On 6/2/14 3:59 PM, David Rajchenbach-Teller wrote:
I'm curious, how does this fingerprinting technique work?
Like this:
http://www.w2spconf.com/2012/papers/w2sp12-final4.pdf
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.to
Hi David,
I can sympathize with the position that Mozilla has taken concerning W3C
EME. I'm left with a related question though:
Suppose that the (necessarily closed-source) DRM component is completely
sandboxed and separated from the rest of the code, so that its only
inputs are the encrypt
On 4/22/14 10:05 AM, David Balažic wrote:
The welcome screen show things as normal. There is no mention that
> the version is ancient and should not be used. Not even a hint,
> that a newer version might exist.
Then probably that ancient version is buggy when it checks if it's out
of date.
T
On 4/13/14 9:20 PM, Randolph wrote:
Anonymity is quite easily broken, if cookies cannot managed (e.g. like
in certain browsers) and if javascript is enabled. As far as we see,
Firefox in the Tor bundle disables javascript, right?
Javascript allows to access the local IP address and files, which h
On 4/5/14 11:20 PM, Joe Btfsplk wrote:
Other than "reinstalling" the browser, any ideas how to get the icon
back (even if I have to hack a file, like w/ resource hacker, etc)?
Go to View -> Toolbars -> Customize and drag it back onto the toolbar.
If the button isn't in the list, try the restor
Yes, right. You already tried that...
I only saw the first two lines of your post. Scratch my reply.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On 3/24/14 8:10 PM, Joe Btfsplk wrote:
Is it generally NOT an anonymity / privacy issue to play HTML5 content
in TBB?
I haven't seen reports on the fingerprinting implications of HTML5 video
and audio tags. I would like to read them. Here is a paper on browser
fingerprinting using the canvas
On 2/27/14 9:24 PM, s7r wrote:
I have remained with Vidalia and installed it as standalone in order
to be able to use it with newer Tor Browser Bundles releases and I am
watching circuits to have an understanding about how they work. I have
some basic questions, please and thank you in advance:
On 2/28/14 2:25 AM, Roger Dingledine wrote:
I don't really want to get
into the business of writing an /etc/hosts file for public website ->
hidden service mappings.
Maybe an option to avoid that would be to do something along the lines
of HSTS. A Tor-Transport-Security header, that would spec
On 2/28/14 6:12 AM, Hongyi Zhao wrote:
If I have more than one socks5 proxies and I
want to let use them for the purpose of load-balance in the torrc or
by othere methods. Is this possible or not?
No, not possible out of the box. It's quite hard to define what
'load-balance' would actually e
On 2/9/14 12:11 AM, ar...@runbox.no wrote:
I'm using IMAPS over Tor for email purposes. Sporadically I get
'password incorrect' errors which usually go away when I click 'Retry'.
Is this some kind of MitM attack?
That's not enough information to judge.
Assuming the attacker doesn't have a v
On 1/22/14 7:31 AM, Jim wrote:
Now you are just getting snooty!
That might indeed be "snobbish", although I was trying to illustrative.
Was is wrong though?
Regards,
Gerard
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.to
On 1/21/14 5:06 AM, TT Security wrote:
Maybe you'll be suprised but Firefox by default allow connections to
loopback interfaces if there is no disabled rule in firewall settings.
NoScript Add-On can solve the problem by ABE.
I've created a bug here:
https://trac.torproject.org/projects/tor/tic
On 1/20/14 11:53 PM, tortestprivacy tortestprivacy wrote:
With Tor Browser Bundle default settings any web-site can access to
local resources by JavaScript and XMLHttpRequest.
Could you please explain why the same-origin policy of Firefox doesn't
prevent this?
--
tor-talk mailing list - tor-t
On 1/20/14 3:47 AM, TheMindwareGroup wrote:
Windows firewall is useless.
Who is your attacker?
There are two kinds of anonymity in this world: anonymity that will stop
your kid sister from reading your tweets, and anonymity that will stop
major governments from finding your body. Microsoft i
On 1/14/14 7:39 PM, anarcat wrote:
> How does tor generate its private key? Does it use /dev/random? Is there
> an issue with bootstrapping a new tor node straight from the first
> install, when entropy is potentially low?
Hi. I'm not entirely sure of the answer. I'll make a guess.
Reading the so
On 1/14/14 4:42 PM, eliaz wrote:
Are there security issus in using ixquick https instead of startpage in
Tor 3.5 (Windows)? I'm finding startpage a bit cranky; sometimes it
complains about "too many simultaneous connection," but at those times
ixquick works fine.
No, there is no security risk.
On 1/8/14 1:44 AM, TheMindwareGroup wrote:
https://wiki.thc.org/ssl
Thank you for linking that resource. It explains the issue really well.
I don't think the issue they are describing matches your doom scenario
though.
Yes, the CA system sucks horribly. It is best to assume that many of the
On 1/7/14 9:49 PM, Mark McCarron wrote:
That will be the end for Tor.
Then I salute you sir!
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Point by point.
Javascript, by itself, is not an issue and poses no more of a security threat
than any other type of data transferred online. Coding errors in image
handling, html parsing, ftp, etc., can all be used to inject code.
Note that (potential) privilege escalation bugs are found w
TBB enables JavaScript by default, presumably because many websites need
JavaScript. NoScript can be used to selectively allow JavaScript from
certain domains, but doing so could make it possible to fingerprint your
Tor use.
Let us try to define what "fingerprinting Tor use" means exactly. It
cl
On 1/4/14 10:39 PM, Bobby Brewster wrote:
What is an "IRC bounce"?
There exists specialized software to persist your IRC sessions:
https://en.wikipedia.org/wiki/BNC%20(software)
Alternatively, just SSH into a remote (and possibly anonymously setup)
server and connect to IRC there. Your presen
> Do you mean that the verifier is allowed to know the client's or
> server's keys, or only to see the encrypted session as a passive
> network adversary would see it?
The verifier is allowed to know the certificate, which means a public key
that is tied to a Common Name, possibly signed by an aut
> Or let me know where I should begin reading?
You need to start reading here: http://freehaven.net/anonbib/
All collected and tidied up for you.
Skim through the abstracts of at least the 'boxed' papers.
> I was looking at the volunteer page under research and
> found the end-to-end traffic con
As an aside, I'm really interesed in how we could modify or build an
adapter to the web so it is more tolerant of high-latency interaction.
Seeing recent events it seems prudent to start thinking of ways in which
common applications could (for a small part) function in a high-latency
environment. W
25 matches
Mail list logo
