What do you mean by "anonymous"? There will always be some trace of your activities on the network. The web servers you access can (and probably do) record your IP address. The intranet that you connect from can see what you connect to (by running the netstat utility). Combining logs from both ends can uniquely identify you and your session. Enough digital forensic evidence can be found of your activity if the sysadmins at all points along the route know what they are doing and get their act together.
The new "private" browsing mode in Firefox version 3.1 Beta doesn't solve the problem. Logs will still have information about your session in them. Best you can hope for is that your activities are over-looked by the sysadmins; just pray that they don't overlook your activities.
I was under the understanding that all portable programs here in PA do not leave any traces behind at all. so I can use say FireFox on any computer and when i have finished there is no info left behind.
An Old Irish Blessing
May the road rise up to meet you. May the wind always be at your back. May the sun shine warm upon your face, and rains fall soft upon your fields. And until we meet again, May God hold you in the palm of His hand.
This has been discussed many times. We very clearly state that no personal info is left behind on the host PC. Anyone saying that a piece of portable software leaves no trace is either lying (and usually trying to sell you something) or mistaken. Any network app leaves behind multiple traces on the network that any network admin can track.
This is not a part of this topic. If you wish to discuss further, please post in one of the dozens of posts already discussing this.
Sometimes, the impossible can become possible, if you're awesome!
You can search web for Opera-TOR browser. There is also a portable version on the net around somewhere if you search the web.
I have one of those on my stick and well yes it works, but very very slow in fact.
But this does not mean that there are no traces of any activity on the local system.
The usual logs will be on the local system, then the local network will have log of what connections are made etc. In addition the provider will also have a log of all activities on his segment.
What the Opera-TOR does, is it connects to the rest of the internet through a special proxy chain and the traffic itself is encrypted. So the logs will contain the information that you are running Opera-TOR and contacted a TOR network proxy, but are not able to retrieve the information which real server you did wish to contact, as well as the transfered contents to your workstation. The traffic can clearly be monitored with any network logging tool and viewed with something like wireshark. OK, it is encrypted so the actual contents can not be read.
But since it all has to be encrypted and forwarded number of times from one proxy to other, the traffic is often 20 times slower then direct normal connection.
I am posting via the TOR connected Opera.
Same time I am wathcing it with the wireshark.
It took me some 5 min to call up the www.portableapps.com
The traffic produced on the network is extreme. The TOR is jumping from one server to other, each time it has to carry out long procedure for sync the encryption. The IP of the servers are clerly seen. In addition there seem to be someone trying to log the connections to the TOR servers, at least 3 such points seem to be in the log.
OK, the traffic itself is encrypted completely, contents not readable at all.
This message may have been intercepted and read by U.S. government
agencies including the FBI, CIA, and NSA without notice or warrant or
knowledge of sender or recipient.
An Old Irish Blessing
May the road rise up to meet you. May the wind always be at your back. May the sun shine warm upon your face, and rains fall soft upon your fields. And until we meet again, May God hold you in the palm of His hand.
Why not use PortableTor with Torbutton installed in Firefox? It is updated whenever tor is updated so you really don't have to worry about security problems. I've been using it for over a year with absolutely no problems.
was that today.
I tried the above mentioned. Portable tor, ok it looks somehow useful, but I have to admit it did nothing but trying to contact any of its brother servers.
But the Torbutton, wow!
Restarted the FF after installing it. Funny, all settings replaced by some garbage. Different fonts set, SSL disabled, bookmarks gone, all other things not prosent, settings can not be changed any more.
OK I thought, my fault, I am testing on the old 2020.
So try on 304!
Same thing all corrupted, no more manual settings possible, all bookmarks gone, no way to persuade the browser to show pictures too in websites after long trying to persuade the FFP305 to connect to internet directly and not via proxy as it would be fine for the TOR network.
Anyway, since it was even hard to uninstall that strange thing, I just played the FFP install file over it, got remaining variables from backup and now all works again.
Strange, the portable tor did not mamage to do anything, to make any settings was not possible, whole PC (win XP sp3) was more less frozen, but not really crashed.
The taskmanager showed full processor load for abt 20 minutes , then I managed to kill all the relevant proc.
The tor version supplied with the opera browser did so far work any time I tested it, slow as expected, but did find its server after short time and all seemed to be completely automatic, no user interaction at all. OK this might be on the cost of some security features which I did not have time to investigate, but the solution with the Torbutton seems really not to be any kind of plug and play.
The only thing I can think of is that you have your Tor setup to relay traffic. This would eat up a lot of your bandwidth. Just to make sure I went to the two links I provided and downloaded the latest version of each and ran them. I've had no problems with anything.
Torbutton should not do anything to Firefox. All it does is tell firefox to use Tor as a way to access the internet. There are settings associated with Torbutton, so you might want to configure those.
The only thing you have to make sure of is that you run PortableTor (which should run Tor.exe and Privoxy.exe) and then click on Torbutton to tell Firefox to use PortableTor.
Hopefully that helps a little. It sounds like you got a corrupted version of each, but I'm not sure.
since after some trying I managed to make basic tor connection.
It is kind of problematic so far as I managed only manualy stopp it by closing the processes in the task manager. OK, the connection itself can be stopped, but to close down the process, ?? could not find where from the gui, so hat to kill relevant processes. This is problematic when running it from stick, one can not remove the stick then.
