Anyone tried XeroBank (formerly Torrify)

1. XeroBank Pro does not leak. Relakks and Findnot do. Relakks actually leaks 100%, and Findnot leaks a little less, they use PPTP and are lightyears behind in technology. The connection we use is TLS encryption, and it is an all-or-nothing connection. if you lose connectivity, you get no access rather than leaked access. This is called "failing securely" and is a property of portable privacy.

2. sent.

3. Oh, that is easy. use xB Machine. You can have a whole virtualized computer existing in your regular computer. What goes on with your virtualized workstation will all be encrypted, everything else won't.

 

What XeroBank mailed was in response to people requesting signups without javascript. It is possible, however, for you to download without using Javascript, but the security theory I told you applies just the same. Here is where you can download without Javascript, but it is ugly. https://software.xerobank.com/data.php?transid=xxxx-xxxx-xxxx-xxxx

Where the xxxx etc is your transaction ID for the account.

I suppose you would like a link for downloading without javascript in the usercp?

What you are suggesting is that the users we have are smart enough to know they want to disable javascript, but don't understand security enough to know that distrust(x) + trust(x) = trust(x). Not hard to believe... hmmm. I'll have to think of the best way to implement that, if at all. While we are professional in our offerings, we try to make things easy. But I think we would rather educate the consumer rather than cater to poor security understandings. requires more thought and conversation with the board.

 

I am not sure, but I think that some redirect hyperlinks are not working with the referrer option enabled.

I noticed that some links from e-mails received (webmails) are sent to another window of Firefox/Xerobank and instead of this link being opened automatically, it stops from loading, with this address, for instance:

http://gmail.com/redirect=http://www.wildersecurity.com/seethread1221.php

All I have to do is remove the first lines, and go myself to this URL. You can do this easily by changing the URL address right on the top.

http://www.wildersecurity.com/seethread1221.php

I guess this option (Referrer disabled) sometimes makes links being frozen, another example is, when you try to log on vbulettin boards. Remember the option: (Click here if your browser does not automatically redirect you.).

I have to click on this link, every time (here on Wilders) because the redirect is not working by itself.

Like you said, this option disabled should be tested more, to see if is a good idea to remain this way. Otherwise, it's useless to keep surfing like that.

What I am concerned is the fact that everyone might be seeing my last website acessed (where I came from), before I click them on my favorites list or type the adress manualy while my current page/website is opened.

That's why I always click on "Start page" (which is a blank page here) before enter any URL. I don't want them to know what was my last website acessed.

Correct me if I am wrong - these Referrer tracks are only verified by all websites (on their Cpanel logs) if they are acessed by some hyperlink?

I mean, if you put xerobank.com URL on your member signature, and I click on your hyperlink, xerobank.com servers can tell that someone acessed their website from Wilders Security.

The same feature is available on all Youtube videos.

However, if I type manually xerobank.com URL on the browser, without closing/leaving Wilders Security board, one referrer will be sent anyway?

If the answer is no, the Referrer option should be disabled.

 

No referrer is sent when you manually type in a URL or use a bookmark. Disabling the sending of referrers is not a good idea however. For example, you might have a page with links to photos you have taken on it. You would then configure your server so that all .jpg files can only be viewed if they contain a referrer from your own server, to prevent hotlinking (people stealing your bandwidth). Referrers can also be used for security, although I guess it is very easy to fake a referrer. So not sending out any referrers means that a lot of things won't work.

 

Hey guys, we've been discussing some design issues, and I would like to hear what you think. If you wanted to upgrade from xB Browser using the Tor network, to xerobank network, would you want to upgrade using a code in the browser, or would you want to log in to download a new browser, or both?

 

I get 251 KByte/s 2005 kbit/s up, and 88 KByte/s 704 kbit/s down using IE browser.

 

I am using the three day free trial for XeroBank. It appears quite impressive.

Does this service operate only through the XBBrowser? Or can other internet browsers such as Opera or newsgroup readers such as Agent be configured by paying XeroBank account holders for anonymous surfing?

Thanks in advance.

 

I don't know about using the plus service with another browser, but I have the VPN and am far too spoiled to even consider a plus account. It is much faster and my entire computer is covered. I am very happy with it.

 

Mr Topletz:

I would prefer to have both options.

ALSO I HAVE ANOTHER QUESTION:
When I used torrify/torpark prior to using xerobank, my IP was constantly changing when I checked it on one of the IP checking sites.

Now with the new Xerobank VPN account I see that the only IP that ever appears is 88.198.241.106 [gwde5.meshmx.com]

This is true even if I use the updated browser (xerobank). I do not see any button to flush the circuit on the xerobank browser, I assume that is not necessary under VPN?

