Grasia Enviado desde mi iPad
> El may 26, 2015, a las 6:11 PM, [email protected] > escribió: > > Send tor-talk mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-talk digest..." > > > Today's Topics: > > 1. Re: Hola.org routes his vpn traffic over customers like tor > (Apple Apple) > 2. Re: Hidden Service Scaling Summer of Privacy Project (coderman) > 3. Re: SOCKS proxy to sit between user and Tor? (l.m) > 4. Re: SOCKS proxy to sit between user and Tor? (l.m) > 5. Re: Mailpile SMTorP [ref: nexgen P2P email] (carlo von lynX) > 6. Confidant Mail, was re: Mailpile SMTorP (Mike Ingle) > 7. Re: Mailpile SMTorP [ref: nexgen P2P email] (Jonathan Wilkes) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Tue, 26 May 2015 05:08:48 -0700 > From: Apple Apple <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] Hola.org routes his vpn traffic over customers > like tor > Message-ID: > <caagxajg0fwkdabfntiujqxgzg7kw8+iu-+y0jbjzdfbjjto...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > It is also worth mentioning that VPN operators typically have the ability > to log who does what and when. This makes it very easy for them to resolve > abuse complaints and turn over the offending parties to the relevant > authorities. > > Unfortunately many organizations feel that IP bans are their only option > when dealing with abuse originating from the Tor network - since there is > little else that can be done by design. > > And as mentioned earlier it is very easy to pull down a list of current Tor > nodes and ban all the exits unconditionally - they are not even waiting > until an incident happens anymore. > > > ------------------------------ > > Message: 2 > Date: Tue, 26 May 2015 12:41:07 -0700 > From: coderman <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] Hidden Service Scaling Summer of Privacy > Project > Message-ID: > <CAJVRA1S4bHE8+0hKUj-jL+G0_Pa=LJxAdz3+=qrfcuozzdq...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > >> On 5/26/15, Donncha O'Cearbhaill <[email protected]> wrote: >> ... >> I am interested in hearing from all existing hidden service operators. > > speaking for two, > > > >> In particular I'd like to understand the use-cases, > > - file distribution > - "web services", etherpad, ethersheet, webdav > - XMPP > - IRC > - overlay network (tun/tap) > > > >> priorities > > file distribution and chat. > > > >> limitations > > fragility; zooko's triangle. (see also namecoin and onion name service > experiments for bootstrap) > > > >> There have been anecdotal reports on the Tor >> bug tracker that hidden services have trouble scaling to more than 100 >> concurrent connections [2]. Is this something that operators here have >> experienced? > > it would be nice to speak of hidden service establishment rates across > distinct number of onions, rather than a simple frequency counter. > specifically, high establishment rates over many onions is the most > performance intensive use case unless under attack of any myriad > sort... > > conversely, if in a constrained environment like old computer or small > device, using only a couple onions, for light traffic is advised. > > > >> There has also been recent DoS campaigns affecting Tor >> hidden services which have been challenging to mitigate. > > one word: blowback. > [ maybe #FreeRedTeam ? gotta make lemonade, sweet sweet lemonade ] > > > >> In my project I hope to produce a tool which will allow a hidden service >> to be backed my multiple Tor instances which can be spread across >> multiple servers and geographical locations. > > in the 50G mirror experiment, even while under volatile network > conditions, this technique - using many concurrently active onions - > worked well and kept throughput and availability consistently robust. > bigsun dist uses 9 onions across three physical hosts, for reference. > > > >> - Redundant hidden service hosting with no single point of failure. > > #1 useful. > > > > >> - Secure storage of hidden service keys away from the Tor service on >> smartcards or HSM's > > #2 useful. > > > >> - From a security perspective, would you prefer to minimize the >> software running on the onion service instance servers or minimize >> connections to the management server which has access to the service keys? > > both, #3 useful. > > > >> I've anyone has time to share, I'd be very interested in learning about >> your experiences and current challenges. I'd also be delighted to hear >> about any other features that may be useful to the HS community. > > this should be a trac, wiki, or doc? :P > > > best regards, > > > ------------------------------ > > Message: 3 > Date: Tue, 26 May 2015 18:40:03 -0400 > From: "l.m" <[email protected]> > To: "tor-talk" <[email protected]> > Subject: Re: [tor-talk] SOCKS proxy to sit between user and Tor? > Message-ID: <[email protected]> > Content-Type: text/plain; charset="UTF-8" > > I'd like to point out that if you decide to use another SOCKS proxy > you may encounter another problem. Suppose I bypass the port assigned > to your custom proxy and instead point to the usual tor proxy. This > might occur if a user manually configures the proxy and cannot tell > the difference between the two. Most likely it'll fail and they'll > notice. In a worst case, your blockchain resolves are bypassed and a > leak occurs. > > It also raises the question of whether you really want to have a SOCKS > proxy for both regular firefox and tbb/tor. > > --leeroy > > > > ------------------------------ > > Message: 4 > Date: Tue, 26 May 2015 18:45:14 -0400 > From: "l.m" <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] SOCKS proxy to sit between user and Tor? > Message-ID: <[email protected]> > Content-Type: text/plain; charset="UTF-8" > > Of course turning off remote resolves to use a local resolver (free of > conflicts) also has this downside. Settings persist between tbb launch > so if remote DNS is turned off and a local resolver is down a leak > occurs using the system DNS. > > If anything, for the sake of your sanity try to keep everything in the > plugin. > > On 5/26/2015 at 6:40 PM, "l.m" wrote:I'd like to point out that if > you decide to use another SOCKS proxy > you may encounter another problem. Suppose I bypass the port assigned > to your custom proxy and instead point to the usual tor proxy. This > might occur if a user manually configures the proxy and cannot tell > the difference between the two. Most likely it'll fail and they'll > notice. In a worst case, your blockchain resolves are bypassed and a > leak occurs. > > It also raises the question of whether you really want to have a SOCKS > proxy for both regular firefox and tbb/tor. > > --leeroy > > -- > tor-talk mailing list - [email protected] > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > ------------------------------ > > Message: 5 > Date: Wed, 27 May 2015 01:36:33 +0200 > From: carlo von lynX <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > >> On Thu, May 21, 2015 at 12:03:24PM -0700, Yuri wrote: >> On one hand, Mailpile is after security, which is great. But on the >> other hand they use node which doesn't sign packages, therefore > > What a shame! Somebody please fix this node thing. I can't > believe these nodejs enthusiastos are playing around with all > kinds of crypto something javascript applications but build > on top of a house of cards. > > I still have plenty of criticism for SMTP and the idea of > doing PGP on top of SMTP but having the server run as a > hidden service from my own laptop gives this architecture > quite a legitimacy boost. > > While with a mail system like Pond the few popular servers > can be deanonymized by confirmation attack, then taken over > by authorities and subdued to send traffic shaped messages > back to the users, thus slowly deanonymizing the entire > social graph of Pond users... SMTorP appears to me to be a > better idea. > > With both send and reception points on the user's laptop, > an attacker that wants to inject a traffic shape into the > Tor network needs to take over the laptop itself. From my > understanding there is no other place on the network > where that sort of attack would be successful. > > If that is true, that would be a great progress. Too bad > that the old problem of both having to be online at the > same time is re-introduced. We could have started using > Retroshare over Tor two years ago to achieve the same goal. > Retroshare looks a little less fancy than Mailpile, but > it doesn't need any pip or node. > > Also Framstag's sendfile SAFT implementation can be a neat > quickfix solution. The server is easily pluggable into a > hidden service and provides for mail-like spooling of > messages and native binary file transfers, without all > the overhead of e-mail. > > > -- > E-mail is public! Talk to me in private using Tor. > torify telnet loupsycedyglgamf.onion DON'T SEND ME > irc://loupsycedyglgamf.onion:67/lynX PRIVATE EMAIL > http://loupsycedyglgamf.onion/LynX/ OR FACEBOOGLE > > > ------------------------------ > > Message: 6 > Date: Tue, 26 May 2015 17:50:40 -0700 > From: Mike Ingle <[email protected]> > To: [email protected], [email protected] > Subject: [tor-talk] Confidant Mail, was re: Mailpile SMTorP > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Confidant Mail is another next-gen mail architecture worth a look. You > can access > servers directly, via exit node, via hidden service, or via I2P. You can > have your mail > hosted on your own server, on someone else's server, or in the > Distributed Hash Table. > In the "server" case there is no limit on attachment size. You do not > have to be online at > the same time as the recipient. > > It's written in Python and uses PyOpenSSL and gnupg encryption. If you > are looking for > next gen email over Tor, look here: https://www.confidantmail.org > > Mike > >> On 5/26/2015 4:36 PM, carlo von lynX wrote: >>> On Thu, May 21, 2015 at 12:03:24PM -0700, Yuri wrote: >>> >>> On one hand, Mailpile is after security, which is great. But on the >>> other hand they use node which doesn't sign packages, therefore >> >> What a shame! Somebody please fix this node thing. I can't >> believe these nodejs enthusiastos are playing around with all >> kinds of crypto something javascript applications but build >> on top of a house of cards. >> >> I still have plenty of criticism for SMTP and the idea of >> doing PGP on top of SMTP but having the server run as a >> hidden service from my own laptop gives this architecture >> quite a legitimacy boost. >> >> While with a mail system like Pond the few popular servers >> can be deanonymized by confirmation attack, then taken over >> by authorities and subdued to send traffic shaped messages >> back to the users, thus slowly deanonymizing the entire >> social graph of Pond users... SMTorP appears to me to be a >> better idea. >> >> With both send and reception points on the user's laptop, >> an attacker that wants to inject a traffic shape into the >> Tor network needs to take over the laptop itself. From my >> understanding there is no other place on the network >> where that sort of attack would be successful. >> >> If that is true, that would be a great progress. Too bad >> that the old problem of both having to be online at the >> same time is re-introduced. We could have started using >> Retroshare over Tor two years ago to achieve the same goal. >> Retroshare looks a little less fancy than Mailpile, but >> it doesn't need any pip or node. >> >> Also Framstag's sendfile SAFT implementation can be a neat >> quickfix solution. The server is easily pluggable into a >> hidden service and provides for mail-like spooling of >> messages and native binary file transfers, without all >> the overhead of e-mail. > > > > ------------------------------ > > Message: 7 > Date: Tue, 26 May 2015 21:10:36 -0400 > From: Jonathan Wilkes <[email protected]> > To: [email protected] > Subject: Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email] > Message-ID: <[email protected]> > Content-Type: text/plain; charset=windows-1252; format=flowed > >> On 05/26/2015 07:36 PM, carlo von lynX wrote: >>> On Thu, May 21, 2015 at 12:03:24PM -0700, Yuri wrote: >>> On one hand, Mailpile is after security, which is great. But on the >>> other hand they use node which doesn't sign packages, therefore >> What a shame! Somebody please fix this node thing. I can't >> believe these nodejs enthusiastos are playing around with all >> kinds of crypto something javascript applications but build >> on top of a house of cards. >> >> I still have plenty of criticism for SMTP and the idea of >> doing PGP on top of SMTP but having the server run as a >> hidden service from my own laptop gives this architecture >> quite a legitimacy boost. >> >> While with a mail system like Pond the few popular servers >> can be deanonymized by confirmation attack, then taken over >> by authorities and subdued to send traffic shaped messages >> back to the users, thus slowly deanonymizing the entire >> social graph of Pond users... SMTorP appears to me to be a >> better idea. >> >> With both send and reception points on the user's laptop, >> an attacker that wants to inject a traffic shape into the >> Tor network needs to take over the laptop itself. From my >> understanding there is no other place on the network >> where that sort of attack would be successful. >> >> If that is true, that would be a great progress. Too bad >> that the old problem of both having to be online at the >> same time is re-introduced. We could have started using >> Retroshare over Tor two years ago to achieve the same goal. >> Retroshare looks a little less fancy than Mailpile, but >> it doesn't need any pip or node. >> >> Also Framstag's sendfile SAFT implementation can be a neat >> quickfix solution. The server is easily pluggable into a >> hidden service and provides for mail-like spooling of >> messages and native binary file transfers, without all >> the overhead of e-mail. > > What about Bitmessage? > > -Jonathan > > > > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > tor-talk mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > ------------------------------ > > End of tor-talk Digest, Vol 52, Issue 53 > **************************************** -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
