Re: [tor-talk] When you forget to pay your Internet Bill,

On Sun, Feb 08, 2015 at 03:42:52PM -, atoru...@mail2tor.com wrote: > Anyways Tor Browser was very useful to me. > > I just wanted to thank everyone in the Tor Community for developing such a > great product. > > I'm not writing this to say Screw Your Provider and Never Pay A Bill Again > but

Re: [tor-talk] Removal of Vidalia content from our website

On Mon, Feb 09, 2015 at 05:09:00PM +0100, intrigeri wrote: > Kevin wrote (09 Feb 2015 15:59:53 GMT) : > > Why is it no longer supported? > > Because there are better options for the use cases the Tor Project is > actively supporting, and nobody has volunteered to maintain Vidalia > upstream in the

Re: [tor-talk] Using Tor Hidden Services as Time Source

On Fri, Feb 06, 2015 at 10:41:46PM +, Patrick Schleizer wrote: > We want to get rid of SSL and make use of the strong security properties > of Tor's end-to-end encryption for Hidden Services in order to safeguard > against clearnet SSL MITM attacks, which are within reach of powerful > adversar

Re: [tor-talk] Who said it takes hours of latency to fix anonymity?

On Sun, Feb 15, 2015 at 11:55:09AM +0100, carlo von lynX wrote: > I'm sorry to disturb with this, but I am being confronted with > hearsay about Roger D. having said that it would take latencies > in the order of hours to fully make communications impossible > to shape and correlate. And that hears

Re: [tor-talk] Tor over SSH (torsocks) (?)

On Sun, Feb 15, 2015 at 09:22:25PM +, blo...@openmailbox.org wrote: > I want to login to my VPS over SSH. > > Is torsocks still a safe way to do this? A lot of the documentation > (such as it is) is several years old. I believe many people happily use torsocks and rely on it. It's just as saf

Re: [tor-talk] Tor on Arm Device

On Wed, Feb 18, 2015 at 02:38:42AM +0100, ma...@wk3.org wrote: > On Tue, 17 Feb 2015 20:21:54 -0500 > t wrote: > > > I've already installed NoScript & HTTPS Everywhere... but how else can I > > secure my local copy of Firefox to match the security offered by the > > pre-assembled Tor Brower? > >

Re: [tor-talk] Tor isn't opening a listening port...

On Thu, Apr 02, 2015 at 06:54:56PM -0500, Cypher wrote: > Hello Everyone, > > I'm configuring two hidden services on the same box (Ubuntu 14.04). In > my torrc I have the following four lines: > > HiddenServiceDir /var/lib/tor/first_hidden_service/ > HiddenServicePort 127.0.0.1: > > Hid

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

On Fri, Apr 17, 2015 at 05:38:37PM +0100, Thomas White wrote: > there is some references to DARPA collaborating with some > developers from Tor Project. I'd like to ask the developers of Tor to > clarify what this involvement entails and why effort is being put > towards a LE tool instead of workin

Re: [tor-talk] SIGAINT email service targeted by 70 bad exit nodes

On Thu, Apr 23, 2015 at 03:03:57AM -, supp...@sigaint.org wrote: > Today we reported 58 bad exit nodes to Philipp. He instantly found 12 more > that > we had missed, and there may be even more of them. (Thank you, Philipp!) Thanks for reporting them. Exciting times we live in. Philipp, could

Re: [tor-talk] always get the same entry node

On Wed, Apr 29, 2015 at 08:29:06AM +, e...@tutanota.com wrote: > Hello, > > I am using Ubuntu 14.04 and Tor Browser Bundle 4.5.  With the new Tor Button > feature I have discovered I always get the same entry node, is this normal? > > I have tried the following > - New Identity via Tor Butto

Re: [tor-talk] German University signs up 24 tor relays

On Tue, May 05, 2015 at 04:33:24PM +0200, Asya Mitseva wrote: > I am a master student at RWTH Aachen University and I am doing a > research on Tor as a part of my master thesis. I had to start a few > relays for my work and I will keep them running for some period of > time. > > In case of problem

Re: [tor-talk] Making a Site Available as both a Hidden Service and on the www - thoughts?

On Sun, May 17, 2015 at 11:26:41AM -, Ben wrote: > I've got a (www) site that I'm debating making available as a Hidden > Service, and I was wondering what peoples thinking on doing this was > nowadays. Hi Ben! Great list of topics. For your first one, I'll paste my paragraph from the earlier

Re: [tor-talk] reverse enumeration attacks on bridges (re: 100-foot overview on Tor)

On Wed, May 20, 2015 at 06:48:52PM +0300, s7r wrote: > Speaking of, it's a long time I have been asking myself this, why does > a bridge with PT need a publicly open ORPort? > > I understand it for a regular bridge, no PT, but when I use PTs why > should I also open the ORPort publicly? I understa

Re: [tor-talk] A thought experiment on direct action

On Thu, May 28, 2015 at 10:05:26AM +0100, Just Talkin' wrote: > All this would be very abusive of other people's paid-for Internet > connections, and very anti-social! Sounds to me like a great way to make more people think that Tor exit relays are immoral antisocial things, and that anything rela

Re: [tor-talk] Are there any performance benefits for clients to use IPv6 over IPv4?

On Thu, May 28, 2015 at 07:48:18PM +0800, Virgil Griffith wrote: > If so can initiate making all tor2web clients use IPv6 by default. Hi Virgil, Can you clarify what you mean here? Do you mean having the websites that run tor2web return records when you resolve them? Do you mean having the

Re: [tor-talk] What's better than Tor for criminals?

On Sat, Jun 06, 2015 at 04:20:22PM -0400, Charlie Belmer wrote: > I always took it to mean using malware infected hosts, rootkits, and C&C > servers to do the dirty work, which not only makes you hard to trace, but > can also point investigations at the infected host. > > On Sat, Jun 6, 2015 at 4:

Re: [tor-talk] Why are 2 Middle Nodes appearing in my circuits (4 total nodes)?

On Thu, Jun 11, 2015 at 12:11:03AM +0200, greggv...@ruggedinbox.com wrote: > So 4 nodes total in a circuit -- (1 entry, 2 middle, 1 exit). My guess is that this is an internal circuit, e.g. one used for onion service connections. Tor circuits are "3 hops plus the number of hops that are sensitive,

Re: [tor-talk] Private Bridge

On Sun, Jun 14, 2015 at 09:30:06AM +0430, Farbod Ahmadian wrote: > I live in Iran and we have so many censorship because of that i use Tor in > Ubuntu. Sounds great. I'm glad it's (mostly) working for you. > I use this bridge's but they haven't good speed and some times can't > connect to server:

Re: [tor-talk] Panda antivirus now thinks Tor.exe is a virus

On Tue, Jun 16, 2015 at 06:28:48PM +0200, aka wrote: > VT says it's not detected by Panda, so might be a behaviour detection: The behavior detection aspect is especially vexing here -- many antivirus tools have a "Not enough of our users have told us about this exe yet, therefore it is scary by de

Re: [tor-talk] Some Tor downloads are 0 byte in size

On Tue, Jun 16, 2015 at 06:19:55PM +0200, aka wrote: > https://dist.torproject.org/torbrowser/4.5.2/tor-win32-0.2.6.9.zip > https://dist.torproject.org/torbrowser/4.5.2/torbrowser-install-4.5.2_it.exe > > accessed via TBB using HTTPS You're right! https://bugs.torproject.org/16391 looks like the

Re: [tor-talk] Matryoshka: Are TOR holes intentional?

On Thu, Jun 18, 2015 at 12:02:45AM -0400, grarpamp wrote: > We also need to take a serious look at TOR, and > without emotional bias, consider if a serious flaw was designed in. "Traffic analysis is the first hole plugged by Matryoshka, but ignored by TOR." I couldn't figure out how to actually

Re: [tor-talk] Important Information for TorBirdy Users: OS upgrade (might) results in failure to mask timezone (observed on Fedora20-21 Qubes OS R2)

On Mon, Jun 22, 2015 at 10:14:45PM +0200, torbirdy...@ruggedinbox.com wrote: > @TorProject: the 'cypherpunks' account is not working, could you > enable it agains so that people can use it? Fixed; sorry for the trouble. (I recommend sending more direct mail in the future, rather than tucking it a

Re: [tor-talk] Circuits in Orbot

On Tue, Jun 23, 2015 at 04:27:43PM -0400, forc...@safe-mail.net wrote: > Hello! > > I am using Orbot for Android and was surprised to see that circuits are up to > 5 nodes. I remember having read that TOR would not be more secure (and even > could be UNsecure) if it would use more than 3 nodes t

Re: [tor-talk] Clear net and Tor site on the same server

On Fri, Jun 26, 2015 at 04:17:37PM -0400, Tyler Hardin wrote: > Why is it suggested not to do this? Does it matter as long as I'm not at > all concerned about privacy? I want to run a wallet-less bitcoin node and > thought I might as well make it accessible via Tor, however it definitely > isn't wo

