[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] [Fwd: Re: I'm Running A Tor Exit But Never Initiated It]
-------- Weitergeleitete Nachricht --------
> Von: Christian Adam <hirnwurst@xxxxxxxxxxx>
> An: tor-relays@xxxxxxxxxxxxxxxxxxxx
> Betreff: Re: [tor-relays] I'm Running A Tor Exit But Never Initiated
> It
> Datum: Mon, 30 May 2016 22:14:51 +0200
>
> Dear Percy,
>
> I read all of your messages very carefully and, please, believe me, I
> don't mean to be rude, but just want to provide you a little bit of
> relief.
>
> First of all, I have to share that I AM in fact a schizophrenic for 16
> years now, but fully therapied to the extent I do a job as a system
> administrator and get certified for being a data security officer this
> week.
> This won't reveal any competence on my side, but gives a clue about my
> functional level which is, after all, related to sanity.
>
> Why do I tell this?
> Because you don't seem to know much about computers AND because 60% of
> the population experience states during their lifetime resembling mine
> while diagnosed, but nobody minds and it goes away and was just
> triggered by external circumstances and internal attributions.
>
> I tell this, because my delusional system did not involve at all any
> technical devices, but was completely interpersonal and cultural, which
> is a little seldom in western countries.
>
> So, I learned that even if improbable, it helps keeping a harmless,
> maybe also annoying, possibility in mind.
>
> Read Foster-Wallace, This Is Water?
>
> So, let's have a clue at the facts.
> You moved to a new region.
> So, you were not yet closely related to your new environment and the old
> one you left might have been more and more distant, which makes people
> sometimes do morally questionable things.
>
> You don't know anything about computers, so, someone must have installed
> your linuxes.
>
> I also do that for people. My 73-year-old mom uses linux. And a former
> friends mother.
> I do remote administration via Teamviewer as I prefer users being
> graphically informed I am on their box after their consent.
>
> Maybe the girl or guy who installed your linuxes has enabled SSH remote
> access combined with a DynDNS name resolving to remotely administrate
> (and spy) you (out).
>
> Maybe things got socially weird, not technically.
> Maybe the computer shutdown at the library was just coincidence, as this
> also happened to me at a university terminal which might have been
> poorly maintained.
>
> In my educational company, the public PCs are the most poorly maintained
> and I know that because I am in charge of that and not every library is
> financially well off.
>
> The config you posted reveals two things:
> 1. NOT an exit.
> 2. You don't know that.
> Let me explain. The hash symbol # comments out lines, i.e. these lines
> don't contain config, but human readable remarks.
> Of course, in a default config file, you can include commented out
> options because the easily can be activated by removing the #.
> Lines beginning with # are just nothing.
>
> The second thing is, that your "hard drive is partitioned".
> Every hard drive is partitioned.
> Operating systems don't use the raw physical devices, but the partitions
> made up on them containing the file systems.
>
> On the most basic Windows installs, there's at least one partition which
> you might know as device C:.
> Personally, when I install linux, I separate system and user data which
> results in two partitions at minimum, one containing /, the root
> directory ("file system" in your file browser), and /home containing the
> users' personal folders.
>
> Next thing is that /var/lib/tor contains among others sensitive
> statistical data concerning the relays users and are therefore is only
> accessible as root via a sudo command.
> If you type "sudo -i" and "cd /var/lib/tor", you should be able to
> access it as sudo provides you with administrator privileges which are
> called root privileges on linux.
> You cannot do "sudo cd /var/lib/tor".
>
> If this folder was normally accessible, someone could just use a
> vulnerability in your firefox and learn from where your users originate
> and if he knows your record of connections, he would know what the
> people from region X do with your connection: accessing a relay or a
> bridge, which sets users not only in other jurisdictions at risk of
> uncontrolled data collection by whoever it is.
>
> I asked my mom whether she wants to run a bridge.
> She didn't and so I did not install one.
> I asked my CEO if he wants to run a bridge.
> He didn't and so I did not install one.
