Dr No Provoxy, Tor, Stunnel, etc

Discussion in 'Computer Support' started by The Stone Crusher, May 8, 2009.

  1. I read carefully Dr No's monograph. I want to download karaoke files and
    films from binarie newsgroups only. I tried to set up my newsclient, Grabit
    to do that.

    OK! I checked everything out. I have the Vidalia Bundle working, i.e., Tor
    is up and running. I put the and 119 in the server box on Grabit.
    I put Grabit 'into' FreeCap, and, . . . it doesn't work! I am using the
    newsgroups offered by OptOnLine (Optimum). Perhaps Grabit cannot be
    socksified? There is no NNTS connection either. When I try to download a
    file I receive a msg: "Unable to connect to [followed by a
    small square box] (socket error 16001 [followed by two small square boxes]
    connection refused)

    I was going to buy a software package, but some sites warned against it
    suggesting that they really weren't that good, etc.


    The Stone Crusher, May 8, 2009
    1. Advertisements

  2. The Stone Crusher

    thanatoid Guest is you. Read this:
    I don't know what all those programs (I assume that's what they
    are) you mention are, I've never heard of them and I don't see
    why they should be necessary. You are making things way too

    Call Optimum (or email them) and ask what the correct address
    and port settings for Usenet access are.
    GrabIt is fine for what you want to do.
    thanatoid, May 8, 2009
    1. Advertisements

  3. The Stone Crusher

    Mike Easter Guest

    Doctor Who. Currently Security and Encryption Faq 22.6.8
    DrWho doesn't mention GrabIt. I'm not familiar with grabit.

    Why are you wanting to use tor to dl binaries? Is there something that
    would cause LE lawenforcement to subpoena or warrant the news provider or
    put carnivore/dcs1000 on you?
    Mike Easter, May 8, 2009
  4. Thank you for the reply, Mike!

    I have been warned by my ISP that I had violated a copyright. Someone
    tapped into my wireless router,
    before I figured out how to secure it, and downloaded some Adobe program. I
    don't want them to
    cut off my service. It is not law enforcement that is the problem.

    I know that Dr Who doesn't mention Grabit, but I tried Agent and found it
    very unsatisfactory. I am
    still waiting to hear from them on some questions I asked.
    The Stone Crusher, May 8, 2009
  5. Thank you for your reply, thanatoid!

    I read that little article you suggested and it has me more puzzled.
    When I put the and the port 8118 into Firefox
    with Tor running, it takes longer to boot up, sometimes
    I get Google in German, and when I go to one of those
    sites that tells you how insecure you are, i.e., they give you
    your IP address and your location, it is completely
    wrong. They give strange IP addresses and usually
    locate me in the Netherlands or Germany; I am in NJ.

    The Stone Crusher, May 8, 2009
  6. The Stone Crusher

    G. Morgan Guest

    That's because Tor routes your (HTTP) request through a series of computers
    running Tor servers. That's the whole point, to obscure your real IP from the

    For encrypted NNTP sessions you should use a server that allows SSL and a
    newsreader with that built-in. I don't know how to route NNTP traffic trough
    the Tor network, although I would imagine it's possible. I know Forte Agent
    has the SSL capability, you'll need to check about Grabbit.
    G. Morgan, May 8, 2009
  7. The Stone Crusher

    Mike Easter Guest

    Please don't top post. It puts your remarks out of context and
    conversation order and interferes with your ability to communicate
    effectively. When you hit reply, first trim away all of the lines to
    which you aren't directly replying, then put your reply under an empty
    line under those words you are replying.
    It is very bad to be using insecure wireless. All kinds of terrible deeds
    can take place via your insecurity and it looks like you did it. This can
    include federal crimes, child pornograpy, and things that will get your
    door knocked down, your computer equipment confiscated, and you spending a
    lot of money defending yourself. Copyright violations are what the movie
    and music industries are interested in, but federal crimes are quite
    another matter.
    There are a lot of problems. Your interest in security is upside down if
    you are talking about the vidalia bundle of tor, privoxy, stunnel for news
    downloading while you are providing an insecure wireless connectivity to
    your general neighborhool.
    I've read a little bit on using GrabIt and its popularity for dl/ing
    binaries; and I've also read some on using it with Stunnel now.

