|
Home > Archive > Anonymous Servers > July 2005 > How Good is Tor?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
| Italy Anonymous Remailer 2005-06-06, 5:47 pm |
| When I send a message through a chain of remailers, I have an idea
of what is happening with the multiple encryption and every
remailer only knows the previous remailer and the next remailer. So
if I use 6 or 7 remailers I feel pretty sure that the messages is
anonymous.
When I use Tor to connect to a website, along with using Privoxy,
and the 'socks' that my browser uses, I do not feel so confident,
because I don't have a clear idea of what is happening.
I hope the experts here will not mind some ignorant questions about
this wonderful technology.
Is it the same with the Tor servers as it is with remailers, that
each server sees only the previous one and the next one? So if I
connect through Tor and socks, but do not use privoxy, then if I
type in a web page address, can my isp see what address I typed in?
Can the first Tor router?
And when a Tor router returns the page to me, who can see the page
besides me? Who can see the address of the page besides me?
When I add in privoxy, what has changed in the way my request for a
web page is handled?
If I am using Tor, privoxy and socks does anybody have a log of my
ip and the page that I visited?
If nobody has one, does that mean that the main thing to worry
about is somebody comparing the time that I used the system to
connect somewhere and the time that a particular web page was
accessed?
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 6 Jun 2005 16:19:31 -0000, Italy Anonymous Remailer wrote in
Message-Id: <8S0L2CML38509.7635532407@anonymous.poster>:
> I hope the experts here will not mind some ignorant questions about
> this wonderful technology.
I don't think your questions are ignorant in the least. Then again, I'm
not an expert either. 
> Is it the same with the Tor servers as it is with remailers, that
> each server sees only the previous one and the next one? So if I
> connect through Tor and socks, but do not use privoxy, then if I
> type in a web page address, can my isp see what address I typed in?
> Can the first Tor router?
Tor works in the same way as Mixmaster in that packets are wrapped in
multiple layers of encryption, with each Tor router having the
capability to strip a single layer. The internals are quite different
as Tor is a low-latency system, whilst Mixmaster is not, but the concept
is the same.
If you don't use privoxy, your local PC will leak information about what
webpages (and services), you are using. This happens because people
tend to use domain names for convenience rather than IP addresses. Your
PC queries DNS servers to find out the IP address of the
service/webserver you are trying to connect with. Privoxy reroutes
these DNS queries to Tor which anonymises them.
> And when a Tor router returns the page to me, who can see the page
> besides me? Who can see the address of the page besides me?
Nobody. Traffic between you and the Tor servers is encrypted.
> When I add in privoxy, what has changed in the way my request for a
> web page is handled?
DNS queries are not leaked to your configured DNS servers. They are
rerouted through Tor.
> If I am using Tor, privoxy and socks does anybody have a log of my
> ip and the page that I visited?
For simple html pages, there is no log of your visit. The logs will
contain the address of the exiting Tor router. Some care needs to be
exercised though, as pages containing embedded Java can contain your IP
address. It's best to disable Java in your browser when using Tor.
Other services routed through Tor require similar care, some can expose
your ip address if you are running client-side code that transmits it in
a packets payload.
> If nobody has one, does that mean that the main thing to worry
> about is somebody comparing the time that I used the system to
> connect somewhere and the time that a particular web page was
> accessed?
Yes, because Tor is a low-latency system it is more vulnerable to
traffic analysis than systems like Mixmaster. Keep in mind though that
there is a huge volume of traffic passing through Tor all the time.
Trying to link you to the service you are using would be a formidable
task, even for a powerful adversary.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBQqSE6GoLu9HNUqmMAQoaSQf/QK1YjEWIYKu+laDoNtgiUf+BkT5j8IyT
hJxFgn9nujFFgEUqZNbrXjJMI/ARVmm0klQpKgnfxznYDILW+3hhmd3QrKr/4HNK
bq6wYvy6sheGJ6etK8XYcqNDOFJ1OMoLYlfeLHZO
d1mPTM54JJHmtv5I9BD/NGcV
wDzVO47GCYM8djuIMvcKbT1a0lu2eS/zzncRiCazalUJW8Vp0igJRnqiMtsfJgGI
m6VrxqNbwEbKHZeCVkVqxJN/ ef3Jp5SCDEvfuDJFfjJwqK66bLRPqzYggiKBCkop
q4xhjEtS9gzgpZMtH3W0XCzgo1ZKe7rbL0n95JTc
iquv3ytBcIcvUw==
=h4+r
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| chameleon 2005-06-07, 5:49 pm |
| One way an isp could snoop on you is to install a keylogger on
your machine. Also there are programs that admins use to capture
your screen content, but I am not certain this would work with
Tor.
