cave updates, Qwest
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi all. i just wanted to give some updates regarding my router cave and experiences so far with running a Tor exit on my Qwest home DSL internet. Where we last left off, i had gotten permission from a Qwest representative to continue to run a Tor exit. They had noted my account accordingly. I continue to use the reduced exit policy from Mike's blog. Unfortunately, there still exist some problems and hiccups i've been dealing with. While the DMCA complaints have so far stopped, my internet has been disabled three times now due to 'malicious' behavior. Usually i will wake up in the morning to find my HTTP requests redirected to an internal Qwest website (http://consumer.protection.qwest.net/) explaining that their system has detected malicious behavior from my computer. The website provides an automated means to restore my account and internet access. I chose the option malicious software already removed and proceed with some verification and then my access is restored. However, unfortunately, on the second and third occurrences, their automated means would not allow my account to be restored, instead saying you have failed to remove malicious software or some such nonsense. This entails me calling Qwest technical support and waiting for them to contact some engineer to restore my account, taking about 20-30 minutes. They also take that opportunity to tell me they had detected a 'bot network' on my computers and want to make sure my anti-virus is updated. Each time i've reassured them that it is a false alarm and that account should have been 'noted accordingly' But so far, it doesn't seem to have stuck. Once my account has been restored, I proceed to send an e-mail follow-up to h...@qwest.com with my previous ticket reference to when I was given the go-ahead to run a Tor router. I've asked for details on what malicious behavior was detected and how I can block it, assured them that none of my computers have viruses, and reassured them that I am not interested in causing trouble for the company nor violating their policies. Unfortunately, all of these e-mails have not been responded to, so i have no way just yet to move forward in order to mitigate these malicious uses of Tor. I'm actually getting a bit frustrated with my e-mails to Qwest seeming to fall on deaf ears, and was thinking of filing a complaint with the BBB in order to spur a proper reaction -BEGIN PGP SIGNATURE- iEYEAREIAAYFAk1DF8kACgkQXhfCJNu98qDVLQCgl3Zv5KShBzOWcJK7YOFHyjyE fsIAoJlXFRWrhJFXpwb9GZuMax2xmUpw =qMWC -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Fwd: Re: DMCA Infringement Notification: Copies of 14 complaints
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 well, i think i have good news. although the rep from EFF said that my internet agreement could be construed to at least cause [me] problems with retaining [my] service, if not to win a lawsuit against [me] i decided to respond to Qwest's response with the following: - --- I have carefully read the information you've provided and am glad to hear you take DMCA complaints seriously. You will be pleased to know, then, that you are under no liability nor obligation to terminate my internet service simply for receiving such notices. Please continue to read the information I have provided herein which is based on factual records written by lawyers experienced in this area. insert EFF legal letter[1] a small personal note about switching ISP's to one more concerned about human rights and how Tor helps oppressed peoples in China and Iran - --- Qwest responds simply with: - --- I understand your response and am familiar with the tor software you are using. Here is a list of the fiels that have been documented as downloaded/uploaded from your conenction which cuased the service to be suspended list of the Bittorrent files previously mentioned - --- then i respond with (taking into account some of grarpamp's suggestions): - --- Thanks. I will reiterate that I am not hosting or making available the claimed infringing materials and that you are already protected by the DMCA's safe harbor from any liability arising from such complaints. I have also relayed the same response directly to the complainants. Should any further complaints arrive you may forward them to me to directly process them. As the result of this, I expect the complainant to withdraw said complaints from you (the ISP) in a timely fashion and without interruption to my internet service. - --- and Qwest responds with: - --- I have noted your account accordingly - --- so i kind of get the feeling of victory but don't want to take advantage of it by using the default exit policy just yet. i'm going to just try the 'reduced exit policy' for a while 1. https://www.torproject.org/eff/tor-dmca-response.html -BEGIN PGP SIGNATURE- iEYEAREIAAYFAk0QT+IACgkQXhfCJNu98qDujQCfUqAIvGZRMo7dY3dzBy7cfwyR paoAn249eLxI/Jsx7LIymcQOsiIGApx2 =CM3r -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor for ubuntu 9.10 karmic koala
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 when i receive update for Tor in the update manager, update-manager, i see, This change is not coming from a source that supports changelogs. down in the lower pane when i expand Description of update -BEGIN PGP SIGNATURE- iEYEAREIAAYFAkuiTkcACgkQXhfCJNu98qATlwCgvlRJiayRvo12dzUFi00ipBkH JpAAnAtbcHlNpwcLyQi5vLdJpmXwIoHi =ruZZ -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor for ubuntu 9.10 karmic koala
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Runa Sandvik @ 03/13/2010 01:49 AM: On Sat, Mar 13, 2010 at 5:01 AM, scar s...@drigon.com wrote: no repository yet? Sure, there is a repository for Ubuntu 9.10. I suggest that you take a look at https://www.torproject.org/docs/debian.html.en. It has information on how you can edit your /etc/apt/sources.list to use our package repository. thanks. sorry, i didn't realize it had changed from http://mirror.noreply.org/pub/tor -BEGIN PGP SIGNATURE- iEYEAREIAAYFAkueg2IACgkQXhfCJNu98qAq5gCfVZy6fGeCEGhT73Utc1XjT0bf SnMAmwWR0ytA97/ig62o6ZPdROV5YQmq =2KdC -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor for ubuntu 9.10 karmic koala
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 no repository yet? -BEGIN PGP SIGNATURE- iEYEAREIAAYFAkubDhgACgkQXhfCJNu98qBrvQCgrcTWwsMzS+0R0/WDAJLRnSPi yeMAni3nOcQI3pnPk/dQ4l42BGkzEDIM =kMhb -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: browser fingerprinting - panopticlick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mike Perry @ 01/28/2010 02:04 PM: After all, in normal operation, your history leaks one fuckload of a lot of bits. And that's a technical term. Sensitive ones too, like what diseases and genetic conditions you may have (via Google Health url history, or Wikipedia url history). It's pretty annoying that the browser makers really have no plan to do anything about that massive privacy leak. isn't there any way to protect against that without using Tor/Torbutton? i think there was a SafeHistory add-on, but it's still not been ported to FF 3.0+. -BEGIN PGP SIGNATURE- iEYEAREIAAYFAktkwAoACgkQXhfCJNu98qCwgQCg1CjV+G8AwaxZ8x0K+dO5PkQr mJYAoLx7dDs3GmToOIIvNMqa3jwK946v =dUlX -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: browser fingerprinting - panopticlick
