On 13/02/11 19:09, scroo...@lavabit.com wrote:
I've been fighting two different Tor users for a week. Each is
apparently having a good time trying to see how quickly they
can get results from Scroogle searches via Tor exit nodes.
The fastest I've seen is about two per second. Since Tor users
On 13/02/11 21:03, Karsten N. wrote:
Am 13.02.2011 00:54, schrieb Matthew:
Incidentally, in http://torstatus.blutmagie.de/ gpfTOR4 is listed as
being in the Czech Republic while gpfTOR5 and gpfTOR6 are in
Netherlands. Is this correct?
Yes, coorect.
In the last years we see much less
On 09/02/11 09:06, Karsten N. wrote:
Am 07.02.2011 20:00, schrieb Matthew:
I am wondering to what degree people on this list have problems with
e-mails going into spam folders because they are using tor nodes.
Many Tor nodes are listet in some anti-spam DNSBL. We have had a
discussion here
On 08/02/11 22:56, Praedor Atrebates wrote:
On Tuesday, February 08, 2011 05:45:37 pm you wrote:
On Tue, Feb 8, 2011 at 3:49 PM, Martino Papessomart...@papesso.com wrote:
Hallo I live in Italy.
I have firefox portable version with tor download from here :
On 08/02/11 22:08, Praedor Atrebates wrote:
The video is from Silent Hill 2 OST. You MAY be able to play it if 1) you
enable flash in your firefox browser and 2) you select an exit from a country
not restricted (like Romania). I say MAY because if they use flash to check
your location,
On 07/02/11 22:53, Joe Btfsplk wrote:
On 2/7/2011 4:17 PM, Jon wrote:
I don't have any problems generally. It depends on what is in the body
of the email and what one's filters are.
***
To unsubscribe, send an e-mail to
I am wondering to what degree people on this list have problems with
e-mails going into spam folders because they are using tor nodes.
I refer to sending from a webmail (Hotmail, Yahoo, Gmail, AOL, etc) to
another webmail.
It seems to me that e-mails sent from Yahoo will end up as spam.
On 04/02/11 08:26, Zaher F. wrote:
thx for ur answer but still i need help in how to fix my exitnode
---
Surely you would write:
StrictExitNodes 1
ExitNodes name_of_node or fingerprint (no spaces in fingerprint).
I already had a raid due to my Exit Node... so, I'm not worried :)
Can you explain what happened, please?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body.
It happened 4 years ago... they came, took every hardware they could
find, took more than a year to analyze it, they found nothing (they
were looking for child pornography - someone downloaded via my tor
exit from swoopshare) and gave my hardware back after 2 years.
The trial is still ongoing,
Currently, 5 nodes exit to *only* plaintext ports for web and email.
There are about 50 others that exit to the plaintext versions for web
or email.
I don't see what the issue is here. Not all e-mail services support
HTTPS. Or are you saying: if there is a HTTPS option as for Gmail the 50
We already filter exit nodes based on suspicion by defaulting
ExcludeSingleHopRelays to true (the reason for that being that single
hop exits are more likely to be passively monitoring data).
Can you please say a little more about this for all of us who are not au
fait with all command
On 30/01/11 02:32, and...@torproject.org wrote:
On Fri, Jan 28, 2011 at 11:29:25PM +, pump...@cotse.net wrote 2.3K bytes in
53 lines about:
: My understanding is that Tor encrypts both the content of a data
: packet and also the header. It encrypts the packet and header three
: times on
Each relay removes one layer of encryption.
Tor does *not* encrypt and send packet headers. Tor only relays the
data within a TCP connection.
I'm still not getting this. My understanding is that you have the data and
the header when using TCP. If only the data is encrypted then what
Each relay removes one layer of encryption.
Tor does *not* encrypt and send packet headers. Tor only relays the
data within a TCP connection.
OK. I get it. I think.
Please confirm:
The data is encrypted. The header is not encrypted.
So if my ISP is monitoring my traffic all they see
I just want to confirm one thing and ask something else.
My understanding is that Tor encrypts both the content of a data packet and
also the header. It encrypts the packet and header three times on the
client (my computer) and then at each node one layer is decrypted until the
data packet
I am wondering if there is a way to select a specific US state when using
StrictExitNodes?
For example, if I wanted an exit node in Maryland or Virginia is there a
way to locate one?
Thanks.
Let's try some science. We need a control, so lets create a blank
Firefox profile. This requires running firefox with a command of
'firefox -P'. This will bring up the profile window and then you can
create a blank profile and try to set your proxy to use Tor and try it
again, and then try
This post is similar to the problems people have been having with cookies
and Gmail when using TorButton.
In this case within Gmail I enabled add any gadget by URL and then added
Twitter (https://twittergadget.appspot.com/gadget-gmail.xml).
Without Tor when I click on the Twitter icon the
On 15/01/11 19:02, Mike Perry wrote:
Thus spake Matthew (pump...@cotse.net):
To cut a long story short after having removed TorButton, NoScript, and
HTTPS-Everywhere and therefore leaving just Tor I still cannot get Twitter
to work from Gmail. I am using Firefox.
The Twitter icon and drop
On 10/01/11 21:00, Olaf Selke wrote:
However I'm not sure what will happen at certain country's airport immigration.
What does this mean?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talk
extensions.torbutton.regen_google_cookies;false
extensions.torbutton.reset_google_cookies;false
extensions.torbutton.xfer_google_cookies;true
Try changing this last setting
(extensions.torbutton.xfer_google_cookies) to false. It is designed to
try to move your google cookies from one domain to
Sorrythanks Mike (not Mark)!
Original Message
Subject:Re: Cookie Mismatch when using Gmail.
Date: Sun, 09 Jan 2011 16:10:49 +
From: Matthew pump...@cotse.net
To: or-talk@freehaven.net
extensions.torbutton.regen_google_cookies;false
I wonder if any kind soul can help. My understanding is that this
conflict between aspects of Gmail and Torbutton is hardly unique to me.
On 05/01/11 11:25, Matthew wrote:
More information appended at the end.
I login to Gmail as normal. I go to Settings / Accounts and Import
On 05/01/11 09:04, M wrote:
Yes, but I have a nice collection of SIM cards from various
countries... Every time I travel (twice a month at least) I bring
back some SIM cards for this kind of work...
I am under the impression that in most countries you have to show ID which
is
More information appended at the end.
I login to Gmail as normal. I go to Settings / Accounts and Import /
Change Account Settings - Google Account Settings. When I click on
that link the URL changes to
https://www.google.com/accounts/CookieMismatch and the screen shows.
On 05/01/11 19:25, Andrew Lewman wrote:
On Wed, 05 Jan 2011 19:18:09 +
Orionjur Tor-admintor-ad...@orionjurinform.com wrote:
Is it very difficult to buy a SIM without showing ID in the USA or
countries of Western Europe? Sorry for such off topic but it is very
interesting to know are
Hello,
Here is what happens:
I login to Gmail as normal. I go to Settings / Accounts and Import /
Change Account Settings - Google Account Settings. When I click on that
link the URL changes to https://www.google.com/accounts/CookieMismatch and
the screen shows.
We've detected a problem
On 03/01/11 07:55, forc...@safe-mail.net wrote:
Hello!
Though I could open an account at gmail, it is impossible to login to post in google
groups. I am told, whetever the exit node is, Your browser's cookie functionality
is turned off. Please turn it on..
First, did you have to go
On 04/01/11 06:54, James Brown wrote:
The Skype begin refusing payments making on their site through the Tor:
I cannot make payments to them from my credit card about a half of month.
Today I find in their FAQ that one of possible causes of that is Using
an anonymous proxy to access the
I did post this before in November but got no responses. Hopefully this
wasn't because the question was so dumb.
-
My /etc/apt/sources.list contains:
deb http://deb.torproject.org/torproject.org lucid main
In the authentication section of my software sources I have a
On 23/12/10 14:21, Praedor Atrebates wrote:
Got it now. Now when I point to 127.0.0.1 I get places. Now the question is,
how can one test whether or not their DNS is leaking? There is the tor status
page that can tell you whether or not you are using tor but what about
something
On 22/12/10 13:38, Praedor Atrebates wrote:
I have always been disturbed by the fact that javascript or flash can sidestep
tor and give away your real IP.
Are you sure that JavaScript can give away your IP? Flash can - but my
understanding is that JavaScript cannot.
As another poster
Can I please clarify something.
The latest stable release for Windows and Ubuntu is called 0.2.1.27.
My version for Ubuntu is 0.2.1.26.
If one has placed the correct commands in one's /etc/apt/sources.list as
detailed here (https://www.torproject.org/docs/debian.html.en) then why is
it that
Hello,
My .torrc file says:
## Configuration file for a typical Tor user
## Last updated 12 April 2009 for Tor 0.2.1.14-rc.
## (May or may not work for much older or much newer versions of Tor.)
Do I need to get a new .torrc version? I have had a look online and cannot
find a template. I
Hello,
According to the Tor manual
(https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#IkeepseeingthesewarningsaboutSOCKSandDNSandinformationleaks.ShouldIworry)
one should use SOCKS 4a.
AIUI, Polipo or Privoxy are used as HTTP proxies which then allow the
client (Firefox)
I think I am correct to say that StrictExitNodes has been negated in
favour of StrictNodes.
However, when I use StrictExitNodes 1 I have no problems.
When I use StrictNodes 1 and have viable ExitNodes then Vidalia gives the
error: Vidalia detected that the Tor software exited unexpectedly.
On 28/10/10 00:41, Joe Btfsplk wrote:
On 10/27/2010 2:35 PM, krishna e bera wrote:
The bad advice may be a misinterpretation or poor rephrasing
of this advice in the Tor FAQ Wiki:
Hello,
There is a Hints and Tips for Whistleblowers Guide available at
http://ht4w.co.uk/.
The section on proxies includes Tor-related information which I fail to
understand:
You may actually get more anonymity when using the Tor cloud by *not*
using the https:// version of a web page
AIUI here is the DNS situation (leaks) when using an ISP, a VPN, and Tor.
Can someone please correct me if I am wrong / inaccurate.
If I am using my ISPs DNS then they can log the websites via my DNS requests.
If I am using a commercial VPN then the VPNs DNS logs the websites.
However, my
Hello,
There are, from time to time, exhortations to use Virtual Machines
alongside Tor.
If an individual is using Tor, Polipo, Torbutton, NoScript, and
BetterPrivacy then why is a VM needed?
How can VMs improve one's Tor experience?
Thanks.
My .torrc file says:
Last updated 12 April 2009 for Tor 0.2.1.14-rc
Does this matter (is it outdated) and, if so, is their a way to get the
latest .torrc file without having to install from scratch?
Thanks.
Probably well over a year ago Tor seemed really slow and I wanted to
speed it up. These settings were recommended (I can't find the website now).
CircuitBuildTimeout 30
NumEntryGuards 6
KeepalivePeriod 60
NewCircuitPeriod 15
Are these valid today? AIUI Tor is way faster than it was a year
I am on a University network. I do not have control of my DNS settings.
When I use OpenDNS, for example, I cannot get any connection. This is
understandable.
Tor works fine and, as we know, DNS resolution is done at the last exit node.
However, I cannot use a VPN. I have tried Perfect
IMHO its important to suppress active content (Flash, ActiveX,
Silverlight, JavaScript etc.) and other junk and therefor I prefer
'Privoxy' [1] instead of Polipo.
I concur but doesn't TorButton do all this suppression?
