RE: Downloading files?

[Zaher F .]

> Date: Fri, 31 Dec 2010 18:51:12 +0100
> From: berta...@ptitcanardnoir.org
> To: or-talk@freehaven.net
> Subject: Re: Downloading files?
> 
> On Fri, Dec 31, 2010 at 11:25:14AM -0500, and...@torproject.org wrote:
> > On Fri, Dec 31, 2010 at 04:55:18PM +0100, andr...@fastmail.fm wrote 0.9K 
> > bytes in 27 lines about:
> > : When I've tried to download, when using Tor, Tor pops up some message
> > : and says something like "this could unmask youuse Amnesia LiveCd" 
> > 
 let me tell some things:
maybe u r downloading form a restrict site that ur isp has blocked it.

or u r downloading a file that ca unmask u like : torrent or rm or word or pdf 
files...all these files will unmask u..
> ***
> To unsubscribe, send an e-mail to majord...@torproject.org with
> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
  

"Cookie Mismatch" when using Gmail.

[Matthew]

 Hello,

Here is what happens:

I login to Gmail as normal.  I go to Settings / Accounts and Import / 
Change Account Settings - Google Account Settings.  When I click on that 
link the URL changes to https://www.google.com/accounts/CookieMismatch and 
the screen shows.


We've detected a problem with your cookie settings.

Enable cookies
Make sure your cookies are enabled. To enable cookies, follow these 
browser-specific instructions 
.


Clear cache and cookies
If you have cookies enabled but are still having trouble, clear your 
browser's cache and cookies 
.


Adjust your privacy settings
If clearing your cache and cookies doesn't resolve the problem, try 
adjusting your browser's privacy settings. If your settings are on high, 
manually add *www.google.com* to your list of allowed sites. Learn more 



I am using TorButton and NoScript and Gmail and Gstatic are considered 
"trusted".  JS is on.  Cookies are on.  I can see them in Firefox Privacy 
settings.  I have deleted the cache, deleted cookies, rebooted Firefox, 
etc, but I cannot enter the Google Account Settings link.  All other parts 
of Gmail work fine.


Without using the Vidalia bundle I can login to the Account Settings with 
no problems.


Does someone know how to deal with this cookie issue?

Thanks.

Re: BDS VPNs hosting

[andrew]

On Fri, Dec 31, 2010 at 05:55:57PM +0100, jespa...@minibofh.org wrote 1.5K 
bytes in 28 lines about:
: The approach described in the official Tor project documentation is
: excellent from my humble point of view. As a web-hosting sysadmin I

Ok, that's really what I was hoping.  Otherwise, my hope is that people
improve it over time to adjust to reality and experiences.

-- 
Andrew
pgp key: 0x74ED336B
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor-BlackBelt Privacy

[andrew]

On Wed, Dec 29, 2010 at 01:53:17PM +0100, tor-ad...@privacyfoundation.de wrote 
0.8K bytes in 25 lines about:
: I have done a small test. It seems, high performance nodes are prefered.
: The project page offers only a binary download.
: What do you think about the project. Is it serious?

It's been around for a few years, previously called "black belt tor" by
Cav Edwards.  We've had some interaction with Cav Edwards over the
years, but nothing substantial.

: Is the preference of high power nodes useful or does it have a bad
: influence on the load balancing of the tor network like the Cloakfish
: idea two years ago?

TCP stacks and crypto overhead may be overloading "high performance
nodes".  If you only need 1KB/s for a xmpp chat session, no need to
choose a high bandwidth relay when a lower performance one will do.  

I haven't tested it, but I wonder if over time (days, weeks, months) the
performance usage profile of blackbeltprivacy is different than a stock
tor client.

-- 
Andrew
pgp key: 0x74ED336B
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor and google groups

[force44]

>> Though I could open an account at gmail, it is impossible to login to
>> post in google groups. I am told, whetever the exit node is, "Your
>> browser's cookie functionality is turned off. Please turn it on.".
>>
> First, did you have to go through SMS verification to open a Gmail account?


Yes, but I have a nice collection of SIM cards from various countries... Every 
time I travel (twice a month at least) I bring back some SIM cards for this 
kind of "work"...


> Second, I also have had the same problem apropos cookie functionality.  
> There appears to be no rationale.  I have found that deleting the cache
> and re-opening Firefox works sometimes but you have to play about with it.
>> I am using Tor, Privoxy, Firefox and Torbutton, both in their last
>> updated releases for Win7.
>>
> Should you not be using Polipo rather than Privoxy?  Perhaps other
> people can comment on this?


Well, I am using Privoxy since the beginning of Tor, never understood why i 
would have to change.

Anyway I followed your suggestion and cleaned the cache, then I could enter 
Googlegroups with Tor! 

Thanks a lot for your help :)
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: The Skype begin refusing payments making on their site through the Tor

[James Brown]

Praedor Atrebates wrote:
> And where are these creatures, these anonymous credit cards?  
> 

If I use the tor for preventing possibility of my bank (and Putin's
tonton macoutes if they request my bank) to know my real location?

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

test

[Orionjur Tor-admin]

test
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor & Email?

[Orionjur Tor-admin]

Jon wrote:
> > On Wed, Dec 29, 2010 at 10:38 AM, The Doctor  wrote:
>> >>
> > I then tried again with a German exit, and had no problems. Since I
> > don't speak German very well, I had to guess some, but it went thru
> > with out any captcha..
> >
> > Am wondering if it is only with a US exit or if it is happening on
> > other country exits?
> >
> > Jon
> > ***
> > To unsubscribe, send an e-mail to majord...@torproject.org with
> > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
> >

I have tried to creat gmail-accounts with Netherlands and German exits
and have had problems: the Google required sms-verification.

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Exit node and datacenter

[Moritz Bartl]

Hi,

Contact your ISP and tell them what you want to do. Ask if it's possible 
to SWIP your IP range and attach your own abuse handle (email address).
If your ISP is okay with it, I think it's worth trying the open exit 
policy first, and only limit it later in case you run into trouble with 
your ISP. For a suggestion on a limited policy, see [1].


--
Moritz

[1] 
https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment

Am 04.01.2011 19:12, schrieb forc...@safe-mail.net:

Hello!

Since about 18 months I am hosting a Tor relay middleman" on a dedicated box 
rented at Rackforce in Canada and I would like to turn it to an exit node.

Any suggestion about what to do concerning the datacenter? I would like to 
avoid being sent offline at the 1st complaint...

Thanks!
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Exit node and datacenter

[force44]

Hello!

Since about 18 months I am hosting a Tor relay middleman" on a dedicated box 
rented at Rackforce in Canada and I would like to turn it to an exit node.

Any suggestion about what to do concerning the datacenter? I would like to 
avoid being sent offline at the 1st complaint... 

Thanks!
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor uses swap?

[Gregory Maxwell]

On Tue, Jan 4, 2011 at 12:11 PM, Steve Crook  wrote:
> On Tue, Jan 04, 2011 at 10:13:00AM -0500, Gregory Maxwell wrote:
>
>> swap /dev/sda9 /dev/urandom swap,cipher=aes-lrw-plain,size=256
>
> Same solution as I use but with slightly different options.  Mine are:
> cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap
>
> The example on
> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/OperationalSecurity
> suggests no options other than 'swap'.

Our commands differ in the chaining and IV selection mode.  Mine
should be a fair bit faster. Both should provide adequate security.
The LRW mode I'm suggesting wasn't added to the kernel until a few
years after essiv support, which explains the prevalence of essiv in
recommendations.

I'm not sure what the defaults are if no parameters are specified. I'd
be concerned that it may use plain CBC, which is vulnerable to
watermarking attacks[1].



[1] http://www.tcs.hut.fi/~mjos/doc/saarinen_encrypted_watermarks.pdf
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor uses swap?

[Steve Crook]

On Tue, Jan 04, 2011 at 10:13:00AM -0500, Gregory Maxwell wrote:

> swap /dev/sda9 /dev/urandom swap,cipher=aes-lrw-plain,size=256

Same solution as I use but with slightly different options.  Mine are:
cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap

The example on
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/OperationalSecurity
suggests no options other than 'swap'.

I wonder if these are differences that make a difference.  :)
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor in German media (27c3)

[Dirk]

Moritz Bartl wrote:
> Hi,
> 
> On 04.01.2011 17:46, Dirk wrote:
>> So all I need is a competent lawyer to run as many exit nodes as I
>> want in Germany?
> 
> Most people run "as many exit nodes as they want" without even having a
> lawyer in the first place. It is not an illegal service at all.
> 
> For the future, it might be a good idea to form a lose network of
> lawyers/funds that openly promise legal help to ANY Tor node operator.
> In Germany, both Chaos Computer Club and German Privacy Foundation
> promise to fight for the right of Tor node operators in case something
> big hits them. In the US, EFF made a similar promise.

It would be very useful to have a factsheet that lists jurisdictions, 
tor-exit-node related trials and their outcome.. to inform
potential admins about the possible risks..

I wouldn't be interested into starting exit nodes and then give in as soon as 
there is pressure.. rather ask a lawyer to clean
that up...
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor in German media (27c3)

[Timo Schoeler]

On 01/04/2011 05:46 PM, Dirk wrote:

Moritz Bartl wrote:

Hi,

FYI: The German public radio network Deutschlandfunk put up an
interview with Julius Mittenzwei, the Chaos Computer Club lawyer,
about Tor.

http://vimeo.com/18267378 (german only)



So all I need is a competent lawyer to run as many exit nodes as I
want in Germany?

Just great... the brainwashing already made me believe that I'd ruin
my life if I did.

I'll consult a local lawyer who is a specialist in this field.


From my point of view the question arises if it'd be possible to create 
groups of admins that belong to the same 'area' in terms of the law 
being applied there, e.g. all TOR (exit) node operators of Germany, 
France, Great Britian, Zimbabwe, whatever, in order to concentrate on 
defending against attacks on that level.


I used to run two medium-bandwidth exit nodes, but as the complaints 
about it began to rise above a certain level I shut them down. Maybe 
temporarily, I don't know.


Cheers,

Timo
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor in German media (27c3)

[Moritz Bartl]

Hi,

On 04.01.2011 17:46, Dirk wrote:

So all I need is a competent lawyer to run as many exit nodes as I want in 
Germany?


Most people run "as many exit nodes as they want" without even having a 
lawyer in the first place. It is not an illegal service at all.


For the future, it might be a good idea to form a lose network of 
lawyers/funds that openly promise legal help to ANY Tor node operator. 
In Germany, both Chaos Computer Club and German Privacy Foundation 
promise to fight for the right of Tor node operators in case something 
big hits them. In the US, EFF made a similar promise.

--
Moritz
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor uses swap?

[Michael Gomboc]

Maybe that link will be useful:

