Tor Messenger Beta: Chat over Tor, Easily | The Tor Blog

What is it?

Tor Messenger is a cross-platform chat program that aims to be secure by default and sends all of its traffic over Tor. It supports a wide variety of transport networks, including Jabber (XMPP), IRC, Google Talk, Facebook Chat, Twitter, Yahoo, and others; enablesOff-the-Record (OTR) Messaging automatically; and has an easy-to-use graphical user interface localized into multiple languages.

Source: Tor Messenger Beta: Chat over Tor, Easily | The Tor Blog

Google Music

English: Google Logo officially released on Ma...

I am getting pretty peeved with Google recently. I have a huge amount of music on my Google Music library, so much in fact, that I hit Google’s track limit for uploads. Now, I’m trying to download my purchased music back to my machine, but their MusicManager is winding me up no end. It downloads for a while, then stops, thinking it has finished, with several tracks not downloaded. I restart the download, and it goes on a bit more then stop again.

Google suggested a few things, eventually ending up blaming my ISP. But there isn’t much alternative for me. Other than my current ISP, I can only use my corporate connection, but that requires a proxy – something Google do not support on MusicManager, or using Tor, which also doesn’t work properly. They suggested using the Google Music app, but that only works (if it ever does) on a single album.

I even tried using AWS and Google Cloud, but the app ties to MAC and refuses to identify my machine (which is a virtual machine). I also tried using an LXC contain, and that worked for a bit longer, but also died. So now, I’m trying using a Docker image. Slightly different concept, but lets see if it works.

If that doesn’t work, I’m going to try using TAILS.

EDIT: Docker image didn’t work. So anything with a “true” virtual environment such as AWS, GC, and Docker don’t seem to work (VirtualBox will probably be in this list too), anything else (LXC, e.g.) will work, but fail later.

School dropout codes chat program that foils NSA spying (Wired UK)

The National Security Agency has some of the brightest minds working on its sophisticated surveillance programs, including its metadata collection efforts. But a new chat program designed by a middle-school dropout in his spare time may turn out to be one of the best solutions to thwart those efforts.

School dropout codes chat program that foils NSA spying (Wired UK).

School dropout creates messaging app that foils NSA spying

Linux News

The National Security Agency has some of the brightest minds working on its sophisticated surveillance programs, including its metadata collection efforts. But a new chat program designed by a middle-school dropout in his spare time may turn out to be one of the best solutions to thwart those efforts.

Prompted by Edward Snowden’s revelations about the government’s intrusive surveillance activities, loosely knit citizen militias of technologists and security professionals have cropped up around the world to develop systems to protect us from government agencies out to identify us online and grab our communications.

John Brooks is now among them.

Brooks, who is just 22 and a self-taught coder who dropped out of school at 13, was always concerned about privacy and civil liberties. Four years ago he began work on a program for encrypted instant messaging that uses Tor hidden services for the protected transmission of communications. The program, which…

View original post 471 more words

Blocking IP ranges using IBLOCK lists and iptables

I’ve started looking at the iptables function within the Linux kernel, and found out, that with a bit of tinkering, you can use the IBLOCK lists to do a machine-wide block based on IP. You use pipes (gotta love ’em) to route them into ipset which allows you to create a set of IP addresses/ranges which then reference in the iptables. You can use wget or curl. If you use wget, you might need to use the quiet switch. You can use xargs to multi-download lists and concatenate. I’m tinkering with my download script at the moment.

First, create the set. Here, I have used a high maxelem number because I use a lot of IBLOCK’s lists. The “maxelem 1048576” can be omitted or the number reduced if you are only using one or a small number of IBLOCK lists.

ipset create IBLOCK hash:net maxelem 1048576

Second, download and add to the set if it doesn’t already exist. You can chain multiple lists into the wget or use xargs. For this example, I’m only using one.

wget -q "http://list.iblocklist.com/?list=bt_level1&fileformat=p2p&archiveformat=gz" -O- |
    gunzip |
    cut -d: -f2 |
    grep -E "^[-0-9.]+$" |
    gawk '{print "add IBLOCK "$1}' |
    ipset restore -exist

Finally, add rules into the iptables to drop package to and from IP addresses that exist in the set. This means that packets coming in from external IPs that match IP addresses in the set will not be answered.

iptables -I INPUT -m set --match-set IBLOCK src -j DROP
iptables -I OUTPUT -m set --match-set IBLOCK dst -j DROP

When I tried this with my IBLOCK download script, it seemed to kill TOR functionality as well, which I suspect means that IBLOCK have included the TOR IP range in one or more of their lists, so I’ll need to determine which one(s) they are and exclude them, as I do use TOR actively.

As with most things, there’s more than one way to do this, and this is one of many ways you could implement blocking behaviour.

Source: Dustin C. Hatch, Using PeerBlock lists on Linux

Playing with Tor

I’ve been using Tor for a while now, and have been tinkering with settings to try to get it work right. One of the many frustrating things is DNS leaking whereby an application resolves DNS using the host DNS and not via Tor. Consequently, since the DNS server of your PoP (Point of Presence) is usually your ISP’s DNS server, or a DNS server maintained by your ISP, they can easily eavesdrop on your surfing behaviour, by simply connecting a DNS query with a traffic stream to that same IP soon afterwards.

Using DNS via Tor is a bit of a pain, but there are various ways I’ve found that seem to work. Some better than others.

Continue reading

Tails – Privacy for anyone anywhere

In case you haven’t seen this, Tails (The Amnesic Incognito Live System) is a live incognito DVD/USB which you can use to boot off any machine that supports USB boot (and for those which don’t boot of USB, you can use PLOP).

All connections go through Tor and since its a live disk, nothing is left on the hard disk (unless you choose to save something off the Internet, I guess).

I’ve been tinkering with Tor and managed to get my DNS routed through Tor, with my normal DNS as a backup, although routing traffic is a bit tricker, since not applications like to play with the Tor network properly. Some applications such as Vuze provide SOCKS capability, which allows routing of traffic through the Tor network via proxy. Others, like Chrome/Chromium don’t offer this as well, and you have to fudge it.

%d bloggers like this: