Re: [tor-talk] Verifying signatures
On 03/21/2012 12:46 PM, Jude Young wrote: > Sorry if this has been responded to, I've lost a few emails... > I don't believe the TBB has been high-jacked, but the TorButton Firefox > extension certainly has. > (Forgive my faulty memory > linky:http://www.securitynewsdaily.com/1201-anonymous-hackers-child-porn.html) > "Anonymous" apparently convinced firefox (or someone at FireFox? No one was > ever clear on this..) to upload a modified version. Uh, TorButton is free software, didn't you know that? Everybody can create and distribute a modified version, and that's what happened. It certainly proves that you shouldn't download software from untrusted sources (neither the Tor Project nor Mozilla was involved) and that you should verify the signatures of the software to use. None of that is news, of course. Best regards Christian -- |--- Dr. Christian Siefkes --- christ...@siefkes.net --- | Homepage: http://www.siefkes.net/ | Blog: http://www.keimform.de/ |Peer Production Everywhere: http://peerconomy.org/wiki/ |-- OpenPGP Key ID: 0x346452D8 -- Progress isn't made by early risers. It's made by lazy men trying to find easier ways to do something. -- Robert Heinlein signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hidden Services
On 09/19/2012 10:13 AM, t...@lists.grepular.com wrote: > On 19/09/12 06:36, grarpamp wrote: > >>> People use robots.txt to indicate that they don't want their site >>> to be added to indexes. > >> They use it to indicate that they don't want their site to be >> crawled. > > In almost all cases (99% or higher), robots.txt is used to indicate > that a site shouldn't be crawled, *because* they don't want it to be > indexed. The intention is painfully clear... If website owners don't want a page to be indexed, they should use the noindex meta tag: http://en.wikipedia.org/wiki/Noindex . robots.txt is only for crawlers that automatically follow links from one page to others. Neither standard prevents or discourages manually setting a link to the page. Best regards Christian -- |--- Dr. Christian Siefkes --- christ...@siefkes.net --- | Homepage: http://www.siefkes.net/ | Blog: http://www.keimform.de/ |Peer Production Everywhere: http://peerconomy.org/wiki/ |-- OpenPGP Key ID: 0x346452D8 -- Politics is for people who have a passion for changing life but lack a passion for living it. -- Tom Robbins, Even Cowgirls Get the Blues signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Don't use Google as default search in Tor Browser?
On 11/04/2011 03:43 PM, Joe Btfsplk wrote:
> A lot of effort is put into helping Tor / TBB users avoid compromising
> anonymity by using Google searches. Yet, the Google search engine is left
> in Aurora. It's a pretty simple question - why?
How should using Google as search engine comprise your anonymity? Either
you're anonymous, then you're anonymous on Google too. Or you aren't
anonymous, then avoiding Google won't help you.
Best regards
Christian
--
|--- Dr. Christian Siefkes --- christ...@siefkes.net ---
| Homepage: http://www.siefkes.net/ | Blog: http://www.keimform.de/
|Peer Production Everywhere: http://peerconomy.org/wiki/
|-- OpenPGP Key ID: 0x346452D8 --
Rome wasn't burnt in a day.
signature.asc
Description: OpenPGP digital signature
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Don't use Google as default search in Tor Browser?
On 11/04/2011 06:01 PM, Joe Btfsplk wrote: > On 11/4/2011 9:54 AM, Christian Siefkes wrote: >> How should using Google as search engine comprise your anonymity? Either >> you're anonymous, then you're anonymous on Google too. Or you aren't >> anonymous, then avoiding Google won't help you. > Christian, I'm not sure I understand your viewpoint, but... Assuming you > mean (& / or for others' benefit), simply installing Tor or using Tor > Browser gives complete anonymity, it in no way guarantees or even promises > complete anonymity. Tor Project is very clear about this. Here's * one * > page to start users to understand what's involved. Maybe you already knew > this. https://www.torproject.org/download/download.html.en#Warning "Avoid Google" is not among that warnings, as far as I can see. > But, no - there are many ways to * possibly * compromise anonymity while > using Tor. Google searches are ONLY one, because they record search terms & > * any * possible info they can possibly squeeze out of your browser. If > Google searches, when using Tor, weren't ANY kind of anonymity threat, the > developers wouldn't have gone to substantial trouble to offer users a way to > avoid them, when encountered. What do you mean? As far I know, they offer to redirect your search to a different site if they detect that Google shows you a captcha. Captchas are not an anonymity thread, but they are annoying. But they do go to substantial trouble to minimize the info that Google, or any other site, can squeeze out of my browser, and that's indeed essential. > Google search engine records all search terms & ANY other possible info > about your browser, etc., they can possibly squeeze out. At the VERY least, > some wouldn't want recorded their search terms & certainly not the pages > they visit after the search, whether using Tor or not. This is especially > true if living in a repressive country. On the other hand, Google won't even know in which country you live (though they might to able to make an educated guess based on your search terms and page views), and they are able to track (as ANY site can) you only till you exit your browser or delete your cookies and click the "Use a new identity" button. I agree that it would be nice if the TBB had additional searchlets for privacy-friendly search engines such as DuckDuckGo pre-installed, but I don't see a reason why they should make it difficult for people to google if they want to do so. Best regards Christian -- |--- Dr. Christian Siefkes --- christ...@siefkes.net --- | Homepage: http://www.siefkes.net/ | Blog: http://www.keimform.de/ |Peer Production Everywhere: http://peerconomy.org/wiki/ |-- OpenPGP Key ID: 0x346452D8 -- If the meanings of "true" and "false" were switched, then this sentence would not be false. signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Browser Bundle