Re: [tor-talk] Warning: 255 fake and booby trapped onion sites

On Tue, Jun 30, 2015 at 12:40:52AM +0100, Geoff Down wrote: > Good catch. > They are definitely rewriting specific onion addresses wherever they > find them e.g. > http://tor.stackexchange.com/questions/4619/how-do-i-find-onion-sites > also. They're not actually exiting from 185.77.129.189, but fro

Re: [tor-talk] Suggestion, hard-coded related domains

On Wed, Jul 01, 2015 at 12:33:19AM -0700, Ryan Carboni wrote: > Many websites operate their own CDN. Under the current Tor system each > unique domain name is routed to an exit node. The obvious problem is that > this provides another angle of attack for deanonymizing users if there are > multiple

Re: [tor-talk] help needed to stress-test an onionbalanced HS - everyone is invited

On Thu, Jul 02, 2015 at 11:10:03PM +0200, Frédéric CORNU wrote: > running : > watch -n 20 wget -O /dev/null http://eujuuws2nacz4xw4.onion/ I should point out that this approach should do one rendezvous with the onion service, and then re-use that circuit for each following request, until the circu

Re: [tor-talk] Tor v4.5.3 infected??

On Sun, Jul 05, 2015 at 01:30:15PM +, oric wrote: > I want to report a virus infection when upgrading to Tor v4.5.3. It sounds likely to be a false positive: https://www.torproject.org/docs/faq#VirusFalsePositives > I re-installed v4.5.1 and will not perform > any more updates!! That is a v

Re: [tor-talk] Tor 0.2.4.15-rc is out -- please test!

On Wed, Jul 03, 2013 at 02:05:14PM -0400, Roger Dingledine wrote: > Tor 0.2.4.15-rc is the first release candidate for the Tor 0.2.4.x > series. It fixes a few smaller bugs, but generally appears stable. > Please test it and let us know whether it is! > > https://www.torp

Re: [tor-talk] Will Tor affect Internet Explorer? (newbie question)

On Sat, Jul 13, 2013 at 02:48:40PM -0700, Scott MacLeod wrote: > How does Tor/Vidalia handle the issue of one's computer recording one's own > key strokes unbeknownst to the end user Not at all. Tor is a socks proxy, and Tor Browser Bundle is that plus a Firefox fork which, if you use it correctly

Re: [tor-talk] Will Tor affect Internet Explorer? (newbie question)

On Sat, Jul 13, 2013 at 08:09:04PM -0400, Gabrielle DiFonzo wrote: > Socks proxy? Firefox fork? Can somebody give me a glossary? It's great that there are so many new people learning about Tor these days. But on the other hand, Tor (like security in general) is still one of those things that takes

Re: [tor-talk] Will Tor affect Internet Explorer? (newbie question)

On Sat, Jul 13, 2013 at 08:39:15PM -0400, Roger Dingledine wrote: > It's great that there are so many new people learning about Tor these > days. But on the other hand, Tor (like security in general) is still > one of those things that takes some effort to learn about -- you have &g

Re: [tor-talk] Would Conflux have a positive effect against website fingerprinting?

On Sun, Jul 14, 2013 at 11:28:25AM -0700, Mike Perry wrote: > > Supposing it is applied does it help to prevent website fingerprinting > > to a high extend? (high extend = being costly to circumvent by adversaries) > > This was my estimation, too. Against passive adversaries, it should do > quite

Re: [tor-talk] NSA, Tempora, PRISM And Company always know who is behind Tor?

On Fri, Jul 19, 2013 at 01:54:24AM +0200, F Fake wrote: > NSA, Tempora, PRISM And Company can always look who is behind Tor? No. > They know the real IP of every Tor user every time they use Tor? Probably not. Your first question was "Can Tor defeat NSA, Tempora, PRISM?" and the answer to that

Re: [tor-talk] NSA, Tempora, PRISM And Company always know who is behind Tor?

On Thu, Jul 18, 2013 at 09:31:21PM -0300, Juan Garofalo wrote: > >> They know the real IP of every Tor user every time they use Tor? > > > >Probably not. > > Why not? Don't they monitor enough internet traffic to know what the > users are doing? Don't all ISPs either work for the NSA, or

Re: [tor-talk] Hidden Service Scaling --- How bad is it?

