Hi All,
If you've ever wondered "what would it be like if I ran all of my DNS
requests over Tor?" - I have been doing that for almost exactly a year now,
and am finishing-up a paper which will be presented at a conference in a
couple of weeks, containing various thoughts and statistics.
I'm shari
Hi Francois!
I have done this, too. It was not easy. I set up an Alt-Svc for my
Wordpress on Apache2. The project turned out to have several prerequisites
before it would work.
- firstly I had to rework my CGI mechanism to permit use of HTTP2, because
Alt-Svc would not work for HTTP/1.x under A
tldr: new TLS certificate is stuck in the pipeline for a few days, because
onion certificates are special and weird:
https://twitter.com/AlecMuffett/status/1205443143816110085?s=19
(Includes links to sources)
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other
Hi All,
Last night I found Tor was/is generating v2 keys that are not
loadable/parsable by PyCrypto.
A fully-worked-example with test code and an example key is on trac:
https://trac.torproject.org/projects/tor/ticket/29429
I haven't the familiarity with the codebase (nor the standards expe
On Fri, 25 Jan 2019, 10:43 Mirimir
> I don't do audio on this box.
I'll wait; most questions about "what do [I] mean?" are answered in that
video.
Let's say that I have a bunch of VPS, running Tor and OnionCat. Each has
> the others' OnionCat IPv6 addresses in its /etc/hosts. Now I can use any
On Fri, 25 Jan 2019 at 08:54, Mirimir wrote:
I've not heard of "Tor v3 Onion Networking". Does it exist? Or if not, are
> there plans? Or do you mean just using v3 onion-onion sockets? That would
> be painful.
>
Yes, I mean almost precisely that.
Explanatory video: https://www.youtube.com/watch
On Thu, 24 Jan 2019 at 19:33, grarpamp wrote:
> As readers may be aware,
> Tor has an interesting capability via OnionCat and OnionVPN
> ...
There's an open project for anyone who wants it...
> To bring IPv6 over v3 onions to Tor.
>
Hi Grarpamp,
I'm aware of this. I've seen you mention it, se
On Tue, 16 Oct 2018, 09:35 grarpamp, wrote:
...vast amounts of deletia...
b) Key material
> 1) Holding onion names hostage in [non] custodial /
> contractual form, whether they give subscribers
> the [offline] crypto keys, or sell / rent / extort them,
> portability, multihoming.
>
Um; I can o
I've seen lots of postings from Grarpamp and I feel sure that I'm never
going to change any opinions that Grarpamp holds; but what I do want to
raise with everyone is "the possibility of change":
To a good approximation, literally *zero* percent of the organisations
which will benefit from "Opport
On Sat, 22 Sep 2018 at 17:40, TNT BOM BOM wrote:
> "Right now it feels like, OK, CloudFlare knows how to do this, and the
> rest of us don't matter. Not a single HOWTO or guide on how to actually
> set it up". Fishy CloudFlare
Well, if you want to take that attitude, you can, but it's not t
On Sat, 22 Sep 2018, 16:07 Roman Mamedov, wrote:
> There is no point in running HTTPS-over-Tor-hidden-service, as .onion
> traffic
> is already authenticated and encrypted, it only adds useless overhead.
I see your point, but there are a couple of additional perspectives to be
considered:
https
I've spent the morning pulling together a bunch of draft thoughts regards
the technical pros/cons of differing forms of site onionification;
thoughts, comments & feedback are warmly welcomed:
https://medium.com/@alecmuffett/different-ways-to-add-tor-onion-addresses-to-your-website-39106e2506f9
-
better access over Tor:
https://www.facebook.com/notes/alec-muffett/how-to-get-a-company-or-organisation-to-implement-an-onion-site-ie-a-tor-hidden-/10153762090530962/
...and I have been preaching this gospel, every single week, since I left
Facebook in 2016 due to burnout and other reasons.
So, in a n
On Sun, 16 Sep 2018, 17:26 Iamnotanumber,
wrote:
> So far I've gotten 5 emails from ... who wants to meet to have sex, but no
> other responses.