But the torbutton:
spent hours to find out what is making all FF crazy. Tried second time to install it on FFP2020 and FFP305.
Same results. All settings gone, or mixed up completely. SSL disabled, and even if ticked again, no way to use it, it is simply blocked. Bookmarks gone, thought they are not lost, the profiles are still around, it is just pointing to some other profile or so, had no time to investigate.
All trivial settings in FF like default fonts are set to apparently randomly set font and sizes, if unlucky, you get wingdings...
The display of graphics in websites is switched off, thought the display picts is still ticked.
Any website opening in new tab or window is basically blocked as popup, fine, but after enabling it, it is still blocked what ever I do.
Furthermore tried to find out what is called torbutton, if it is some button to be seen somewhere by which I can connect to the tor proxy? Nothing like that to be seen, only right bottom it says tor not running or tor running, but what it is trying to do I could not see except it tries to fill in the proxy setting, apparently not successful somehow.
The tor itself, no it is set only as client and only for outgoing port 80, other outgoing ports are not realistic on properly adminstrated network.
But as I tested with wireshark, the extra traffic is enormous and therefore speed of operation of anyway slow browsing from the stick becomes very theoretical.
The browsing with the FFP crippled the way could not be done anyway, so have no idea how other people experience it. My FFP were just mixed up, but I did not manage them to use the tor connection, the settings in the proxy fields were definitely wrong (no connection even tor connection OK) and I did not find out in short time what proxy parameters I should enter manually to make it use the tor in fact.
What settings should I enter in the FF proxy tab to connect to the tor connection exactly?
I personally host a small SSH server, to which I connect with PuTTY Portable.
Along with the right settings, I can tunnel Firefox through it, encrypting my sessions from the current network I am on up to my SSH server. At least all the sysadmins from the network I am on only see a single connection to a server on port 443 (changed it from default SSH port for obfuscation purpose). If they try to connect to it, they will get no page from a direct web browser connection.
Also, when I want to quickly turn off manual or automatic proxy settings, I use QuickProxy, which is fairly simple and minimalistic. Or if I need to access some websites on the Intranet, I can add the domain names in the proxy exceptions list to avoid switching the proxy settings on and off.
I haven't heard anything like your situation on the Tor mailing lists. Running Tor takes minimal network capacity, and TorButton is a simple Firefox extension.
Relax, there is already a completely portable way to do this. The Tor developers have created the Tor Browser Bundle and the Tor IM Browser Bundle. Just unzip it, place it somewhere and run it. It's a snap.
The TOR itself might be not the big problem, but the extension for the FF called Torbutton does simply remove any other local settings and replaces them by some other once. Tried now 3 times on FF2020 and 305.
The TOR itself, well it will connect at some time, but thats it, it not clear how to use it further, what proxy settings I would have to set up in the FF manualy?
What do you set as proxy then?
OK TOR is proxy chain, so the whole traffic caused is understandable, when I switch on the wireshark, this is heavy traffic going back and forth. I think this must be so, can not imagine how should it work otherwise.
I will try the 'ff included' package, will see if this will drop the tor running when closed. In the tor portable it also looks as if all is closed, but it is not, the tor.exe is still loaded and running. It has to be closed in the task manager (XP) so I am just wandering how people do remove the stick with this running on it?
Whatever you did before to give you whatever problems you have, just trash it. Your descriptions do not describe Tor software or the network.
Just download, unpack, and run. That's it.
Proxy: Your proxy settings in the browser are already set up. You shouldn't need to do anything. If you have special needs, it's easy and there is plenty of help.
Traffic: When you start Tor, it will download a "geoip" database that gives your client a snapshot of the Tor nodes at that moment. It is only retreived occasionally, and the very first time may take a moment. What you saw in Wireshark is not Tor operating, but a special case. You will also notice that Tor negotiates a few SSL connections to create "circuits" that you use to communicate anonymously. These connections do not consume significant network resources as they aren't carrying data. Running Tor does not multiply your traffic, nor will it carry traffic from other users unless you enable it to be a relay.
TorButton: It is a button on the status bar to toggle and show Tor status. It's been improved to fix security holes in Firefox that can compromise anonymity. Maybe that is the source of your changed "settings." If you need source code and a thorough explanation, visit https://www.torproject.org/torbutton/ .
version, the thing you linked, does work as you described initially, it has the FF of I think 2018 or so in it, the TOR will open, and the torsign down the corner of the FF is there. FF behaves kind of normal, except yes it is slower, but this is what I expect.
When all is closed, the FF and the TOR GUI, the tor process is killed too.
Not so with the single components. The TORbutton, I installed by installing the latest version from the mozilla addons site, simply as any other addons. The installation alone went not smooth enough, in all cases , on 2020 and 305, there were eroor msg during the installation.
Thereafter all those strange symptoms in FF were commomon to 2020 and 305 FF.
Assume therefore: the currently distributed adon on the mozila store is the faulty one or it does not work with latest version of FF or I do not know what.
No I have not the relay enabled. The traffic I can see in wireshark, I can not understand it all, it done so it is not simly understud by design
But yes, not too much data, but connections back and forth, with many points but yes not much payload. Still causes load rather heavy here. OK, and as far as browsing is concerned, it is as fast as if I use any other full proxy connection, dead slow, it depends after all on the physical abilities of the relaying servers.
The project it's up to date and combine Opera Browser + Tor + Privoxy, the speed it's quite good and you don't need to set nothing, just un zipped the file and lunch "OperaTor.exe"
It work very well on old Windows machine from 98 to Vista
i have found that sp3 slowes down my comp alot so i uninstalled it. that may have been your problem i think.
An Old Irish Blessing
May the road rise up to meet you. May the wind always be at your back. May the sun shine warm upon your face, and rains fall soft upon your fields. And until we meet again, May God hold you in the palm of His hand.
TorButton: If you are having trouble with your non-portable or customized setup, try the or-talk (onion routing talk) mailing list. To join the or-talk mailing list, send an e-mail message to majordomo@seul.org with no subject and a body of "subscribe or-talk". I added TorButton to FFP 2 without any problems. If you get the bundle, you don't even need to mess with it. (It is already completely portable.)
Anyway, the tests I done only on the portable version of FF I have on the stick. So it might be also something there fishy in it.
During the installation from the mozilla adon site, some error messages in the adon manager flashed up, later FF complained that SSL is shut down and can not be used anymore and it took me some time to remove all again.
(not so in the bundled version)
But it won't be allowed to be seen there, so I'm posting it in other places where it's relevant:
================================
ATTENTION PLEASE:
The tor project has long since begun to stink of black op government compromise.
The lawless military/police state that most of us unknowingly live in has been in the business of infiltrating opposing entities for a long, long time. They create bogus opposition that they control, they infiltrate existing organizations to influence their direction, they set up honeypot organizations to find out who opposes them, etc.
What stinks in the TOR world? Among other things I don't have time to go into now:
1. When I recently went to visit the internet, the torbutton that I had installed a long time ago into a standard Firefox browser suddenly stopped toggling, and gave me a long message saying so. Question is: HTF did you get an old piece of add-on code installed in my browser a long time ago to suddenly change its functionality??? What bizarre entree into my browser do you have, and how did you get into it? Did my old version of torbutton have some kind of remote control comms built into it so that you could fnck with it without my knowledge later on?
2. You push the browser bundle these days. Nice idea. But here's what you make the browser bundle do: when you start it up it is pre-set to automatically make contact with your start page: "It looks like TOR is working!" And there's no way to keep it from doing this without causing tor to not work thereafter. In any event, the average user wouldn't be able to figure out how. What's your interest in forcing all tor users to visit that page every time they begin browsing? For those of us who know that tor is just as liable to compromise by military/black op infiltration as any other group, how do you expect us to assume that this mandatory URL launch isn't intended to establish a starting point for tracking each of us when we go online? Why TF don't you get rid of this unwanted and potentially revealing mandatory first connection, especially when you take into account no. 3 below? This is way suspicious. And don't tell us that it "helps us dumb users know if tor is working or not": I can do that myself by visiting any site I want and looking at the bandwidth graph.
3. In adition to the above, look what you do: You make the NoScript add-on part of your browser bundle and ... get this ... YOU SET ITS DEFAULT SETTINGS TO "ALLOW ALL CONNECTIONS."!!! Do you see what we've got here, people? First, you're forced to connect to a particular web page, and you're forced to do so with SCRIPTING TURNED ON, which means that your real IP and other user agent data is potentially revealed to whoever can see your script-based traffic to that web page. Your friendly allies at torproject (and almost certainly the military intell and cointelpro entities that run them) all have the means to know your real IP, location, and user agent data when you first begin browsing. So smart. And so evil. And why do we not notice?
(Do you think you just use the "New Identity" command to get you safely lost again? Don't count on it. Apparently, that command doesn't set up a whole new, randomly selected set of 3 nodes for you. It only changes the exit node. And you do know, of course, that the number of nodes out there that are actually run by our friendly paternal surveillance state is likely to be near 100%. They have infinite money, so why wouldn't this be true? This is especially true for exit nodes. After all, which one of us average folk is REALLY likely to run an exit node and have our commercial ISP see all the "subversive" content come out of our little account? Can you imagine the sh1tstorm of attention you would draw to yourself if you ran an exit? Let's face it: none of us do it. The only ones who likely DO run exit nodes are either governments or government fronts or government-run assets. If the same is even mostly true of regular nodes, TOR is just one massive honeypot designed to give intel agencies the real down dirty goods on those of us who want to do, read, and communicate in secret. To which much use can eventually be put. ... Of course, by the way, don't think that just because no one gets arrested from doing illegal things on TOR that that means anything. Cops CAN'T be called for anything seen on tor, or the whole honeyput would come down and no one would come near it anymore. Bad people can do bad things on tor and not have the cops find out. That's not proof that it's actually successful. That's because it's not for cops. It's for higher order surveillance for higher order purposes. For the State to keep an eye on a certain kind of element. They're not going to blow the whole charade by busting some kid or some pervert for some merely criminal charge.)
A handful of open-source programmers have no money. Whereas the military industrial establishment has massive, effectively unlimited resources. Billions of off-sheet cash and everything it buys to get us all to slowly, subversively sell each other out without ever realizing how it happened until it's too late (which probably ain't gonna be long from now). In fact, to go further, how certain can we be that TOR hasn't been owned and betraying all of us for a long time now, if not even from the very beginning possibly?
