Re: Tor notice

2010-08-09 Thread Jim 

and...@torproject.org wrote:

On Mon, Aug 09, 2010 at 09:48:24PM +0200, spacem...@gmail.com wrote 0.4K bytes 
in 9 lines about:
: why in every Tor version (a/b/stable) there is "Do not rely on it for
: strong anonymity"? If not Tor, what should we use for strong
: anonymity? excluding Freenet and cryptography apps.



Many other tools simply state they are anonymous, without mentioning any
of the R&D on current anonymity attacks, their success probabilities,
and design flaws. If you're interested in learning more about the
current state of the field of anonymity in research, start here;
http://freehaven.net/anonbib/full/topic.html


Would it make sense to add that link, or some other link, to the message 
  Tor prints out so the casual user can get some idea of what the 
message means?


Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor notice

2010-08-09 Thread andrew 
On Mon, Aug 09, 2010 at 09:48:24PM +0200, spacem...@gmail.com wrote 0.4K bytes 
in 9 lines about:
: why in every Tor version (a/b/stable) there is "Do not rely on it for
: strong anonymity"? If not Tor, what should we use for strong
: anonymity? excluding Freenet and cryptography apps.

The challenge here is to define "strong anonymity".  A possible current
definition is a state of not being identifiable within an anonymity set.
This anonymity is considered strong if it is resistant to all known
attacks on anonymity.  

I think Roger wrote that line in the source to simply remind people that
Tor has a defined threat model, given the anonymity research field
is still growing, and that low-latency anonymity is inherently open to
some attacks, tor is not strong anonymity.

Tor raises the bar for de-anonymizing you to many attacks on your
anonymity on the actual internet today.  This is a fine place to start
to understand what Tor does and does not provide,
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#AnonymityandSecurity

Many other tools simply state they are anonymous, without mentioning any
of the R&D on current anonymity attacks, their success probabilities,
and design flaws. If you're interested in learning more about the
current state of the field of anonymity in research, start here;
http://freehaven.net/anonbib/full/topic.html

All tools have design goals and threat models.  Many just don't clearly
state what these goals and threats are to the user, but brush it under
the rug as perfect anonymity, or some other hyperbole.  

Disclaimer:  Roger, Nick, and Steven are the anonymity researchers,
their opinion overrules mine.

-- 
Andrew Lewman
The Tor Project
pgp 0x31B0974B
+1-781-352-0568

Website: https://www.torproject.org/
Blog: https://blog.torproject.org/
Identi.ca: torproject
Skype:  lewmanator
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Exit Jisunglove

2010-08-09 Thread Geoff Down 
Would the owner of exit Jisunglove
F098 38C3 7C31 1C59 8307 A4B2 BE7C 55AF 740E 5371
please turn of OpenDNS URL filtering.
GD


-- 
http://www.fastmail.fm - Send your email first class

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor notice

2010-08-09 Thread David Carlson 

On 8/9/2010 6:38 PM, Michael Gomboc wrote:
If they would say "Do rely on it for strong anonymity" would you feel 
more secure? :-)



2010/8/9 spacemarc mailto:spacem...@gmail.com>>

Hi all,
why in every Tor version (a/b/stable) there is "Do not rely on it for
strong anonymity"? If not Tor, what should we use for strong
anonymity? excluding Freenet and cryptography apps.

regards
***
To unsubscribe, send an e-mail to majord...@torproject.org
 with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/




--
Michael Gomboc
pgp-id: 0x5D41FDF8
You are supposed to read the advice given on the download page.  Then 
you would know that Tor is an incomplete tool that cannot be used alone 
to achieve strong anonymity.


--
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v2.0.14 (MingW32)

mQENBEvomvcBCACxeJmZj5XoyxoXmNPwAfId2uIEFvlRj2WkMon3zWmlR9OnFD3F
Gs3GiQMNXX6wjjaD/JAlvxobqoNV6VBkSzCvpFtDqcgvhGqksadaufLWTOR8VBXF
bJ32pzJR4+hU8jyYdHGS7S+vg7YNdgMqtjtXOwZnecviILfk1tsFuzsOqaFJLhMm
yKlqpSGNaLxOSCMFiARqLIZpT1bmovD9Et4X6Xa3AYAzQBetUSga7ITHDyyrl/gP
qws4ZVpH+LwmAqblu27cs/lqtG+15eMlyIJOj9h4HRGhxZpKf/vjTh6RyrM3j0qV
R3zHlwZ3x8pWOjUqvWVfeTQ/xxCXgcmBoP+hABEBAAG0KkRhdmlkIEwgQ2FybHNv
biA8Y2FybHNvbi5kbEBzYmNnbG9iYWwubmV0PokBOAQTAQIAIgUCS+ia9wIbAwYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQMIbx69x8i/MgHgf9FYItCr3Gb7du
Td9dq35XsPTB5f6TLaX2ngj3HMhjLKB2XPCpmRATK7+CeEfGCiYCr1Feha7/f/WU
/VNbG94nvQ92RcT+EfrngTLgyw+qRHbyKrJy3uLbt6VoyaaA7ZqdzKeQXJxyCU8N
h3KRlsIPdueBpolBTFbOGrtFhT9iVfgqyHUcZbUef85OpgDH4NmK+1c/z7MbBDGO
OOw1ttYAJVGFKJac5O9QsEaOOyOWlIwvuN6m+gFGl0OwVVGD0W5dEi06/lJoPYCY
1Zf2+OuaI+x7ZGC4DbORKfanve5FsYJrH9Jxk2YsvfmvPmRU9KqJdNsF3HAtoHjX
R2639mhBz7kBDQRL6Jr3AQgArX1zmX3wDM8lChW06YVV5qdVLD3Y6gVUcvL0Vti8
9YuXLVQM5fuhwtCTh599XkN/X7eYK48xMrzGlgjrIfbOx4a93koLtU4b3Cipt/7G
XdbMSEx+594qidcBv8aTBSUy0CRPYhgsrXJhLKwVePTkvhcF7K2yYm++GDrgCmgu
ae03RsW/Ezmio6o7132bh98GJB80Anl4ugdWwkbIqwx2/cMYHkd1aEk5VU4JLXem
IGf+HJQNYaZfv1Fpnlsb/iJuTfAyl+uAN97cR9FrW/6hOLshDB7jCYivck+ecg7b
j3SkhUerNuVIm7YF/P3Jci/FTDv5L2sNPlVISRvu+yy+ZwARAQABiQEfBBgBAgAJ
BQJL6Jr3AhsMAAoJEDCG8evcfIvzWXAIAKs85aBUJgFVpoGabaxCw3C7lCpDAskO
169q+fdoG3+g+VL2JHH0RZrmWXlOFxmC12V7uN3Fqyavzg7Nps2Q6x3J+lYTDr68
vEDBGzyeUG0wBYYwpniz/Vkx+0Rn9e/fXBVs5baLv1FqwoHaHD7OsR9qBsjZlOS+
7W6iidXQmvGuW3Or3shPZYJJxIf/zj/4DCT1auKW9ZGTHUaA8UkXd1tci3MZEj6a
qsKzZ506toCDsANWQtluY0e2c+vMdihZufg9u5iuHZF98pNmMwffXmZY/w2G+ck5
xizAJRAYNI2vOEoBNtaKkWQdWKgI+eWsrEAji3t7kryHPEOzRtM6Pv0=
=V375
-END PGP PUBLIC KEY BLOCK-

Re: Tor notice

2010-08-09 Thread Michael Gomboc 
If they would say "Do rely on it for strong anonymity" would you feel more
secure? :-)


2010/8/9 spacemarc 

> Hi all,
> why in every Tor version (a/b/stable) there is "Do not rely on it for
> strong anonymity"? If not Tor, what should we use for strong
> anonymity? excluding Freenet and cryptography apps.
>
> regards
> ***
> To unsubscribe, send an e-mail to majord...@torproject.org with
> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
>



-- 
Michael Gomboc
pgp-id: 0x5D41FDF8

Tor notice

2010-08-09 Thread spacemarc 
Hi all,
why in every Tor version (a/b/stable) there is "Do not rely on it for
strong anonymity"? If not Tor, what should we use for strong
anonymity? excluding Freenet and cryptography apps.

regards
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor on a live disk

2010-08-09 Thread intrigeri 
Hi,

Jon Cosby wrote (09 Aug 2010 14:19:30 GMT) :
> I'm trying to run Tor on a live disk, but keep seeing the warning "user
> tor not found." Tor fails to start. It looks like I just need to add a
> user, but which groups would this user need to belong to?

on a Debian system, the user that runs Tor is called debian-tor and is
only part of its primary group, namely debian-tor as well.

Bye,
--
  intrigeri 
  | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
  | OTR fingerprint @ 
https://gaffer.ptitcanardnoir.org/intrigeri/otr-fingerprint.asc
  | Do not be trapped by the need to achieve anything.
  | This way, you achieve everything.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Tor on a live disk

2010-08-09 Thread Jon Cosby 

I'm trying to run Tor on a live disk, but keep seeing the warning "user
tor not found." Tor fails to start. It looks like I just need to add a
user, but which groups would this user need to belong to?


linux-rvcp:~ # /etc/init.d/tor start
Starting tor daemon
 done
linux-rvcp:~ # Aug 09 14:07:09.186 [notice] Tor v0.2.1.26. This is
experimental software. Do not rely on it for strong anonymity. (Running on
Linux i686)
Aug 09 14:07:09.276 [notice] Initialized libevent version 1.4.12-stable
using method epoll. Good.
Aug 09 14:07:09.276 [notice] Opening Socks listener on 127.0.0.1:9050
Aug 09 14:07:09.277 [warn] Error setting configured user: tor not found
Aug 09 14:07:09.277 [warn] Failed to parse/validate config: Problem with
User value. See logs for details.
Aug 09 14:07:09.277 [err] Reading config failed--see warnings above.
/usr/bin/torctl start: tor could not be started
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/