guys is, what would the filter be
doing to break Meek?
The funny thing is that I don’t think it’s breaking Meek on purpose.
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor
Actually, you’re totally wrong. According to a top secret NSA document, which
you can view online:
Tor is the king of high secure, low latency anonymity. No contender awaits the
throne.
That would clearly indicate that you know absolutely nothing about Tor, Onion
routing, or anonymity in gener
use. If I type in
an OBFS4 address will Orbot/Tails know that it needs to connect to the bridge
using OBFS4?
Thanks everyone,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor
the commands and an
example that would be great.
> On Nov 1, 2015, at 7:55 AM, I wrote:
>
>> ..because I am
>> visually impaired so I figured the screen reader will read the command
>> line to me because the graphical way is inaccessable with Orca.
>> Justin
&g
ECC?
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
going after me, I will use
Tails. That should certainly stop them.
> On Nov 20, 2015, at 4:33 PM, Ivan Markin wrote:
>
> Justin Davis:
>> Just to give more information, the
>> attack will be done by having every network user install a root cert
>> in our browsers.
>
ote:
>
> Justin:
>> Also, I have no option but to keep the cert because if I don’t the
>> filter may use DPI to block TLS for me.
>
> Funny! I mean that you're already have no TLS, because actual TLS is
> terminated at your ITDep. You should remove these CAs - you ha
Allen,
SSH is probably more dangerous than OBFS4 because it coulee be detected with a
DPI fingerprint. They might question that. I think Tor with transports is
good.
> On Nov 20, 2015, at 5:16 PM, Allen wrote:
>
>> You should remove these CAs
>
> Or they might fire you. IMO, you want to st
Hello,
I won’t get into trouble because I’m not using regular Tor. I’m using
pluggable transports, which hide the Tor traffic and make it unrecognizable to
a DPI box. This should be good enough even if Meek’s TLS is broken.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscrib
Hello,
I know. OBFS4 makes the traffic unrecognizable to a DPI unit. That’s why I
switched from Meek to it.
> On Nov 21, 2015, at 4:14 AM, Ivan Markin wrote:
>
> Justin:
>> I won’t get into trouble because I’m not using regular Tor. I’m
>> using pluggable transport
Hello,
You would be correct normally, but at school, I know the IT guy very well. I
have calculated that he is probably too lazy to check his logs. He usually
doesn’t check things out until someone tells him that a problem is occurring.
Even if Meek-Google is broken, I got more information f
the Amazon and Azure versions
may be broken. Should they all be broken, I will switch to another transport.
> On Nov 21, 2015, at 5:26 PM, Ivan Markin wrote:
>
> Justin:
>> I have calculated that he is probably too lazy to check his logs.
>
> Dangerous! What will happen i
Hello,
I’m not sure what the answer to your question about regular Tor is. When it
comes to Obfsproxy changing the 586 byte size, it’s to evade filters that use
that to help block Tor. The other packet length fluctuations would indicate
that Obfsproxy makes the sizes of packets different so th
Ok? I’m just going to say that the article has nothing to do with Tor.
> On Nov 29, 2015, at 9:45 AM, Bob wrote:
>
> Dear list,
>
> A shocking incident in software industry has been reveled recently. I'm
> sharing it here so that more people can support the cause.
>
> https://www.change.org/
Hello,
You’re partially correct when you say don’t take the metrics as real users.
Some of them may be bots, but can you please give us a link to an article about
those events that you discussed? I really doubt that 1.5 million bots are
using Tor everyday by the way.
> On Jan 2, 2016, at 2:32
Hi all,
I wonder if the Chinese are going to try and man in the middle Meek to block
it? Does anyone here think that would happen, why or why not? Also, I wonder
what would cause their filtering systems to mess up?
Thanks.
> On Feb 8, 2016, at 7:21 PM, Nathan Freitas wrote:
>
> On Mon, Feb 8
ng. I will have to wait a wile until I do this, because the school
year hasn’t ended yet. I’m sending out this message to alert Tor users of the
new threat and also to see what some solutions may be, E.G new transports in
the works.
Thanks, and stay safe.
Justin.
--
tor-talk mailing list - to
Hi,
I was wondering does anyone have a list of countries that are currently
blocking Tor?
I know China, Ethiopia, Iran are doing it but I think I may have missed one or
two others.