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 thanks for the suggestions, 7v5w7go9ub0o. i also read through [1] and am trying out the LinkStatus add-on[2]. it seems to work, and is kind of useful in that it tells me in the status bar the time i last visited a link. 1. http://whattheinternetknowsaboutyou.com/docs/solutions.html 2. https://addons.mozilla.org/en-US/firefox/addon/12312 -BEGIN PGP SIGNATURE- iEYEAREIAAYFAktk9ekACgkQXhfCJNu98qCg1QCdH/jpqb1KFKt/6v4rRSQcTETI ARkAoPZe/705PUfzX4MWSQbvnV7GPqvA =G5PE -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Problems with irc because of tor?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Praedor Atrebates @ 11/20/2008 01:08 PM: [snip] Why does running tor suddenly cause me to be unable to connect to freenode? I am NOT running a torified irc client. if you have tor configured as an exit node on the same IP address, then that is probably why. freenode is probably just looking at the list of exit nodes and acting accordingly. Also, where's the address 127.0.0.1 coming from? Why is my REAL IP address now invisible (apparently) and tor causing sites to think I am trying to use the illegal localhost IP? i think that IP is generated by the freenode server. they could have configured their server to just say that IP address when they ban any address... -BEGIN PGP SIGNATURE- iD8DBQFJKk2CXhfCJNu98qARCDKRAKDwxetf4IVrLagnSFwxW5Gh91ZjowCeLDA2 Fk2ks2Hl3PZZq4HGgYpnKnw= =hEbF -END PGP SIGNATURE-
Re: Problems with irc because of tor?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 scar @ 11/23/2008 11:45 PM: Praedor Atrebates @ 11/20/2008 01:08 PM: [snip] Why does running tor suddenly cause me to be unable to connect to freenode? I am NOT running a torified irc client. if you have tor configured as an exit node on the same IP address, then that is probably why. freenode is probably just looking at the list of exit nodes and acting accordingly. Also, where's the address 127.0.0.1 coming from? Why is my REAL IP address now invisible (apparently) and tor causing sites to think I am trying to use the illegal localhost IP? i think that IP is generated by the freenode server. they could have configured their server to just say that IP address when they ban any address... oops, sorry about that. i thought no one had replied to you since *ahem* some people's clients break threading ;) looking further through the unread mails, i see that wasn't the case. hopefully my reply wasn't completely useless -BEGIN PGP SIGNATURE- iD8DBQFJKk7aXhfCJNu98qARCAZHAKD4YqrEXRZOcWaliVMX5uPc9FkT9QCg1FOC B1CjvF+25MVYTXHfY49/QwI= =zOws -END PGP SIGNATURE-
Re: Configure Filezilla 3.0.11 to use Tor.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Luis Maceira @ 2008/10/23 13:54: The steps to configure Filezilla 3.x to use Tor in http://www.torproject.org Toryfing apps... seem not correct as I can't find under Settings... the Generic Proxy to point to 127.0.0.1 port 9050.Only an ftp proxy appears under Settings...,which by the way should not be used,as is written there. Are there other ways to configure Filezilla 3.x,or is this something specific to this 3.0.11, and in other 3.x versions Generic Proxy appears under Settings... it looks like the stable version of filezilla is now 3.1.5. is there any particular reason you need to use 3.0.11? if not, maybe 3.1.5 has the generic proxy option? i used to use filezilla, and then the generic proxy option disappeared, like you are describing. i talked to the developers and they said something like they forgot to include the generic proxy option, or they didn't feel it was needed, or something like that. so, i started using WinSCP, which had the option for FTP connection with proxy. not sure if you are using Windows, but perhaps there is another application you can try, if filezilla no longer works well with Tor. -BEGIN PGP SIGNATURE- iD8DBQFJAWgiXhfCJNu98qARCJYbAJ9hNSpJ6/IqgCgmaMlGnKVMIR/XtwCg2J8Y SwIkTHFAKF69hAHxZwf97TM= =pLBL -END PGP SIGNATURE-
Re: GnuPG through Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 misc @ 2008/10/21 08:21: I have a real problem downloading public keys of Hushmail users. I don't want to install java, which is required to download their keys through the browser. They don't propagate their keys to public HKP servers (which I indeed could assess using Tor Privoxy). They have their own free LDAP server: ldap://keys.hush.com:389 Is there any way at all to get keys from LDAP server through Tor? i think if you are using Torbutton in Firefox and have the default options set, then it is OK to use java: Torbutton will block all malicious attempts by Java/Javascript to bypass your anonymity. is that a reasonable assumption? -BEGIN PGP SIGNATURE- iD4DBQFI/jADXhfCJNu98qARCEXXAKDJKfEK8vLIhkNE0Nk2LgXdDYxrtwCUCY11 vMsqoDxmi3hkooSN4KWz/Q== =noPJ -END PGP SIGNATURE-
Re: GnuPG through Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 misc @ 2008/10/20 19:48: Is it possible to run GnuPG through Tor? (when connecting to LDAP and HKP servers to exchange keys)? LDAP: no, i don't think. HKP: yes, as that is just HTTP (or something). just define your http_proxy and https_proxy environment variables (e.g. if using polipo: export http_proxy=127.0.0.1:8123 export https_proxy=127.0.0.1:8123 ) now, there is something else in GPG's settings... yes, use this option: - --honor-http-proxy (for command line) or honor-http-proxy (in gpg.conf) -BEGIN PGP SIGNATURE- iD8DBQFI/UtfXhfCJNu98qARCN/7AJ4lmIODgC+a/HxW6wga1Q9KvZz1CQCfW1dR KMz+luCGwsUGXoLvrmPG8Mo= =vj65 -END PGP SIGNATURE-
Re: Embedded IM using Tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 from what i understand, Torbutton should take care of this. make sure all of the crucial (or critical ... can't remember) settings are activated inside Torbutton. then, if your IM doesn't work, torbutton is doing its job. if your IM is working then it is safe to assume all traffic is properly being routed thru Tor. but using pidgin is probably better if that is an option. there is also pidgin portable. Ringo Kamens @ 2008/09/19 20:13: I have heard of Javascript breaking Tor but that might be speculation. Regardless, running Javascript while using Tor is dangerous. I would suggest using a program like Pidgin Ringo On Fri, Sep 19, 2008 at 2:42 PM, Kyle Williams [EMAIL PROTECTED] wrote: Yes, through Tor. All communications coming from Firefox *should* use the proxy settings you specify. There have been cases in the past where Firefox didn't honor the proxy settings. However, those issues have since been fixed. - Kyle On Fri, Sep 19, 2008 at 1:22 PM, M [EMAIL PROTECTED] wrote: Yes through tor or yes directly? On Fri, Sep 19, 2008 at 11:18 PM, Kyle Williams [EMAIL PROTECTED] wrote: Yes. On Fri, Sep 19, 2008 at 1:04 PM, Peter Chang [EMAIL PROTECTED] wrote: I am running firefox enabled with tor. If I use embedded IM e.g. yahoo or gtalk within the browser will the connection to the yahoo/google chatserver go through Tor or directly. -BEGIN PGP SIGNATURE- iD8DBQFI1G8BXhfCJNu98qARCBcbAKC4qyGpvM4F63GLvAi9ImxXsjVWCACg5G7N 2hVrazG3IwaJ4icL5jjstj0= =Z2KW -END PGP SIGNATURE-
Re: AVG + TOR = BARF
