<div dir="ltr">Back in March I was taking screenshots and pictures with my android of the different folders and files. Days after I started to accumulate them I started to notice they were disappearing from both my phone and computer so I started to write down everything in a binder. This was the first files I found:<div><br></div><div>Tor accept <a href="http://192.168.0.0/16">192.168.0.0/16</a></div><div>control port 9051</div><div>hashed control password 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C</div><div>hidden service port 80 <a href="http://127.0.0.1:80">127.0.0.1:80</a></div><div>hidden service port 22 <a href="http://127.0.0.1:22">127.0.0.1:22</a> (e.g. advertise 443 but bind to 9090)</div><div>outgoing traffic 10.0.0.5</div><div>nicknamed ididntedittheconfig</div><div>each period starts daily at midnight each period starts on the 3rd of the month at 15:00</div><div>contact google Random Person <nobody AT example dot com></div><div>directory connections 9030 (e.g. advertise 80 but bind to 9091)</div><div>entry guard 4B7B73D5A1F789ED2411A90E03C49C91652FDB95</div><div>entry guard AA1B026EE0C8A958E29C67C7D8885FF27572269D</div><div>entry (Alligator) 774969EEAA906F269C4E4E1D2E3D8711DA601491</div><div>exit fast guard HSDir running stable V2Dir Valid</div><div>Pascal 7 Raspberry PI Tor Relay torhbasd brasshornrelay11 cryptonanus</div><div>fingerprint ED03BB616EB2F60BEC80151114BB25CEF515B226</div><div>tor pid 1597</div><div>network manager pid 906</div><div>IPv6 privacy RFC4941</div><div>ssh agent 1377</div><div><br></div><div>When I ran a several different network scans from my android I found my 2.4ghz and 5 ghz wifi names along with HOME-E2DE 2.4 and 5. My wifi networks run off channel 6 while the 'HOME' one runs off channel 1.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Sun, May 29, 2016 at 12:27 PM, Percy Blakeney <span dir="ltr"><<a href="mailto:di99in5@gmail.com" target="_blank">di99in5@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Whomever is and has been behind this is selective with what I can and can't see. I KNOW our electronics are and have been controlled since we moved here January 2014. I know this because at one time "they" were interacting with me on via my desktop. I was asked if "they" could run a d-bus session on another computer I have connected. Not knowing what a d-bus session was "they" gave me a step by step run down on how to do it. I did what "they" asked because it was kind of exciting. Now in retrospect it's more scary than anything else. There are files on my Linux computers that show me what to display if I run a netstat command or nstat command so even when I try to figure things out I'll continue to get the same results every time. Terminal fortune cookies were installed without me installing them. One time upon opening up my terminal the little penguin's thought cloud said this: "I am number 2. You are number 6." Though I know a terminal only takes commands I impulsively typed back within it, "I am not a number. I'm a free man!" Immediately after I typed that in this popped up after my sentence, "I am not a number. I'm a free man-tor!" And it was then that I started going through my folders and files and found everything Tor related. Even some link that told me I was running through a Tor router.</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Sun, May 29, 2016 at 12:09 PM, Arjen <span dir="ltr"><<a href="mailto:arjenvanweelden@gmail.com" target="_blank">arjenvanweelden@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 05/29/2016 05:28 PM, Percy Blakeney wrote:<br>
</span><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
Like I stated a few minutes ago, I am and have been running Tor from my<br>
location yet I have nothing to do with it. I have been sitting on this<br>
for a while. Before anyone comes down on me for it, you have to<br>
understand what I've been going through with my network. Tor is only<br>
the tip of the iceberg. This is as of today:<br>
<br>
usr/share/tor/tor-service-defaults-torrc<br>
<br>
DataDirectory /var/lib/tor<br>
PIDFile /var/run/tor/tor.pid<br>
RunasDaemon 1<br>
user debian-tor<br>
control socket /var/run/tor/control<br>
control socket group writable 1<br>
cookie authentication 1<br>
cookie auth file group readable 1<br>
cookie auth file /var/run/tor/control-authcookie<br>
log notice file /var/log/tor/log<br>
<br>
etc/tor/torrc<br>
<br>
contact info 0xFFFFFFFF Random Person <nobody AT example dot com><br>
#Dirport 80 No Listen<br></span>
#Dirport <a href="http://127.0.0.1:9091" rel="noreferrer" target="_blank">127.0.0.1:9091</a> <<a href="http://127.0.0.1:9091" rel="noreferrer" target="_blank">http://127.0.0.1:9091</a>> No Advertise<span><br>
#Dirport front page /etc/tor/tor-exit-notice.html<br>
#Exit Policy Accept *:6660-6667, reject *:* #allow irc ports but no more<br>
#accept *:119 # accept nntp as well as default exit policy<br>
<br>
</span></blockquote>
<br>
The hashes (#) in from of the lines are part of the default inline documentation in the torrc file, and should have no effect because they are comments.<br>
It looks like you or someone with root access installed Tor on your computer. You did not send enough of the torrc file to see if it is configured as an exit. It could just be the default configuration after a "sudo apt-get install tor"...<br>
<br>
If you just want to remove Tor from your machine (which runs Debian?), you could just do: sudo apt-get remove tor<br>
However, that might remove any clues as to who installed Tor and why.<span><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
var/lib/tor<br>
<br>
lock-Mon 16 May 2016 09:48:32 PM EDT (File content is not visible to me)<br>
cached-certs-Mon 16 May 2016 09:48:32 PM EDT (File content is not<br>
visible to me)<br>
cached-microdescs-Mon 16 May 2016 10:18:34 PM EDT (File content is not<br>
visible to me)<br>
cached-microdescs.new-Mon 16 May 2016 10:18:34 PM EDT (File content is<br>
not visible to me)<br>
state-Wed 25 May 2016 04:36:02 AM EDT (This one IS visible)<br>
cached-microdesc-consensus-Sun 29 May 2016 09:17:15 AM EDT (File content<br>
is not visible to me)<br>
<br>
</blockquote>
<br></span>
The contents of the files and logs might only be readable by root, so using sudo might help to read them.<br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>
tor.pid-32156<br>
<br>
/var/lib/tor/state<br>
<br>
#Tor state file last generated on 2016-05-25 04:36:02 local time<br>
#Other times below are in UTC<br>
#You *do not* need to edit this file.<br>
<br>
EntryGuard Jans 50586E25BE067FD1F739998550EDDCB1A14CA5B2 DirCache<br>
EntryGuardAddedBy 50586E25BE067FD1F739998550EDDCB1A14CA5B2 0.2.4.27<br>
2016-04-28 16:16:20<br>
<br>
THERE'S WAY more to the above file but I'm not sure what I should and<br>
shouldn't share on here. As a matter of fact, I'm not sure what half of<br>
this stuff means so I've spent the last few months trying to educate<br>
myself on as much of this as possible. Like I said, I am MORE than<br>
willing to talk to anyone out there who may be able to help.<br>
<br>
<br></span><span>
_______________________________________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org" target="_blank">tor-relays@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>
<br>
</span></blockquote><div><div>
_______________________________________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org" target="_blank">tor-relays@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" rel="noreferrer" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>