It looks to me like with the VPN account, there are not randomly changing Tor exit points? That is a very big disappointment to me, I'd almost rather use the old free Torpark/Torrify again to regain the higher level of anonymity.

Please any comments? Am I overlooking something?

 

Nathan, The reason is that the Xerobank VPN is totally different than their Xerobank browser that is configured through TOR. That is the FREE option. The PAID option is a (much faster) VPN that runs through Xerobank's own servers with no TOR involvement by default. This is confusing a lot of people. The same name for both products is the cause of the confusion. I'm not sure of the solution, but my guess is that Steve is giving it a lot of thought as I type.

 

There are significant differences between XB Plus and XB Pro.

XB Pro is awesome!! It is configured around VPN. The connection is very, very fast which makes it utterly worth it!!

XB Pro anonymizes your entire Internet connection and all your applications at one stroke...

B

 

Does XB Pro anonymize connections through Bitcomet, Utorrent and other torrent clients? Would these be considered P2P as much as something like Napster or Emule?

 

XB Pro anonymizes ALL your internet connections, and I believe that is all TCP/IP and UDP connections.

B

 

I just wanted to make sure before I switched from Total Net Shield to this that is actually anonymizes torrent downloads. Total Net Shield doesn't. I just can't imagine the RIAA and MIAA not going after Xerobank in the long run demanding records of user connections.

 

Xerobank's servers are offshore!!!
See Xerobank's "Client Secrecy Guarantee" here:
http://xerobank.com/csg.html

Also, see the differences in their plans here:
http://xerobank.com/services.html

Good luck!

 

I guess I would judge randomly changing IP numbers as in the TOR system as giving far more of an "anonymous" status than if the same IP appears all the time for every place I go, especially since TOR involves middlemen computers as well and apparently the XB tunneling system does not. It's a disappointment to me.

Also, it seems then that there's no real need to use Xerobank browser as opposed to Foxfire with add-ons, if I use the Xerobank VPN? In other words, there's no real benefit to be gained by using both together is there?

 

A study of how the Tor network functions is very valuable. Tor uses the priciple of "Perfect Forward Secrecy", which in addition to encryption means that each individual hop only knows about the hop directly preceding it, and the next hop in the destination chain. Naturally, this provides a very high degree of anonymity. In order to use Tor, the oprating environment, the browser must be secure. That is what the XB browser does. It accesses the Tor network in a secure environment. I think I see where you're going here.. The usage of the XB browser is certainly more than enough. One's ISP can see that there is a connection to the Tor network, it just can't see what one is doing. Using XB VPN offers the additional advantages of speed, and as one is connected first to theXB network, then to a Tor entry node, it offers yet a higher degree of privacy and anonymity.

 

That is actually a very bad measure of anonymity. In the case that the observer can watch the nodes, you want crowding over your IP addresses, it doesn't matter that the IP addresses go through a large range or not. The people who want large ranges are usually scammers or market research firms who want to fake their results and thus need large pools of IP addresses.

Tor requires middleman nodes for a few reasons, but the most striking is because the exit nodes can monitor your traffic, so you need another layer of separation. In this case, XeroBank doesn't need 3 nodes, because we control the exit node as well.

Actually there is a large advantage. For example, if you are a user who connect to Yahoo, and yahoo places sign & seal tracking data in your computer, or has done so in the past, your anonymity is nullified with Yahoo. Only xB Browser will search and destroy Yahoo Sign & Seal tracking data, among other threats that no add-ons currently address.

 

Yes, xB Pro does anonymize ALL your internet connections through the VPN interface.

XeroBank Plus clients can get similar anonymity for all their programs by using the internet through xB Machine.

 

If Xerobank would get a series of IP blocks like some of the anonymizing services (anonymizer uses a different IP number each day and the numbers vary quite a bit, ie they're not all in the same block), then that would probably get around the internet cafe or access point (Kinkos) quick blockage. It also would be more of an emulation of the way TOR works by skipping around with the IPs. In other words, it would be the best of all worlds.

Is this even an idea for the future for Xerobank

 

We've actually acquired many IP address blocks, but we are getting ready to roll them out in a new service. Thanks for the heads up, we'll contact Kinkos. Sit tight.

 

Torrify,
I was visiting this website today:

http://www.wired.com/politics/secur...s/2007/09/security_matters_0920?currentPage=1

And here's a PDF that I found:

http://advocacy.globalvoicesonline....adMonitor/user_uploads/Anonymous_Blogging.pdf

It is related to your explanation. See these two posts from this same thread:

https://www.wilderssecurity.com/showpost.php?p=1040452&postcount=131

https://www.wilderssecurity.com/showpost.php?p=1040824&postcount=132

You're right about the warning display. This kind of test described on the PDF have a positive result regarding the TOR exit node which was described as "Warning - red gif" on your website. Your website isn't updated at that moment, so he did not say this is a TOR exit node.

I've made some changes (Flush Tor Circuit) and always XeroBank is using one IP related to a Tor exit node. Xenobite has confirmed.

From the PDF of Anonymous Blogging:

After installed TOR on your current browser...

d) Turn on Tor in Firefox and test it out. With Tor turned on, visit this URL (https://torcheck.xenobite.eu . By clicking, you will get a security alert dialog box - unable to verify the identity of xenobite.eu as a trusted site. Click OK in order to accept the self-signed certificate for that particular session.

http://img525.imageshack.us/img525/9196/wpe3db0.jpg

After clicking, if you get this message telling you, “Your IP is identified to be a Tor-EXIT. So you are using Tor successfully to reach the web.”, then you’ve got everything installed correctly and you’re ready for the next step.

http://img526.imageshack.us/img526/525/wpe4cg2.jpg

Otherwise you will get this message telling you that “Your IP is NOT identified to be a Tor-EXIT. So you are not using Tor to reach the web”.

http://img230.imageshack.us/img230/838/wpe5pv6.jpg

Why?

It’s always a good idea to see whether the software you’ve installed works, especially when it’s doing something as important as Tor is. The page you’re accessing is checking to see what IP address your request is coming from. If it’s from a known Tor node, Tor is working correctly and your IP is disguised - if not, something’s wrong and you should try to figure out why Tor isn’t working correctly.

Alternative instructions if you’re going to be writing primarily from shared computers (like cybercafe computers) or you’re unable to install software on a computer.

a) Download XeroBank Browser (xB Browser)

Download the package from the xB Browser site onto a computer where you can save files. Insert your USB key and copy the xB-Browser.exe onto the key. Using this USB key and any Windows computer where you can insert a USB key, you can access a Tor-protected browser. On this shared computer, quit the existing web browser. Insert the key, find the key’s filesystem on the Desktop, and double-click the xB-Browser_latest.exe. This will launch a new browser which accesses the web through Tor.

http://img475.imageshack.us/img475/8498/wpe6bp0.gif

b) Test that XeroBank Browser is working by visiting the Tor test site with the Tor-enabled browser and making sure you get a “Your IP is identified to be a Tor-EXIT” message.

http://img227.imageshack.us/img227/4198/wpe7fa0.gif

Why?

XeroBank is a highly customized version of the Firefox browser with Tor and Privoxy already installed. It’s designed to be placed on a USB key so that you can access Tor from shared computers that don’t permit you to install software. While I recommend XeroBank and use it when I travel, it is not formally supported by the folks behind Tor - they’re not happy that early versions of the program weren’t released with source code, which meant that it was impossible to determine precisely what XeroBank did and how it used Tor’s source code.

A more recent version of the program includes source code - it will be interesting to see whether Tor’s programmers offer their blessing of this version. Roger Dingledine of Tor has also indicated that he and his colleagues are planning an open source version of a portable browser with Tor installed, but the timeline for this new project is unknown.

Well, aside from these rumours of unresolved disputes from Steve and TOR developers (and perhaps the reason behind the change of Torpark/Torrify), I must say XeroBank was not a "good" choice, in my opinion, to call this browser. Resembles some sort of institution (a bank?) which may scare some paranoid people, and conspiracy theorists.

As you can see, it's a false alert from XeroBank Anonymity Checker:

http://support.xerobank.com/IPSpy

This IP: 221.130.193.6 have a Warning (red picture) and is not described as a TOR exit node on XeroBank's website. However, xenobite have this description of the same IP address:

Your current IP [?] 221.130.193.6
Your current FQDN [?] (none)
Your current Tor-EXIT "Unnamed" (CN) [LOOKUP]

Your IP is identified to be a Tor-EXIT.
So you are using Tor successfully to reach the web!

It's like Steve explained - his Anonymity Checker is just not updated. \o/

As for the open-source subject, Wikipedia says:
http://en.wikipedia.org/wiki/XeroBank_Browser

Here's a good discussion and explanations from Steve and other users about it:
http://archives.seul.org/or/talk/Mar-2007/threads.html#00309

 

Right. We are in the middle of redoing everything. You won't see IPSpy much longer, it its current incarnation.

And I think xB Browser will go fully open source. We may or may not get around to writing a spec for the browser, which is what Roger's blessing depends on.

Steve

 

Folks,

Just to let everyone know, the 3 day demo appears to be cripple-ware. I could not add my bookmarks, repeated warnings about Demo Mode, port 80 only.
Ohhh-weeeL

Just a heads-up.

 

The bookmarks shouldn't be an issue. However, on the three day demo it is port 80 only, as https is heavily abused by fraudsters, so you don't get access to unlimited ports until you get a XeroBank account.