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Grant Heller @ 2008/08/21 23:41: On 8/21/08, *John Mosgrove* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: [snip] I'm sure that yahoo is hardly a 'safe' place to email from/to, do you recommend any other potentially less compromise worthy mail clients? That is one that I am less likely to be compromised by? Thanks. If you're looking for local privacy, gmail's web interface + https works, although I don't know if google snoops what you're sending and receiving. huh? of course they do. i suggest you read google's privacy policy. personally, i think two good free places for e-mail are lavabit.com and riseup.net. maybe our friend roy lanek knows of other suitable places? ;) -BEGIN PGP SIGNATURE- iD8DBQFIr0o9XhfCJNu98qARCLlkAJwJccRME52VA9Eh3Z2TB0KtPxJaKgCffyD0 PDz4n/LyzY23DiMNfrllF0s= =4CEL -END PGP SIGNATURE-
Re: Gmail/SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jonathan Addington @ 2008/08/09 13:22: This is also on the Gmail blog, which notes that going to https://mail.google.com always had the same effect. (At least hopefully!) it did not have the same effect, unfortunately. ;) perhaps they are just trying to appease the masses with some hand-waving? after logging in, the session would briefly jump to an insecure connection for some reason or another, which could even be witnessed by watching the URL in the address bar, and then jump back to a secure connection. the hope is now that this doesn't happen. although i personally stopped using gmail long ago not because of this but because of their privacy policies and retention of deleted e-mails, even after a google account has been closed. -BEGIN PGP SIGNATURE- iD8DBQFIno44XhfCJNu98qARCOCfAKCj8hWHziYsmeHLOzFcF1f1nLaxIwCfbJ19 J4f+mzmsUd8GvCRJCPsuTvQ= =NJAr -END PGP SIGNATURE-
Re: Abuse statistics
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] @ 2008/08/05 07:24: So the profilers feed the spammers? :-) what's with the happy face? you get a kick out of this, playing detective? most of us already assume this is happening. we don't need your statistics. as is said in the FAQ, criminals already have better ways of doing things without Tor. -BEGIN PGP SIGNATURE- iD8DBQFImj2EXhfCJNu98qARCBiaAKCnLts9wbkAWrZg3Uk0F3+5XmketQCfZfvn 0qjxJlLaO5FHCjoQ6jjisro= =P3O3 -END PGP SIGNATURE-
Re: [OT] message formats (was: browser footprint)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Scott Bennett @ 2008/07/22 23:21: On Tue, 22 Jul 2008 14:02:10 +0200 Ansgar Wiechers [EMAIL PROTECTED] wrote: On 2008-07-21 Scott Bennett wrote: On Tue, 22 Jul 2008 05:24:22 +0200 =?UTF-8?Q?Tom=C3=A1s_Arribas?= [EMAIL PROTECTED] wrote: PiBUb3IgaXNuJ3QgdGhlIHJpZ2h0IHBsYWNlIHRvIGJlIG1hbmdsaW5nIGFwcGxpY2F0aW9uIHBy b3RvY29scyBpZiBpdAo+IGNhbiBiZSBhdm9pZGVkLiAgVGhhdCdzIGZvciBwcm90b2NvbC1zcGVj [remainder of junk deleted --SB] Is there some good reason for posting crap like the above to this list? It's bad enough that some insist upon posting their message along with an HTML duplicate, but at least there is usually some original text content. As per RFC 2045 base64 is a valid transfer encoding for a message body. It was declared correctly in the header, too. What kind of MUA do you use that won't decode this for you? I'm using mailx(1), which is the SysV equivalent of UCBmail, the staple of UNIX systems for decades. It is safe, reliable, and either mailx or UCBmail is found on just about every kind of UNIX still in use today. It handles mail headers and plain, ASCII text. If you want to use other character sets in private email, that's fine, but it's not appropriate to do so on mailing lists. this is silly, but mailx needs a patch, then. it may have been created during a time when ASCII was all that was needed. but, times change. lot's of other people out there use non-ASCII characters, and UTF-8 is starting to become a standard character set. like was mentioned, the e-mail conformed to RFC standards. if your client can't handle these standards then you are complaining to the wrong people (read: write to the authors of mailx! ;-) ). -BEGIN PGP SIGNATURE- iD8DBQFIhnwkXhfCJNu98qARCEzdAKCic9ngtlxLINz13xYP1QJVUmYOuQCeMrto i1rYKNENY2eWSReoJWnzEgU= =Ve0K -END PGP SIGNATURE-
Re: Exit node connection statistics
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] @ 2008/07/17 09:03: Dominik Schaefer: [EMAIL PROTECTED] schrieb: Can you explain what the threat scenario is for what I'm doing? One possible issue comes to my mind here. You mentioned, you delete your logs after 24h (after evaluation). I don't know what exactly you are logging for this interval, but one reason why it is usually useless to search Tor nodes is because they don't keep any (usable) logs. If this changes for some nodes and is known e.g. to law enforcement agencies, that might encourage searching/confiscating of Tor nodes in general and increase risk for any node operator. I just log the exit connections (standard info log of Tor), which is not of much use for investigators, as they have this information already if they found the exit node. how do investigators know that? my guess is they will see that you are providing these statistics and then also assume that you are logging the incoming connections and now have (more) reasonable cause to seize your equipment in order to facilitate coordinating the full tor-circuit or something. -BEGIN PGP SIGNATURE- iD8DBQFIf8ptXhfCJNu98qARCDoEAKCEYXYGEH3wotoaJiXomB7SfKr/lACZAaTE 6jxIqrg3Fg/uSLnh5gilE+k= =EReq -END PGP SIGNATURE-
Re: Idle client bandwidth usage
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ringo Kamens @ 2008/07/05 15:06: Dawney Smith wrote: Hello, Are there any figures on how much bandwidth an idle tor client uses just to tick over? Ie, when it's not actually being used. Also, are there any configuration parameters that can be tweaked to reduce the bandwidth usage? best wishes, dawn I would also be interested in something like this, as I've wondered the same thing. Comrade Ringo Kamens for what it's worth, on this machine tor-0.2.0.28-rc is not being used but is running. i simply opened up vidalia, let it do it's initial download of the geoip database, then reset the bandwidth usage graph. after 12 hours, 1.51 MB had been received and 169.75 KB has been sent. -BEGIN PGP SIGNATURE- iD8DBQFIcF9uXhfCJNu98qARCIp0AJ92toTmzPqyxqJ9WbaAJZc1STd6VwCgzEbQ CPxDLeWlkykSmICa9dhsRSU= =UI91 -END PGP SIGNATURE-
[ot] Firefox ( Thunderbird) makes unrequested connections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 See [1] and especially [2] and [3] (which also apply to Thunderbird). 1. http://support.mozilla.com/kb/Firefox+makes+unrequested+connections 2. http://support.mozilla.com/kb/Firefox+makes+unrequested+connections#Link_prefetching 3. http://support.mozilla.com/kb/Firefox+makes+unrequested+connections#Extension_blocklist_updating ☮ -BEGIN PGP SIGNATURE- iD8DBQFIZx+1XhfCJNu98qARCDBwAKCerUxiFW1Kfpvdu0vTo65MGQfA3gCfX5AC CMHlE/nACIe5bDxkfHj50k8= =Otos -END PGP SIGNATURE-
Re: OnionCat -- An IP-Transparent TOR Hidden Service Connector
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 F. Fox @ 2008/06/26 02:39: 7v5w7go9ub0o wrote: (snip) This actually creates another question (not to be argumentative :-) ). Given that there is no exit node, would an OnionCat to OnionCat connection over TOR need to be encrypted? Is it plain-text anywhere along the line? (snip) No, it wouldn't need extra encryption - a hidden-service connection has end-to-end encryption by its very nature. unless the nodes in the circuit were all using compromised ssh keys due to that recent debian bug, or other unknown future bugs. in this case, extra encryption might be the saving grace. -BEGIN PGP SIGNATURE- iD8DBQFIYyWuXhfCJNu98qARCGJUAJ9Ut8Am0xRq+02RfGByWgnyZIBJiwCgocIz UIeYXJYR7+wg+3trT8TMILo= =rspm -END PGP SIGNATURE-
Re: SPD talk: Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] @ 2008/06/12 21:22: Hi, How does one search the archives, via. some google trick? yes. you can use site:archives.seul.org/or/talk search terms -BEGIN PGP SIGNATURE- iD8DBQFIUZaJXhfCJNu98qARCAL3AJ97TBBSAflCJzAXYoa4oiIx636SNgCg6kIi k39oYErQjUNTrUR+lm/s/H0= =Ae+f -END PGP SIGNATURE-
Re: How are hackers breaking Tor and trojan users?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Robert Hogan @ 2008/06/11 18:48: On Wednesday 11 June 2008 06:17:38 Roger Dingledine wrote: snip He may also be referring to attacks where a local application (like the browser, but it doesn't have to be) can be tricked into connecting to your local Tor control port, like Kyle's attack from last year: http://archives.seul.org/or/announce/Sep-2007/msg0.html This was a great attack, but I think the latest versions of Torbutton and Vidalia make it a non-issue going forward. I would love to hear if you think otherwise. On a default Tor installation from source, i.e. with no authentication mechanism enabled, it is still possible successfully to send commands to the controlport if the 'authenticate' command is not preceded by any garbage. If someone were to develop a browser-based exploit that managed to get the 'authenticate', with no preceding bytes, to the controlport then they're in. I believe this is extremely difficult to do, and if such an attack was the subject of arrakis' and kyle's paper they would have much bigger fish to fry than just Tor. like this? http://www.janusvm.com/goldy/vuln/tor-controlport.html (posted earlier in the thread by Kyle Williams) -BEGIN PGP SIGNATURE- iD8DBQFIUG9eXhfCJNu98qARCAyvAJ9HaWGB9q/Ad5NLzeiFqROFAo9aqgCguhzw nHGsyhDctHwJ0yuyjdE47kc= =9xut -END PGP SIGNATURE-
Re: How do we defeat exit node sniffing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 defcon @ 2008/06/06 02:20: for http connections im worried about cookie sidejacking as well since some sites only authenticate via https and set a cookie, what can we do in this regard? there's nothing to do in this case either. you have to be prepared for your session to be hijacked. at least, in this case, your password cannot be changed since most sites require re-authenticating to change the password (and that will be done via https). always be sure to use the log out/etc. link when done, to update the cookie accordingly. again, personally, this hasn't happened to me (that i'm aware of). from what i've casually seen in vidalia, if you are able to switch to https, cookies are probably also exchanged via https even if they are set to use any type of connection (as opposed to encrypted connections only). i can hypothesize this because i no longer see connections to port 80 after switching to https. if the cookies were being exchanged in the clear there would still be connections to port 80, right? it seems wondering about this is mostly moot, though, since the only way to be sure your information is secure is to use https all the time with cookies set to use encrypted connections only. even then you are placing trust in a CA, which is a third party also subject to attack. oh my! -BEGIN PGP SIGNATURE- iD8DBQFISaqaXhfCJNu98qARCFEEAKCXzvJqMM7whLMRNjjEK4/qP++uggCgkmzO 0m31S0h/obTqCmZBg43myhc= =d9h/ -END PGP SIGNATURE-
Re: Torbutton 1.1.18-alpha released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 when i click on the history menu, my history is displayed, even though block history reads during tor is checked. before, with 1.1.17, i am pretty sure, the history menu would come up blank. is this ok? thx. -BEGIN PGP SIGNATURE- iD8DBQFIDDJjXhfCJNu98qARCPfuAKCkrdsb1+OUzEm8lB8Ycx47Nycz1ACg+dQZ i/wV4bZCmh/Hv+R0tBOUOaA= =LRge -END PGP SIGNATURE-
Re: A Question to people from UK
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Dave Page @ 2008/04/18 06:19: On Fri, Apr 18, 2008 at 03:11:52PM +0200, Hans Schnehl wrote: I was told in the UK you are obliged to deliver your private gpg/pgp keys to the authorities as soon as you use one of these programs for yourself. [snip] I hope this is a hoax, but just for informational reasons it would be nice if someone with the appropriate knowledge could clarify this. This isn't anything I'm aware of in UK law, and I'm pretty sure I would have heard about it if it were. The Regulation of Investigatory Powers Act (RIPA) 2000 details the powers the police have to demand decrypts and keys. You can read more about it at http://security.homeoffice.gov.uk/ripa/publication-search/ripa-cop/electronic-information Dave you may want to check [1] back from may 2006. Part 3 of RIPA gives the police powers to order the disclosure of encryption keys, or force suspects to decrypt encrypted data. Anyone who refuses to hand over a key to the police would face up to two years' imprisonment. there was also some other talk about this here back then[2][3]. i don't see any recent developments regarding this, though 1. http://www.zdnet.co.uk/misc/print/0,100169,39269746,00.htm 2. http://archives.seul.org/or/talk/May-2006/msg00283.html 3. http://archives.seul.org/or/talk/May-2006/msg00284.html -BEGIN PGP SIGNATURE- iD8DBQFICR8VXhfCJNu98qARCFYiAJ0VOfOHOauHhzQIJF1czjLlKmoiAgCePk36 E9duKQApkYoklHBNPYhnLNQ= =iibE -END PGP SIGNATURE-
[ot] wikileaks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 does anyone know what's happened to wikileaks.org? https://secure.wikileaks.org has usually worked, but i cannot even access the service using any of the 15-20 other cover names i've bookmarked nor the tor hidden service each request just times out. -BEGIN PGP SIGNATURE- iD8DBQFIBIRrXhfCJNu98qARCBscAJwK4A3ZY+fYwYGI8fgMiGuZS3d7VwCgnY8i VGfDm5NY5p1ereFrgT4Mxok= =KwmM -END PGP SIGNATURE-
Re: [ot] wikileaks
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Paul Gigg @ 2008/04/15 06:13: Hi Got to Wikileaks with this link http://88.80.13.160/wiki/Wikileaks and that doesn't even work, at the moment. so, even the many different wikileaks servers and hostnames around the world cannot hold up to these DDOS attacks (assuming that's what's going on)? i have trouble understanding this, when a single site like cryptome.org doesn't seem have these problems. -BEGIN PGP SIGNATURE- iD8DBQFIBR7bXhfCJNu98qARCLFBAJ9OO5OHG2/3NDWRJG+UTOO++tl0kACgvk4o BF9HKji8a+zp0NwR++psSZY= =4eRX -END PGP SIGNATURE-
Re: Defeat Exit Node Sniffing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Bill Weiss @ 2008/03/06 17:42: Better Gmail 2 [1] claims to force SSL on all gmail connections. I haven't tested it to verify that it is correct. Sorry, no general-case solution, just some help for the Gmail users :) [1] http://lifehacker.com/software/exclusive-lifehacker-download/better-gmail-2-firefox-extension-for-new-gmail-320618.php if you scroll down to Credits: you'll find a link for the code that forces this SSL, and then a link there for the source[1]. it is only 1 line on actual code and doesn't seem like a robust solution. ;) http://userscripts.org/scripts/review/1404 -BEGIN PGP SIGNATURE- iD8DBQFH03/kXhfCJNu98qARCBScAKCpbwird9JZiD0gvL4MXiN578ugUACgpQcE bxCF0711KeNfOFcTdEz0UWg= =inTc -END PGP SIGNATURE-
