Re: [tor-talk] How to set up a site on hidden service?
On Wed, Aug 10, 2011 at 07:17:06AM +, jbrownfi...@gmail.com wrote 0.9K bytes in 25 lines about: : I intend to set up a web-site under Tor hidden service. : I installed thttpd and set up that web-server and the tor-hidden server : as it disribed in : "https://www.torproject.org/docs/tor-hidden-service.html.en"; We need to clarify these instructions. thttpd is just a suggestion, not a requirement. thttpd is a very simple webserver, it doesn't support dynamic languages well, if at all. It's a suggestion because it is so simple. If you want to host a hidden service website, you need a webserver of some kind. thttpd, lighttpd, and apache are all possibilities. People have hosted hidden service websites on IIS. Use whatever you are most comfortable with using. -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure "Tor box" for safe web browsing?
On Sun, Aug 07, 2011 at 02:47:24PM +0200, mli...@robin-kipp.net wrote 3.8K bytes in 11 lines about: : so, I've been browsing the web using Tor for some time now, and I have to say that, at least with the cir quid I am currently using, I'm quite impressed with the performance, especially since I'm only connected through a 3g ap at the moment! So, I've had a look around the Torproject site and reading up on how it all works and what safeguarding should be performed in order to stay secure. So, I was thinking, how could I get all the systems that are part of my own home network to access the web securely and anonymously? Well, I came up with the following idea, and since some of you guys may have tried this, was wondering if this would be practicable: Many people use Tails[1] for this on a dedicated host, or they're waiting for the torouter[2] to exist in some form. [1] http://tails.boum.org [2] https://trac.torproject.org/projects/tor/wiki/doc/Torouter In either case, the most controversial issue is the transparent routing of all TCP traffic over Tor. The concern is that this is going to encourage people do to unsafe things over tor. Even if it isn't encouraged, people will use technologies that cannot be properly secured and merely push the risks from their local network and ISP to exit relays. The costs to the user could be high. The current discussion is found at https://trac.torproject.org/projects/tor/ticket/3453 -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hijacking Advertising to give a Tor Exit node economic sustainability?
On Sat, Aug 06, 2011 at 10:09:22PM +0200, li...@infosecurity.ch wrote 1.0K bytes in 27 lines about: : Could a Tor Exit Node pay itself and eventually generate more revenue to : install other tor server by being self-supported by advertising? : A Tor Exit Node could modify all the advertising that the user see while : web browsing (google adwords, facebook, doubleclick, etc) by injecting : it's own sponsored AD in http flow. This has been done in the past, it didn't go well. Advertising networks eventually kicked the person off their networks because 'anonymous clicks' weren't valuable to them. If they don't tie your identity and your click traffic together, the data isn't worth anything to them. http://www.torfox.org/ used to be a custom Tor browser that integrated torbutton into the firefox codebase. See http://web.archive.org/web/20090628072441/http://torfox.org/ for that history. It also included a configuration that forced you through the torfox exit relays, which conveniently used javascript to automatically click on ads that you the human never saw. The torfox exit relays were unpublished relays and hardcoded into the torfox browser. In a conversation with mister torfox himself via a .onion forum, he claimed to be making $350,000 a year this way. It was later revealed the $350,000 was the sum of all their ad network hacking, not just torfox. And it all went away when the ad networks disabled his accounts for click fraud. -- Andrew pgp key: 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Any problem installing TBB & Vidalia bundle on same machine?
My question involves 2 scenarios. 1. Installing both TBB & Vidalia bundle, so other apps could be torrified if need to close Tor browser. 2. Install & run TBB & Vidalia bundle simultaneously, so if close TBB, don't have to wait for Vidalia startup to torrify other apps. Not sure which of these would be more common, at present. Tor Project is moving away from Torbutton, which is fine - urging use of TBB. Sometimes I may not want Firefox in TBB open, or may need to close it, which closes Tor. But, may either already have other apps running, using Tor, or want to start them quickly. Is there a problem using both - either separately (one active at a time), or simultaneously? Last, for non browser apps, is there a standard way to check if they're using Tor (say, Thunderbird or other apps), as the check for browsers? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to set up a site on hidden service?
On 11/08/11 11:59, and...@torproject.org wrote: > On Wed, Aug 10, 2011 at 07:17:06AM +, jbrownfi...@gmail.com wrote 0.9K > bytes in 25 lines about: > : I intend to set up a web-site under Tor hidden service. > : I installed thttpd and set up that web-server and the tor-hidden server > : as it disribed in > : "https://www.torproject.org/docs/tor-hidden-service.html.en"; > > We need to clarify these instructions. thttpd is just a > suggestion, not a requirement. thttpd is a very simple webserver, it > doesn't support dynamic languages well, if at all. It's a suggestion > because it is so simple. > > If you want to host a hidden service website, you need a webserver of > some kind. thttpd, lighttpd, and apache are all possibilities. People > have hosted hidden service websites on IIS. Use whatever you are most > comfortable with using. LAMP in Ubuntu Maverick is quite straightforward. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Any problem installing TBB & Vidalia bundle on same machine?
I'm still sticking to Torbutton - I prefer the flexibility of being able to switch it on and off when I need, rather than launching a new browser. That being said, I frequently run Tor with Firefox at the same time as my e-mail client (all of which is routed through Tor). As long as Vidalia's opened, you should be able to use multiple programs with Tor simultaneously. With Thunderbird, you can check by sending a test e-mail, even to yourself, then looking at the source. It's working if you get something that looks like this: Received: from [0.0.0.0] (tor-exit-router45-readme.formlessnetworking.net [199.48.147.45]) by mx.google.com with ESMTPS id v16sm1593516ibf.42.2011.08.11.09.06.31 (version=SSLv3 cipher=AES128-SHA); Not sure about other apps like Pidgin etc. > Is there a problem using both - either separately (one active at a > time), or simultaneously? > > Last, for non browser apps, is there a standard way to check if > they're using Tor (say, Thunderbird or other apps), as the check for > browsers? > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Firefox with Torbutton started hanging - what can I do?
Hi, I am using Firefox 5.0 on my Windows XP computer with the Vidalia 0.2.12 package. It had been running fine using Torbutton 1.40 which (I believe) was updated by the last Vidalia update. I usually leave Torbutton disabled but today I tried to enable it to go to a hidden website, and it caused Firefox to hang while a script tried to find a missing .js file in my Firefox default profile extensions folder. I isolated the problem to be associated with using Torbutton, so I deleted Torbutton and re-installed it. Then Torbutton still hangs Firefox looking for the same missing js file. Firefox works ok with Torbutton disabled, but I cannot access hidden websites and I suspect that I may not be actually using Tor. Does anyone have a suggestion either on cleaning up the Torbutton problem or configuring Firefox to use the Tor network correctly without Torbutton. I tried searching for the last choice on the Tor website, but that choice did not jump out at me. Thank you. David Carlson 0xDC7C8BF3.asc Description: application/pgp-keys ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Firefox with Torbutton started hanging - what can I do?
On 8/11/2011 2:53 PM, David Carlson wrote: > Hi, > > I am using Firefox 5.0 on my Windows XP computer with the Vidalia 0.2.12 > package. It had been running fine using Torbutton 1.40 which (I believe) > was updated by the last Vidalia update. > > I usually leave Torbutton disabled but today I tried to enable it to go > to a hidden website, and it caused Firefox to hang while a script tried > to find a missing .js file in my Firefox default profile extensions folder. > > I isolated the problem to be associated with using Torbutton, so I > deleted Torbutton and re-installed it. Then Torbutton still hangs > Firefox looking for the same missing js file. Firefox works ok with > Torbutton disabled, but I cannot access hidden websites and I suspect > that I may not be actually using Tor. > > Does anyone have a suggestion either on cleaning up the Torbutton > problem or configuring Firefox to use the Tor network correctly without > Torbutton. I tried searching for the last choice on the Tor website, > but that choice did not jump out at me. > > Thank you. > > David Carlson > I was able to create a new firefox profile, install Torbutton to that profile, enable it successfully and connect to the sample hidden Tor website. Now, how can I fix my old Firefox profile, or should I just use that profile only when I want my bank to recognize me, for example. David Carlson 0xDC7C8BF3.asc Description: application/pgp-keys ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Firefox with Torbutton started hanging - what can I do?
In re https://lists.torproject.org/pipermail/tor-talk/2011-August/021022.html I was able to create a new firefox profile, install Torbutton to that profile, enable it successfully and connect to the sample hidden Tor website. Now, how can I fix my old Firefox profile, or should I just use that profile only when I want my bank to recognize me, for example. David Carlson I think that's a good idea in general. Use one profile for work and banking, stuff the government is going to know about anyway if they want to. Use a distinct profile for politics. Cookies can carry all sorts of interesting information back and forth, correlating your activities and identity, otherwise. -- Jack Waugh ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Reconsider putting HTTPS Everywhere on addons.mozilla.org - Legal opinions and rant
Forgot to add Tor Talk Mailing list to cc. (they have some good people with legal smarts there who may not bother to check our mailing lists) --- Please use this thread (subject) for further replies and please cc to , , ,*** "Q. Why isn't HTTPS Everywhere available for download from addons.mozilla.org like most other Firefox add-ons? A. We felt that the Mozilla privacy policy that applies to downloads from addons.mozilla.org is somewhat less protective than the privacy policies of the organizations that develop HTTPS Everywhere, and we prefer for HTTPS Everywhere users to be protected by our privacy policy. This decision could change in the future as Mozilla's privacy practices evolve or as we re-examine the details of the current Mozilla policy." I want to ask the devs to reconsider putting HTTPS Everywhere on addons.mozilla.org. A few reasons: 1. Trust: Many people trust that add-ons posted on addons.mozilla.org has been reviewed by the Mozilla team. I mean people download many add-ons from there, including many unknown ones. 2. More Users == Less False positives as there is a higher chance of a False positive being reported because more sites will be tested. Also most people comment on the Add-on page itself, rather than going through the hoops of Mailing List or IRC. == I am not sure exactly how Mozilla privacy policy affects HTTPS Everywhere. The Add-on code will be the same no? Or is it that the developers and or ruleset contributors could be held liable for submitting rules? I was thinking laws regarding, unauthorized use of computer network or equipment? It is in the Criminal Code in Canada which means Extradition to the US, per the Mutual legal assistance treaty, which happens when both countries consider a crime to be a crime, even if the minimum sentence is less in one country. Oh and the Extradition process in Canada is just a Rubber Stamp process. I looked up the Court Records, 99.9% of the accused were extradited (or committed in legal speak). They don't evaluate the merit of the evidence, basically it is Guilty until proven Innocent by a court of a foreign jurisdiction, with a cruel and unusual punishment of being deported to another country for the trial. Well if that isn't enough, we have Internet Surveillance and warrantless wiretapping legislation coming soon as part of our Conservative Government's Crime and Punishment agenda. Hell, they did not even keep it a secret during the May election, and they won a majority in the Parliament, see: https://secure.wikimedia.org/wikipedia/en/wiki/Canadian_federal_election,_2011#Internet_surveillance_and_warrant-less_wiretapping Damn! I should have used TOR when I submitted all those rulesets for the last few months ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
