Critical: Read this if you use Tor Browser

spurr

Active member
Hello,

Over the past week it has become apparent there is a pretty big bug (anonymity concern) in TorBrowser, due to the non-toggle state most people use it under.

Follow the directions below, NOW, if you use TorBrowser:


Easiest fix:
Make sure to toggle TorButton off, then back on, at least once. This allows for TorButton to set some critical configs that otherwise are not set (i.e., disable geo-location feature in Firefox, etc).

Then type "about:config" (without quotes) in your Firefox URL bar, accept the warning, and type the following in the config bar to make sure it worked (for images of this process see my post here: link)

  1. geo.enabled > should be set to "false"
  2. network.dns.disablePrefetch > should be set to "true"
  3. browser.cache.offline.enable > should be set to "false"

Better fix:
Download the current release of TorBrowser, i.e., 01-09-2011; Linux = v.1.1.2, Mac = v.1.0.9, Win = v.1.3.16. Those builds manually set config options (as a dirty work-around) so TorButton does not need to be toggled at least once.

Then type "about:config" in your Firefox URL bar, accept the warning, and type the following in the config bar to make sure it worked (for images of this process see my post here: link)


  1. geo.enabled > should be set to "false"
  2. network.dns.disablePrefetch > should be set to "true"
  3. browser.cache.offline.enable > should be set to "false"


Refs:



  1. https://blog.torproject.org/blog/new-tor-browser-bundle-packages-1
  2. https://trac.torproject.org/projects/tor/ticket/2338
  3. https://gitweb.torproject.org/torbr...73a8ebb576c8ec:/build-scripts/config/prefs.js

Be safe, be anonymous!
 

Stress_test

I'm always here when I'm not someplace else
New Details Support Tor Spying Theory

You’ll recall the story about the Swedish security researcher who stumbled upon unencrypted embassy e-mail traffic that was passing through five Tor exit nodes he set up. The researcher, Dan Egerstad, told me before the Swedish feds raided his apartment that he was certain that others were grabbing such traffic through Tor exit nodes in the same way that he was. Government and intelligence agencies were presumed to be some of the spies tapping into the Tor network.

Well the TeamFurry researchers decided to examine the configuration of a few Tor exit nodes to see what they might be up to and found some interesting results — exit nodes that were configured to accept only unencrypted IMAP, AIM, VNC, Yahoo IM and MSN Messenger traffic, among a few other things, and to reject all other traffic.

Another node set up in Germany was configured to accept only unencrypted telnet, POP3, and nntp traffic. Here’s a look at one of the configurations:


accept *:143 <- Accept unencrypted IMAP traffic to anywhere
accept *:5190 <- Accept unencrypted AIM traffic to anywhere
accept *:5050 <- Accept unencrypted Yahoo IM traffic to anywhere
accept *:5900 <- Accept unencrypted VNC traffic to anywhere
accept *:5901 <- Accept unencrypted VNC traffic to anywhere
accept *:1863 <- Accept unencrypted MSN Messenger traffic to anywhere

reject *:* <- reject all other traffic.

Of course there’s no telling who the exit node owners are (bored hackers, industrial spies or intelligence agencies) or what they’re doing for sure, but as TeamFurry notes, the configurations sure look suspicious.

They also found another exit node in Germany that appears to be doing man-in-the-middle attacks on HTTPS connections.

See also:

* Tor Researcher Who Exposed Embassy E-mail Passwords Gets Raided by Swedish FBI and CIA

* Rogue Nodes Turn Tor Anonymizer Into Eavesdropper’s Paradise
* Embassy E-mail Account Vulnerability Exposes Passport Data and Official Business Matters
* Tor Torches Online Tracking
 

spurr

Active member
@ stress test,

I am curious, why did you post that? I am curious because it has nothing to do with my thread. That is not to say what you posted in not important. What you posted is why Tor (and any proxy to the Internet), should be used with HTTPS whenever possible. No one should be using ICmag without HTTPS, with or without using Tor.

In a perfect world there would be no HTTP, it would all be HTTPS, and of course, SSL would be much more secure.
 

WaywardBob

Member
this post is coming from someone who doesnt know much about browers and all that configuration stuff...

from the title, it sounded like Tor Browser is a program itself, but reading on thru ur post it sounds like Tor Browser is an addon for firefox? can someone please clarify this for me
 

Stress_test

I'm always here when I'm not someplace else
would you guys consider this addon to be a necessity for a grower browsing these boards?

No.

However, security and privacy should ALWAYS be a high level concern for anybody using, growing, or discussing mj even if they are 100% legal by state laws.

ICM is a fairly secure site as internet security goes. But you can't be an idiot and give yourself up either.

In my opinion, TOR adds a false sense of security to those who use it, and most people who use TOR do not have the network knowledge to use it effectively and it creates more confusion/frustration and false security than it's worth.

I mean really! Most people have more incriminating things on their computers, iPods, iPhones, digital cameras and thumb drives, like pictures, text messages, emails, order confirmations, billing info, or grow calendars, that is readily available to LEO or the DEA without having to jump legal and jurisdiction issues of tracking peoples use over international borders on the internet.

Don't save bookmarks, emails, pictures or anything online or on your computer! Change passwords frequently and use common sense and you won't need TOR or the added frustration that goes along with it.
 

spurr

Active member
this post is coming from someone who doesnt know much about browers and all that configuration stuff...

from the title, it sounded like Tor Browser is a program itself, but reading on thru ur post it sounds like Tor Browser is an addon for firefox? can someone please clarify this for me

Tor Browser is not an add-on. Tor Browser is a pre-compiled and ready to use "out-of-the-box" compilation of programs that work together to anonymize your Internet traffic, and secure it in some instances.

Some people use Tor in the form (distribution) of Tor Browser Bundle, and some people use Tor in the form of an installed program. Tor Browser is helpful if you keep it on a USB drive so you can anonymize coffee house internet activity, etc. Using Tor Browser from an encrypted volume (i.e., using TrueCrypt) is wise, either on your HDD (hard-disk, e.g., C drive) or on a USB drive.

Using Tor Browser from an encrypted volume means you can save bookmarks, passwords, pictures, download threads for off-line reading, et al., and feel secure that even in the event of a raid, your online activity with Tor Browser is secure and still anonymous.

The suggestion that people should not save bookmarks, threads, pics, etc., is silly; just make sure to save them within a encrypted volume. Or better yet, encrypted your whole hard drive so no data (ex., from Swap file) is available to LEO if they raid you, and also save damaging evidence (e.g., picks of your grows over the years) to a hidden-encrypted volume on your HDD.

Tor Browser =

  1. Tor (compiled for portable mode)
  2. Vidalia (GUI for Tor; compiled for portable mode)
  3. Firefox (compiled in portable mode)
  4. Polipo (for Mac and Windows, it's a HTTP/S proxy between Firefox and Tor; compiled for portable mode)
  5. TorButton (a Firefox add-on that is a must have for using Tor with Firefox; in fact, Tor should not be used with any other browser at this time due to lack of a TorButton for other browsers).
:tiphat:
 

spurr

Active member
would you guys consider this addon to be a necessity for a grower browsing these boards?

If using Tor, then yes, absolutely; anyone who tells you otherwise is wrong. I also use it for non-Tor usage becuase TorButton removes lots of JavaScript, flash, etc., garbage that I don't need when I'm not on YouTube, etc.

TorButton assists in anonymizing (e.g., reducing fingerprint) and securing web-browsing Internet traffic; it is a 100% must have for use of any proxy, not only Tor...

:tiphat:
 

Hammerhead

Disabled Farmer
ICMag Supporter
ICMag Donor
Im to old to be so paranoid. I have my Rec and I dont grow more then my 6 plants. If they want me they can try to find me im right here:)
 

spurr

Active member
Im to old to be so paranoid. I have my Rec and I dont grow more then my 6 plants. If they want me they can try to find me im right here:)

That is great for you, but many people are not so lucky as to live in a med state, or able to stay within their recommendation.

That said, it's not not a good idea to suggest people should not protect their anonymity. What if someone got busted because they took your advise? What I mean is, why not err on the side of caution? At least you have a sound point; folks like Stress_test spreading FUD about Tor are a real danger to folks who need/want anonymity.
 

Hammerhead

Disabled Farmer
ICMag Supporter
ICMag Donor
Dude your funny I'm not going to be baited into a argument about this stupid shit. If anyone is that paranoid about where they surf they should not go to any places that may put them at risk. If someone gets busted for following my feelings about this subject would be stupid. The majority of the members here are not as stupid as you seem to think they are. There are very few people on here that I would listen to anything there saying. ICMAG IS EXTREMLY SECURE THE MODS WE HAVE HERE MAKE SURE OF THAT. You have your opinion I have mine thats all. I said my piece now you can preach to the choir and tell them how much of a risk there taking by participating here at ICMAG without using TOR.. I think you forget we have members here since it's inception that have never used tor. Leo does not know if I have a rec or if I stay within my 6 plants. I could be full of shit for all they know I dont here anyone knocking on my door.
 
Last edited:
Top