Re: Scroogle and Tor
On 13/02/11 19:09, scroo...@lavabit.com wrote: I've been fighting two different Tor users for a week. Each is apparently having a good time trying to see how quickly they can get results from Scroogle searches via Tor exit nodes. The fastest I've seen is about two per second. Since Tor users are only two percent of all Scroogle searches, I'm not adverse to blocking all Tor exits for a while when all else fails. These two Tor users were rotating their search terms, and one also switched his user-agent once. You can see why I might be tempted to throw my block all Tor switch on occasion -- sometimes there's no other way to convince the bad guy that he's not going to succeed. For the less than knowledgeable people amongst us (e.g me) who want to learn a bit more: what was the rationale for those two Tor users doing what they did? What do they get from it? Incidentally, I use the SSL version of Scroogle (sometimes with Tor, sometimes without) because a) no CAPTCHAs b) I appreciate your privacy-minded ethos (ideology). It would be a shame if you had to block Tor users because of an abusive minority. When a nonprofit such as the Tor Project or Scroogle offers a public service, the script kiddies should have more respect. I don't expect everyone to donate to Tor and Scroogle, but I do expect that no one will steal time and effort from us. By the way, my block all Tor options for my Scroogle servers use an expanded definition of which IPs are Tor exit nodes. I pull the blutmagie.de exit node list, or the torproject.org exit node list (both port 80 and port 443) once per half hour, alternating between the two sites. One custom switch I use is a cumulative list from yesterday and today, all in one list with duplicates purged. The other switch I created is a moving cumulative list from today plus the previous six days. Why do I do this? Well, Tor's DNSEL using dig is too much overhead, compared to searching a sorted list on my servers. But the available exit node lists from the Tor directory are strange, to say the least. The list size from blutmagie.de can be as much as several hundred IPs different than the list from torproject.org, even within the same one-hour period. Moreover, they are extremely dynamic. While the current list is usually around 1100 IPs, the cumulative list from yesterday plus today is usually about 2600 unique IPs. The list from today plus the six previous days is anywhere from 4500 to 7500 unique IPs. I've been watching these numbers for over a year now -- take my word for it that what I'm describing is a consistent pattern, not some momentary fluke. I'm getting to the point where I'm tempted to offer my two exit node lists (yesterday plus today, and previous six days plus today) to the public. If I had more confidence in the lists currently available to the public, I wouldn't be tempted to do this. -- Daniel Brandt *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Sent e-mails going into spam folders.
On 13/02/11 21:03, Karsten N. wrote: Am 13.02.2011 00:54, schrieb Matthew: Incidentally, in http://torstatus.blutmagie.de/ gpfTOR4 is listed as being in the Czech Republic while gpfTOR5 and gpfTOR6 are in Netherlands. Is this correct? Yes, coorect. In the last years we see much less trouble by using non-German ISPs for our Tor nodes. gpfTOR4 is hosted by coolhousing.net, gpfTOR5 and gpfTOR6 are hosted by leaseweb.nl. Could you please say a little more about what the trouble in Germany was and why Dutch and Czech exit nodes involve less trouble? Thanks. Greetings Karsten N. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Sent e-mails going into spam folders.
On 09/02/11 09:06, Karsten N. wrote: Am 07.02.2011 20:00, schrieb Matthew: I am wondering to what degree people on this list have problems with e-mails going into spam folders because they are using tor nodes. Many Tor nodes are listet in some anti-spam DNSBL. We have had a discussion here about SORBS DNSBL some times ago. All tor nodes are listet in the The Abusive Hosts Blocking List www.ahbl.org The IP address of the tor exit node appears in the mail header. It is the senders IP addres. If the recipients mail provider uses a DNSBL which contains many tor nodes the mail will be flagged as spam. You can use a clean exit node for sending mail with SMTP. Check your prefered exit nodes at http://www.dnsbl.info/dnsbl-database-check.php If it is not listet, you can add a map address to your torrc: MapAddress smtp.provider.tld smtp.provider.tld.$6D3EE...(Fingerprint) The GPF keeps one exit node clean from DNSBL. The tor node gpfTOR3 is only listet at www.ahbl.org (impossible to remove it, because all nodes are listet). You can use this if you did not find an other. Thank you. The DNSBL link was very useful. I have checked the three GPF exit nodes and gpfTOR4 and gpfTOR6 are not listed by any lists (including AHBL) while gpfTOR2 is only listed by barracudacentral.org/rbl. Incidentally, in http://torstatus.blutmagie.de/ gpfTOR4 is listed as being in the Czech Republic while gpfTOR5 and gpfTOR6 are in Netherlands. Is this correct? ATTENTION: It will decrease your privacy! Use only very well trusted nodes. (I did found an other solution for SMTP) Greetings Karsten N. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: I wish to see one video on you tube
On 08/02/11 22:56, Praedor Atrebates wrote: On Tuesday, February 08, 2011 05:45:37 pm you wrote: On Tue, Feb 8, 2011 at 3:49 PM, Martino Papessomart...@papesso.com wrote: Hallo I live in Italy. I have firefox portable version with tor download from here : http://www.torproject.org/dist/torbrowser/tor-browser-1.3.17_it.exe . I wish to see this video http://www.youtube.com/watch?v=AmhApE1kIgAfeature=player_embedded. In Italy is not possible. For one friend in Romania is possible to see this video(http://img806.imageshack.us/img806/7321/31962895.png). I tried to watch the video using tor but did not succeed. I'm not very handy when using tor. Could you help me for to see this video please. Is there one person who speak Italian? Many thanks. Ciao. Martino Clicking the link you post for the video, http://www.youtube.com/watch?v=AmhApE1kIgAfeature=player_embedded, this is what I get here in the USA. This video contains content from Sony Music Entertainment. It is not available in your country. Which tells me it is not available here either. Makes me wonder which country's are allowed to watch it. Jon Odd. I tried it originally via tor and the first time got it but didn't get it to play (noscript addon blocking) and then I got a denial as above. I then started firefox without tor in the USA and was able to view/listen no problem. It is restricted when I connect with my UK IP. With my Swiss VPN IP I can view it. However, can one actually view videos via Tor. Surely they demand too great a level of bandwith? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: I wish to see one video on you tube - question about flash.
On 08/02/11 22:08, Praedor Atrebates wrote: The video is from Silent Hill 2 OST. You MAY be able to play it if 1) you enable flash in your firefox browser and 2) you select an exit from a country not restricted (like Romania). I say MAY because if they use flash to check your location, sidestepping tor, then you will get the same restricted message. I know that the Metasploit people have a script which checks the IP via Flash. But how common would it be for a commercial provider to do this? Would there be a way of finding out if YouTube of whatever are employing this technique? praedor On Tuesday, February 08, 2011 04:49:28 pm you wrote: Hallo I live in Italy. I have firefox portable version with tor download from here : http://www.torproject.org/dist/torbrowser/tor-browser-1.3.17_it.exe . I wish to see this video http://www.youtube.com/watch?v=AmhApE1kIgAfeature=player_embedded. In Italy is not possible. For one friend in Romania is possible to see this video(http://img806.imageshack.us/img806/7321/31962895.png). I tried to watch the video using tor but did not succeed. I'm not very handy when using tor. Could you help me for to see this video please. Is there one person who speak Italian? Many thanks. Ciao. Martino *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Sent e-mails going into spam folders.
On 07/02/11 22:53, Joe Btfsplk wrote: On 2/7/2011 4:17 PM, Jon wrote: I don't have any problems generally. It depends on what is in the body of the email and what one's filters are. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ No problems here. Are or-talk messages you're SENDING or RECEIVING getting flagged? Assuming ones received, just add or-t...@seul.org and or-talk@freehaven.net to your address book, or create filters to allow them through. I created subfolders in Thunderbird, for sent or-talk msgs, rec'd. That way, there's not so many in main inbox. *** I didn't explain myself very well. I meant that if matt...@yahoo.com or matt...@hotmail.com or matt...@gmail.com or matt...@aol.com sends an e-mail to da...@yahoo.com or da...@gmail.com or da...@aol.com or da...@hotmail.com does the fact that the sending IP will be an exit node affect the likelihood that the e-mail will end up in the spam folder rather than the inbox? IOW: are webmail providers assuming that in some cases tor nodes are spammy? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Sent e-mails going into spam folders.
I am wondering to what degree people on this list have problems with e-mails going into spam folders because they are using tor nodes. I refer to sending from a webmail (Hotmail, Yahoo, Gmail, AOL, etc) to another webmail. It seems to me that e-mails sent from Yahoo will end up as spam. Any other experiences or opinions would be interesting.
Re: torr file question...
On 04/02/11 08:26, Zaher F. wrote: thx for ur answer but still i need help in how to fix my exitnode --- Surely you would write: StrictExitNodes 1 ExitNodes name_of_node or fingerprint (no spaces in fingerprint).
Re: cease and desist from my vps provider...
I already had a raid due to my Exit Node... so, I'm not worried :) Can you explain what happened, please? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor raid [was: cease and desist from my vps provider...]
It happened 4 years ago... they came, took every hardware they could find, took more than a year to analyze it, they found nothing (they were looking for child pornography - someone downloaded via my tor exit from swoopshare) and gave my hardware back after 2 years. The trial is still ongoing, but there has only been 1 day in court (about a year ago), the judge acknowledged that he doesnt understand what we explained about Tor and such, said he wants an assessor, and we'll see again in about 8 weeks (a year ago!). So are you suing the police if the case is continuing but your hardware has been returned? My lawyer now asked 2 or 3 times at the court, when how we'll continue, but didn't get a response yet. Doesn't seem like the judge wants to carry on fast. (I also got letters from the federal police asking who had my Tor IP at a specific point in time, got heard at the police (You are not required to say anything at the german police, but I preferred to take a laptop there and show them what Tor is and how it works - they appreciated that [and I lowered my risk of getting raided another time ;) ]) and such things). morphium *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
Currently, 5 nodes exit to *only* plaintext ports for web and email. There are about 50 others that exit to the plaintext versions for web or email. I don't see what the issue is here. Not all e-mail services support HTTPS. Or are you saying: if there is a HTTPS option as for Gmail the 50 nodes choose the HTTP option instead? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
We already filter exit nodes based on suspicion by defaulting ExcludeSingleHopRelays to true (the reason for that being that single hop exits are more likely to be passively monitoring data). Can you please say a little more about this for all of us who are not au fait with all command options? We also invalidated the trotsky relays without proof of malicious intent (a suspected sybil attack when over seven hundred identical relays appeared out of the blue). Could you please say a little more about this case and sybil attack[s]? On Sun, Jan 30, 2011 at 10:58 AM, Orionjur Tor-admin tor-ad...@orionjurinform.com wrote: Damian Johnson wrote: The five relays Mike mentioned have been flagged as BadExits [1]. Adding them to your ExcludeExitNodes isn't necessary. -Damian [1] https://trac.torproject.org/projects/tor/wiki/badRelays On Sun, Jan 30, 2011 at 1:33 AM, Jan Weiherj...@buksy.de wrote: At some point, we intend to shrink exit policies further as Tor scales to more decentralized schemes. Those exit policies will likely be represented as bits representing subsets of ports. When that time comes, we will very likely combine encrypted and unencrypted versions of ports together, removing this option entirely. Sounds good. But what to do for now? Just creating a list of nodes which only allow unencrypted traffic and put them into the ExcludeExitNodes list? Shouldnt these nodes be excluded by default? I'm unsure. I want to stress again that I'm not saying any operator is doing anything evil, but I think we should find some way to avoid nodes which have such weird exitpolicies. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Is it possible to publish a list of bad-exits for copypasting it to /etc/torrc in addition to the above-mentioned list? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
On 30/01/11 02:32, and...@torproject.org wrote: On Fri, Jan 28, 2011 at 11:29:25PM +, pump...@cotse.net wrote 2.3K bytes in 53 lines about: : My understanding is that Tor encrypts both the content of a data : packet and also the header. It encrypts the packet and header three : times on the client (my computer) and then at each node one layer is : decrypted until the data packet and header are decrypted to : plaintext at the final exit node (except when TLS is used). Right? Actually, tor wraps the original traffic in encryption and tunnels it through the 3 hops of a circuit. We do not touch the original data. SorryI'm not trying to be dumb but I'm unclear how your answer differs from my assumption. Tor takes all the data (header and content), encrypts it three times on the client (me), and then at each node one layer is unencrypted OR is it all of it unencrypted at the exit node? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
Each relay removes one layer of encryption. Tor does *not* encrypt and send packet headers. Tor only relays the data within a TCP connection. I'm still not getting this. My understanding is that you have the data and the header when using TCP. If only the data is encrypted then what happens to the headers? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
Each relay removes one layer of encryption. Tor does *not* encrypt and send packet headers. Tor only relays the data within a TCP connection. OK. I get it. I think. Please confirm: The data is encrypted. The header is not encrypted. So if my ISP is monitoring my traffic all they see for the header is the connection to the first Tor node. In which case my question is: where is the information that tells the exit node which DNS resolution to do and therefore which website I am asking for? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Question and Confirmation.
I just want to confirm one thing and ask something else. My understanding is that Tor encrypts both the content of a data packet and also the header. It encrypts the packet and header three times on the client (my computer) and then at each node one layer is decrypted until the data packet and header are decrypted to plaintext at the final exit node (except when TLS is used). Right? The Tor FAQ says Tor is not illegal anywhere in the world. Can that really be the case? What about North Korea for example? Tor as a specific tool might not be specifically illegal but surely it would fall under the rubric of some kind of stupid prohibition? Just wondering.
How to find exit nodes by location?
I am wondering if there is a way to select a specific US state when using StrictExitNodes? For example, if I wanted an exit node in Maryland or Virginia is there a way to locate one? Thanks.
Re: How to use Google Gadgets with Tor? - Is this possible?
Let's try some science. We need a control, so lets create a blank Firefox profile. This requires running firefox with a command of 'firefox -P'. This will bring up the profile window and then you can create a blank profile and try to set your proxy to use Tor and try it again, and then try non-Tor. Then we can see if you get the same exact results, or if your old profile got damaged by one of your addons (it can happen). If the issue does *not* happen with a fresh profile, try adding your addons back one at a time until it does. Then maybe we can get somewhere. http://support.mozilla.com/en-US/kb/Managing%20profiles http://kb.mozillazine.org/Profile_Manager Mike - I'm not sure what happened before. I now am able to use Twitter inside Gmail with Tor, TorButton, and NoScript. I have to do considerable accepting of various sites to get NoScript to function (since so much is being loaded from non-Gmail locations) but then it works just as if I was using Gmail without any proxies or add-ons. Thanks for your help! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
How to use Google Gadgets with Tor? - Is this possible?
This post is similar to the problems people have been having with cookies and Gmail when using TorButton. In this case within Gmail I enabled add any gadget by URL and then added Twitter (https://twittergadget.appspot.com/gadget-gmail.xml). Without Tor when I click on the Twitter icon the Twitter feed appears in place of whatever Gmail folder I was currently browsing. (This happens once I have logged in to Twitter for the first time and therefore connected the accounts). To cut a long story short after having removed TorButton, NoScript, and HTTPS-Everywhere and therefore leaving just Tor I still cannot get Twitter to work from Gmail. I am using Firefox. The Twitter icon and drop-down box partially loads (but not as normal when I am not using Tor). Clicking on it appears to load some Twitter functions e.g. transfering data from twittergadget.appspot.com but Twitter does not load. Eventually all loading messages just stop and the screen stays as Gmail. The only about:config entry about Twitter is extensions.https_everywhere.Twitter which is presumably irrelevant if I have removed HTTPS-Everywhere. Can anyone suggest what modifications are needed to achieve a workaround or if what I am trying to do is not viable. Thanks.
Re: How to use Google Gadgets with Tor? - Is this possible?
On 15/01/11 19:02, Mike Perry wrote: Thus spake Matthew (pump...@cotse.net): To cut a long story short after having removed TorButton, NoScript, and HTTPS-Everywhere and therefore leaving just Tor I still cannot get Twitter to work from Gmail. I am using Firefox. The Twitter icon and drop-down box partially loads (but not as normal when I am not using Tor). Clicking on it appears to load some Twitter functions e.g. transfering data from twittergadget.appspot.com but Twitter does not load. Eventually all loading messages just stop and the screen stays as Gmail. I've noticed that some mashup services mysteriously break when Google decides to give them/you a captcha. This could be happening to you. You could try to solve a google captcha by issuing some queries and/or using Google maps first, to see if this makes any difference. Usually once you have the cookies for a session that solves a captcha, Google does not make you solve another. Mike - thanks for your advice. This is not an issue for me. I do not get a captcha. You could also install an addon to observe the requests your browser uses in both non-Tor and Tor accesses of this gadget to see if the requests appear different for some reason. That may help diagnose the cause: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/ I installed this add-on. I wiped my cache and cookies and used the headers and generator tabs with just Polipo and Tor running (no TorButton, NoScript, etc). Then I logged into Gmail and waited until everything fully loaded then clicked the Twitter icon and waited until Twitter fully loaded (although as mentioned one does not see the Twitter screen when using Tor). There were two warnings from the headers that looked like this: Server: Apache/2.2.3 (CentOS) X-Powered-By: PHP/5.1.6 Set-Cookie: PHPSESSID=crm7nfld6en7aei64tnhmkif72; path=/ Pragma: no-cache Content-Type: text/html; charset=UTF-8 Age: 1 Connection: keep-alive Warning: 110 localhost:8118 Object is stale These warnings did not appear in the headers when doing the same action in a non-Tor state. I can only find this exact text once and it does not refer to Tor: http://www.visualwebripper.com/forum/yaf_postst223_Add-option-to-change-the-request-header-on-link-templates-input-data-etc-.aspx The HTTP-headers addon generated 120K of text from the headers and generator tabs simply from attempting to load Twitter with Tor. Therefore there may well be other content of interest which I did not notice but the two warnings were the most overt. Any ideas? Thanks! https://addons.mozilla.org/en-US/firefox/addon/tamper-data/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: blutmagie law enforcement inquiry stats
On 10/01/11 21:00, Olaf Selke wrote: However I'm not sure what will happen at certain country's airport immigration. What does this mean? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Cookie Mismatch when using Gmail.
extensions.torbutton.regen_google_cookies;false extensions.torbutton.reset_google_cookies;false extensions.torbutton.xfer_google_cookies;true Try changing this last setting (extensions.torbutton.xfer_google_cookies) to false. It is designed to try to move your google cookies from one domain to another to avoid requiring you to solve captchas for every google country domain. It could be breaking something in the signon process, especially if you get redirected to/from a country domain during login (by using a german exit, for example). Thanks Mark - this works for me. Is there a way that this modification could be mentioned in the documentation? From what you are saying it would be best to keep the about:cache value as true. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Fwd: Re: Cookie Mismatch when using Gmail.
Sorrythanks Mike (not Mark)! Original Message Subject:Re: Cookie Mismatch when using Gmail. Date: Sun, 09 Jan 2011 16:10:49 + From: Matthew pump...@cotse.net To: or-talk@freehaven.net extensions.torbutton.regen_google_cookies;false extensions.torbutton.reset_google_cookies;false extensions.torbutton.xfer_google_cookies;true Try changing this last setting (extensions.torbutton.xfer_google_cookies) to false. It is designed to try to move your google cookies from one domain to another to avoid requiring you to solve captchas for every google country domain. It could be breaking something in the signon process, especially if you get redirected to/from a country domain during login (by using a german exit, for example). Thanks Mark - this works for me. Is there a way that this modification could be mentioned in the documentation? From what you are saying it would be best to keep the about:cache value as true.
Re: Cookie Mismatch when using Gmail.
I wonder if any kind soul can help. My understanding is that this conflict between aspects of Gmail and Torbutton is hardly unique to me. On 05/01/11 11:25, Matthew wrote: More information appended at the end. I login to Gmail as normal. I go to Settings / Accounts and Import / Change Account Settings - Google Account Settings. When I click on that link the URL changes to https://www.google.com/accounts/CookieMismatch and the screen shows. We've detected a problem with your cookie settings. Enable cookies Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions http://www.google.com/support/websearch/bin/answer.py?answer=35851hl=en. Clear cache and cookies If you have cookies enabled but are still having trouble, clear your browser's cache and cookies http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=32050. Adjust your privacy settings If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add *www.google.com http://www.google.com* to your list of allowed sites. Learn more http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=39612 To add some more information: Vidalia + NoScript does not present any cookie issues. I can access Account Settings. The problem is when TorButton is used. I then used TorButton's preferences to remove all the protections by unticking as much as possible (effectively making TorButton worthless). I still get the same error! I rebooted and cleaned the cache and cookies and still I cannot access the Account Settings aspect of Gmail. It is as if TorButton per se is the issue irrespective of any security settings it uses. In my Firefox cookie section I have cookies for mail.google.com that read: GX, GXSP, gmailchat, TZ, GMAIL_AT, and S. Yet Gmail still claims that cookies are not installed. I did an about:cache and then searched for torbutton. There were about 100 entries which include: extensions.torbutton.regen_google_cookies;false extensions.torbutton.reset_google_cookies;false extensions.torbutton.xfer_google_cookies;true I did change regen_google cookies to true but this did not change anything. Perhaps one needs to change certain entries in about:config to affect TorButton's interactions with Gmail? Any ideas from TorButton developers? Thanks.
Re: Tor and google groups
On 05/01/11 09:04, M wrote: Yes, but I have a nice collection of SIM cards from various countries... Every time I travel (twice a month at least) I bring back some SIM cards for this kind of work... I am under the impression that in most countries you have to show ID which is copied to obtain a SIM? This was my experience in Spain for example. Maybe you should start up a gmail activation service! Or at least for us here in the group!
Re: Cookie Mismatch when using Gmail.
More information appended at the end. I login to Gmail as normal. I go to Settings / Accounts and Import / Change Account Settings - Google Account Settings. When I click on that link the URL changes to https://www.google.com/accounts/CookieMismatch and the screen shows. We've detected a problem with your cookie settings. Enable cookies Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions http://www.google.com/support/websearch/bin/answer.py?answer=35851hl=en. Clear cache and cookies If you have cookies enabled but are still having trouble, clear your browser's cache and cookies http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=32050. Adjust your privacy settings If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add *www.google.com http://www.google.com* to your list of allowed sites. Learn more http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=39612 To add some more information: Vidalia + NoScript does not present any cookie issues. I can access Account Settings. The problem is when TorButton is used. I then used TorButton's preferences to remove all the protections by unticking as much as possible (effectively making TorButton worthless). I still get the same error! I rebooted and cleaned the cache and cookies and still I cannot access the Account Settings aspect of Gmail. It is as if TorButton per se is the issue irrespective of any security settings it uses. In my Firefox cookie section I have cookies for mail.google.com that read: GX, GXSP, gmailchat, TZ, GMAIL_AT, and S. Yet Gmail still claims that cookies are not installed. I did an about:cache and then searched for torbutton. There were about 100 entries which include: extensions.torbutton.regen_google_cookies;false extensions.torbutton.reset_google_cookies;false extensions.torbutton.xfer_google_cookies;true I did change regen_google cookies to true but this did not change anything. Perhaps one needs to change certain entries in about:config to affect TorButton's interactions with Gmail? Any ideas from TorButton developers? Thanks.
Re: Tor and google groups
On 05/01/11 19:25, Andrew Lewman wrote: On Wed, 05 Jan 2011 19:18:09 + Orionjur Tor-admintor-ad...@orionjurinform.com wrote: Is it very difficult to buy a SIM without showing ID in the USA or countries of Western Europe? Sorry for such off topic but it is very interesting to know are there any countries in Western Europe or states of the USA when it is possible to buy a SIM without showing your ID with accordance to local law? My $0.02 from buying SIM cards all over the world, I show them my CostCo Club photo id. In Hong Kong they wrote down my first/last name as cost co. No one has photocopied the ID yet. Many shops ask for it and then do nothing with it. As explained to me in Belgium, the law says they have to see an ID, not record, write down, and register the sim in your name. Maybe I just found a cool shop by accident. Have you tried this in Spain? In Madrid the shop photocopied the back page of my passport. In London, by comparison, one can buy as many SIMs as one wants without ID from any number of corner shops. http://boingboing.net/2010/09/09/china-to-end-anonymo.html - read the comments especially Anon at 6:59PM. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Cookie Mismatch when using Gmail.
Hello, Here is what happens: I login to Gmail as normal. I go to Settings / Accounts and Import / Change Account Settings - Google Account Settings. When I click on that link the URL changes to https://www.google.com/accounts/CookieMismatch and the screen shows. We've detected a problem with your cookie settings. Enable cookies Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions http://www.google.com/support/websearch/bin/answer.py?answer=35851hl=en. Clear cache and cookies If you have cookies enabled but are still having trouble, clear your browser's cache and cookies http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=32050. Adjust your privacy settings If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add *www.google.com* to your list of allowed sites. Learn more http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=39612 I am using TorButton and NoScript and Gmail and Gstatic are considered trusted. JS is on. Cookies are on. I can see them in Firefox Privacy settings. I have deleted the cache, deleted cookies, rebooted Firefox, etc, but I cannot enter the Google Account Settings link. All other parts of Gmail work fine. Without using the Vidalia bundle I can login to the Account Settings with no problems. Does someone know how to deal with this cookie issue? Thanks.
Re: Tor and google groups
On 03/01/11 07:55, forc...@safe-mail.net wrote: Hello! Though I could open an account at gmail, it is impossible to login to post in google groups. I am told, whetever the exit node is, Your browser's cookie functionality is turned off. Please turn it on.. First, did you have to go through SMS verification to open a Gmail account? Second, I also have had the same problem apropos cookie functionality. There appears to be no rationale. I have found that deleting the cache and re-opening Firefox works sometimes but you have to play about with it. I am using Tor, Privoxy, Firefox and Torbutton, both in their last updated releases for Win7. Should you not be using Polipo rather than Privoxy? Perhaps other people can comment on this? Any suggestion? Thank you, and best wishes for 2011, hoping censorship will give up... I have a dream :( *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: The Skype begin refusing payments making on their site through the Tor
On 04/01/11 06:54, James Brown wrote: The Skype begin refusing payments making on their site through the Tor: I cannot make payments to them from my credit card about a half of month. Today I find in their FAQ that one of possible causes of that is Using an anonymous proxy to access the internet. Could this be because the exit node you are using is not located in the same country where your credit card is registered and so Skype are deploying their anti-fraud system? (Their technical support could not inform me about concret causes of that problem). It seems as a next step of attack of anonymity enemies against making payments with using the Tor. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Verification of Package Files When Using Sources.List.
I did post this before in November but got no responses. Hopefully this wasn't because the question was so dumb. - My /etc/apt/sources.list contains: deb http://deb.torproject.org/torproject.org lucid main In the authentication section of my software sources I have a deb.torproject.org archive signing key dated 2009-09-04 with a value 886DDD89. I was looking at the page which explains how to verify signatures for downloads: https://www.torproject.org/docs/verifying-signatures.html.en If one is not directly downloading but using the sources.list file is the authentication section adequate to verify the validity of the downloads? Thanks
Re: Any way to secure/anonymize ALL traffic?
On 23/12/10 14:21, Praedor Atrebates wrote: Got it now. Now when I point to 127.0.0.1 I get places. Now the question is, how can one test whether or not their DNS is leaking? There is the tor status page that can tell you whether or not you are using tor but what about something equivalent to test your DNS anonymity? praedor It will depend on whether you are using Tor (or, for example, a VPN). If you are using Tor then look at the Message Log (in Vidalia). It will warn you if there is leakage based on your websurfing. If you have set-up Tor properly in Firefox the proxy settings box the you should have no problems. Along with using NoScript and TorButton to prevent Flash problems (as you previously mentioned). If you are using a VPN then try nslookup For example nslookup yahoo.com provides: Server:80.254.79.157 Address:80.254.79.157#53 Non-authoritative answer: Name:yahoo.com Address: 209.191.122.70 Where 80.254.79.157 is my VPN's DNS IP (rather than my ISP's DNS IP or 192.168.2.1#53 if you are using NAT). On Wednesday, December 22, 2010 12:03:49 pm you wrote: Praedor Atrebates, on 12/22/2010 05:41 PM, wrote: and also altered my resolv.conf (linux) so that it reads: namserver 127.0.0.1 as per the instructions, however, when I alter the resolv.conf file thus I lose the ability to resolve any addresses. Something must be missing. Do you have a nameserver running on your localhost, 127.0.0.1, like Bind? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Any way to secure/anonymize ALL traffic?
On 22/12/10 13:38, Praedor Atrebates wrote: I have always been disturbed by the fact that javascript or flash can sidestep tor and give away your real IP. Are you sure that JavaScript can give away your IP? Flash can - but my understanding is that JavaScript cannot. As another poster noted though: JS is great for providing browser and system information such as the local time zone. Is there truly no way to control one's own computer so that any and ALL traffic that goes out to the ethernet port or wlan gets directed through tor no matter what? Can any combination of software and hardware prevent software on one's own computer from acting the way someone else wants rather than as the owner wants? I would love to be able to use javascript and flash (some site require one or the other or both to be functional) and know that ANY traffic that exits my own system WILL be directed through the tor network. Three suggestions: a) Use Tor with TorButton and NoScript which will deal with your Flash / JavaScript issues. It is impractical to turn JavaScript off and a few sites like YouTube demand Flash. b) Make sure you wipe your cache and your Flash Cookies. Are you using Windows or Linux? For Ubuntu you need to wipe the .adobe and .macromedia folders. c) Why not use Tor with a commercial VPN. The VPN (providing it does DNS resolution) will route all traffic and then you can use specific applications like Firefox or Pidgin to work with Tor. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor 0.2.2.19-alpha is out
Can I please clarify something. The latest stable release for Windows and Ubuntu is called 0.2.1.27. My version for Ubuntu is 0.2.1.26. If one has placed the correct commands in one's /etc/apt/sources.list as detailed here (https://www.torproject.org/docs/debian.html.en) then why is it that Synpaptic Package Manager has not asked me if I want to download 0.2.1.27? I have also just done sudo apt-get upgrade and sudo apt-get update and still I am using 0.2.1.26. I see that you can manually download and install the 0.2.1.27 with the tarball but here (https://www.torproject.org/docs/tor-doc-unix.html.en) the page says to use the sources.list option if one is using Ubuntu. I am curious how to get 0.2.1.27 in the preferred way when using Ubuntu. Thanks! On 25/11/10 23:41, Roger Dingledine wrote: Yet another OpenSSL security patch broke its compatibility with Tor: Tor 0.2.2.19-alpha makes relays work with OpenSSL 0.9.8p and 1.0.0.b. https://www.torproject.org/download/download Changes in version 0.2.2.19-alpha - 2010-11-21 o Major bugfixes: - Resolve an incompatibility with openssl 0.9.8p and openssl 1.0.0b: No longer set the tlsext_host_name extension on server SSL objects; but continue to set it on client SSL objects. Our goal in setting it was to imitate a browser, not a vhosting server. Fixes bug 2204; bugfix on 0.2.1.1-alpha. o Minor bugfixes: - Try harder not to exceed the maximum length of 50 KB when writing statistics to extra-info descriptors. This bug was triggered by very fast relays reporting exit-port, entry, and dirreq statistics. Reported by Olaf Selke. Bugfix on 0.2.2.1-alpha. Fixes bug 2183. - Publish a router descriptor even if generating an extra-info descriptor fails. Previously we would not publish a router descriptor without an extra-info descriptor; this can cause fast exit relays collecting exit-port statistics to drop from the consensus. Bugfix on 0.1.2.9-rc; fixes bug 2195.
Do I need an updated .torrc file?
Hello, My .torrc file says: ## Configuration file for a typical Tor user ## Last updated 12 April 2009 for Tor 0.2.1.14-rc. ## (May or may not work for much older or much newer versions of Tor.) Do I need to get a new .torrc version? I have had a look online and cannot find a template. I am using the latest version (0.2.1.26) so see no reason to install from scratch. Any suggestions? Thanks.
SOCKS 4a or SOCKS 5 when using Polipo?
Hello, According to the Tor manual (https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#IkeepseeingthesewarningsaboutSOCKSandDNSandinformationleaks.ShouldIworry) one should use SOCKS 4a. AIUI, Polipo or Privoxy are used as HTTP proxies which then allow the client (Firefox) to speak to Tor as SOCKS 4a (therefore providing hostnames rather than already resolved IP addresses as with SOCKS 4 or 5). I therefore do not understand why in the Tor version of the Polipo configuration file (https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf) it says: # Uncomment this if you want to use a parent SOCKS proxy: socksParentProxy = localhost:9050 socksProxyType = socks5 I am going to assume that the need to use a HTTP proxy no longer exists and Firefox used as a SOCKS 5 client allows Tor to do DNS resolutions remotely? Could someone please explain or confirm this? Many thanks.