On Fri, Jul 19, 2013 at 01:09:23AM +, Andrew F wrote: > I read on the tor blog that Hidden services do not scale well and there are > several potential attack vectors on hidden services. Also, they are very > slow.How slow are we talking? https://trac.torproject.org/projects/tor/ticket/25

Re: [tor-talk] Youtube becoming unusable

On Mon, Jul 29, 2013 at 10:11:42PM -0400, krishna e bera wrote: > In the last few weeks, i have encountered captchas almost every session > i go onto Youtube. Is this a consequence of the decision to raise the > required bandwidth bar for "fast" relays, so that more connections come > from fewer e

[tor-talk] Help wanted: bug when using a public relay as a bridge?

Long ago we had a bug where your Tor client would crash or assert if you configure a public relay to be your bridge: https://trac.torproject.org/projects/tor/ticket/1776 We think we accidentally got rid of the problem when we switched to the microdescriptor design in Tor 0.2.3.x. I've asked Nick

Re: [tor-talk] HS drop

On Mon, Aug 05, 2013 at 01:27:25AM -0400, grarpamp wrote: > On Sun, Aug 4, 2013 at 12:42 AM, grarpamp wrote: > > Noting what is apparently a very large drop in the number of onions > > online. Still checking... > > Estimating dropout at about 400 onions or 1/3 of total. How are you estimating 't

[tor-talk] Tor security advisory: Old Tor Browser Bundles vulnerable

SUMMARY: This is a critical security announcement. An attack that exploits a Firefox vulnerability in JavaScript [1] has been observed in the wild. Specifically, Windows users using the Tor Browser Bundle (which includes Firefox plus privacy patches [2]) appear to have been targeted.

Re: [tor-talk] Javascript vs privacy?

On Wed, Aug 07, 2013 at 09:28:17AM +0200, Jon Tullett wrote: > is there scope for better communicating to a user > (such as in the Tor browser homepage) that JS is enabled to improve > their browsing experience and enhance privacy, but it may open them to > (another) attack and here's how it can b

Re: [tor-talk] Verifying Tor packages.

On Wed, Aug 07, 2013 at 02:32:47PM +0200, Frithjof wrote: > Neither sha1 sums, nor PGP signatures depend on the file > name of the file to be verified. This allows some kind of replay > attack: If I can get a user to download from my side, I could choose > an old version of the TBB with some known

Re: [tor-talk] Tor Check Problem?

On Thu, Aug 08, 2013 at 08:10:31PM -0400, Webmaster wrote: > anyone know whats going on with tor check? > > > Sorry, your query failed or an unexpected response was received. > > A temporary service outage prevents us from determining if your > source IP address is a Tor

Re: [tor-talk] Secure email with limited usable metadata

On Fri, Aug 09, 2013 at 06:50:08AM -0400, grarpamp wrote: > > here's to hoping TorMail stays dormant... > > ..I don't agree. It will be a long time before anything > replaces traditional email worldwide. While I don't really have an opinion on whether this service should stay dormant, I do hope t

Re: [tor-talk] So what about Pirate Browser?

On Sat, Aug 10, 2013 at 07:29:39PM +, Matthew Finkel wrote: > The one thing I always think about when I hear about the comparison of > censorship circumvention vs. anonymity[0] is something I once heard (maybe > from Jake or Roger, I apologies for not having a citation), Jake and I tried to em

Re: [tor-talk] So what about Pirate Browser?

On Sat, Aug 10, 2013 at 08:03:38PM +0200, Randolph D. wrote: > urgh, another Firefox mashup? Well, at least they didn't try to shmush the word Tor into the name. More power to them, I say. Though I would also recommend that they get in touch with Mike, Erinn, and others about the Tor Browser Bund

[tor-talk] Tor 0.2.4.16-rc is out

Tor 0.2.4.16-rc is the second release candidate for the Tor 0.2.4.x series. It fixes several crash bugs in the 0.2.4 branch. https://www.torproject.org/dist/ Changes in version 0.2.4.16-rc - 2013-08-10 o Major bugfixes: - Fix a bug in the voting algorithm that could yield incorrect results

[tor-talk] Updated "Why JavaScript is enabled" FAQ entry

Hi folks, I rewrote our two FAQ entries on JavaScript-in-TBB, and merged them into one: https://www.torproject.org/docs/faq#TBBJavaScriptEnabled Did I leave out any important points, or are there ways to make the issues clearer? (Please don't turn this into a "you should change the default you

Re: [tor-talk] obfsproxy failure: obfs3

On Wed, Aug 14, 2013 at 08:46:32AM -0700, lee colleton wrote: > The packaged version of tor complains about support for faster OpenSSL: > > Aug 14 15:26:52.000 [notice] Tor 0.2.4.16-rc (git-dcf6b6d7dda9ffbd) > opening log file. > Aug 14 15:26:52.000 [notice] We were built to run on a 64-bit CPU, >

Re: [tor-talk] obfsproxy failure: obfs3

On Wed, Aug 14, 2013 at 09:08:03AM -0700, lee colleton wrote: > There's a more serious issue in that my server doesn't appear to be > reachable. I've opened tcp:443,9001 along with the two specifiedobfsproxy > ports > > Aug 14 15:26:58.000 [notice] Bootstrapped 100%: Done. > Aug 14 15:26:58.000 [n

Re: [tor-talk] Can I use a non-Tor exit node?

