On 2024-02-29 16:40, candycanearter07 wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote at 13:06 this Thursday (GMT):
>> On 2024-02-29 13:21, Daniel65 wrote:
>>> immibis wrote on 29/2/24 10:17 pm:
>>>> On 29/02/24 09:46, Daniel65 wrote:
>>>>> immibis wrote on 29/2/24 5:27 am:
>>>>>> On 28/02/24 13:28, Daniel65 wrote:
>>>>>>> R.Wieser wrote on 28/2/24 8:25 pm:
>>>>>>>> Daniel65,
>>>>>>>>
>>>>>>>>> When I had updated the definitions and run a 'Deep Scan',
>>>>>>>>> AVG-Free was telling me that my IP Address was visible.
>>>>>>>>>
>>>>>>>>> Is this a real problem .... or is AVG just trying to flog
>>>>>>>>> me their Premium (i.e. PAID) Version??
>>>>>>>>
>>>>>>>> Them not providing information on when that it happens and
>>>>>>>> how it impacts your machine is definitily a red flag.  FUD
>>>>>>>> comes to mind (Fear, Uncertainty, Doubt).
>>>>>>>>
>>>>>>>> Heck, if your 'puter has internet access than the router can
>>>>>>>> 'see' your puters IP.  It has to, otherwise it can't give
>>>>>>>> your 'puter the responses to requests it send.
>>>>>>>
>>>>>>> That's about how I see it, too. My ISP MUST know my IP address
>>>>>>> so that they can know who 'I' am so they can work out what
>>>>>>> UserName/Password I have to send to get access to my UseNet
>>>>>>> account with them.
>>>>>>>
>>>>>>> That even makes sense to me NOW!!
>>>>>>>
>>>>>>> Thanks.
>>>>>>
>>>>>> You're posting this from eternal-september.
>>>>>
>>>>> Yes, So ..................??
>>> >
>>>> so you are not using your ISP's news server and they don't know your
>>>> E-S username and password
>>>
>>> Ah!! O.K., my ISP is tpg (https://www.tpg.com.au/) and I don't know IF
>>> they even have a news-server as I set up this E-S account when I was
>>> with a previous ISP who closed his News Server.
>>
>> The point is that you said:
>>
>> «That's about how I see it, too. My ISP MUST know my IP address
>> so that they can know who 'I' am so they can work out what
>> UserName/Password I have to send to get access to my UseNet
>> account with them.»
>>
>> We are telling you that no, they can not work out your username/password
>> at anything.
>>
>> Unless that "anything" doesn't do security.

..........................^^^^^^^^^^^^^^^^^^^^^
..........................*********************
>
> To be fair, if you send credentials with no encryption they could see
> that.

--
Cheers, Carlos.

Carlos E.R. wrote:
> candycanearter07 wrote:
>>>
>>> Unless that "anything" doesn't do security.
>
> .........................^^^^^^^^^^^^^^^^^^^^^
> .........................*********************
>>
>> To be fair, if you send credentials with no encryption they could see
>> that.
>
To me, my problem w/ being on the same page w/ some privacy or security
buffs is that I feel that I am looking at the world 'realistically' --
where realistically does NOT mean I'm living in some country that wants
to spy on my every move, nor am I some kind of potential felon that LE
is 'after' to the point that they have obtained the necessary subpoenas
to snoop on my transaction traffic to/from my ISP, nor do I believe that
my ISP is crooked and has its own reasons to snoop my transmissions.

On top of that, and this is where I become even less privacy conscious
than many others, I don't even care if google snoops my mail and my
searches/web activity.

So, maybe there are levels of privacy or security oriented individuals:
- those activists in 3rd world countries
- those who are up to no good who might be under the eyes of LE
- those who don't like google and other such snooping their activities
- those who are oblivious to everything and can't even manage to do
anything securely so they are at the mercy of all kinds of predators. I
have a relative in that group.