StrictNodes or StrictExitNodes?
I think I am correct to say that StrictExitNodes has been negated in favour of StrictNodes. However, when I use StrictExitNodes 1 I have no problems. When I use StrictNodes 1 and have viable ExitNodes then Vidalia gives the error: Vidalia detected that the Tor software exited unexpectedly. I am using 0.2.1.26 on Ubuntu 10.04. Thanks.
Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
On 28/10/10 00:41, Joe Btfsplk wrote: On 10/27/2010 2:35 PM, krishna e bera wrote: The bad advice may be a misinterpretation or poor rephrasing of this advice in the Tor FAQ Wiki: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhyisitbettertoprovideahiddenserviceWebsitewithHTTPratherthanHTTPSaccess *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Isn't the linked article kinda out dated? It's still talking about Privoxy. I'm no expert, but I don't follow the article, as relates to Tor / Polipo / Torbutton now. I am sure that Roger Dingledine's comment explains some of the errors and is based on the difference between Privoxy and Polipo when dealing with HTTPS. However, a) the information is still on the web; b) if you go to http://ht4w.co.uk/ you will see that the Introduction is dated 23 January 2010 which implies the information is up-to-date; c) a neophyte would not necessarily understand the most recent incarnations of Tor / Polipo / TorButton. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Hello, There is a Hints and Tips for Whistleblowers Guide available at http://ht4w.co.uk/. The section on proxies includes Tor-related information which I fail to understand: You may actually get more anonymity when using the Tor cloud by *not* using the https:// version of a web page (if there is an alternative, unencrypted version available), since all the Tor traffic is encrypted anyway between your PC and the final exit node in the Tor cloud, which will probably not be physically in the United Kingdom. ---I have no idea what this means. I thought the whole point of using https:// was to prevent Tor exit nodes from snooping and / or potentially injecting content. This applies especially to websites like the reasonably anonymous whistleblowing website _wikileaks.org http://wikileaks.org/_ (based in Sweden) , which offer both http://, https:/and Tor Hidden Service methods of uploading whistleblower leak documents, but who tend to, mistakenly, insist on using https:// encryption for when someone comments on their wiki discussion pages. When (not if) the wikileaks.org servers, or a blog or a discussion forum like the activist news site _Indymedia UK http://www.indymedia.org.uk/_ are physically seized (this happened to IndyMedia UK at least 3 times now) , this may, in some circumstances, betray the real IP addresses of commentators with inside knowledge of a whistleblower leak i.e. suspects for a leak investigation. -How on earth can it be mistaken to insist on using https:// encryption? Why would using https:// betray the real IP addresses?
DNS with Tor (compared to VPNs).
AIUI here is the DNS situation (leaks) when using an ISP, a VPN, and Tor. Can someone please correct me if I am wrong / inaccurate. If I am using my ISPs DNS then they can log the websites via my DNS requests. If I am using a commercial VPN then the VPNs DNS logs the websites. However, my ISP does not see the DNS requests (or the website since all traffic flows through the encrypted VPN). If I am using Tor then all DNS resolution is done by the Tor exit node. No DNS requests leave my computer unencrypted - unlike in the previous two examples.
Virtual Machines - what is their use?
Hello, There are, from time to time, exhortations to use Virtual Machines alongside Tor. If an individual is using Tor, Polipo, Torbutton, NoScript, and BetterPrivacy then why is a VM needed? How can VMs improve one's Tor experience? Thanks.
Updated standard .torrc online?
My .torrc file says: Last updated 12 April 2009 for Tor 0.2.1.14-rc Does this matter (is it outdated) and, if so, is their a way to get the latest .torrc file without having to install from scratch? Thanks.
Are these torrc entries necessary?
Probably well over a year ago Tor seemed really slow and I wanted to speed it up. These settings were recommended (I can't find the website now). CircuitBuildTimeout 30 NumEntryGuards 6 KeepalivePeriod 60 NewCircuitPeriod 15 Are these valid today? AIUI Tor is way faster than it was a year or so ago? Thanks.
DNS issue: Tor works great but VPNs do not - why?
I am on a University network. I do not have control of my DNS settings. When I use OpenDNS, for example, I cannot get any connection. This is understandable. Tor works fine and, as we know, DNS resolution is done at the last exit node. However, I cannot use a VPN. I have tried Perfect Privacy and SwissVPN. My understanding is that VPNs also do the DNS resolution at the end of the tunnel. Can anyone tell me why, if both Tor and VPNs do the DNS resolution remotely, that Tor works but VPNs do not on my network? Thanks.
Re: BetterPrivacy - necessary?
IMHO its important to suppress active content (Flash, ActiveX, Silverlight, JavaScript etc.) and other junk and therefor I prefer 'Privoxy' [1] instead of Polipo. I concur but doesn't TorButton do all this suppression? That said: what was the rationale in moving from Privoxy to Polipo? Did it happen because TorButton became standard? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
BetterPrivacy - necessary?
I currently use Tor + Polipo + Torbutton + NoScript. Obviously there are other add-ons for Firefox out there such as BetterPrivacy. Are any other add-ons necessary or would people suggest I am now fully protected? Thanks.
Re: How does Gmail know my local time zone (therefore ignoring the time zone of the Tor exit node) and what else can it see?
On 05/09/10 21:11, Geoff Down wrote: On Sun, 05 Sep 2010 19:55 +0100, Matthewpump...@cotse.net wrote: Hello, I have yet another question that relates to the effectiveness of Tor. Gmail (and therefore presumably other webmail operators) knows my computer's time zone. It does not know the time per se but the time zone as set (in Ubuntu) through clicking on the clock, selecting preferences, then choosing location. Obviously this ignores the time (based on the location) of the Tor exit node. I do not know how Gmail knows my computer's time zone, and, in which case, what other local information it can know. Does anyone know how Gmail can do this and what other information from the client computer can be viewed. In other words, why can Gmail not, in theory, also view the real local IP? Thanks. Did you select a time zone when you set up the account? I assume you are using Torbutton, which blocks Javascript being used to read your local clock. GD AIUI, Gmail uses JavaScript to detect the time zone (but not the time) on the client machine. When I use NoScript with Gmail as untrusted, Gmail cannot use JavaScript. Changing the time zone settings (for example to something five hours behind my real time zone) does not then change the time at which e-mail appears to arrive in the Gmail inbox since this requires JavaScript which is not used since Gmail is considered untrusted. However, since many websites do require JavaScript, whether or not one is using NoScript and / or TorButton, my question was: If Gmail can get the time zone via JavaScript (when the client is using Tor) then why can it not get the real IP also via JavaScript (when the client is using Tor)? I don't think it can get the real IP since I have used various tests including http://www.decloak.net/ and Tor with JavaScript does not reveal the real IP. But why not? Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
How does Gmail know my local time zone (therefore ignoring the time zone of the Tor exit node) and what else can it see?
Hello, I have yet another question that relates to the effectiveness of Tor. Gmail (and therefore presumably other webmail operators) knows my computer's time zone. It does not know the time per se but the time zone as set (in Ubuntu) through clicking on the clock, selecting preferences, then choosing location. Obviously this ignores the time (based on the location) of the Tor exit node. I do not know how Gmail knows my computer's time zone, and, in which case, what other local information it can know. Does anyone know how Gmail can do this and what other information from the client computer can be viewed. In other words, why can Gmail not, in theory, also view the real local IP? Thanks.
What are these entries in my connections tab (using Vidalia GUI)?
I have StrictExitNodes = 1 and this is the exit node wollwoll. When I look at the Vidalia GUI the connections show: Lifuka, india533, 5aColuna01 williamhaines, bp1, PPrivCom032 birdbrain, torserversNet4, wollwoll Roo8Peik, tornodeviennasil, wollwoll All checks with www.ip2location.com or www.whatismyip.com show wollwoll is the exit server. When I connect to any website it appears in the connections as being connected via the last entry. What, then, is the point of entries one and two where the exit node is not the one demanded in StrictExitNodes? Thanks.
Re: What are these entries in my connections tab (using Vidalia GUI)?
Thanks Roger - I appreciate this explanation. I will read the document you recommended. On 30/08/10 08:59, Roger Dingledine wrote: On Mon, Aug 30, 2010 at 08:51:47AM +0100, Matthew wrote: I have StrictExitNodes = 1 and this is the exit node wollwoll. When I look at the Vidalia GUI the connections show: Lifuka, india533, 5aColuna01 williamhaines, bp1, PPrivCom032 birdbrain, torserversNet4, wollwoll Roo8Peik, tornodeviennasil, wollwoll All checks with www.ip2location.com or www.whatismyip.com show wollwoll is the exit server. When I connect to any website it appears in the connections as being connected via the last entry. What, then, is the point of entries one and two where the exit node is not the one demanded in StrictExitNodes? These are internal circuits, built without any plans to exit to external services, but instead ready to handle hidden service requests. Tor starts out thinking maybe you'll interact with hidden services, so it builds some circuits for them preemptively. If an hour passes and you don't use them, it closes them and doesn't build any new ones. You may find the in-progress path-spec document useful: https://gitweb.torproject.org/tor.git/blob_plain/HEAD:/doc/spec/path-spec.txt See sec 2.1.1 in particular. --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Google and Tor.
On numerous occasions when using Google with Tor (yes, I know there are other options like Scroogle) it claims I might be sending automated queries and gives me a CAPTCHA. Sometimes this allows me to search; other times I am caught in a loop and am constantly send back to the CAPTCHA screen. I am wondering why Google does not deal with this. I can understand that if dozens of people are using the same IP then some sites think zombies are being used. But if the IP is a Tor node then this is not the case. Google could surely exclude these Tor IPs. So my question is: why don't they? What are the politics behind their decision not to acknowledge Tor exit nodes as bona fide?
Re: Google and Tor.
On 25/08/10 15:38, Gregory Maxwell wrote: On Wed, Aug 25, 2010 at 6:28 AM, Matthewpump...@cotse.net wrote: On numerous occasions when using Google with Tor (yes, I know there are other options like Scroogle) it claims I might be sending automated queries and gives me a CAPTCHA.Ă‚ Sometimes this allows me to search; other times I am caught in a loop and am constantly send back to the CAPTCHA screen. I am wondering why Google does not deal with this.Ă‚ I can understand that if dozens of people are using the same IP then some sites think zombies are being used.Ă‚ But if the IP is a Tor node then this is not the case.Ă‚ Google could surely exclude these Tor IPs. So my question is: why don't they?Ă‚ What are the politics behind their decision not to acknowledge Tor exit nodes as bona fide? Really? This isn't obvious? Would I have asked if it was obvious? People are running automated datamining queries _via tor_ in order to gain control of more IPs and avoid being blocked. What is a datamining query exactly? Is this what I would call typing some text into the search box and pressing enter? And how does entering a datamining query allow one to gain control of more IPs? And being blocked - from what? Totally confused. Even if they weren't, they'd certainly start if Google exempted tor exits. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PayPal is not the only organization that blocks Tor.
