Re: [tor-talk] browser with best privacy without using the Tor network
> Do you mean the ZIP version of Firefox nightly? Even though not > installation is needed, those are not really portable as they leave > files on the home directory. You can place your profile in a separate location (USB, TrueCrypt archive, etc) and then start Firefox: /path/to/firefox -no-remote -profile /path/to/profile It still relies on some system libraries so it's not completely self-contained, but leaves no trace in your home directory as far as I can see, and should be portable given that the appropriate libraries are installed where you need them. -C ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
On Tue, Dec 27, 2011 at 12:13 AM, Sebastian Hahn wrote: > > On Dec 27, 2011, at 7:03 AM, John Case wrote: > >> >> On Thu, 22 Dec 2011, Lee wrote: >> While I totally get both sides of this argument *in theory*, all of this sounds a lot to me like getting pissed off about someone ringing your doorbell because they didn't mail you an opt-in form first. >>> >>> Nope. The probes were annoying, but the killer was my all-in-one >>> consumer grade router/nat/dhcp server/firewall leaking packets into >>> what was supposed to be the secure part of my home network. >> >> >> Ahhh, finally. >> >> This is the Godwins law of tor-talk - all threads eventually lead to some >> moron running a relay from their home Internet connection. >> >> To be fair, if we let the thread run long enough, I'll bet Mr. >> Do-Gooder-Port-Scanner is running from home, too. Comedy from all >> directions. > > I feel that your insults are entirely uncalled for here. Running a relay > from a home connection is perfectly fine if there's enough spare > bandwidth. There is absolutely nothing wrong with doing just that, and I > am thankful to every operator who sets up a good node. I am going to have to agree with Sebastian here. I think that there are more relays running from home then people realize. No, they probably are not running in the high end as some of those relays that are able to have company or some other type of backing. But they are relays just the same and are part of the Tor network and are depended on just like any of the others. To pay out of ones pocket for the bandwidth for a dedicated Tor relay is not cheap. So kudo's to those that are able to run their dedicated relays from home on their own expense. Adding that it is not said enough, if it were not for the individual relays from home, I don't believe that there would be as many relay nodes as we have now. Thank you all out there that are able to, for donating your time, money, equipment, etc., in running relays from your home. The more the merrier... Jon ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] No tor bridges
Can't get Tor bridges anymore through the Vidalia Network setting or the bridges.torproject web page. Any chance that'll be fixed? -- http://www.fastmail.fm - Access your email from home and the web ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] No tor bridges
On 2011-12-27, andr...@fastmail.fm wrote: > Can't get Tor bridges anymore through the Vidalia Network setting or the > bridges.torproject web page. > > Any chance that'll be fixed? Yes, it's fixed now. Thanks for the report! Robert Ransom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
On Tue, 27 Dec 2011 06:03:17 + (UTC) John Case wrote: > This is the Godwins law of tor-talk - all threads eventually lead to > some moron running a relay from their home Internet connection. Apparently I'm a moron that runs a relay from home. If it doesn't violate the ISP contract Terms of Service, then why not? You're paying for the bandwidth, might as well use it for something good. -- Andrew http://tpo.is/contact pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] browser with best privacy without using the Tornetwork
Le Sat, 24 Dec 2011 13:05:41 +0100, Eugen Leitl a écrit : > On Sat, Dec 24, 2011 at 06:29:36AM -0500, h...@safe-mail.net wrote: > > > For various reasons it sounds like there is a lot of demand for > > > separating Tor from the TBB. > > > > You mean separating Tor Browser from The Tor Browser Bundle (TBB)? > > > > Reasons I see here: > > - using Tor as a transparent proxy > > - wanting a browser with best privacy settings but without using > > the Tor network > > Can anyone using a particular hardened browser post their > panopticlick data? > > Below are mine. This is Tails 0.9 on VirtualBox on Windows. > > http://panopticlick.eff.org > > Within our dataset of several million visitors, only one in 211,072 > browsers have the same fingerprint as yours. > > Currently, we estimate that your browser has a fingerprint that > conveys 17.69 bits of identifying information. > > The measurements we used to obtain this result are listed below. You > can read more about our methodology, statistical results, and some > defenses against fingerprinting in this article. > > Help us increase our sample size: Email This Digg This Post this to > Reddit Share Panopticlick with delicious Share this on Facebook Tweet > Panopticlick Dent Panopticlick Browser Characteristic bits of > identifying information one in x browsers have this value > value User Agent 7.15 > 141.82 > Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 > Firefox/5.0 HTTP_ACCEPT Headers > 2.67 > > 6.36 > text/html, */* ISO-8859-1,utf-8;q=0.7,*;q=0.7 gzip,deflate > en-us,en;q=0.5 Browser Plugin Details > 5.23 > > 37.48 > undefined > Time Zone > 4.65 > > 25.05 > 0 > Screen Size and Color Depth > 12.03 > > 4184.25 > 1000x800x24 > System Fonts > 3.39 > > 10.5 > No Flash or Java fonts detected > Are Cookies Enabled? > 0.39 > > 1.31 > Yes > Limited supercookie test > 3.06 > > 8.34 > DOM localStorage: No, DOM sessionStorage: No, IE userData: No > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk Hi, Here are my stats : Firefox 9.0.1 64 bits Kubuntu LTS 64 bits using direct socks5 instead of a proxy like Privoxy and "JonDoFox 2.6.0" with Tor profile: Within our dataset of several million visitors, only one in 6,772 browsers have the same fingerprint as yours. Currently, we estimate that your browser has a fingerprint that conveys 12.73 bits of identifying information. Browser Characteristic bits of identifying information one in x browsers have this value value User Agent 7.12 138.69 Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 HTTP_ACCEPT Headers 9.45 697.34 text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 gzip, deflate en-us,en;q=0.5 Browser Plugin Details 5.22 37.37 undefined Time Zone 4.64 24.98 0 Screen Size and Color Depth 4.78 27.54 1920x1200x24 System Fonts 3.39 10.48 No Flash or Java fonts detected Are Cookies Enabled? 2.1 4.29 No Limited supercookie test 3.06 8.34 DOM localStorage: No, DOM sessionStorage: No, IE userData: No Attribute Value Rating Cookies Authentication protected good Cache (E-Tags) protected good HTTP session 10 minutes (until your Tor identity is changed) medium Referer hidden (changed when switching the website) good Signature 8ab3a24c55ad99f4e3a6e5c03cad9446 (Firefox) medium User-Agent Mozilla/5.0 (Windows NT 6.1; rv:5.0) Gecko/20100101 Firefox/5.0 good Language en-us,en;q=0.5 good Charset Content types text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 good Encoding gzip, deflate good Do-Not-Track protected good JavaScript JavaScript is currently turned off. good Browser window 1800 x 950 pixels (inner size) good Fonts Do you see strange symbols here? If yes, your fonts are readable! good Browser history good I must say that it look pretty good with this config , only the signature are not like Torbutton, here are the stats with Torbutton 1.4.5.1: Currently, we estimate that your browser has a fingerprint that conveys 17.86 bits of identifying information. The measurements we used to obtain this result are listed below. You can read more about our methodology, statistical results, and some defenses against fingerprinting in this article.Within our dataset of several million visitors, only one in 23,208 browsers have the same fingerprint as yours. Cookies
Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
Le Tue, 27 Dec 2011 09:06:34 -0600, Jon a écrit : > On Tue, Dec 27, 2011 at 12:13 AM, Sebastian Hahn > wrote: > > > > On Dec 27, 2011, at 7:03 AM, John Case wrote: > > > >> > >> On Thu, 22 Dec 2011, Lee wrote: > >> > While I totally get both sides of this argument *in theory*, all > of this sounds a lot to me like getting pissed off about someone > ringing your doorbell because they didn't mail you an opt-in > form first. > >>> > >>> Nope. The probes were annoying, but the killer was my all-in-one > >>> consumer grade router/nat/dhcp server/firewall leaking packets > >>> into what was supposed to be the secure part of my home network. > >> > >> > >> Ahhh, finally. > >> > >> This is the Godwins law of tor-talk - all threads eventually lead > >> to some moron running a relay from their home Internet connection. > >> > >> To be fair, if we let the thread run long enough, I'll bet Mr. > >> Do-Gooder-Port-Scanner is running from home, too. Comedy from all > >> directions. > > > > I feel that your insults are entirely uncalled for here. Running a > > relay from a home connection is perfectly fine if there's enough > > spare bandwidth. There is absolutely nothing wrong with doing just > > that, and I am thankful to every operator who sets up a good node. > > I am going to have to agree with Sebastian here. I think that there > are more relays running from home then people realize. No, they > probably are not running in the high end as some of those relays that > are able to have company or some other type of backing. But they are > relays just the same and are part of the Tor network and are depended > on just like any of the others. > > To pay out of ones pocket for the bandwidth for a dedicated Tor relay > is not cheap. So kudo's to those that are able to run their dedicated > relays from home on their own expense. Adding that it is not said > enough, if it were not for the individual relays from home, I don't > believe that there would be as many relay nodes as we have now. > > Thank you all out there that are able to, for donating your time, > money, equipment, etc., in running relays from your home. The more the > merrier... > > Jon > ___ > tor-talk mailing list > tor-talk@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk I agree too with Sebastian, i was running a Exit Relay at home a couple years before i got some problems with autority but i has stoped to be exit and only a "non-exit" relay and from that i never had new problems I have 100 Mbits with no limit with the Traffic and it will be sad to not givin my bandwitch capacity for the network.. So ican offer a clean and great relay for Tor :-) Best Regards SwissTorHelp signature.asc Description: This is a digitally signed message part. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor transparent proxy implementation on Windows