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings
Wow. I wonder if they’re going to ask Bluecoat for help on that so they can
nail the vanilla bridges next? I hope not. Thanks.
> On May 25, 2016, at 5:04 PM, Green Dream wrote:
>
> It's been reported here that Mexico's largest ISP is blocking exits and
> directory authorities.
> --
> tor-ta
Are they using DPI? If so, what company sold them the filter?
> On May 25, 2016, at 5:55 PM, Chris wrote:
>
>
>> I was wondering does anyone have a list of countries that are
>> currently blocking Tor?
>> I know China, Ethiopia, Iran are doing it but I think I may have
>> missed one or two oth
Hi,
From what I know, you’re correct. The Chinese use a lot of people to get
bridges, or maybe they created a bonnet that can do it for them, either way
they’ve done exactly what you said. They have managed to block the automated
bridge distribution methods.
> On Jul 8, 2016, at 10:49 AM, gdf
Hi,
That’s not surprising. Wonder if we’ll see other filtering companies start
blocking Meek this way.
> On Jul 24, 2016, at 3:04 AM, David Fifield wrote:
>
> Recently, we had reports of Cyberoam firewalls blocking meek by TLS
> signature:
> https://lists.torproject.org/pipermail/tor-talk/2016
TLS signature. Meek-Amazon gets
stopped at 25% of bootstrapping, and I’m not sure what Cyberoam is
fingerprinting. Any ideas?
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman
Meek works on Orbot still. I wonder why?
> On Aug 1, 2016, at 8:36 AM, Nathan Freitas wrote:
>
> On Mon, Aug 1, 2016, at 09:31 AM, Justin wrote:
>> I’ve been conducting some more tests against a Cyberoam with Meek, and
>> over the past two weeks, they have managed to
is recognized and blocked by DPI equipment from Cyberoam. Keep in
mind this is Vanilla Tor, no PT are used.
Thanks very much,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor
Hi,
Will there be any new pluggable transports released soon? I ask because most
DPI boxes that are in use are able to block OBFS4 and Meek. If new transports
are coming out, when? Also, where can I see more information about them?
Thanks,
Justin.
--
tor-talk mailing list - tor-talk
Hi,
I think Dpi boxes are fingerprinting OBFS4 because of it’s randomness. A paper
was published a wile ago that talked about the same type of attack. It’s on
https://sensorbib.nymity.ch <https://sensorbib.nymity.ch/>
Thanks,
Justin.
> On Aug 18, 2016, at 11:34 AM, Ivan Mark
Hi,
Not too long ago, a paper was published that talks about how Tor users can be
deanonymized through their DNS lookups. Is this something I should be concerned
about?
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https
mode 1 and
2 worked no matter how much load the bridges had on them.
Hopefully this information can help people understand a little more about how
these transports are filtered.
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
016, at 3:13 PM, Flipchan wrote:
>
> Did u only try to connect to a bridge and proxy data throw it?
>
> Justin skrev: (17 november 2016 12:16:49 CET)
>> Hi everyone,
>> I’ve been doing research to see how some of the pluggable transports
>> are getting blocked w
Hi,
I’m curious about the iat-mode in obfs4. What is the difference between
iat-mode 1 and 2?
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
ry of every running
client. There's nothing secret about it. As far as blocking exit nodes,
the Tor DNSBL is publicly provided for this reason precisely.
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torp
which are allowed connections in your iptables. The
connection to the site itself occurs at the exit node.
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
accounting limit,
leaving the rate uncapped unless Tor is interfering with your normal
internet activities (in which case, I'd set it to, say, 80% of your
provider's advertised bandwidth, or whatever else you find appropriate,
which will limit Tor enough to leave your internet connect
r tor log, everything
should be fine. Several nodes per IP (or even several nodes per box, if CPU
core usage is topping out before bandwidth usage) isn't terribly uncommon.
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
ht
efault behavior in Windows
packages is because the code used to randomize port selection seems to
trigger an inordinate number of antivirus warnings.
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
enServiceDirectory on the old
hardware to prevent duplicate server descriptors (which will result in
odd behavior, like your hidden service only being reachable some of the
time). If you plan to continue running a Tor node on the old hardware, a
new set of keys and a new
got me stumped. I'd like to know the solution if there is one, though.