--
Mike Easter

On 2/29/2024 10:40 AM, candycanearter07 wrote:
> Carlos E.R. <robin_listas@es.invalid> wrote at 13:06 this Thursday (GMT):
>> On 2024-02-29 13:21, Daniel65 wrote:
>>> immibis wrote on 29/2/24 10:17 pm:
>>>> On 29/02/24 09:46, Daniel65 wrote:
>>>>> immibis wrote on 29/2/24 5:27 am:
>>>>>> On 28/02/24 13:28, Daniel65 wrote:
>>>>>>> R.Wieser wrote on 28/2/24 8:25 pm:
>>>>>>>> Daniel65,
>>>>>>>>
>>>>>>>>> When I had updated the definitions and run a 'Deep Scan',
>>>>>>>>> AVG-Free was telling me that my IP Address was visible.
>>>>>>>>>
>>>>>>>>> Is this a real problem .... or is AVG just trying to flog
>>>>>>>>> me their Premium (i.e. PAID) Version??
>>>>>>>>
>>>>>>>> Them not providing information on when that it happens and
>>>>>>>> how it impacts your machine is definitily a red flag.  FUD
>>>>>>>> comes to mind (Fear, Uncertainty, Doubt).
>>>>>>>>
>>>>>>>> Heck, if your 'puter has internet access than the router can
>>>>>>>> 'see' your puters IP.  It has to, otherwise it can't give
>>>>>>>> your 'puter the responses to requests it send.
>>>>>>>
>>>>>>> That's about how I see it, too. My ISP MUST know my IP address
>>>>>>> so that they can know who 'I' am so they can work out what
>>>>>>> UserName/Password I have to send to get access to my UseNet
>>>>>>> account with them.
>>>>>>>
>>>>>>> That even makes sense to me NOW!!
>>>>>>>
>>>>>>> Thanks.
>>>>>>
>>>>>> You're posting this from eternal-september.
>>>>>
>>>>> Yes, So ..................??
>>> >
>>>> so you are not using your ISP's news server and they don't know your
>>>> E-S username and password
>>>
>>> Ah!! O.K., my ISP is tpg (https://www.tpg.com.au/) and I don't know IF
>>> they even have a news-server as I set up this E-S account when I was
>>> with a previous ISP who closed his News Server.
>>
>> The point is that you said:
>>
>> «That's about how I see it, too. My ISP MUST know my IP address
>> so that they can know who 'I' am so they can work out what
>> UserName/Password I have to send to get access to my UseNet
>> account with them.»
>>
>> We are telling you that no, they can not work out your username/password
>> at anything.
>>
>> Unless that "anything" doesn't do security.
>
> To be fair, if you send credentials with no encryption they could see
> that.
>

Use Wireshark.

Connect to E-S on port 119.

What do you see go by ?

Your USER and PASS.

Port 119 is an example of "doesn't do security".

Paul

On 2024-03-01 03:33, Paul wrote:
> On 2/29/2024 10:40 AM, candycanearter07 wrote:
>> Carlos E.R. <robin_listas@es.invalid> wrote at 13:06 this Thursday (GMT):
>>> On 2024-02-29 13:21, Daniel65 wrote:
>>>> immibis wrote on 29/2/24 10:17 pm:
>>>>> On 29/02/24 09:46, Daniel65 wrote:
>>>>>> immibis wrote on 29/2/24 5:27 am:
>>>>>>> On 28/02/24 13:28, Daniel65 wrote:
>>>>>>>> R.Wieser wrote on 28/2/24 8:25 pm:
>>>>>>>>> Daniel65,
>>>>>>>>>
>>>>>>>>>> When I had updated the definitions and run a 'Deep Scan',
>>>>>>>>>> AVG-Free was telling me that my IP Address was visible.
>>>>>>>>>>
>>>>>>>>>> Is this a real problem .... or is AVG just trying to flog
>>>>>>>>>> me their Premium (i.e. PAID) Version??
>>>>>>>>>
>>>>>>>>> Them not providing information on when that it happens and
>>>>>>>>> how it impacts your machine is definitily a red flag.  FUD
>>>>>>>>> comes to mind (Fear, Uncertainty, Doubt).
>>>>>>>>>
>>>>>>>>> Heck, if your 'puter has internet access than the router can
>>>>>>>>> 'see' your puters IP.  It has to, otherwise it can't give
>>>>>>>>> your 'puter the responses to requests it send.
>>>>>>>>
>>>>>>>> That's about how I see it, too. My ISP MUST know my IP address
>>>>>>>> so that they can know who 'I' am so they can work out what
>>>>>>>> UserName/Password I have to send to get access to my UseNet
>>>>>>>> account with them.
>>>>>>>>
>>>>>>>> That even makes sense to me NOW!!
>>>>>>>>
>>>>>>>> Thanks.
>>>>>>>
>>>>>>> You're posting this from eternal-september.
>>>>>>
>>>>>> Yes, So ..................??
>>>> >
>>>>> so you are not using your ISP's news server and they don't know your
>>>>> E-S username and password
>>>>
>>>> Ah!! O.K., my ISP is tpg (https://www.tpg.com.au/) and I don't know IF
>>>> they even have a news-server as I set up this E-S account when I was
>>>> with a previous ISP who closed his News Server.
>>>
>>> The point is that you said:
>>>
>>> «That's about how I see it, too. My ISP MUST know my IP address
>>> so that they can know who 'I' am so they can work out what
>>> UserName/Password I have to send to get access to my UseNet
>>> account with them.»
>>>
>>> We are telling you that no, they can not work out your username/password
>>> at anything.
>>>
>>> Unless that "anything" doesn't do security.
>>
>> To be fair, if you send credentials with no encryption they could see
>> that.
>>
>
> Use Wireshark.
>
> Connect to E-S on port 119.
>
> What do you see go by ?
>
> Your USER and PASS.
>
> Port 119 is an example of "doesn't do security".