Don't get me wrong: I will still use TOR because it is the only thing we have, but I will do so with the realization that everything I do using it MIGHT be going direct to our masters despite my efforts. And I will always try however I can to figure out how to thwart whatever bits of sabotage they've built into the tor system over time, like the first-start script-enabled contact with home base that I already talked about.
For sh1t's sake and your own too, ALWAYS assume that your favorite allies in the privacy and anonymity business are compromised. Because they have to be. The State is too rich by trillions of dollars for them to not have tried and for them not to have been successful. It's too easy for them to kill, cheat, bribe, outwit, and buy off absolutely anyone. (Look at Popular Mechanics magazine vis a vis 911 for one example among many.) The best and main tool we simple, innocent, naive folk have is to look at things with squinty eyes, be suspicious, and cry foul loudly at every turn. Look at the developers funny. Ask 'em "why" a lot. If they're privacy advocates, they HAVE TO UNDERSTAND that this is necessary. I don't care if it's free and they work for nothing. It doesn't matter. If anyone is to be able to trust that it works, the developers have to accept and EVEN ENCOURAGE suspicion verging on hostility on the part of the users and the public in general. Look at everything our friends and "allies" do, every change they make over time, with maximum suspicion. Connect a few dots every once in a while. Ponder. "How could this or that change screw with my actual privacy while continuing to appear protective?" Speak. Ask questions. Doubt the sincerity of the answers. Ask more questions. Express your doubts and theories. Look at the backgrounds of all key players and look for strange coincidences. Publish them in blog comments and elsewhere. Did developer X work for a military contractor 7 years ago? Is developer Y married to a former member of US Army intelligence? You get the idea.
Regards, Ragnar
P.S. The tor project got rid of a brilliant piece of anonymizing software a long time ago, Privoxy. Why would they have done that that? This allowed us to change our user agent string on a per-site basis, among a hundred other things. This is a suspect move. (And I mean explain it without any pitifully childish excuses like "research found it was too difficult for users to understand" or "the original developers stopped upgrading it.")
I would recommend you to read more on principles of Tor before posting such confusing texts.
Try to read all documents few times and try to ***understand*** how all works, then you will see that all you write here is just result of some misunderstandings.
The torbutton was removed from action because of very good reasons. Those are not connected with Tor, but rather with the development of all sorts of internet software, including current versions of browsers.
A browser has to be heavily modified to be useful with Tor, there is no more solution to do it just by toggling something.
From your text:
>And you do know, of course, that the number of nodes out there that are actually run by our friendly paternal surveillance state is likely to be near 100%. Question is: HTF did you get an old piece of add-on code installed in my browser a long time ago to suddenly change its functionality??? What bizarre entree into my browser do you have, and how did you get into it?
Did anybody read Otto's comment critically?
... If you did, you should have noticed that he didn't reply to all the comments, and the ones he purportedly did reply to made no sense.
The torproject's ability to REACH INTO someone's Firefox browser and change the functionality of an old TORBUTTON add-on is worthy of suspicion and begs for an answer. (Has this happened to anybody else?) I would like to know how this behind-the-scenes fiddling with someone's browser could be countenanced by the privacy-valuing community, much less even made possible, technically, by an entity holding itself out as a protector of privacy.
Worst of Otto's reply is the silly statement that "that's great if most of the nodes are run by government entities! The more nodes, the better!" Otto, for someone who recommends "reading more" on how TOR works, you show a catastrophically tainted understanding of the basics. The problem with govt controlled nodes (i.e., multiple nodes run by essentially the same entity) is: if all, most, or even many nodes are run by any cooperating entities, then these nodes could and would share each other's encryption keys and share data with each other, unmasking part and in many or all cases your entire encryption chain. Cooperating nodes means drastically less certainty of privacy/anonymity, if not total and complete reveal of who you are and what you're doing.
For one example of this, do a little searching online for one early example of this "owning the nodes" type of attack (that's my term, not a useful search term.) This particular discovery was just ONE INSTANCE that got exposed because someone was caught running multiple nodes out of one location. Always keep in mind the possibility (better, the high probability) that such things are done more widely and much more subtly, such that it's harder for one of us to notice and/or prove THAT the problem exists and HOW BAD the situation actually is.
The questions and recommendations made still stand.
What do you mean by "anonymous"? There will always be some trace of your activities on the network. The web servers you access can (and probably do) record your IP address. The intranet that you connect from can see what you connect to (by running the netstat utility). Combining logs from both ends can uniquely identify you and your session. Enough digital forensic evidence can be found of your activity if the sysadmins at all points along the route know what they are doing and get their act together.
The new "private" browsing mode in Firefox version 3.1 Beta doesn't solve the problem. Logs will still have information about your session in them. Best you can hope for is that your activities are over-looked by the sysadmins; just pray that they don't overlook your activities.
I was under the understanding that all portable programs here in PA do not leave any traces behind at all. so I can use say FireFox on any computer and when i have finished there is no info left behind.
An Old Irish Blessing
May the road rise up to meet you. May the wind always be at your back. May the sun shine warm upon your face, and rains fall soft upon your fields. And until we meet again, May God hold you in the palm of His hand.
