Back in March I was taking screenshots and pictures with my android of the different folders and files. Days after I started to accumulate them I started to notice they were disappearing from both my phone and computer so I started to write down everything in a binder. This was the first files I found:
Tor accept 192.168.0.0/16 control port 9051 hashed control password 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C hidden service port 80 127.0.0.1:80 hidden service port 22 127.0.0.1:22 (e.g. advertise 443 but bind to 9090) outgoing traffic 10.0.0.5 nicknamed ididntedittheconfig each period starts daily at midnight each period starts on the 3rd of the month at 15:00 contact google Random Person <nobody AT example dot com> directory connections 9030 (e.g. advertise 80 but bind to 9091) entry guard 4B7B73D5A1F789ED2411A90E03C49C91652FDB95 entry guard AA1B026EE0C8A958E29C67C7D8885FF27572269D entry (Alligator) 774969EEAA906F269C4E4E1D2E3D8711DA601491 exit fast guard HSDir running stable V2Dir Valid Pascal 7 Raspberry PI Tor Relay torhbasd brasshornrelay11 cryptonanus fingerprint ED03BB616EB2F60BEC80151114BB25CEF515B226 tor pid 1597 network manager pid 906 IPv6 privacy RFC4941 ssh agent 1377
When I ran a several different network scans from my android I found my 2.4ghz and 5 ghz wifi names along with HOME-E2DE 2.4 and 5. My wifi networks run off channel 6 while the 'HOME' one runs off channel 1.
On Sun, May 29, 2016 at 12:27 PM, Percy Blakeney di99in5@gmail.com wrote:
Whomever is and has been behind this is selective with what I can and can't see. I KNOW our electronics are and have been controlled since we moved here January 2014. I know this because at one time "they" were interacting with me on via my desktop. I was asked if "they" could run a d-bus session on another computer I have connected. Not knowing what a d-bus session was "they" gave me a step by step run down on how to do it. I did what "they" asked because it was kind of exciting. Now in retrospect it's more scary than anything else. There are files on my Linux computers that show me what to display if I run a netstat command or nstat command so even when I try to figure things out I'll continue to get the same results every time. Terminal fortune cookies were installed without me installing them. One time upon opening up my terminal the little penguin's thought cloud said this: "I am number 2. You are number 6." Though I know a terminal only takes commands I impulsively typed back within it, "I am not a number. I'm a free man!" Immediately after I typed that in this popped up after my sentence, "I am not a number. I'm a free man-tor!" And it was then that I started going through my folders and files and found everything Tor related. Even some link that told me I was running through a Tor router.
On Sun, May 29, 2016 at 12:09 PM, Arjen arjenvanweelden@gmail.com wrote:
On 05/29/2016 05:28 PM, Percy Blakeney wrote:
Like I stated a few minutes ago, I am and have been running Tor from my location yet I have nothing to do with it. I have been sitting on this for a while. Before anyone comes down on me for it, you have to understand what I've been going through with my network. Tor is only the tip of the iceberg. This is as of today:
usr/share/tor/tor-service-defaults-torrc
DataDirectory /var/lib/tor PIDFile /var/run/tor/tor.pid RunasDaemon 1 user debian-tor control socket /var/run/tor/control control socket group writable 1 cookie authentication 1 cookie auth file group readable 1 cookie auth file /var/run/tor/control-authcookie log notice file /var/log/tor/log
etc/tor/torrc
contact info 0xFFFFFFFF Random Person <nobody AT example dot com> #Dirport 80 No Listen #Dirport 127.0.0.1:9091 http://127.0.0.1:9091 No Advertise #Dirport front page /etc/tor/tor-exit-notice.html #Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more #accept *:119 # accept nntp as well as default exit policy
The hashes (#) in from of the lines are part of the default inline documentation in the torrc file, and should have no effect because they are comments. It looks like you or someone with root access installed Tor on your computer. You did not send enough of the torrc file to see if it is configured as an exit. It could just be the default configuration after a "sudo apt-get install tor"...
If you just want to remove Tor from your machine (which runs Debian?), you could just do: sudo apt-get remove tor However, that might remove any clues as to who installed Tor and why.
var/lib/tor
lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me) cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is not visible to me) state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible) cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content is not visible to me)
The contents of the files and logs might only be readable by root, so using sudo might help to read them.
tor.pid-32156
/var/lib/tor/state
#Tor state file last generated on 2016-05-25 04:36:02 local time #Other times below are in UTC #You *do not* need to edit this file.
EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27 2016-04-28 16:16:20
THERE'S WAY more to the above file but I'm not sure what I should and shouldn't share on here. As a matter of fact, I'm not sure what half of this stuff means so I've spent the last few months trying to educate myself on as much of this as possible. Like I said, I am MORE than willing to talk to anyone out there who may be able to help.
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays