Delivery-Date: Mon, 25 Aug 2014 15:03:04 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 530BC1E0CAC;
	Mon, 25 Aug 2014 15:03:03 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 86E51309C1;
	Mon, 25 Aug 2014 19:02:59 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1F4E93099F
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 19:02:56 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id RK_KbO-2PW-f for <tor-talk@lists.torproject.org>;
 Mon, 25 Aug 2014 19:02:56 +0000 (UTC)
Received: from mail-la0-x230.google.com (mail-la0-x230.google.com
 [IPv6:2a00:1450:4010:c03::230])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 8DD402E715
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 19:02:52 +0000 (UTC)
Received: by mail-la0-f48.google.com with SMTP id gl10so13577365lab.21
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 12:02:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=Tq6B/PkHPdAZxssWIxM2CLwrWuAoRTj4t36bUF6p7RQ=;
 b=ov2TcHTdtXIUv/nZ+LJlUxjLDLXwJkl7Fjzui0Va4oxDRXXsISofbu08HHeFcmIkc9
 +A84qIcTo7a7MW0BZRIOQJeYMEqDiWYdSXtfnpIGNqDBuqODbhw8M/NzTguIPM+///fb
 s4lH0IUjxIdZsrxQCf1Ap4LMKFmI6+mhwSyIJfdm0qRUms31ercpuHs53lGFdL5Z38Ip
 HhufWsUDEix+clpWJv5Ni8+hCl6LBgkHw5wgoGgKgkc1xgdRCEkftHggquwdK/3/FXgr
 lT8ZjIcu9sRWleHxY4ud3frOW5+/bM/9iqyCuZjDUgWCrs+WjWrNQY9Q70WinDw0IAyb
 UG3Q==
MIME-Version: 1.0
X-Received: by 10.112.35.138 with SMTP id h10mr20985252lbj.65.1408993369212;
 Mon, 25 Aug 2014 12:02:49 -0700 (PDT)
Received: by 10.112.168.233 with HTTP; Mon, 25 Aug 2014 12:02:49 -0700 (PDT)
In-Reply-To: <c19072ec44c750a9bf78215860e425a9.squirrel@bitmessage.ch>
References: <c19072ec44c750a9bf78215860e425a9.squirrel@bitmessage.ch>
Date: Mon, 25 Aug 2014 16:02:49 -0300
Message-ID: <CAFZYV3MFNik3RRnRc4oPp+mVabZOGCDVUSiTtw3qv8GHJUzKAw@mail.gmail.com>
From: APX 808 <apx.808@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] TOR tried to take a snapshot of my screen
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

I did a quick search and found a similar report from August 2013

https://blog.torproject.org/blog/tor-browser-bundle-30alpha2-released

Check the latest comment

Cheerz
http://apx808.blogspot.com


On Mon, Aug 25, 2014 at 3:22 PM, <
BM-2cVvnFWSftFx8dv12L8z8PjejmtrjYjnUY@bitmessage.ch> wrote:

