Unofficial Tor Community
- Just dodged a tracker pixel (I think) -- thanks to a test-based mail client and Torlemmy.sdf.org Just dodged a tracker pixel (I think) -- thanks to a text-based mail client and Tor - SDF Chatter
Tracker pixels are surprisingly commonly used by legitimate senders… your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts). I use a text-based mail client in part for this reason. ...
cross-posted from: https://lemmy.sdf.org/post/24375297
> Tracker pixels are surprisingly commonly used by legitimate senders.. your bank, your insurance company, any company you patronize. These assholes hide a 1-pixel image in HTML that tracks when you open your email and your IP (thus whereabouts). > > I use a text-based mail client in part for this reason. But I got sloppy and opened an HTML attachment in a GUI browser without first inspecting the HTML. I inspected the code afterwards. Fuck me, I thought.. a tracker pixel. Then I visited just the hostname in my browser. Got a 403 Forbidden. I was happy to see that. Can I assume these idiots shot themselves in the foot with a firewall Tor blanket block? Or would the anti-tor firewall be smart enough to make an exception for tracker pixel URLs?
- fetchmail logs showing a Tor exit node is compromisedlemmy.sdf.org fetchmail logs showing a Tor exit node is compromised - SDF Chatter
This is what my fetchmail log looks like today (UIDs and domains obfuscated): fetchmail: starting fetchmail 6.4.37 daemon fetchmail: Server certificate verification error: self-signed certificate in certificate chain fetchmail: Missing trust anchor certificate: /C=US/O=Let's Encrypt/CN=R3 fetchmail:...
- MX lookups over Tor no longer possible (edit: …with a particular tool chain)
To do an MX lookup over Tor, this command has worked for me for years:
$ torsocks dig @"$dns_server" -t mx -q "$email_domain" +noclass +nocomments +nostats +short +tcp +nosearch
In the past week or so it just hangs. My first thought was the DNS server I chose (8.8.8.8) started blocking tor. But in fact it does not matter what DNS server is queried. The whole Tor network is apparently blocking tor users from doing MX lookups.
Also notable that dig hangs forever. It does not timeout despite a default timeout interval of 5 seconds (according to the man page).
- Underwood onion mail has vanished. What email address can be distributed to Google/MS recipients now?
cross-posted from: https://sopuli.xyz/post/13489053
> In the onion v2 days we had
underwood2hj3pwd.onion
. There were half a dozen other onion email providers but Underwood was the only one that did not have a clearnet email alias (IIRC). That was a useful feature because you could distribute an onion address to a MS Outlook or Gmail user and they could not use it to share their correspondence to you with Google or MS in the loop. They had just two options: step off the ad surveillance platform or not contact you at all. That option died with Underwood. > > The other onion email services all have a clearnet translation. So if (for example) I give a gmail user this address: > >foo@yllvy3mhtamstbqzm4wucfwab57ap6zraxqvkjn2iobmrtxdsnb37dqd.onion
> > and they are motivated to reach me, they can figure out that the corresponding clearnet alias isfoo(/at/)onionmail.info
and then they can use that address to send me a msg that is then shared with their surveillance advertiser. And worse, that’s less effort for them than obtaining an onion email account. > > So what I do now is give an XMPP account. Since Google has abandoned jabber and MS never partook, XMPP avoids Google and MS. But XMPP is not a drop-in replacement for email. OMEMO is glitchy/buggy with pitfalls. > > I would like to offer an email option. Ideally, an onion email service would offer a clearnet alias that cannot be determined from the onion address, which implies a different userid string. - Torsocks $udp_app
What happens if an app uses UDP instead of TCP (or both UDP and TCP), and you use the
torsocks
wrapper script? Would the UDP connections all leak without the Tor user knowing? - (EU) How to penalize Tor-hostile companies (e.g. Cloudflare users)
I simply make a GDPR request. Write to a Tor-hostile data controller making an Article 15 request for a copy of all your data. Also ask for a list of all entities your data is shared with.
The idea is that if a website blocks Tor (or worse, uses Cloudflare to also share all traffic with a privacy offender), then they don’t give a shit about privacy. So you punish them with some busy work and that busy work might lead to interesting discoveries about data abuses.
Of course this only works in the EU and also only works with entities that have collected your personal data non-anonymously.