Change news provider and/or client :-)

--
Cheers, Carlos.

On 2/29/2024 11:11 PM, Carlos E.R. wrote:
> On 2024-03-01 03:33, Paul wrote:
>> On 2/29/2024 10:40 AM, candycanearter07 wrote:
>>> Carlos E.R. <robin_listas@es.invalid> wrote at 13:06 this Thursday (GMT):
>>>> On 2024-02-29 13:21, Daniel65 wrote:
>>>>> immibis wrote on 29/2/24 10:17 pm:
>>>>>> On 29/02/24 09:46, Daniel65 wrote:
>>>>>>> immibis wrote on 29/2/24 5:27 am:
>>>>>>>> On 28/02/24 13:28, Daniel65 wrote:
>>>>>>>>> R.Wieser wrote on 28/2/24 8:25 pm:
>>>>>>>>>> Daniel65,
>>>>>>>>>>
>>>>>>>>>>> When I had updated the definitions and run a 'Deep Scan',
>>>>>>>>>>> AVG-Free was telling me that my IP Address was visible.
>>>>>>>>>>>
>>>>>>>>>>> Is this a real problem .... or is AVG just trying to flog
>>>>>>>>>>> me their Premium (i.e. PAID) Version??
>>>>>>>>>>
>>>>>>>>>> Them not providing information on when that it happens and
>>>>>>>>>> how it impacts your machine is definitily a red flag.  FUD
>>>>>>>>>> comes to mind (Fear, Uncertainty, Doubt).
>>>>>>>>>>
>>>>>>>>>> Heck, if your 'puter has internet access than the router can
>>>>>>>>>> 'see' your puters IP.  It has to, otherwise it can't give
>>>>>>>>>> your 'puter the responses to requests it send.
>>>>>>>>>
>>>>>>>>> That's about how I see it, too. My ISP MUST know my IP address
>>>>>>>>> so that they can know who 'I' am so they can work out what
>>>>>>>>> UserName/Password I have to send to get access to my UseNet
>>>>>>>>> account with them.
>>>>>>>>>
>>>>>>>>> That even makes sense to me NOW!!
>>>>>>>>>
>>>>>>>>> Thanks.
>>>>>>>>
>>>>>>>> You're posting this from eternal-september.
>>>>>>>
>>>>>>> Yes, So ..................??
>>>>>   >
>>>>>> so you are not using your ISP's news server and they don't know your
>>>>>> E-S username and password
>>>>>
>>>>> Ah!! O.K., my ISP is tpg (https://www.tpg.com.au/) and I don't know IF
>>>>> they even have a news-server as I set up this E-S account when I was
>>>>> with a previous ISP who closed his News Server.
>>>>
>>>> The point is that you said:
>>>>
>>>> «That's about how I see it, too. My ISP MUST know my IP address
>>>> so that they can know who 'I' am so they can work out what
>>>> UserName/Password I have to send to get access to my UseNet
>>>> account with them.»
>>>>
>>>> We are telling you that no, they can not work out your username/password
>>>> at anything.
>>>>
>>>> Unless that "anything" doesn't do security.
>>>
>>> To be fair, if you send credentials with no encryption they could see
>>> that.
>>>
>>
>> Use Wireshark.
>>
>> Connect to E-S on port 119.
>>
>> What do you see go by ?
>>
>> Your USER and PASS.
>>
>> Port 119 is an example of "doesn't do security".
>
> Change news provider and/or client :-)
>