Another problem I have seen with Tor is frequent disconnects,
requiring you to reconnect to TOR nodes. This could, I am
guessing, be used to analyze your traffic and triangulate your
requests to identify the source IP you are coming from, since you
would be connection to the same site after your connection is
interrupted. Sniffers could be used to determine your true IP this
way.
Also your final hop from TOR to wherever is unencrypted unless you
are using ssl, in which case ssl can be used against you to id
your browser under Privoxy. Any identifiable information in the
final hop would also be open to logging if it is not encrypted.
Finally most services other than surfing are not privatized by TOR
or privoxy in many cases. So if you are using a newserver and not
encrypting your messages, you are in the open. Ditto for chat.
on 06 Jun 2005, nobody@See.Comments.Header (Italy Anonymous
Remailer) wrote in news:8S0L2CML38509.7635532407@anonymous.poster:
> When I send a message through a chain of remailers, I have an
> idea of what is happening with the multiple encryption and every
> remailer only knows the previous remailer and the next remailer.
> So if I use 6 or 7 remailers I feel pretty sure that the
> messages is anonymous.
>
> When I use Tor to connect to a website, along with using
> Privoxy, and the 'socks' that my browser uses, I do not feel so
> confident, because I don't have a clear idea of what is
> happening.
>
> I hope the experts here will not mind some ignorant questions
> about this wonderful technology.
>
> Is it the same with the Tor servers as it is with remailers,
> that each server sees only the previous one and the next one? So
> if I connect through Tor and socks, but do not use privoxy, then
> if I type in a web page address, can my isp see what address I
> typed in? Can the first Tor router?
>
> And when a Tor router returns the page to me, who can see the
> page besides me? Who can see the address of the page besides me?
>
> When I add in privoxy, what has changed in the way my request
> for a web page is handled?
>
> If I am using Tor, privoxy and socks does anybody have a log of
> my ip and the page that I visited?
>
> If nobody has one, does that mean that the main thing to worry
> about is somebody comparing the time that I used the system to
> connect somewhere and the time that a particular web page was
> accessed?
>
>
>
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Tue, 7 Jun 2005 21:23:27 +0000 (UTC), chameleon wrote in
Message-Id: < 011966E9271A91FC01139128XLchameleon3@213
.155.197.138>:
> Finally most services other than surfing are not privatized by TOR
> or privoxy in many cases. So if you are using a newserver and not
> encrypting your messages, you are in the open. Ditto for chat.
Can you provide a basis for your above statement? I've done some fairly
extensive testing using Tor to access my own news service and I'm not
aware of any leakage of information. There's nothing in the NNTP
protocol that places user details in the message payload.
The same applies for irc chat, except that people can use ctcp queries
to see what flavour of irc client you are running. Unless you are
running something very unusual, this places you in a pretty large
partition.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBQqYSrWoLu9HNUqmMAQq5JQf/WRVjqlJVbNYt2gJfitu4FnpB35ZwDT6w
4WFYd6vUSw7B9y2NfzDN9+ZPevE40KLCeSDfBHJV
9xckolUOjlbyBbmx16ATFygs
Kx/ VDBJ8Ico+flg8pFONbdrJRpivpPrF+v09sEXCBW+
iLPdQd9hMEKay3gk3Tfuk
DaNLKGwcPsyCS3Qg+03B3bUXuqF6n8iyHbwrJg8O
5u3E6UoufgxZLKritcurYPn9
XG/ gP0apaczV91rYLcgvB4KFryxGvEqEbGtYLTyjMdk
4CLLhP/uR4KfzGvbPKFy/
V1+TSyKXH4FeAVsVdjGBYaab/+aEX8CRNIqERobhXEaJ4Kf+FSQTnw==
=fDTa
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Tom Giarmo 2005-06-08, 5:47 pm |
| On Tue, 7 Jun 2005 21:33:33 +0000 (UTC), Zax wrote:
> Can you provide a basis for your above statement? I've done some fairly
> extensive testing using Tor to access my own news service and I'm not
> aware of any leakage of information.
Bullshit, you got a fukken pool of piss right between your feet, you fukken
incontinent XXXXXXX.
| |
|
| On Wed, 8 Jun 2005 15:03:55 -0400, Tom Giarmo wrote in
Message-Id: <1jrx3ie29ziga$.1ug92sdml1w37$.dlg@40tude.net>:
> Bullshit, you got a fukken pool of piss right between your feet, you fukken
> incontinent XXXXXXX.