On 23/08/10 23:21, Jonathan Lassoff wrote: On Mon, Aug 23, 2010 at 1:18 PM, Matthewpump...@cotse.net wrote: It is also worth noting that Craigslist prevents the use of Tor albeit in a very strange way. If you try to post using Tor the ad will be permitted at first and people can contact you. However, after about 15 minutes (and it is always about 15 minutes) the post is flagged and disappears. This happens even if the exit node is in the same location as the section where you are trying to place the ad e.g. using a Californian exit server and the ad is something to do with California. I can understand that every day or week the Craigslist system has a look at the Tor exit nodes directory and therefore can identify Tor nodes. What I fail to understand is why the Craigslist policy is to permit the posting then flag it after 15 minutes or so? Is this automatic? Is it human? I find it bizarre. What might be the reasons? That's interesting. I haven't tried this myself, but I would imagine it may have to do with the way that craigslist generates their pages. I could be very wrong, but I think that they're regularly generating static pages to be served rather than making them dynamically. For example, if you're searching for a popular term or watching a popular category, the page for a search only seems to get updated every 15 - 20 mins at which point several new entries will show up. Maybe posts created from tor exit nodes are flagged in this automatic page regeneration? Sorryto expand slightly - they must have a stage-based process. They post new pages every 10 minutes or so (so statically served) then check the IPs which posted all new ads every 20 minutes or so. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: The team of PayPal is a band of pigs and cads!
On 24/08/10 11:09, Michael Scheinost wrote: On 08/23/2010 10:04 PM, David Carlson wrote: I am a newbie here. Since they use SSL, isn't it overkill to route your connection through Tor? I know it is a pain to switch Tor on and off No, it's not an overkill since tor does not provide end-to-end encryption, but anonymity on the level of IP addresses. Actually it is highly recommended to use tor with ssl secured services: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#CanexitnodeseavesdroponcommunicationsIsntthatbad michael There are two different issues here: privacy and anonymity. In terms of privacy (shielding your content from your ISP for example), the danger with using Tor without SSL is that the exit node can sniff your traffic (as can your ISP or any router between you and your destination unless you use SSL - this is, of course, when you are not using Tor) and the exit node can also inject malicious content. The solution is to use Tor with SSL. Go to www.scroogle.org when using Tor and it will ask you to use its SSL service because, as it says, an exit node can potentially sniff your traffic. When using Scroogle with its SSL service, any exit nodes cannot sniff or inject because even though the content is decrypted by the exit node (which is essential since the exit node needs to provide your request to the destination website in a manner than the website can understand), the content is still SSL'd (until it is un-SSL'd at the final website). The other point of using Tor is to achieve anonymity. By hiding your real IP you can log into sites without compromising who you are based on your static or NAT'd IP. In his specific case, however, the anonymity issue would probably be a moot point if he is logging into his actual PayPal account, and therefore I suspect he simply wants to use Tor on principle. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
PayPal is not the only organization that blocks Tor.
It is also worth noting that Craigslist prevents the use of Tor albeit in a very strange way. If you try to post using Tor the ad will be permitted at first and people can contact you. However, after about 15 minutes (and it is always about 15 minutes) the post is flagged and disappears. This happens even if the exit node is in the same location as the section where you are trying to place the ad e.g. using a Californian exit server and the ad is something to do with California. I can understand that every day or week the Craigslist system has a look at the Tor exit nodes directory and therefore can identify Tor nodes. What I fail to understand is why the Craigslist policy is to permit the posting then flag it after 15 minutes or so? Is this automatic? Is it human? I find it bizarre. What might be the reasons?
Re: Why does Gmail claim Tor IPs are located in one country when blutmagie.de claims they are located in a different country?
I go to http://torstatus.blutmagie.de/ and have a look at the exit node gigatux called emohawk2.gigatux.com and located at 78.129.201.189. This appears to be located in the UK according to blutmagie.de. whois and RIPE agree with blutmagie. Gmail is wrong. Perhaps they use different geoip databases. If you look at your circuits, are you exiting from the UK or do you have split circuits where some may be going to gstatic.com through another place? I am not sure what split circuits are but I assume it is where multiple exit nodes are used to access the website. In this case I was using gigatux with StrictExitNodes = 1 so AIUI all traffic is accessing Gmail (and therefore gstatic.com) via one node based in the UK. --- I don't know if anyone else has experimented with using Gmail and Tor, but the majority of the time Gmail gives a totally different location to the real exit node location. I would be interested to know why this might be. I always check Gmail with StrictExitNode = 1. I find it hard to understand why Gmail is consistently incorrect. Perhaps the problem is with me - maybe the split circuits referred to above? Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Why does Gmail claim Tor IPs are located in one country when blutmagie.de claims they are located in a different country?
I go to http://torstatus.blutmagie.de/ and have a look at the exit node gigatux called emohawk2.gigatux.com and located at 78.129.201.189. This appears to be located in the UK according to blutmagie.de. whois and RIPE agree with blutmagie. Gmail is wrong. Perhaps they use different geoip databases. If you look at your circuits, are you exiting from the UK or do you have split circuits where some may be going to gstatic.com through another place? I am not sure what split circuits are but I assume it is where multiple exit nodes are used to access the website. In this case I was using gigatux with StrictExitNodes = 1 so AIUI all traffic is accessing Gmail (and therefore gstatic.com) via one node based in the UK. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Why does Gmail claim Tor IPs are located in one country when blutmagie.de claims they are located in a different country?
Hello, I don't understand this. I go to http://torstatus.blutmagie.de/ and have a look at the exit node "gigatux" called emohawk2.gigatux.com and located at 78.129.201.189. This appears to be located in the UK according to blutmagie.de. When I go to www.ip2location.com it tells me: IP Address : 78.129.201.189 Location : UNITED KINGDOM, Latitude / Longitude : 54.15 LATITUDE, -4.473 LONGITUDE Connecting through : RAPIDSWITCH LTD However, when I log into Gmail and click the "details" button which provides me with the "Activity Information" I am informed that: This computer is using IP address 78.129.201.189. (United States (MA) This is not the first time I have seen Gmail (Google Mail) claim an exit node is from a location which exit node websites (like blutmagie.de) disagree. Why in this case, for example, is Gmail claiming the exit node IP is in the USA rather than the UK? Thanks!
Tor nodes with idenitical names.
If one goes to, for example, http://torstatus.blutmagie.de/ one can see many nodes, all called Unnamed. How can such nodes be specifically referred to if one is using StrictExitNodes =1? Thanks.
Selecting an Exit Server By State?
Is there a way to select an exit server by state? For example, choosing a working exit server in California? Thanks.
Re: Updating (was Flash Cookies and Tor).
an easier consideration, are you consistent about always using a recent and signature verified release of the browser bundle? Just to clarify: In my sources.list file I have: deb http://deb.torproject.org/torproject.org karmic main And I previously followed the instructions here: http://www.torproject.org/docs/debian.html.en#ubuntu best regards, *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Flash Cookies and Tor.
Thanks - Please see below for one more question / concern. Can these cookies have connected my static non-Tor IP and the various Tor IPs... can the flash cookie connect to the website even when flash is turned off? nope, as long as you NEVER, EVER, NOT EVEN ONCE have Flash enabled while using Tor. or anything with privs (extensions, other plug-ins) that have access to the local store, or other situations where remote disclosure of local file content may occur. OK, to continue this - in the past I did use Tor with Flash enabled after having Flash cookies on the hard drive from surfing when I was not using Tor. In your opinion, is it likely that some websites would use these Flash cookies to realise that the person surfing with Tor is the same person who was surfing days / weeks / months earlier when not using Tor? Would they then be able to connect non-Tor IPs to the person currently using Tor (me)? an easier consideration, are you consistent about always using a recent and signature verified release of the browser bundle? Yes! best regards, *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Flash Cookies and Tor.
Hello, When I use Tor, I disable Flash. However, when not using Tor, sometimes I do use Flash. I was surprised today to discover in my .macromedia folder on Ubuntu dozens of flash cookies. Can these cookies have connected my static non-Tor IP and the various Tor IPs. In other words, if when using Tor I go to www.yahoo.com http://www.yahoo.com can Yahoo know my real IP based on the flash cookie it sent me when I connected earlier when not using Tor? And can the flash cookie connect to the website even when flash is turned off? I assume not - but I don't know this. Thanks.
Tor and DNS.
Hello, This is, I am sure, a simple Tor-DNS question, but I would appreciate it if someone could confirm my understanding of how this system works. Normally (without Tor) when someone requests a website the URL has to be converted into the IP address. Therefore, a) the user's cache is checked for this connection between URL and IP b) if the cache does not have the IP then the ISP's DNS is checked c) and if the ISP's DNS does not have the IP then the ISP's DNS requests it from the DNS server where the domain is registered which then directs the user to the hosting location. However, with Tor and Polipo, then DNS request is routed through Polipo then through Tor's three nodes then the final exit node does the DNS resolution with the DNS server where the domain is registered (bypassing the local cache and ISP). I ask because I have a direct internet connection (no NAT) and do not own my network. Therefore, I cannot change the DNS settings in resolv.conf (to OpenDNS for example), nor can I use a VPN (which also requires changing DNS settings). However, Tor does work and the message log does not show any leakage. I just want to confirm that Tor and Polipo are, in fact, bypassing my ISP's DNS, and that what I have written above (however ineptly) seems correct. Thanks - much appreciated.
Re: Torbutton Documentation - Adversary Capabilities.
So to go back to the OP's question (my question)what do people think of my questions about JavaScript being able to obtain non-Tor IPs when wiping the cache? On 13/07/2010, at 6:47 AM, Matthew wrote: Hello, I have been reading the Torbutton documentation (thanks, guys) and have a question about the adversary capabilities. The first adversary capability is inserting javascript. The document says that If not properly disabled, Javascript event handlers and timers can cause the browser to perform network activity after Tor has been disabled, thus allowing the adversary to correlate Tor and Non-Tor activity and reveal a user's non-Tor IP address. The third adversary capability is inserting CSS. The document says that CSS can also be used to correlate Tor and Non-Tor activity and reveal a user's Non-Tor IP address, via the usage of CSS popups - essentially CSS-based event handlers that fetch content via CSS's DEFANGED_Onmouseover attribute. If these popups are allowed to perform network activity in a different Tor state than they were loaded in, they can easily correlate Tor and Non-Tor activity and reveal a user's IP address. I understand that Torbutton is useful for protecting privacy in multiple ways. But I would like to address this specific issue if I may. Let us imagine that a user surfs the net using Tor (and Polipo or Privoxy). He has JavaScript installed and uses it for all sites. He finishes his activities and then closes his browser. He then wipes the following files and directories (I am using Ubuntu as my example): /.mozilla/firefox/nameofuser/cookies.sqlite /.mozilla/firefox/nameofuser/downloads.sqlite /.mozilla/firefox/nameofuser/cookies.sqlite-journal /.mozilla/firefox/nameofuser/places.sqlite /.mozilla/firefox/nameofuser/places.sqlite-journal /.mozilla/firefox/nameofuser/formhistory.sqlite /.mozilla/firefox/nameofuser/Cache/ Now I assume that these Javascript events and handlers and the CSS handlers were downloaded into the Cache from when the user was browsing using Tor. They would then be deleted as detailed above. Therefore, when the user loads up Firefox and turns off the Tor proxy settings, presumably the potential for JavaScript or CSS to connect Tor and non-Tor activity and get the users real (non-Tor) IP address is no longer a concern? Is this correct? Or am I missing something? Just to re-state: I am only looking at this one issue - I am well aware of how useful Tor button is in other areas! Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Torbutton Documentation - Adversary Capabilities.
Hello, I have been reading the Torbutton documentation (thanks, guys) and have a question about the adversary capabilities. The first adversary capability is inserting javascript. The document says that If not properly disabled, Javascript event handlers and timers can cause the browser to perform network activity after Tor has been disabled, thus allowing the adversary to correlate Tor and Non-Tor activity and reveal a user's non-Tor IP address. The third adversary capability is inserting CSS. The document says that CSS can also be used to correlate Tor and Non-Tor activity and reveal a user's Non-Tor IP address, via the usage of CSS popups - essentially CSS-based event handlers that fetch content via CSS's onmouseover attribute. If these popups are allowed to perform network activity in a different Tor state than they were loaded in, they can easily correlate Tor and Non-Tor activity and reveal a user's IP address. I understand that Torbutton is useful for protecting privacy in multiple ways. But I would like to address this specific issue if I may. Let us imagine that a user surfs the net using Tor (and Polipo or Privoxy). He has JavaScript installed and uses it for all sites. He finishes his activities and then closes his browser. He then wipes the following files and directories (I am using Ubuntu as my example): /.mozilla/firefox/nameofuser/cookies.sqlite /.mozilla/firefox/nameofuser/downloads.sqlite /.mozilla/firefox/nameofuser/cookies.sqlite-journal /.mozilla/firefox/nameofuser/places.sqlite /.mozilla/firefox/nameofuser/places.sqlite-journal /.mozilla/firefox/nameofuser/formhistory.sqlite /.mozilla/firefox/nameofuser/Cache/ Now I assume that these Javascript events and handlers and the CSS handlers were downloaded into the Cache from when the user was browsing using Tor. They would then be deleted as detailed above. Therefore, when the user loads up Firefox and turns off the Tor proxy settings, presumably the potential for JavaScript or CSS to connect Tor and non-Tor activity and get the users real (non-Tor) IP address is no longer a concern? Is this correct? Or am I missing something? Just to re-state: I am only looking at this one issue - I am well aware of how useful Tor button is in other areas! Thanks.
Re: Downloading attachments with Tor - is this secure?
Hi Scott, I am not using NoScript but I used it some time ago. The problem I had was that various websites did not work because it turned off JavaScript which seemed essential. At the moment I am using Polipo and Tor with JavaScript operational but Java, Flash, and QuickTime are all turned off in Firefox. Perhaps you could please tell me why exactly NoScript is superior to the methods I am using? Thanks Scott Bennett wrote: On Sat, 19 Jun 2010 09:15:15 -0400 Aplin, Justin M jmap...@ufl.edu wrote: Yes, if you use Torbutton, the attachment itself will be downloaded only via Tor. I believe this is the short answer to your question, though everything else Mike said is good to keep in mind as well, especially in situations where paranoia is appropriate. This is especially dangerous if you are using Yahoo Mail, because even if you trust the person who sent you the document, your attachment will be downloaded in plaintext (via http, not https). Watch out for this. Yahoo's *login* page for webmail and other services may be HTTPS, but this reverts to plain HTTP once you're actually viewing your mail and downloading attachments. A simple solution for secure webmail at the moment is using Gmail and the new Firefox addon HTTPS-Everywhere available from https://www.eff.org/https-everywhere . This addon is *NOT* magic, as it only works with the particular list of websites available on its option page, but making sure Google Services is checked in it's options will allow all Gmail connections (including downloading attachments) to happen over HTTPS. While HTTPS-Everywhere may be a nice programming exercise for its author(s), it appears wholly unnecessary for Firefox users because Firefox users should *ALREADY* be using NoScript, which allows one to accomplish the same thing, but also provides mountains of other protective measures. Don't be fooled into thinking that HTTPS-Everywhere can protect your anonymity or your privacy. If you and/or the OP continue to refuse to use NoScript, then sooner or later you and/or the OP will get burned and will thus be taught the hard way the lesson you should have understood by now. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading attachments with Tor - is this secure?
Hi, I think my question was so basic that I explained it badly. I had seen the page Justin suggested previously but it did not answer my simple question. Let me try again. When you are go into for example Yahoo webmail (without Tor) and download an attachment (say a Word document or a photo) then your browser asks you where on your hard drive you wish to save that attachment. Then do the same thing using Tor (and Polipo). I assume the attachment downloads from Yahoo Mail (or whatever) through the three Tor nodes before being unencrypted at the final node and then is downloaded to my computer. In other words: the attachment (or for that matter any file downloaded in the same way) is never downloaded outside the Tor system - that is directly from the website to me bypassing the Tor nodes? Basic I know! Thanks! Aplin, Justin M wrote: On 6/18/2010 3:06 AM, Matthew wrote: Apologies in advance for the basic-ness of this question. I cannot find the answer with Google or in the Tor documentation. I believe the answer you're looking for is #4 here: https://www.torproject.org/download.html.en#Warning In these cases, how is the file downloaded? Does the download happen through HTTP/S? If I am using Polipo and Tor then I assume the file is downloaded as HTTP/S and goes through the Tor nodes like any normal HTTP/S traffic. This depends on where you're downloading from. Tor encrypts everything between you, the clients in your circuit, and the exit node. However, when traffic enters or leaves the exit node, it is *exactly* as if the exit node were visiting that website for itself. So, if you are downloading over standard HTTP, *nothing between the website and the exit node will be encrypted*. This usually isn't a terrible problem with downloads that don't contain any personal information that leads back to you, as it would be extremely difficult to follow the encrypted data over several hops through the network. *However*, as the documentation says repeatedly, use HTTPS wherever possible, *especially* when communicating sensitive information that could lead back to you. This way, the traffic between the exit node and website is encrypted, and doubly so between you and the exit node. Much less will be gained by examining the traffic coming to/from the exit. Hope that answers your questions. (Side Note: the above does not pertain to .onion websites or other hidden services, which are contained completely within the network.) ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading attachments with Tor - is this secure?
Hi, I think my question was so basic that I explained it badly. I had seen the page Justin suggested previously but it did not answer my simple question. Let me try again. When you are go into for example Yahoo webmail (without Tor) and download an attachment (say a Word document or a photo) then your browser asks you where on your hard drive you wish to save that attachment. Then do the same thing using Tor (and Polipo). I assume the attachment downloads from Yahoo Mail (or whatever) through the three Tor nodes before being unencrypted at the final node and then is downloaded to my computer. In other words: the attachment (or for that matter any file downloaded in the same way) is never downloaded outside the Tor system - that is directly from the website to me bypassing the Tor nodes? Basic I know! Thanks! Aplin, Justin M wrote: On 6/18/2010 3:06 AM, Matthew wrote: Apologies in advance for the basic-ness of this question. I cannot find the answer with Google or in the Tor documentation. I believe the answer you're looking for is #4 here: https://www.torproject.org/download.html.en#Warning In these cases, how is the file downloaded? Does the download happen through HTTP/S? If I am using Polipo and Tor then I assume the file is downloaded as HTTP/S and goes through the Tor nodes like any normal HTTP/S traffic. This depends on where you're downloading from. Tor encrypts everything between you, the clients in your circuit, and the exit node. However, when traffic enters or leaves the exit node, it is *exactly* as if the exit node were visiting that website for itself. So, if you are downloading over standard HTTP, *nothing between the website and the exit node will be encrypted*. This usually isn't a terrible problem with downloads that don't contain any personal information that leads back to you, as it would be extremely difficult to follow the encrypted data over several hops through the network. *However*, as the documentation says repeatedly, use HTTPS wherever possible, *especially* when communicating sensitive information that could lead back to you. This way, the traffic between the exit node and website is encrypted, and doubly so between you and the exit node. Much less will be gained by examining the traffic coming to/from the exit. Hope that answers your questions. (Side Note: the above does not pertain to .onion websites or other hidden services, which are contained completely within the network.) ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
You could set StrictExitNodes 1 in your .torrc file with a series of exit servers that are based in countries where English is the first language (USA, Canada, UK, Ireland, Australia, etc). That way all results will be in English. emigrant wrote: when i give a keyword to search, in most cases, i get results in languages i cannot read. is there any way to keep it always to english? thank you very much. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Rogue exit nodes - checking?
This is especially dangerous if you are using Yahoo Mail, because evenif you trust the person who sent you the document, your attachment will be downloaded in plaintext (via http, not https). This means that the exit node you use can replace or alter your document to unmask you (or worse, exploit your document reader and run arbitrary code). I am curious to know if there is a way of identifying bad exit nodes? Do people who are more technical than me (not hard!) somehow search for exit nodes with interesting configurations? Or, unless you use StrictExitNodes and are confident of the honesty of the operator, are you simply hoping the exit node owner is benign? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Downloading attachments with Tor - is this secure?
Hello, Apologies in advance for the basic-ness of this question. I cannot find the answer with Google or in the Tor documentation. When you connect to a website using HTTP or HTTP/S and you want to download a file (like a .doc or .exe) then Firefox asks you where on the hard drive the file should be saved, you decide the location, and the file downloads. In these cases, how is the file downloaded? Does the download happen through HTTP/S? If I am using Polipo and Tor then I assume the file is downloaded as HTTP/S and goes through the Tor nodes like any normal HTTP/S traffic. In other words, can someone confirm that each attachment is not downloaded in a way that is outside the Tor nodes? Thanks! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
I'm not sure whether either of these bugs are fixed at present (ugh). So I'd recommend sticking with yes (or true, I guess it's called now). If yes is the same as true then this is a setting the Polipo manual strongly advises against. Finally, if dnsUseGethostbyname is true, Polipo never tries to speak DNS itself and uses the system resolver straight away (this is not recommended). - Given those, and since polipo shouldn't be doing any dns resolves anyway when it's using a socks5 proxy, I figured I'd go for the choice that exposed less surface area. My fundamental question is this: If the config file says yes to dnsUseGethostbyname then Tor does the DNS resolution. If however the config file says something else e.g. reluctantly (The manual says if it is reluctantly (the default), Polipo tries to speak DNS and falls back to the system resolver if a name server could not be contacted.) then does Polipo do its own DNS resolution and then pass this on to Tor therefore leaking? Or, are you saying, that since polipo shouldn't be doing any dns resolves anyway when it's using a socks5 proxy the value of dnsUseGethostbyname is not relevant when using Polipo with Tor since Tor will ALWAYS do DNS resolution because of socksParentProxy = localhost:9050 and socksProxyType = socks5. If yes then my first question is moot. This is what is confusing me the most - whether changing dnsUseGethostbyname means Polipo (not Tor) now does the DNS resolution. --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
and...@torproject.org wrote: In practice, with that config file, dns queries are passed to tor directly for resolution, not being done by polipo nor the actual system resolver. Thank you for the confirmation. If you change the options, you should see polipo query your local dns resolver either directly, or via gethostbyname. So, the option reluctantly for dnsUseGethostbyname would mean DNS requests are done by Tor and are only done by Polipo if Tor DNS fails or does it mean DNS requests are now done by Polipo usually and only done by the system resolver if Polipo DNS fails? The manual says for reluctantly - Polipo tries to speak DNS and falls back to the system resolver if a name server could not be contacted. I am unclear where it tries to speak DNS - would this be before Tor or would the DNS still get pushed through Tor even though the configuration file has been modified? I agree the config needs more clarity and to match an actual option as specified in the info page. I'll add it as a bug to research. I am still confused regarding what yes actually means - does it refer to the default which is reluctantly or does it mean nothing to Polipo and is just ignored? In which case why not just comment this option out? Thank you for your help! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Polipo and dnsUseGethostbyname - what is the best option and does it matter?