E-S offers both. This allows really ancient clients which
lack SSL/TLS to connect to the server (119). And there are
people who like the really old client software. There
is no such thing as "too old software" when it
comes to USENET.

It would be like expecting an EMACS user to stop using EMACS.
Not gonna happen.

There is even at least one guy, using an ancient computer
to connect on USENET. So in addition to an old client, even
the OS is something you've never heard of. It takes all kinds.

Paul

Mike Easter wrote on 1/3/24 4:45 am:
> Daniel65 wrote:
>> O.K., so if AVG are trying to flog me a VPN ..... I'm connecting to
>> the UseNet via my TelCo (TPG) and then to Eternal-September. Are E-S,
>> in effect, a VPN??
>
> Typically, when you connect to your NSP news service provider you are
> connecting via your ISP connectivity provider TPG.  Some NSP's (not E-S)
> 'stamp' your news message here w/ your connectivity provider's
> connecting IP.  That IP may be associated w/ your geolocation, such as
> your 'home town' or city.  Some people don't like for their real name or
> their real email address or their ISP or their home city exposed to
> others on usenet.
>
> Usenet is more anonymizing than social media because you don't have to
> expose your ISP IP, real email address or a city or an email address if
> you don't want to, but you can if you want to.
>
> Selling VPN service has become an enterprise, so various entities like
> to do whatever they can to convince you that having a VPN is better than
> not.  Many/most of us know that we don't need a VPN to hide our IP from
> entities which we contact online such as NSP or webserver.
>
> AVG is just another one selling VPN service.
>
Thank you, Mike.
--
Daniel

