Re: [tor-talk] Tor DNS Deanonymization
There are many ways for your browser and other network traffic to betray your activities; it is not just DNS leaks ya got to be worried about, checkout the browser cache attacks that where shown at the BlackHat convention about two months ago. Title: I Know Where You've Been: Geo-Inference Attacks... Link: https://www.youtube.com/watch?v=lGb0AACAk1A Also be aware that DNS records are not the only way of linking specific users (or groups behind the same NAT) of a web server or multiple servers over time. Title : DEF CON 18 - Peter Eckersley - How Unique Is Your Browser? Link: https://www.youtube.com/watch?v=OwxhAjtgFo8 Stay safe y'all. On November 2, 2016 10:13:00 AM PDT, sajolida wrote: >Alec Muffett: >> On 14 Oct 2016 1:29 pm, "Justin" wrote: >>> Not too long ago, a paper was published that talks about how Tor >users >>> can be deanonymized through their DNS lookups. Is this something I >should >>> be concerned about? >> >> That is an excellent question! What are you doing, and who are you >afraid >> of? :-P > >I bet Justin was referring to [1] which has been announced by its >authors on tor-dev [2] but I couldn't find an analysis of it by the Tor >community (and I don't have the skills to do it myself). > >[1]: https://nymity.ch/tor-dns/tor-dns.pdf >[2]: >https://lists.torproject.org/pipermail/tor-dev/2016-September/011472.html >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] What is required in order to view YouTube HTML5 in TorBrowser?
What is required in order to view YouTube HTML5 in TorBrowser? I run a tight ship with my settings in TorBrowser and plugins. The other day I tried to remove security settings one by one in the browser and in NoScript. Eventually, in order for a video to play on YouTube (HTML5) (I usually only see a black unresponsive box with my settings) I had to ENABLE SCRIPTING in NoScript and then the videos played fine. I'm not comfortable with this. I would like to drop as little "shields" as possible in order to watch YouTube videos.(1) Are there any specific recommendations without having to enable any javascript(ing)? (1) Yes, I know about youtube-dl and it works and is nice but it's a PITA to use when you want to browse quickly from video to video -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor DNS Deanonymization
I have been running dnssec over tor a month now and i am very happy havent had any problems Michael skrev: (3 november 2016 08:20:18 CET) >There are many ways for your browser and other network traffic > to betray your activities; it is not just DNS leaks ya got to be > worried about, checkout the browser cache attacks that where > shown at the BlackHat convention about two months ago. > >Title: I Know Where You've Been: Geo-Inference Attacks... >Link: https://www.youtube.com/watch?v=lGb0AACAk1A > >Also be aware that DNS records are not the only way of linking > specific users (or groups behind the same NAT) of a web > server or multiple servers over time. > >Title : DEF CON 18 - Peter Eckersley - How Unique Is Your Browser? >Link: https://www.youtube.com/watch?v=OwxhAjtgFo8 > >Stay safe y'all. > >On November 2, 2016 10:13:00 AM PDT, sajolida >wrote: >>Alec Muffett: >>> On 14 Oct 2016 1:29 pm, "Justin" wrote: Not too long ago, a paper was published that talks about how Tor >>users can be deanonymized through their DNS lookups. Is this something I >>should be concerned about? >>> >>> That is an excellent question! What are you doing, and who are you >>afraid >>> of? :-P >> >>I bet Justin was referring to [1] which has been announced by its >>authors on tor-dev [2] but I couldn't find an analysis of it by the >Tor >>community (and I don't have the skills to do it myself). >> >>[1]: https://nymity.ch/tor-dns/tor-dns.pdf >>[2]: >>https://lists.torproject.org/pipermail/tor-dev/2016-September/011472.html >>-- >>tor-talk mailing list - tor-talk@lists.torproject.org >>To unsubscribe or change other settings go to >>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] What is required in order to view YouTube HTML5 in TorBrowser?
On 11/3/2016 12:56 AM, maddonkeyk...@safe-mail.net wrote: What is required in order to view YouTube HTML5 in TorBrowser? You don't have to allow all scripts on YT's site. To view in TBB - directly off youtube, you'll have to allow youtube.com, ytimg.com & googlevideo.com. The latter sometimes only appears in NS menu *after* loading the 1st two. (1) Yes, I know about youtube-dl and it works and is nice but it's a PITA to use when you want to browse quickly from video to video It's one of the only ways if you don't want to allow any scripts in a browser. The safest way is to d/l a file, then go offline before viewing. You can try forcing VLC or such thru Tor network by entering Tor's port #. But, depending on the software & its version, there's always a risk of Torrified software leaking data or not strictly using the Tor network. I'm not an expert on using VLC or any other for this. There may be a way to configure it to generally stay inside Tor network, but there's always a chance a "special" file, or some updates in the program could cause problems. Part depends on what type / level of anonymity you need here. Consider the site operator - possible adversary: *Google*. An independent site - Bob's Crazy Sloth videos.com - if it's legit & hasn't been hacked, may not be much worry. If any non-government entity on the planet has the resources to exploit weaknesses to identify you, it'd be Google. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
