Re: Cookie Mismatch when using Gmail.
On Wed, Jan 5, 2011 at 7:24 AM, Matthew pump...@cotse.net wrote: Hello, Here is what happens: I login to Gmail as normal. I go to Settings / Accounts and Import / Change Account Settings - Google Account Settings. When I click on that link the URL changes to https://www.google.com/accounts/CookieMismatch and the screen shows. We've detected a problem with your cookie settings. Enable cookies Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructionshttp://www.google.com/support/websearch/bin/answer.py?answer=35851hl=en. Clear cache and cookies If you have cookies enabled but are still having trouble, clear your browser's cache and cookieshttp://www.google.com/support/accounts/bin/answer.py?hl=enanswer=32050. Adjust your privacy settings If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add *www.google.com* to your list of allowed sites. Learn morehttp://www.google.com/support/accounts/bin/answer.py?hl=enanswer=39612 I get this message wheneve i login to google. After the message appears, i just manually type in gmail.com and then most of the time it logs in. When all else fails, i manually delete all google cookies, and then it works fine.
Re: Tor and google groups
Yes, but I have a nice collection of SIM cards from various countries... Every time I travel (twice a month at least) I bring back some SIM cards for this kind of work... Maybe you should start up a gmail activation service! Or at least for us here in the group!
Re: Tor and google groups
On 05/01/11 09:04, M wrote: Yes, but I have a nice collection of SIM cards from various countries... Every time I travel (twice a month at least) I bring back some SIM cards for this kind of work... I am under the impression that in most countries you have to show ID which is copied to obtain a SIM? This was my experience in Spain for example. Maybe you should start up a gmail activation service! Or at least for us here in the group!
Re: Cookie Mismatch when using Gmail.
More information appended at the end. I login to Gmail as normal. I go to Settings / Accounts and Import / Change Account Settings - Google Account Settings. When I click on that link the URL changes to https://www.google.com/accounts/CookieMismatch and the screen shows. We've detected a problem with your cookie settings. Enable cookies Make sure your cookies are enabled. To enable cookies, follow these browser-specific instructions http://www.google.com/support/websearch/bin/answer.py?answer=35851hl=en. Clear cache and cookies If you have cookies enabled but are still having trouble, clear your browser's cache and cookies http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=32050. Adjust your privacy settings If clearing your cache and cookies doesn't resolve the problem, try adjusting your browser's privacy settings. If your settings are on high, manually add *www.google.com http://www.google.com* to your list of allowed sites. Learn more http://www.google.com/support/accounts/bin/answer.py?hl=enanswer=39612 To add some more information: Vidalia + NoScript does not present any cookie issues. I can access Account Settings. The problem is when TorButton is used. I then used TorButton's preferences to remove all the protections by unticking as much as possible (effectively making TorButton worthless). I still get the same error! I rebooted and cleaned the cache and cookies and still I cannot access the Account Settings aspect of Gmail. It is as if TorButton per se is the issue irrespective of any security settings it uses. In my Firefox cookie section I have cookies for mail.google.com that read: GX, GXSP, gmailchat, TZ, GMAIL_AT, and S. Yet Gmail still claims that cookies are not installed. I did an about:cache and then searched for torbutton. There were about 100 entries which include: extensions.torbutton.regen_google_cookies;false extensions.torbutton.reset_google_cookies;false extensions.torbutton.xfer_google_cookies;true I did change regen_google cookies to true but this did not change anything. Perhaps one needs to change certain entries in about:config to affect TorButton's interactions with Gmail? Any ideas from TorButton developers? Thanks.
Re: Tor in German media (27c3)
On Tue, Jan 04, 2011 at 05:55:09PM +0100, Moritz Bartl wrote: Most people run as many exit nodes as they want without even having a lawyer in the first place. It is not an illegal service at all. For the future, it might be a good idea to form a lose network of lawyers/funds that openly promise legal help to ANY Tor node operator. In Germany, both Chaos Computer Club and German Privacy Foundation promise to fight for the right of Tor node operators in case something big hits them. In the US, EFF made a similar promise. That is good to know. Unfortunately, finding an exit-sympathetic hoster will be more of a problem. Hetzner e.g. seems to tolerate middlemen but not exits, as they're abuse-driven. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor in German media (27c3)
Eugen Leitl wrote: On Tue, Jan 04, 2011 at 05:55:09PM +0100, Moritz Bartl wrote: Most people run as many exit nodes as they want without even having a lawyer in the first place. It is not an illegal service at all. For the future, it might be a good idea to form a lose network of lawyers/funds that openly promise legal help to ANY Tor node operator. In Germany, both Chaos Computer Club and German Privacy Foundation promise to fight for the right of Tor node operators in case something big hits them. In the US, EFF made a similar promise. That is good to know. Unfortunately, finding an exit-sympathetic hoster will be more of a problem. Hetzner e.g. seems to tolerate middlemen but not exits, as they're abuse-driven. I operate 2 nodes of the Tor both in Germany. Fistly, I set up one of them, the OrionTorNode as an exit, but I had some problems with my vds provider and turn it in the middlemen regim. After that I rented a new vds from a vds provider listing in the Tor blog as frendly to the Tor and set up on it an exit node OrionTorNode1 that works fine to that days. My provider received an abuse in late of December concerning using my tor-exit for torrenting but after I informed them that I reconfigured my /etc/tor/torrc they was fully satisfied and did not requre me stop my exit-node such their colleaques - staff of the vds provider of my first node. But it will be very good to set up an exit node without any restrictions of exit policy. If anyone could recommend me an offshore vds provider which is rigid to any abuses and which prices are not very expensive I would be thankful. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
M wrote: Yes, but I have a nice collection of SIM cards from various countries... Every time I travel (twice a month at least) I bring back some SIM cards for this kind of work... Maybe you should start up a gmail activation service! Or at least for us here in the group! It will be fine :) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
I am under the impression that in most countries you have to show ID which is copied to obtain a SIM? This was my experience in Spain for example. Yes in Western Europe it is so. But there are many countries were SIM cards are just sold in the streets without any requirements. Former USSR, many countries in Asia, some in Africa, etc. Maybe you should start up a gmail activation service! Or at least for us here in the group! I do it already for some friends but the point is that with the phone number I would be able to enter the account and change the password, read emails etc. Not that good for privacy, people who do not know me should not accept :) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
forc...@safe-mail.net wrote: I am under the impression that in most countries you have to show ID which is copied to obtain a SIM? This was my experience in Spain for example. Yes in Western Europe it is so. But there are many countries were SIM cards are just sold in the streets without any requirements. Former USSR, many countries in Asia, some in Africa, etc. Is it very difficult to buy a SIM without showing ID in the USA or countries of Western Europe? Sorry for such off topic but it is very interesting to know are there any countries in Western Europe or states of the USA when it is possible to buy a SIM without showing your ID with accordance to local law? Maybe you should start up a gmail activation service! Or at least for us here in the group! I do it already for some friends but the point is that with the phone number I would be able to enter the account and change the password, read emails etc. Not that good for privacy, people who do not know me should not accept :) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ You can do it on a paying basis not only as an enthusiast which assists for all paranoids in the World :) And it will be a good idea, if I am not wrong, to do it not at your home but only at public places - restaraunts, cafes, bars and etc. for an Adversary cannot reseach where are you live and who you are. And if you have many such clients it seems your anonymity will be high. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
On Wed, 05 Jan 2011 19:18:09 + Orionjur Tor-admin tor-ad...@orionjurinform.com wrote: Is it very difficult to buy a SIM without showing ID in the USA or countries of Western Europe? Sorry for such off topic but it is very interesting to know are there any countries in Western Europe or states of the USA when it is possible to buy a SIM without showing your ID with accordance to local law? My $0.02 from buying SIM cards all over the world, I show them my CostCo Club photo id. In Hong Kong they wrote down my first/last name as cost co. No one has photocopied the ID yet. Many shops ask for it and then do nothing with it. As explained to me in Belgium, the law says they have to see an ID, not record, write down, and register the sim in your name. Maybe I just found a cool shop by accident. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
On 05/01/11 19:25, Andrew Lewman wrote: On Wed, 05 Jan 2011 19:18:09 + Orionjur Tor-admintor-ad...@orionjurinform.com wrote: Is it very difficult to buy a SIM without showing ID in the USA or countries of Western Europe? Sorry for such off topic but it is very interesting to know are there any countries in Western Europe or states of the USA when it is possible to buy a SIM without showing your ID with accordance to local law? My $0.02 from buying SIM cards all over the world, I show them my CostCo Club photo id. In Hong Kong they wrote down my first/last name as cost co. No one has photocopied the ID yet. Many shops ask for it and then do nothing with it. As explained to me in Belgium, the law says they have to see an ID, not record, write down, and register the sim in your name. Maybe I just found a cool shop by accident. Have you tried this in Spain? In Madrid the shop photocopied the back page of my passport. In London, by comparison, one can buy as many SIMs as one wants without ID from any number of corner shops. http://boingboing.net/2010/09/09/china-to-end-anonymo.html - read the comments especially Anon at 6:59PM. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: System time in anonymity oriented LiveCDs