If you change the options, you should see polipo query your local dns resolver either directly, or via gethostbyname. But if you change it to false would that not be the safest option - from what I can gather in this situation Polipo would never do its own DNS. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Polipo and dnsUseGethostbyname - what is the best option and does it matter?
Hello, The standard Polipo configuration file for Ubuntu located at https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf should replace the configuration file one downloads when Polipo is installed according to http://www.torproject.org/docs/tor-doc-unix.html.en. The Polipo configuration from https://svn.torproject.org/svn/torbrowser/trunk/build-scripts/config/polipo.conf says: # Uncomment this to disable Polipo's DNS resolver and use the system's # default resolver instead. If you do that, Polipo will freeze during # every DNS query: dnsUseGethostbyname = yes However, section 3.9 of the Polipo manual says: Polipo usually tries to speak the DNS protocol itself rather than using the system re- solver5 . Its precise behaviour is controlled by the value of dnsUseGethostbyname. If dnsUseGethostbyname is false, Polipo never uses the system resolver. If it is reluctantly (the default), Polipo tries to speak DNS and falls back to the system resolver if a name server could not be contacted. If it is happily, Polipo tries to speak DNS, and falls back to the system resolver if the host couldn’t be found for any reason (this is not a good idea for shared proxies). Finally, if dnsUseGethostbyname is true, Polipo never tries to speak DNS itself and uses the system resolver straight away (this is not recommended). Three questions: First, since yes is not one of the four options listed in 3.9 what does this mean? I was using yes for many months without realizing it was not an option. How does Polipo use yes? Why is this in the config file? Second, surely the best option is false. That way even if there is a problem with Polipo's DNS it will not use the local DNS as listed in resolv.conf. Some people might say: put OpenDNS in resolv.conf. However, I am on an academic network which does not permit me to modify the DNS; changing resolv.conf means I have no connection. (I know about the dnsNameServer option but let's leave that for now). Third, I always use Polipo with Tor. Even if dnsUseGethostbyname is set to yes or any of the four valid options does this matter? Are DNS requests passed through Polipo to Tor and then Tor does its DNS resolution (after the final exit node if I understand correctly?) so this setting in the configuration file is not important? Or does Polipo do the DNS resolution before traffic is passed on to Tor in which case the configuration file is crucial? In other words, when is DNS resolved when using Tor and Polipo? Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor grassroots advocacy
I finally got my act together and put my Introduction to Tor presentation online. You can find it on my Google site here: http://sites.google.com/site/mateogoog/files Feel free to use the presentation in any way you see fit! -Matt
Time Warner to charge for bandwidth usage
This article also talks about ATT and Comcast's strategies to limit home bandwidth: http://www.businessweek.com/technology/content/mar2009/tc20090331_726397.htm Did I mention how much I absolutely LOVE Time Warner Cable?? -Matt
Tor grassroots advocacy
I gave a talk to a small group of people on Saturday at BarCampAustin: http://www.barcamp.org/BarCampAustin4 I have also given this talk in two of my graduate classes at St. Edward's University. These kinds of informal talks are a great way to educate others about Internet censorship, Internet monitoring, what Tor is, how to run a Tor server, etc. In each of my talks, the response has been positive. If nothing else, they now know that their Internet traffic IS being monitored and that they have a choice about whether or not to succumb to that monitoring. If anyone is interested, I will e-mail you a copy of my Introduction to Tor presentation. I may also create a Google presentation and share it with the world if there is enough interest... Has anyone else given these kinds of talks about Tor? Perhaps we could combine our Tor educational resources and put them on a website...? Thanks, Matt
Re: more on the Comcast 250 GB/mo. problem
Scott- Sorry to hear that you are also having problems with your ISP. I ended up dropping Time Warner and signing up for Earthlink - which actually uses the same TWC network. So now I am back on TWC and must watch my p's and q's or I will be kicked off. I even have the same TWC account number... And, according to the last TWC security official, I will be kicked off their network if I get another Tor related complaint. My solution was to get the cheapest Earthlink connection for my home use and to setup a VPS that is running a Tor exit node. I am using Linode's VPS services and have a Linode 540 account that gives me 300 GB per month of data transfer. So I can run a 50K/s Tor exit node without worrying about my home Internet being disconnected. Worst case scenario is that Linode tells me to stop running Tor and I do...and then look for a more friendly VPS company to do all of my future business with. But I have had no complaints for the past couple months. Incidentally, Time Warner Cable's security department made it very clear that they did not want to have me as a customer. I explained to them that I paid extra for increased bandwidth which I intended to use. The security representative said that I was not a business customer (i.e. paying 2-3 times as much for the same connection) and thus they would not tolerate any more complaints. He did not mention any complaints about bandwidth... But it is clear that Time Warner Cable does not care about you as a customer unless you are a business customer. Only then will they give you a chance to explain why you have received unjustified and unproven complaints. /rant -Matt Scott Bennett wrote: Last week I found a voice mail message from a phone number I didn't recognize, who claimed to be from the Comcast Security Assurance Division, demanding that I call them at yet another number I didn't recognize. I called the normal number to reach Comcast, explained what had happened, and gave that person the phone numbers. I was told then that those did not appear to be Comcast phone numbers and that they had never heard of such a department or division in Comcast. I asked whether I should report the incident to the police. They said that would be a good idea, so I did report it to the local police, stating that I suspected a possible phone scam aimed at identity theft. The next day (Fri.) I received another call, which I answered before noticing that the number was the one that had called a day earlier. The caller made the same claim as the day before, to which I replied that I didn't believe them, that I had already reported their number to both Comcast and the local police department. I then ended the call and called Comcast again to let them know what was going on. That conversation lasted quite a while, during which time my call got transferred to their tech. support area. The lady in tech. support did some investigation and found that the phone numbers in question were, in fact, Comcast numbers and that the Security Assurance Division was legitimate after all. She had never heard of them before, but connected me into a conference call with someone at the number I had been told to call. The upshot was that I was being contacted because their system claimed that in February my setup had transmitted and/or received more than 250 GB, an arbitrary limit that exceeding a second time would get my connection shut off for a minimum of 12 months. They claimed that my combined transmissions and receptions had totaled between 661 GB and 662 GB for February, a number I still do not accept. Further, Comcast sales staff and tech. support staff were unaware of any such limit, much less of specifically 250 GB. That means that when I was signed up last August for a reception rate limit of 6 Mb/s (~600 KB/s) and a transmission rate limit of 768 Kb/s (~76 KB/s), they didn't inform me that actual usage of those rates would use up a fixed, 250 GB, monthly allotment of data in less than 4.5 days. A month or a bit more ago, Comcast finished upgrading its infrastructure and cable system software, which led to their increasing the data rates, so that my connection can now run at 12 Mb/s (~1.2 MB/s) for reception and 1 Mb/s (~100 KB/s) for transmission. If used at capacity, these rates can exhaust the monthly data ration in a little over 2 days and 6 hours. I believe this constitutes deceptive marketing and possibly even fraud under U.S. law. At present I don't have an alternate ISP on tap to replace Comcast, but I am looking. Meanwhile I asked how much of the current month's allotment had already been used (according to their very questionable system) and was told that they were unable to tell me that. They said that they deal only with exception notices issued when someone exceeds 250 GB transferred in a billing month. They suggested taking the 662 GB figure, dividing that by 28 days for February,
Re: Time Warner bad / VPS recommendations
I agree that starting a business may be problematic but I am not sure this would be true for a non-profit in the US. Does anyone know if US non-profits are required to log connection information? I help several businesses (including a large company) and non-profits maintain their websites, networks, etc. and am not aware of any requirement to log this kind of information. Thanks, Matt Sebastian Lechte wrote: Hi everyone, Please do not give money to node operators. This will complicate matters and bring in the wrong people. I support sharing costs for a node in a small group of people, but don't make it a way to receive money from anyone - there will be people who abuse it. It might also have legal implications. Receiving money for a service might render it a 'business', to which other rules (like keeping logfiles of forwarded connections or something) might apply that will bring in yet other bad things. Sebastian
Re: Time Warner bad / VPS recommendations
I take issue with the premise that the only course of action that ISPs have is to disconnect customers that generate these complaints. I know that some ISPs simply pass on the complaints to their customers with the expectation that the customer fix the problem. It seems to me that this is all the ISP is required to do (see the EFF DMCA response letter for details). tor-opera...@sky-haven.net wrote: Right. In terms of cost, I'm also considering the cost of our general counsel fending off irritating cease-and-desist crap from various rightsholders. And the cost of having a support staffer be forced to investigate a server because of a complaint from a third party. In principle {RI,MP,whatever}AA complaints are handled the same as Dos/DDoS/spam/UCE reports: we get too many implicating the same customer and the customer gets booted.