http://blog.nyxyn.com/2010/05/encrypted-ubuntu-104-on-dual-boot.html

2011/1/4 

>
> --
>
> andr...@fastmail.fm
>
>  On Tue, 04 Jan 2011 08:48 -0500, "Michael Gomboc" <
> michael.gom...@gmail.com> wrote:
>
> A new installation of Ubuntu with encrypted LVM is more than easy!
> Check the link for help (It's Ubuntu 7.10, but there is no big difference)
> http://news.softpedia.com/news/Encrypted-Ubuntu-7-10-68383.shtml
>
>
> It doesn't cover a dual-boot situation...that's the hard one to do.
>
>
> Of curse you can encrypt only your swap, but why not encrypt the hole
> system?
>
> 2011/1/4 
>
>
> --
>
>  andr...@fastmail.fm
>
>
> On Tue, 04 Jan 2011 08:16 -0500, "Roger Dingledine" 
> wrote:
> > On Tue, Jan 04, 2011 at 02:14:09PM +0100, andr...@fastmail.fm wrote:
> > > I'm running Ubuntu 10.04 and Tor browser bundle with scripts forbidden.
> > >
> > > Does any of my web search results or web pages (or anything else during
> > > the web session) I look at get sent to or put on the SWAP partition of
> > > my machine?
> >
> > Could be. The Tor Browser Bundle for Linux is just an ordinary
> > application. It doesn't control your swap either way. You don't start
> > it as root, so it can't.
> >
> > I'd suggest that you should be using encrypted swap by default. Everybody
> > should.
> >
>  I sure would LOVE to know an easy way to encrypt my swap.  My plan had
> been to do a fresh reinstallation of Ubuntu 10.04 on my dual-boot
> machine but I got to the "encrypt the disk" portion of the installation
> using Alternate CD and quit.  There were too many questions or settings
> that I had no idea what to enter.
>
>
>
>
>
> > --Roger
> >
> > ***
> > To unsubscribe, send an e-mail to majord...@torproject.org with
> > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
> >
>  --
> http://www.fastmail.fm - mmm... Fastmail...
>
> ***
>
> To unsubscribe, send an e-mail to majord...@torproject.org with
> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
>
>
>
>
> --
> Michael Gomboc
> www.viajando.at
> pgp-id: 0x5D41FDF8
>
> -- http://www.fastmail.fm - Does exactly what it says on the tin
>
>


-- 
Michael Gomboc
www.viajando.at
pgp-id: 0x5D41FDF8

Re: Tor in German media (27c3)

[Dirk]

Moritz Bartl wrote:
> Hi,
> 
> FYI: The German public radio network Deutschlandfunk put up an interview
> with Julius Mittenzwei, the Chaos Computer Club lawyer, about Tor.
> 
> http://vimeo.com/18267378 (german only)
> 

So all I need is a competent lawyer to run as many exit nodes as I want in 
Germany?

Just great... the brainwashing already made me believe that I'd ruin my life if 
I did.

I'll consult a local lawyer who is a specialist in this field.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor uses swap?

[andre76]

--

[1]andr...@fastmail.fm

On Tue, 04 Jan 2011 08:48 -0500, "Michael Gomboc"
 wrote:

  A new installation of Ubuntu with encrypted LVM is more than
  easy!

Check the link for help (It's Ubuntu 7.10, but there is no big
difference)

[2]http://news.softpedia.com/news/Encrypted-Ubuntu-7-10-68383.sht
ml





It doesn't cover a dual-boot situation...that's the hard one to
do.





Of curse you can encrypt only your swap, but why not encrypt the
hole system?
2011/1/4 <[3]andr...@fastmail.fm>

  --
   [4]andr...@fastmail.fm
  On Tue, 04 Jan 2011 08:16 -0500, "Roger Dingledine"
  <[5]a...@mit.edu>
  wrote:

> On Tue, Jan 04, 2011 at 02:14:09PM +0100,
[6]andr...@fastmail.fm wrote:
> > I'm running Ubuntu 10.04 and Tor browser bundle with scripts
forbidden.
> >
> > Does any of my web search results or web pages (or anything
else during
> > the web session) I look at get sent to or put on the SWAP
partition of
> > my machine?
>
> Could be. The Tor Browser Bundle for Linux is just an ordinary
> application. It doesn't control your swap either way. You don't
start
> it as root, so it can't.
>
> I'd suggest that you should be using encrypted swap by default.
Everybody
> should.
>

  I sure would LOVE to know an easy way to encrypt my swap.  My
  plan had
  been to do a fresh reinstallation of Ubuntu 10.04 on my
  dual-boot
  machine but I got to the "encrypt the disk" portion of the
  installation
  using Alternate CD and quit.  There were too many questions or
  settings
  that I had no idea what to enter.