MickeyJ4J
This has been discussed many times. We very clearly state that no personal info is left behind on the host PC. Anyone saying that a piece of portable software leaves no trace is either lying (and usually trying to sell you something) or mistaken. Any network app leaves behind multiple traces on the network that any network admin can track.
This is not a part of this topic. If you wish to discuss further, please post in one of the dozens of posts already discussing this.
Sometimes, the impossible can become possible, if you're awesome!
You can search web for Opera-TOR browser. There is also a portable version on the net around somewhere if you search the web.
I have one of those on my stick and well yes it works, but very very slow in fact.
But this does not mean that there are no traces of any activity on the local system.
The usual logs will be on the local system, then the local network will have log of what connections are made etc. In addition the provider will also have a log of all activities on his segment.
What the Opera-TOR does, is it connects to the rest of the internet through a special proxy chain and the traffic itself is encrypted. So the logs will contain the information that you are running Opera-TOR and contacted a TOR network proxy, but are not able to retrieve the information which real server you did wish to contact, as well as the transfered contents to your workstation. The traffic can clearly be monitored with any network logging tool and viewed with something like wireshark. OK, it is encrypted so the actual contents can not be read.
But since it all has to be encrypted and forwarded number of times from one proxy to other, the traffic is often 20 times slower then direct normal connection.
Otto Sykora
Basel, Switzerland
I am posting via the TOR connected Opera.
Same time I am wathcing it with the wireshark.
It took me some 5 min to call up the www.portableapps.com
The traffic produced on the network is extreme. The TOR is jumping from one server to other, each time it has to carry out long procedure for sync the encryption. The IP of the servers are clerly seen. In addition there seem to be someone trying to log the connections to the TOR servers, at least 3 such points seem to be in the log.
OK, the traffic itself is encrypted completely, contents not readable at all.
Otto Sykora
Basel, Switzerland
Have you ever tried or heard of NoTrax?
http://www.heidi.ie/node/7
~ Regards
This message may have been intercepted and read by U.S. government
agencies including the FBI, CIA, and NSA without notice or warrant or
knowledge of sender or recipient.
After googling NoTrax I found another similar app called TorPark.
Edit: I googled Opensorce NoTrax but it only says free. I then Googled Opensorce TorPark and it is.
Edit 2: Xerobank is the New Version of TorPark
http://www.afterdawn.com/software/desktop_software/desktop_security/xero...
Edit 3: after further research I think I will not use eighter of these.
Refer the Post https://portableapps.com/node/16597
An Old Irish Blessing
May the road rise up to meet you. May the wind always be at your back. May the sun shine warm upon your face, and rains fall soft upon your fields. And until we meet again, May God hold you in the palm of His hand.
MickeyJ4J
Why not use PortableTor with Torbutton installed in Firefox? It is updated whenever tor is updated so you really don't have to worry about security problems. I've been using it for over a year with absolutely no problems.
was that today.
I tried the above mentioned. Portable tor, ok it looks somehow useful, but I have to admit it did nothing but trying to contact any of its brother servers.
But the Torbutton, wow!
Restarted the FF after installing it. Funny, all settings replaced by some garbage. Different fonts set, SSL disabled, bookmarks gone, all other things not prosent, settings can not be changed any more.
OK I thought, my fault, I am testing on the old 2020.
So try on 304!
Same thing all corrupted, no more manual settings possible, all bookmarks gone, no way to persuade the browser to show pictures too in websites after long trying to persuade the FFP305 to connect to internet directly and not via proxy as it would be fine for the TOR network.
Anyway, since it was even hard to uninstall that strange thing, I just played the FFP install file over it, got remaining variables from backup and now all works again.
Strange, the portable tor did not mamage to do anything, to make any settings was not possible, whole PC (win XP sp3) was more less frozen, but not really crashed.
The taskmanager showed full processor load for abt 20 minutes , then I managed to kill all the relevant proc.
The tor version supplied with the opera browser did so far work any time I tested it, slow as expected, but did find its server after short time and all seemed to be completely automatic, no user interaction at all. OK this might be on the cost of some security features which I did not have time to investigate, but the solution with the Torbutton seems really not to be any kind of plug and play.
Otto Sykora
Basel, Switzerland
The only thing I can think of is that you have your Tor setup to relay traffic. This would eat up a lot of your bandwidth. Just to make sure I went to the two links I provided and downloaded the latest version of each and ran them. I've had no problems with anything.
Torbutton should not do anything to Firefox. All it does is tell firefox to use Tor as a way to access the internet. There are settings associated with Torbutton, so you might want to configure those.
The only thing you have to make sure of is that you run PortableTor (which should run Tor.exe and Privoxy.exe) and then click on Torbutton to tell Firefox to use PortableTor.
Hopefully that helps a little. It sounds like you got a corrupted version of each, but I'm not sure.
since after some trying I managed to make basic tor connection.
It is kind of problematic so far as I managed only manualy stopp it by closing the processes in the task manager. OK, the connection itself can be stopped, but to close down the process, ?? could not find where from the gui, so hat to kill relevant processes. This is problematic when running it from stick, one can not remove the stick then.
But the torbutton:
spent hours to find out what is making all FF crazy. Tried second time to install it on FFP2020 and FFP305.