>
> Is this the Tor users' list?
>
There appears to be some kind of bot which sends repeated porn/sex-related
emails to people who post to various Tor
otes/alec-muffett/how-to-get-a-company-or-organisation-to-implement-an-onion-site-ie-a-tor-hidden-/10153762090530962/
...or here, if you prefer onion networking:
https://www.facebookcorewwwi.onion/notes/alec-muffett/how-to-get-a-company-or-organisation-to-implement-an-onion-site-ie-a-t
Screenshots of the new New York Times onion site, and other similar
non-dark onion sites?
Partial index at
https://github.com/alecmuffett/onion-sites-that-dont-suck/blob/master/README.md
On 6 Nov 2017 6:22 am, "Stefan Leibfarth" wrote:
> Hello everyone,
>
> I'm writing an article about Tor and
A friend asked me to explain the recent/ish spikes in the following
performance graphs:
Timeouts of 50Kb requests to Public Servers:
https://metrics.torproject.org/torperf-failures.html?start=2017-04-01&end=2017-10-11&source=all&server=public&filesize=50kb
Timeouts of 50Kb requests to Onions:
Hi Jason!
You want to go read and sign up for this Tor ticket, where this matter is
being discussed: https://trac.torproject.org/projects/tor/ticket/21952
Everything you've mentioned, is there.
- alec :-)
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change othe
If you're able and willing to drive Ubuntu, I've tried to document a
reasonable means to set up an Onion-only server here:
https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-production-onion-server.md
- which sets you up with up-to 4x onion addresses, and with them you get 4x
dist
On 20 September 2017 at 10:35, Roman Mamedov wrote:
> On the 28th of August, 261 websites providing VPN and Proxy services where
> found blocked.
> A new section was added to the report containing a schedule that lists
> monitored websites that provides VPN and Proxy services."
>
> https://www.re
Hi Jason!
This is not exactly what you are asking for, but I cover something similar,
using /etc/hosts and virtual network interfaces:
https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-production-onion-server.md
HTH. HAND.
- a
On 11 Sep 2017 1:21 pm, "Jason S. Evans" wrote:
On 30 August 2017 at 15:19, Ben Tasker wrote:
>
> Meanwhile, the drug-markets and other "vile" things he want to block will
> carry on unabated because a subset of their users will put the effort in to
> update a central resource weekly to note what the new address is. If that
> user is an admini
On 30 August 2017 at 15:07, Ben Tasker wrote:
> That's not quite the claim he's making though. He seems to be claiming any
> "legitimate" (in his eyes) service shouldn't mind sacrificing their own
> anonymity by being linked to a clearnet identity and becoming a "verified"
> onion to avoid the ro
On 30 August 2017 at 14:45, Jon Tullett wrote:
Hi Jon - in certain respects we have now hit the nub of the issue, repeated
twice / in two similar ways:
Version 1:
Ethical stuff gets murky awful fast, and is so full of
> strawmen. You're opposed to censorship? You must be pro-terrorism.
> Burn
Hi Jon!
On 30 August 2017 at 13:41, Jon Tullett wrote:
First is that the technical advantages of Tor are not in question, and
> raising technical arguments in what quickly becomes an ethical debate
> tends to polarize positions further.
Did I do that? I don't think I did that. If I did that,
On 30 August 2017 at 10:51, Jon Tullett wrote:
> Blog post refers:
> http://www.hackerfactor.com/blog/index.php?/archives/773-
> Tor-and-the-Perfect-Storm.html
>
> Leaving aside the accusations of bias in the first part, what is the
> view of the proposal to force hidden services to rotate addres
When TBB checks & updates itself, does it use an Onion site?
If not, shouldn't it? Especially in these days where SingleOnion is
available?
(rationale: more trustworthy networking, test tor more practically, reduce
exit-node load... )
-a
--
http://dropsafe.crypticide.com/aboutalecm
--
to
On 10 August 2017 at 01:51, Dave Warren wrote:
> On 2017-08-09 16:53, Seth David Schoen wrote:
>
> Notably, it doesn't apply to certificate authorities that only issue DV
>> certificates, because nobody at the time found a consensus about how to
>> validate control over these domain names.
