Re: [tor-talk] Hidden service security w. Apache/Win32

It would be very dangerous to use Windows in any way for running hidden services! Run Linux and VirtualBox on your host machine. Ubuntu is probably best if you're new to Linux. Have your host machine access the Internet through a reputable multi-hop VPN service, and firewall it to prevent leaks.

Re: [tor-talk] A secure browsing model?

OK, I just gotta ask. And I'm not trolling :) How can someone be concerned enough about privacy to use Tor, and yet not be concerned about the possibility of inter-process communication? Perhaps I'm just too paranoid. At least I don't call Andrew about aliens hacking my router ;) On 20/01/12 1

Re: [tor-talk] A secure browsing model?

Perry wrote: > My mistake. I'd love to hear non-browser based solutions for privately > browsing the web. Sounds like an interesting topic! > > Thus spake Gozu-san (g...@xerobank.net): > >> No offense meant, Mike, but I don't trust browsers that much. I barel

Re: [tor-talk] A secure browsing model?

No offense meant, Mike, but I don't trust browsers that much. I barely even trust VirtualBox that much. On 20/01/12 07:27, Mike Perry wrote: > Thus spake grarpamp (grarp...@gmail.com): > >> There is a need to be logged into multiple popular sites at the same >> time (facebook, google, yahoo, tw

Re: [tor-talk] A secure browsing model?

If it really matters that they not be aware of each other, I recommend accessing each one in a separate VM. But that will seriously eat up resources. Unless you're using Tor, you'll also want to use VPN services so VMs don't share the same IP address. On 20/01/12 05:32, grarpamp wrote: > There

Re: [tor-talk] Hoax?

On 04/01/12 19:24, Geoff Down wrote: > Let's try that again... > http://pastebin.com/jBPFsUSg > "We did crack Tor's encryption to reveal 190 IP addresses of individuals > using Tor for Child Pornography" They didn't "crack Tor's encryption". They posted a fake "Tor security update" on one of the

Re: [tor-talk] Automatic vulnerability scanning of Tor Network?

On 28/12/11 03:42, John Case wrote: > Don't run Tor from an IP with your name attached to it. Anonymous server rental is nontrivial. What degree of non-attachment is sufficient, in your opinion? ___ tor-talk mailing list tor-talk@lists.torproject.org h

Re: [tor-talk] janusvm still safe?

Using encrypted LVM, swap (everything except boot) is encrypted. Still, amnesia requires shutting down the host. If total amnesia is important, you can turn off swap, write zeros to it, and then turn it back on again. On 22/12/11 12:28, intrigeri wrote: > This is also about the host OS writing

Re: [tor-talk] Automatic vulnerability scanning of Tor Network?

That's good news. So, naif, what got you stirred up about this, if I may ask? On 22/12/11 01:09, and...@torproject.org wrote: > On Thu, Dec 22, 2011 at 12:37:11AM +, g...@xerobank.net wrote 0.3K bytes > in 6 lines about: > : I trust that all with strong opinions on this issue are at least >

Re: [tor-talk] Automatic vulnerability scanning of Tor Network?

I trust that all with strong opinions on this issue are at least somewhat familiar with recent work by Eric Filiol's group. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] janusvm still safe?

I also routinely run TAILS as a VM. In VirtualBox, after creating the VM, one can delete the hard disk and boot from the ISO file. It's not an issue for me because the host (1) is under my control and (2) uses encrypted LVM. I wouldn't otherwise run TAILS as a VM. On 21/12/11 22:49, Andrew Lewm

Re: [tor-talk] Tor in Mexico

On 15/11/11 23:39, Mondior Folimun wrote: > On Monday, November 14, 2011 12:37 AM, "Gozu-san" > wrote: >> On 12/11/11 20:50, Mondior Folimun wrote: >> >>> To be on the safe side, someone who speaks Spanish should create a >>> fake email acc

Re: [tor-talk] Tor in Mexico

On 12/11/11 20:50, Mondior Folimun wrote: > To be on the safe side, someone who speaks Spanish should create > a fake email account and make sure these people know about Tor > Bridges. If the Zetas are as reckless as they seem, it might not > be too long before any Tor user who directly accesses t

Re: [tor-talk] Tormail?

On 10/11/11 09:56, t...@lists.grepular.com wrote: > On 10/11/11 03:30, Gozu-san wrote: > >>> ... If I were using TorMail, I'd do it under the assumption >>> that they're archiving and reading every single email I send >>> or receive through it. .

Re: [tor-talk] Tormail?

On 09/11/11 09:40, t...@lists.grepular.com wrote: > ... If I were using TorMail, I'd do it under the assumption > that they're archiving and reading every single email I send > or receive through it. ... That's a prudent assumption re all providers. ___

Re: [tor-talk] Freedom Hosting admin revealed by Anonymous - Tor finally cracked?