On Thu, Aug 22, 2013 at 03:56:27PM -0600, Jim wrote: > ziggy wrote: > > I use a service that doesn't allow Tor. But I'd like to use Tor anyway, > > except at the end of the path where, hopefully, there is a way to use an > > exit that won't be detected as Tor. Is something like that possible? > >

Re: [tor-talk] Run the shell script

On Fri, Aug 23, 2013 at 08:31:26AM -0400, krishna e bera wrote: > On 13-08-23 06:46 AM, ? wrote: > > Thanks much Seth for your effort and help but sadly I got the error > > "Permission denied". I've googled and found > > chmod +x start-tor-browser" but didn't worked, I think I've t

Re: [tor-talk] Isn't it time to ADMIT that Tor is cracked by now??

On Sun, Aug 25, 2013 at 05:05:26PM -0400, hi...@safe-mail.net wrote: > The US feds did actually take down FH, which was a HIDDEN SERVICE! They > found it and arrested the admin! Period! Reminds me of my response when in 2011 some Dutch police broke into a hidden service: https://lists.torproject.

Re: [tor-talk] Inquiry about Vidalia/Tor bundle

On Mon, Aug 26, 2013 at 05:58:22PM -0500, Missouri Anglers wrote: > I downloaded and installed "PirateBrowser" which is a Firefox browser >configured to use vidalia/tor. Not quite -- it is a bundle that includes a variety of software including Firefox, Vidalia, and Tor, configured in the way they

[tor-talk] Many more Tor users in the past week?

Hi folks, Check out https://metrics.torproject.org/users.html (for posterity, the longer-term link will be https://metrics.torproject.org/users.html?graph=direct-users&start=2013-05-29&end=2013-08-27&country=all&events=off#direct-users ) The number of Tor clients running appears to have doubled

Re: [tor-talk] Default clients to be non-exit relay LibTech x

On Wed, Aug 28, 2013 at 12:41:58PM -0700, Percy Alpha wrote: > > Every client has to download the full list of relays ("consensus") > > periodically. In areas with little connectivity, this already puts a > > high burden on clients. > > Griffin pointed out Tor could download only a portion of rela

Re: [tor-talk] Default clients to be non-exit relay LibTech x

On Wed, Aug 28, 2013 at 04:58:30PM +0200, Moritz Bartl wrote: > I'm not saying that it's impossible to make use of low bandwidth relays, > but it would need a careful design and new path selection mechanism. Take a look at "The Path Less Travelled: Overcoming Tor's Bottlenecks with Traffic Splitti

Re: [tor-talk] Many more Tor users in the past week?

On Thu, Aug 29, 2013 at 11:59:55PM -0400, Collin Anderson wrote: > Firstly congratulations Tor; secondly this seems pretty solvable with math > and what not. I downloaded the direct connecting users csv and created a > spreadsheet between the start of the month and the end. It seems that it > was t

Re: [tor-talk] Contents of PirateBrowser 0.6b

On Fri, Aug 30, 2013 at 04:29:18PM +, Matt Pagan wrote: > # Configured for speed Just for the record, the three lines here don't help speed much (or maybe at all). > ExcludeSingleHopRelays 0 This first line says it's ok to use relays that allow you to make one-hop circuits. Roughly speaking,

Re: [tor-talk] Contents of PirateBrowser 0.6b

On Sat, Aug 31, 2013 at 12:35:19AM -0400, krishna e bera wrote: > On 13-08-31 12:25 AM, Roger Dingledine wrote: > > On Fri, Aug 30, 2013 at 04:29:18PM +, Matt Pagan wrote: > >> # Configured for speed > > > > Just for the record, the three lines here don't h

Re: [tor-talk] Tor and Financial Transparency

On Fri, Aug 30, 2013 at 08:41:13AM -0400, Ted Smith wrote: > Until you can find a better funding source in the US than the DoD, > that's a reality we'll all have to live with. > > You should try calling your congressperson and asking them to support > legislation to defund the military-industrial

Re: [tor-talk] Many more Tor users in the past week?