Same results. All settings gone, or mixed up completely. SSL disabled, and even if ticked again, no way to use it, it is simply blocked. Bookmarks gone, thought they are not lost, the profiles are still around, it is just pointing to some other profile or so, had no time to investigate.
All trivial settings in FF like default fonts are set to apparently randomly set font and sizes, if unlucky, you get wingdings...
The display of graphics in websites is switched off, thought the display picts is still ticked.
Any website opening in new tab or window is basically blocked as popup, fine, but after enabling it, it is still blocked what ever I do.
Furthermore tried to find out what is called torbutton, if it is some button to be seen somewhere by which I can connect to the tor proxy? Nothing like that to be seen, only right bottom it says tor not running or tor running, but what it is trying to do I could not see except it tries to fill in the proxy setting, apparently not successful somehow.
The tor itself, no it is set only as client and only for outgoing port 80, other outgoing ports are not realistic on properly adminstrated network.
But as I tested with wireshark, the extra traffic is enormous and therefore speed of operation of anyway slow browsing from the stick becomes very theoretical.
The browsing with the FFP crippled the way could not be done anyway, so have no idea how other people experience it. My FFP were just mixed up, but I did not manage them to use the tor connection, the settings in the proxy fields were definitely wrong (no connection even tor connection OK) and I did not find out in short time what proxy parameters I should enter manually to make it use the tor in fact.
What settings should I enter in the FF proxy tab to connect to the tor connection exactly?
Otto Sykora
Basel, Switzerland
I personally host a small SSH server, to which I connect with PuTTY Portable.
Along with the right settings, I can tunnel Firefox through it, encrypting my sessions from the current network I am on up to my SSH server. At least all the sysadmins from the network I am on only see a single connection to a server on port 443 (changed it from default SSH port for obfuscation purpose). If they try to connect to it, they will get no page from a direct web browser connection.
Also, when I want to quickly turn off manual or automatic proxy settings, I use QuickProxy, which is fairly simple and minimalistic. Or if I need to access some websites on the Intranet, I can add the domain names in the proxy exceptions list to avoid switching the proxy settings on and off.
I haven't heard anything like your situation on the Tor mailing lists. Running Tor takes minimal network capacity, and TorButton is a simple Firefox extension.
Relax, there is already a completely portable way to do this. The Tor developers have created the Tor Browser Bundle and the Tor IM Browser Bundle. Just unzip it, place it somewhere and run it. It's a snap.
http://www.torproject.org/torbrowser/index.html.en
You don't need to download a bunch of different things and worry about getting your own special blend to work. Just download that one package and go.
FF with the TOR.
The TOR itself might be not the big problem, but the extension for the FF called Torbutton does simply remove any other local settings and replaces them by some other once. Tried now 3 times on FF2020 and 305.
The TOR itself, well it will connect at some time, but thats it, it not clear how to use it further, what proxy settings I would have to set up in the FF manualy?
What do you set as proxy then?
OK TOR is proxy chain, so the whole traffic caused is understandable, when I switch on the wireshark, this is heavy traffic going back and forth. I think this must be so, can not imagine how should it work otherwise.
I will try the 'ff included' package, will see if this will drop the tor running when closed. In the tor portable it also looks as if all is closed, but it is not, the tor.exe is still loaded and running. It has to be closed in the task manager (XP) so I am just wandering how people do remove the stick with this running on it?
Otto Sykora
Basel, Switzerland
now tested short, and yes this bundle will unload the tor process when closed down in contrary to the separate tor portable app.
Otto Sykora
Basel, Switzerland
Whatever you did before to give you whatever problems you have, just trash it. Your descriptions do not describe Tor software or the network.
Just download, unpack, and run. That's it.
Proxy: Your proxy settings in the browser are already set up. You shouldn't need to do anything. If you have special needs, it's easy and there is plenty of help.
Traffic: When you start Tor, it will download a "geoip" database that gives your client a snapshot of the Tor nodes at that moment. It is only retreived occasionally, and the very first time may take a moment. What you saw in Wireshark is not Tor operating, but a special case. You will also notice that Tor negotiates a few SSL connections to create "circuits" that you use to communicate anonymously. These connections do not consume significant network resources as they aren't carrying data. Running Tor does not multiply your traffic, nor will it carry traffic from other users unless you enable it to be a relay.
TorButton: It is a button on the status bar to toggle and show Tor status. It's been improved to fix security holes in Firefox that can compromise anonymity. Maybe that is the source of your changed "settings." If you need source code and a thorough explanation, visit https://www.torproject.org/torbutton/ .
version, the thing you linked, does work as you described initially, it has the FF of I think 2018 or so in it, the TOR will open, and the torsign down the corner of the FF is there. FF behaves kind of normal, except yes it is slower, but this is what I expect.
When all is closed, the FF and the TOR GUI, the tor process is killed too.
Not so with the single components. The TORbutton, I installed by installing the latest version from the mozilla addons site, simply as any other addons. The installation alone went not smooth enough, in all cases , on 2020 and 305, there were eroor msg during the installation.
Thereafter all those strange symptoms in FF were commomon to 2020 and 305 FF.
Assume therefore: the currently distributed adon on the mozila store is the faulty one or it does not work with latest version of FF or I do not know what.