    But I still believe that you are headed for trouble if it is your
    intention to share/ news upload/ copyrighted material. Or federally
    criminal material. You need to get a better understanding of some basic
    concepts of security, such as your wireless insecure condition, and
    anonymity, which is not your ISP and which is also not your ISP's news
    server which is actually provided by highwinds.
    If it is about your terms of service, they publish them here
    http://www.optimum.net/Privacy/AUP Acceptable Use Policy "Users are
    solely responsible for the security and misuse of any device that is
    connected to the Service, regardless of whether the misuse was committed
    by the User or a third party with access to the User's Service account."
    Mike Easter, May 8, 2009
  8. Thank you for your reply.

    The Dr No monograph gives instructions how to route NNTP traffic through
    the Tor network. It involves Stunnel & FreeCap. But this still doesn't
    my fundamental question: If I use the Tor network to download from a
    newsgroup, can someone tell it is me - including my ISP? Some one used
    my unsecured wireless router to download from eMule and I received a
    copyright violation notice. If I download through Tor from a newsgroup
    will I be 'exposed' as it seems I was without it?
    The Stone Crusher, May 8, 2009
  9. Thank you again for your followup.

    I have secured my router immediately after the incident. Of course I had to
    'research' how to do it, but it wasn't that difficult in the end.

    I don't know what you mean when you say ". . your ISP's news
    server . . . is actually provided by highwinds." Ooops! I
    ..did a search on 'highwinds server' and found it. I see; they
    supply the software and services for Optimum - if I understand
    it correctly.

    I read the AUP and was a little surprised to realize how
    extensively it is violated! There are newgroups out there
    whose whole purpose is to make available copyrighted material.
    I'm sure they are able to rationalize it.

    Below here is what I was originally going to post. Since you
    took the trouble to research Grabit & Stunnel, I thought you
    might be interested.

    I have one goal: to download Karaoke cdg files & film

    noir Movies. I have done this from newsgroups successfully.

    I have read the Dr No monograph on anonymous surfing.

    I am only interested in using newsgroups anonymously.

    Dr No mentions a number of programs (free) that can be

    used for this purpose. I downloaded and installed the

    Vidalia Bundle. This installs and configures Tor - as far as

    I can determine. If I use Firefox to go to one of these security

    sites it reports a wrong ip address & thinks I'm in the Netherlands,

    or other places. Sometimes when I use Google it comes up

    in a foreign language.

    I am not interested in surfing anonymously nor encrypting

    the data on my hard drive. I just don't want my ISP to

    know what I am doing.

    Solution according to Dr No:

    Use the following . . .

    Tor is an open source fully functioning Socks proxying system.

    It will build automatically and transparently to the client (you)

    an anonymous and encrypted route across the Net.

    It uses multiple layers of encryption, each node only knowing

    the previous and next node, so with several nodes your data

    becomes anonymized. Tor is a socks server that accepts and

    encrypts data from any program that is "socksified", meaning

    set up to communicate with it.

    Does this mean the my ISP won't know what I am doing?

    It is further suggested to use Privoxy. This acts as a bridge

    between your browser and Tor. A web proxy is a service,

    based on a software such as Privoxy, that clients (i.e. browsers)

    can use instead of connecting directly to the web servers on the

    Internet. The clients then ask the proxy to fetch the objects they

    need (web pages, images, movies etc) on their behalf, and when

    the proxy has done so, it hands the results back to the client.

    Privoxy is a proxy that is solely focused on privacy protection

    and junk elimination. Sitting between your browser and the Internet,

    it is in a perfect position to filter outbound personal information

    that your browser is leaking, as well as inbound junk. Used in

    conjunction with Tor it ensures all your Web browsing is totally


    It says 'browser', but I am using a newsgroup client.

    Does the bridge go 'over my ISP so they don't know what I

    am doing? (I am not interested in the browsing aspect.)

    Then Dr No makes reference to another program, Stunnel.

    (He shows how to install it.) Stunnel encrypts the data between

    you and your news server. The data is encrypted after it leaves

    the remote server and Tor providing you are using Stunnel.

    The only precaution you must take to ensure both privacy and

    anonymity, is to use Stunnel in combination with FreeCap,

    which ensures it routes all data over the Tor network. It is

    possible to use Stunnel alone, but not recommended.

    Choosing to do so, would bypass Tor. There are now

    several news servers offering SSL (Stunnel) encrypted

    connections through port 563.

    Now I need FreeCap. (He provides setup info.)

    FreeCap acts as the bridge between Stunnel and Tor.