> Hi,
>
> I will answer messages sent by different list members. Check for yours:
>
>
>
>
>
> Joe Btfsplk wrote:
> > Or, this could be a hoax by the OP, or a simple mistake.
>
> This is not a hoax and is not a mistake.
>
>
>
>
>
>
>
> Mirimir wrote:
> > Maybe Zemana is incorrectly flagging some aspect of HTML5 canvas
> > spoofing by the Tor browser as taking a screen snapshot".
>
> The incident happend at different web pages that had been accessed before
> many times without any incident.
>
> The Zemana is the same version I am running since December 2013, i.e., it
> is running for around 8 months without any incident.
>
>
>
>
>
>
> Sebastian G. wrote:
> > Was it a website you trusted you browsed to? Did the software attempt to
> > do anything without a website loaded?
>
> Ar regular sites at the surface web that is accessed by many TOR users.
> Sorry, I can not provide more specific information that may facilitate my
> identification.
>
>
>
>
> Sebastian G. wrote:
> > Looks, like the website(s) did something.
> > Maybe trying to access canvas, what the TorBrowser tried to prevent.
> > Maybe this triggered the alert.
>
> Again... I am using the same Zemana version for around 8 months without
> any incident and acessing the same web sites.
> So it is not a canvas access problem.
> I will be very surprice if any web site is capable to generate such alert,
> especially without to be able to run any script.
>
>
>
>
>
>
> >> I am sending some screens with the Zemana log, where is possible to see
> >> the TOR MD5 signature (firefox.exe; FC19E4AFB0E68BD4D25745A57AE14047)
> and
> >> the logged behaviour ("screenlogger"), the TOR version,
> >> TOR button and the
> >> Zemana version screens, and the extensions
> >> and plug-ins existing in my TOR
> >> install (just to confirm that nothing strange is there). They are
> >> available to download here:
> >> http://www.datafilehost.com/d/dfb201d8
> >> or
> >> https://www.sendspace.com/file/6ygdl3
>
> > Both of the files are broken or corrupted. They can't be opened as an
> > archive on my end. The first source tries to make one download an .exe
> > file. Well you can download the zip file, without it.
>
> > How can we be sure that your upload is safe?
>
>
> If both links are broken this means that somebody is doing a big effort to
> prevent the file access.
>
> The reason I uploaded to hosts is because the Tor Project team blocked my
> attempt to send as attachment to this list.
> By this you may also understand that the Tor Project team was aware about
> my report two days in advance than the list members.
>
> The uploaded file is a ZIP with a number of JPG images inside. As far as I
> know both file types are safe.
>
> I did a new upload to a popular JPG hosting service. Here they are:
> http://i.imgur.com/QAKp7k1.jpg     (Zemana log)
> http://i.imgur.com/nJkCQJp.jpg     (Zemana version)
> http://i.imgur.com/06ZW0IK.jpg
> http://i.imgur.com/XsbpQ4X.jpg
> http://i.imgur.com/eikxgpe.jpg
> http://i.imgur.com/jWjAq5N.jpg
> http://i.imgur.com/iuqltM0.jpg
> http://i.imgur.com/01cuLYd.jpg
> http://i.imgur.com/ijnZwGs.jpg
>
>
>
>
>
>
>
>
> Sebastian G. wrote:
> > The remote operator claim would require evidence of some sort.
>
> My report with detailed information including the Zemana log showing that
> firefox.exe tried to record my screen seems to be a very good evidence.
> What more one may provide? Is somebody expecting a NSA or Tor Project
> written confirmation?
>
>
>
>
>
>
> Sebastian G. wrote:
> >> This may explain also the, until now, unclear role and objectives of the
> >> US goverment by funding the TOR Project.
>
> > I think they use Tor for many purposes themselves.
>
> Why will USA fund the development of a tool that can be used by its
> enemies?
> You may have a doubt about the Tor backdoor. I don't.
>
> What we have here is very simple: who pays gives the orders!
>
>
>
>
>
>
>
>
> Sebastian G. wrote:
> >> I am an entusiast of privacy tools and TOR is not used for any kind of
> >> unlawful purposes, is unlikely that I will attract attention from public
> >> authorities and I am not worried with any data such attacker eventually
> >> may have had access.
>
> > If someone would exploit against the TorBrowser he might be trying to
> > get as many hits as possible to see if someone is a target.
>
>
> I guess inside the rerouting net is a kind of automatic tool to spy Tor
> users and, in addition, the (humans) operators my pick users at will for
> additional checks. Just my guess.
>
>
>
>
>
>
>
> Sebastian G. wrote:
> > I hope this can be resolved.
>
> The Tor Project team is already working to resolve... keeping total
> silence until everybody forgets my report with, for me a PROOF, for
> everybody else an EVIDENCE, that TOR was spotted in flagrant while trying
> to record my screen.
>
>
>
>
>
>
>
>
>
> no.thing_to-hide@cryptopathie.eu wrote:
> > I did not touch the files, because the whole story made me
> > mistrustful. When you look at some subjects of yesterday
> > "Third-parties tracking me on Tor"
> > "TOR tried to take a snapshot of my screen"
> > Perhaps somebody is trolling this list and tries to seed confusion.
>
>
>
> I am not connected with the message with subject "Third-parties tracking
> me on Tor".
> I paid attention on it too. Strange to have an ambiguous message send to
> the list exactly one day after my first try (blocked by Tor Project team)
> to report to this list.
>
> I am not trolling this list.
> I am providing serious information.
>
>
>
>
>
>
>
> AntiTree wrote:
> > I don't know the anti-spyware tool that you used nor
> > details about what the
> > tool deems a "screenshot" but I want to point out that in Windows
> > (especially older versions) one of the entropy sources for OpenSSL is the
> > screenshot of your current session[1]. So if the Tor Browser needs to
> > generate keys (and it usually does in your use case) it is possible that
> > the crypto functions are calling whatever "rand" sources are available on
> > your system, including first taking a screenshot of your session.
>
> Do not seems that is the case otherwise the Zemana alert would be
> generated on regular basis.
>
>
>
>
>
>
>
>
> Michael Wolf wrote:
> > "NSA and GCHQ agents 'leak Tor bugs', alleges developer"
> > http://www.bbc.com/news/technology-28886462
>
> Oh yes, we will see many "news and leaks" reporting the "efforts" of NSA
> and GCHQ to break TOR and bla-bla-bla.
> Just desinformation to keeps the TOR credibility.
>
> While may (or may not) provide some protection against USA enemies, TOR
> provides NO PROTECTION against USA and friends.
> TOR is a spy tool to spy on YOU!
>
>
>
> Hope more users will start to use Zemana and other anti-spyware and more
> reports about this problem arrives.
>
>
>
>
>
>
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