No I have not the relay enabled. The traffic I can see in wireshark, I can not understand it all, it done so it is not simly understud by design
But yes, not too much data, but connections back and forth, with many points but yes not much payload. Still causes load rather heavy here. OK, and as far as browsing is concerned, it is as fast as if I use any other full proxy connection, dead slow, it depends after all on the physical abilities of the relaying servers.
Otto Sykora
Basel, Switzerland
As mentioned from other before, I suggest you try OperaTor here the link :
http://archetwist.com/opera/operator
The project it's up to date and combine Opera Browser + Tor + Privoxy, the speed it's quite good and you don't need to set nothing, just un zipped the file and lunch "OperaTor.exe"
It work very well on old Windows machine from 98 to Vista
It would be very difficult to verify if those things are working very well at all. Avoid them.
i have found that sp3 slowes down my comp alot so i uninstalled it. that may have been your problem i think.
An Old Irish Blessing
May the road rise up to meet you. May the wind always be at your back. May the sun shine warm upon your face, and rains fall soft upon your fields. And until we meet again, May God hold you in the palm of His hand.
MickeyJ4J
TorButton: If you are having trouble with your non-portable or customized setup, try the or-talk (onion routing talk) mailing list. To join the or-talk mailing list, send an e-mail message to majordomo@seul.org with no subject and a body of "subscribe or-talk". I added TorButton to FFP 2 without any problems. If you get the bundle, you don't even need to mess with it. (It is already completely portable.)
OperaTor: This tells whoever is listening what websites you visit (DNS leaks). Avoid it. Neither Opera nor OperaTor are open source.
http://archives.seul.org/or/talk/Oct-2008/msg00019.html
to place a comment somewhere there.
Anyway, the tests I done only on the portable version of FF I have on the stick. So it might be also something there fishy in it.
During the installation from the mozilla adon site, some error messages in the adon manager flashed up, later FF complained that SSL is shut down and can not be used anymore and it took me some time to remove all again.
(not so in the bundled version)
Otto Sykora
Basel, Switzerland
Originally submitted as a comment at:
https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton
But it won't be allowed to be seen there, so I'm posting it in other places where it's relevant:
================================
ATTENTION PLEASE:
The tor project has long since begun to stink of black op government compromise.
The lawless military/police state that most of us unknowingly live in has been in the business of infiltrating opposing entities for a long, long time. They create bogus opposition that they control, they infiltrate existing organizations to influence their direction, they set up honeypot organizations to find out who opposes them, etc.
What stinks in the TOR world? Among other things I don't have time to go into now:
1. When I recently went to visit the internet, the torbutton that I had installed a long time ago into a standard Firefox browser suddenly stopped toggling, and gave me a long message saying so. Question is: HTF did you get an old piece of add-on code installed in my browser a long time ago to suddenly change its functionality??? What bizarre entree into my browser do you have, and how did you get into it? Did my old version of torbutton have some kind of remote control comms built into it so that you could fnck with it without my knowledge later on?
2. You push the browser bundle these days. Nice idea. But here's what you make the browser bundle do: when you start it up it is pre-set to automatically make contact with your start page: "It looks like TOR is working!" And there's no way to keep it from doing this without causing tor to not work thereafter. In any event, the average user wouldn't be able to figure out how. What's your interest in forcing all tor users to visit that page every time they begin browsing? For those of us who know that tor is just as liable to compromise by military/black op infiltration as any other group, how do you expect us to assume that this mandatory URL launch isn't intended to establish a starting point for tracking each of us when we go online? Why TF don't you get rid of this unwanted and potentially revealing mandatory first connection, especially when you take into account no. 3 below? This is way suspicious. And don't tell us that it "helps us dumb users know if tor is working or not": I can do that myself by visiting any site I want and looking at the bandwidth graph.
3. In adition to the above, look what you do: You make the NoScript add-on part of your browser bundle and ... get this ... YOU SET ITS DEFAULT SETTINGS TO "ALLOW ALL CONNECTIONS."!!! Do you see what we've got here, people? First, you're forced to connect to a particular web page, and you're forced to do so with SCRIPTING TURNED ON, which means that your real IP and other user agent data is potentially revealed to whoever can see your script-based traffic to that web page. Your friendly allies at torproject (and almost certainly the military intell and cointelpro entities that run them) all have the means to know your real IP, location, and user agent data when you first begin browsing. So smart. And so evil. And why do we not notice?
(Do you think you just use the "New Identity" command to get you safely lost again? Don't count on it. Apparently, that command doesn't set up a whole new, randomly selected set of 3 nodes for you. It only changes the exit node. And you do know, of course, that the number of nodes out there that are actually run by our friendly paternal surveillance state is likely to be near 100%. They have infinite money, so why wouldn't this be true? This is especially true for exit nodes. After all, which one of us average folk is REALLY likely to run an exit node and have our commercial ISP see all the "subversive" content come out of our little account? Can you imagine the sh1tstorm of attention you would draw to yourself if you ran an exit? Let's face it: none of us do it. The only ones who likely DO run exit nodes are either governments or government fronts or government-run assets. If the same is even mostly true of regular nodes, TOR is just one massive honeypot designed to give intel agencies the real down dirty goods on those of us who want to do, read, and communicate in secret. To which much use can eventually be put. ... Of course, by the way, don't think that just because no one gets arrested from doing illegal things on TOR that that means anything. Cops CAN'T be called for anything seen on tor, or the whole honeyput would come down and no one would come near it anymore. Bad people can do bad things on tor and not have the cops find out. That's not proof that it's actually successful. That's because it's not for cops. It's for higher order surveillance for higher order purposes. For the State to keep an eye on a certain kind of element. They're not going to blow the whole charade by busting some kid or some pervert for some merely criminal charge.)