Oh, I'm sorry! I thought you were raising a genuine issue about using Tor
for NNTP. I'll stop feeding you now.
| |
| Tom Giarmo 2005-06-08, 5:47 pm |
| On Wed, 8 Jun 2005 19:16:03 +0000 (UTC), Zax wrote:
> On Wed, 8 Jun 2005 15:03:55 -0400, Tom Giarmo wrote in
> Message-Id: <1jrx3ie29ziga$.1ug92sdml1w37$.dlg@40tude.net>:
>
>
> Oh, I'm sorry!
What the fukken for? It ain't my feet that are fukken pissed drenched.
> I thought you were raising a genuine issue about using Tor
> for NNTP.
Why, is Tor incontinent like you fukken are?
> I'll stop feeding you now.
I don't give s fukken shit, it's dinner time here anyway.
| |
| A.Melon 2005-06-08, 5:47 pm |
| In article <d87g5j$76f$1@bananasplit.info>
Zax <fleegle@bananasplit.info> wrote:
> Oh, I'm sorry! I thought you were raising a genuine issue about using Tor
> for NNTP. I'll stop feeding you now.
That answer made me laugh . I must use it myself on another
occasion.
| |
| Tom Giarmo 2005-06-08, 5:47 pm |
| On Wed, 8 Jun 2005 14:55:53 -0700 (PDT), A.Melon wrote:
> That answer made me laugh . I must use it myself on another
> occasion.
Yeah, make sure you fukken write it down when "Fun Day" comes when you
fukken pop in on alt.kiddies, MelonHead.
| |
| Thrasher Remailer 2005-06-09, 7:46 am |
| On Tue, 7 Jun 2005, Zax <fleegle@bananasplit.info> wrote:
>Can you provide a basis for your above statement? I've done some fairly
>extensive testing using Tor to access my own news service and I'm not
>aware of any leakage of information. There's nothing in the NNTP
>protocol that places user details in the message payload.
>
>The same applies for irc chat, except that people can use ctcp queries
>to see what flavour of irc client you are running. Unless you are
>running something very unusual, this places you in a pretty large
>partition.
Depends on the client. mIRC puts your ip address in the USER command
that it sends when logging on to the server.
| |
| Anonymous via the Cypherpunks Tonga Remailer 2005-06-09, 7:46 am |
| On Mon, 6 June 05 19:16, Zax <fleegle@bananasplit.info> wrote:
[vbcol=seagreen]
> Yes, because Tor is a low-latency system it is more vulnerable to
> traffic analysis than systems like Mixmaster. Keep in mind though that
> there is a huge volume of traffic passing through Tor all the time.
> Trying to link you to the service you are using would be a formidable
> task, even for a powerful adversary.
Add to that, that the number of Tor nodes is increasing steadily.
Currently, there are more than 200 working Tor nodes ditributed over
different parts of the world.
http://www.noreply.org/tor-running-routers/
A simple way to strengthen your anonymity even further is to run a Tor
server yourself. Your destination can't know whether connections relayed
through your computer originated at your computer or not.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Thu, 9 Jun 2005 12:55:44 +0200 (CEST), Anonymous via the
Cypherpunks Tonga Remailer wrote in
Message-Id: <20050609105544.F1466170C2@mail.cypherpunks.to>:
> Add to that, that the number of Tor nodes is increasing steadily.
> Currently, there are more than 200 working Tor nodes ditributed over
> different parts of the world.
Yep, great to see it taking off so well.
> A simple way to strengthen your anonymity even further is to run a Tor
> server yourself. Your destination can't know whether connections relayed
> through your computer originated at your computer or not.
Same concept as Mixmaster; sending messages from an open server places
you in a huge anonymity set.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQEVAwUBQqgk9moLu9HNUqmMAQrhJgf9FkUhroFt
fvfRCoaPc8PNazinII/49dRk
Owbg0EysTkS1KQcekFWnbyYjTAuehBCTLtXX0yJC
9wEeHBySj3N277erwmvZGf1X
YWzi4FwGEZhs9KKLlP6rupVOhH7wV328ZYdeziMg
O5kU2vVljcot++7LNBNNv1r6
TfD+DtLc/F5q2BtEBCO4EHdW5UIS429UK3tt5fs/aTxKIwhMeoxIZit6Orv1/GIu
Ql0/dYWwfUSfAVsscIanCJN/ TS4kEuOtZ9XvTdQKOJoenTB5GKZyJzJeSnC205Iq
vOxV8iZ/ V8W6cEV0txJESnLqCohilhC7IqvbbEtdTASCFJnL
S7JsQQ==
=aCze
-----END PGP SIGNATURE-----
--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>
| |
| Fritz Wuehler 2005-06-09, 5:47 pm |
| On Mon, 6 June 05 19:16, Zax <fleegle@bananasplit.info> wrote:
[vbcol=seagreen]
> Yes, because Tor is a low-latency system it is more vulnerable to
> traffic analysis than systems like Mixmaster. Keep in mind though that
> there is a huge volume of traffic passing through Tor all the time.
> Trying to link you to the service you are using would be a formidable
> task, even for a powerful adversary.
Add to that, that the number of Tor nodes is increasing steadily.
Currently, there are more than 200 working Tor nodes ditributed over
different parts of the world.
http://www.noreply.org/tor-running-routers/
A simple way to strengthen your anonymity even further is to run a Tor
server yourself. Your destination can't know whether connections relayed
through your computer originated at your computer or not.
| |
| Chrissy Cruiser 2005-06-09, 5:47 pm |
| On Thu, 9 Jun 2005 12:55:44 +0200 (CEST), Anonymous via the Cypherpunks
Tonga Remailer wrote:
> A simple way to strengthen your anonymity even further is to run a Tor
> server yourself. Your destination can't know whether connections relayed
> through your computer originated at your computer or not.
I have considered doing that, are there any downsides?
--
http://www.no2id.net/content/flash02.html
| |
| Anonymous via the Cypherpunks Tonga Remailer 2005-06-09, 8:46 pm |
| On Thu, 09 Jun 2005 21:36:06 +0200, Chrissy Cruiser
<doublebreasted@mail.com> wrote:
> On Thu, 9 Jun 2005 12:55:44 +0200 (CEST), Anonymous via the Cypherpunks
> Tonga Remailer wrote:
>
>
> I have considered doing that, are there any downsides?
Well, you should have some bandwidth to spare (you can throttle Tor's
bandwidth usage in the torrc configuration file, BTW). If you don't want to
deal with abuse issues, read this text taken from the Tor Wiki at:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ
4.2. I'd run a server, but I don't want to deal with abuse issues.
Great. That's exactly why we implemented exit policies.
Each Tor server has an exit policy that specifies what sort of outbound
connections he will allow from his server, and what sort he will refuse.
The exit policies are propagated to the client in the directory, so clients
will avoid picking exit nodes that would refuse to exit to their intended
destination.
By default, your server allows access to many popular services, but
restricts some (such as port 25) due to abuse potential. You can edit your
torrc to make your exit policy more or less restrictive. If you want to
avoid most if not all abuse potential, set it to "reject *:*". This is
called being a "middleman" node.
| |
| Chrissy Cruiser 2005-06-10, 5:47 pm |
|
On Fri, 10 Jun 2005 03:25:27 +0200 (CEST), Anonymous via the Cypherpunks
Tonga Remailer wrote:
[vbcol=seagreen]
> Well, you should have some bandwidth to spare (you can throttle Tor's
> bandwidth usage in the torrc configuration file, BTW). If you don't want to
> deal with abuse issues, read this text taken from the Tor Wiki at:
> http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ
>
> 4.2. I'd run a server, but I don't want to deal with abuse issues.
>
> Great. That's exactly why we implemented exit policies.
>
> Each Tor server has an exit policy that specifies what sort of outbound
> connections he will allow from his server, and what sort he will refuse.
> The exit policies are propagated to the client in the directory, so clients
> will avoid picking exit nodes that would refuse to exit to their intended
> destination.
>
> By default, your server allows access to many popular services, but
> restricts some (such as port 25) due to abuse potential. You can edit your
> torrc to make your exit policy more or less restrictive. If you want to
> avoid most if not all abuse potential, set it to "reject *:*". This is
> called being a "middleman" node.
I got bandwidth, no problem, DSL Extreme and only one, two occasionally,
surfing.
What about the legal issues, say for instance, someone traces back to my
static IP an email that is a terrorist author. Am I going to have to
produce a log or testify, give up my machine, have my own data at risk,
etc, you see where I am going.
--
http://www.no2id.net/content/flash02.html
| |
| Nomen Nescio 2005-06-10, 5:47 pm |
| In <10gbd4hce69li.1abiqv5c6vw89$.dlg@40tude.net>, doublebreasted@mail.com
wrote:
>
>On Fri, 10 Jun 2005 03:25:27 +0200 (CEST), Anonymous via the Cypherpunks
>Tonga Remailer wrote:
>
>
>I got bandwidth, no problem, DSL Extreme and only one, two occasionally,
>surfing.
>
>What about the legal issues, say for instance, someone traces back to my
>static IP an email that is a terrorist author. Am I going to have to
>produce a log or testify, give up my machine, have my own data at risk,
>etc, you see where I am going.
all tor traffic is encrypted and routed via SSL tunnels
you have plausible deniability and no logs to give up.
alternatively, you can be middleman or just block mail ports
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
| |
| Anonymous via the Cypherpunks Tonga Remailer 2005-06-10, 5:47 pm |
| On Fri, 10 Jun 2005 19:56, Chrissy Cruiser <doublebreasted@mail.com> wrote:
>
> I got bandwidth, no problem, DSL Extreme and only one, two occasionally,
> surfing.