On Sun, Sep 01, 2013 at 03:40:02AM +, mirimir wrote: > On 08/31/2013 08:22 AM, grarpamp wrote: > > >> Are these requests keyed to and counted towards unique clients > >> whether by ip > > > > Which is another thought, graphs are made from logs. If they're > > based on ip, and new ip's are sho

Re: [tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries

On Mon, Sep 02, 2013 at 11:35:22AM +1000, Erik de Castro Lopo wrote: > Hi all, > > Heads up on a new paper suggesting that its possible to unmask > Tor users using traffic correlation: > > http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf > > Code here: > > http://torps.github

[tor-talk] Roger's status report, August 2013

Six things I did in August 2013: 1) Wrote a security advisory for the "Old Tor Browser Bundles vulnerable" issue: https://lists.torproject.org/pipermail/tor-announce/2013-August/89.html and then posted it to the blog and helped to manage the confusion there (700+ comments!) https://blog.torpro

Re: [tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries

On Mon, Sep 02, 2013 at 03:22:33PM +, adrelanos wrote: > Roger Dingledine: > > And we really should raise the guard rotation period. If you > > do their compromise graphs again with guards rotated every nine months, > > they look way different." > > TBB relea

Re: [tor-talk] Roger's status report, August 2013

On Tue, Sep 03, 2013 at 05:17:49PM +0100, Graham Todd wrote: > Until this year, I was a student at the University of Kent, and you can > find the at: > > http://www.kent.ac.uk > > where I know some members of the Computer Science Laboratory were very > interested in Tor, which was the reason I go

Re: [tor-talk] Many more Tor users in the past week?

On Tue, Sep 03, 2013 at 11:06:54PM -0700, Asa Rossoff wrote: > Timeline through August 31 Hi Asa, Thanks for the timeline! Here are a few notes. > * February, a dramatic, roughly ten-fold decrease in Syrian directly > connnecting Tor users. This was a censoring event I believe. The vanilla Tor

[tor-talk] Tor 0.2.4.17-rc is out

Tor 0.2.4.17-rc is the third release candidate for the Tor 0.2.4.x series. It adds an emergency step to help us tolerate the massive influx of users: 0.2.4 clients using the new (faster and safer) "NTor" circuit-level handshakes now effectively jump the queue compared to the 0.2.3 clients using "TA

Re: [tor-talk] The reasoning behind the 'exit' flag definition

On Mon, Sep 09, 2013 at 07:25:06PM +, tagnaq wrote: > I'd like to understand why the exit flag is defined as it is. > > The current definition can be found in the directory spec [1]: > > " > "Exit" -- A router is called an 'Exit' iff it allows exits to at >least two of the ports 80, 443,

Re: [tor-talk] Updating Tor Browser Bundle

On Tue, Sep 10, 2013 at 06:12:40PM -0400, Nathan Suchy wrote: > Because chrome does not use Tor for DNS and that's an issue. > > > Is there a functional reason Tor uses Firefox for the TBB? I personally > > like Chromium, so I have the Tor packages installed in Ubuntu and use that > > system wide

Re: [tor-talk] Updating Tor Browser Bundle

On Wed, Sep 11, 2013 at 10:58:53AM +0100, Graham Todd wrote: > But does it use vanilla Firefox, or one of the variants such as > Iceweasel or IceCat? Vanilla. > I'm attempting to keep my distro totally free Vanilla Firefox is free. Unless you count people with trademarks as non-free, in which ca

Re: [tor-talk] Tor browser can be fingerprinted

On Wed, Sep 11, 2013 at 12:50:41PM -0400, Marthin Miller wrote: > 1024bit RSA keys which can be cracked in a few hours I believe this to be false currently. (But that doesn't mean we shouldn't fix it, because it will become true some time in the next few decades, and we don't know when that will

Re: [tor-talk] Your computer is too slow...

