Hi Marcos. Just had a look on Whonix. Was new to me and I'll have a look on that, thanks for the info on that.
> "Whonix" or "Ubuntu", blocks some unauthorized bad > javascript injection, when visiting a compromised > HiddenService? I have no information that any of those two would block anything out of the box. > Don't you think HiddenServices are no more secure, ... I think they are secure as the visitors set-up. > Do you know when the number of HiddenServices will > rise again? I don't have a clue (or a glass sphere). Greetings, Manfred 2013/10/31 Marcos Eugenio Kehl <[email protected]> > Hello folk!"Whonix" or "Ubuntu", blocks some unauthorized bad javascript > injection, when visiting a compromised HiddenService? Don't you think > HiddenServices are no more secure, after the cataclysm, that happend on > August 2013? Do you know when the number of HiddenServices will rise > again?Marcos (Brasil) > > > Date: Wed, 30 Oct 2013 23:39:07 +0000 > > From: [email protected] > > To: [email protected] > > Subject: Re: [tor-talk] Tor Double HiddenService w/ Server Level > Intercepting Request and Content Anonymization > > > > Hi Anthony. > > > > If the first-in-line server gets compromised then the users using this > > HiddenService have to cross fingers that their privoxy or similar > > anonymizer is well configured. > > > > Because the first server-in-line is the tor node handling the public > > HiddenService declaration and the Tor network as transport network imho > > needs to stay transparent, there is nothing I can imagine that can be > done > > apart of intergration of request modification into the HiddenService > > declaration so this personal informations would never leave the Tor > network. > > > > But also the actual approach should be capable of injecting a warning > into > > the response when personal information is found in the request.Something > > like injecting a div-layer with a warning after the body tag when a > > accept-language tag is found other than 'en'. Expecially when the > installed > > server only supports 'en' why sending anything else that changes > nothing.Or > > instead the response can be only a warning and no content from the > > HiddenService. But this would force the users to setup a special > > configuration... something I wouldn't like. > > > > But I think the relay isn't the primary target in first place for the > > authorities so risk is acceptable. And if one in the chain gets > compromised > > the other will know. A (manual human executed) protocol of changing the > > X-OnionRelay-Auth code for example would prevent that users get through > to > > the server even if the proxy will forward the request. This would be > well > > paranoid but still the request leaves the Tor network unfiltered and > > unencrypted. > > > > Greetings, Manfred > > Am 30.10.2013 14:26 schrieb "Anthony Papillion" <[email protected]>: > > > > > On 10/29/2013 08:48 AM, Manfred Ackermann wrote: > > > > Hi List. > > > > > > > > Sorry to push this up, just wondering if this approach is such stupid > > > that > > > > it's not even worth leaving a related comment to it ;-) Or is it > just of > > > no > > > > interest? > > > > > > > > Any comments apriciated. > > > > > > Hello Manfred, > > > > > > Sounds like a fantastic idea. But I think I'm missing something that > I'm > > > hoping you can clear me up on. How does this protect the user if the > > > first-in-line server is compromised? So the user connects to HS on > > > computer1 which is compromised. How does your system stop them from > > > being compromised instead of forwarded deeper into the network to > > > computer2? > > > > > > Cheers, > > > Anthony > > > > > > > > > -- > > > Anthony Papillion > > > XMPP/Jabber: [email protected] > > > OTR Fingerprint: 1515393D53BA593C19E2CD549AE59FB650F82ABC > > > SIP: [email protected] > > > PGP Key: 0xDC89FF2E > > > > > > -- > > > tor-talk mailing list - [email protected] > > > To unsubscribe or change other settings go to > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > > -- > > tor-talk mailing list - [email protected] > > To unsubscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > -- > tor-talk mailing list - [email protected] > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