>
> What about the legal issues, say for instance, someone traces back to my
> static IP an email that is a terrorist author. Am I going to have to
> produce a log or testify, give up my machine, have my own data at risk,
> etc, you see where I am going.
If you operate a Tor middleman node, the chance that any of the above
scenarios will happen is virtually zero. A middleman node will not connect
to websites, IRC channels, deliver email etc. It always connects to other
Tor nodes, using SSL encryption for the connection. It will not send out
HTTP traffic, email, IRC, etc. in the clear. Thanks to the SSL encryption
nobody (not even you) can tell what kind of traffic is passing through your
node and what its final destination is. Your own traffic will also leave
your middleman node SSL encrypted, which is very nice of course.
| |
| Chrissy Cruiser 2005-06-11, 5:46 pm |
| On 10 Jun 2005 21:02:03 -0000, Nomen Nescio wrote:
>
> all tor traffic is encrypted and routed via SSL tunnels
>
> you have plausible deniability and no logs to give up.
>
> alternatively, you can be middleman or just block mail ports
Ok, that works.
--
http://www.no2id.net/content/flash02.html
| |
| Chrissy Cruiser 2005-06-11, 5:46 pm |
|
On Fri, 10 Jun 2005 23:21:42 +0200 (CEST), Anonymous via the Cypherpunks
Tonga Remailer wrote:
[vbcol=seagreen]
> If you operate a Tor middleman node, the chance that any of the above
> scenarios will happen is virtually zero. A middleman node will not connect
> to websites, IRC channels, deliver email etc. It always connects to other
> Tor nodes, using SSL encryption for the connection. It will not send out
> HTTP traffic, email, IRC, etc. in the clear. Thanks to the SSL encryption
> nobody (not even you) can tell what kind of traffic is passing through your
> node and what its final destination is. Your own traffic will also leave
> your middleman node SSL encrypted, which is very nice of course.
How about the exposure of my static IP address?
--
http://www.no2id.net/content/flash02.html
| |
| Thomas J. Boschloo 2005-06-12, 5:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Zax wrote:
> On Wed, 8 Jun 2005 15:03:55 -0400, Tom Giarmo wrote in
> Message-Id: <1jrx3ie29ziga$.1ug92sdml1w37$.dlg@40tude.net>:
>
>
>
>
> Oh, I'm sorry! I thought you were raising a genuine issue about using Tor
> for NNTP. I'll stop feeding you now.
You were talking about 'leakage of information' ;-) I find this Tom
Giarmo funny at times. Especially when you see through his use of words
like 'fukken'. It is all a front.. He is fun IRL in a bar or something I
gather. I bet he is the kind of guy that would buy you a beer or two to
make up with you (but I wouldn't want to take him home with me).
It is kind of embarrassing when people like you can Nemo Outis try to
give helpful and on-topic replies to him though. Helpful replies are
wasted on Tom Giarmo! He probably is a troll (but quite a relieve from
the normal kind of troll we have here).
Maybe Tom could even help get rid of some of our more persistent trolls
here (the really numb and annoying ones).
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQqxM9gEP2l8iXKAJAQHlQQMeNyLvwEoV
ee1k5i/HCPZlvQPqP1IqWaqn
exDQj0OkUO9zXlXtUb5YXzcJbaHKnJew7iCcC/zY/0fHN1lvpmS3I1G3FE2Qwtuo
oV0A0BkERT9X9C1wZUlGmL8WsP2JOLan8FaeFA==
=02D+
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-06-12, 5:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Zax wrote:
<snip>
> address. It's best to disable Java in your browser when using Tor.
And Javascript, ActiveX/ActiveScripting/Flash/Adobe/etc.
You can stop using ActiveX by stopping to use Internet Explorer as your
preferred browser. (highly recommended)
Opera has a nice option (in prefs->'multimedia') to turn off all plugins.
hth,
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQqxN3gEP2l8iXKAJAQH5AAMfUKrPQPla
mJ/T+yqwyDXD9GT01Kk6+B5E
UTrEZ4+mlHRPyFMyCQU0D9QM7aOVZg6+nhEGWrsh
OYxrLyHbNzn8TtvzeOhziazR
6CoRruxGXK5OAJikrDWn/q2tCzyh0ZeHamYVUQ==
=OlKb
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-06-12, 5:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Chrissy Cruiser wrote:
>
>
>
> On Fri, 10 Jun 2005 03:25:27 +0200 (CEST), Anonymous via the Cypherpunks
> Tonga Remailer wrote:
>
>
>
>
> I got bandwidth, no problem, DSL Extreme and only one, two occasionally,
> surfing.