Re: Defeat Exit Node Sniffing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 defcon @ 2008/03/02 19:02: | What is a good way to enforce a good cookie policy | for firefox? this was discussed a bit not too long ago.[1] check that thread for some useful links as well. i learned that cookies have a security attribute which dictates if a cookie is sent over an encrypted connection or not. most sites which require you to logon do not set this security attribute. so, while you may be sending your username/password over SSL, the cookie which contains your session id,etc. may be transferred in the clear. so, instead of an attacker gaining your username/password, they can gain access to your session and do whatever you would be allowed to do whilst logged in. slightly less dangerous. most sites require you to reauthenticate before changing your password, so that is probably one thing the attacker cannot do. i'm not sure of a way to find out if a site will transfer its cookies over an encrypted connection, without actually logging in and then taking a look at the cookies you've received. you can look at your cookies in firefox and there is a line Send for: which will tell you the type of connection used. (maybe you need to install add-on CookieSafe to see this detailed information). i also learned, that by using a cookie editor, you cannot force a cookie to be sent over an encrypted connection. ultimately, i would recommend turning off cookies all together. if you have to logon to some site, i would recommend creating a new anonymous email to use for that purpose alone. really, i don't see why the webmasters do not just set cookies to be sent over SSL. i'm not a webmaster. but, is it really that hard? does it add that much more overhead than they are already experiencing from using HTTPS? or are they just ignorant, lazy? comments welcome. thanks. 1. http://archives.seul.org/or/talk/Sep-2007/threads.html#00100 -BEGIN PGP SIGNATURE- iD8DBQFHzzEgXhfCJNu98qARCMOdAJ9X+DJ/p5D9fwOToz2+DAAgjsJ2iwCfSkvx CFYWm315wdIOqeCANbkrOgs= =4oAz -END PGP SIGNATURE-
Re: Defeat Exit Node Sniffing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris Palmer @ 2008/03/05 17:05: | scar writes: | | i also learned, that by using a cookie editor, you cannot force a cookie | to be sent over an encrypted connection. | | Which cookie editor(s) did you try? I use Add 'n' Edit Cookies, a Firefox | plugin. It offers a radio button to turn the Secure attribute on or off, but | I have not tested it to see if turning Secure on really works as it should. | If you tested it and it didn't work, that would seem like a bug in Add 'n' | Edit Cookies that the maintainer would want to know about. | Yes it was that add-on. if you check that thread i linked to in my previous message, i posted there some experimentation and results of one website. basically, i was not convinced that using add 'n' edit cookies was a solution. if one website won't acknowledge my alteration of the security attribute, i have no reason to continue. It must work all the time. there was no bug in the add-on; i saw the change to the cookie take place. it is a problem with the website/webmaster. if you want to add to this research, that would be great. -BEGIN PGP SIGNATURE- iD8DBQFHzzwxXhfCJNu98qARCCHPAJ90Zrttzxq3AbgFUaeBU7SaK1QzKwCfZdLS nrQbL+uqyTX7i+ws7jNxG2k= =MTSb -END PGP SIGNATURE-
Re: Defeat Exit Node Sniffing?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris Palmer @ 2008/03/02 14:15: | defcon writes: | | I have been using tor for a while now, and I absolutely love it, although | the only thing keeping me from using it, is the insecurities of the exit | nodes. I know to truly stay anonymous you should stay away from personal | accounts but how can I connect through tor to gmail or other ssl enabled | services without risking my password being sniffed or my dns request being | hijacked. Any advice would be greatly appreciated! | | The answer is to use SSL. I'm not sure but I think you meant to say ... or | other *non*-ssl enabled serviecs | | In the particular case of Gmail: Gmail normally uses HTTPS for the login | phase but not thereafter. That is of course totally silly, because while the | attacker won't see your password they will still see your Gmail session | cookies. That's all they need to hijack your Gmail session -- they don't | need your password. BUT! the good news is that if you go to Gmail via | https://mail.google.com/, Gmail will use HTTPS for the entire session, not | just the login phase, and then you are as safe as anyone ever can be from | network eavesdroppers (including traffic-sniffing Tor operators). | sorry, but that's not entirely true. if you watch your tor circuits, gmail will jump to one insecure connection on port 80 to do something during the login phase, and then go back https, even if you use https://mail.google.com/. this has been discussed to death, please search the archives. the best solution is to stop using gmail, since they probably keep your email forever. next-best solution is to use a 3rd-party email program and configure it to use TLS or SSL for your pop.gmail.com and smtp.gmail.com connections. -BEGIN PGP SIGNATURE- iD8DBQFHyztAXhfCJNu98qARCPgTAJ9IcmnkJSyq50tH6m0YM5LnWzwmyQCfdmkd s63d6BRRavBoj9CYY5daTY8= =VKYu -END PGP SIGNATURE-
Re: tor and google-error
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 like others have said, scroogle ssl is probably the way to go. however, it doesn't seem to handle special google queries yet (like define:foo or convert 1 gram to lbs, etc.). so, if you must use google (see below) Roger Dingledine @ 2008/02/08 21:00: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#GoogleSpyware [...] if you find a useful workaround and write up a description of it, please let us know. tell vidalia 'new identity', then open 'network map' and close the connection to google, if still open. re-search on google and it will use a new circuit with hopefully a new exit node. repeat until google complies. note: don't just hit 'reload' in your browser as that will reload the google 403 error! ;) -BEGIN PGP SIGNATURE- iD8DBQFHr4pAXhfCJNu98qARCB25AJ9qt3rFKeIwrktKLNe19oDCMvbx2ACgxTHv YgMysl6c5XUmHAf19+GKO3E= =xWsG -END PGP SIGNATURE-
U.S. Launches Internet Anti-Censorship Effort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 something for the EFF to consider? The U.S. Congress is funding a modest assault on the great firewall of China. The newly approved budget for the U.S. State Department includes $15 million for developing “anti-censorship tools and services” which could help Internet users breach electronic firewalls set up by China, Iran and other “closed societies.” http://www.defensenews.com/story.php?F=3286113C=america -BEGIN PGP SIGNATURE- iD8DBQFHja7kXhfCJNu98qARCKvwAJ4tz/1FaVFq62mO1J/f0g7K0gHvHwCdE2PL GsH/o5Lu8Rl+mTrEaRCqYgE= =bqOP -END PGP SIGNATURE-
[OT] Anonymous payment [was Re: shinjiru closed exit node acceptnolimits]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 accept no limits @ 2008/01/03 12:41: shinjiru explicitly allows anonymous hosting. how does anonymous money transfer work in this case? I got this question in personal mails after my posting, too. yes this is a rather useful topic. So here a (short) answer: They do not accept anonymous money, BUT the accept visa cards, and especially they accept virtual prepaid visa cards. So think out a name, address, etc. (just for the card) and you can get one e.g. at card444.com. do you have other virtual credit card issuers you recommend? this is the first i've heard of this service. the fees for this card are quite significant[1], are there places more reasonable? Bye accept no limits thanks for the info. 1. http://card444.com/faqs.html#10 -BEGIN PGP SIGNATURE- iD8DBQFHhXmnXhfCJNu98qARCHEbAKDkLCYiyJl7SxCsteCAooHiaFw8owCgsftN 1xIapT62RQu6bOP8tI8iGks= =9Qbv -END PGP SIGNATURE-