> I just got the job because I told everything an employer is not allowed
> to ask here in Germany, because I told them that they first have to
> decide whether to trust me as I will have highest privileges on the
> entire network including their private PCs.
>
> What is true that remote administration is great for saving time and
> miles to do people a quick favour.
> But it can be used irresponsibly.
>
> Maybe the one providing you your installs decided you won't even notice
> and you get that relay, period.
> Not nice. Not responsible. Morally highly questionable.
> But after all, quite probable, as every device has a partitioned hard
> drive and real adversaries have a keen eye on you not noticing never
> ever you have been compromised, except ransomware tricking you into
> sending money via Western Union or Bitcoins.
>
> Criminals want to do criminal business, except ransomware tricking you
> into sending money via Western Union or Bitcoins, and agencies want to
> prosecute, but scaring you is not an aim of either if you're not an
> agent yourself.
>
> In my house are 8 appartements.
> Two of us are schizos.
> We integrate well (public health system) and our neighbours like us,
> but, of course, we use linux and of course, we have paranoid passwords
> and of course... you understand, I guess.
>
> I have never ever been hacked.
> But in my company, I can access every computer without prompting for
> consent as everybody finds that comfortable cause they know about that.
> I'm in the network at 3 a.m. and I can turn on half of the workstations
> while laying in my bed.
>
> I know how that feels.
> My diagnosis reads "paranoid-hallucinatoric schizophrenia" and I know
> how it feels to have a perspective not even one of 7 billion people
> share.
>
> Sensitivity is paranoia's beautiful sister.
> I strongly suggest someone just wants to mock you.
>
> Given my experience with newbie users, paranoia and system
> administration, what you wrote seemed quite normal and you didn't
> provide (as far as I remember) any unusual technical details.
>
> Maybe what just happened was a lack of informed consent resulting in a
> tasteless prank.
>
> I don't want to do injustice to you, but since Edward Snowden, we're all
> used to question every system crash and honestly, our times seem to be
> hysterical and violence-saturated.
>
> The rule is simple. When a user thinks he's infected, he's almost always
> not.
> If he's infected, he wouldn't notice.
>
> Hugs, I hope you find peace again soon.
>
> Please don't feel offended, I only told my story based on the facts you
> gave.
>
> And kind regards,
>
> christian
>
>
> Am Montag, den 30.05.2016, 13:25 +0200 schrieb Christian Pietsch:
> > Hi GDR!
> >
> > On Mon, May 30, 2016 at 12:54:41PM +0200, GDR! wrote:
> > > On Sun, 29 May 2016 15:23:24 +0000 "krutt@xxxxxxxx" <krutt@xxxxxxxx> wrote:
> > >
> > > > I can't image a single reason why Tor should be configured to run a
> > > > relay without the system admins knowledge.
> > >
> > > Debian did this - I'm not sure if it does that any more.
> >
> > This bug is not present in current and recent versions of Debian.
> >
> > > `apt-get install tor` used to run an exit relay unless you uncomment
> > > "ExitPolicy reject *:*" in torrc. I had the same problem a few years
> > > ago, suddenly captchas started appearing everywhere after installing
> > > tor.
> >
> > Do you mean this bug in Tor 0.1.0 which was fixed in 2005?
> >
> > -------------- begin quote from the Debian changelog --------------
> >
> > tor (0.1.0.11-1) unstable; urgency=high
> >
> > * New upstream version (closes: #316753):
> > - Fixes a serious bug: servers now honor their exit policies -
> > In 0.1.0.x only clients enforced them so far. 0.0.9.x is
> > not affected.
> > * Build depend on libevent-dev >= 1.1.
> > * Urgency high because 0.0.9.10-1 did not make it into testing after
> > like 3 weeks because of an impending ftp-master move. So I might
> > just as well upload this one.
> >
> > -- Peter Palfrader <weasel@xxxxxxxxxx> Mon, 4 Jul 2005 17:53:48 +0200
> >
> > -------------- end quote from the Debian changelog --------------
> >
> >
> > Cheers,
> > Christian
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays@xxxxxxxxxxxxxxxxxxxx
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays