Delivery-Date: Mon, 25 Aug 2014 15:07:04 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 616771E0CAC;
	Mon, 25 Aug 2014 15:07:03 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E366330A06;
	Mon, 25 Aug 2014 19:07:00 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 0B1EA309F6
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 19:06:57 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qSqdsQeyvMBu for <tor-talk@lists.torproject.org>;
 Mon, 25 Aug 2014 19:06:56 +0000 (UTC)
Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com
 [IPv6:2a00:1450:4010:c04::22c])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 7ADDF309F3
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 19:06:56 +0000 (UTC)
Received: by mail-lb0-f172.google.com with SMTP id w7so155574lbi.31
 for <tor-talk@lists.torproject.org>; Mon, 25 Aug 2014 12:06:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=qlEzOCVesN2vrAn4nI/bUt5O+vJ9XezKe2cSedcBQ6c=;
 b=X+IYMYyIytUMsH6af/I9Iufopu/8MyGvw6PotsV4P/rXVdDvJrSekxEaSUYxCjSQnK
 BKJvogFgv54hifgmsQeLFma80l9v8jubzNbMAS50pvuWz44PeOj6JbVDQokil3s0/jZ5
 sIqBKns87UvLBlyNRWkPO4HHO9G4lzzE7reOLwMl0Q234PV/YXH1+29jl4GsBDO/ssa2
 +t/5NfL7JlqY7YIOp0TXzIuPT9FCpyxHPhcgIVWHxDdnMaL3Mw8YvdtzEJI3LvS1NHzr
 KbiwuRfLGFoppcbvYT35hahS/C9Jgz1dz6DQIZVsop2qUv8DSX9Q0nnPqWB6rf0UH3j/
 GLOw==
MIME-Version: 1.0
X-Received: by 10.112.24.104 with SMTP id t8mr22316961lbf.46.1408993613056;
 Mon, 25 Aug 2014 12:06:53 -0700 (PDT)
Received: by 10.112.168.233 with HTTP; Mon, 25 Aug 2014 12:06:52 -0700 (PDT)
In-Reply-To: <CAFZYV3MFNik3RRnRc4oPp+mVabZOGCDVUSiTtw3qv8GHJUzKAw@mail.gmail.com>
References: <c19072ec44c750a9bf78215860e425a9.squirrel@bitmessage.ch>
 <CAFZYV3MFNik3RRnRc4oPp+mVabZOGCDVUSiTtw3qv8GHJUzKAw@mail.gmail.com>
Date: Mon, 25 Aug 2014 16:06:52 -0300
Message-ID: <CAFZYV3P_hh=MzBftHFpKQMubQqp3TWRitHdKoxveoih2dPC9YQ@mail.gmail.com>
From: APX 808 <apx.808@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] TOR tried to take a snapshot of my screen
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

There is a solved ticket about this and more info about it.
https://trac.torproject.org/projects/tor/ticket/9490

@OP, instead of bitching about Tor being an NSA trap, why don't you learn
to use google?

Cheerz
http://apx808.blogspot.com


On Mon, Aug 25, 2014 at 4:02 PM, APX 808 <apx.808@gmail.com> wrote:

> I did a quick search and found a similar report from August 2013
>
> https://blog.torproject.org/blog/tor-browser-bundle-30alpha2-released
>
> Check the latest comment
>
> Cheerz
> http://apx808.blogspot.com
>
>
> On Mon, Aug 25, 2014 at 3:22 PM, <
> BM-2cVvnFWSftFx8dv12L8z8PjejmtrjYjnUY@bitmessage.ch> wrote:
>
>> Hi,
>>
>> I will answer messages sent by different list members. Check for yours:
>>
>>
>>
>>
>>
>> Joe Btfsplk wrote:
>> > Or, this could be a hoax by the OP, or a simple mistake.
>>
>> This is not a hoax and is not a mistake.
>>
>>
>>
>>
>>
>>
>>
>> Mirimir wrote:
>> > Maybe Zemana is incorrectly flagging some aspect of HTML5 canvas
>> > spoofing by the Tor browser as taking a screen snapshot".
>>
>> The incident happend at different web pages that had been accessed before
>> many times without any incident.
>>
>> The Zemana is the same version I am running since December 2013, i.e., it
>> is running for around 8 months without any incident.
>>
>>
>>
>>
>>
>>
>> Sebastian G. wrote:
>> > Was it a website you trusted you browsed to? Did the software attempt to
>> > do anything without a website loaded?
>>
>> Ar regular sites at the surface web that is accessed by many TOR users.
>> Sorry, I can not provide more specific information that may facilitate my
>> identification.
>>
>>
>>
>>
>> Sebastian G. wrote:
>> > Looks, like the website(s) did something.
>> > Maybe trying to access canvas, what the TorBrowser tried to prevent.
>> > Maybe this triggered the alert.
>>
>> Again... I am using the same Zemana version for around 8 months without
>> any incident and acessing the same web sites.
>> So it is not a canvas access problem.
>> I will be very surprice if any web site is capable to generate such alert,
>> especially without to be able to run any script.
>>
>>
>>
>>
>>
>>
>> >> I am sending some screens with the Zemana log, where is possible to see
>> >> the TOR MD5 signature (firefox.exe; FC19E4AFB0E68BD4D25745A57AE14047)
>> and
>> >> the logged behaviour ("screenlogger"), the TOR version,
>> >> TOR button and the
>> >> Zemana version screens, and the extensions
>> >> and plug-ins existing in my TOR
>> >> install (just to confirm that nothing strange is there). They are
>> >> available to download here:
>> >> http://www.datafilehost.com/d/dfb201d8
>> >> or
>> >> https://www.sendspace.com/file/6ygdl3
>>
>> > Both of the files are broken or corrupted. They can't be opened as an
>> > archive on my end. The first source tries to make one download an .exe
>> > file. Well you can download the zip file, without it.
>>
>> > How can we be sure that your upload is safe?
>>
>>
>> If both links are broken this means that somebody is doing a big effort to
>> prevent the file access.
>>
>> The reason I uploaded to hosts is because the Tor Project team blocked my
>> attempt to send as attachment to this list.
>> By this you may also understand that the Tor Project team was aware about
>> my report two days in advance than the list members.
>>
>> The uploaded file is a ZIP with a number of JPG images inside. As far as I
>> know both file types are safe.
>>
>> I did a new upload to a popular JPG hosting service. Here they are:
>> http://i.imgur.com/QAKp7k1.jpg     (Zemana log)
>> http://i.imgur.com/nJkCQJp.jpg     (Zemana version)
>> http://i.imgur.com/06ZW0IK.jpg
>> http://i.imgur.com/XsbpQ4X.jpg
>> http://i.imgur.com/eikxgpe.jpg
>> http://i.imgur.com/jWjAq5N.jpg
>> http://i.imgur.com/iuqltM0.jpg
>> http://i.imgur.com/01cuLYd.jpg
>> http://i.imgur.com/ijnZwGs.jpg
>>
>>
>>
>>
>>
>>
>>
>>
>> Sebastian G. wrote:
>> > The remote operator claim would require evidence of some sort.
>>
>> My report with detailed information including the Zemana log showing that
>> firefox.exe tried to record my screen seems to be a very good evidence.
>> What more one may provide? Is somebody expecting a NSA or Tor Project
>> written confirmation?
>>
>>
>>
>>
>>
>>
>> Sebastian G. wrote:
>> >> This may explain also the, until now, unclear role and objectives of
>> the
>> >> US goverment by funding the TOR Project.
>>
>> > I think they use Tor for many purposes themselves.
>>
>> Why will USA fund the development of a tool that can be used by its
>> enemies?
>> You may have a doubt about the Tor backdoor. I don't.
>>
>> What we have here is very simple: who pays gives the orders!
>>
>>
>>
>>
>>
>>
>>
>>
>> Sebastian G. wrote:
>> >> I am an entusiast of privacy tools and TOR is not used for any kind of
>> >> unlawful purposes, is unlikely that I will attract attention from
>> public
>> >> authorities and I am not worried with any data such attacker eventually
>> >> may have had access.
>>
>> > If someone would exploit against the TorBrowser he might be trying to
>> > get as many hits as possible to see if someone is a target.
>>
>>
>> I guess inside the rerouting net is a kind of automatic tool to spy Tor
>> users and, in addition, the (humans) operators my pick users at will for
>> additional checks. Just my guess.
>>
>>
>>
>>
>>
>>
>>
>> Sebastian G. wrote:
>> > I hope this can be resolved.
>>
>> The Tor Project team is already working to resolve... keeping total
>> silence until everybody forgets my report with, for me a PROOF, for
>> everybody else an EVIDENCE, that TOR was spotted in flagrant while trying
>> to record my screen.
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> no.thing_to-hide@cryptopathie.eu wrote:
>> > I did not touch the files, because the whole story made me
>> > mistrustful. When you look at some subjects of yesterday
>> > "Third-parties tracking me on Tor"
>> > "TOR tried to take a snapshot of my screen"
>> > Perhaps somebody is trolling this list and tries to seed confusion.
>>
>>
>>
>> I am not connected with the message with subject "Third-parties tracking
>> me on Tor".
>> I paid attention on it too. Strange to have an ambiguous message send to
>> the list exactly one day after my first try (blocked by Tor Project team)
>> to report to this list.
>>
>> I am not trolling this list.
>> I am providing serious information.
>>
>>
>>
>>
>>
>>
>>
>> AntiTree wrote:
>> > I don't know the anti-spyware tool that you used nor
>> > details about what the
>> > tool deems a "screenshot" but I want to point out that in Windows
>> > (especially older versions) one of the entropy sources for OpenSSL is
>> the
>> > screenshot of your current session[1]. So if the Tor Browser needs to
>> > generate keys (and it usually does in your use case) it is possible that
>> > the crypto functions are calling whatever "rand" sources are available
>> on
>> > your system, including first taking a screenshot of your session.
>>
>> Do not seems that is the case otherwise the Zemana alert would be
>> generated on regular basis.
>>
>>
>>
>>
>>
>>
>>
>>
>> Michael Wolf wrote:
>> > "NSA and GCHQ agents 'leak Tor bugs', alleges developer"
>> > http://www.bbc.com/news/technology-28886462
>>
>> Oh yes, we will see many "news and leaks" reporting the "efforts" of NSA
>> and GCHQ to break TOR and bla-bla-bla.
>> Just desinformation to keeps the TOR credibility.
>>
>> While may (or may not) provide some protection against USA enemies, TOR
>> provides NO PROTECTION against USA and friends.
>> TOR is a spy tool to spy on YOU!
>>
>>
>>
>> Hope more users will start to use Zemana and other anti-spyware and more
>> reports about this problem arrives.
>>
>>
>>
>>
>>
>>
>>
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