Paul <nospam@needed.invalid> wrote at 08:42 this Friday (GMT):
> On 2/29/2024 11:11 PM, Carlos E.R. wrote:
>> On 2024-03-01 03:33, Paul wrote:
>>> On 2/29/2024 10:40 AM, candycanearter07 wrote:
>>>> Carlos E.R. <robin_listas@es.invalid> wrote at 13:06 this Thursday (GMT):
>>>>> On 2024-02-29 13:21, Daniel65 wrote:
>>>>>> immibis wrote on 29/2/24 10:17 pm:
>>>>>>> On 29/02/24 09:46, Daniel65 wrote:
>>>>>>>> immibis wrote on 29/2/24 5:27 am:
>>>>>>>>> On 28/02/24 13:28, Daniel65 wrote:
>>>>>>>>>> R.Wieser wrote on 28/2/24 8:25 pm:
>>>>>>>>>>> Daniel65,
>>>>>>>>>>>
>>>>>>>>>>>> When I had updated the definitions and run a 'Deep Scan',
>>>>>>>>>>>> AVG-Free was telling me that my IP Address was visible.
>>>>>>>>>>>>
>>>>>>>>>>>> Is this a real problem .... or is AVG just trying to flog
>>>>>>>>>>>> me their Premium (i.e. PAID) Version??
>>>>>>>>>>>
>>>>>>>>>>> Them not providing information on when that it happens and
>>>>>>>>>>> how it impacts your machine is definitily a red flag.  FUD
>>>>>>>>>>> comes to mind (Fear, Uncertainty, Doubt).
>>>>>>>>>>>
>>>>>>>>>>> Heck, if your 'puter has internet access than the router can
>>>>>>>>>>> 'see' your puters IP.  It has to, otherwise it can't give
>>>>>>>>>>> your 'puter the responses to requests it send.
>>>>>>>>>>
>>>>>>>>>> That's about how I see it, too. My ISP MUST know my IP address
>>>>>>>>>> so that they can know who 'I' am so they can work out what
>>>>>>>>>> UserName/Password I have to send to get access to my UseNet
>>>>>>>>>> account with them.
>>>>>>>>>>
>>>>>>>>>> That even makes sense to me NOW!!
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>
>>>>>>>>> You're posting this from eternal-september.
>>>>>>>>
>>>>>>>> Yes, So ..................??
>>>>>>   >
>>>>>>> so you are not using your ISP's news server and they don't know your
>>>>>>> E-S username and password
>>>>>>
>>>>>> Ah!! O.K., my ISP is tpg (https://www.tpg.com.au/) and I don't know IF
>>>>>> they even have a news-server as I set up this E-S account when I was
>>>>>> with a previous ISP who closed his News Server.
>>>>>
>>>>> The point is that you said:
>>>>>
>>>>> «That's about how I see it, too. My ISP MUST know my IP address
>>>>> so that they can know who 'I' am so they can work out what
>>>>> UserName/Password I have to send to get access to my UseNet
>>>>> account with them.»
>>>>>
>>>>> We are telling you that no, they can not work out your username/password
>>>>> at anything.
>>>>>
>>>>> Unless that "anything" doesn't do security.
>>>>
>>>> To be fair, if you send credentials with no encryption they could see
>>>> that.
>>>>
>>>
>>> Use Wireshark.
>>>
>>> Connect to E-S on port 119.
>>>
>>> What do you see go by ?
>>>
>>> Your USER and PASS.
>>>
>>> Port 119 is an example of "doesn't do security".
>>
>> Change news provider and/or client :-)
>>
>
> E-S offers both. This allows really ancient clients which
> lack SSL/TLS to connect to the server (119). And there are
> people who like the really old client software. There
> is no such thing as "too old software" when it
> comes to USENET.

Oh does slrnpull support ssl?

> It would be like expecting an EMACS user to stop using EMACS.
> Not gonna happen.

Or vim users

> There is even at least one guy, using an ancient computer
> to connect on USENET. So in addition to an old client, even
> the OS is something you've never heard of. It takes all kinds.
>
> Paul

Backwards compatibility!
--
user <candycane> is generated from /dev/urandom

On Fri, 01 Mar 2024 10:20:10 -0500, candycanearter07 <candycanearter07@candycanearter07.nomail.afraid> wrote:

> Paul <nospam@needed.invalid> wrote at 08:42 this Friday (GMT):
>> E-S offers both. This allows really ancient clients which
>> lack SSL/TLS to connect to the server (119). And there are
>> people who like the really old client software. There
>> is no such thing as "too old software" when it
>> comes to USENET.

> Oh does slrnpull support ssl?
>
>> It would be like expecting an EMACS user to stop using EMACS.
>> Not gonna happen.
>
> Or vim users

For usenet clients that do no support ssl, stunnel can be used. The
program I'm using does not support it, so I use it.

In /etc/stunnel/stunnel.conf I have ...
[nntps]
client=yes
connect=news.eternal-september.org:563
cert=/etc/pki/tls/certs/stunnel.pem
accept=564
TIMEOUTconnect=60

The program I'm using (leafnode) then connects using localhost:564.
In /etc/leafnode/config ...
server = localhost
port = 564
#server = news.eternal-september.org
#port = 119
username = munged
password = munged
timeout = 300
timeout_fetchnews = 300
initialfetch = 500
nodesc = 1
maxage = 5
filterfile = /etc/leafnode/filters
debugmode = 0
create_all_links = 0
allow_8bit_headers = 1
article_despite_filter = 1
noxover = 1

The commented out above were for testing leafnode without using stunnel.

I then have my usenet reader set to collect articles from localhost port 119,
without any authentication needed.

Besides encrypting the password, another benefit is that for slow connections
it's faster as the encryption includes compression.

Regards, Dave Hodgins

David W. Hodgins <dwhodgins@nomail.afraid.org> wrote at 17:09 this Friday (GMT):
> On Fri, 01 Mar 2024 10:20:10 -0500, candycanearter07 <candycanearter07@candycanearter07.nomail.afraid> wrote:
>
>> Paul <nospam@needed.invalid> wrote at 08:42 this Friday (GMT):
>>> E-S offers both. This allows really ancient clients which
>>> lack SSL/TLS to connect to the server (119). And there are
>>> people who like the really old client software. There
>>> is no such thing as "too old software" when it
>>> comes to USENET.
>
>> Oh does slrnpull support ssl?
>>
>>> It would be like expecting an EMACS user to stop using EMACS.
>>> Not gonna happen.
>>
>> Or vim users
>
> For usenet clients that do no support ssl, stunnel can be used. The
> program I'm using does not support it, so I use it.
>
> In /etc/stunnel/stunnel.conf I have ...
> [nntps]
> client=yes
> connect=news.eternal-september.org:563
> cert=/etc/pki/tls/certs/stunnel.pem
> accept=564
> TIMEOUTconnect=60
>
> The program I'm using (leafnode) then connects using localhost:564.
> In /etc/leafnode/config ...
> server = localhost
> port = 564
> #server = news.eternal-september.org
> #port = 119
> username = munged
> password = munged
> timeout = 300
> timeout_fetchnews = 300
> initialfetch = 500
> nodesc = 1
> maxage = 5
> filterfile = /etc/leafnode/filters
> debugmode = 0
> create_all_links = 0
> allow_8bit_headers = 1
> article_despite_filter = 1
> noxover = 1
>
> The commented out above were for testing leafnode without using stunnel.
>
> I then have my usenet reader set to collect articles from localhost port 119,
> without any authentication needed.
>
> Besides encrypting the password, another benefit is that for slow connections
> it's faster as the encryption includes compression.
>
> Regards, Dave Hodgins

Oh, that's a neat little trick. If slrnpull does support SSL, I
would still want to use the native implementation.
--
user <candycane> is generated from /dev/urandom

On 2024-03-01 09:42, Paul wrote:
> On 2/29/2024 11:11 PM, Carlos E.R. wrote:
>> On 2024-03-01 03:33, Paul wrote:
>>> On 2/29/2024 10:40 AM, candycanearter07 wrote:
>>>> Carlos E.R. <robin_listas@es.invalid> wrote at 13:06 this Thursday (GMT):
>>>>> On 2024-02-29 13:21, Daniel65 wrote:
>>>>>> immibis wrote on 29/2/24 10:17 pm:
>>>>>>> On 29/02/24 09:46, Daniel65 wrote:
>>>>>>>> immibis wrote on 29/2/24 5:27 am:

....

>>>>> The point is that you said:
>>>>>
>>>>> «That's about how I see it, too. My ISP MUST know my IP address
>>>>> so that they can know who 'I' am so they can work out what
>>>>> UserName/Password I have to send to get access to my UseNet
>>>>> account with them.»
>>>>>
>>>>> We are telling you that no, they can not work out your username/password
>>>>> at anything.
>>>>>
>>>>> Unless that "anything" doesn't do security.
>>>>
>>>> To be fair, if you send credentials with no encryption they could see
>>>> that.
>>>>
>>>
>>> Use Wireshark.
>>>
>>> Connect to E-S on port 119.
>>>
>>> What do you see go by ?
>>>
>>> Your USER and PASS.
>>>
>>> Port 119 is an example of "doesn't do security".
>>
>> Change news provider and/or client :-)
>>
>
> E-S offers both. This allows really ancient clients which
> lack SSL/TLS to connect to the server (119). And there are
> people who like the really old client software. There
> is no such thing as "too old software" when it
> comes to USENET.

I was surprised to see that Leafnode v2 doesn't support ssl/tls. I
thought it was supported, but I don't see it in the documentation.
Still, it doesn't matter to me, as all the conversations are public.

TB does support it.

>
> It would be like expecting an EMACS user to stop using EMACS.
> Not gonna happen.
>
> There is even at least one guy, using an ancient computer
> to connect on USENET. So in addition to an old client, even
> the OS is something you've never heard of. It takes all kinds.
>
> Paul

--
Cheers, Carlos.