j0ryeqmd
when using IRC over Tor, very often my ident is munged into that string. once is understandable. the peculiar part is how, if i change Tor circuits (exit node also) and reconnect, i'm connected with that same ident. it's not constrained to just one IRC network either: it appears to happen across various networks. anyone else noticing this? what is even more peculiar to me is that this has still happened (at least once) even when i first connect to an IRC bouncer via SSL connection (using Tor) and then initiate an insecure connection to an IRC network through the bouncer. the connection between the bouncer and the IRC network is not through Tor, just the connection between me and the bouncer and that is via SSL anyway. signature.asc Description: OpenPGP digital signature
Re: Tor/Vidalia hangs
[EMAIL PROTECTED] @ 2007/10/03 16:19: Have more people experienced this bug, or am I the only one experiencing this? i have experienced this also on my windows xp box. i think it's an issue with vidalia. for me, it has been occurring for a few versions of vidalia now. i've never had tor freeze nor push the cpu to 100% nor have i ever had to kill tor.exe because of non-compliance. on that box i have tor setup as an nt-service, so there is no need for vidalia to start/stop tor. it is using vidalia-0.0.14 and tor-0.1.2.17. it seems to occur when tor is downloading routers. vidalia has to parse this and reflect the new list of routers in the network map view. the newtwork map view needs to be open. it also seems to occur if tor is having trouble building circuits and is constantly failing and creating new circuits. vidalia can't keep up with the updated/active list of circuits. or, if close circuit is used and tor has to build a new circuit, etc. again, this seems to only happen if network map view is open. i'm not certain of this, but i think if vidalia is opened but not used (or, perhaps just the network map is not left open), the 100% cpu/freezing does not occur. someday i might test this hypothesis. then again, it is windows and i'm well acquainted with needing to kill processes in order to keep the system stable. ;) these are just observations and i've got no log files to accompany my claims. signature.asc Description: OpenPGP digital signature
Re: a changing network security landscape is difficult for even the biggest tech companies to wrestle with
coderman @ 2007/09/10 18:16: 0. Web sites may transmit authentication tokens unencrypted http://www.kb.cert.org/vuls/id/466433 ... still no progress, with the companies in question dragging their feet... 1. World's biggest websites no match for decade-old web bug http://www.theregister.co.uk/2007/09/08/security_group_warns_of_web_vulnerabity/ US CERT warned that Google, eBay, MySpace, Yahoo, and Microsoft were vulnerable, but that list is nowhere near exhaustive. Just about any banking website, online social network or other electronic forum that transmits certain types of security cookies is also susceptible. so, if we are using a website that uses HTTPS, but, in firefox, for example, in the cookies list under that website it shows Send for: any type of connection, then the session is vulnerable? or, we should at least assume that? if that is correct, is there perhaps a way to force these cookies to be sent over the encrypted connection? in that cert.org article it says: Accessing the web site using encrypted HTTPS may mitigate this vulnerability. Note that the entire session, not just the initial username and password, will need to be encrypted. For this workaround to be completely effective, the secure attribute must be set on the cookie. i see it is possible to manually set this secure attribute on the cookie using an add-on like add n edit cookies[1], i think. editing the cookie allows me to change any type of connection to encrypted connections only. however, even after manually changing this attribute, the website i tested this with reset some of the cookies back to any type of connection. the cookies it reset back to this insecure state seemed to be the more private ones, named Session and User, the ones one would *want* to be encrypted. additionally, even if the website did not reset the secure attribute, who is to say the website will acknowledge my change of the secure attribute and use an encrypted connection? further, the site i tested this with did not set the cookies until after i sent a user/password over https (logged in), so the initial cookies i received were sent over an unencrypted connection. even if it was possible to force the cookies to use an encrypted connection afterwards, the attack could have already happened, no? seems to me we should stop using private, https websites which do not send cookies via encrypted connections, right? 1. https://addons.mozilla.org/en-US/firefox/addon/573 signature.asc Description: OpenPGP digital signature
Re: Remote Vulnerability in Firefox Extensions
coderman @ 2007/06/21 11:33: On 6/21/07, scar [EMAIL PROTECTED] wrote: ... it seems to me that many addons which are downloaded from https://addons.mozilla.org/ use different, non-https, addresses to check for and download updates. the problem exists when non https is used for updates. any plugins getting updates via http port 80 would be vulnerable. would this vulnerability exist with all of those addons as well? how to find out what address each addon uses to download updates? i haven't tested the various plugins myself. a sniffer should tell you quickly if updates are performed insecurely, though you may need trial and error to determine which one is making the requests if it isn't obvious in the data. this would be a good subject to document on the wiki if you pursue it :) best regards, well, it's clear that noscript uses nonsecure http to download it's update. i think many of us use that add-on. so, how can we safely receive noscript and other add-ons that use nonsecure http updates? do we need to tell firefox to not download the updates, and just notify us? then, we go to https://addons.mozilla.org and manually install the update? or, is there an easier way? signature.asc Description: OpenPGP digital signature
Re: flash in a stand-alone player
Arrakis @ 2007/07/26 22:39: The question is if the stand-alone player, just like regular flash player, phones home without regard to your proxy settings. if that's the only concern, then one need only an open-source flash .swf player. such a thing exist? or perhaps a firefox plugin that implements a flash player correctly is all we need signature.asc Description: OpenPGP digital signature
flash in a stand-alone player
OK, we all know the threats of watching flash .swf in the browser. but, what about downloading the .swf via Tor and watching it in a stand-alone player? no more threat to anonymity, or not? thanks. signature.asc Description: OpenPGP digital signature
hijacked session anomaly?