A handful of open-source programmers have no money. Whereas the military industrial establishment has massive, effectively unlimited resources. Billions of off-sheet cash and everything it buys to get us all to slowly, subversively sell each other out without ever realizing how it happened until it's too late (which probably ain't gonna be long from now). In fact, to go further, how certain can we be that TOR hasn't been owned and betraying all of us for a long time now, if not even from the very beginning possibly?
Don't get me wrong: I will still use TOR because it is the only thing we have, but I will do so with the realization that everything I do using it MIGHT be going direct to our masters despite my efforts. And I will always try however I can to figure out how to thwart whatever bits of sabotage they've built into the tor system over time, like the first-start script-enabled contact with home base that I already talked about.
For sh1t's sake and your own too, ALWAYS assume that your favorite allies in the privacy and anonymity business are compromised. Because they have to be. The State is too rich by trillions of dollars for them to not have tried and for them not to have been successful. It's too easy for them to kill, cheat, bribe, outwit, and buy off absolutely anyone. (Look at Popular Mechanics magazine vis a vis 911 for one example among many.) The best and main tool we simple, innocent, naive folk have is to look at things with squinty eyes, be suspicious, and cry foul loudly at every turn. Look at the developers funny. Ask 'em "why" a lot. If they're privacy advocates, they HAVE TO UNDERSTAND that this is necessary. I don't care if it's free and they work for nothing. It doesn't matter. If anyone is to be able to trust that it works, the developers have to accept and EVEN ENCOURAGE suspicion verging on hostility on the part of the users and the public in general. Look at everything our friends and "allies" do, every change they make over time, with maximum suspicion. Connect a few dots every once in a while. Ponder. "How could this or that change screw with my actual privacy while continuing to appear protective?" Speak. Ask questions. Doubt the sincerity of the answers. Ask more questions. Express your doubts and theories. Look at the backgrounds of all key players and look for strange coincidences. Publish them in blog comments and elsewhere. Did developer X work for a military contractor 7 years ago? Is developer Y married to a former member of US Army intelligence? You get the idea.
Regards, Ragnar
P.S. The tor project got rid of a brilliant piece of anonymizing software a long time ago, Privoxy. Why would they have done that that? This allowed us to change our user agent string on a per-site basis, among a hundred other things. This is a suspect move. (And I mean explain it without any pitifully childish excuses like "research found it was too difficult for users to understand" or "the original developers stopped upgrading it.")
I would recommend you to read more on principles of Tor before posting such confusing texts.
Try to read all documents few times and try to ***understand*** how all works, then you will see that all you write here is just result of some misunderstandings.
The torbutton was removed from action because of very good reasons. Those are not connected with Tor, but rather with the development of all sorts of internet software, including current versions of browsers.
A browser has to be heavily modified to be useful with Tor, there is no more solution to do it just by toggling something.
From your text:
>And you do know, of course, that the number of nodes out there that are actually run by our friendly paternal surveillance state is likely to be near 100%. Question is: HTF did you get an old piece of add-on code installed in my browser a long time ago to suddenly change its functionality??? What bizarre entree into my browser do you have, and how did you get into it?
Otto Sykora
Basel, Switzerland
Did anybody read Otto's comment critically?
... If you did, you should have noticed that he didn't reply to all the comments, and the ones he purportedly did reply to made no sense.
The torproject's ability to REACH INTO someone's Firefox browser and change the functionality of an old TORBUTTON add-on is worthy of suspicion and begs for an answer. (Has this happened to anybody else?) I would like to know how this behind-the-scenes fiddling with someone's browser could be countenanced by the privacy-valuing community, much less even made possible, technically, by an entity holding itself out as a protector of privacy.
Worst of Otto's reply is the silly statement that "that's great if most of the nodes are run by government entities! The more nodes, the better!" Otto, for someone who recommends "reading more" on how TOR works, you show a catastrophically tainted understanding of the basics. The problem with govt controlled nodes (i.e., multiple nodes run by essentially the same entity) is: if all, most, or even many nodes are run by any cooperating entities, then these nodes could and would share each other's encryption keys and share data with each other, unmasking part and in many or all cases your entire encryption chain. Cooperating nodes means drastically less certainty of privacy/anonymity, if not total and complete reveal of who you are and what you're doing.
For one example of this, do a little searching online for one early example of this "owning the nodes" type of attack (that's my term, not a useful search term.) This particular discovery was just ONE INSTANCE that got exposed because someone was caught running multiple nodes out of one location. Always keep in mind the possibility (better, the high probability) that such things are done more widely and much more subtly, such that it's harder for one of us to notice and/or prove THAT the problem exists and HOW BAD the situation actually is.
The questions and recommendations made still stand.
this is getting out of hand in my opinion and as such topic is now locked
your friendly neighbourhood moderator Zach Thibeau