On Sat, Sep 14, 2013 at 07:36:34PM +0200, Sebastian Pfeifer wrote: > I now upgraded to Version 0.2.4.17-rc but it still crashes somehow, but > without writing anything related to the logfiles. > "Sep 14 10:26:05.000 [notice] Performing bandwidth self-test...done. > Sep 14 11:19:58.000 [notice] Circ

Re: [tor-talk] Tor companies

On Mon, Sep 23, 2013 at 01:14:17PM -0700, coderman wrote: > in addition "The Tor Project, Inc." there appears to be related: > > "Tor Solutions Corporation" - Tor Solutions Corporation in Walpole, MA > is a private company categorized under Website Design Services. Our > records show it was establ

Re: [tor-talk] development interests

On Mon, Sep 23, 2013 at 08:24:40PM -0400, David Green wrote: > I have -- for my own reasons -- stopped advancing my OS X machine's OS at > Tiger. I enjoy working with it and doing my small-time programming. I > have been exposed to 'tor' in the recent past and would really like to use > it on my

Re: [tor-talk] (no subject)

On Wed, Sep 25, 2013 at 05:32:32PM -0400, Nathan Suchy wrote: > Yes. You can download the Tor browser bundle which works fine on all major > linux distributions... Right. https://www.torproject.org/projects/torbrowser.html.en#downloads > On Sep 25, 2013 4:31 PM, "Robert K" wrote: > > http://www

Re: [tor-talk] (no subject)

On Wed, Sep 25, 2013 at 11:17:20PM +0100, Bernard Tyers - ei8fdb wrote: > This is true, but people will use what they can if they have >difficulties. Anything that helps people installed TBB must be useful, >right? No? As one example, if you're an activist in you maybe shouldn't get TBB from your

Re: [tor-talk] A new check

On Wed, Oct 02, 2013 at 02:47:37PM +0200, Philipp Winter wrote: > On Tue, Oct 01, 2013 at 06:21:19PM -0700, Arlo Breault wrote: > > We're considering launching a new check, > > https://check2.torproject.org/ > > How about changing "Your browser..." to "This browser..."? > > I believe that Andrew

[tor-talk] Tor 0.2.5.1-alpha is out

Tor 0.2.5.1-alpha introduces experimental support for syscall sandboxing on Linux, allows bridges that offer pluggable transports to report usage statistics, fixes many issues to make testing easier, and provides a pile of minor features and bugfixes that have been waiting for a release of the new

Re: [tor-talk] Silk Road taken down by FBI

On Thu, Oct 03, 2013 at 01:34:37AM +, mirimir wrote: > Wow. I just read the complaint :8 > > He was unfathomably stupid. Words cannot express how stupid he was. > > This has absolutely no relevance to the Tor network. We just put up a statement on the blog which basically says that: https://

Re: [tor-talk] Silk Road taken down by FBI

On Wed, Oct 02, 2013 at 11:17:08PM -0400, Jonathan D. Proulx wrote: > :https://blog.torproject.org/blog/tor-and-silk-road-takedown > > In many ways this is (or should be) a PR win for Tor. > > 1) No technical vulnerabilities were used (AFAWK) - this should be welcome > news to Tor users > > 2) T

Re: [tor-talk] Silk Road taken down by FBI

On Thu, Oct 03, 2013 at 03:25:23PM -0400, The Doctor wrote: > On 10/03/2013 01:49 PM, Ahmed Hassan wrote: > > One question is still remain unanswered. How did they locate > > Silkroad server before locating him? They had full image of the > > server before his arrest. > > Not sure. One hypothesis

Re: [tor-talk] Silk Road taken down by FBI

On Thu, Oct 03, 2013 at 08:12:25AM -0700, Gordon Morehouse wrote: > Here's my one teensy thing that bothers me, this bit of speculation > from Ars Technica: > > "The Tor Project, whose software enabled the Silk Road, noticed a > significant spike in usage in late August and was unable to explain >

Re: [tor-talk] Silk Road taken down by FBI

On Thu, Oct 03, 2013 at 08:58:57PM +, mirimir wrote: > So they did have the server before they knew who he was. Careful there -- while I assume they didn't lie in their affidavit, it's quite reasonable to assume that they investigated all sorts of things, all sorts of ways, and then afterwards

Re: [tor-talk] Silk Road taken down by FBI

On Fri, Oct 04, 2013 at 02:11:26AM +, mirimir wrote: > On 10/04/2013 01:54 AM, Juan Garofalo wrote: > > I'm wondering if I got this right: > > > > The NSA is supposed to be concerned only with 'national security' > > issues and can't spy on 'ordinary Americans'. In practice the NSA spi

[tor-talk] Guardian Tor article

Just to start off the new media frenzy thread. http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraf

Re: [tor-talk] Guardian Tor article

On Fri, Oct 04, 2013 at 11:38:10AM -0400, Roger Dingledine wrote: > (Did I miss any good links?) Ah, yes I did: http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change ot

Re: [tor-talk] Guard failing very large number of circuits

On Mon, Oct 07, 2013 at 06:17:32PM -0400, grarpamp wrote: > But I don't see that initial bump reflected in the below cutoff > field. Though I do think I see fewer entries now than in an earlier > run. > > Is CircuitBuildTimeout the right knob? > Should I bump NumEntryGuards and auto-distribute loa

Re: [tor-talk] still unable to reach StartPage or Ixquick

On Mon, Oct 07, 2013 at 05:18:17PM -0500, Joe Btfsplk wrote: > Haven't been able to reach StartPage or Ixquick sites or do search > for a week or more, in TBB 2.3.25-12. Can't even reach their home > pages through another search engine, like Google or Yahoo. > > ** Are others able to access these

Re: [tor-talk] funnel many computers through one TBB?

On Fri, Oct 11, 2013 at 09:45:16PM +0200, Moritz Bartl wrote: > On 10/11/2013 08:32 PM, Rhona Mahony wrote: > > Friend J doesn't want to install a Tor Browser Bundle on each of the 50 > > computers in his company. Can he install one TBB on his router and > > configure it so that it sends his emplo

Re: [tor-talk] New paper : Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries

On Sun, Sep 01, 2013 at 10:10:56PM -0400, Roger Dingledine wrote: > On Mon, Sep 02, 2013 at 11:35:22AM +1000, Erik de Castro Lopo wrote: > > Hi all, > > > > Heads up on a new paper suggesting that its possible to unmask > > Tor users using traffic cor

[tor-talk] Roger's status report, September/October 2013

Six things I did in September/October 2013: 1) Released Tor 0.2.4.17-rc: https://lists.torproject.org/pipermail/tor-talk/2013-September/029857.html including writing the fix to prioritize NTor handshakes so Tor 0.2.4.x remains usable despite the five million new bot users: https://trac.torproject.

Re: [tor-talk] Fwd: Can You Trust NIST?

On Fri, Oct 18, 2013 at 10:45:15PM -0400, Niels Elgaard Larsen wrote: > On 13-10-18 10:10 AM, Tom Goldman wrote: > >Recently, I stumbled upon a very interesting article at > >http://spectrum.ieee.org/telecom/security/can-you-trust-nist > > Does this mean that Tor could technically be weakened by t

Re: [tor-talk] New to list and questions about exit nodes

On Fri, Oct 25, 2013 at 06:01:51PM +1030, DeveloperChris wrote: > An acquittance of mine created a tor exit node, I know little detail > more than that other than he was banned by services such as skype > and ebay. and apparently the machine he used was hacked. Now I know > he is very security cons

Re: [tor-talk] TOR network topology

On Fri, Oct 25, 2013 at 12:17:57PM +, Mads Tinggaard Pedersen wrote: > I am a student writing my master's thesis. I am, among other things, > analyzing the degree of anonymity in a network and would like to investigate > real life examples of TOR networks. > However, all I could find is https

Re: [tor-talk] tor browser bundle uninstalled

On Fri, Oct 25, 2013 at 08:54:15PM +0100, e-letter wrote: > Readers, > > For some unknown reason, after installing an extension, the firefox > browser failed to start with the tor network activated. The error log > stated something about a port process being open. Totally depends what extension y

Re: [tor-talk] tor available for the iphone 5?

On Fri, Oct 25, 2013 at 05:24:27PM -0400, Nathan Freitas wrote: > >On Fri, Oct 25, 2013 at 8:40 PM, Tim Wilson > >wrote: > > > >> Is there a tor version available for the iphone 5? > >> Thank you > > See the Onion Browser open-source project and iOS app in iTunes. The >best option at the moment.

Re: [tor-talk] New to list and questions about exit nodes

On Sat, Oct 26, 2013 at 10:25:45AM +1030, DeveloperChris wrote: > I appreciate the links. I am trying to come up to speed in double > quick time. I have some pretty big plans where I hope to convince > lots of people too join Tor. but I cannot in all good conscience, if > it opens them up to any fo

Re: [tor-talk] Thoughts on Tor-based social networking?

On Sun, Oct 27, 2013 at 06:25:41PM -0400, Bill Cox wrote: > I want to support free speech and other Internet freedoms, but > unfortunately the world has lots of people who enjoy ruining it for > everyone else. Would it be possible to reduce the griefers by > having a social network of Tor based se

Re: [tor-talk] A question about hidden services and tor in general

On Sat, Nov 02, 2013 at 02:45:51AM -0700, Andrea Shepard wrote: > There's a whole circuit between the HS and the rendezvous point. You'd > have the same problem as trying to deanonymize a client from a subverted > exit node. Actually, technically, the analogy would be trying to deanonymize a clie

<    1   2   3   4   5   6   7   >