Phorm oix em provedores brasileiros! Estão coletando nossos dados. [RESOLVIDO]

MorbidFractal
(usa Ubuntu)

Enviado em 21/06/2012 - 18:53h

Ola Leandro

Sorry for not replying to your thread.

We have seen two types of redirect

http://a.oix.net/services/obind?eorig=<value>tok=<value>">http://a.oix.net/services/obind?eorig=<value>tok=<value>;
http://a.oix.net/services/invite?eorig=<value>tok=<value>">http://a.oix.net/services/invite?eorig=<value>tok=<value>;

The first acts on pictures within a web page, or as you have seen, sometimes if you click on a link to a picture. The second acts on a web page itself. Instead of going to the page you wish to view you are taken to a page inviting you to join the service. Naturally you tell them to 'get lost'..

As you have seen you can use the hosts file to block them but unfortunately it means you have to list each domain separately and then you may miss some... or in fact, as they have recently done, Phorm can invent some more in order to avoid you avoiding them.

It's a stupid game.

Recently *.phormlabs.com has been seen. The Dephormation tool is being updated. Unfortunately, if I understand correctly, the hosts file will not accept wildcards or IP addresses. You have to specify exact URLs.

4vndnawjto mentioned the Firewall so I thought I would try looking into Iptables.

Do not trust me on this. I am not an expert.

I would ask Fabio Brito,

http://br.linkedin.com/in/fbrito

Who is a Linux Expert but he is the 'Enemy'...

I hope someone else will be able to advise and improve the following if it is possible.

Please read the following completely and print it for reference before breaking things. Changes to Iptables are stored in memory and will be lost if you restart your computer without saving them. If it goes wrong restart your computer.


In a terminal, Applications|Accessories|Terminal



keith@keith-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
keith@keith-desktop:~$


Now add a New, -N, Chain


keith@keith-desktop:~$ sudo iptables -N KillPHORM
keith@keith-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain KillPHORM (0 references)
target prot opt source destination
keith@keith-desktop:~$


Add a Rule to that Chain with the Target REJECT


keith@keith-desktop:~$ sudo iptables -A KillPHORM -p all -s 0.0.0.0/0 -d 91.205.220.0/22 -j REJECT
keith@keith-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain KillPHORM (0 references)
target prot opt source destination
REJECT all -- anywhere 91.205.220.0/22 reject-with icmp-port-unreachable
keith@keith-desktop:~$


-A Adds, To KillPHORM
-p is protocol, set to all
-s is source, 0.0.0.0/0 is all
-d is destination, 91.205.220.0/22 is Phorm's NetBlock
-j sets the target to REJECT

Now add KillPHORM as a Target under Chain OUTPUT


keith@keith-desktop:~$ sudo iptables -A OUTPUT -j KillPHORM
keith@keith-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
KillPHORM all -- anywhere anywhere

Chain KillPHORM (1 references)
target prot opt source destination
REJECT all -- anywhere 91.205.220.0/22 reject-with icmp-port-unreachable
keith@keith-desktop:~$


-A Adds, To OUTPUT
-j sets the Target to KillPHORM

Now in your browser try,

http://navegador.oi.com.br
http://navegador.telefonica.com.br
http://a.oix.net
http://a.phormlabs.com

After a possible delay your browser should tell you it is unable to connect.

If the above has not interfered with your general browsing then you might choose to save the results..


keith@keith-desktop:~$ sudo iptables-save
# Generated by iptables-save v1.4.4 on Thu Jun 21 22:23:12 2012
*filter
:INPUT ACCEPT [2225:850706]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8003:716151]
:KillPHORM - [0:0]
-A OUTPUT -j KillPHORM
-A KillPHORM -d 91.205.220.0/22 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Jun 21 22:23:12 2012
keith@keith-desktop:~$

And wave a middle finger at Fabio and Phorm...


If something goes wrong later then


keith@keith-desktop:~$ sudo iptables -D KillPHORM 1
keith@keith-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
KillPHORM all -- anywhere anywhere

Chain KillPHORM (1 references)
target prot opt source destination
keith@keith-desktop:~$


-D To remove the Rule, 1, from The KillPHORM Chain


keith@keith-desktop:~$ sudo iptables -D OUTPUT 1
keith@keith-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain KillPHORM (0 references)
target prot opt source destination
keith@keith-desktop:~$


-D To remove the KillPHORM rule, 1, from The OUTPUT Chain


keith@keith-desktop:~$ sudo iptables -X KillPHORM
keith@keith-desktop:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
keith@keith-desktop:~$


-X To remove The User Defined KillPHORM Chain


keith@keith-desktop:~$ sudo iptables-save
# Generated by iptables-save v1.4.4 on Thu Jun 21 22:40:31 2012
*filter
:INPUT ACCEPT [3108:1368380]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8891:789824]
COMMIT
# Completed on Thu Jun 21 22:40:31 2012
keith@keith-desktop:~$


To Save the Result.

leandro
(usa Arch Linux)

Enviado em 21/06/2012 - 19:40h

Olá, Keith.

Fiz o procecedimento. Vamos aguardar pra ver se resolve. (não respondi em inglês, pois o meu é péssimo, rsrs)


@4vndnawjto. Por enquanto desativei a lista dos hosts para testar a solução do amigo acima. Torçemos para que dê certo! :)

@Alberto. Realmente, tudo o que você faz/digita na Internet é público. A solução mais eficaz (não é 100%, mas ajuda) para proteger a sua privacidade na Internet é simplesmente parar de usar o PC, Smartphones, tablets e afins; e ir morar em uma caverna no meio do mato, longe da civilização (para escapar do Google Street View). Mas, mesmo assim, você corre o risco de ser "pego" pelo Google maps, rsrs.

MorbidFractal
(usa Ubuntu)

Enviado em 21/06/2012 - 20:57h

Olá, Leandro

I have 'stolen' your 'á', my keyboard does not have one.

If it works perhaps you can explain in Portuguese. My English is rubbish as well :-)

http://img339.imageshack.us/img339/3714/nooi.png
http://img849.imageshack.us/img849/4915/notelefonica.png
http://img191.imageshack.us/img191/9407/nooix.png
http://img692.imageshack.us/img692/6978/nophormlabs.png

Abraços

Keith

MorbidFractal
(usa Ubuntu)

Enviado em 21/06/2012 - 21:43h

Olá 4vndnawjto

Muito Obrigado for starting this.

I hope it goes further.

Abraços

Keith

removido
(usa Nenhuma)

Enviado em 22/06/2012 - 14:27h

very tanks MorbidFractal!!!

MorbidFractal
(usa Ubuntu)

Enviado em 23/06/2012 - 08:47h

Unfortunately it is not persitent across re-boots :-(

I'm not very good at this.

You might try,

http://www.hardware.com.br/comunidade/software-phorm/1056667/19.html#post6033938

Abracos

Keith

Teixeira
(usa Linux Mint)

Enviado em 23/06/2012 - 09:42h

Sigam o raciocínio:
Se eu sei antecipadamente que o jogo do bicho é uma "contravenção", que o bicheiro e o escrevente são "contraventores" e que se eu for jogar terei igualmente o rótulo de "contraventor", e não poderei alegar em momento algum que "não sabia disso".:

o que é que faz uma empresa procurar propositadamente associar-se com outra que já foi banida de outros países por práticas comprovadamente ilegais?

o que é que faz os órgãos governamentais - diante de fatos comprovados e conhecidos mundialmente - aceitar como "sadia" e "normal" tal associação?

Como dizia o macaco Sócrates, "não precisa explicar: Eu só queria entender"...

leandro
(usa Arch Linux)

Enviado em 23/06/2012 - 13:34h

Vejamos... é só criar um script shell contendo as regras, e jogar na inicialização do sistema.

Há dois modos:

1- O simples:

Copie e salve com o nome de "iptables.sh":

#!/bin/bash

#Firewall iptables

#KillPHORM



iptables -N KillPHORM

iptables -A KillPHORM -p all -s 0.0.0.0/0 -d 91.205.220.0/22 -j REJECT

iptables -A OUTPUT -j KillPHORM



exit 0 

Depois, dê permissão de execução:

chmod +x iptables.sh

E mover para /etc:

sudo mv iptables.sh /etc

Abrir o arquivo /etc/rc.local:

sudo nano /etc/rc.local

E adicione a linha para chamar o script na inicialização:

#!/bin/sh -e

#

# rc.local

#

# This script is executed at the end of each multiuser runlevel.

# Make sure that the script will "exit 0" on success or any other

# value on error.

#

# In order to enable or disable this script just change the execution

# bits.

#

# By default this script does nothing.



/etc/iptables.sh

exit 0 

2- O método correto (testado apenas no Debian 6):

Copie e salve como "iptables":

#! /bin/sh

### BEGIN INIT INFO

# Provides:          iptables

# Required-Start:    $local_fs $remote_fs

# Required-Stop:     $local_fs $remote_fs

# Default-Start:     2 3 4 5

# Default-Stop:      0 1 6

# Description: Firewall iptables

### END INIT INFO



PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

NAME=iptables

DESC="Firewall"



case "$1" in

  start)

	echo "Starting $DESC" "$NAME"

	iptables -N KillPHORM

	iptables -A KillPHORM -p all -s 0.0.0.0/0 -d 91.205.220.0/22 -j REJECT

	iptables -A OUTPUT -j KillPHORM

	;;

  stop)

	echo "Stopping $DESC" "$NAME"

	iptables -F

	iptables -X KillPHORM

	;;

  restart|force-reload)

	echo "Restarting $DESC" "$NAME"

	iptables -F

	iptables -X KillPHORM

	iptables -N KillPHORM

	iptables -A KillPHORM -p all -s 0.0.0.0/0 -d 91.205.220.0/22 -j REJECT

	iptables -A OUTPUT -j KillPHORM

	;;

  status)

	iptables -S

	;;

  *)

	echo "Usage: $0 {start|stop|restart|force-reload|status}" >&2

	exit 1

	;;

esac



exit 0 

Dê permissão de execução:

chmod +x iptables

Mova para /etc/init.d:

sudo mv iptables /etc/init.d

E acrescente o script nos runlevels de inicialização:

sudo update-rc.d iptables defaults


Depois reinicie o PC e cheque se está tudo OK:

Método 1:
sudo iptables -L

Método 2:
sudo service iptables status


Abraços.

removido
(usa Nenhuma)

Enviado em 23/06/2012 - 17:13h

leandro este comando bloqueia o phorm?

MorbidFractal
(usa Ubuntu)

Enviado em 23/06/2012 - 17:25h

Olá Leandro

Muito Obrigado! You have shown the way ;-)

There is unfortunately a problem in your first example that if iptables already has the entries in place then you will end up with duplicate copies. In your second example if iptables already has other entries in place then, in particular the -F flush command, will remove them all and there may otherwise be a possibility of corruption or the additional entries.

I like your first method. Seriously I am an extreme novice but I understood there was a way of having scripts run at start up but with my luck I would put them in the wrong place and cause a Kernel Panic. I am prone to breaking things :-(

In your simple method the code becomes

My First Script....

#KillPHORM

 

if iptables -N KillPHORM;

then

iptables -A KillPHORM -p all -s 0.0.0.0/0 -d 91.205.220.0/22 -j REJECT

iptables -A OUTPUT -j KillPHORM;

fi

 

exit 0 

Now if the KillPHORM Chain is already in place then the first line fails and things fall over, hopefully gracefully.

If this is correct perhaps you can modify your examples and explain again. I'm sorry, you might see I do not know how to use the forum codes properly.

Abraços

Keith

MorbidFractal
(usa Ubuntu)

Enviado em 23/06/2012 - 19:28h

Unfortunately it will not stop them looking at your traffic on the internet. I think that is unavoidable.

These are guesses..

It will however prevent your computer from connecting to theirs so you will not receive the 'invite' page.

It may mean that when they try to force it on you their system will be rejected and your browsing will be interrupted so you have to try again..

You visit Google. They hi-jack with

http://a.oix.net/services/invite?eorig=%3Cvalue%3Etok=%3Cvalue%3E

You get 'Unable to Connect'.

Also they will not be able to set and read cookies from your computer using their domains. That will hopefully include any advertising they choose to embed on third party websites.

The company relies on 'behaviourally targeted advertising'. It is meant to be 'better' than 'other advertising'. If they are unable to identify you via their cookies because they are unable to set or read them then they lose their apparent advantage.

If this does work then it harms them.

You cannot stop them looking but you can harm them by rejecting them and, more importantly, helping others less aware to reject them in a similar way.

Your Friends, Your Neighbours, Your Community.

Abraços

Keith

MorbidFractal
(usa Ubuntu)

Enviado em 25/06/2012 - 05:05h

Found by a member of another forum..

http://www.cgi.br/regulamentacao/resolucao2012-008.htm

Does CGI.br have any authority in this matter or will this just be an opinion?