That said: what was the rationale in moving from Privoxy to Polipo? Did
I currently use Tor + Polipo + Torbutton + NoScript.
Obviously there are other add-ons for Firefox out there such as BetterPrivacy.
Are any other add-ons necessary or would people suggest I am now fully
protected?
Thanks.
On 05/09/10 21:11, Geoff Down wrote:
On Sun, 05 Sep 2010 19:55 +0100, Matthewpump...@cotse.net wrote:
Hello,
I have yet another question that relates to the effectiveness of Tor.
Gmail (and therefore presumably other webmail operators) knows my
computer's time zone. It does not know
Hello,
I have yet another question that relates to the effectiveness of Tor.
Gmail (and therefore presumably other webmail operators) knows my
computer's time zone. It does not know the time per se but the time zone
as set (in Ubuntu) through clicking on the clock, selecting preferences,
I have StrictExitNodes = 1 and this is the exit node wollwoll.
When I look at the Vidalia GUI the connections show:
Lifuka, india533, 5aColuna01
williamhaines, bp1, PPrivCom032
birdbrain, torserversNet4, wollwoll
Roo8Peik, tornodeviennasil, wollwoll
All checks with www.ip2location.com or
Thanks Roger - I appreciate this explanation. I will read the document
you recommended.
On 30/08/10 08:59, Roger Dingledine wrote:
On Mon, Aug 30, 2010 at 08:51:47AM +0100, Matthew wrote:
I have StrictExitNodes = 1 and this is the exit node wollwoll.
When I look at the Vidalia GUI
On numerous occasions when using Google with Tor (yes, I know there are
other options like Scroogle) it claims I might be sending automated queries
and gives me a CAPTCHA. Sometimes this allows me to search; other times I
am caught in a loop and am constantly send back to the CAPTCHA screen.
On 25/08/10 15:38, Gregory Maxwell wrote:
On Wed, Aug 25, 2010 at 6:28 AM, Matthewpump...@cotse.net wrote:
On numerous occasions when using Google with Tor (yes, I know there are
other options like Scroogle) it claims I might be sending automated queries
and gives me a CAPTCHA. Sometimes
On 23/08/10 23:21, Jonathan Lassoff wrote:
On Mon, Aug 23, 2010 at 1:18 PM, Matthewpump...@cotse.net wrote:
It is also worth noting that Craigslist prevents the use of Tor albeit in a
very strange way.
If you try to post using Tor the ad will be permitted at first and people
can contact
On 24/08/10 11:09, Michael Scheinost wrote:
On 08/23/2010 10:04 PM, David Carlson wrote:
I am a newbie here. Since they use SSL, isn't it overkill to route your
connection through Tor? I know it is a pain to switch Tor on and off
No, it's not an overkill since tor does not provide
It is also worth noting that Craigslist prevents the use of Tor albeit in
a very strange way.
If you try to post using Tor the ad will be permitted at first and people
can contact you. However, after about 15 minutes (and it is always about
15 minutes) the post is flagged and disappears.
I go to http://torstatus.blutmagie.de/ and have a look at the exit
node gigatux called emohawk2.gigatux.com and located at
78.129.201.189.
This appears to be located in the UK according to blutmagie.de.
whois and RIPE agree with blutmagie. Gmail is wrong. Perhaps they use
different geoip
I go to http://torstatus.blutmagie.de/ and have a look at the exit
node gigatux called emohawk2.gigatux.com and located at
78.129.201.189.
This appears to be located in the UK according to blutmagie.de.
whois and RIPE agree with blutmagie. Gmail is wrong. Perhaps they use
different geoip
Hello,
I don't understand this.
I go to http://torstatus.blutmagie.de/ and have a look at the exit
node "gigatux" called emohawk2.gigatux.com and located at
78.129.201.189.
This appears to be located in the UK according to
If one goes to, for example, http://torstatus.blutmagie.de/ one can see
many nodes, all called Unnamed. How can such nodes be specifically
referred to if one is using StrictExitNodes =1?
Thanks.
Is there a way to select an exit server by state? For example, choosing
a working exit server in California?
Thanks.
an easier consideration, are you consistent about always using a recent
and signature verified release of the browser bundle?
Just to clarify:
In my sources.list file I have:
deb http://deb.torproject.org/torproject.org karmic main
And I previously followed the instructions here:
Thanks - Please see below for one more question / concern.
Can these cookies have connected my static non-Tor IP and the various Tor
IPs... can the flash cookie connect to the website even when flash is turned
off?
nope, as long as you NEVER, EVER, NOT EVEN ONCE have Flash enabled
while using
Hello,
When I use Tor, I disable Flash. However, when not using Tor, sometimes I
do use Flash.
I was surprised today to discover in my .macromedia folder on Ubuntu dozens
of flash cookies.
Can these cookies have connected my static non-Tor IP and the various Tor
IPs. In other words, if
Hello,
This is, I am sure, a simple Tor-DNS question, but I would appreciate it if
someone could confirm my understanding of how this system works.
Normally (without Tor) when someone requests a website the URL has to be
converted into the IP address. Therefore, a) the user's cache is
So to go back to the OP's question (my question)what do people think
of my questions about JavaScript being able to obtain non-Tor IPs when
wiping the cache?
On 13/07/2010, at 6:47 AM, Matthew wrote:
Hello,
I have been reading the Torbutton documentation (thanks, guys) and have
Hello,
I have been reading the Torbutton documentation (thanks, guys) and have a
question about the adversary capabilities.
The first adversary capability is inserting javascript. The document
says that If not properly disabled, Javascript event handlers and timers
can cause the browser
Hi Scott,
I am not using NoScript but I used it some time ago. The problem I had
was that various websites did not work because it turned off JavaScript
which seemed essential. At the moment I am using Polipo and Tor with
JavaScript operational but Java, Flash, and QuickTime are all turned
, Matthew wrote:
Apologies in advance for the basic-ness of this question. I cannot
find the answer with Google or in the Tor documentation.
I believe the answer you're looking for is #4 here:
https://www.torproject.org/download.html.en#Warning
In these cases, how is the file downloaded? Does
computer. In other words: the attachment (or for
that matter any file downloaded in the same way) is never downloaded
outside the Tor system - that is directly from the website to me
bypassing the Tor nodes?
Basic I know!
Thanks!
Aplin, Justin M wrote:
On 6/18/2010 3:06 AM, Matthew wrote
You could set StrictExitNodes 1 in your .torrc file with a series of
exit servers that are based in countries where English is the first
language (USA, Canada, UK, Ireland, Australia, etc). That way all
results will be in English.
emigrant wrote:
when i give a keyword to search, in most
This is especially dangerous if you are using Yahoo Mail, because evenif
you trust the person who sent you the document, your attachment will be
downloaded in plaintext (via http, not https). This means that the exit
node you use can replace or alter your document to unmask you (or worse,
Hello,
Apologies in advance for the basic-ness of this question. I cannot
find the answer with Google or in the Tor documentation.
When you connect to a website using HTTP or HTTP/S and you want to
download a file (like a .doc or .exe) then Firefox asks you where on the
hard drive the file
I'm not sure whether either of these bugs are fixed at present (ugh). So
I'd recommend sticking with yes (or true, I guess it's called now).
If yes is the same as true then this is a setting the Polipo manual
strongly advises against. Finally, if dnsUseGethostbyname is true,
Polipo never
and...@torproject.org wrote:
In practice, with that config file, dns queries are passed to tor
directly for resolution, not being done by polipo nor the actual system
resolver.
Thank you for the confirmation.
If you change the options, you should see polipo query your local dns
resolver
If you change the options, you should see polipo query your local dns
resolver either directly, or via gethostbyname.
But if you change it to false would that not be the safest option -
from what I can gather in this situation Polipo would never do its own DNS.