[1] https://www.torproject.org/docs/tor-hidden-service.html.en
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On Sep 5, 2012, at 3:15 AM, Andreas Krey wrote:
> On Wed, 05 Sep 2012 02:15:21 +0000, Justin Aplin wrote:
> ...
>> ExitPolicy accept 127.0.0.1:*
>> ExitPolicy reject *:*
>>
>> This will allow exiting (connecting) to the local machine (where the hidden
>>
otice] This version of Tor (0.2.4.11-alpha) is newer than any
recommended version, according to the directory authorities.
Recommended versions are:
0.2.2.39,0.2.3.24-rc,0.2.3.25,0.2.4.5-alpha,0.2.4.6-alpha,0.2.4.7-alpha,0.2.4.8-alpha,0.2.4.9-alpha,0.2.4.10-alpha
Anything to worry about?
~Justin
m; the only thing that will happen is that IPv6
exits won't show up on Vidalia's map. Traffic won't be affected in any way.
[1] https://gitweb.torproject.org/tor.git/blob_plain/HEAD:/src/config/geoip6
~Justin Aplin
___
tor-talk mailing
is the magic
checkbox you're looking for. (All this assumes you haven't changed any
of the default ports).
But really, a simple Google search of " over Tor"
or similar will yield you much more specific results, with pictures,
even. The question is so gener
I've been running "Japnonymous" on a 10.4 ppc machine using this
package for some time now. Haven't run into any issues yet (Full
disclosure, I don't use Polipo at all, only Tor and Vidalia).
~Justin Aplin
On Mar 31, 2011, at 12:18 PM, Erinn Clark wrote:
Hell
example, to visit "torproject.org" and route your traffic through the
"blutmagie" exit, you would enable torbutton and point your browser to
http://torproject.org.6297b13a687b521a59c6bd79188a2501ec03a065.exit
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
I'm actually not sure why that happens; I'm guessing it's a security feature
not allowing domain redirections. A technical explanation would be appreciated,
if anyone happens to know :-)
~Justin Aplin
___
tor-talk mailing list
tor-tal
ill install the latest 0.2.2.x package
available. (There may be a delay between source releases and package releases.)
If you want the alpha branch, I believe you'll have to build it yourself.
Sources are available at http://torproject.org/dist if you feel like venturing
into that territory.
//addons.mozilla.org/firefox/downloads/latest/722/addon-722-latest.xpi?src=browse
And TorButton:
https://www.torproject.org/dist/torbutton/torbutton-current.xpi
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/
On Jul 10, 2011, at 11:12 PM, hi...@safe-mail.net wrote:
> Original Message
> From: Justin Aplin
>
>> HTTPS transport should prevent the type of modification you're talking
>> about, so just double-check your URIs before downloading anything.
SocksPort.
I don't have TorButton to fenangle with on this computer, but I'm sure
somewhere in its options or in about:config you can change the port it looks
for Polipo on, or plug it directly into Tor's socks port if you're not using
Polipo.
The ultimate goal here is to h
On Aug 15, 2011, at 9:37 AM, Joe Btfsplk wrote:
> On 8/14/2011 7:47 PM, Justin Aplin wrote:
>>> something like an option / preference "don't close TBB when Firefox closes"
>>> sounds like a solution. Technically, it'd be "don't close Tor / Vi
s. This applies to Tor as well, since the alpha and beta branches tend
to crash more frequently than the stable branch does. But since the alpha and
beta branches tend to include new features, and since the majority of new
features in Tor are geared toward improving security, the
E account has permission
to read the torrc (which could be an issue if it's in one of your personal home
folders), and making sure DataDirectory is declared in your torrc (to ensure
the same keys are being used every time).
This is covered in a bit more detail in this archive thre
dventurous, you could add the parameters in manually by going to the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tor key in the registry,
finding the entry that contains the --nt-service tag, and adding "-f"
"C:\blah\torrc" to the tail end of it. Alternatively, you could guess
mic/main/binary-i386/Packages.gz
> 404 Not Found [IP: 86.59.30.36 80]
>
> What should I change my update source to?
Use the Lucid repos, or use the instructions here to build your own .debs:
https://www.torproject.org/docs/debian.html.en#source
~Justin Aplin
be able to specify
a particular *exit* in the address bar, check out the AllowDotExit entry
in the manual. Picking a particular *entry* node, as far as I know,
would require you to use the Bridge and UseBridges entries in your
torrc, which isn't nearly as flexible.
~Justin Aplin
Best,
K
27;t you change the system default torrc, instead of manually pointing it
at your custom one? Or if that's not possible, then change the system startup
script for tor to include a command-line option pointing to your custom torrc?
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
ve found that your view of ethics clearly does not match
many others' on the internet, and have since taken your node(s) down, why is
this still an issue?
Mike's advice is really the best way to go here.
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
ewall. Technically, each node you run should have each of the
other's fingerprint(s) in the MyFamily option of their torrc, but since tor
never builds circuits within the same /16 subnet anyway, a circuit will never
be built with two nodes coming from the same IP. Otherwise, the authorities
don't care at all.
Thanks for contributing!
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
When the red onion is up does it mean that people are
> actually still using my bridge, or that Vidalia's just waiting for the
> shutdown timeout to run its course?
As far as I know, the red icon indicates the former, as my nodes have a 30
sec
On 2/15/2012 3:31 PM, eliaz wrote:
Thanks, this gives me someplace to start.
On 2/15/2012 1:52 PM, Justin Aplin wrote:
On Feb 15, 2012, at 12:48 PM, eliaz wrote:
I've set ShutdownWaitLength to 30 minutes in torrc.
If this is actually set to 30 minutes, and not 30 seconds, I believe
t
The link to the win32 expert bundle on the project website is broken and
should be corrected to
https://www.torproject.org/dist/win32/tor-0.2.3.12-alpha-win32.exe
Thanks,
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
158.169.9.30)
ns2bru.europa.eu (158.169.131.32)
ns1lux.europa.eu (158.169.9.11)
ns2eu.bt.net
ns1.bt.net
ns1.be.colt.net
Keys:
Please visit www.eurid.eu for more info.
- --
Best Regards,
Justin Bull
E09D 38DE 8FB7 5745 2044 A0F4 1A2B DEAA 68FD B34C
-BEGIN PGP SIGNATURE-
It would appear "PRISM-proof" is the new "military grade".
Brace yourselves, snake oil is coming.
Sent from mobile.
On 2013-10-28 1:47 AM, "Michael Wolf" wrote:
>
> It still runs in a VM on stock x86 hardware... what stops the
> NSA/provider from viewing the virtual CPU's state, retrieving the
technologies that could potentially resist NSA attacks and I appreciate
your efforts in that matter.
I've CC'd the list on the chance others interpreted my curt, snarky reply
the same way.
[0]: With the exception of one-time pads, of course ;-)
On Tue, Oct 29, 2013 at 2:24 PM, Oded Ho
Hello,
I actually figured out the problem a couple of days ago. The sensor
is changing the Google.com URL to something odd that I think may
affect the TLS. So instead of fronting www.google.com, I told Tor
Browser to front gmail.com and it worked.
Thanks for the information,
Justin.
On 10/21/15
sually impaired so I figured the screen reader will read the command
line to me because the graphical way is inaccessable with Orca.
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Hello,
When I try to use FTE bridges from the bridge db email service, they
don't work. Keep in mind I've only tried this once, but has anyone
else had this issue with FTE or any other pluggable transport bridges
given out from bridge db?
Thanks,
Justin.
--
tor-talk mailing list
Hello,
I just learned that the IT department of an organization where I am
will begin mass decryption on TLS traffic. Would this effect the use
of the Meek pluggable transport? Just to give more information, the
attack will be done by having every network user install a root cert
in our browsers.
ements they are welcome.
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
ements they are welcome.
Thanks,
Justin.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
which will suppress the console
messages that are produced before the torrc is parsed.
~Justin Aplin
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
ding from the start, the original project was started by the
military.
This is well-known, publicly-available, and frankly, *old* information.
Of course, Tor is in open-source project, so you're welcome to peruse
the source for any backdoors and compile it for yourself, just to be sure.
~Ju
elf
for tor routing?
I've never used DD-WRT, but off the top of my head I would say it's
because OpenWRT has a persistent file system and a package manager,
whereas DD-WRT doesn't (which makes installation a pain in the ass, and
you'd lose your Tor install with every reb
75 matches
Mail list logo
