Re: [tor-talk] Firefox DNS leak?
the v24.0.1 esr firefox (windows xp pro) .. always trying to use local dns, even after setting socks5. showing up in security software logs, (triggered when any website visited or related activity). Received from grarpamp, on 2013-11-14 8:42 PM: ubuntu 12.0.4 lts updated ff 25.0 (ubuntu, not tbb) set proxy all to tor via socks5 set dns proxy socks surf to stackexchange.com see udp dns leak via tcpdump any confirmation / fixes ? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: SecureDrop, new whistleblower submission system
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Oracle Virtualbox (GPL, free) and VMware Fusion (Proprietary, not-Free), VMware Player (Proprietary, free), etc all works on MacOSX (or OSX86). Oracle VirtualBox and VMware WorkStation and VMware Player, etc all works on Linux, Windows, etc Host OS. In VMware Player a new VM cannot be created, copied VM can be used, and then can be modified. In VMware WorkStation, VM can be created modified. WorkStation (it comes with the free Player) can be downloaded as Trial usage mode. These hypervisor software will allow to create VM (Virtual Machines) for Guest OS, running on top of the Host OS/machine. Everything inside a VM is virtual/emulated/simulated. (Almost) ANY bootable or Live-Bootable DVD/CD ISO files, Physical DVD/CD-ROM drives, Bootable or Non-Bootable Physical USB flash drives/sticks, etc all can be directly attached with a VM, and then run inside a VM. Inside a VM, virtual empty drive or virtual formatted drive, etc can be attached created. VM and Virtual drive's can be encrypted too. Such virtual empty-drive or formatted-drive will actually exist as a physical file in Host OS. On older FAT32 based host OS, file will/may span over multiple files distributed on 1024 MBytes files. On NTFS, HPFS, LVM, ext2/3, etc file will remain as 1 large file. You can create VM with a virtual drive, or without a virtual drive, upto you. Inside a VM, a physical drive partition can also be used as a virtual-drive. And compacting features can be used to reduce physical file-size, related to any VM. Oracle VirtualBox and VMware WorkStation/Fusion/Player etc all have extension-packs, which contains latest virtual drivers. Some are generic, GPL. Some are proprietory. If the Guest-OS disk/disc/drive/stick, pre-includes those virtual-drivers, then such Guest-OS can run even better inside the VM. Before installing VirtualBox or VMware, etc hypervisor software, do this : Go inside your physical HOST computer's UEFI/EFI/BIOS (usually by pressing F2, F10, F8, F1, Command, etc keboard buttons), and enable feature such as : Virtualization, AMD-V, Intel VT-x, etc ... whichever you will see inside your BIOS/firmware. Physical computers which will have those Hardware(HW) based virtualization support, then VM will run smoothly faster in those computers, videos will play better, OR ELSE, those hypervisor software will create partial virtualization or para-virtualization environment/container based VM ... which will be slow and less smooth ... but will at-least run. TAILS should release a VirtualBox VM based edition. And disable/disconnect usb web-cam inside a VM, and better is to cover the web-cam with a white-or-black small piece of paper. Some computers model already comes with a physical shutter to cover the web-cam glass-hole. PCI-passthrough features in hypervisor software can be used to connect extra/2nd PCI / PCIe based keyboard interface or other physical hardware devices DIRECTLY with the Guest-OS VM, to use a completely separate keyboard or other device, than host's keyboard. And there are GRUB, etc boot-manipulation software based tiny bootable iso which can also be used with hypervisor/VM, to boot from a Physical Bootable USB sticks, inside VM, directly. Bootable USB sticks can be imaged, and can be booted inside the VM as well. Hope these info helps, - -- Bright Star. Received from intrigeri, on 2013-11-01 2:30 AM: Micah Lee wrote (31 Oct 2013 22:24:13 GMT) : With SecureDrop, the viewing station requires Tails with persistent storage, and you can only use persistent storage if you boot off of a USB stick. FTR: you can boot from DVD and use persistence on a USB stick. It's not documented nor formally supported, but I'm told it works fine. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJSc5IwAAoJEID2ikYfWSP6MCoP/1oPgNRqqSp6TIKBywk2f8It k05p/wbhHkncBolhrSrae5uXPIpaSm61xjod4tODVv9Sdql4OIlHKuf2lCwhhFBm Yc9WdkeeISLfgOAJ1Xx+lQS/63SYfFG/rGqykcide/S/ffaB+MC2BO6qWhpsoPNr OhGoT+xmS+5wU/LmXvav7xGPIw8jM21R7Ow6j0IntLEW5DlELgLDAMQqFyrT1rVs 2junaPn+cXM1fmtLORQUzUVqtnyKMAjCY5/qqWxNuBdCbjjff8MKM/BTYU7SH71i gEhmvCsI3+muKbqtBC8yLSOYxxwbMEAQTA0eOKlHi6dfmPaqy5uXWjhKpHjiM5qW 4j3LSgReNlEK+9XKrUYZmy6LZ2p73CdhRnhmjLJP6D05Xs3cXhanqdYc9IRtCgsf gZsC03aBQ6/JcGURr8YJ6IJeBWxdbKbdMUUjoI3/FCGsjVTkdoeJ8DE2yTgSvB8+ 6YCIaGLT/qI3SYgWMzYYtl2Q0y0D2Ht7RAMjmVVu+SnUCeqxUjo7G4kJYiOM0pC7 vcTNOVKiFhp192PGVc+j4vCcpfKwkBdBcbSpuhaA6QUQqEUor4U0FcjiV4NqdfYh qRCUZbDOZgxwcgdj6oHhLfUYKc5uCkO3qsl3RTxpPUQecNbXBiXxQUOdM7Cn9Wvt Xq7wBEVIwABkWijLgJrS =/iHe -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] VOIP and tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 As far as i'm aware there are few voice text language physical-machine based translator, that can convert language, and then speak it out with another speakers voice in another language. That is what VoIP software over Tor needs to use and implement. For live person to person discussion or talk: Delay is of less importance (that is 2nd or later priority). Anonymity is of more importance (that is, first priority). User voice has biological marks/fingerprints. A user's own voice should not be broadcasted/sent to other side. Both/all side MUST do similar to this (when using Tor): VoIP software - voice - convert voice2text - text - sent to other side, over encrypted tunnel - text2voice(use_profile_male_John) - voice. Such VoIP client need to have practice+correction+train MODE. So users can SPEAK various things and REPLAY it, by choosing one out of different common audio-profiles, like John, Jane, etc, to hear and test what other side will hear. Then use it for conversation. And it will also be nice to have speech variation even for single profile, like John. Then more than one person can use such for GROUP DISCUSSION purpose, instead of (two-party) TALK/DISCUSSION. This idea came from practical use case description from another user: that user has sent his/her TYPED-IN text in a Text2Speech free software, that software SPEAKED/PLAYED those typed text out load, and software was configured to use specific output audio channel, that audio channel was used as input for VoIP software to travel over Tor, for that communication, (initially VPN was used, but later) SSH ethernet tunnel was used and worked. - -- Bright Star. Oct 23, 2013. Received from Mirimir, on 2013-10-22 11:08 PM: On 10/22/2013 11:42 PM, Matt wrote: On Tue, 22 Oct 2013 21:15:46 -0600 Mirimir miri...@riseup.net wrote: Was there much break-up? The sound quality was surprisingly clear in my tests, and I didn't have any dropped calls, even over extended periods of time. I never got around to directly comparing UDP mode via VPN via Tor, versus TCP mode via just Tor. My initial experience convinced me that VoIP and anonymity are entirely incompatible :( I don't think this true at all. If you want to use torsocks and mumble together, you may want to try it with dgoulet's new torsocks rewrite. I'm referring to voice recognition. Once a resourceful adversary has a sample of your voice from Mumble, they can match it with intercepts from POTS, cellphone systems, Skype, Zoom, other VoIP, etc. And it's very hard to disguise voice effectively. -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJSaK7jAAoJEID2ikYfWSP6HO4P/2gIzmY26LR0hX2huEYWCGrc o1jhJcXt5SSomi2m2KKbv/vls+L+GKTFzPaRZtZhOQ+DeShiDOQzuXj1Dvmbrzep 8UDRYL/TmyTGP2ZGcEap9GpKdJCSYiaKxIxcRh6O0UcKpUK2xc5udF675bT68mOs 7zRS2oHGrlDMlwAltCB9J0qohLVfCgHtDTojvIx085cvXM/FFrC4sFON+CISL8oc 94fx4tOdSVzHx9ZT9FY4MXYvXUy7mPmHf+vmKeaa9dc8q+ulpVf+66BmCxYZZnT3 Nzu3hF8ymxTwwDsmIgF8G15lk1E504r0fXm9XmZkYN8nzYBT/6iaKeMz/lMktXSy ZJoD/6hZI8EfXumScin7g1M/c2bMoopj8DD4AyBhvyd/D6m1EypLkKCKkxdI0KnV iUEWxPyXiqNQKoeEPtd8LrQ85SX7htMT6KY0gqV7S563v2cJp6luiYRg03j3kq7v OClZyODgrCcTPnbXHiie1SMmMTlBVaaYXncyNHde6PoeRGJpw8MT8aAZg6xLhxR3 mheszV8S9vXqvZ3kdQ9JpBZUfM5sucC+6kcFd47KsD20l85v4SNMnN3KnHiyaKd3 O0tUK+oP44Bq7wh0KdlkoXORWbDY+sJiwC1/ayzwdIDxAM/QQuPOWawH++dVZfDQ FvmJyGVnpWxgO5oUBLST =ZQZa -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB browser without Tor/Vidalia
Strange response ! ... Most config currently shown on page from 3rd link are Linux/Unix, whereas you are using WindowsXP, and i gave you WindowsXP related instructions. -- Bright Star. Received from Gerardo, on 2013-08-14 1:35 PM: Thank you all, Actually, from the 3rd link, there is a very good recommendation: Leave Vidalia Running while closing Firefox (Tor Browser) .. Alternatively, you could also use a second Tor instance and let it listen on another port TBB uses as ControlPort 9151 and SocksPort 9150, and, respectively, Vidalia Relay 9050 9051, so, it's possible to run both (since I only use TBB for little while, and V. Relay a lot more with Thunderbird+TorBirdy) Thanks again!!! Gerardo (Link to patches: [3]) [3] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB browser without Tor/Vidalia
If you were to really READ and TRY to Understand what i suggested to the other user, you wound not have to post such message, or say sorry. Do not always assume you are always right. And please do not act on impulse. -- Bright Star. Received from adrelanos, on 2013-08-14 7:38 AM: This is documented here (*nix specific, not Windows, sorry): https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers#UseTorBrowserwithalocallyinstalledTorVidaliaNIXONLY Its a bit difficult for TBB stable, with easier with TBB alpha 3. When TBB alpha 3 gets stable, these instructions can be simplified. For Windows there is some discussion here: http://www.wilderssecurity.com/showthread.php?t=339051page=14 (Where it starts with Does anyone know if separating tor and vidalia from the browser is possible?) Hope that helps. If you figure out instructions for Whonix, please let us know or add it to the torproject wiki. signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB browser without Tor/Vidalia
I think user adrelanos user even did not read my post, or else such comment you would not see posted by someone. Be very careful about such user (like adrelanos), who posts and bashes and insults others without reading or understanding related matters. He assumed thinks, i'm starting Firefox Portable. Just because i suggested to get Firefox Poratble does not mean, i'm suggesting to use it, or used it. I advised not to use Portable Firefox via Tor. And suggested to use TorBrowser (which is based on firefox). What is suggested, will result into, starting a TorBrowser from inside TBB_02 folder, not the Firefox Portable downloaded from portableapps.com site. -- Bright Star. Received from adrelanos, on 2013-08-14 7:52 AM: I mean no offense, but must say, that Bry8 Star is confused. Use anything he says with great care. I don't think he acts in bad faith, but is really confused. Examples of him telling what others ought to do: - All Tor binary software signing GPG (full and public-side) code must be published/shared via DNS. [1] - [..] And so, there MUST be some form of DNS-caching present in libunbound/Tor-client side [...] [1] He manages to get responses such as Since this is a free software (rather than insist software or beg software) [2]. Bry8 Star: Obtain last stable release of Firefox Portable from the portableapps.com site, and install inside C:\PortableApps\ folder. No, don't do this. It's not safe. Using Firefox with Tor is deprecated and recommended against. Use Tor Browser, because Tor Browser contains patches. (Link to patches: [3]) [1] https://lists.torproject.org/pipermail/tor-dev/2013-August/005266.html [2] http://cygwin.com/ml/cygwin/2012-09/msg00363.html [3] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: TBB browser without Tor/Vidalia
Hi, Current TBB, when installed (in WinXP), will use port 9150 (to be more correct: 127.0.0.1:9150) as the Tor-proxy IP-address:port, it is a Socks5 proxy port, so other apps which you need to route/go thru Tor-network will need to be (network-settings-)configured, to use that socks5 port, the port 9150, and most likely they will need ip-address, that will be your computer's local ip address : 127.0.0.1 And in between IP-adrs port, the : symbol is usually used in most software (but not always), or apps may have different textbox for IP-adrs and port. And in your other apps, if it have option to choose type of proxy, then select Socks5 proxy option. The apps which you do not want to route/go thru Tor-network, leave them as is. Vidalia.exe connects with Tor.exe on Tor.exe's port 9153 to control Tor related activities. Older TBB software used Socks5 port 9050, and control port 9051. Received from Gerardo Rodríguez, on 2013-08-13 3:20 PM: Sory, is the 9050 in vidalia relay and 9150 in tbb -- Forwarded message -- From: Gerardo Rodríguez g3r9...@gmail.com Date: 2013/8/13 Subject: TBB browser without Tor/Vidalia To: tor-talk@lists.torproject.org Hi, I'm trying to run the TBB browser separately* *from Vidalia, I want to star using Vidalia as a relay. So far I've been using the TBB with no problems, but for security reasons I use it from a encrypted area (mostly because of the browser), and the relay consumes a lot of resources if I run it from this area (the encrypted one). I'm on windows xp, any help will be appreciated Gerardo ps: I already tried to run the tbb-firefox.exe directly - it just created a new profile at %appdata%. Also tried to call it with -no-remote -profile [path to profile in TBB], and, the browser did open, but it couldn't connect to Tor (v. relay uses port 9050 instead of 9051, the one used in TBB, I tried to change it in the browser with no success...) signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB browser without Tor/Vidalia
For example, if you decompress tor-browser-versn#_en-US.exe or zip file using decompressing software like, 7-zip, in a folder named TBB_versn# (inside C:\PortableApps\ folder) then inside that TBB_versn# folder you should see, one sub-folder, named: Tor Browser Then if you go inside that Tor Browser folder, you will see these below sub-folders: FirefoxPortable Docs Data App - - - - - - Create a new folder-structure like this: C:\PortableApps\TBB_02\Tor Browser\ - - - - - - Then copy that FirefoxPortable from C:\PortableApps\TBB_versn#\Tor Browser\ folder, into above new folder-structure. - - - - - - Obtain last stable release of Firefox Portable from the portableapps.com site, and install inside C:\PortableApps\ folder. Copy the FirefoxPortable.exe file from C:\PortableApps\FirefoxPortable\ into below folder location: C:\PortableApps\TBB_02\Tor Browser\FirefoxPortable\ Create a shortcut-link of below .exe file on your windows Desktop: C:\PortableApps\TBB_02\Tor Browser\FirefoxPortable\FirefoxPortable.exe Rename the shortcut in your desktop, into Firefox_TBB_02, or Firefox TBB 02, so its easier to understand what it is. - - - - - - Open the below file for editing: C:\PortableApps\TBB_02\Tor Browser\FirefoxPortable\FirefoxPortable.ini find and change the below line, from: FirefoxExecutable=firefox.exe into this: FirefoxExecutable=tbb-firefox.exe - - - - - - So then, if you run the shortcut-link on your Desktop, then you can START the FIREFOX, that you copied from last TBB. - - - - - - Another optional way (means, you do not have to do these steps, unless you want to test this process out) to start the Firefox from TBB_02 is to do these: Create a TXT file inside below folder location: C:\PortableApps\TBB_02\Tor Browser\ then rename it to : Start_TBB_Firefox.cmd then open Start_TBB_Firefox.cmd it for edit, and add below one command-line: @C:\PortableApps\TBB_02\Tor Browser\FirefoxPortable\App\Firefox\tbb-firefox.exe /DC:\PortableApps\TBB_02\Tor Browser\FirefoxPortable\ -profile C:\PortableApps\TBB_02\Tor Browser\FirefoxPortable\Data\profile -no-remote so then, that batch script file Start_TBB_Firefox.cmd can also be used to start TBB firefox. - - - - - - After you start Firefox any of the above way, you will have to make sure, the network-settings are properly set or not. If you are using default TBB, (and current default TBB uses port 9150 as socks5 port), so that is/port what should be shown inside Network Settings, and inside Torbutton, if not, use custom settings and force it to use 127.0.0.1:9150 and socks5 proxy. And if you have firewall/security software, then make sure tbb-firefox.exe which is inside TBB_02 folder, can only connect outbound with port 9150, (and also allow tbb-firefox.exe to connect with any local port of local loopback address (127.0.0.1) only). tbb-firefox should not be allowed to connect with any internet server or with any dns-server, (neither locally or which is in internet). - - - - - - Using TBB-Firefox copied out of last+latest TBB bundle is better, than using Portable Firefox or full Firefox, as it is already pre-configured with many anonymity related tweaks. But make sure TBB-firefox's various internal and extension settings are really set onto protect your Anonymity and Privacy, first, ... rather than comfortableness or ease-of-use. Anonymity and Privacy is more important than any other advantages. or else go use something else. -- Bright Star. Received from Gerardo, on 2013-08-14 12:25 AM: I didn't understand... I'm looking for a way to run the browser that comes with the TBB without Vidalia and Tor, this two to I'll run them via a Vidalia relay; how can I do this? You should try the 3.0 alpha releases, where Vidalia is completely gone from TBB. I don't see how it could solve your problem, but it might. https://archive.torproject.org/tor-package-archive/torbrowser/3.0a3/ Tor as a client should not consume that many resources, especially since you're talking about disk encryption, and Tor does not touch your disk much. I wonder what the underlying issue is here. signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: TBB browser without Tor/Vidalia
correction: ... port 9151 ... Vidalia.exe connects with Tor.exe on Tor.exe's port 9153 to control Tor related activities. Received from Bry8 Star, on 2013-08-14 2:12 AM: Hi, Current TBB, when installed (in WinXP), will use port 9150 (to be more correct: 127.0.0.1:9150) as the Tor-proxy IP-address:port, it is a Socks5 proxy port, so other apps which you need to route/go thru Tor-network will need to be (network-settings-)configured, to use that socks5 port, the port 9150, and most likely they will need ip-address, that will be your computer's local ip address : 127.0.0.1 And in between IP-adrs port, the : symbol is usually used in most software (but not always), or apps may have different textbox for IP-adrs and port. And in your other apps, if it have option to choose type of proxy, then select Socks5 proxy option. The apps which you do not want to route/go thru Tor-network, leave them as is. Vidalia.exe connects with Tor.exe on Tor.exe's port 9153 to control Tor related activities. Older TBB software used Socks5 port 9050, and control port 9051. Received from Gerardo Rodríguez, on 2013-08-13 3:20 PM: Sory, is the 9050 in vidalia relay and 9150 in tbb -- Forwarded message -- From: Gerardo Rodríguez g3r9...@gmail.com Date: 2013/8/13 Subject: TBB browser without Tor/Vidalia To: tor-talk@lists.torproject.org Hi, I'm trying to run the TBB browser separately* *from Vidalia, I want to star using Vidalia as a relay. So far I've been using the TBB with no problems, but for security reasons I use it from a encrypted area (mostly because of the browser), and the relay consumes a lot of resources if I run it from this area (the encrypted one). I'm on windows xp, any help will be appreciated Gerardo ps: I already tried to run the tbb-firefox.exe directly - it just created a new profile at %appdata%. Also tried to call it with -no-remote -profile [path to profile in TBB], and, the browser did open, but it couldn't connect to Tor (v. relay uses port 9050 instead of 9051, the one used in TBB, I tried to change it in the browser with no success...) signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor security advisory: Old Tor Browser Bundles vulnerable
In my opinion, After installing TBB (Tor Browser Bundle), users should disable JS (JavaScript) by default, and enable JS, ONLY when visiting a website and if the user must have to, to view a very specific portion. TBB by default keeps Script Globally Allowed option ENABLED or selected, inside NoScript extension/plugin. It should be set to Disabled or keep unselected. If your NoScript plugin/extension shows the option Forbid Scripts Globally, (inside General tab window), then select/enable it. It is more important that Privacy remains intact, then a website appearing nice on 1st visit. User can enable JS for certain set of URL for a website, if they NEED to, by themselves. They just need to enable few domains with certain sub-domains of from the NoScript icon or warning-button. If a website (for example: TorProject.org) is trustworthy then users can choose Allow TorProject.org in NoScrpt plugin/extension (Crossed-out-alphabet-S) icon, instead of Temporarily allow TorProject.org option. Then allowed site will not cause NoScript to bug/ask user with prompt-message for permission. (I requested to keep Global JS disabled by default, many times, but many ignored, we had long conversation in IRC chans, multiple times). The main purpose of using NoScript is, that, on 1st visit to a known or unknown website, that website's JS codes not suppose to load/start automatically, unless user (website's visitor) inspects website first, and then allows JS for sub-domains/domains manually. Those who want to keep JS globally enabled, they should do it by selves and understand+take the risk, (which is not right thing to do at-all), but that is again, just my own opinion and request. Do not infect your web-browser or loose Anonymity on your 1st visit to a website. (So, Keep JS off, cross-site script off/disabled, etc). Regular user has no way to know, when a website is/was hacked or when some mistake was made, and then, some unwanted (harmful/malware) codes are coming to you and getting executed on your computer. There is WOT plugin, for non Tor internet websites. A similar new plugin is needed, which will accept recommendation only from users who are using Tor exit-nodes or onion host. So that such new Tor-WOT plugin can show which site is trusted or not, by other Tor proxy users. May be new one can even import some portion of data from regular WOT, if that data is GPL/shareable. -- Bright Star. Received from Roger Dingledine, on 2013-08-05 8:13 AM: SUMMARY: This is a critical security announcement. An attack that exploits a Firefox vulnerability in JavaScript [1] has been observed in the wild. Specifically, Windows users using the Tor Browser Bundle (which includes Firefox plus privacy patches [2]) appear to have been targeted. This vulnerability was fixed in Firefox 17.0.7 ESR [3]. The following versions of the Tor Browser Bundle include this fixed version: 2.3.25-10 (released June 26 2013) [4] 2.4.15-alpha-1 (released June 26 2013) [4] 2.4.15-beta-1 (released July 8 2013) [5] 3.0alpha2 (released June 30 2013) [6] Tor Browser Bundle users should ensure they're running a recent enough bundle version, and consider taking further security precautions as described below. WHO IS AFFECTED: In principle, all users of all Tor Browser Bundles earlier than the above versions are vulnerable. But in practice, it appears that only Windows users with vulnerable Firefox versions were actually exploitable by this attack. (If you're not sure what version you have, click on Help - About Torbrowser and make sure it says Firefox 17.0.7. Here's a video: [7]) To be clear, while the Firefox vulnerability is cross-platform, the attack code is Windows-specific. It appears that TBB users on Linux and OS X, as well as users of LiveCD systems like Tails, were not exploited by this attack. IMPACT: The vulnerability allows arbitrary code execution, so an attacker could in principle take over the victim's computer. However, the observed version of the attack appears to collect the hostname and MAC address of the victim computer, send that to a remote webserver over a non-Tor connection, and then crash or exit [8]. The attack appears to have been injected into (or by) various Tor hidden services [9], and it's reasonable to conclude that the attacker now has a list of vulnerable Tor users who visited those hidden services. We don't currently believe that the attack modifies anything on the victim computer. WHAT TO DO: First, be sure you're running a recent enough Tor Browser Bundle. That should keep you safe from this attack. Second, be sure to keep up-to-date in the future. Tor Browser Bundle automatically checks whether it's out of date, and notifies you on its homepage when you need to upgrade. Recent versions also add a flashing exclamation point over the Tor onion icon. We also post
Re: [tor-talk] Tor security advisory: Old Tor Browser Bundles vulnerable
Response is below, in-between. Received from scarp, on 2013-08-07 4:44 AM: Bry8 Star: In my opinion, After installing TBB (Tor Browser Bundle), users should disable JS (JavaScript) by default, and enable JS, ONLY when visiting a website and if the user must have to, to view a very specific portion. TBB by default keeps Script Globally Allowed option ENABLED or selected, inside NoScript extension/plugin. It should be set to Disabled or keep unselected. If your NoScript plugin/extension shows the option Forbid Scripts Globally, (inside General tab window), then select/enable it. It is more important that Privacy remains intact, then a website appearing nice on 1st visit. ... than a website ... User can enable JS for certain set of URL for a website, if they NEED to, by themselves. You're forgetting an exploiter can use AngularJS or something similar that uses MVC strategies to make the website non-functional until you enable JavaScript on that page. Doing so, many users unaware of their favorite website has been compromised would do so just thinking that the site was updated to require JavaScript. A new firefox extension Tor-WOT (Web Of Trust) can be useful, as already mentioned by me in my previous email. WOT shows icon. After visiting a site, users can just look at the WOT-icon status, and can/may decide/choose if he/she wants to allow JS or not. Unless you audit the JavaScript code using noscript isn't the be-all-end-all protection. I believe the torproject provides that to prevent some XSS attacks. I believe the bigger problem here is that the Tor Browser needs to automatically update itself. Users of 17.0.7 (june's release) were unaffected. The idea that a web browser doesn't automatically accept security patches is a joke in this day and age. That issue needs to be expedited. I would suggest such way : Tor-Browser need to download the UPDATEable Tor-Browser like this : 1st get ONLY the SHA-256 or SHA-512 hash/checksum of the Updateable Tor-Browser (a small file) file from (TorProject.org's) onion host via Tor proxy. Then TorBrowser should get the actual full Updateable file from any one of the set of download mirror onion sites. Check downloaded file with the previously received HASH code. When checking succeeded, then update it. But pls make sure update-process asks user, in what way he/she wants to update ? in (1) an overwrite and loose all previous settings way, or (2) keep existing extension settings (like, TabMix Plus, SessionManager, Torbutton, NoScript, etc) and update older one with new Tor-Browser. (I have updated older TorBrowser (Firefox portion only) with newer ones, first few times i wasn't able to update without loosing my old extension's settings, luckily i made backup of original folder before experimenting, so at the end i was able to figure out which folders and files need to be updated so that older extensions do not loose data (or settings data were exported in external file), and then after update, settings were imported back which were exported). Best would have been something similar to what PortableApps Firefox does, it can completely keep previous settings. User who needs fresh installations, they can install TBB or update in a new folder. Further I think more emphasis needs to be there to get users to use isolated network setups like Whonix or TAILS, or some other officially supported method that accomplishes the same outcomes. JavaScript will be irrelevant if users are socially engineered to run some other arbitrary code, possibly posing as a browser extension or email attachment, ie a PDF. These (TAILS, etc) requires more extra tools or device and/or more/other necessary steps or components. If simple Tor users cannot choose or do simple mouse-click on Allow or Temporarily allow JS options in NoScipt icon, for the site he/she is visiting, (and may need to temporarily-allow few more extra/related content sites, used by primary website that he/she is visiting), then such users will make even more mistakes in using those, and will be more hard for them. But no doubt those are best (recommended) ways. The NoScript is like your pet-dog, you will have to train it, once you adjust or train (that is, you select JS options properly) then it will not bother you anymore, and keep obeying/following you/your instructions, the way you want it. First dis-allow execution of global JS option in NoScript. TLD = Top Level Domain. For example, the .org portion in TorProject.org. SLD = Second Level Domain. For example, the TorProject portion in TorProject.org. 3LD/sub = 3rd level domain. For example, the trac portion in trac.TorProject.org. The trac portion can also be called a sub-domain. Sub-domain of TorProject.org. The website which Tor user is visiting, if user trusts it (you may see WOT icon's recommendation), then select Allow (SLD portion) in NoScript icon. And the websites which you/user do not need
Re: [tor-talk] Disabled Torbirdy itself Leaks DNS
It seems new Torbirdy 0.1.1 has just solved this specific problem. :) great work, THANKS. Note: * s/those options remains same/those options which mentioned above remains same/ * s/all remain same/all that were mentioned above remain same/ Received from Bry8 Star, on 2013-03-15 3:15 AM: Hi, when i setup socks5 proxy (without torbirdy plugin) in Thunderbird, then these config options are set: network.proxy.socks=127.0.0.1 network.proxy.socks_port=9050 network.proxy.type=1 network.proxy.socks_version=5 network.proxy.socks_remote_dns=true and i also manually set few other config params/options, that are related to make this specific thunderbird anonymous friendly. with those thunderbird works fine. And, after installing Torbirdy plugin, those options remains same. But when i disabled Torbirdy, then: except for below config option, all remain same: network.proxy.socks_remote_dns=false And because of this, Thunderbird starts to use local DNS resolver on user's local computer, instead of using remote dns via Socks5 proxy ! Thus, a disabled Torbirdy itself is cause of DNS leaks. Luckily i have firewall in place, which previously pre-set to not-allow any traffic from Thunderbird toward any where else, only connection allowed for Thunderbird, is toward the ip address 127.0.0.1 on port 9050. (And on windows boxes, i needed to allow local(127.0.0.1) loop connection for Thunderbird itself). And firewall is also configured to WARN me if Thunderbird (or any Torified app) tries to use anything other than what was mentioned in above paragraph. So i was able to view these DNS leak attempts. So when Torbirdy plugin is disabled, then it should not change that config option to false, it should keep it to true if user previously was using socks5 proxy by specifying it manually. Torbirdy should be able to use a file or technique, which will allow it to remember what params/options values were used before, so when disabled it should revert back only those specific settings which it changed, not to what it thinks it should be. So pls create bug-report or please take steps to solve such problem(s). Thank you, -- Bright Star. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Disabled Torbirdy itself Leaks DNS
Hi, when i setup socks5 proxy (without torbirdy plugin) in Thunderbird, then these config options are set: network.proxy.socks=127.0.0.1 network.proxy.socks_port=9050 network.proxy.type=1 network.proxy.socks_version=5 network.proxy.socks_remote_dns=true and i also manually set few other config params/options, that are related to make this specific thunderbird anonymous friendly. with those thunderbird works fine. And, after installing Torbirdy plugin, those options remains same. But when i disabled Torbirdy, then: except for below config option, all remain same: network.proxy.socks_remote_dns=false And because of this, Thunderbird starts to use local DNS resolver on user's local computer, instead of using remote dns via Socks5 proxy ! Thus, a disabled Torbirdy itself is cause of DNS leaks. Luckily i have firewall in place, which previously pre-set to not-allow any traffic from Thunderbird toward any where else, only connection allowed for Thunderbird, is toward the ip address 127.0.0.1 on port 9050. (And on windows boxes, i needed to allow local(127.0.0.1) loop connection for Thunderbird itself). And firewall is also configured to WARN me if Thunderbird (or any Torified app) tries to use anything other than what was mentioned in above paragraph. So i was able to view these DNS leak attempts. So when Torbirdy plugin is disabled, then it should not change that config option to false, it should keep it to true if user previously was using socks5 proxy by specifying it manually. Torbirdy should be able to use a file or technique, which will allow it to remember what params/options values were used before, so when disabled it should revert back only those specific settings which it changed, not to what it thinks it should be. So pls create bug-report or please take steps to solve such problem(s). Thank you, -- Bright Star. signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Does TorProject Delay eMail Postings ?
Hi, Almost everytime i post an email message in TorProject mailing list, i get that email back to my folder after at-least 18 mins (minutes) or later, almost never in shorter time period than that ! why is that ? whereas my other emails when sent toward CentOS or RedHat or any other Mailing list, after posting i need at max 45 seconds to see it back in my INBOX or inside their pre-assigned folder. By the way, even my emails inside Spam, and Bilk Mail folders, goes through Filter Rules, so any important emails are picked up from there and moved inside their assigned folder. Anybody else noticing these ! ? -- Bright Star. signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] problems with TorBirdy
Hi Sukhbir ... THANKS, again. GnuPG/OpenPGP signed encrypted email message allows for minimum 62 or 68 wraplength, i can't recall the exact value at this moment, but that min length would be nice to set. (That is my own choice, obviously that will not be same as others/all). I see that now #8318 is closed/solved, that is, Torbirdy will allow to set user's own settings: https://trac.torproject.org/projects/tor/ticket/8318 ... Thanks. Hope to see better Torbirdy soon. Finally with help of another user, was able to force few settings on TB (Thunderbird), of my own choice(s). (I do not feel comfortable on doing those configurations manually over over again again). Warning: Do not follow below instruction, unless you are expert enough and understand what you're doing, (Do not blame me later for any reason .. I warned). Had to create local-settings.js inside the defaults/pref folder in TB, added one line: pref(general.config.filename, mozilla.cfg); (without the beginning and ending double-quote symbols). Then created mozilla.cfg file next to TB binary/exe file, added previously mentioned config-settings ( i copied my choice of config-setting lines from prefs.js file and set them with my own choice of values and changed command word from user_pref into lockPref in mozilla.cfg, it needed one top/1st line with only two // slash symbols ). Restarted TB (thunderbird) ... my choice of custom settings remained intact. If there was an option in Torbirdy or on another Thunderbird addon, to allow TB users to override few config settings after TB restarts, (with a press of a button or status bar icon), that would have been better, then one would not need to lock those settings, to save oneself from doing too much repeated manual configurations. There are some settings that a user wants or must use constantly under one Thunderbird profile, and may be another settings under another Thunderbird profile. -- Bright Star. Received from Sukhbir Singh, on 2013-02-23 5:50 PM: Bry8 Star: I manually change mailnews.wraplength inside about:config of TB (Thunderbird), from 72 to 68, but when TB is restarted it goes back to 72 again ! why it is not honoring my custom settings ! ? Yup, lots of people have asked for this and we should allow users to set their own custom length and not enforce the 72 character limit. I have opened a ticket for this: #8318. I manually change mailnews.reply_header_authorwrote inside about:config of TB (Thunderbird), from %s into Received from %s, but when TB is restarted it goes back to %s again ! why it is not honoring my custom settings ! ? i manually change the mailnews.reply_header_type, from value 1 into 3, but it goes back to 1 when TB restarts ! Yes, this is enforced. See: https://lists.torproject.org/pipermail/tor-talk/2012-May/024380.html https://lists.torproject.org/pipermail/tor-talk/2012-May/024395.html In OpenPGP menu bar option in TB Preferences Advanced Additional parameters for GnuPG : i change this value from : --no-emit-version --no-comments --throw-keyids --display-charset utf-8 --keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118 --keyserver hkp://2eghzlv2wwcq7u7y.onion And when Thunderbird is restarted, its gone back to http-proxy port 8118 ! why ? why it does not allow me to use my own custom settings ! ? Like we discussed before in tor-dev, this is related to: #2846, #7068, where we are just fail-closing Enigmail. At this stage, I am not sure whether we are going to support custom settings for this as we have plans to ship our own HTTP proxy or shim, so for now, I suggest you just change the port on which your HTTP proxy listens to 8118, which is TorBirdy's default. SOLUTION/SUGGESTION: TorBirdy need to have a BUTTON, may be something close to RESET, that will reset back all custom settings to default (Anonymity friendly settings). But, TorBirdy should not automatically override a user's custom settings. The design approach is that we enforce the settings we think the user should not be changing. We have gradually allowed many settings to be changed (like the `mailnews.wraplength' above) but I don't think we will allow changing of all the security settings that we are configuring. As bad as it seems, we think it is a good approach as one badly configured setting might render the entire point of TorBirdy useless. And TorBirdy need to create a log file, showing what config-options it has set/changed and time, of change so that TB user can find/use his/her previous important changes/settings if need arises. That's a good idea and we are working on this so that the operation is more transparent. We have started updating the docs. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk signature.asc Description: OpenPGP digital
Re: [tor-talk] problems with TorBirdy
I am posting few issues : (i know it would have been better to post in bug-report websites, but i would prolly need to submit multiple bug/reports, anyway, anyone is welcome to post on bug-reports in whichever way they may find it fit or not). My CONFIG INFO 01: After installing TorBirdy in Thunderbird Portable (windows) edition, i installed GPG Portable edition for Thunderbird Portable, i then install Engmail addon in Thunderbird Portable. ISSUE set 01: I manually change mailnews.wraplength inside about:config of TB (Thunderbird), from 72 to 68, but when TB is restarted it goes back to 72 again ! why it is not honoring my custom settings ! ? I manually change mailnews.reply_header_authorwrote inside about:config of TB (Thunderbird), from %s into Received from %s, but when TB is restarted it goes back to %s again ! why it is not honoring my custom settings ! ? I manually change mailnews.reply_header_authorwrote inside about:config of TB (Thunderbird), from %s into Received from %s, but when TB is restarted it goes back to %s again ! why it is not honoring my custom settings ! ? i manually change the mailnews.reply_header_type, from value 1 into 3, but it goes back to 1 when TB restarts ! ISSUE set 02: In OpenPGP menu bar option in TB Preferences Advanced Additional parameters for GnuPG : i change this value from : --no-emit-version --no-comments --throw-keyids --display-charset utf-8 --keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:8118 --keyserver hkp://2eghzlv2wwcq7u7y.onion i change above into: --no-emit-version --no-comments --throw-keyids --display-charset utf-8 --keyserver-options no-auto-key-retrieve,no-try-dns-srv,http-proxy=http://127.0.0.1:18050 --keyserver hkp://2eghzlv2wwcq7u7y.onion (i do not use those double-quotes symbols, just for showing here as a string) And when Thunderbird is restarted, its gone back to http-proxy port 8118 ! why ? why it does not allow me to use my own custom settings ! ? My CONFIG INFO 02: Polipo's config file that is in wiki site of TorProject.org, using that. Those enables polipo HTTP-Proxy (kept polipo.exe inside E:\Bry8Star\TBB-01\Tor Browser\App\Polipo\ folder) to use DNS on Tor exit-node via going through Tor-tunnel and avoid using local DNS. I have configured Polipo to use for example the port 18050. And my local Firewall is also configured for the GPGKEYS_HKP.exe or the GPGKEYS_CURL.exe binary (which are inside E:\Bry8Star\ThunderbirdPortable\App\GPG\ folder) to dis-allow/block using all/any type of DNS connections. (because, my last test few months back, showed GPGKEYS_HKP/CURL.exe leaks DNS; that is; those two binary software/file tries to use local DNS resolver, which they should not; they should only connect to the HTTP-Proxy (in my case its, polipo) via TCP on port 18050, and that is more than suffice for those to function properly. And, not sure about most recent version though if that leaks as well or not). I'm using TBB based Tor (on Windows XP/7). I've configured torrc config file to use a different fixed port, for the sake of this email post, lets say i use port 19050 as an example, (other than the default TBB Tor Socks5 proxy port 9050). And then i also configure Vidalia to use a fix/custom Control port, for example, i use 19051. I have also configured Vidalia to start polipo like this: Under the Start a proxy app... option i've specified .\App\Polipo\polipo.exe (without the double-quote symbols), and under the Proxy App Arguments option i've specified -c .\Data\Polipo\18050-to-19050.conf (without the double-quote symbols). (i have also done (or i usually do) few more changes so that TBB only starts vidalia+tor+polipo (without tbb-firefox.exe). Then i start FirefoxPortable (tbb-firefox) inside the TBB-01\Tor browser folder, and ThunderbirdPortable ... separately, using simple script-file. No need to post configs related to those here now). SOLUTION/SUGGESTION: TorBirdy need to have a BUTTON, may be something close to RESET, that will reset back all custom settings to default (Anonymity friendly settings). But, TorBirdy should not automatically override a user's custom settings. And TorBirdy need to create a log file, showing what config-options it has set/changed and time, of change so that TB user can find/use his/her previous important changes/settings if need arises. -- Bright Star. Received from Jacob Appelbaum, on 2013-02-23 7:30 AM: JerryR: Hi, I know this is a list for Tor-related issues, but I hope to get a answer for a problem with TorBirdy@Thunderbird and the last update for the TorBrowser. Well, it doesn't work - the torrc now uses the SocksPort 9150, I changed the TH to the configuration recommended in https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/EMail/Thunderbird Yeah... I'm sorry that TorBirdy wasn't ready for the change to 9150. It was a bit of a surprise, actually. By dropping the Vidalia bundle, we really put people in a tough
Re: [tor-talk] TorBirdy gpg.conf
Torbirdy, uses its own command-line and when gpg binary is called with all anonymization related gnupg options then it overrides those specific options, if something else was specified for same options in gpg.conf. so for Torbirdy, no special config is necessary in gpg.conf. but, in windows, for Microsoft Outlook, or other email-clients, which cannot specify their own torified gpg calls like torbirdy, for those, gpg.conf is needed to be configured+torified, plus for other apps, if you want to use short commands, and pre-specified longer options inside the gpg.conf. any app, which cannot specify or do not specify their own gnupg options, those will by default use whatever settings exist inside gpg.conf. -- Bry8Star. adrelanos wrote: Hi, While you are deeply into the gpg/Tor/socks/DNS topic... Could you recommend a gpg.conf for use with Tor please? Cheers, adrelanos ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB equivalent for Thunderbird?
i'm not 100% sure, if Portable Thunderbird would work under Wine or not, but worth a shot. Many windows Portable apps, does run using Wine. And what about loading a small custom Windows XP inside a VirtualBox based VM on Linux, then run Windows apps ? -- Bry8Star. Jacob Appelbaum wrote: antispa...@sent.at: I see TorBirdy is readily available. But that might mean a system wide instance of Thunderbird. For Windows the solution is just a clean version of Thunderbird provided by PortableApps.com and TorBirdy, maybe downloaded via Tor/TBB. What about Linux? I could not find the equivalent PortableApps.Linux. We'd love to provide this and in fact, we'd be able to provide a safer Thunderbird for Tor usage as our patches would be included. The downside is that Tor usage is not the only thing that matters - updates of all kinds will need to be tracked and kept in line with upstream. It is a lot of effort to make TBB and to make a Thunderbird version, keeping it updated and so on - it would require a lot of thinking on our part. I think without Thandy, I fear that it would be a nightmare. Perhaps there is some way to adapt Mozilla's secure updating system to give users an upgrade path? I'm not sure. I welcome any thoughts on the subject... Ultimately, we like the idea - so hopefully we can find a way to do it without drowning ourselves in work on a fork of Thunderbird that isn't required. Ideally, we'd like upstream to merge everything - heck, even TorBirdy, and make it a simple option... :) All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Apps which uses outgoing fixed IP-Adrs:AnyPort, forward to Exit-node Then to Internet
Hi, please help me to solve this: On Windows (XP) i have a (Unbound) DNS Resolver Server software (running on 127.0.0.1:53), which is configured to send its TCP DNS queries via an outgoing ip address (lets say, 192.168.0.10, which is my (NetIntrfAdptr) Network Interface Adapter's IP address, connected to router/gateway then to Internet), DNS resolver is using different/random TCP local ports for that NetIntrfAdptr's IP address to send queries toward multiple different Internet DNS/nameserver(s) IP address(es) on their TCP port 53. This DNS resolver is configured to use(/forward queries to) around 40 internet DNS/nameservers for few specific and custom domain-names, TLDs, etc (stub/forward zone) related dns queries. Root zone, the ., is configured to send/forward query on 5 different censorship free public DNS server(s) on internet, and those dns servers does not keep logs for query, usage, user-info, etc either. I would like to re-configure DNS resolver to perform it's all DNS queries via Tor socks5 proxy server. (once query answers are inside its cache memory then it should work very fast for other apps on this computer). how can i achieve this ? let me put it this way ... when an app is sending its outbound network traffics toward a fix IP address's non-fixed different random ports, then how can i forward such traffic inside the tor-network so that traffic can connect to Internet servers from tor exit-node ? can *Tor* be re-configured to present an IP address (for example, 10.192.0.10, for inbound connections) on the local network ? so that i can specify that tor ip address (10.192.0.10) inside the DNS resolver configuration as its outgoing IP address ? how to achieve this without using any other apps, other than the ('unbound') dns server app and the tor app ? (or by using very very less apps/tools). Thanks in advance, -- Bry8Star. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Apps which uses outgoing fixed IP-Adrs:AnyPort, forward to Exit-node Then to Internet
Hi adrelanos, thanks for responding suggestions. sorry, NONE are applicable for this case. anyway, let me repeat explain with another set of words for others, again (if some confusion exist in my explanations): my local dns-server (127.0.0.1:53) (in windows xp), is already configured to use TCP DNS with Internet DNS Servers, it is sending DNS queries/questions (domain-name-to-ip-adrs-conversion) to Internet DNS servers via using an outgoing network interface ip address. my local DNS-Server is using multiple different port(s) to send those queries, for that outgoing interface (192.168.0.10) to various destinations where port is same( TCP DNS port 53), but ip changes to different Internet DNS Server's ip address). now, how to capture all (TCP) traffic coming from my local dns-server's outgoing ip-adrs, and send/forward/transport them though/via TOR ? i want to send traffic ONLY from that OUTGOING ip address (specified on local-dns-server), not any other app's, not any other traffic, ALL OTHER traffic must go thru DIRECT Internet via using the default net-interface adapter's ip address. (by the way, i do already have few solutions that involves using other extra tools. that is why i mentioned (twice i think), how to use less amount of other tools, other than tor dns-server software itselves). what i'm asking is, how to configure *TOR*, using the torrc configuration command-lines to achieve this function. And if there is absolutely no other choice, only then use/have a solution that involves using a 3rd party tool stuff. looking for a solution that will use only tor, local dns-server software (unbound), nothing else, or use something that by default exist on Windows computers. my local dns-server is configured to use both tcp udp dns locally, but all upstream is tcp dns, it is also configured to block .onion, .exit, .i2p, etc any even accidental or mistakenly done, or mis-configured app's any dns leakages. and local dns-server also (need to) using, many forward-zones, which are forwarding toward very specific DNS servers on Internet. it is suppose to be simple ! i dont know why such option already does not exist in tor !?! TOR has feature of creating listening dns port and act as dns-server, i dont want it, as that cant be configured to suit my purpose. Tor has feature/option to create transparent ip address listening on ONE fixed port, i dont want that i guess, unless it can be configured to capture that outgoing ip address specified local dns-server's ALL/any ports. why tor cannot listen to a SINGLE fixed ip address's entire port (1 ~ 65535) range's all traffic ? If tor can create such an listening ip-address let's say 10.192.0.10, then i want to specify that as the outgoing interface ip address in local dns-server's configuration. -- Bry8Star. On 9/19/2012 9:05 AM, adrelanos wrote: Bry8 Star: Hi, please help me to solve this: On Windows (XP) i have a (Unbound) DNS Resolver Server software (running on 127.0.0.1:53), which is configured to send its TCP DNS queries via an outgoing ip address (lets say, 192.168.0.10, which is my (NetIntrfAdptr) Network Interface Adapter's IP address, connected to router/gateway then to Internet), DNS resolver is using different/random TCP local ports for that NetIntrfAdptr's IP address to send queries toward multiple different Internet DNS/nameserver(s) IP address(es) on their TCP port 53. This DNS resolver is configured to use(/forward queries to) around 40 internet DNS/nameservers for few specific and custom domain-names, TLDs, etc (stub/forward zone) related dns queries. Root zone, the ., is configured to send/forward query on 5 different censorship free public DNS server(s) on internet, and those dns servers does not keep logs for query, usage, user-info, etc either. I would like to re-configure DNS resolver to perform it's all DNS queries via Tor socks5 proxy server. (once query answers are inside its cache memory then it should work very fast for other apps on this computer). how can i achieve this ? You can not *directly* connect to other upstream UDP DNS servers through Tor. This is because Tor does not support UDP. However, TCP DNS over Tor can work. I successfully used DNSCrypt by OpenDNS and httpsdnsd by JonDos over Tor. Although I documented it for Whonix, it should be possible without Whonix over Tor as well: (Note: Whonix specific!) http://sourceforge.net/p/whonix/wiki/OptionalConfigurations/#secondary-dns-resolver You can also have a look at ttdnsd: http://www.mulliner.org/collin/ttdnsd.php Alternatively you can connect to DNS servers if you tunnel UDP over Tor. Although I documented it for Whonix, it should be possible without Whonix over Tor as well: (Note: Whonix specific!) http://sourceforge.net/p/whonix/wiki/OptionalConfigurations/#tunnel-udp-over-tor let me put it this way ... when an app is sending its outbound network traffics toward a fix IP address's non-fixed different random ports
Re: [tor-talk] How dangerous are DNS leak?
I don't like that some entity like a ISP is making list of stuff or keeping track of stuff, for any hacker or anyone to see. It is not their job. if a government operated entity does that (where tracking info is highly guarded), then that is different. and, if such a government tracking dpi center/entity is not using judicial system to track/surveillance with/for a specific justified reason, then even that is questionable. On 9/17/2012 5:05 PM, Edward Thompson wrote: I'd like to add to this question: can a DNS request be used to track which IP addresses have visited which sites (assuming that your ISP is not a threat)? Cheers, Ed hello! How dangerous are the DNS leak for some user? If I understand, the main problem is own ISP knowing about some access, but not any details of the transaction? -- Jerzy Łogiewa -- jerz...@interia.eu ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Download videos
probably safer will be if you install a VM software (may be, VirtualBox, there are many others), and from beginning if you install guest/VM OS and used such configurations (including software hardware ids), which will keep Anonymity intact for it's user and it's host computer, then use firefox and your (any) addons on that to get file. (pay attention to alter hardware ids as well). install a trial windows inside a VM, configure it with your needs (lets say you have taken 5 days for it), after full configuration, backup the VM's image, so that every 30 or 60 days later you can overwrite the older image with the 5 days old vm image, and go back to the pre-configured fresh state. except for playing special graphics intensive games, for other purpose vm is suffice a better Anonymity tool. imho, -- Bry8Star. On 9/17/2012 6:02 PM, r...@tormail.org wrote: Is the addon unplug safe to use with Tor for downloading videos? That is, will it (Unplug) provide anonymity? Thanks. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Download videos
Sorry for mentioning about using Trial Windows. I realized, Trial will expire even if not used or used, after 30 days, or within 90 days with grace period(s). But, i think (not 100% sure though), there is code given on Microsoft site which can be used only for inside VM based Windows OS installation, or on demo software on real computer, for the OS to work for longer time (1 yr). And also, some of the free end-user level/based Linux OS has reached to a very appealing level/point/stage much much friendlier than before GUI desktop apps level/stage, consider try-out using them. If you find one is suitable useful for your purpose/need, then simply contribute something to that developer(s) (group). For example: Ubuntu, Fedora, Fuduntu, PC-BSD, etc. these sites usually has a set of further customized version of their OS, which are even smaller or more GUI friendly or more suitable for your purpose. if you are a student, then ask your college to give you windows disc, it will be free or very cheap, probably. ebay has very very cheap windows xp home discs. sometime many other vendor has deals where they can sell you very cheap discs if you also get some hardware from them. and as far as i understand, any windows user is eligible to use their own existing OS also inside a VM software on the same computer, (if you use Restore process/disk). If you like and used-to with Linux, then just install another Linux inside VirtualBox, assign a folder on host as Shared in between host and guest, and download your files on VM on-to the shared drive on guest, which is the shared folder on host. Few firefox addons which i used inside VM and TBB (related to video) are: Ant Video Downloader, DownThemAll, Sothink Web Video Downloder, NetVideoHunter, FVD, etc Plugins/extensions: DivX Web Player, DivX Player Netscape plugin, VLC web plugin, Shockwave Flash, RealPlayer G2 LiveConnect, QuickTime plug-in, etc. i use 'Unbound' and MaraDNS/Deadwood DNS resolver/server. created total of four windows service, two for each of those dns-server software. one windows service uses deadwood dns server from a folder which is pre-configured to resolve dns thru Tor-network (using TCP DNS), and other service starts deadwood (from another folder) and uses direct-internet for all sites except for .onion, .i2p etc TLD/sites from going/leaking out thru direct-internet. Same is for 'unbound' dns server. Using services.msc these can be started/stopped when what i want to. also loaded transparent socks proxy (proxifier) software to transfer all (TCP based) traffics inside Tor-network. on host/main-computer's OS, i dont view/use flash video based sites via any browser which goes thru Tor-network, when i need to see something Anonymously. i have NoScript and AdBlock Plus etc addons configured on firefox to block those automatically. Plus my firewall/security-suit app allows me to set which software components i dont want to be used by the TBB. and also component level filtering and rules. also create rules in firewall on host OS, to block any outbound traffic to .onion based sites by using direct internet or your network adapters. they must go thru tor-proxy server/gateway/router only. i see/get Flash videos inside the VM. i also run java stuff inside VM. if videos not playing/appearing properly, try assigning more computing/processing power/resources for your VM/virtualbox, so it works better, because you need to see it Anonymously, and smoothly. do not load junk/bloated stuff inside VM, if u need only Java, then dont install the extra things like toolbar/anti-virus whatever they offer. always select 'custom' option during install, watch/read every stage, choose carefully. disable unnecessary services inside vm. if you have backed up the VM image, the no need to install anti-virus or firewall inside VM, as you have backup copy of fresh source where you can fall back to after every few weeks. tweak tune further both vm OS native/host OS. sorry for the long posting, if appears to be unrelated matters. but these what i had to do see/get videos, Anonymously. -- Bry8Star. On 9/17/2012 10:53 PM, Bry8 Star wrote: probably safer will be if you install a VM software (may be, VirtualBox, there are many others), and from beginning if you install guest/VM OS and used such configurations (including software hardware ids), which will keep Anonymity intact for it's user and it's host computer, then use firefox and your (any) addons on that to get file. (pay attention to alter hardware ids as well). install a trial windows inside a VM, configure it with your needs (lets say you have taken 5 days for it), after full configuration, backup the VM's image, so that every 30 or 60 days later you can overwrite the older image with the 5 days old vm image, and go back to the pre-configured fresh state. except for playing special graphics intensive games, for other purpose vm is suffice a better Anonymity tool. imho, -- Bry8Star
Re: [tor-talk] Towards a Torbutton for Thunderbird (torbutton-birdy)
Hi, If below info are irrelevant or already discussed or old, then sorry to post it here. Are these being already done/added for Torbutton-birdy ? pref.js file is inside below folder/directory : PortableApps\ThunderbirdPortable\App\DefaultData\profile\ Before starting Thunderbird-Portable for first time, these lines need to be added in pref.js. /* instead of sending/leaking your local ip-address, add a word like mailproxy in helo/ehlo field */ user_pref(mail.smtpserver.default.hello_argument, mailproxy); /* when portable-thunderbird runs first time, then allow/partially-force to go via Tor-proxy. The Polipo will be needed when using lines which has port 8118, http or ssl. */ user_pref(dns.nameserver, ); user_pref(network.proxy.http, 127.0.0.1); user_pref(network.proxy.http_port, 8118); user_pref(network.proxy.no_proxies_on, localhost, 127.0.0.1); user_pref(network.proxy.socks, 127.0.0.1); user_pref(network.proxy.socks_port, 9050); user_pref(network.proxy.socks_remote_dns, true); user_pref(network.proxy.ssl, 127.0.0.1); user_pref(network.proxy.ssl_port, 8118); user_pref(network.proxy.type, 1); /* To block auto connect to mozilla */ user_pref(app.update.auto, false); user_pref(mail.shell.checkDefaultClient, false); /* to block auto check for emails when startsup, or when started for first-time */ user_pref(mail.startup.enabledMailCheckOnce, false); Noticed, pressing re-test during adding new email account causes Thunderbird to bypass Tor-proxy and use local network, thus leaking ip-address location of that email, even though Tor-proxy was pre-specified or pre-configured. But using the Create Account button located inside new email adding window, did use Tor-proxy. To avoid such local-net leak/use during email creation, few generic user name based email accounts with major email service providers can be pre-added into pref.js. And then Tor-fied Thunderbird users themselves can change User1 in such us...@gmail.com pre-existing emails into their actual email/user-name. Pre-existing email accounts with tor-proxy pre-configured in TB, does not leak dns or tcp. I Noticed, in older Thunderbirds, the imap, smtp server is imap.gmail.com. In my test, that allows to receive emails, but not sending. And when changed into imap.googlemail.com, then succeeds in both sending receiving gmail emails. receive: imaps, 993, SSL/TLS. send : smtps, 587, STARTTLS. On 5/7/2012 12:59 PM, Jacob Appelbaum wrote: On 05/07/2012 03:43 PM, anonym wrote: 05/07/2012 05:33 PM, anonym: (Since the repo is huge (and there's no gitweb AFAIK) I also attached the commits as git patches. This were written for Thunderbird 8, but I know they apply cleanly to TB 10 as well.) ... Hm. I can see that the patches were attached in my outgoing email, but that they didn't reach the mailing list for whatever reason (are attachments disabled?). Here they are pasted inline instead: I'll comment in line. From 0651e1f6e2c4f76fc444969f7fc6600670b302da Mon Sep 17 00:00:00 2001 From: Tails developers amne...@boum.org Date: Wed, 4 Jan 2012 14:48:02 +0100 Subject: [PATCH 1/7] Optionally skip probing for plaintext protocols. Setting mailnews.auto_config_ssl_only to True prevents detecting plaintext protocols through autoconfiguration during account creation. --- .../prefs/content/accountcreation/guessConfig.js | 68 +--- 1 file changed, 44 insertions(+), 24 deletions(-) diff --git a/mailnews/base/prefs/content/accountcreation/guessConfig.js b/mailnews/base/prefs/content/accountcreation/guessConfig.js index 02acf3c..a183ad3 100644 --- a/mailnews/base/prefs/content/accountcreation/guessConfig.js +++ b/mailnews/base/prefs/content/accountcreation/guessConfig.js @@ -802,22 +802,32 @@ function getIncomingTryOrder(host, protocol, ssl, port) else if (protocol == UNKNOWN !lowerCaseHost.indexOf(imap.)) protocol = IMAP; + var prefs = Cc[@mozilla.org/preferences-service;1] + .getService(Ci.nsIPrefBranch); + var ssl_only = prefs.getBoolPref(mailnews.auto_config_ssl_only); + if (protocol != UNKNOWN) { -if (ssl == UNKNOWN) - return [getHostEntry(protocol, TLS, port), - getHostEntry(protocol, SSL, port), - getHostEntry(protocol, NONE, port)]; -return [getHostEntry(protocol, ssl, port)]; - } - if (ssl == UNKNOWN) -return [getHostEntry(IMAP, TLS, port), -getHostEntry(IMAP, SSL, port), -getHostEntry(POP, TLS, port), -getHostEntry(POP, SSL, port), -getHostEntry(IMAP, NONE, port), -getHostEntry(POP, NONE, port)]; - return [getHostEntry(IMAP, ssl, port), - getHostEntry(POP, ssl, port)]; +if (ssl == UNKNOWN) { + var order = [getHostEntry(protocol, TLS, port), + getHostEntry(protocol, SSL, port)]; + if (!ssl_only) +order.push(getHostEntry(protocol, NONE, port)); + return order; +} else { +