On Sat, Dec 24, 2011 at 2:44 PM, Lee Fisher wrote: > On 12/22/11 4:28 AM, and...@torproject.org wrote: >>... >> https://svn.torproject.org/svn/torvm/trunk/doc/design.html. > > ... this statement is incorrect: > > "This is important in a Windows environment where capabilities like Linux(R) > netfilter or BSD(R) packet filter do not exist." it is not as simple, but you could create the equivalent facilities on Windows. torvm is deprecated (an out of date proof of concept?) but this statement would be worth updating for someone with access to that repo. to clarify, to implement the desired owner / application based port, and protocol filtering, you would likely need to implement a shim with NDIS intermediate and filter driver interfaces as well as the newer WFP features if available to do what is needed on the intended XP through 7 systems. this also implies driver signing and the scrutiny / hurdles that involves for modern Windows 32 and 64bit kernels. if you only target windows 7 the built in filter facilities, while not equivalent on command line basis, are probably suitable. and WFP certainly is! this is a longer discussion, for someone interested. broken out to map the various old intermediate APIs and support, to the newer filter interfaces and advanced command line capabilities need to do full host transparent proxying without a guest or aliased interface (inline), and in tandom with one or more guest VMs to isolate Tor or its accompanying components. > ... But the OS interface > to do transparent proxying has been in NT for decades, first with TDI and > NDIS, now with WFP. transparent proxying to the host itself is technically different enough to matter between WFP and NDIS. that is, there is more to this than just intercept/forward, nor just port filtering or redirect. while there are features to do this on WFP (and to a lesser extent with NDIS) the command line capability and full host transparent proxy are still tricky (and worth breaking out into detail as mentioned above, if someone is interested.) > I also am confused by modern LibEvent performance and this comment: > > "For Windows platforms offloading the TCP session intensive Tor process to a > Linux guest with edge triggered IO can significantly improve the performance > of Tor and eliminate socket buffer problems." presume that this is in context of relying on poor socket style interfaces in Windows networking instead of high performance I/O completion ports and async networking. at the time of writing, Tor did not take full advantage of async I/O on Windows due to libevent limitations in the 1.x series. libevent 2.x has much improved Windows support. > ... I would have thought a single WFP (or TDI or NDIS) > driver would be improve the performance more than running a VM with a second > OS and using TAP to talk to the virtual OS Linux network. that would be ideal, but still much more work. Tor VM used existing WinPCAP and Tap32/64 drivers, there was zero kernel side driver development to make use of the existing transparent proxy facilities in linux. > Is the current Windows implementation of LibEvent still that > performance-challenged? I thought Nick and other [GSoC] LibEvent > contributers have improved LibEvent to be a "first class citizen" on > Windows, and have reasonably performance event implementation these years? yes. see above. Tor VM is nearly 3 years out of date at this point... ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
On Tue, 27 Dec 2011, Andrew Lewman wrote: John Case wrote: This is the Godwins law of tor-talk - all threads eventually lead to some moron running a relay from their home Internet connection. Apparently I'm a moron that runs a relay from home. If it doesn't violate the ISP contract Terms of Service, then why not? You're paying for the bandwidth, might as well use it for something good. It's *possible* that rich, white citizens of global north countries will not be called to account for these actions in the future. Not everyone will be so lucky. So, while we autistically fixate on minute details of traffic analysis theory for Tor users, we should once in a while focus on rubber hoses. Don't run Tor from an IP with your name attached to it. This has nothing to do with technical feasibility, charitable intentions or terms of service. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
On 28/12/11 03:42, John Case wrote: > Don't run Tor from an IP with your name attached to it. Anonymous server rental is nontrivial. What degree of non-attachment is sufficient, in your opinion? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
> > I agree too with Sebastian, i was running a Exit Relay at home a couple > years before i got some problems with autority but i has stoped to be > exit and only a "non-exit" relay and from that i never had new > problems I have 100 Mbits with no limit with the Traffic and it > will be sad to not givin my bandwitch capacity for the network.. So > ican offer a clean and great relay for Tor :-) I'm curious. Is that asynchronous bandwidth? If it is what is your up speed? You may not be contributing as much as you think. This is not to say it isn't more than most people. In the USA most users have at most 25Mbps down and maximum up of 5mbps or so. I would bet most people really don't have more than 1Mbps up in practice. 384-1Mbps is typical. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk