Hello graphics-inclined readers,
Among the October leaked slides:
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
http://www.washingtonpost.com/world/national-security/secret-nsa-documents-show-campaign-against-tor-encrypted-network/2013/10/04/610f08b6-2d05-11e3
On Sun, Nov 10, 2013 at 07:58:09PM -0500, gq wrote:
> I know change logs are included in packages but are they viewable
> online anywhere? Or do you have to download and extract/install the
> full package to see them?
Go to https://www.torproject.org/download/download
and click "Source code"
http
On Wed, Nov 13, 2013 at 10:28:54PM +, Graham Todd wrote:
> Is there any reason (other than the non-free status of Opera) why I
> should not use it with Opera? Or does Opera still have its non-free
> status? should Tor be used only with Firefox/iceweasel for some
> specific reason or is this sug
Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x
series. It takes a variety of fixes from the 0.2.5.x branch to improve
stability, performance, and better handling of edge cases.
https://www.torproject.org/dist/
Changes in version 0.2.4.18-rc - 2013-11-16
o Major features:
On Sun, Nov 17, 2013 at 10:03:34PM +0100, Sebastian G. wrote:
> Without answering any of your questions let me tell you that with the
> upcoming release of TBB 3.X, which should be in beta right now, the
> browser will no longer visit check.torproject.org
Almost true. check.tp.o will no longer be
On Sun, Nov 17, 2013 at 01:18:09PM +, Manfred Ackermann wrote:
> Install the tor browser bundle ... it starts with its own firefox instance
> with the tor browser check as startpage. At the firefox preferences of this
> instance you can exclude your shopping and bank websites so they won't be
>
On Sun, Nov 17, 2013 at 04:11:31PM -0500, and...@torproject.is wrote:
>
> Late Friday night on 15 November 2013, we switched to a new version
> of https://check.torproject.org. This version was written by Arlo to
> allow the site to better handle the daily load hitting the website.
Thanks Arlo fo
It would be wonderful if somebody here could step up and held lead
https://trac.torproject.org/projects/tor/ticket/10182
Here's the text of the ticket:
"According to https://www.torproject.org/press/press the last time
there was a meaningful article about Tor was July 1. This is very far
from the
On Tue, Nov 19, 2013 at 12:52:28PM +, sebiti wrote:
> I have a problem with my TBB installation. While in default Ubuntu
> 13.10 Firefox install and all other ubuntu programs I can input with
> the keyboard it's not working in TBB FF. In Vidalia it's also no
> problem. Just within FF nothing. N
On Sat, Nov 23, 2013 at 07:35:54AM +1000, Katya Titov wrote:
> The advantage that I see is that is there is no way to directly access
> a .onion site without using Tor, so it is a clear indicator that Tor is
> in use, visible to the user.
Not necessarily. Imagine a local network attacker who sees
On Sat, Nov 23, 2013 at 04:19:20AM +, anonymous coward wrote:
> Hello,
>
> I just see the options StrictExitNodes and StrictEntryNodes is deprecated?
>
> What is the correct syntax now to use fixed entry nodes and fixed exit
> nodes?
EntryNode $9695DFC35FFEB861329B9F1AB04C46397020CE31
ExitN
On Sat, Nov 23, 2013 at 07:42:23AM +0200, Sherief Alaa wrote:
> > I just see the options StrictExitNodes and StrictEntryNodes is deprecated?
>
> The correct syntax is:
>
> EntryNodes {node, node, ...}
> StrictNodes 0 or 1 #0 for disabled
No, you should not use StrictNodes with EntryNodes or Exit
On Sat, Nov 23, 2013 at 06:04:54PM +1000, Katya Titov wrote:
> > On Sat, Nov 23, 2013 at 07:35:54AM +1000, Katya Titov wrote:
> >> The advantage that I see is that is there is no way to directly
> >> access a .onion site without using Tor, so it is a clear indicator
> >> that Tor is in use, visible
On Thu, Nov 28, 2013 at 08:00:37AM -0200, Noilson Caio wrote:
> https://www.csis.dk/en/csis/blog/4103/
>
> I know that amplification attacks are not problems in the Tor network
> (Enter one
> bit comes out a bit). DDOS tools originated in the Tor network tend to clog
> the output nodes. Correct ?
Six things I did in November 2013:
1) Wrote a 2014 budget. Several of our current contracts ended in 2013,
so unless we can replace them we're going to be shifting back into the
more familiar "some funded people and many volunteers" model from a few
years back.
I updated the sponsors page to be m
On Wed, Dec 04, 2013 at 04:51:18PM -0800, James Marshall wrote:
> Thanks for the link to TBB's design document-- very useful. I haven't read
> it all, but I'm looking at section 2.2, "Privacy Requirements":
>
> 1) "Cross-Origin Identifier Unlinkability"-- so do sites with CORS or
> Content-Securi
On Sun, Dec 01, 2013 at 10:44:48AM +0100, Karsten Loesing wrote:
> I'm thinking about shutting down a service that is currently running as
> part of the metrics website:
>
> https://metrics.torproject.org/relay-search.html
[snip]
> The main feature that these two alternatives are missing is that
On Thu, Dec 12, 2013 at 09:07:17PM +, Geoff Down wrote:
> Thanks Roger,
> so if we're already running 0.2.4.18-rc there's no real need to change
> at the moment?
> GD
Correct.
--Roger
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
http
On Mon, Dec 16, 2013 at 06:35:56PM -0500, Michael Carbone wrote:
> I wanted to put the new 2014 Access Innovation Prize on your radar,
> which is a $50,000 award to a FOSS project or a collaboration of
> projects that focuses on improving the ???endpoint security??? of
> individuals and communities
On Thu, Dec 19, 2013 at 10:19:04PM -0800, Art McGee wrote:
> I've contacted the OS X packager before about this, but it seems to
> continually get messed up, the version reported by the bundle on OS X has
> reverted to 1.0. Is there some reason why, that the issue of the plist info
> version string
On Sat, Dec 21, 2013 at 03:57:19PM -0800, C B wrote:
> What happened to the Videlia control panel?
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle3FAQ#WheredidtheworldmapVidaliago
> What happened to javascript?
https://trac.torproject.org/projects/tor/wiki/doc/TorBrowserBundle
Hi folks,
I'm going to sign and tag 0.2.4.20 shortly. The current snapshot is:
http://freehaven.net/~arma/tor-0.2.4.20.tar.gz
Its sha256sum is
d080065f8c2c04cd33fb8cdb9fe341eff79d6c9282b5163d0adacea415d9db17
tor-0.2.4.20.tar.gz
If you are so inclined, please beat on it for a while and see if
I
Tor 0.2.4.20 fixes potentially poor random number generation for users
who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
and 4) have no state file in their DataDirectory (as would happen on
first start). Users w
On Mon, Dec 09, 2013 at 10:27:21AM +0100, Karsten Loesing wrote:
> 2) Whenever Onionoo or Atlas/Globe are missing information that you need
> to debug the network, you tell us about it, and we try to extend the
> Onionoo protocol and the Atlas/Globe user interfaces. We'll have to be
> careful what
On Wed, Dec 25, 2013 at 01:23:41AM -0500, BugZ wrote:
> has the current/earlier version been taken offline?
>
> WIN links from https://www.torproject.org/download/download.html.en
> all 404 (except tbb)
>
> The requested URL
> /dist/vidalia-bundles/vidalia-relay-bundle-0.2.3.25-0.2.21-2.exe was
>
On Sat, Dec 28, 2013 at 04:24:06AM +1100, Cyrus wrote:
> I have an interesting bug and would like to know what it means. The
> hidden service appears to work.
>
> Dec 27 14:04:07.000 [warn] rend_service_introduce(): Bug: Internal
> error: Got an INTRODUCE2 cell on an intro circ (for service
> "xxx
From: "Epstein, Jeremy"
To: watch-annou...@listserv.nsf.gov
Subject: Jan 14 WATCH: Roger Dingledine on "The Tor Project in 2013"
Dear WATCH-announce mailing list member,
Our next WATCH talk is:
Title: The Tor Project in 2013
Date: January 14, 20
On Sun, Jan 12, 2014 at 08:00:46PM -0500, Nathan Suchy wrote:
> Hello,
>
> I just had the greatest idea that came into my head. There is a Tor
> implentation of Tor called JTor written in Java, and Google App Engine
> offers Free to Low Cost Application Hosting. Why not use JTor and modify it
> as
On Thu, Jan 23, 2014 at 07:50:44PM -0800, C B wrote:
> I do not see any cookies being stored. I clicked Options, Privacy,
>and changed "Torbrowser will" to "Use custom settings for history"
>(do not save) This exposes the button "Show Cookies", which reveals no
>cookies have been saved. Cancel to e
On Sat, Jan 25, 2014 at 06:44:11PM +1000, Katya Titov wrote:
> So are there any useful stats on the size of the dark web?
Check out http://freehaven.net/anonbib/#oakland2013-trawling
for some statistics about the number of hidden services as of about
a year ago. It's not all that precise (and the
On Sun, Jan 26, 2014 at 04:43:02PM -0600, Kevin Nestor wrote:
> all of your posts and videos about setting up for to use a bridge rely
>on an older version of bridge that uses vidalia separately.
>
> Now that everyone can only download the Tor browser bundle that opens
>as a single browser (mine b
On Fri, Feb 07, 2014 at 02:14:28PM +0100, tor-admin wrote:
> Sebastian, thanks for clarification. I remember there were some late changes
> #9063, #9072, #9093, and #10169 which made it into 2.4.X because of the DOS
> issues Rob Jansen described in https://blog.torproject.org/blog/new-tor-
> den
On Sun, Feb 09, 2014 at 07:15:51PM -0500, Dedalo Galdos wrote:
> I've made https://github.com/Dedal0/Tormium this script to run TOR using
> chromium without changing your network proxy settings. Hope you like it.
> Just made it for fun and because I use chromium, just wanted to share with
> you if
On Tue, Feb 04, 2014 at 02:24:39AM +0100, Karsten Loesing wrote:
> There are two new graphs available as replacement:
>
> https://metrics.torproject.org/network.html#advbwdist-perc
>
> https://metrics.torproject.org/network.html#advbwdist-relay
Wow -- check out those URLs today.
And then see
ht
On Tue, Feb 11, 2014 at 04:23:51PM +0200, Kostas Jakeliunas wrote:
> > I want to set an obfuscated bridge on my Raspberry Pi.
> >
> > When I do sudo apt-get source obfsproxy apt notices me it needs
> > python-pyptlib which cannot be found.
> >
> > How can I install python-pyptlib on Raspbian?
> >
>
On Mon, Feb 10, 2014 at 06:36:36PM +0900, Hyoung-Kee Choi wrote:
> We are the academic research group located in Seoul, Korea. One of my
> students happened to misconfigure the bandwidth parameter in his Tor during
> his research on the Tor bandwidth scanner. Then, the advertised bandwidth
> jumped
Tor 0.2.5.2-alpha includes all the fixes from 0.2.4.18-rc and 0.2.4.20,
like the "poor random number generation" fix and the "building too many
circuits" fix. It also further improves security against potential
adversaries who find breaking 1024-bit crypto doable, and launches
pluggable transports
On Tue, Feb 25, 2014 at 02:39:16AM +0200, s...@sky-ip.org wrote:
> When a new version of Tor is released, one which makes significant
> changes to routing rules, covers security vulnerabilities, etc. - how
> do all the ~6000 relays upgrade to the latest version automatically
> and simultaneously so
On Thu, Feb 27, 2014 at 05:06:08PM +, Kill Your TV wrote:
>
> Since you're using Apache I think mod-rewrite would be a far better
> solution. After all, rewriting URLs is what it does. :)
>
> https://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
This approach would work somewhat, but i
On Thu, Feb 27, 2014 at 03:26:07PM -0800, The Tuber wrote:
> I have Tor and Privoxy installed, and have my RSS reader proxied
> through. Normally it works fine, but in the last week, the reader has
> not been updating the feeds. Once in a while, a feed updates, but
> usually not. I upgraded Privoxy
Tor 0.2.4.21 further improves security against potential adversaries who
find breaking 1024-bit crypto doable, and backports several stability
and robustness patches from the 0.2.5 branch.
Packages coming soon, at which point I'll announce on the tor-announce
list too.
https://www.torproject.org/
On Tue, Mar 11, 2014 at 06:08:43PM +0100, Udo van den Heuvel wrote:
> On 15-12-12 17:53, Udo van den Heuvel wrote:
> >> First, thanks for running a relay. A 32KB relay is still plenty
> >> valid. ssh, irc, instant messenger, most web browsing, and the operate
> >> just fine within 32KB/s bandwidth.
On Wed, Mar 12, 2014 at 03:13:42PM -0500, Cypher wrote:
> Is there a way to control the number of hops that Tor makes? For
> example, if I wanted to increase or decrease the default number?
First you should learn about anonymity, entry guards, and end-to-end
correlation attacks. You probably shoul
On Wed, Mar 12, 2014 at 10:58:15AM +0100, Udo van den Heuvel wrote:
> On 11-03-14 18:36, Roger Dingledine wrote:
> >> The line got upgraded and I allowed more tor bandwidth. (over 100 KB/s)
> >> Still the traffic is absent.
> >> Why?
> >
> > Whi
On Fri, Mar 14, 2014 at 05:51:06PM +0100, Sebastian G. wrote:
> Aren't those things from the past? (check.tp.o has been rewritten,
> weather is about to get re-written, bridgeDB is maintained by isis.)
>
> Found while creating this ticket:
> https://trac.torproject.org/projects/tor/ticket/11204
On Mon, Mar 17, 2014 at 07:45:15AM +0100, Martin Kepplinger wrote:
> So I'm giving a little talk about Tor, mainly to motivate and remind
> people to run a relay. Roger gave a talk a few years back, about
> congestion control, the problem with bulk-vs-web traffic and the "1 sec
> token bucket" prob
On Mon, Mar 24, 2014 at 02:55:36AM +0300, Pedro Henrique wrote:
> I checked almost all the documentation, but I would like an explanation
>of the topology of the TOR network. From what I read so far is a random
>topology. If anyone has an explanation about the topology, or an image
>to better under
On Thu, Mar 27, 2014 at 03:51:09PM +0800, Hongyi Zhao wrote:
> In my case, considering that I use router for surfing and don't set the
> port fordwarding on the router, I don't test the flashproxy bridges
> shipped with the above tor-browser-bundle.
Ok. If the other two stop working for you, may
On Wed, Mar 26, 2014 at 11:20:49PM -0600, John Brooks wrote:
> The goal [2] is to have a real solution for anonymous chat, with no
>servers to trust with your communication habits, that any reasonable
>person can use safely.
Neat! I encourage people here to play with it and let us know what you
th
On Sun, Mar 30, 2014 at 12:50:49PM -0700, lee colleton wrote:
> Trying to open TorBrowserBundle_en-US from
> TorBrowserBundle-3.5.3-osx32_en-US.zip produces an error:
>
> "TorBrowserBundle_en-US" is damaged and can't be opened. You should move it
> > to the Trash.
>
>
> What to do?
First check
On Sun, Mar 30, 2014 at 10:23:10PM -0400, krishna e bera wrote:
> To tries to recognize when random DNS queries are being hijacked by ad
> pushers, but i dont think it can tell when specific sites are blocked in
> this manner. Would it be possible for Exit Node operators in such an area
> to have
On Mon, Mar 31, 2014 at 08:48:44PM -0400, me wrote:
> Bare with me as I ramble my way toward hidden services.
>
> First a plain server connect:
>
> Assuming a simple web client using Tor to contact a normal web page, NOT
> HTTPS for simplicity.
>
> Client <=> Node A <=> Node B <=> Node C <-> HTT
A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today,
which can be used to reveal up to 64kB of memory to a connected client
or server.
https://blog.torproject.org/blog/openssl-bug-cve-2014-0160
The short version is: upgrade your openssl (unless you're running an
old one), and also mo
On Wed, Apr 09, 2014 at 09:32:08AM +, antispa...@sent.at wrote:
> I downloaded the right archive and overwrote the existing folder
> (3.5.3). Restarted and the yellow triangle is still there. On the upper
> right corner it's written 3.5.4, yet the welcome page says:
>
> > HOWEVER, this browser
On Thu, Apr 10, 2014 at 06:24:00PM +0100, John Williams wrote:
> 1. Is such a small bandwidth going to make a worthwhile contribution?
Yes probably. Can't hurt, might help! :)
> 2. What port number should I run obfsproxy on, to minimize the chance
> of it being blocked from potential users? I'm r
On Thu, Apr 10, 2014 at 05:13:02PM -0400, hi...@safe-mail.net wrote:
> It says in the blog:
>
> "Hidden services: Tor hidden services might leak their long-term hidden
> service identity keys to their guard relays.
> Like the last big OpenSSL bug, this shouldn't allow an attacker to identify
> t
On Sat, Apr 12, 2014 at 12:29:58PM -0400, Michael Wolf wrote:
> > [1] https://consensus-health.torproject.org/
>
> Thanks, Matthew. It *almost* gives me what I'm looking for.
I have a cron job to copy moria1's perspective on the votes at 57
minutes after each hour to
http://freehaven.net/~arma/m
On Mon, Apr 14, 2014 at 08:19:11PM +0200, Thomas Asta wrote:
> Nils that ia simply untrue. JS accesses the local machine where the briwser
> is.
> Am 14.04.2014 20:11 schrieb "Nils Kunze" :
>
> > As these requests will be sent out via the tor network, this will not leak
> > your real ip but just t
On Sun, Apr 13, 2014 at 04:01:09PM -0400, Christopher J. Walters wrote:
> The discussion on the Heatbleed bug has apparently stopped here, and
> just about everywhere else
It continued, including the NSA conspiracy theories, here:
https://lists.torproject.org/pipermail/tor-relays/2014-April/thread
On Tue, Apr 15, 2014 at 02:33:33PM -0700, C B wrote:
> When I start up TBB, I get a separate window, that used to be Vidalia,
>and which had some useful functions. Now that has been replaced with
>a useless window saying "Connecting to the Tor Network" that goes
>away. Any chance of bringing back t
On Sun, May 18, 2014 at 09:39:56AM -0700, Cinaed Simson wrote:
> Hi - I keep getting this message in my TBB log
>
>[warn] Rejecting SOCKS request for anonymous connection to private
> address [scrubbed].
>
> Why isn't the information regarding the source IP address being displayed?
You can e
On Sun, May 18, 2014 at 12:34:37AM +0400, Akater wrote:
> So, supposedly, Tor community wants Tor spreaded, at least in the
> relays direction.
Yep. But increasingly, it's becoming clear that a relay that can do
100mbit is more than 10 times more valuable than a relay that can do
10mbit. Plus the
On Mon, May 19, 2014 at 01:27:27AM -0400, grarpamp wrote:
> I've not read a tpo filing in years, so if not already,
> a yearly 'where does the money go' bar chart would
> be nice.
Maybe you read
https://blog.torproject.org/blog/transparency-openness-and-our-2012-financial-docs
only 9 months ago? H
On Fri, May 23, 2014 at 03:11:24PM -0700, Charles Thomas wrote:
>
> >Such setup is called ?transparent proxying?. This does not simulate
> >using Tails. Tails has removed transparent proxying (except for hidden
> >services) a while ago (0.10, 2012-01-04).
> I thought Tails worked by routing everyt
On Thu, Jun 05, 2014 at 04:57:09PM -0700, ondesmarte...@riseup.net wrote:
> I am interested in running a Tor exit relay, and I have successfully set
> one up in the past, but I took it down because I realized that I do not
> have any clue how to protect myself if someone who sees lots of Tor
> traf
On Sat, Jun 07, 2014 at 06:13:55PM -0400, Cole Teets wrote:
> I've only used tor on my iPod. there's nothing about tor for iOS on the
>tor project site. Is there anything els I can do to to stay secure? I'm
>in the dark with tor. Is there anything I need to know, I need help.
See https://www.torpr
On Sun, Jun 08, 2014 at 10:16:39AM +0900, Michael Weiant wrote:
> I have been trying to configure Vidalia (on linux Mint 17) to help by
> running a relay. However, I keep running into 1 of 2 problems.
Hi! Thanks for wanting to run a relay. As you have discovered, trying
to set it up via Vidalia is
On Sat, Jun 07, 2014 at 09:24:49PM -0400, Roger Dingledine wrote:
> How many of the instructions on
> https://www.torproject.org/docs/tor-relay-debian
> work for Mint? I bet most of them do. Please let us know!
I should also mention we've been helping many people on the #tor irc
On Tue, Jun 10, 2014 at 10:59:45PM +, Delton Barnes wrote:
> I am running Tor Browser 3.6, but have neither been prompted to update
> to 3.6.1 nor 3.6.2. Usually Tor Browser checks for any new versions and
> alerts you if it is out of date. I checked and there were security
> updates in 3.6.2
On Thu, Jun 19, 2014 at 02:58:12PM +0900, saurav dahal wrote:
> Hello,
>
> I studied about computing bandwidth from
>
> https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec.txt#l2157
>
> But I could not understand the procedure. Can anyone please explain me
> about calculating the bandw
On Fri, Jun 27, 2014 at 01:27:50PM -0500, Joe Btfsplk wrote:
> Hardware acceleration is unchecked by default it Torbrowser.
>
> Other than some machines might not support it, is there a reason not
> to enabled it?
>
> Some fingerprinting or other issue?
https://trac.torproject.org/projects/tor/t
On Thu, Jun 26, 2014 at 11:30:19AM -0700, Bobby Brewster wrote:
> However, I'm wondering if this is the best way or is Vidalia now deprecated?
It is now deprecated. It has been unsupported for years. :(
https://www.torproject.org/docs/faq#WhereDidVidaliaGo
The exception for now is the relay-by-d
On Sat, Jun 28, 2014 at 09:38:05PM +, williamwin...@openmailbox.org wrote:
> I don't understand what Schneier means by this:
>
> "After identifying an individual Tor user on the internet, the NSA
> uses its network of secret internet servers to redirect those users
> to another set of secret i
On Sun, Jun 29, 2014 at 12:19:56PM +0100, Mark McCarron wrote:
> Given the scale of this obviousness, I can only assume that you're a
>sock puppet for an intelligence agency who has started to panic about
>the network going truly dark.
>
> Deal with it.
Hi Mark,
I've tried to tolerate the conspi
On Sun, Jun 29, 2014 at 07:30:35PM +0100, Mark McCarron wrote:
> I see Roger has remained quiet, so I am assuming he either does not
>want to address the issue or is subject to a National Security letter.
"Wtf dude?"
I'm working on the dev meeting that starts tomorrow. I'll get to answering
your
On Wed, Jul 02, 2014 at 01:12:54AM -0400, grarpamp wrote:
> Do these exist anywhere?
> If dead, can a simple tarball be put up?
> http://archives.seul.org/freehaven/dev/
Whoops!
Fixed now.
The archives were there the whole time, but the index page lied to
you about which months actually existed.
On Mon, Jul 07, 2014 at 10:07:35PM -0400, Soul Plane wrote:
> > Among these relays, do you know which ones were part of your circuit?
>
> First hop:
> PPTOR0006 (Online)
>
> Second hop:
> PPTOR0014 (Online)
It looks like PTOR0014 has the Unnamed flag. I wonder if Tor clients are
disregarding it
On Fri, Jul 17, 2015 at 10:24:29PM +, Chuck Peters wrote:
> Ubuntu hasn't done a very good job of providing updates for Tor packages.
>
> I'm attempting to do something about it by submitting a request for Tor
> packages "SRU (stable release update) micro version update exception" to the
> U
Hi everybody,
Please remember that the tor-talk list has many thousands of people on
it, and many of them are hoping to learn about how Tor works, as well
as contribute to making Tor work better.
Enormous threads like this one don't do anybody any good at actually
accomplishing either of these go
On Mon, Aug 03, 2015 at 02:14:15AM -0400, pmwinzi wrote:
> Even after sign up to torbox, i can't loggin . help plz
Hi! Can you give us more details about what this "torbox" thing is?
It is not a thing made by Tor, or endorsed by Tor.
But it sounds like their name has confused you into thinking i
On Mon, Aug 03, 2015 at 08:50:54AM +0200, Jon Tullett wrote:
> Looks interesting. Has anyone reviewed it?
>
> http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf
> http://anongalactic.com/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/
Hi Jon,
Yes. I wrote abo
(Ugh -- please don't cross-post across lists. I'm going to pick the
list that had the previous thread on it.)
On Thu, Aug 13, 2015 at 03:03:10AM -0400, grarpamp wrote:
> Tor appears maybe operating at 50% of bandwidth capacity...
> https://metrics.torproject.org/bandwidth-flags.html
> https://metr
On Wed, Sep 16, 2015 at 12:19:34PM +, Alison Macrina wrote:
> What we saw last night was an
> incredible display of community support for free speech and Tor, and an
> unequivocal rejection of unlawful government intrusion and FUD.
Thanks for sticking with this Alison and others!
And for tho
On Tue, Oct 20, 2015 at 06:19:14PM +, Jonathan Wilkes wrote:
> GNU has an "ethical repository criteria" with Tor making a prominent
> appearance:https://www.gnu.org/software/repo-criteria.html
>
> It's nice to see that access over Tor is necessary to get anything above a
> failing grade.
> -
On Sun, Oct 25, 2015 at 10:21:57AM +0100, Hartmut Haase wrote:
> >Hi,
> >in Xubuntu 14.04Ican play videos with the Tor Browser, in Xubuntu 15.04
> >not. The only differencd I see is that the Tor Browser in 14.04 uses
> >Shockwave Flash Plugin
I hope this isn't true? If it is -- that is, if Tor Bro
On Tue, Oct 27, 2015 at 02:12:23PM -0600, attila wrote:
> The Tor BSD Diversity Project (TDP) is proud to announce the release of
> Tor Browser (TB) version 5.0.3 for OpenBSD.
Awesome! Thanks for continuing to work on this.
Also, great job on the relay advocacy side too.
And for those following
On Sun, Nov 01, 2015 at 03:26:23PM +0200, s7r wrote:
> Just to make sure you realize this puts you at higher risk in running
> into a malicious guard.
Right, correct.
I would suggest you read and understand
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters
before
On Mon, Nov 02, 2015 at 11:00:54AM +0100, kleft wrote:
> i think this is an error of the ARD-mediathek. Their website checks
> via JavaScript which browser you are using and if it is html5
> compatible
This could be.
> and they maybe just forgot to mark the linux-versions of
> firefox as html5-re
On Fri, Dec 11, 2015 at 09:29:50PM +, nusenu wrote:
> but most ordinary users will probably (and should) just use torbrowser
> and the tor version that comes with it (so we might see an update there
> soon?)
Right. I hear there is a regularly scheduled Tor Browser update coming
out on Tuesdayi
On Sat, Dec 12, 2015 at 09:19:36AM +, nusenu wrote:
> The changelog is not entirely clear to me, first it says "major bug in
> *entry* guard selection" later it says "Actually look at the Guard flag
> when selecting a new *directory* guard".
Both.
In the default configuration, your client mak
On Sat, Dec 12, 2015 at 10:38:29AM +, nusenu wrote:
> >> Tor version 0.2.7.6 fixes a major bug in entry guard selection,
>
> Is upgrading enough or does one have to force a guard change to make tor
> check the guard flag?
If you upgrade, then the next time you rotate to a new guard, you'll
pi
On Sat, Dec 12, 2015 at 04:29:19PM +, nusenu wrote:
> > I'm just wondering if users that rely on maximum anonymity should switch
> > to 0.2.7.6, given it is still an unstable branch.
>
> The download page [1] still says Tor 0.2.7 is unstable/alpha but I guess
> the only reason for that is tha
On Mon, Dec 14, 2015 at 05:55:39PM +0100, MacLemon wrote:
> I???d like to automate notifications about official new tor stable/unstable
> source versions like they???re linked on the downloads page. I???d like to
> regularly grab the versions and alert if the published version is newer than
> wh
On Mon, Dec 14, 2015 at 05:56:57PM -0500, Scfith Rise up wrote:
> Just my 2 cents, if you move to something like github's "latest" binary
> releases approach for projects, it works really well.
>
> I do that for a few of mine and it works great. As simple as a latest.zip
> that is them most rec
On Sun, Jan 03, 2016 at 03:45:15PM +0200, s7r wrote:
> Altering Tor's path selection is something we shouldn't play with
> until we have concrete papers that suggest it is wrong.
Right.
> Anyway, your suggestion might actually happen automatically along with
> a more important fix, which is AS aw
On Thu, Jan 14, 2016 at 12:51:31PM -0500, Philipp Winter wrote:
> Logging in to Facebook over Tor reveals your identity, but not your
> location. Facebook still does not know if you are logging in from
> Angola or Indonesia. Also, Facebook doesn't get to learn your operating
> system or your brow
On Fri, Jan 15, 2016 at 01:31:39AM +0100, 0001 1110 wrote:
> > Please see https://www.torproject.org/docs/faq.html.en#EntryGuards for
> > further details.
>
> Clarity link no provide.
If you want more details than the faq entry provides, here are three
hopefully useful links for more read
On Sun, Jan 24, 2016 at 11:04:30AM +, Oskar Wendel wrote:
> Attacker could easily tap into major VPN providers traffic and try to
> correlate their traffic with hidden service traffic. And there are fewer
> VPN providers than Tor entry guards (and much less than home connections
> around the
On Sun, Jan 31, 2016 at 03:42:51PM +0100, Fabio Pietrosanti (naif) - lists
wrote:
> But 90% of my resources (given the previous hypotetical assumption)
> would be happily pumping non-abuse-generating Tor exit traffic.
>
> Does anyone ever done some kind of testing or analysis about that kind
> of
On Tue, Feb 02, 2016 at 05:44:00AM -0800,
bm-2ctpsbetk5rpf8a9ymciudmax61kzvz...@bitmessage.ch wrote:
> I am sorry to ask such a basic question but I am confused by
> whether I should have the Tor browser set to;
> a. Temporary allow this page
> b. Revoke Temporary Permissions
> c. allow scripts gl
401 - 500 of 634 matches
Mail list logo
