Pale Moon offered me an iPhone X. Apparently a satisfaction survey. Topic is solved

[Uppity]

This is a FYI. I don't know what if any measures I should take, because of this.

I clicked a link from DuckDuckGo and a window popped up, obscuring the page I wanted to look at.

It indicated that my IP was selected to receive the iPhone from Pale Moon, for what seems to have been a survey.

I ran top in terminal and the only thing suspicious was a Debian-+ user running the command 'tor'.

Code: Select all

1624 debian-+  20   0   58012  30060  10116 S   0.3  0.5   0:13.61 tor

Tor is not installed on Linux Mint 17.3.

The Debian-+ user continues to appear in brief, intermittent instances, including after I disconnected from the internet.

Here is what was running when I last saw the Debian-+ user.
I separated that entry with blank lines above and below, since bold will not work within code tags.

I hit control-c to stop top.

Code: Select all

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND     
 2796 gt        20   0 2492308 472020 115408 S   5.0  7.9  25:56.71 palemoon    
 1304 root      20   0  486136  90068  72732 S   3.6  1.5   6:40.95 Xorg        
 2663 gt        20   0  971824 202076  78444 S   1.7  3.4   4:27.86 iridium-br+ 
 4803 gt        20   0  533284  28744  22704 S   1.7  0.5   0:04.25 gnome-term+ 
 2223 gt        20   0 1413468 163472  64740 S   1.0  2.7   7:07.25 cinnamon    
 2681 gt        20   0  952448 169456  70896 S   0.7  2.8   1:42.72 iridium-br+ 
 4942 gt        20   0   24964   3092   2576 R   0.7  0.1   0:00.04 top         
  545 root     -51   0       0      0      0 S   0.3  0.0   0:22.04 irq/28-iwl+ 
  
1624 debian-+  20   0   58012  30060  10116 S   0.3  0.5   0:13.89 tor   
   
 4837 root      20   0       0      0      0 S   0.3  0.0   0:00.57 kworker/u8+ 
    1 root      20   0   34184   4716   2648 S   0.0  0.1   0:02.02 init        
    2 root      20   0       0      0      0 S   0.0  0.0   0:00.02 kthreadd    
    3 root      20   0       0      0      0 S   0.0  0.0   0:00.03 ksoftirqd/0 
    5 root       0 -20       0      0      0 S   0.0  0.0   0:00.00 kworker/0:+ 
    7 root      20   0       0      0      0 S   0.0  0.0   0:08.22 rcu_sched   
    8 root      20   0       0      0      0 S   0.0  0.0   0:00.00 rcu_bh      
    9 root      rt   0       0      0      0 S   0.0  0.0   0:00.00 migration/0

This was a first.

The iridium browser was also open, though it sees very limited use... mostly weather underground, google maps and youtube. I run it barefooted with no extensions or apps.

[Moonchild]

Links are spoopy.
You clicked a link in DuckDuckGo and it took you to a site with aggressive spam. Such sites are usually also loaded with a mountain of nasty scripts to try and load as much ad material in the background as possible while you deal with the overlay/ad/spam in front of your face, which can seriously crank up your resource usage.

None of this is a browser issue or unexpected on such sites.

[Uppity]

That makes sense.
I should have known that...

At the least, I learned a new word: spoopy

Thank you.

[therube]

Well color me confused & peaked, & not that I know Linux or htop...

Is debian-+ an expected (acceptable) USER?
I guess, does a debian system come with some default debian USER?

And then if you don't have tor (as in like presumably the Tor browser), then how is "tor" running?
Just what is this "tor" program (processes?)?
Wouldn't you have to have some tor on your end?

[Lew Rockwell Fan]

What do you get with

Code: Select all

ps -wweo args|grep tor|grep -v grep

?
What about doing a global search for files named "tor"? Does anyone else use your machine? Is it possible you are running a tor node? If you never installed tor, this would freak me out.

[Lew Rockwell Fan]

I'll add that tor is not synonymous with the tor browser. You could run tor without noticing, but not the tor-browser. It's been a while since I played with tor (other than to check out the tor function built into the brave browser which sucks as a browser but makes a better weborrent client than the official one), but I do recall that on some systems, I think it created a user "debian-tor". I vaguely remember it being discussed on their website in reference to firewalls.

Also, FWIW, I don't see any user or any process on my system named either "tor" or "debian*", * meaning anything. Not from filtering htop, not in the output of ps, and not in this:

Code: Select all

$ awk -F':' '{ print $1}' /etc/passwd|grep debian
$ awk -F':' '{ print $1}' /etc/passwd|grep tor
$ 

[Uppity]

What do you get with

Code: Select all

ps -wweo args|grep tor|grep -v grep

?
What about doing a global search for files named "tor"? Does anyone else use your machine? Is it possible you are running a tor node? If you never installed tor, this would freak me out.

Thanks for the reply. I just saw this.

I was a little freaked out...

I have now installed the Tor browser in Mint 17.3
In a search, tor produced 6,400+ results.

FWIW,

Code: Select all

$ ps -wweo args|grep tor|grep -v grep
/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc --hush
/usr/lib/gvfs/gvfs-udisks2-volume-monitor
/usr/lib/gvfs/gvfs-afc-volume-monitor
/usr/lib/gvfs/gvfs-gphoto2-volume-monitor
/usr/lib/gvfs/gvfs-mtp-volume-monitor 

I have no clue if I am running a tor node. I do not think so, though.