Re: Time Warner bad / VPS recommendations
I agree that it may be a risk for one organization to own a large number of Tor nodes. But if that organization is a non-profit and run by some of the Tor users, developers, and operators on this list, that should reduce the risk that the organization will willingly compromise its Tor network. Also, you could setup an independent auditing system in which Tor experts could examine the Tor boxes or VPSs to be sure that they are not compromised. It is all about transparency! Peter Lombardo wrote: It's a risk regarding a large number of nodes being run by a single entity. The upside to such a business model though would be if they donated a percentage of profits to the Tor foundation. If they get pummeled by CD letters and eventually shut down, at least TOR can keep the money for future development. If I can make a disclaimer, I'm working on such a service where one of the 'pay for' plans allow for a user to VPN into a TOR server configured to transparently route traffic over the TOR network. But we never use VPS's; only dedicated boxes rented from quasi-random ISPs. I've limited it to one TOR box per ISP so far. Peter
Re: Time Warner bad / VPS recommendations
Yup, I restricted my exit node policy in hopes that it would limit torrent traffic and it seemed to work. However, the last hacking complaint was the result of someone making excessive or inappropriate postings on a newsgroup or website. So while the torrent/DMCA complaints stopped, the hacking complaints continued. Thanks, Matt Scott Bennett wrote: On Tue, 3 Feb 2009 21:17:47 +0100 Eugen Leitl eu...@leitl.org wrote: On Tue, Feb 03, 2009 at 07:44:18PM +0100, Thomas Hluchnik wrote: Zitat von Xinwen Fu xinwe...@gmail.com: The problem is: was the violation done through Tor? A bot may do the same thing. Time to scan your computer?:) Maybe you can run Tor as an entry or a middle node, not an exit node. Cheers, Xinwen Fu Yes, and one pertty nice day we have 1 middlemen and no exit node anymore. 1 middlemen with hidden services and no exits wouldn't be all that bad, actually. :-) Indeed, although there would undoubtedly still be the hundreds of thousands or millions of other services that would no longer be accessible via tor. I am also still pondering the implications/possibilities stemming from something I had never pieced together from the tor documentation until someone pointed it out on this list a while back: hidden services can be offered from client-only instances of tor; relay mode is not necessary to run a hidden service. However, back to the OP's problem...were potential exit policy changes suggested in the conversation(s) with Time-Warner? Others on this list have satisfied their ISPs by rejecting exits to the ports that were attacked, in some cases, rejecting those ports only for certain IP addresses. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Time Warner bad / VPS recommendations
Wow, that is a very cool idea. This could even be turned into a non-profit organization... We could take donations to support running Tor exit nodes which, in turn, supports everyone's ability to use the Internet without fear of censorship, harassment, and authoritarian (or up-and-coming authoritarian) governments. What do you all think? By the way, there was a Nova special last night on the NSA and their minority report like computer system in development: http://www.pbs.org/wgbh/nova/spyfactory/ Mitar wrote: Hi! On Tue, Feb 3, 2009 at 8:50 PM, slush sl...@slush.cz wrote: Yes, Im using linode.com, plan Linode 720. Tor runs without any problem (but my bandwidth is only about 150kB/s; there are another network services too). Interesting. That is $40/month with 400 GB limit. I have a collocation for around 110 EUR per month for 100 Mbit/s best-effort with no limit on data transfer and yet without any problems with ISP (they said that it is not their issue what I am running on my server). So ... maybe ... there is an idea. I could offer to setup Tor nodes with this ISP with simple CPU/RAM/diskless/self updatable/no logs systems for 100 Mbit/s default policy exit nodes. If anybody would like to monthly contribute/donate money for collocation and this initial hardware. Or few people together. I just do not know what would ISP say if they would have multiple such nodes there. Maybe they would become less liberal. Mitar
Re: Time Warner bad / VPS recommendations
I sent TWC a modified version of the EFF DMCA response letter for the DMCA takedown notices. I even personally replied to one of the DMCAs from an agent for Paramount. I was only able to personally reply to one of the complaints as TWC would not forward me any of the other notices. The technician from the abuse department said that because my account already had 5 complaints, he would disconnect me if I received another. He was very clear on that point. He understood that I was running Tor and that this traffic was coming from the Tor network. Again, there is nothing in the AUP or TOS that stated that I could not run a service like Tor. But it does state that violating intellectual property rights and hacking are not allowed. As I explained previously, 3 of the notices were DMCA notices (copyright violations) and 2 were hacking complaints. This tech and TWC believe that the user of their service is responsible for any of these violations. Thus, it seems that they may try to disconnect my service based upon these 5 complaints. Again, I would rather setup Tor on a VPS if anyone has a recommendation for a company and hosting plan! Thanks, Matt Scott Bennett wrote: On Mon, 02 Feb 2009 20:42:01 -0600 Matthew McCabe mate...@mrmccabe.com wrote: So Time Warner Cable finally gave me an ultimatum that either I stop running Tor or they will shut off my service. This was after 3 DMCA and 2 general abuse/hacking complaints. Note that Time Warner does not say anything about proxy servers in their AUP. They were just tired of getting these complaints on my account. Also, ATT was not able to setup DSL service at my location...so I have decided to kill my Tor exit node. Really? When you sent Time-Warner a letter based upon http://www.torproject.org/eff/tor-dmca-response.html.en what was their response? Did you counter with a politely stated promise to file a formal letter of complaint with the FCC against Time-Warner if they disconnect you without justification under your contract with them or under their AUP? You could point out in such a complaint that you had abided by the contract and the AUP and had no recourse to another service (assuming that no other service is indeed available). I would really like to continue running a Tor exit node. I have looked Are you giving up too soon? at a couple virtual hosting companies such as vpslink and slicehost. Some of their cheaper plans seem like they would be sufficient for running a Tor exit node. Does anyone run Tor on a VPS? If so, which company and plan do you use? Have you gotten any flack for running a Tor exit node? Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Need help with MPAA threats
Thank you for all of your suggestions regarding exit policies and contacting the EFF. I am a member and will be beating down Kurt Opsahl's door if the MPAA decides to pursue this any further. So just to clarify, it is possible to transfer bit torrent file content over Tor, right? And the only way to reduce or eliminate this traffic is by using a white-list exit policy? Roger, can you confirm this? Thanks, Matt
Need help with MPAA threats
Hello- Time Warner shut off my connection again last night due to a complaint from the MPAA. They claim that I downloaded 2 movies and 1 TV show. This traffic, in fact, must have come through my Tor exit node. I explained to the customer service agent that I am running a Tor exit node and that the traffic must have come through the Tor network. He said that because this is the 3rd complaint, the MPAA may take me to court and sue me for $100,000 per violation. He also claimed that others in similar situations have lost in court...whatever that means. Here is where I need your help. First, is there a good way to filter out torrents in my exit policy? Second, have any exit node operators in the US had similar complaints from the MPAA? If so, how did you handle the complaints? Lastly, has anyone in the US gone to court as a result of using Tor? If so, do you have a reference for a good lawyer? At this point, I want to continue running a Tor exit node but also want to investigate my legal options if the MPAA takes me to court. Thank you for your help! -Matt
Abuse complaint
Hey- Last night, Time Warner Cable temporarily disabled my account due to an alleged attack coming from my IP address and targeting a server in Europe (Denmark I believe). Below is the e-mail I sent them to respond to the complaint. Does anyone have any suggestions on how to respond to these complaints? Is IP filtering the best (or only) option for addressing TWC's issues? Thanks for your help, Matt Dear Time Warner Cable, Last night I was notified that my cable modem Internet service had been temporarily disabled due to an abuse complaint. I called and left a message on your abuse telephone number last night and received a call today from one of your representatives. She explained that an attack on a server in Europe had been launched from my IP address. I explained to your representative that I am running a Tor relay node which someone may have used to launch an attack. Here is a description of what Tor is (from torproject.org): Tor is network software that helps users to enhance their privacy, security, and safety online. It does not host or make available any content. Rather, it is part of a network of nodes on the Internet that simply pass packets among themselves before sending them to their destinations, just as any Internet host does. The difference is that Tor tunnels the connections such that no hop can learn both the source and destination of the packets, giving users protection from nefarious snooping on network traffic. Tor protects users against hazards such as harassment, spam, and identity theft. In fact, initial development of Tor, including deployment of a public-use Tor network, was a project of the U.S. Naval Research Laboratory, with funding from ONR and DARPA. (For more on Tor, see https://www.torproject.org/.) To be clear, this attack was not launched from any computer that I own and instead may have come from the inappropriate use of the Tor network. I explained to your representative that if she would forward me the abuse complaint, I would configure Tor so that this server would not be accessible from my Tor relay. Specifically, I will deny access to the server that was attacked from my Tor relay using IP address filtering. Thus, I need the IP address of the server in question before I will be able to setup this policy. If you receive any new abuse complaints for my account, please e-mail or call me before disabling my Internet connection. If you give me specific information about the abuse complaint, I will do my best to immediately address the issue. Here is my contact information: [removed] Thank you, Matthew McCabe
Re: Tor operator raided in Finland
I have no knowledge of the fact, but is there not some provision in the laws of any countries with these crypto laws to deal with the, I forgot defense. Because I can see every single person being asked for their passphrase to use this defense. Hell, I know I would... --- Matthew - Original Message - From: F. Fox [EMAIL PROTECTED] To: or-talk@freehaven.net Sent: Monday, January 28, 2008 6:42 PM Subject: Re: Tor operator raided in Finland -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] wrote: (snip) If someone would ask me for a password, i would spam, tell wrong passwords, to waste his time, which could be used to ask others for passwords ;-) (snip) If the authorities tried to get encryption passphrases out of me - and I didn't want them to have them - I would go for the I forgot alternative. They are pretty huge, after all. I just don't trust the state of the law, as for trying to group not divulging passphrases with the 5th Amendment and similar laws. There's a good chance, IMO, it'll end up being put with the 4th and not the 5th, unfortunately. My passphrasses are humongous, so it's quite plausible that they could be forgotten. It's happened before... - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54iCOj8TXmm2ggwAQi2Iw/+LfTccCAbJhyqSgQZa1Ea9UGkFkzuxJK/ h6kvYzSrPGww0UKQi2l+g6XHsQTqqG5jrz3NcwYDWCj9unsVLrPDmWXBYey5USjC c7/BDLFrO3+J0DU4BSZyWCQVdYvYez5Z9VfRsHvG+bj4w8kmkSww2o+4Ol1lnup3 P7Ab47ybdHmb7bLF6u8KcdvxHXSaXPS/MKjJSsJCf0WdF/c1gwweUgU6R9+NnsgH gmRDfFFLEwCADDSOjuOrIBfLX/HteVft9C+EdPPBa7QvoOAZxf+iIIIZTzwVjrhc R6Tbwj0vdrDgpTbDqea6qcq77C/wuzEMZgfN1geI7QzbcMJK1ey7S/HgQb8ZunYe ekjTu5E146KfF8tWxTXp3StBjH3ic3j7gg8nLI9PIq+1GFWyDKAPafnB3GZ33Qca LU/ZD/J4Eziyx8T4Lv9TVZ5+QCoqNSj4518oEOFAxwumamWyHTn9bqa6Sxb8CACL AwTy51EFWdy0BpTBMQ5apt4iFm+DJIvbZ2qYR2lwiNg5xJJAdCCk0RmQDzXAgTA2 mNMODavHOX9nya0jaRHitA3hkauISNa+oKBqY3sjCHXt36I3yuatxlSOQ37s2Ox0 moMU/gEftYdYOx6PV5rHfwdwVGFpRj6glBNEkcHkTru7GxHjaCyVB+OpQ1ausv3P xZA4qCkZiwQ= =ikEI -END PGP SIGNATURE- --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 080127-1, 27/01/2008 Tested on: 28/01/2008 19:10:11 avast! - copyright (c) 1988-2008 ALWIL Software. http://www.avast.com
Re: 20090101 (log data)
(Disclaimer: I'm not doing it, nor will I ever do it, so raiding my place is completely pointless; and once you've ruined my life sufficiently, you and yours will pay dearly, and in person). Not think you're being a tad melodramatic there? --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 07-1, 11/11/2007 Tested on: 12/11/2007 08:28:55 avast! - copyright (c) 1988-2007 ALWIL Software. http://www.avast.com