Announcement

Collapse
No announcement yet.

Critical: Read this if you use Tor Browser

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Critical: Read this if you use Tor Browser

    Hello,

    Over the past week it has become apparent there is a pretty big bug (anonymity concern) in TorBrowser, due to the non-toggle state most people use it under.

    Follow the directions below, NOW, if you use TorBrowser:


    Easiest fix:
    Make sure to toggle TorButton off, then back on, at least once. This allows for TorButton to set some critical configs that otherwise are not set (i.e., disable geo-location feature in Firefox, etc).

    Then type "about:config" (without quotes) in your Firefox URL bar, accept the warning, and type the following in the config bar to make sure it worked (for images of this process see my post here: link)
    1. geo.enabled > should be set to "false"
    2. network.dns.disablePrefetch > should be set to "true"
    3. browser.cache.offline.enable > should be set to "false"


    Better fix:
    Download the current release of TorBrowser, i.e., 01-09-2011; Linux = v.1.1.2, Mac = v.1.0.9, Win = v.1.3.16. Those builds manually set config options (as a dirty work-around) so TorButton does not need to be toggled at least once.

    Then type "about:config" in your Firefox URL bar, accept the warning, and type the following in the config bar to make sure it worked (for images of this process see my post here: link)

    1. geo.enabled > should be set to "false"
    2. network.dns.disablePrefetch > should be set to "true"
    3. browser.cache.offline.enable > should be set to "false"



    Refs:


    1. https://blog.torproject.org/blog/new...dle-packages-1
    2. https://trac.torproject.org/projects/tor/ticket/2338
    3. https://gitweb.torproject.org/torbro...onfig/prefs.js


    Be safe, be anonymous!

    #2
    @ all who use Tor:

    Please make it a daily habit, or at least a few times a week, to check the Tor blog for important info that may be relevant to you (such as critical bug fix notices, etc.): https://blog.torproject.org/blog/

    Comment


      #3
      will check on this.. thanx peace n pufs..

      sacKO
      Jack & Jill went up the hill both with a buck and a quarter. Jill came down with 650 bucks.

      Can't never did anything

      click the link!
      sackO goes toe 2 toe with!?

      Comment


        #4
        Glad to help

        Comment


          #5
          New Details Support Tor Spying Theory

          You’ll recall the story about the Swedish security researcher who stumbled upon unencrypted embassy e-mail traffic that was passing through five Tor exit nodes he set up. The researcher, Dan Egerstad, told me before the Swedish feds raided his apartment that he was certain that others were grabbing such traffic through Tor exit nodes in the same way that he was. Government and intelligence agencies were presumed to be some of the spies tapping into the Tor network.

          Well the TeamFurry researchers decided to examine the configuration of a few Tor exit nodes to see what they might be up to and found some interesting results — exit nodes that were configured to accept only unencrypted IMAP, AIM, VNC, Yahoo IM and MSN Messenger traffic, among a few other things, and to reject all other traffic.

          Another node set up in Germany was configured to accept only unencrypted telnet, POP3, and nntp traffic. Here’s a look at one of the configurations:


          accept *:143 <- Accept unencrypted IMAP traffic to anywhere
          accept *:5190 <- Accept unencrypted AIM traffic to anywhere
          accept *:5050 <- Accept unencrypted Yahoo IM traffic to anywhere
          accept *:5900 <- Accept unencrypted VNC traffic to anywhere
          accept *:5901 <- Accept unencrypted VNC traffic to anywhere
          accept *:1863 <- Accept unencrypted MSN Messenger traffic to anywhere

          reject *:* <- reject all other traffic.

          Of course there’s no telling who the exit node owners are (bored hackers, industrial spies or intelligence agencies) or what they’re doing for sure, but as TeamFurry notes, the configurations sure look suspicious.

          They also found another exit node in Germany that appears to be doing man-in-the-middle attacks on HTTPS connections.
          See also:

          * Tor Researcher Who Exposed Embassy E-mail Passwords Gets Raided by Swedish FBI and CIA

          * Rogue Nodes Turn Tor Anonymizer Into Eavesdropper’s Paradise
          * Embassy E-mail Account Vulnerability Exposes Passport Data and Official Business Matters
          * Tor Torches Online Tracking
          "I would.

          I'd really like to meet an honest man.
          But I'd have to lie to him cause I smoke pot."
          ______________________________ ______

          First Outdoor Guerrilla Grow 2011
          Understanding Ph.
          Ingenious $4 Walmart Cloner.
          SOG's DIY micro-cloning factory tutorial. (Very well illustrated and explained).
          Handy site for the Gardener
          (A wealth of information for any gardener).
          Sometimes when I'm really medicated, I can really crack me up.

          Comment


            #6
            @ stress test,

            I am curious, why did you post that? I am curious because it has nothing to do with my thread. That is not to say what you posted in not important. What you posted is why Tor (and any proxy to the Internet), should be used with HTTPS whenever possible. No one should be using ICmag without HTTPS, with or without using Tor.

            In a perfect world there would be no HTTP, it would all be HTTPS, and of course, SSL would be much more secure.

            Comment


              #7
              Spurr, Thanks for a most tasty post. One can never be too safe. Viva la TOR
              Paddle faster...I hear banjos!