>>
>
>
(2) What reasons do people have for wanting certificates that cover
onion names? I think I know of at least three or four reasons, but I'm
interested in creating a list that's as thorough as possible.
Six to start with:
- not having to rewrite CMS code which assumes HTTPS, eg for secure
cookies
On 20 Jun 2017 1:24 pm, "Paul Syverson" wrote:
On Sun, Jun 18, 2017 at 10:22:19AM -0400, krishna e bera wrote:
> On 18/06/17 05:50 AM, Alec Muffett wrote:
> >In other news, the FB Onion, for some time after it launched, geolocated
to
> >London. I can't imagine why.
On 18 June 2017 at 06:39, Roger Dingledine wrote:
For those who haven't been paying attention, we got a jump in some
> hundreds of thousands of .ua users recently:
>
...
> I wonder if a lot of ordinary people doing ordinary things via Tor,
> and acting like people in the Ukraine, has tipped Goog
On 15 June 2017 at 20:33, xxx wrote:
> Well, my account "blocked" means that they asked me an official DOCUMENT!
That happens sometimes; in fact, for proof of name rather than account
recovery, they kinds of document the will accept are quite large… but
that's getting off-topic.
Something els
On 15 June 2017 at 20:03, xxx wrote:
> I really wonder what is facebook doing with tor!
> They offer an entry page at https://www.facebookcorewwwi.onion/
> Every time I tried to signup, thay block the process until I submit a
> phone number to get a "confirmation sms"!
> Moreover, trying to enter
Doubtless haters gonna hate, but Will at Facebook just shipped
thumbnail-generation and protocol-mismatch interstitials for Onion
addresses:
https://www.facebook.com/notes/facebook-over-tor/improved-sharing-of-onion-links-on-facebook/1196217037151681/
The normalisation of Onion networking continu
On 24 April 2017 at 09:03, Jon Tullett wrote:
>
> Interesting. What can you do with that? Can you tie them to specific
> hidden services?
>
Sometimes. See sample results in my Twitter thread:
https://twitter.com/AlecMuffett/status/855542397165502464
-a
--
http://dropsafe.crypticide.com/abou
So it turns out that Shodan - a kind of multi-protocol Google-alike search
engine for metadata and protocol headers - has indexed a bunch of Onion
sites which were configured to leak their (onion) hostnames into protocol
headers.
https://www.shodan.io/search?query=.onion%2F
This is... tragic, per
Having lived through a period where email addresses as we know them (
f...@example.com) were pre-emptively declared to be a usability disaster
zone, and seeing the resultant train-wreck of X.400 addressing being
foisted upon the UK academic community as a simple, clear, and intuitive
replacement:
On 23 February 2017 at 23:21, grarpamp wrote:
> Clearnet services establishing their own onion / i2p / cjdns / whatever,
> is an interesting idea that's becoming more popular since the 2010's.
>
Yes.
> However there is bandwidth impact to the network compared
> to the usual 'client -> exit ->
New Demo:
How to set up 24 Tor + 120 NGINX daemons to mirror Wikipedia, without
working too hard... :-)
https://www.youtube.com/watch?v=HNJaMNVCb-U
-a
--
http://dropsafe.crypticide.com/aboutalecm
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other setti
On 23 February 2017 at 08:32, grarpamp wrote:
> Being tired at the moment to say these numbers correct,
> practically speaking, cloudflare's excuse seems a bit invalid.
>
To be fair, it's not Cloudflare's excuse, it's the entire CA/Browser Forum
Industry.
The security community has been caught
On 20 February 2017 at 09:45, Georg Koppen wrote:
> I don't think so as I don't see how next generation .onion services
> solve the underlying problem.
I believe they are referring to something which I have also heard from CA/B
Forum, regards SSL certificates.
There's a general perception in i
I released EOTK (Enterprise Onion Toolkit) a few days ago.
It's "alpha" code, very much still in development.