    In addition I need to be hooked up to a newsgroup that

    offers an SSL connection. Why I need a 'bridge' is far

    beyond me . . . but will this now prohibit my ISP for

    knowing what I am doing?

    Dr No then remarks that the data is encrypted both by Tor

    which uses TLS (Transport Layer Security) and by Stunnel

    which uses SSL (Secure Socket Layer) as it leaves your

    desktop through your ISP and on into the Tor network.

    This seems to be what I am after . . . but data is not the

    same thing as identity. Will the ISP know what I am doing?

    When it seems their cannot be any more, Dr No adds there is an

    option in Stunnel to route your Usenet connection through a

    SSH (Secure Shell) host server using Putty. This option is

    strongly recommended for Usenet posting when used together

    with Tor for maximum anonymity and security. These Secure

    Shell servers are offered on a subscription service. I suggest

    try Cotse. I have had no experience with Cotse, but some speak

    highly of them.

    He talks about dragging Stunnel into FreeCap to sockify it.

    Dr No says now configure your news client by inputting

    into the window which asks for your news server name and 119 is

    the port. Then the bomb comes: Stunnel can only be used with a

    news provider that offers a secure (NNTPS) connection

    (by default on port 563). For other news providers Stunnel is

    useless. For these less secure sites I suggest socksifying

    Agent,[or whatever your news client is] by dragging and dropping

    the Agent [news client] shortcut into FreeCap. Not nearly as secure,

    as your data will not be encrypted after it leaves the Tor network on

    its way to the News provider. It costs no more to subscribe to a

    secure news provider than it does to one that does not offer an

    encrypted connection.

    OK! I checked everything out. I have the Vidalia Bundle working, i.e.,

    Tor is up and running. I put the and 119 in the server box

    on Grabit. I put Grabit 'into' FreeCap, and, . . . it doesn't work!

    I am using the newsgroups offered by OptOnLine (Optimum). Perhaps

    Grabit cannot be socksified? There is no NNTS connection either.

    When I try to download a file I receive a msg:

    "Unable to connect to [followed by a small square box]

    (socket error 16001 [followed by two small square boxes] connection refused)

    The Stone Crusher, May 8, 2009
  10. The Stone Crusher

    Mike Easter Guest

    The Stone Crusher top posted:
    In order for you to use the news.optonline.com (or .net) server, it is
    necessary for you to log onto the newsserver from an appropriate IP
    address (not an IP address which the newsserver doesn't recognize as
    belonging to optonline). Since I can't access that newsserver, I can't
    tell if it also requires a user/pass, but I suspect that it does.

    If you are going to try to 'evade' your provider's oversight, you are
    going to have to do it in some way which doesn't involve using a
    newsserver which is being indirectly provided by your connectivity
    emule is a different p2p situation than nntp which emule and other p2p/s
    involve 'traps' put into place by the RIAA.
    emule exposure works one way. Your provider was contacted by the RIAA by
    spying via the p2p system. Also p2p creates a different kind of burden on
    your own provider than binary news dl/ing, because in p2p/emule you are
    also uploading which makes you a server and also uses up the weaker side
    of the asymmetric bandwidth.

    IMO your provider isn't going to be monitoring your binary dl/ing from a
    newsserver, but I'm not trying to tell you how to dl material which can
    create a problem for you.
    Mike Easter, May 8, 2009
  11. The Stone Crusher

    Mike Easter Guest

    If I wanted to do that, I would just do it. No tor/stunnel/privoxy.

    IMO your provider is not going to be actually monitoring the content of
    what you dl.

    You came to your provider's attention because someone - eg the RIAA -
    complained about your using a p2p service to up and download copyrighted
    material. If someone weren't complaining about it, your provider wouldn't
    have known from monitoring your actual download content.
    I think you are misguided about using newsgroups anonymously and you
    aren't going to be able to download from your provider's
    optonline/highwinds server without accessing with an optonline IP address
    and logging on with an optonline user/pass.
    In this specific instance of the newsserver, you have to understand the
    parameters of accessing the newsserver.

    If you are going to access the optonline/highwinds newsserver, you are
    'known' by your optonline client IP and user/pass. If you are going to
    access some other pay newsserver, you are known by the persona/identity
    who paid for the subscription because you logon. But, I'm arguing that
    those news providers don't care to monitor your downloaded content.

    You create much greater problems for yourself when you use p2p services
    like emule.
    Mike Easter, May 8, 2009
  12. The Stone Crusher

    Mike Easter Guest

    I think it is useful for you to understand the relationship between your
    provider and the DMCA policies and how that relationship affects the
    relationship between your provider and you.