after anonymously replying to a thread in the mozillazine forums (that is to say, i was not logged in, cookies and javascript disabled also), i found my post to be registered to a user as if it was posted by that user. i was also logged in with this user's credentials and could view their profile, etc.! this was only possible for a short while, after which i suspect the tor circuit was rotated. can someone explain how this is possible? like i mentioned my own cookies and javascript was disabled, so all i can think of was it had something to do with the exit ip address of the tor circuit i was using during that instant quite alarming! signature.asc Description: OpenPGP digital signature
Re: Remote Vulnerability in Firefox Extensions
coderman @ 2007/05/30 00:00: it would be trivial for a rogue exit to use this technique. public wifi users should also take note. check your firefox extensions! http://paranoia.dubfire.net/2007/05/remote-vulnerability-in-firefox.html A vulnerability exists in the upgrade mechanism used by a number of high profile Firefox extensions. These include Google Toolbar, Google Browser Sync, Yahoo Toolbar, Del.icio.us Extension, Facebook Toolbar, AOL Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, PhishTank SiteChecker and a number of others, mainly commercial extensions... Users are vulnerable and are at risk of an attacker silently installing malicious software on their computers. This possibility exists whenever the user cannot trust their domain name server (DNS) or network connection. Examples of this include public wireless networks, and users connected to compromised home routers. best regards, it seems to me that many addons which are downloaded from https://addons.mozilla.org/ use different, non-https, addresses to check for and download updates. i can see in vidalia, after telling firefix to check for updates, many connections are made to port 80. so, would this vulnerability exist with all of those addons as well? how to find out what address each addon uses to download updates? comments please on this observation. thanks. signature.asc Description: OpenPGP digital signature
Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
Benjamin Schieder @ 2007/06/21 10:03: On 21.06.2007 05:11:24, JT wrote: On Wed, 20 Jun 2007 17:09:22 +0200, Benjamin Schieder [EMAIL PROTECTED] said: I just put out ROCKate 0.4.0.0. Could you include truecrypt in the next version ? I already thought about encryption. I plan to use it for /home both in the live and in the installed version. Although, I never used truecrypt. As for now I use cryptsetup-luks to set up encryption. Also, IIRC truecrypt is proprietary. Does its license allow bundling? Redistribution? What about cross-platform compatibility? Greetings, Benjamin from http://www.truecrypt.org/faq.php : Q: What license is TrueCrypt distributed under? A: The text of the license is contained in the file License.txt that is included in the TrueCrypt binary and source code distribution packages, and is also available at http://www.truecrypt.org/license.php Q: Does TrueCrypt run on Linux? A: Yes. Q: Can I mount my TrueCrypt volume both under Windows and under Linux? A: Yes, TrueCrypt volumes are fully cross-platform. signature.asc Description: OpenPGP digital signature
Re: Some of my observations on runing new alpha version of Tor
Przemyslaw Orzechowski @ 2007/06/13 12:46: Ok first i will attempt to translatie the complete error message: Event type: Error Event source: Service Control Manager Event category:None Event Id:7023 Date: 2007-06-10 Time:13:12:46 User: None Computer: xxx Description: Service Tor Win 32 Service terminated, following error occured: In the service occured an exception during access control demand. -- im not sure if the translation of the description field is clear enough and completly correct now for the rest first of all i didnt notice the problem with stable bundle when creating the service thru vidalia. as it turned out vidalia creates the service somewhat different than tor when called from commandline Vidalia creates service with current user credentials? not completly sure bout that, but when you inspect the service (then go to login tab it states that the service runs with credentials of local system account (upper option checked) when creating the service with Tor from comand line the lower option is selected and account data for LocalService is present one more thing that is different is that when creating the service with following command line tor.exe --service install -options -f c:\torrc ControlPort 9051 all options are surrounded with ie service path looks something like this C:\Program Files\Tor\tor.exe --nt-service -f c:\torrc ControlPort 9051 when created with vidalia it looks like this C:\Program Files\Tor\tor.exe --nt-service -f c:\torrc ControlPort 9051 but i'm not sure if this is critical (no logs from tor when i try to start it with this tor service call) just the log entry i mentioned earlier next try installing the service without -options and placing torrc in localservice application data tor directory with with my version ow windows is C:\Documents and Settings\LocalService\Dane aplikacji\tor tor service installed with following command: C:\Program Files\Tortor --service install Running on a Post-Win2K OS, so we'll assume that the LocalService account exist s. IMPORTANT NOTE: The Tor service will run under the account NT AUTHORITY\LocalService. Th is means that Tor will look for its configuration file under that account's Application Data directory, which is probably not the same as yours. Done with CreateService. Service installed successfully Service failed to start : W us│udze wyst╣pi│ wyj╣tek podczas obs│ugi ┐╣dania ko ntroli. Thats all what i get in commandline window servicepath is as follows C:\Program Files\Tor\tor.exe --nt-service login credentials of localservice in system log are 3 entries about 1. succesfull start signal sent to process 2. service entering stopped state 3 previously mentioned error ok, you want the torrc to reside in C:\Documents and Settings\LocalService\Dane aplikacji\tor\. you also want the log on option to use the LocalService account. so i would: 1.) close vidalia stop tor, make sure no tor.exe is running 2.) remove the tor service with command tor --service remove 3.) reinstall the tor service with command tor --service install now you should check in the service properties that the command line is correct (path to executable): C:\Program Files\Tor\tor.exe --nt-service if it doesn't look just like this, then maybe there is a bug with tor -install. you can manually edit the path to executable by using regedit and navigating to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tor and then editing the ImagePath string so it doesn't have improper quotes, etc. you also want to put all the options in torrc, including that rogue ControlPort 9051 that was being put in the command line. now, you will have a cleanly configured tor service with the torrc, cached-routers, cached-status, etc. in the C:\Documents and Settings\LocalService\Dane aplikacji\tor\ directory. here are contents of my torrc file that caused the error) --- SocksPort 9050 # what port to open for local application connections SocksListenAddress 127.0.0.1 # accept connections only from localhost Log debug file C:\Documents and Settings\LocalService\Tor.log.txt ControlPort 9051 Nickname popo-test --- contents of logile after the service failed none the logfile is not even created when i remove Nickname line everything starts normally no error messages and logfile looks as follows so it sounds like there is a problem with the Nickname option? according to the manpage this option can only use characters [a-zA-Z0-9], so that hyphen is invalid. i get the same error 7023 when trying that nickname, but everything works OK if i use popotest snip 2007/6/11, [EMAIL PROTECTED] [EMAIL PROTECTED]: On Sun, Jun 10, 2007 at 08:15:26PM +0200, [EMAIL PROTECTED] wrote 2.2K bytes in 30 lines about: First, is this behavior the same as a previous version of Tor? : Usługa Tor Win32 Service zakończyła działanie; wystąpił
Re: Some of my observations on runing new alpha version of Tor
just to be clear, that path to executable should be: C:\Program Files\Tor\tor.exe --nt-service sorry if the extra quotes were confusing signature.asc Description: OpenPGP digital signature
Re: All authorities have failed. Not trying any.