>
> What about the legal issues, say for instance, someone traces back to my
> static IP an email that is a terrorist author. Am I going to have to
> produce a log or testify, give up my machine, have my own data at risk,
> etc, you see where I am going.
I would worry more about keeping your computer safe and all my software
updated. E.g. There is a exploit available from Javascript in Opera 8.00
from
<http://www.security.nl/article/1097...r_en_Opera.html>.
It is nearly half a week later now and there still is no fix at
<http://www.opera.com>! It is an (malicious javascript) execute kind of
exploit IIRC but basically your whole system might compromised if
someone can lure you to a website exploiting something like this. No
amount of crypto or anonymisation will protect you against this!
So, do you think you're up to maintaining a secure service?
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQqxQFgEP2l8iXKAJAQGHpAMghtqkcbv3
kiqbHFCgAy/M/2ipsG7gkUfT
gC67o4mlvgD4+x10mZd0eGtESB53mHdaNXoD5FdC
hxG+vnrqdRWJs709w9Zs1vLt
9vtnEywcwSPOALTZn7WJq4HllTvCHZuWtWyQ5g==
=TP+b
-----END PGP SIGNATURE-----
| |
| Anonymous via the Cypherpunks Tonga Remailer 2005-06-12, 8:45 pm |
| On Sat, 11 Jun 2005 18:26, Chrissy Cruiser <doublebreasted@mail.com> wrote:
> How about the exposure of my static IP address?
It won't be exposed if your run a midlleman node. The IP addresses of Tor
server nodes (including middleman nodes) are published at:
http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl
| |
| Chrissy Cruiser 2005-06-14, 5:47 pm |
| On Mon, 13 Jun 2005 01:30:14 +0200 (CEST), Anonymous via the Cypherpunks
Tonga Remailer wrote:
> On Sat, 11 Jun 2005 18:26, Chrissy Cruiser <doublebreasted@mail.com> wrote:
>
>
> It won't be exposed if your run a midlleman node. The IP addresses of Tor
> server nodes (including middleman nodes) are published at:
> http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl
I think you have beaten me into submission!
--
http://www.no2id.net/
| |
| Chrissy Cruiser 2005-06-14, 5:47 pm |
| On Sun, 12 Jun 2005 17:09:10 +0200, Thomas J. Boschloo wrote:
>
> I would worry more about keeping your computer safe and all my software
> updated. E.g. There is a exploit available from Javascript in Opera 8.00
> from
> <http://www.security.nl/article/1097...r_en_Opera.html>.
>
> It is nearly half a week later now and there still is no fix at
> <http://www.opera.com>! It is an (malicious javascript) execute kind of
> exploit IIRC but basically your whole system might compromised if
> someone can lure you to a website exploiting something like this. No
> amount of crypto or anonymisation will protect you against this!
>
> So, do you think you're up to maintaining a secure service?
Yikes! Nope, I have trouble locking my door.
So what you are saying is that my box could become contaminated, what if I
am a middleman?
--
http://www.no2id.net/content/flash02.html
| |
| Tom Giarmo 2005-06-14, 5:47 pm |
| On Sun, 12 Jun 2005 16:55:50 +0200, Thomas J. Boschloo wrote:
[vbcol=seagreen]
> You were talking about 'leakage of information' ;-)
It fukken blew right over his head, Thomas II
>I find this Tom
> Giarmo funny at times. Especially when you see through his use of words
> like 'fukken'. It is all a front..
I'm from NYC, fukken is local fukken slang.
> He is fun IRL in a bar or something I
> gather. I bet he is the kind of guy that would buy you a beer or two to
> make up with you (but I wouldn't want to take him home with me).
Not a queer, have no eye. And you're right, I've fukken picked up off the
street fukkers who I have flattened and bought them a brewski.
> It is kind of embarrassing when people like you can Nemo Outis try to
> give helpful and on-topic replies to him though. Helpful replies are
> wasted on Tom Giarmo!
Bullfukkenshit, first, nemo is a dick, second Zax him it, third. I learn
fukken fast.
>He probably is a troll (but quite a relieve from
> the normal kind of troll we have here).
I already said I cleaned out two newsgruppes, fukkening trolled them right
in the fukken ground.
> Maybe Tom could even help get rid of some of our more persistent trolls
> here (the really numb and annoying ones).
>
> Thomas
Yeah, I ain't seen nemo around here for fukken days.
| |
| Thomas J. Boschloo 2005-06-17, 5:47 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Chrissy Cruiser wrote:
> On Sun, 12 Jun 2005 17:09:10 +0200, Thomas J. Boschloo wrote:
>
>
>
>
> Yikes! Nope, I have trouble locking my door.