I posted a couple of videos of how to set it up:
* Introduction: https://www.youtube.com/watch?v=ti_VkVmE3J4
* Rough Edges & "Gotchas": https://www.youtube.com/watch?v=UieLTllLPlQ
On 4 January 2017 at 19:39, grarpamp wrote:
> > But me, I want to get _everybody_ - teachers, journalists, kids,
> everyone.
>
> Absolutely. Same for whatever functions other overlay networks are
> good at too. Yet at least with tor, how will that happen when it is
> restricted to strictly TCP an
Hi Sebastian!
On 4 January 2017 at 06:24, Sebastian Hahn wrote:
> Hi Alec,
>
> thanks for your thoughts. I have just one very quick comment, but
> it seems you haven't addressed it yet:
>
Okay, I'll give it a go :-)
I install Debian stable on my servers precisely because they don't
> necessar
Hello Grarpamp!
On 3 January 2017 at 07:32, grarpamp wrote:
> On Mon, Jan 2, 2017 at 9:04 PM, Alec Muffett
> wrote:
> > Before getting down to details, I hate to have to cite this but I have
> been
> > [...] not "normal", and I suspect the same can be said of
I will admit that I have not fully thought this through yet, so I am
writing this in the hope that other folk will follow up, share their
experiences and thoughts.
So: I have installed a bunch of Tor systems in the past few months -
CentOS, Ubuntu, Raspbian, Debian, OSX-via-Homebrew - and my abidi
On 26 Dec 2016 2:56 pm, "Roger Dingledine" wrote:
On Tue, Dec 20, 2016 at 02:37:19PM +0100, fatal wrote:
> And will there be a tor relay operators meetup?
Julius reserved a workshop room for us on day 2, from 21:30 to 23:00,
in Hall B:
https://events.ccc.de/congress/2016/wiki/Session:Tor
Just
On 23 Dec 2016 11:17 am, "Alec Muffett" wrote:
"an n-squared mesh of daemons which have to communicate with and
authenticate to each other using an application-specific protocol, as well
as maintain some kind of consensus of which workers are alive, which are
temporarily or p
On 23 Dec 2016 2:02 am, "Ivan Markin" wrote:
You'll have to do this after prop224 because of onion key
cross-certifications, so fancy plain OnionBalance "renaming" won't work
(HSDir system is unidirectional).
I did wonder; that said, all the nodes will know about each other, so they
can chat to
On 22 December 2016 at 16:20, wrote:
> Anyway. The GPU's are just getting stronger these days! And people can have
> quad-SLI too, with 4 hardcore GPU's working in unison. Like 4 x TitanX.
> So how hard would it be, more like how LONG would it take, to duplicate an
> onion address with the video
On 22 Dec 2016 1:44 p.m., "Mirimir" wrote:
By default, users will be installing a version of Tor which can be
configured to run single-hop onion services. Alternatively, there could
be separate versions. Perhaps someone could explain why that option was
rejected.
Perhaps first someone should es
On 22 December 2016 at 11:21, laurelai bailey
wrote:
>
> Which is exactly why you should have this feature as it is. You say its
> insulting to users, we say the actual reality of the situation is that
> people use TOR who arent computer experts and sane defaults are a needed
> thing, to help keep
On 22 December 2016 at 05:50, Jim wrote:
> Alec Muffett wrote:
>
> Otherwise, go work out how to ban "rm -rf /" - first.
>>
>
> That has actually been addressed in a number of places.
>
> Reference: https://en.wikipedia.org/wiki/Rm_(Unix)
>
&
On 21 December 2016 at 14:01, Allen wrote:
> Alex,
Typo.
> that is inappropriate language and behavior for a public
> discussion list. You have demeaned yourself greatly with that
> outburst, and only succeeding in damaging the Tor project. Please
> stop.
>
For clarity, I'm not a member of
On 21 December 2016 at 09:40, Cannon wrote:
> Good point.