    Read this http://www.optimum.net/Privacy/Copyright Cablevision's
    Copyright Infringement Policy

    .... that is a requirement of your provider in its relationship to those
    such as the DMCA which would want to whinge about copyright issues. The
    DMCA gets its 'evidence' of what you - your IP - did wrong based on the
    emule p2p activity and they provide that evidence to your provider. They
    had evidence that your IP address was serving out copyrighted material and
    they provided that evidence with all its accouterments such as an
    identification of the copyrighted material itself.

    Then read this http://www.optimum.net/Privacy/AUP Acceptable Use Policy

    .... which is how the provider 'corrects' problems which have been
    presented to it by their relationship with the DMCA process. The provider
    sez that they have a problem with what is going on. They don't say that
    they learned what was going on by having someone hand the evidence to them
    on a silver platter, but that is what happened.

    The provider didn't get the copyright evidence by monitoring the content
    of your transmissions. The provider got the copyright evidence by having
    it handed to them by the DMCA process which sprang from the emule

    The provider doesn't want to be monitoring the content of your newsgroup
    downloadings. Your provider is actually providing you with access to
    those binary newsgroups. If they would provide you with access to text
    only newsgroups instead of binaries, they would save themselves a lot of
    bandwidth, but that's another story.
    Mike Easter, May 8, 2009
  13. The Stone Crusher

    G. Morgan Guest

    I have no idea who this "Dr. No" is, but he sounds like he knows what he is
    talking about.

    As "Mike Easter" mentioned, you'll be unable to use your ISP's NNTP server if
    you are landing there from an endpoint outside of their network. Some ISP's
    let you enter a user/pass to get around the IP verification, but that is rare
    nowadays. Last year there was tons of abuse coming from Roadrunner &
    Suddenlink, and I believe their solution was to require IP verification AND
    user/pass credentials to access their servers from then on.

    If you really don't want your ISP having the ability to spy on your Usenet
    downloads, you'll have to pony up for a paid server that offers an SSL port
    for encryption. There are some good deals out there that let you buy a
    non-expiring block of bandwidth. I've seen some for as little as $5 for a
    couple of gigabytes, and the speed will likely be much faster because they
    will generally allow more simultaneous connections than a ISP provided server.

    I personally wouldn't worry about it. The reason you got "busted" before was
    your use of eMule. NEVER use a centralized P2P network like eMule, eDonkey,
    Bearshare, Limewire, etc... If you want access to everything the P2P world
    has to offer, use the Bit Torrent protocol. I recommend uTorrent in
    combination with PeerGuardian. PeerGuardian is a tool to reject connections
    from known anti-P2P groups, governments, and various other undesirable
    nuisances. Your ISP has no interest in tracking down individuals who may be
    downloading copyrighted stuff, they act when then they HAVE to (a DMCA
    complaint from blood-sucking lawyers). You should be able to download
    whatever you want from your ISP's NNTP's, they (bloodsucking lawyers) really
    don't have any way to keep tabs on that because the connection is direct.
    G. Morgan, May 8, 2009
  14. The Stone Crusher

    Mike Easter Guest

    My recommendations:

    -1- keep your wireless secured with WPA, not just WEP
    -2- don't use p2p services such as emule and others; some of them are
    -3- just use your provider's newsserver and your optonline IP and
    user/pass login, no tor, no stunnel, no privoxy - that isn't going to give
    you anonymity or encryption because of your relationship with your
    provider and because of how the newsserver works and doesn't work
    -3a- the provider is not going to be monitoring the content of your
    binary downloads; they didn't before when your IP and its copyrighted
    material serving was ratted out on p2p and they won't now

    -4- if you don't feel comfortable using your provider's newsserver, then
    you can buy commercial newsservice cheaply, as little as $2 for a small
    block eg at usenet-news. If you feel you want anonymity, then the payment
    is going to be trickier, but you can pay via CCDeb or MoneyBookers.
    -5- if you use usenet-news, you can also use stunnel (or even tor for
    that matter) but I argue that there is no need for that in this
    application of dl/ing binaries.
    -6- it is somewhat awkward to try to get complete binaries by way of free
    newsservers which don't require payment and therefore some kind of
    -7- if you are going to get serious about payment arrangements and
    anonymity, you are going to have to get involved with more privacy
    Mike Easter, May 8, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.