>
> So what you are saying is that my box could become contaminated, what if I
> am a middleman?
An adversary could come knocking on your door. And some process on your
computer (maybe distributed with Windows XP itself) might open it.
Anyways, there is an Opera 8.01 now
<http://www.opera.com/windows/changelogs/801/#security> (and the site
seems nearly down because of it!). They fixed the bug I mentioned but
called it an 'User Interface' change I think..
Also read <http://www.schneier.com/essay-085.pdf> (new!) But only if you
have strong heart! 0-day exploits really frighten me! It's from
CRYPTO-GRAM, June 15, 2005 by Bruce..
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQrMIoQEP2l8iXKAJAQH/MQMfS4PzxdvcSjJO7f/ZvgdbqRrG8tY8YWsF
EPsCtoDPrrU7X3OZqkvU2dETxIF+H1Bdua5ya3Ou
x6ZJAgDfOpNUb3aklub9XvZE
n3CBae5dCl7keuSvWNhV2M/sxYQ1tRS+veWdbw==
=ks3P
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-06-19, 5:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Tom Giarmo wrote:
> On Sun, 12 Jun 2005 16:55:50 +0200, Thomas J. Boschloo wrote:
<snip>
>
>
> Bullfukkenshit, first, nemo is a dick, second Zax him it, third. I learn
> fukken fast.
So you say..
>
>
> I already said I cleaned out two newsgruppes, fukkening trolled them right
> in the fukken ground.
You'll have a harder job here!
>
>
> Yeah, I ain't seen nemo around here for fukken days.
He'll be back, just wait :-)
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQrVyBgEP2l8iXKAJAQHHzwMfYfICqQOw
mUajE8rifQBMGpQIhqOvxHN2
ryrOBuSh+ZocM3rUoFlBFDujBGELLDbkGYg5dGct
SK3yg5GXgjzXfYoBAdokNM5A
lWjVDF1AgfXS47b1ZPh4dNTfCDJQHAlYj+F6hw==
=0rXK
-----END PGP SIGNATURE-----
| |
| George Orwell 2005-06-20, 7:46 am |
| In <r9qpszb9mzn2.1fdrs8r3yh7q2$.dlg@40tude.net>, TomGiarmoI@use.net wrote:
>On Sun, 12 Jun 2005 16:55:50 +0200, Thomas J. Boschloo wrote:
>
>
[snip]
>
>I already said I cleaned out two newsgruppes, fukkening trolled them right
>in the fukken ground.
Big fukken deal. we in a.p.a-s have seen the worst of the worst.
We survived Frog
We survived Assholeus
We survived the Bochloo wars
We survived remailer haters
We don't give a shit about you... punk.
>
>Yeah, I ain't seen nemo around here for fukken days.
You are almost TOO stupid.
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified. You need a valid hashcash token to post to groups other
than alt.test and alt.anonymous.messages. Visit www.panta-rhei.dyndns.org
for abuse and hashcash info.
| |
| Chrissy Cruiser 2005-06-23, 7:46 am |
| On Fri, 17 Jun 2005 19:30:09 +0200, Thomas J. Boschloo wrote:
>
> An adversary could come knocking on your door. And some process on your
> computer (maybe distributed with Windows XP itself) might open it.
>
> Anyways, there is an Opera 8.01 now
> <http://www.opera.com/windows/changelogs/801/#security> (and the site
> seems nearly down because of it!). They fixed the bug I mentioned but
> called it an 'User Interface' change I think..
>
> Also read <http://www.schneier.com/essay-085.pdf> (new!) But only if you
> have strong heart! 0-day exploits really frighten me! It's from
> CRYPTO-GRAM, June 15, 2005 by Bruce..
>
> Thomas
AAAAAAAAAAAAgggghhhhhhhhhhhhhhhhhhhh
--
http://www.no2id.net/content/flash02.html
| |
| Tom Giarmo 2005-06-23, 7:46 am |
| On 20 Jun 2005 08:37:35 -0000, George Orwell wrote:
>
> Big fukken deal. we in a.p.a-s have seen the worst of the worst.
>
> We survived Frog
>
> We survived Assholeus
>
> We survived the Bochloo wars
>
> We survived remailer haters
>
> We don't give a shit about you... punk.
Making fukken notice there George of how fukken much you "don't give a
shit".
| |
| Thomas J. Boschloo 2005-06-24, 5:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tom Giarmo schreef:
> On 20 Jun 2005 08:37:35 -0000, George Orwell wrote:
>
>
>
>
> Making fukken notice there George of how fukken much you "don't give a
> shit".
