sites? Who they want as visitors is and should be a matter of concern only to the sites' owners. A hosting service might assist a specific site in blocking some type of unwanted traffic, and charge the customer for the additional service. In the case of Cnet, they are a rather major Internet content provider and I expect they run their own servers. Regardless of who manages Cnet's servers, they are big enough they would expect full control over any policies that denied access to any visitor. A query from the right party to the right people at Cnet should answer conclusively whether or not Cnet has had any part in this. If so then it should be a Tor / EFF education matter and if not, then some other theory needs to be considered. After writing this, I think it makes no sense at all. If Cnet wanted to block someone they would display some kind of error message or page; they would never redirect someone to a link farm of unrelated links. It makes zero business sense to send visitors elsewhere with no explanation. I have one more theory or more accurately, a guess. When I was testing to see if tor was working, I visited grc.com to use the "Sheilds Up" test. If they showed an IP that wasn't mine, then I could be pretty sure Tor was working. The first time I visited them, I was surprised when they determined I was behind a proxy and refused to go any further. Later, I tried again and this time they just determined a different IP address than mine. I decided to go ahead and do a "Common Port" scan. I was appalled. The exit node seemed to have all kinds of open ports - a lot more than I thought would be proxied by Tor. Unfortunately I did not think to write down the reverse DNS address or the open ports. My thought is that some exit nodes may be compromised without the operators knowledge. Maintaining good security while running an exit node does not look like a simple task. I'm reluctant to do more of these scans because they are an unauthorized port scan against the exit node. If however I see another of the strange pages discussed in this thread I will try to capture the page and then quickly do a scan. George Shaffer