Hi, Jordi Espasa Clofent wrote (03 Jan 2011 16:48:10 GMT) : What about this http://www.eecis.udel.edu/~mills/ntp/html/autokey.html? After reading this page quite quickly, it seems to me this NTP autokey feature is a way to secure exchanges between a given NTP server you manage and some clients you provide SSL client certs with. Although this seems to be working for authenticating the NTP server, this also has the severe drawback (in the Live system context this discussion arises from) of: - forcing the Live system's authors, or someone else, to run a dedicated NTP server - allowing a local attacker (say, an ISP) to very easily fingerprint this Live system's users based on the fact they send NTP (+autokey) requests to this special NTP server. Am I mistaken? Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | If you must label the absolute, use it's proper name: Temporary. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
Hi, On 05.01.2011 20:18, Orionjur Tor-admin wrote: Is it very difficult to buy a SIM without showing ID in the USA or countries of Western Europe? Sorry for such off topic but it is very interesting to know are there any countries in Western Europe or states of the USA when it is possible to buy a SIM without showing your ID with accordance to local law? At least in Germany, you can buy SIMs not activated in a lot of shops without showing ID. It is an open secret that you can activate many of them using a(ny) correct address without further verification. Also off topic: For example, UKash vouchers are being sold across Europe and can be used to buy prepaid Mastercards online using a service called UKash Neo, using SMS as owner verification. I can confirm that the CCs work even with Paypal. In the US, a lot of shops sell prepaid CCs (gift cards). To use online, they also require some sort of address verification, which is probably hard to do in a country where there is no ID or residency register. -- Moritz Bartl http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: System time in anonymity oriented LiveCDs
Hi, thomas.hluch...@netcologne.de wrote (03 Jan 2011 16:56:19 GMT) : Without understanding details of the tor design, did you mention that tor knows the real time? So why dont you let tor set the right time. This is exactly what Liberte Linux does, and what we (T(A)ILS developers) are considering to do. We are asking here about possible security / anonymity issues that could be caused by doing this: Tor indeed distributes an approximation of the current time to the Tor users, but this is rather a side effect than an advertised feature, and this is thus probably not meant to be relied on. That's why we are asking the Tor designers / experts / developers if it sounds reasonable to rely on this distributed time to set the system clock within bounds that will allow the Tor client (Tor proxy, in Tor design's words) to work. Bye, -- intrigeri intrig...@boum.org | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc | The impossible just takes a bit longer. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
Hi, Am 05.01.2011 20:37, schrieb Matthew: Have you tried this in Spain? In Madrid the shop photocopied the back page of my passport. Germany introduced an electronic ID recently. In the revised laws they made clear that leaving the ID as deposit, or having it photocopied, is illegal. The new ID carries a personal identifier printed on it that should only be known to the bearer. [Source: http://www.heise.de/newsticker/meldung/Deine-wichtigste-Karte-Vom-Umgang-mit-dem-neuen-Personalausweis-1133588.html ] -- Moritz Bartl http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
I am under the impression that in most countries you have to show ID which is copied to obtain a SIM? This was my experience in Spain for example. In France, anyone can buy a phone with a SIM card usable immediately, in any tobacco shop, without the need to show an ID. javascript:void(0); *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
G-Lo ☠ wrote: I am under the impression that in most countries you have to show ID which is copied to obtain a SIM? This was my experience in Spain for example. In France, anyone can buy a phone with a SIM card usable immediately, in any tobacco shop, without the need to show an ID. javascript:void(0); *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ It seems as very good and democratic laws and practice. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
Moritz Bartl wrote: Hi, Am 05.01.2011 20:37, schrieb Matthew: Have you tried this in Spain? In Madrid the shop photocopied the back page of my passport. Germany introduced an electronic ID recently. In the revised laws they made clear that leaving the ID as deposit, or having it photocopied, is illegal. The new ID carries a personal identifier printed on it that should only be known to the bearer. [Source: http://www.heise.de/newsticker/meldung/Deine-wichtigste-Karte-Vom-Umgang-mit-dem-neuen-Personalausweis-1133588.html ] That is a very bad practice breaking anonymity and human rights. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor uses swap?
Thus spake andr...@fastmail.fm (andr...@fastmail.fm): I'm running Ubuntu 10.04 and Tor browser bundle with scripts forbidden. Does any of my web search results or web pages (or anything else during the web session) I look at get sent to or put on the SWAP partition of my machine? This is a good question. Tor has a torrc option that is off by default to disable all swap activity *by the tor process itself*: 'DisableAllSwap 1'. However, this is not all you need. Your web browser can still be swapped arbitrarily to disk. Unfortunately, this is difficult for us to control for two reasons: 1. It is not possible to access the system calls relevant to this from Torbutton until Firefox 4 (which provides JS-Ctypes to addon developers) is in common use. 2. Even if we do this with a custom TBB build, most operating systems require root/administrator priviledges to disable swap activity. The other alternative is to set up encrypted swap. The Ubuntu documentation on encryption is pretty sad and disorganized: https://help.ubuntu.com/community/EncryptedFilesystems https://help.ubuntu.com/community/EncryptedFilesystemHowto But I think there should be an option to set up encrypted swap during the installation process. There certainly is on other modern distros like Fedora and even CentOS. That is to say- is there any data on my computer I should shred after a Tor session? (yes, I understand other than what I knowingly download like a PDF or music) Other than swap, Torbutton should be blocking all history writes by Firefox in Tor mode by default. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpazZ4VMGVmt.pgp Description: PGP signature
Re: Tor uses swap?