Hello,
The standard Polipo configuration file for Ubuntu located at
https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf
should replace the configuration file one downloads when Polipo is
installed according to http://www.torproject.org/docs/tor-doc-unix.html.en.
I finally got my act together and put my Introduction to Tor
presentation online. You can find it on my Google site here:
http://sites.google.com/site/mateogoog/files
Feel free to use the presentation in any way you see fit!
-Matt
This article also talks about ATT and Comcast's strategies to limit
home bandwidth:
http://www.businessweek.com/technology/content/mar2009/tc20090331_726397.htm
Did I mention how much I absolutely LOVE Time Warner Cable??
-Matt
I gave a talk to a small group of people on Saturday at BarCampAustin:
http://www.barcamp.org/BarCampAustin4 I have also given this talk in
two of my graduate classes at St. Edward's University. These kinds of
informal talks are a great way to educate others about Internet
censorship,
Scott-
Sorry to hear that you are also having problems with your ISP. I ended
up dropping Time Warner and signing up for Earthlink - which actually
uses the same TWC network. So now I am back on TWC and must watch my
p's and q's or I will be kicked off. I even have the same TWC account
I agree that starting a business may be problematic but I am not sure
this would be true for a non-profit in the US.
Does anyone know if US non-profits are required to log connection
information? I help several businesses (including a large company) and
non-profits maintain their websites,
I take issue with the premise that the only course of action that ISPs
have is to disconnect customers that generate these complaints. I know
that some ISPs simply pass on the complaints to their customers with the
expectation that the customer fix the problem. It seems to me that this
is
I agree that it may be a risk for one organization to own a large number
of Tor nodes. But if that organization is a non-profit and run by some
of the Tor users, developers, and operators on this list, that should
reduce the risk that the organization will willingly compromise its Tor
Yup, I restricted my exit node policy in hopes that it would limit
torrent traffic and it seemed to work. However, the last hacking
complaint was the result of someone making excessive or inappropriate
postings on a newsgroup or website. So while the torrent/DMCA
complaints stopped, the
Wow, that is a very cool idea. This could even be turned into a
non-profit organization... We could take donations to support running
Tor exit nodes which, in turn, supports everyone's ability to use the
Internet without fear of censorship, harassment, and authoritarian (or
up-and-coming
Bennett wrote:
On Mon, 02 Feb 2009 20:42:01 -0600 Matthew McCabe mate...@mrmccabe.com
wrote:
So Time Warner Cable finally gave me an ultimatum that either I stop
running Tor or they will shut off my service. This was after 3 DMCA and
2 general abuse/hacking complaints. Note that Time
Thank you for all of your suggestions regarding exit policies and
contacting the EFF. I am a member and will be beating down Kurt
Opsahl's door if the MPAA decides to pursue this any further.
So just to clarify, it is possible to transfer bit torrent file content
over Tor, right? And the
Hello-
Time Warner shut off my connection again last night due to a complaint
from the MPAA. They claim that I downloaded 2 movies and 1 TV show.
This traffic, in fact, must have come through my Tor exit node.
I explained to the customer service agent that I am running a Tor exit
node and
, please e-mail or
call me before disabling my Internet connection. If you give me
specific information about the abuse complaint, I will do my best to
immediately address the issue.
Here is my contact information:
[removed]
Thank you,
Matthew McCabe
I have no knowledge of the fact, but is there not some provision in the laws
of any countries with these crypto laws to deal with the, I forgot
defense. Because I can see every single person being asked for their
passphrase to use this defense. Hell, I know I would...
--- Matthew
(Disclaimer: I'm not doing it, nor will I ever do it, so raiding my
place is completely pointless; and once you've ruined my life
sufficiently, you and yours will pay dearly, and in person).
Not think you're being a tad melodramatic there?
---
avast! Antivirus: Outbound message clean.
Virus
91 matches
Mail list logo