> I believe the new single-hop is a great option for some situation such as
> if a website does not need to be anonymous but yet would still like to have
> a .onion address so users can still remain anonymous or take advantage of
> the hig
On 20 December 2016 at 17:17, Alec Muffett wrote:
4) They get booted; each launches its own Worker onion, and each scrapes
> the descriptors of all the other workers, synthesising a "master"
> descriptor and publishing it once a day to the HSDirs.
>
> 5) This means that, f
Hi George!
On 20 December 2016 at 14:03, George Kadianakis
wrote:
> BTW and to slightly diverge the topic, I really like this experiment and
> its blazing fast results, but I still get a weird feeling when I see
> that to start functioning it requires 432 descriptors uploaded to the
> HSDir syst
On 19 December 2016 at 16:19, Allen wrote:
> I got that point, that your service will have 60+ intro points.
...in six distinct descriptors, each containing 10 intro points, each of
_those_ attached to one tor daemon.
also said "people accessing the service onion address at lunchtime
> will re
On 19 December 2016 at 15:42, David Goulet wrote:
> Second, same occurs with modifying that RendPostPeriod from the default
> value
> of an hour to a custom time time. It makes you a bit more noticeable
> because
> you have a different behavior then anyone else.
>
> (And possibly some effect of d
On 19 December 2016 at 14:04, Allen wrote:
> AFAIK, HiddenServiceNumIntroductionPoints >= 3 is also for the benefit
> of the client, so if intro point #1 doesn't work for the client, it
> can try to connect at intro point #2, and then finally at intro point
> #3 before giving up. So let's say my
As an aside, this is what I am currently using as a daemon config.
Comments welcome.
I'm trying not to use Guards because again it would be rude to hammer them
with vast data flows when instead the pain can be spread around a bit more;
given that my target deployments are unlikely to be truly anon
I would post this to the tor-onions list, but it might be more generally
interesting to folk, so I'm posting here and will shift it if it gets too
technical.
I'm working on load-balanced, high-availability Tor deployment
architectures, and on that basis I am running 72 tor daemons on a cluster
of
On 8 December 2016 at 20:09, scfith riseup wrote:
> Thanks for the correction on that. My other two points still valid in
> general?
Recapping:
>Second, if you do list .onion domains, know that they will be collected.
Well, yes, onion addresses are like any other form of network address.
Pe
On 18 October 2016 at 22:29, grarpamp wrote:
> On Mon, Oct 3, 2016 at 9:12 AM, Alec Muffett
> wrote:
> > smply, my Netflix viewing, or whatever, does not need to be anonymised.
>
> It is good that you have assessed your own needs to privacy
> in that use case and have made
On 14 Oct 2016 1:29 pm, "Justin" wrote:
>
> Hi,
> Not too long ago, a paper was published that talks about how Tor users
can be deanonymized through their DNS lookups. Is this something I should
be concerned about?
That is an excellent question! What are you doing, and who are you afraid
of? :-P
Amplifying just one little bit of this:
On 7 October 2016 at 12:21, Mirimir wrote:
> Yes, that's the hardest problem. Why do sites care about the
> relatively small share of users that want pseudonymous and/or
> location-obscured access?
I would phrase that as "Why _should_ sites care about th
Mirimir: Generally I like your suggestions, they are thoughtful, and I
think you're shooting in the right direction.
A few observations:
a) I like the idea of Google giving you "one free search" and from that
trying to determine whether you are an "asshole" after which it lightens up
with the opp
On 5 October 2016 at 08:28, Mirimir wrote:
> So maybe there is a benefit of blocking behavior, rather than IPs?
I'd be interested to see you continue / expand upon how you believe this
would be manifest / what this would do and how it would be achieved.
As it stands it's an suggestion (?) that
Rolling together a couple of Joe's emails…
> If the intent is to say Google & other sites are trying to protect
> themselves & their users at all costs - point taken - in part.
>
Not at all costs, but I believe I've done a fair job in previous mails of
explaining how they might consider it to b
On 4 October 2016 at 01:51, Jeremy Rand wrote:
> Alec Muffett:
>
> I'm curious what the advantage is in this respect of .onion compared to
> using TLS with manual fingerprint verification.