Praedor Atrebates wrote: I just encrypted my swap (after reading through this thread) and it was fairly easy (we'll see if all is well on next bootup). I followed these simple instructions: http://linux.ioerror.us/2006/09/encrypting-your-swap-partition-on-fedora-core/ I use Mandriva which is a Redhat/Fedora-related distro. I just reactivated my newly-encrypted swap and continued without interruption to my system. On Tuesday, January 04, 2011 08:53:31 am you wrote: On Tue, Jan 4, 2011 at 3:25 PM, andr...@fastmail.fm wrote: I sure would LOVE to know an easy way to encrypt my swap. My plan had been to do a fresh reinstallation of Ubuntu 10.04 on my dual-boot machine but I got to the encrypt the disk portion of the installation using Alternate CD and quit. There were too many questions or settings that I had no idea what to enter. Try ubuntu server cd. since 4GB or 8GB of ram are pretty much the standard these days you could use a ramdisk for swap... ;D *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor in German media (27c3)
Moritz Bartl wrote: Hi, On 04.01.2011 18:09, Dirk wrote: I wouldn't be interested into starting exit nodes and then give in as soon as there is pressure.. I understand that, but on the other hand: Why not? All users benefit from nodes, even if only temporary. You (and other readers) are of course always invited to join our efforts at torservers. And we have a lawyer. yes... but that's not reassuring enough.. i'll still rather visit a lawyer myself first... the problem for the most people, who would like to run exit nodes, is their fear because they don't know if they would receive the german counterpart of just a CD letter... or if they will get their homes raided and basically get their lifes ruined forever with the legal fee's alone... *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor uses swap?
On Wed, Jan 05, 2011 at 11:27:59PM +0100, noi...@gmx.net wrote 1.2K bytes in 29 lines about: : since 4GB or 8GB of ram are pretty much the standard these days you could use a ramdisk for swap... ;D Towards this end, my travel laptop running pcbsd has no swap configured. I haven't run into any issues with this configuration yet. I realize the risks of some program going haywire and consuming all ram, but in the past month of doing this, it hasn't materialized. -- Andrew pgp key: 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor uses swap?
-- andr...@fastmail.fm On Wed, 05 Jan 2011 20:36 -0500, and...@torproject.org wrote: On Wed, Jan 05, 2011 at 11:27:59PM +0100, noi...@gmx.net wrote 1.2K bytes in 29 lines about: : since 4GB or 8GB of ram are pretty much the standard these days you could use a ramdisk for swap... ;D Towards this end, my travel laptop running pcbsd has no swap configured. I haven't run into any issues with this configuration yet. I realize the risks of some program going haywire and consuming all ram, but in the past month of doing this, it hasn't materialized. -- Andrew pgp key: 0x74ED336B *** Please let me know what you think...does this look correct? I just encrypted my swap using the following command; sudo ecryptfs-setup-swap Here's what's in my crypttab- # target name source device key file options cryptswap1 /dev/sda6 /dev/urandom swap,cipher=aes-cbc-essiv:sha256 Here's what's in my Fstab; (I deleted a lot of the UUID numbers and letters) # /etc/fstab: static file system information. # # Use 'blkid -o value -s UUID' to print the universally unique identifier # for a device; this may be used with UUID= as a more robust way to name # devices that works even if disks are added and removed. See fstab(5). # # file system mount point type options dump pass proc/proc procdefaults0 0 # / was on /dev/sdb5 during installation UUID=-c2ea-4b91-b764-adb / ext4 errors=remount-ro 0 1 # swap was on /dev/sdb6 during installation #UUID=xxce38cd7 noneswapsw 0 0 /dev/scd0 /media/cdrom0 udf,iso9660 user,noauto,exec,utf8 0 0 /dev/mapper/cryptswap1 none swap sw 0 0 How does it look to you? -- http://www.fastmail.fm - Email service worth paying for. Try it for free *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Double log entries?
Hi All, Happy New Year. I have double entries, including the timestamp, in my Notice-level Tor logs. I think it started when I sent a SIGHUP. lsof shows two Write file descriptors fwiw. This is Tor 0.2.2.15-alpha OSX PPC, Vidalia is not running. Any ideas? TIA GD -- http://www.fastmail.fm - The way an email service should be *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