Expert review of OpDarknet's "The Honey Pawt" malware, and precisely how The Mozilla Foundation was involved, seems crucial. Perhaps The Tor Project's "Onion Logo" trademark was infringed, and perhaps The Mozilla Foundation did not exercise due diligence. Or maybe OpDarknet just said that for lul

Re: [tor-talk] Freedom Hosting admin revealed by Anonymous - Tor finally cracked?

n they believe they > are totally secured > > Sent from my iPhone 4 > > On Nov 2, 2011, at 6:59 PM, Gozu-san wrote: > >> On 02/11/11 21:00, Perforin wrote: >> >>> Hey watch this! >>> >>> http://pastebin.com/hquN9kg5 >> >> Is it

Re: [tor-talk] Freedom Hosting admin revealed by Anonymous - Tor finally cracked?

On 02/11/11 21:00, Perforin wrote: > Hey watch this! > > http://pastebin.com/hquN9kg5 Is it really possible that over 100 fools would have downloaded a purported Tor security update from Hard Candy in one day? In the middle of an attack by OpDarknet? Seriously?

Re: [tor-talk] attacks on Tor hidden services

On 23/10/11 07:14, intrigeri wrote: > Hi, > > Gozu-san wrote (23 Oct 2011 04:17:12 GMT) : >> So, I open a few instances of TAILS 0.8.1 routed via VPN services to >> various exit IP addresses. All of them can load my private test >> sites, with typical delays of a mi

Re: [tor-talk] attacks on Tor hidden services

Freedom Hosting seems to be "#OpDarknet Enemy Number One". I've been monitoring its availability, and I'm puzzled by the results. So, I open a few instances of TAILS 0.8.1 routed via VPN services to various exit IP addresses. All of them can load my private test site

Re: [tor-talk] attacks on Tor hidden services

On 22/10/11 14:42, and...@torproject.org wrote: > On Sat, Oct 22, 2011 at 04:26:53AM +, g...@xerobank.net > wrote 1.1K bytes in 26 lines about: > : According to the operator of Freedom Hosting on 2011-10-19: > : > Recently FH was the victim of DoS attacks which resulted in > : > unavailabilit

Re: [tor-talk] attacks on Tor hidden services

On 22/10/11 08:25, Eugen Leitl wrote: > On Sat, Oct 22, 2011 at 04:26:53AM +0000, Gozu-san wrote: > >> Many sites seem unusually unresponsive. That includes new test sites >> that I've created, with addresses that I alone know. I suspect that >> #OpDarknet ha

Re: [tor-talk] attacks on Tor hidden services

On 22/10/11 03:50, and...@torproject.org wrote: > On Wed, Oct 19, 2011 at 09:04:27PM +, g...@xerobank.net wrote 0.6K bytes > in 14 lines about: > : Have Tor developers released any statements concerning the ongoing > : DDoSing and hacking of Tor hidden services? The effects seem quite > : wid

[tor-talk] attacks on Tor hidden services

Have Tor developers released any statements concerning the ongoing DDoSing and hacking of Tor hidden services? The effects seem quite widespread. Also, I wonder how DDoSing works in Tor. As I read the FAQ, it shouldn't be possible, at least efficiently. And I wonder how this relates to other re

Re: [tor-talk] Dutch police break into webservers over hidden services

[I initially sent this just to Mike Cardwell. Sorry about that.] On 09/09/11 10:36, Gregory Maxwell wrote: > On Fri, Sep 9, 2011 at 6:14 AM, Gozu-san wrote: >> Alternatively, one could run Tor on VMs that can only access the >> internet via OpenVPN-based "anonymity service

Re: [tor-talk] Dutch police break into webservers over hidden services

Alternatively, one could run Tor on VMs that can only access the internet via OpenVPN-based "anonymity services". OpenVPN clients can be run on physical routers, with tunnels routed to physical LANs that lack management access. Even if attackers manage to compromise VM hosts, getting real externa

Re: [tor-talk] How to set up a site on hidden service?

On 11/08/11 11:59, and...@torproject.org wrote: > On Wed, Aug 10, 2011 at 07:17:06AM +, jbrownfi...@gmail.com wrote 0.9K > bytes in 25 lines about: > : I intend to set up a web-site under Tor hidden service. > : I installed thttpd and set up that web-server and the tor-hidden server > : as it

Re: [tor-talk] Thunderbird, GMail and Tor - is it safe?

On 09/08/11 16:49, cmeclax-sazri wrote: > I have a Gmail account that I created through the web using > Tor; it was immediately flagged as suspect as soon as I > finished. How do you use Thunderbird with Gmail? Although gazeta.pl is a Google remarketer, it AFAIK does (or did, anyway) allow creati

Re: [tor-talk] Designing a secure "Tor box" for safe web browsing?

As the router for a VirtualBox internal network, ra's Tor gateway VM does basically what you describe. You could route that to a physical NIC on the host. Or you could replicate the setup in a Soekris etc box. JanusVM might also work for you. Basicall