[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TOR tried to take a snapshot of my screen

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TOR tried to take a snapshot of my screen
From: BM-2cVvnFWSftFx8dv12L8z8PjejmtrjYjnUY@xxxxxxxxxxxxx
Date: Mon, 25 Aug 2014 11:22:27 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 25 Aug 2014 14:23:30 -0400
Dkim-signature: v=1; a=rsa-sha256; d=bitmessage.ch; s=mail; c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:Content-Transfer-Encoding; bh=RncQRPNxfRxDD3pvYeJHXFTes+7fPXAM8veAFRMipDQ=; b=Frn1tEdFBE32A6gRxypqqwAOMuQ59Yc5SPhNdBcysWmVkw+R/LV0rZxCiHzlAZjw1lzJmgcOTYhX8JhV0RM9gHQXOTkEJIrTNJputAWlVssr/KmDYiDT0cFrWbXlSR9kvxXERIyqv8q4kipWKgEh8L4EH/jr/4dxEG6sPxsK+hI=
Importance: Normal
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: SquirrelMail/1.4.22

Hi,

I will answer messages sent by different list members. Check for yours:

Joe Btfsplk wrote:
> Or, this could be a hoax by the OP, or a simple mistake.

This is not a hoax and is not a mistake.

Mirimir wrote:
> Maybe Zemana is incorrectly flagging some aspect of HTML5 canvas
> spoofing by the Tor browser as taking a screen snapshot".

The incident happend at different web pages that had been accessed before
many times without any incident.

The Zemana is the same version I am running since December 2013, i.e., it
is running for around 8 months without any incident.

Sebastian G. wrote:
> Was it a website you trusted you browsed to? Did the software attempt to
> do anything without a website loaded?

Ar regular sites at the surface web that is accessed by many TOR users.
Sorry, I can not provide more specific information that may facilitate my
identification.

Sebastian G. wrote:
> Looks, like the website(s) did something.
> Maybe trying to access canvas, what the TorBrowser tried to prevent.
> Maybe this triggered the alert.

Again... I am using the same Zemana version for around 8 months without
any incident and acessing the same web sites.
So it is not a canvas access problem.
I will be very surprice if any web site is capable to generate such alert,
especially without to be able to run any script.

>> I am sending some screens with the Zemana log, where is possible to see
>> the TOR MD5 signature (firefox.exe; FC19E4AFB0E68BD4D25745A57AE14047) and
>> the logged behaviour ("screenlogger"), the TOR version,
>> TOR button and the
>> Zemana version screens, and the extensions
>> and plug-ins existing in my TOR
>> install (just to confirm that nothing strange is there). They are
>> available to download here:
>> http://www.datafilehost.com/d/dfb201d8
>> or
>> https://www.sendspace.com/file/6ygdl3

> Both of the files are broken or corrupted. They can't be opened as an
> archive on my end. The first source tries to make one download an .exe
> file. Well you can download the zip file, without it.

> How can we be sure that your upload is safe?

If both links are broken this means that somebody is doing a big effort to
prevent the file access.

The reason I uploaded to hosts is because the Tor Project team blocked my
attempt to send as attachment to this list.
By this you may also understand that the Tor Project team was aware about
my report two days in advance than the list members.

The uploaded file is a ZIP with a number of JPG images inside. As far as I
know both file types are safe.

I did a new upload to a popular JPG hosting service. Here they are:
http://i.imgur.com/QAKp7k1.jpg     (Zemana log)
http://i.imgur.com/nJkCQJp.jpg     (Zemana version)
http://i.imgur.com/06ZW0IK.jpg
http://i.imgur.com/XsbpQ4X.jpg
http://i.imgur.com/eikxgpe.jpg
http://i.imgur.com/jWjAq5N.jpg
http://i.imgur.com/iuqltM0.jpg
http://i.imgur.com/01cuLYd.jpg
http://i.imgur.com/ijnZwGs.jpg

Sebastian G. wrote:
> The remote operator claim would require evidence of some sort.

My report with detailed information including the Zemana log showing that
firefox.exe tried to record my screen seems to be a very good evidence.
What more one may provide? Is somebody expecting a NSA or Tor Project
written confirmation?

Sebastian G. wrote:
>> This may explain also the, until now, unclear role and objectives of the
>> US goverment by funding the TOR Project.

> I think they use Tor for many purposes themselves.

Why will USA fund the development of a tool that can be used by its enemies?
You may have a doubt about the Tor backdoor. I don't.

What we have here is very simple: who pays gives the orders!

Sebastian G. wrote:
>> I am an entusiast of privacy tools and TOR is not used for any kind of
>> unlawful purposes, is unlikely that I will attract attention from public
>> authorities and I am not worried with any data such attacker eventually
>> may have had access.

> If someone would exploit against the TorBrowser he might be trying to
> get as many hits as possible to see if someone is a target.

I guess inside the rerouting net is a kind of automatic tool to spy Tor
users and, in addition, the (humans) operators my pick users at will for
additional checks. Just my guess.

Sebastian G. wrote:
> I hope this can be resolved.

The Tor Project team is already working to resolve... keeping total
silence until everybody forgets my report with, for me a PROOF, for
everybody else an EVIDENCE, that TOR was spotted in flagrant while trying
to record my screen.

no.thing_to-hide@xxxxxxxxxxxxxxx wrote:
> I did not touch the files, because the whole story made me
> mistrustful. When you look at some subjects of yesterday
> "Third-parties tracking me on Tor"
> "TOR tried to take a snapshot of my screen"
> Perhaps somebody is trolling this list and tries to seed confusion.

I am not connected with the message with subject "Third-parties tracking
me on Tor".
I paid attention on it too. Strange to have an ambiguous message send to
the list exactly one day after my first try (blocked by Tor Project team)
to report to this list.

I am not trolling this list.
I am providing serious information.

AntiTree wrote:
> I don't know the anti-spyware tool that you used nor
> details about what the
> tool deems a "screenshot" but I want to point out that in Windows
> (especially older versions) one of the entropy sources for OpenSSL is the
> screenshot of your current session[1]. So if the Tor Browser needs to
> generate keys (and it usually does in your use case) it is possible that
> the crypto functions are calling whatever "rand" sources are available on
> your system, including first taking a screenshot of your session.

Do not seems that is the case otherwise the Zemana alert would be
generated on regular basis.

Michael Wolf wrote:
> "NSA and GCHQ agents 'leak Tor bugs', alleges developer"
> http://www.bbc.com/news/technology-28886462

Oh yes, we will see many "news and leaks" reporting the "efforts" of NSA
and GCHQ to break TOR and bla-bla-bla.
Just desinformation to keeps the TOR credibility.

While may (or may not) provide some protection against USA enemies, TOR
provides NO PROTECTION against USA and friends.
TOR is a spy tool to spy on YOU!

Hope more users will start to use Zemana and other anti-spyware and more
reports about this problem arrives.

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] TOR tried to take a snapshot of my screen
  - From: Anders Andersson
- Re: [tor-talk] TOR tried to take a snapshot of my screen
  - From: APX 808
- Re: [tor-talk] TOR tried to take a snapshot of my screen
  - From: Roger Dingledine

Prev by Author: [tor-talk] TOR tried to take a snapshot of my screen
Next by Author: Re: [tor-talk] TOR tried to take a snapshot of my screen
Previous by thread: Re: [tor-talk] TOR tried to take a snapshot of my screen
Next by thread: Re: [tor-talk] TOR tried to take a snapshot of my screen
Index(es):
- Author
- Thread