>
I like to look at Onions from the perspective of a network engineer:
- it&
On 3 October 2016 at 23:15, wrote:
> The logic of blocking everything completely *all the time* (like Google
> does) is already a big problem
Here's a picture of me loading Google over Tor:
https://imgur.com/gallery/pMabZ
That much works. A narcissistic self-search subsequently crashed, ver
On 3 October 2016 at 19:57, James Anslow wrote:
> Isn't there merit to the idea of moving as much over tor as possible so as
> to work towards dispelling the myth of tor as a network that only transmits
> questionable traffic?
>
Yes there is, so long as the result does not suck.
If the result s
On 3 October 2016 at 19:34, Seth David Schoen wrote:
> Alec Muffett writes:
>
> > To a first approximation I am in favour of maximising all of those, but
> > practically I feel that that's a foolhardy proposition - simply, my
> Netflix
> > viewing, or whatever
On 3 October 2016 at 18:59, meejah wrote:
> Alec Muffett writes:
>
> I think it's kind of dangerous to assume whole classes of information
> will *never* be interesting -- if you don't anonymize at the source,
> they'll be recorded forever (approximately).
>
On 3 October 2016 at 19:06, meejah wrote:
> Alec Muffett writes:
>
> > 2) In my experience the "blocking" that companies do to Tor (and similar)
> > is 100% grounded in the threats from spam, scraping, testing phished
> > credentials, and other forms of bad beh
On 3 October 2016 at 15:43, wrote:
>
> But a point might be: tor exit nodes are public but SOCKS proxies are not.
> Unless you tell me otherwise, I don't think there are centralized databases
> of SOCKS proxies.
>
Let me make an even more generalised statement:
"There are centralised databases o
Typo, my bad:
On 3 October 2016 at 14:12, Alec Muffett wrote:
> I am _very_ glad that the IETFers who argued against ".onion" and said
> that Tor somehow needed to become a "scheme" (eg: "onions://foo.onion/")
> were beaten.
>
> My take on the whole
This thread/discussion/response is getting very fragmentary, so pardon if I
slash-and-burn a little to try and restore a theme:
On 3 October 2016 at 09:46, grarpamp wrote:
> On Sun, Oct 2, 2016 at 5:53 PM, Alec Muffett
> wrote:
> >"How many more of X? How many X should
Actually, I just want to hammer this point home with a really _large_
sledgehammer.
Compare:
a sizable number of sites will always block anonymous traffic simply
>> because they can not monetize it with targeted ads?
>
>
Contrast:
> 2) for the compliance people you are turning the fact someon
it's
more likely to turn into "let's just switch off the stuff we're worried
about, for compliance reasons" - when someone accesses the site over Tor.
This latter is the kind of "Graduated Access" thing which Grarpamp was
arguing in favour of, yesterday.
On 1 October 2016 at 16:10, wrote:
> I didn't explain myself very well. With the proxychains tool (
> http://proxychains.sourceforge.net/) you can write something like:
>
[...deletia...]
So:
- person uses tor to connect to socks proxy provider
- person authenticates (?) to socks proxy provider
On 2 October 2016 at 11:01, grarpamp wrote:
>
> I want to see more than one overlay network with "exit" feature,
>
So do I - totally agreed.
What I find useful when anyone says "We need more of X!" is to ask:
"How many more of X? How many X should there be in total? And what
constitutes X?"
Sharing for context: the article does not clearly say whether this scam was
entirely completed over Tor, or only partially - the "over 200 proxy
servers" sounds like come other proxy network - but it's a fine example of
the sort of thing I have been talking about and what all those CAPTCHAs we
expe
On 1 Oct 2016, at 05:08, Joe Btfsplk wrote:
> When the distorted characters were as legible as my writing, it always says
> there was an error - please repeat. Especially Google & Cloudflare. A few
> others may have been more Tor friendly.
> But use Firefox on the same sites - if the right scr
On 25 September 2016 at 19:14, Alec Muffett wrote:
> An organisation's response to scraping seems typically the product of:
>
> 1) the technical resources at its disposal
> 2) its ability to distinguish scraping from non-scraping traffic
> 3) the benefit to the organisatio
On 27 September 2016 at 15:57, wrote:
> On 2016-09-27 09:45, Alec Muffett wrote:
> Two questions:
>
> Is there a way that using an exit node for Gmail, FB, etc will not be
> considered suspicious? Is that even possible?
>
I feel that there's probably no silver bullet
On 27 September 2016 at 09:42, Mirimir wrote:
> On 09/27/2016 01:39 AM, Alec Muffett wrote:
> > On 27 September 2016 at 06:42, grarpamp wrote:
> > In such circumstances they are not actually looking at you / what you are
> > searching for. They are looking at the behavio
On 27 September 2016 at 06:42, grarpamp wrote:
> On Sat, Sep 24, 2016 at 10:21 AM, Alec Muffett
> wrote:
> > [scraping}
> For some reason I view that as a copout.
>
You know, I would never phrase it that way, but in some respects I agree
with you. I'll explain...
I
On 26 Sep 2016 9:09 a.m., "Jon Tullett" wrote:
> That's a very interesting perspective, thanks. Is there any
> cooperation among such major players to share such information?
> Correlation to form reasonably high-confidence scraping/abuse RBLs,
> for example?
Lots, some commercial, some open-to-a
ntions", I must
acknowledge "dual use" - that some forms of scraping are benign, or are
protest, or are sharing that which perhaps should be shared.
But here, primarily, I am discussing the forms of scraping which are
third-party-based and exploitative of user data with intent to de
This is why a few months ago I wrote a blogpost[1] explaining how best I
believe to get more companies to be friendly towards Tor.
Because any amount of denial, public raging and placard-waving is not going
to help. It needs outreach. It needs mutual understanding and
communication of b
On 18 September 2016 at 04:30, grarpamp wrote:
> No it's not just you. Ever since Jakegate / Torgate Tor Project
> Incorporated has seemingly enforced lockdown, censorship, and
> comms hardening, beginning with their own silence and that of those
> they control. A chilling effect.
I think it's
One of the questions I get asked lots is "How [do I] set up a Onion site to
be an Onion equivalent to my [normal WWW website]?"
Some people call these "onion mirrors" or "onion copies" of [a website] -
but I feel that those are narrow, perjorative and incorrect descriptions.
Some websites you acc
hould clear
any active state that would trigger the issue.
- alec
--
Alec Muffett
Security Infrastructure
Facebook Engineering
London
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
re's some leverage here, too, because, "even Facebook let's you use
> Tor if you wanna. #gimmesomeprivacy". I bet it wouldn't take that many
> tweets before they provide an onion addy of their own.
That is certainly one approach; I would suggest a different one:
h
. :-)
- a
*
https://www.facebook.com/notes/facebook-over-tor/making-connections-to-facebook-more-secure/681898341916889
<https://www.facebook.com/notes/facebook-over-tor/making-connections-to-facebook-more-secure/681898341916889>
—
Alec Muffett
Security Infrastructure
Facebook Engineering
pecial-casing is what makes some folks in the CA/Browser
> Forum nervous right now: if there's no "official" notion of the meaning
> of some names, how can CAs know which names should use which resolution
> mechanisms? (For example, maybe some CAs have heard that they
l let you know if otherwise.
Thanks!
-a
—
Alec Muffett
Security Infrastructure
Facebook Engineering
London
signature.asc
Description: Message signed with OpenPGP using GPGMail
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torpr
I was using Tor Browser - I was even using the .onion domain by
> Facebook. How do I go about this?
>
> Thanks!
Hi Qaz,
I’ll go test this. It should work. Feel free to mail me back directly.
- alec
—
Alec Muffett
Security Infrastructure
Facebook Engineering
London
signature.asc
CA/B-Forum have suggested that non-corporate/non-EV Onion certs may be a
possibility in the future. It might be good to have a few of them around as
examples in order to be exemplars of that need.
-a
—
Alec Muffett
Security Infrastructure
Facebook Engineering
London
signature.asc
Description:
1 - 100 of 111 matches
Mail list logo