George is right though. We have had much worse trolls here than you
could ever hope to be (without losing your account that is)..
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQrxbqgEP2l8iXKAJAQLC3gMcCPOhjeZ5
SaLiiAQXjA0Ix9bk5Q5synhb
QNgDfTkZbt2ohKwyDaUQKo5pn1fjUmSN3ZX06Vyd
AJEOalNVg1w/Qp1sY51Hx5ao
S2QUSi28rWihLCK64Pn4Z9jFa6+sXYMNmaZOuQ==
=cUaG
-----END PGP SIGNATURE-----
| |
| Thomas J. Boschloo 2005-06-24, 5:46 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chrissy Cruiser schreef:
> On Fri, 17 Jun 2005 19:30:09 +0200, Thomas J. Boschloo wrote:
<snip>
>
>
> AAAAAAAAAAAAgggghhhhhhhhhhhhhhhhhhhh
It's ok, it's all right. Just apply windowsupdate to your computer, log
off and it will be fine next time you visit the internet..
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQrxhngEP2l8iXKAJAQJGwAMggx0KOVAC
oepu2iahhyM3nlu3KYNwXU67
rVeQSK93LhpW3ymt2hqCrQ6x8BTQLO387GKZjzZ2
Bn/SvRDocfJMKn4RGxzwJse/
C1ZfEZgkGubq3ybk/PQPFlp4QNwF3FHxY69boQ==
=dLdR
-----END PGP SIGNATURE-----
| |
| Anonymous 2005-06-25, 2:45 am |
| In <42bc61af$0$784$3a628fcd@reader20.nntp.hccnet.nl>, nospam@hccnet.nl.invalid wrote:
>
>It's ok, it's all right. Just apply windowsupdate to your computer, log
>off and it will be fine next time you visit the internet..
>
Question: What do you do when windows update gets to the point where you
click 'Install now' and the download progress dialog just sits there not doing anything.
-=-
This message was sent via two or more anonymous remailing services.
| |
| Thomas J. Boschloo 2005-06-25, 7:46 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anonymous schreef:
> In <42bc61af$0$784$3a628fcd@reader20.nntp.hccnet.nl>, nospam@hccnet.nl.invalid wrote:
>
>
>
>
>
> Question: What do you do when windows update gets to the point where you
> click 'Install now' and the download progress dialog just sits there not doing anything.
That either means your computer is very secure (as your internet
connection is down), ooor, you are infected by malware that blocks your
connection to microsoft and all the antivir sites.
It is always a good idea to install a firewall, after a new install, and
before you connect your computer to the internet.
The time present on your computer downloading update stuff is a time
that your system is not (yet) patched and where you will thus be
vulnerable to malware exploiting the things on your computer you are
about to patch.
hth,
Thomas
- --
"You can't be safer, can't be more secure than with a breast in each
palm, that's the way I was born and that's the way I want to die" -
Sugarcubes, Mama, 1988
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iQB5AwUBQr1H8wEP2l8iXKAJAQLCpwMeJ1knJVI1
XzOZaQfFm+GENthXep5YE7at
tIfqWDsIqG6cFeFOciqC4fsK1nMSQTM/XezQGSv9zPQpaFjO+mpnYAWP6LDObA7A
3mN3tx5zzKQfIPpFgGwhIuzOcPnYCkcGbrszbQ==
=FfRz
-----END PGP SIGNATURE-----
| |
| Nomen Nescio 2005-06-28, 8:45 pm |
| Tom Giarmo wrote:
>Not a queer
You sure about that? I heard about your posts in alt.homosexual.
| |
| Anonymous 2005-06-29, 5:47 pm |
| In <073a111d7946747adc68d03950ef2bec@dizum.com>, nobody@dizum.com wrote:
>Tom Giarmo wrote:
>
>You sure about that? I heard about your posts in alt.homosexual.
Tom Giarmo Blows your privacy AND your privates at the same time!!
-=-
This message was sent via two or more anonymous remailing services.
| |
| Tom Giarmo 2005-06-29, 5:47 pm |
| On 29 Jun 2005 14:10:44 -0000, Anonymous wrote:
> In <073a111d7946747adc68d03950ef2bec@dizum.com>, nobody@dizum.com wrote:
>
> Tom Giarmo Blows your privacy AND your privates at the same time!!
NYUK You XXXXKEN FOOOOOOOOOLS
| |
| A.Melon 2005-07-04, 5:46 pm |
| On Wed, 29 Jun 2005 17:48:28 -0400, Tom Giarmo wrote:
>NYUK You XXXXKEN FOOOOOOOOOLS
Obviously you ran out of intelligent things to say. Not surprisingly, it
didn't take very long.
|
|
|
|
|