Experimenting with Tor

I own an old, beat-up laptop I name ‘Venus’, from circa 2005. And with this laptop, I am exploring the fantasy that it should be configured to connect to the Internet, entirely using ‘Tor‘. I am trying to replicate what the TAILS USB-stick is said to do, but in the hopes that my own achievements will be more credible. You see, I doubt that TAILS really accomplishes what it claims to accomplish.

I have to admit, that I really have no idea, what that old laptop is supposed to do, once it is connected via Tor. This just seems like a fun project. And, there exist few services today, which will just let people connect via Tor. What one can do is browse, using a Web-browser, and not use Google, because the geolocation services of Google tend to blacklist most of the exit nodes of Tor.

But, wanting one additional ability, I also decided that Venus should connect to a less-important email server of mine via IMAP, and through Tor. What I discovered, was that the email client I was using for this does not itself support a Socks 5 Proxy, through its own GUI. And so I read that some command-line utilities exist for Linux, which will force the programs specified to use such a proxy.

The first utility I tried was called ‘proxychains’. But there is a caveat with this utility, that people fail to point out. It will negotiate the email client to connect to Port 143 in plain-text, rather than in cipher-text. I had not noticed this, until my laptop had connected to my email service, in plain-text in fact. This means that a corrupt exit node would have been able to sniff my password.

This is the full extent to which I was compromised. There was really no other sign, that anybody might have tried to connect to my (subscribed, paid-for) email server, in my place. But such a single exposure was more than what I was willing to let sit.

So I immediately changed the password of this subscribed, paid-for email service, to a much harder password, before anybody else got the chance, and I am still able to use that email address fully.

But then the question lingers in my head, of how I might nevertheless connect to it via Tor. There exists another command-line utility named ‘tsocks’, which claims to tunnel all the TCP/IP connections of its designated program, through the Socks 5 Proxy, without analyzing what types of authentication may be taking place.

I tried to use tsocks as described, but only found the comforting message, that the stream could not reach the IMAP server in question. So here there was no evidence that the utility in question actually breaks TLS encryption.

But ultimately, I would still not feel comfortable using tsocks, after the experience I had with proxychains, because I need to take the idea that tsocks does not break encrypted protocol, entirely on the words of software-authors who I cannot ultimately trust. These are Tor specialists after all. Even tsocks might eventually compromise my connection-security, even though it is not supposed to.

And so my little Tor laptop remains useless, from any practical perspective.


Continue reading Experimenting with Tor

Bell Canada has factually upgraded its email service.

In the past, the way the email service of my ISP – “Bell Canada” – worked, was that email was outsourced to Microsoft, such that at least my own ‘Sympatico’ email address, was also accessible as Web-mail, via ‘Hotmail’. The way this used to work, was that I had assigned sub-domains for accessing the POP and SMTP servers, which seemed to belong to Bell, but which nevertheless used to access my email with a Hotmail server.

Now, it had happened before that I had received emails from Bell, telling me to make sure I had updated my email server settings, to keep up with improvements that were being promised. But all those emails simply led to a site with Bell, according to which my settings were already correct as they were.

My explanation for that would be, that maybe not all Bell customers were on the same plan before, and that my arrangement with them may have been more of a testing arrangement. In any case I had visited the link each time, to make sure that the server settings recommended there, still corresponded to the server settings I had been using, and they had.

The aspect of this which is pleasantly surprising, was that as of May 3, the service was in fact upgraded – this time – and that it happened without any interruption of the service available to my POP clients, since my POP clients were already configured for the change. Thus, I had not really noticed that the upgrade had in fact taken place until later. I did, however, receive an email from Bell, saying ‘Welcome to the New Service.’

There was however a way in which I was bound to discover the improvement eventually. As long as my email was always hosted on Hotmail servers, a peculiarity of the service was, that one of my POP clients was configured to ‘Leave Email On The Server, For At Most 3 Days’, while all my other POP clients were just configured to ‘Leave Email On The Server’ (with no time limit set). This was one way I had intended to keep all my received email, on POP clients, in sync.

The problem with the earlier Hotmail arrangement was, that their servers would flagrantly disregard the command sent by my own email client, eventually to delete the emails. In fact, Hotmail had announced suspicion of my email client programs in the past, stating that ‘Some program has asked us to delete your emails. But because we do not trust this program, we have put those emails in a special folder for you.’ AFAIK, It could have been true that Hotmail did not trust this mysterious email client of mine, because mine was not a Microsoft client, being a Linux client, and there may have been some way for the Hotmail server to detect that. In fact, I am sure that email clients state a User Agent, the same way Web browsers state a User Agent.

What this meant in practice, was that every few days I would actually need to log in to my Web-mail, and to delete some emails manually, which the setting on that one email client were not sufficient to delete. Hence, it was inevitable that I would be heading back to the Hotmail, Web-mail server eventually, to look at and delete those emails.

Except that more recently, there were no emails in my Hotmail Inbox. My POP clients were still receiving emails, but my Web-mail did not reflect them. In response to this, I had actually changed the setting in the interim, so that none of my POP clients were set to have emails deleted from the server for now.

But it turns out, that the real reason for which my (old) Hotmail Web-mail was no longer showing any received emails, was this real upgrade. The new Web-mail site with Bell, shows me all the emails I have received since May 3.

What this also means, is that the potential now exists, for Bell email servers actually to follow the request of my client, to delete emails in the Inbox, older than 3 days.

Also, I happen to like the new Bell Web-mail layout better than the old Hotmail layout. And, there are No cross-scripted sites which the new Web-mail site links to, which could have been intended as advertisement under Hotmail, but which would trigger the script-blocker on my Web-browsers, that selectively blocks scripts from excessively-abusing domains. There seem to be no linked domains on the new Web-mail site, which my script blocker would want to block.

I guess that maybe, Hotmail was making some additional money on the side, which Bell does not need to make, because I am already paying Bell in full, for my services?