> --Roger
>
>
*
**
> To unsubscribe, send an e-mail to [7]majord...@torproject.org
with
> unsubscribe or-talkin the body.
[8]http://archives.seul.org/or/talk/
>

--
[9]http://www.fastmail.fm - mmm... Fastmail...
*
**


To unsubscribe, send an e-mail to [10]majord...@torproject.org
with
unsubscribe or-talkin the body.
[11]http://archives.seul.org/or/talk/

--
Michael Gomboc
[12]www.viajando.at
pgp-id: 0x5D41FDF8

References

1. mailto:andr...@fastmail.fm
2. http://news.softpedia.com/news/Encrypted-Ubuntu-7-10-68383.shtml
3. mailto:andr...@fastmail.fm
4. mailto:andr...@fastmail.fm
5. mailto:a...@mit.edu
6. mailto:andr...@fastmail.fm
7. mailto:majord...@torproject.org
8. http://archives.seul.org/or/talk/
9. http://www.fastmail.fm/
  10. mailto:majord...@torproject.org
  11. http://archives.seul.org/or/talk/
  12. http://www.viajando.at/

-- 
http://www.fastmail.fm - Does exactly what it says on the tin

Re: Tor uses swap?

[Gregory Maxwell]

OT, I know, but this is information that all tor node operators should have.

On Tue, Jan 4, 2011 at 8:25 AM,   wrote:
> I sure would LOVE to know an easy way to encrypt my swap.  My plan had
> been to do a fresh reinstallation of Ubuntu 10.04 on my dual-boot
> machine but I got to the "encrypt the disk" portion of the installation
> using Alternate CD and quit.  There were too many questions or settings
> that I had no idea what to enter.

If you have a separate swap partition it is very easy to encrypt it on
all GNU/Linux systems.

If you use an ephemerally keyed swap you don't even have to provide a
password at boot— it will use a new random key at every reboot.

First edit /etc/crypttab, and add a line (or create the file):

swap /dev/sda9 /dev/urandom swap,cipher=aes-lrw-plain,size=256


(replace "sda9" with the name of your swap device, "swapon -s" will
tell you. It is important that you get this right.)

Then edit /etc/fstab and change the swap line to

/dev/mapper/swapswapswapdefaults0 0


Reboot and your swap will be encrypted (cryptsetup status swap will
give you information on the volume).
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor uses swap?

[What you get is Not what you see]

On Tue, Jan 4, 2011 at 3:25 PM,  wrote:

>
>
> I sure would LOVE to know an easy way to encrypt my swap.  My plan had
> been to do a fresh reinstallation of Ubuntu 10.04 on my dual-boot
> machine but I got to the "encrypt the disk" portion of the installation
> using Alternate CD and quit.  There were too many questions or settings
> that I had no idea what to enter.
>
>
>
>
Try ubuntu server cd.

Re: Tor uses swap?

[Michael Gomboc]

A new installation of Ubuntu with encrypted LVM is more than easy!
Check the link for help (It's Ubuntu 7.10, but there is no big difference)
http://news.softpedia.com/news/Encrypted-Ubuntu-7-10-68383.shtml

Of curse
you can encrypt only your swap, but why not encrypt the hole system?

2011/1/4 

>
> --
>
>  andr...@fastmail.fm
>
>
> On Tue, 04 Jan 2011 08:16 -0500, "Roger Dingledine" 
> wrote:
> > On Tue, Jan 04, 2011 at 02:14:09PM +0100, andr...@fastmail.fm wrote:
> > > I'm running Ubuntu 10.04 and Tor browser bundle with scripts forbidden.
> > >
> > > Does any of my web search results or web pages (or anything else during
> > > the web session) I look at get sent to or put on the SWAP partition of
> > > my machine?
> >
> > Could be. The Tor Browser Bundle for Linux is just an ordinary
> > application. It doesn't control your swap either way. You don't start
> > it as root, so it can't.
> >
> > I'd suggest that you should be using encrypted swap by default. Everybody
> > should.
> >
>
> I sure would LOVE to know an easy way to encrypt my swap.  My plan had
> been to do a fresh reinstallation of Ubuntu 10.04 on my dual-boot
> machine but I got to the "encrypt the disk" portion of the installation
> using Alternate CD and quit.  There were too many questions or settings
> that I had no idea what to enter.
>
>
>
>
>
> > --Roger
> >
> > ***
> > To unsubscribe, send an e-mail to majord...@torproject.org with
> > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
> >
>
> --
> http://www.fastmail.fm - mmm... Fastmail...
>
> ***
> To unsubscribe, send an e-mail to majord...@torproject.org with
> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
>



-- 
Michael Gomboc
www.viajando.at
pgp-id: 0x5D41FDF8

Re: Tor uses swap?

[andre76]

-- 
  
  andr...@fastmail.fm


On Tue, 04 Jan 2011 08:16 -0500, "Roger Dingledine" 
wrote:
> On Tue, Jan 04, 2011 at 02:14:09PM +0100, andr...@fastmail.fm wrote:
> > I'm running Ubuntu 10.04 and Tor browser bundle with scripts forbidden.
> > 
> > Does any of my web search results or web pages (or anything else during
> > the web session) I look at get sent to or put on the SWAP partition of
> > my machine?
> 
> Could be. The Tor Browser Bundle for Linux is just an ordinary
> application. It doesn't control your swap either way. You don't start
> it as root, so it can't.
> 
> I'd suggest that you should be using encrypted swap by default. Everybody
> should.
> 

I sure would LOVE to know an easy way to encrypt my swap.  My plan had
been to do a fresh reinstallation of Ubuntu 10.04 on my dual-boot
machine but I got to the "encrypt the disk" portion of the installation
using Alternate CD and quit.  There were too many questions or settings
that I had no idea what to enter.





> --Roger
> 
> ***
> To unsubscribe, send an e-mail to majord...@torproject.org with
> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
> 

-- 
http://www.fastmail.fm - mmm... Fastmail...

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Tor uses swap?

[andre76]

I'm running Ubuntu 10.04 and Tor browser bundle with scripts forbidden.

Does any of my web search results or web pages (or anything else during
the web session) I look at get sent to or put on the SWAP partition of
my machine?


That is to say- is there any data on my computer I should shred after a
Tor session?  (yes, I understand other than what I knowingly download
like a PDF or music)

-- 
http://www.fastmail.fm - mmm... Fastmail...

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor uses swap?

[Roger Dingledine]

On Tue, Jan 04, 2011 at 02:14:09PM +0100, andr...@fastmail.fm wrote:
> I'm running Ubuntu 10.04 and Tor browser bundle with scripts forbidden.
> 
> Does any of my web search results or web pages (or anything else during
> the web session) I look at get sent to or put on the SWAP partition of
> my machine?

Could be. The Tor Browser Bundle for Linux is just an ordinary
application. It doesn't control your swap either way. You don't start
it as root, so it can't.

I'd suggest that you should be using encrypted swap by default. Everybody
should.

--Roger

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: The Skype begin refusing payments making on their site through the Tor

[Roger Dingledine]

On Tue, Jan 04, 2011 at 08:02:40AM -0500, Praedor Atrebates wrote:
> For something like skype or paying for ANYTHING via credit card/paypal
>or the like, your anonymity is lost upon making payment so having to pay
>online outside the tor network cannot be a privacy/anonymity violation.
> 
> I would never use tor to make privacy/anonymity breaking payments or
>enter anonymity breaking information - it totally negates the function
>or point of tor in the first place.  Basically, I'm not sure that being
>blocked from making a payment to a company over the tor network is really
>a problem at all.
> 
> Am I missing something?

You're missing the diversity of adversaries that various Tor users might
care about.

For example, imagine you're using Tor to prevent a local observer (e.g.
your government-owned ISP) from discovering that you're going to Skype's
payment page.

More generally, there are people who use Tor to ssh to a server somewhere
-- they really do want to make sure the ssh server is the one they wanted,
and the ssh server really does want to make sure it's them, but they
worry about network-level observers on both sides of the transaction.

Yet another variation is where you don't mind that Skype knows *who*
you are, but you don't want them to know which country you're in today.

--Roger

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Tor uses swap?

[andre76]

I'm running Ubuntu 10.04 and Tor browser bundle with scripts forbidden.

Does any of my web search results or web pages (or anything else during
the web session) I look at get sent to or put on the SWAP partition of
my machine?


That is to say- is there any data on my computer I should shred after a
Tor session?  (yes, I understand other than what I knowingly download
like a PDF or music)




-- 
http://www.fastmail.fm - Same, same, but different...

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: The Skype begin refusing payments making on their site through the Tor

[Ted Smith]

On Tue, 2011-01-04 at 08:02 -0500, Praedor Atrebates wrote:
> For something like skype or paying for ANYTHING via credit card/paypal or the 
> like, your anonymity is lost upon making payment so having to pay online 
> outside the tor network cannot be a privacy/anonymity violation.  
> 
> I would never use tor to make privacy/anonymity breaking payments or enter 
> anonymity breaking information - it totally negates the function or point of 
> tor in the first place.  Basically, I'm not sure that being blocked from 
> making a payment to a company over the tor network is really a problem at 
> all.  
> 
> Am I missing something?

You're missing that Tor's goal is to separate identification from
routing, and that logging into authenticated systems using Tor is a
perfectly valid use of it. Not all uses of Tor are for the purpose of
obscuring your identity from the destination server. For example, nearly
all uses of Tor during the Iranian election protests fell into this
category (I suspect).

There's also a case to be made about revealing the least possible amount
of information. If you give a website your credit card information over
Tor+Torbutton, you're giving them objectively less data about you than
you would have if you had given them your credit card without Tor
+Torbutton. This may or may not be valuable information, but it's still
information. Personally, I do as much as I can over Tor, just because I
want to have a default-deny policy about my personal information.


signature.asc
Description: This is a digitally signed message part

Re: The Skype begin refusing payments making on their site through the Tor

[Moritz Bartl]

Hi,

On 04.01.2011 14:02, Praedor Atrebates wrote:
> Am I missing something?

Anonymous credit cards?

--
Moritz
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: System time in anonymity oriented LiveCDs

[Jim]

Jim wrote:


thomas.hluch...@netcologne.de wrote:

Without understanding details of the tor design, did you mention that
tor knows the "real" time? So why dont you let tor set the right
time. There could be a torrc setting like "when connecting to tor
set system time according what tor says". This would enforce to
run tor as root, not as unprivileged user, but this is a Live
system, so this might be no problem(?).

Would this be a nice tor extension to help the LiveCD users?


Presumably some people will be running live CDs (or USBs) on systems
where they don't have the necessary privilege to set the system time.
To address these situations, what might be more useful is to be able to
tell Tor to offset the system clock by a given amount to get the "real
time".  Possbily in connection with this there could be a setting which
would cause Tor to automically determine this offset at initialization.


Oops.  Sorry about responding to my own post, but I just realized that 
the lack of permission problem I mentioned would pertain to running 
something like a Tor bundle from a USB stick on a public computer rather 
 than a running a Live CD/USB.  But I still think my proposal might be 
useful for that situation.


Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: System time in anonymity oriented LiveCDs

[Jim]

Jim wrote:


thomas.hluch...@netcologne.de wrote:

Without understanding details of the tor design, did you mention that
tor knows the "real" time? So why dont you let tor set the right
time. There could be a torrc setting like "when connecting to tor
set system time according what tor says". This would enforce to
run tor as root, not as unprivileged user, but this is a Live
system, so this might be no problem(?).

Would this be a nice tor extension to help the LiveCD users?


Presumably some people will be running live CDs (or USBs) on systems
where they don't have the necessary privilege to set the system time.
To address these situations, what might be more useful is to be able to
tell Tor to offset the system clock by a given amount to get the "real
time".  Possbily in connection with this there could be a setting which
would cause Tor to automically determine this offset at initialization.


Oops.  Sorry about responding to my own post, but I just realized that 
the lack of permission problem I mentioned would pertain to running 
something like a Tor bundle from a USB stick on a public computer rather 
 than a running a Live CD/USB.  But I still think my proposal might be 
useful for that situation.


Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Tor in German media (27c3)

[Moritz Bartl]

Hi,

FYI: The German public radio network Deutschlandfunk put up an interview 
with Julius Mittenzwei, the Chaos Computer Club lawyer, about Tor.


http://vimeo.com/18267378 (german only)

--
Moritz
http://www.torservers.net/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor and google groups

[Jim]

forc...@safe-mail.net wrote:
> Hello!
> 
> Though I could open an account at gmail, it is impossible to login to
> post in google groups. I am told, whetever the exit node is, "Your
> browser's cookie functionality is turned off. Please turn it on.".
> 
> I am using Tor, Privoxy, Firefox and Torbutton, both in their last
>  updated releases for Win7.

Do you perhaps have Privxoy configured to reject cookies?

Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: System time in anonymity oriented LiveCDs

[Jim]

thomas.hluch...@netcologne.de wrote:
> Without understanding details of the tor design, did you mention that
> tor knows the "real" time? So why dont you let tor set the right
> time. There could be a torrc setting like "when connecting to tor
> set system time according what tor says". This would enforce to
> run tor as root, not as unprivileged user, but this is a Live
> system, so this might be no problem(?).
> 
> Would this be a nice tor extension to help the LiveCD users?

Presumably some people will be running live CDs (or USBs) on systems
where they don't have the necessary privilege to set the system time.
To address these situations, what might be more useful is to be able to
tell Tor to offset the system clock by a given amount to get the "real
time".  Possbily in connection with this there could be a setting which
would cause Tor to automically determine this offset at initialization.

Cheers,
Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Torbutton 1.3.1-alpha released

[Mike Perry]

Torbutton 1.3.1-alpha has been released at:
https://www.torproject.org/torbutton/releases/torbutton-1.3.1-alpha.xpi

This release features a fix for the nasty pref dialog issue in 1.3.0
(bug #2011), as well as Firefox 4.0 support. Thanks to new APIs in
Firefox 3.5 and better privacy options in Firefox 4, Torbutton has now
been simplified as well. While we still provide a number of XPCOM
components, the number of native Firefox components we replace has
shrunk from 5 to just one.

However, the amount of changes involved in supporting Firefox 4 were
substantial, and it is likely that these changes as well as the
removal of old code has introduced new bugs. I've done my best to test
out operation on Firefox 3.6 and 4.0, but I have not tested Firefox
3.0, and I may have missed other issues as well. Please report any
issues you notice on our bugtracker:
https://trac.torproject.org/projects/tor/report/14

Here is the complete changelog:
 * bugfix: bug 1894: Amnesia is now called TAILS (patch from intrigeri)
 * bugfix: bug 2315: Remove reference to TorVM (patch from intrigeri)
 * bugfix: bug 2011: Fix preference dialog issues (patch from chrisdoble)
 * bugfix: Fix some incorrect log lines in RefSpoofer
 * new: Support Firefox 4.0 (many changes)
 * new: Place button in the nav-bar (FF4 killed the status-bar)
 * misc: No longer reimplement the session store, use new APIs instead
 * misc: Simplify crash detection and startup mode settings


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs


pgpdhTsZGYy3V.pgp
Description: PGP signature