              Comment


                #8
                i am very glad he posted that info ,all info is needed to to make good decisions ,
                Go to YouTube search nibiru, do it now!or your gonna forget!! Getr’ Done!

                Comment


                  #9
                  - edit -

                  Never mind I figured it out!

                  Last edited by StrainHunter; 01-16-2011, 21:43.
                  .


                  Something every grower "on the grid" should be aware of:


                  Smart Meters - a few common misconceptions cleared up here.

                  Comment


                    #10
                    this post is coming from someone who doesnt know much about browers and all that configuration stuff...

                    from the title, it sounded like Tor Browser is a program itself, but reading on thru ur post it sounds like Tor Browser is an addon for firefox? can someone please clarify this for me
                    WaywardBob, over and out.

                    An ICE plant, 1000w, 180 days, and a 10 gallon pot -- Harvested

                    Comment


                      #11
                      Originally posted by WaywardBob View Post
                      .......

                      from the title, it sounded like Tor Browser is a program itself, but reading on thru ur post it sounds like Tor Browser is an addon for firefox? can someone please clarify this for me

                      https://addons.mozilla.org/en-US/fir...don/torbutton/
                      .


                      Something every grower "on the grid" should be aware of:


                      Smart Meters - a few common misconceptions cleared up here.

                      Comment


                        #12
                        would you guys consider this addon to be a necessity for a grower browsing these boards?
                        WaywardBob, over and out.

                        An ICE plant, 1000w, 180 days, and a 10 gallon pot -- Harvested

                        Comment


                          #13
                          Originally posted by WaywardBob View Post
                          would you guys consider this addon to be a necessity for a grower browsing these boards?
                          Edit:

                          Hm I have to say the post below this one is spot on.
                          Last edited by StrainHunter; 01-16-2011, 22:06. Reason: Didn't want to look like an idiot...lol
                          .


                          Something every grower "on the grid" should be aware of:


                          Smart Meters - a few common misconceptions cleared up here.

                          Comment


                            #14
                            Originally posted by WaywardBob View Post
                            would you guys consider this addon to be a necessity for a grower browsing these boards?
                            No.

                            However, security and privacy should ALWAYS be a high level concern for anybody using, growing, or discussing mj even if they are 100% legal by state laws.

                            ICM is a fairly secure site as internet security goes. But you can't be an idiot and give yourself up either.

                            In my opinion, TOR adds a false sense of security to those who use it, and most people who use TOR do not have the network knowledge to use it effectively and it creates more confusion/frustration and false security than it's worth.

                            I mean really! Most people have more incriminating things on their computers, iPods, iPhones, digital cameras and thumb drives, like pictures, text messages, emails, order confirmations, billing info, or grow calendars, that is readily available to LEO or the DEA without having to jump legal and jurisdiction issues of tracking peoples use over international borders on the internet.

                            Don't save bookmarks, emails, pictures or anything online or on your computer! Change passwords frequently and use common sense and you won't need TOR or the added frustration that goes along with it.
                            "I would.

                            I'd really like to meet an honest man.
                            But I'd have to lie to him cause I smoke pot."
                            ______________________________ ______

                            First Outdoor Guerrilla Grow 2011
                            Understanding Ph.
                            Ingenious $4 Walmart Cloner.
                            SOG's DIY micro-cloning factory tutorial. (Very well illustrated and explained).
                            Handy site for the Gardener
                            (A wealth of information for any gardener).
                            Sometimes when I'm really medicated, I can really crack me up.

                            Comment


                              #15
                              Originally posted by WaywardBob View Post
                              this post is coming from someone who doesnt know much about browers and all that configuration stuff...

                              from the title, it sounded like Tor Browser is a program itself, but reading on thru ur post it sounds like Tor Browser is an addon for firefox? can someone please clarify this for me
                              Tor Browser is not an add-on. Tor Browser is a pre-compiled and ready to use "out-of-the-box" compilation of programs that work together to anonymize your Internet traffic, and secure it in some instances.

                              Some people use Tor in the form (distribution) of Tor Browser Bundle, and some people use Tor in the form of an installed program. Tor Browser is helpful if you keep it on a USB drive so you can anonymize coffee house internet activity, etc. Using Tor Browser from an encrypted volume (i.e., using TrueCrypt) is wise, either on your HDD (hard-disk, e.g., C drive) or on a USB drive.

                              Using Tor Browser from an encrypted volume means you can save bookmarks, passwords, pictures, download threads for off-line reading, et al., and feel secure that even in the event of a raid, your online activity with Tor Browser is secure and still anonymous.

                              The suggestion that people should not save bookmarks, threads, pics, etc., is silly; just make sure to save them within a encrypted volume. Or better yet, encrypted your whole hard drive so no data (ex., from Swap file) is available to LEO if they raid you, and also save damaging evidence (e.g., picks of your grows over the years) to a hidden-encrypted volume on your HDD.

                              Tor Browser =
                              1. Tor (compiled for portable mode)
                              2. Vidalia (GUI for Tor; compiled for portable mode)
                              3. Firefox (compiled in portable mode)
                              4. Polipo (for Mac and Windows, it's a HTTP/S proxy between Firefox and Tor; compiled for portable mode)
                              5. TorButton (a Firefox add-on that is a must have for using Tor with Firefox; in fact, Tor should not be used with any other browser at this time due to lack of a TorButton for other browsers).

                              Comment

                              Working...
                              X