Hi Andrew, all, On 11/07/2011 03:32 AM, Andrew Lewman wrote: > On Sunday, November 06, 2011 15:15:21 Joe Btfsplk wrote: > I'd like to see someone do research that proves or disproves this fear that > javascript and cookies everywhere is hazardous to the anonymity of a tor > user. > I don't know a better setting for noscript. I know what I use for settings > when I use the default TBB setup. > > If you use collusion with TBB, you'll see the various connections made to > the > current browsing session. http://collusion.toolness.org/. I frequently hit > 'new identity' to wipe the cache/cookies. Does that work? As I understand it, clicking the "Use a new identity" button in Vidalia tells Tor to build new circuits for subsequent connections, but it doesn't seem to affect Aurora -- all the cookies that have assembled since the start of the session are still there. (At least on Linux, using the current version.) Or is there a different 'new identity' feature I missed? > In my world, I'd replace noscript with requestpolicy. If you never request > the > 3rd party sites, then you cut out lots of risks/cruft, in theory. This is the > core idea behind requestpolicy. Unfortunately, this breaks lots of websites > and would freak out most tor users. However, this is another fine study to > undertake. I tried using requestpolicy in my everyday surfing for some time, and turned it off because it was too annoying. Almost every major site uses different domains for e.g. static content, hence requestpolicy requires adding new exceptions all the time. On the other hand, I always use NoScript in its default setting without problems. In fact, I find that if scripts don't run without explicit permission, web surfing becomes much more peaceful. If I start Firefox with tabs with Youtube videos open, they won't start playing automatically, which is otherwise very annoying, for example. And if many tabs are open, Firefox will use much less memory and is less likely to crash. I'm a bit surprised that TBB includes NoScript but still allows all JavaScript by default. I suspect it would be better to disable scripts by default, leaving it to the user to decide whether s/he wants to allow scripts on a site. > Intuitevly it sounds bad, yes. However, I'd like to see baseline research > and > then settings changes that are proven to improve anonymity for the user. Of > course, 'improve anonymity' implies some sort of measurement, which ties into > https://blog.torproject.org/blog/research-problem-measuring-safety-tor-network If that is an open research question, why play it risky in the meantime? Best regards Christian -- |--- Dr. Christian Siefkes --- christ...@siefkes.net --- | Homepage: http://www.siefkes.net/ | Blog: http://www.keimform.de/ |Peer Production Everywhere: http://peerconomy.org/wiki/ |-- OpenPGP Key ID: 0x346452D8 -- If one cannot state a matter clearly enough so that even an intelligent twelve-year-old can understand it, one should remain within the cloistered walls of the university and laboratory until one gets a better grasp of one's subject matter. -- Margaret Mead signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thoughts on Tor-based social networking?
On 10/28/2013 07:24 PM, Bill Cox wrote:
> So, don't track Tor user behavior, and don't filter content. However, when
> they piss off some web site operator, that operator should be able to state
> the public identity of the Tor griefer, and Tor exit nodes should feel free
> to black-list that user.
You cannot black-list someone who is anonymous.
Also, Edward Snowden is a griefer -- just ask Obama whether he hasn't caused
him grief. So how to do distinguish the good griefers from the bad ones?
> I really do want to run a Tor node, and an exit node at that. However, I
> just can't encourage more of the behavior I've seen so far.
How about not looking then? As others already said, looking at exit node
traffic is probably illegal and certainly immoral. If you don't want grief,
at least just don't cause any yourself.
Best regards
Christian
--
|- Dr. Christian Siefkes - christ...@siefkes.net -
| Homepage: http://www.siefkes.net/ | Blog: http://www.keimform.de/
| Wie Produktion zur Nebensache wurde: www.keimform.de/2013/freie-quellen-1/
| Why Production No Longer Worries Us: www.keimform.de/2013/free-sources-1/
|--- OpenPGP Key ID: 0x346452D8 --
These: Grammatische Korrektheit und Wahrheit sind nicht immer in Einklang
zu bringen, ohne den Inhalt einer Aussage zu verändern.
Beweis: "Dieser Satz kein Verb."
signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Browser certificate exception
On 29/06/2021 20:17, qorg11 wrote: > I think it's a feature. So a malicious user (with physical access to > your computer) can't trust a malicious invalid certificate > forever. Same thing happens when importing a new CA. Tor Browser > simply ignores it. Well, honestly: if a malicious user has access to your computer and your user account, you're lost anyway. Best regards Christian -- |- Dr. Christian Siefkes - christ...@siefkes.net - | Homepage: https://www.siefkes.net | Blog: https://keimform.de | Berlin klimapositiv und gerecht machen: https://www.klimaliste-berlin.de | Systemwandel statt Klimawandel! -> https://www.ende-gelaende.org | Ryt Íngglish foneticlli: https://www.lytspel.org |--- OpenPGP Key ID: 0x7155F0B5980FA6ED -- To a nail, everything looks like a hammer. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