Roger Dingledine @ 2007/05/31 15:35: On Thu, May 31, 2007 at 03:32:37PM -0700, scar wrote: while Tor is still able to build circuits, it doesn't seem to be able to download updated lists of routers. then, after several days, there is no way for Tor to build circuits. is this related to the __AllDirActionsPrivate setting? related to the activity of the system (that is, that it gets put into standby and has intermittent internet access)? We told you that setting __AllDirActionsPrivate would do that if you don't provide some external mechanism for inserting descriptors yourself. You're welcome to try setting it anyway, but if it breaks, you get to keep both pieces. :) If you figure out what the issue is and have a patch, great. Otherwise, I'll just continue saying that it's not recommended. Good luck, --Roger my understanding was that all directory actions/requests would be private, that is, via Tor (using https). and Tor would continue to work normally. are you saying this setting is more like disabling directory requests? my first exposure to this setting was back in Nov 2006[1]. John wrote: So the initial burst of cleartext directory requests can't be avoided, but at least the subsequent updates are tunneled through Tor. but the subsequent updates are not happening. was John misspeaking? do we need to use HttpProxy 120.0.0.1? or is there no way yet to actually tunnel the subsequent directory requests through Tor, once an initial burst of cleartext directory requests has been made? thanks 1. http://archives.seul.org/or/talk/Nov-2006/msg00220.html signature.asc Description: OpenPGP digital signature
All authorities have failed. Not trying any.
i am getting this message on the same system which uses the __AllDirActionsPrivate, that is, WinXP now running the 0.1.2.14 version of Tor. it shows every minute: [Info] update_networkstatus_client_downloads(): Our most recent network-status document (from nobody) is 1180650256 seconds old; downloading another. [Info] update_networkstatus_client_downloads(): All authorities have failed. Not trying any. the system gets put into standby frequently, but gets access to the internet every 24 hours. and where is that age coming from? that amounts to 37 years while Tor is still able to build circuits, it doesn't seem to be able to download updated lists of routers. then, after several days, there is no way for Tor to build circuits. is this related to the __AllDirActionsPrivate setting? related to the activity of the system (that is, that it gets put into standby and has intermittent internet access)? signature.asc Description: OpenPGP digital signature
Re: bootstrapping and __alldiractionsprivate
scar @ 2007/05/05 00:53: i seem to be having trouble with this. i am using 0.1.2.13-win32. if i first start tor without __alldiractionsprivate, everything works as expected. then i add __alldiractionsprivate to torrc and reload. i have it running on a laptop that gets shut off frequently, but it gets access to the internet every 24 hours. all works well for a few days. after that, tor can't build any circuits. what's worse, if i take out __alldiractionsprivate from torrc and reload, tor still won't access the directory servers and build circuits. after deleting cached-routers and cached-routers.new, then i can get tor to contact the directory servers and the whole process starts over. so, what's going on here? i thought tor would access the directory servers using tor circuits and keep an updated list of routers at all times, but that doesn't seem to be happening. thanks excuse me. any help here? ;) signature.asc Description: OpenPGP digital signature
bootstrapping and __alldiractionsprivate
i seem to be having trouble with this. i am using 0.1.2.13-win32. if i first start tor without __alldiractionsprivate, everything works as expected. then i add __alldiractionsprivate to torrc and reload. i have it running on a laptop that gets shut off frequently, but it gets access to the internet every 24 hours. all works well for a few days. after that, tor can't build any circuits. what's worse, if i take out __alldiractionsprivate from torrc and reload, tor still won't access the directory servers and build circuits. after deleting cached-routers and cached-routers.new, then i can get tor to contact the directory servers and the whole process starts over. so, what's going on here? i thought tor would access the directory servers using tor circuits and keep an updated list of routers at all times, but that doesn't seem to be happening. thanks signature.asc Description: OpenPGP digital signature
HttpProxy
reading this has caused me to question my setting __AllDirActionsPrivate, and i see this option is not even in the man page. should i be using HttpProxy, or some other setting? or, is __AllDirActionsPrivate still valid? using 0.1.2.12-rc. thanks. signature.asc Description: OpenPGP digital signature
Re: Another Method to Block Java Hijinks
norvid @ 2007/04/05 17:18: On 4/5/07, James Muir [EMAIL PROTECTED] wrote: norvid wrote: On 4/5/07, James Muir [EMAIL PROTECTED] wrote: norvid wrote: snip I've heard that properly configuring a firewall can be tricky. In any case, using a firewall still doesn't protect from Java applets reading identifying information locally and sending it back through the anonymous connection. Actually, I believe that with the browser denied access to the internet, the normal 2-way java applet communication is prevented. Please try the test I mentioned. In the tests that I have done previously, the Java VM inherits the proxy settings listed in the browser (at least this is what is supposed to happen; sometimes this does not happen). So if the browser is configured to use Privoxy and these setting are communicated correctly to the Java VM, what is there to stop a Java applet from sending back data through Privoxy? I don't know the answers to these questions other than to say that I am not configuring any of the proxy settings in the Java VM. They are the default. I have tried to configure Java VM proxy settings with no apparent success. I have no idea why this does not work. My test might best be performed on a Windows machine as the availability of software firewalls is fairly extensive. Alot of these are easily configurable to block the browser and allow Privoxy access. Although I don't have much experience with Linux, I'm guessing that it might be a little more difficult to configure than Windows. I am certain that on my machine using two different firewalls, the very specific test I detailed will not determine my real IP even though Java is enabled. Of course it cannot determine my IP if Java is disabled also. i think what we are trying to say here, is: even though this configuration may prevent java from determining the user's IP, it does not prevent java from determining other personal information. this information may include: the local time of the user's machine, screen resolution color depth, operating system browser version (if this is found to differ from the UserAgent reply, isn't that suspicious?), and probably many, many other items. these could be just as revealing as an IP address. so, unfortunately, i don't see the point of this configuration with anonymity in mind. signature.asc Description: OpenPGP digital signature
