Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
AntiTree: > If I were a betting person, a beer says that they will be summarizing the > current issues with hidden services, and as Adrian said, doing a client > side disbanding attack (e.g. Java + DNS) My own speculations is that they have used the attacks on guard relays described in the following blog post, maybe in combination with other attacks: https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters They wanted a NDA, so most Tor Project's core contributors don't know what's in the air. Improving the situations of guard relays is tricky to get right. There's an open proposal in discussion: https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/236-single-guard-node.txt It will also be a “hot topic” at the next Privacy Enhancing Technology Symposium: https://www.petsymposium.org/2014/papers/Dingledine.pdf https://www.petsymposium.org/2014/hotpets.php -- Lunar signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [MLUG] Linux users targeted for surveillance
> A general FYI. > > http://www.linuxjournal.com/content/nsa-linux-journal-extremist-forum-and-its-readers-get-flagged-extra-surveillance >> the NSA are interested in Linux > > Send those resumes in. NSA - the largest group of extremists in one organisation that the world has ever seen. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
It also has to be a hollow claim. To actually "deanonymize" someone would mean making a list of every website that was visited by that client. Not just identify one client that visited one website. And how many clients were you planning on doing that with? It would take an NSA size budget not a $3000 budget to try to do that for everyone. And the NSA apparently can not do it for everyone. about:tor starts out by saying "Tor is NOT all you need to browse anonymously! You may need to change some of your browsing habits to ensure your identity stays safe" and has some tips at https://www.torproject.org/download/download.html.en#warning which says at the bottom "This list of pitfalls isn't complete, and we need your help identifying and documenting all the issues" with a link to https://www.torproject.org/getinvolved/volunteer.html.en#Documentation Basically we know that Tor is pretty robust, and yes it is being improved. I certainly benefit from using it every day. And all I really care about is no one making a list of my searches and sending me targeted advertising, which is very offensive. But others have much more serious reasons for using Tor. -- Christopher Booth From: Yuri To: tor-talk@lists.torproject.org Sent: Thursday, July 3, 2014 10:01 PM Subject: Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000 On 07/03/2014 16:17, Adrian Crenshaw wrote: > Best guess, many client side and web app attacks Tor can't do much about. > (My talk at Defcon will cover a bunch of folks that got Deanonymized, but > in every case it was not Tor that was really broke) This actually depends on what to mean by "Tor". If just the network level part, then yes. But tor project also provides and promotes TBB, which attempts to prevent various client side exploits and web app attacks, but apparently can't prevent all of them. If tor project went one step further, and developed security-by-isolation approach (using virtual machines, like Whonix does), this could prevent practically all client side exploits. And pretty much the only way user could be deanoned is if he himself typed in his personal information, or logged into some service shared with other identities. Yuri -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
On 07/03/2014 16:17, Adrian Crenshaw wrote: Best guess, many client side and web app attacks Tor can't do much about. (My talk at Defcon will cover a bunch of folks that got Deanonymized, but in every case it was not Tor that was really broke) This actually depends on what to mean by "Tor". If just the network level part, then yes. But tor project also provides and promotes TBB, which attempts to prevent various client side exploits and web app attacks, but apparently can't prevent all of them. If tor project went one step further, and developed security-by-isolation approach (using virtual machines, like Whonix does), this could prevent practically all client side exploits. And pretty much the only way user could be deanoned is if he himself typed in his personal information, or logged into some service shared with other identities. Yuri -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
Can anyone from the Tor Project jump in to say whether these guys have reached out or not? We should be concerned about another CCC-style "0-day" presentation where they find a legitimate vulnerability that could have been patched prior, but are using it as a PR stunt to boost book sales as opposed to responsible disclosure. Alexander Volynkin [1] and the grad student Michael McCord, [2] both stand to benefit professionally/financially from disclosing a vulnerability in as dramatic form as possible.. and of course picked up and misinterpreted by the media. I'm raising this concern based solely on the negative phrasing in the description. > ...It has also been used for distribution of child pornography, illegal drugs, and malware. Anyone > with minimal skills and resources can participate on the Tor network. Anyone can become a > part of the network. As a participant of the Tor network, you can choose to use it to > communicate anonymously or contribute your resources for others to use. There is very little to > limit your actions on the Tor network. There is nothing that prevents you from using your > resources to de-anonymize the network's users instead by exploiting fundamental flaws in Tor > design and implementation. And you don't need the NSA budget to do so. Looking for the IP > address of a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. > We know because we tested it, in the wild... Worst case stated, I don't want to hate on researchers -- the two should be praised for their research if they have something new and they've already been working with the Tor Project team to get it resolved. If I were a betting person, a beer says that they will be summarizing the current issues with hidden services, and as Adrian said, doing a client side disbanding attack (e.g. Java + DNS) [1] https://www.blackhat.com/us-14/speakers/Alexander-Volynkin.html [2] https://www.blackhat.com/us-14/speakers/Michael-McCord.html On Thu, Jul 3, 2014 at 7:58 PM, Seth David Schoen wrote: > Adrian Crenshaw writes: > > > Best guess, many client side and web app attacks Tor can't do much about. > > (My talk at Defcon will cover a bunch of folks that got Deanonymized, but > > in every case it was not Tor that was really broke) > > The description on the Black Hat site refers "a handful of powerful > servers and a couple gigabit links" that are operated for "a couple > of months", which sounds like this involves actually running nodes and > getting the attack targets to build circuits through them. > > -- > Seth Schoen > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Benefits of Running TBB in a VM?
On 07/03/2014 07:06 AM, Rejo Zenger wrote: > ++ 03/07/14 04:39 + - scarp: >> Most attacks about breaking out of a VM rely on you installing the >> guest tools, so never do that. > > What are "guest tools" in this context? In VirtualBox, they're called "Guest Additions". In VMware, they're called "VMware Tools". They improve VM performance, provide better mouse integration, support USB and shared folders, etc. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] use gpg or fork in tor
i'm a devif tor not use it is nsa can spy torif not 2 key 1 for encript and 1 for decript not workanyone and someone have encript key anyone and someone encript and send to user via torthe user have decript keyand receive the code encript via torand decrypt they i search "open source" and look this after is line is quote.NSA says it only gathers such data for "valid foreign intelligence purposes."by Cyrus Farivar - July 3 2014, 3:40pm HBNATIONAL SECURITY35 Enlarge / The structure of a three-hop Tor circuit.NSA LEAKSNew Snowden docs: NSA spies on pretty much everyone abroadPakistan, Iran, and… USA? New heatmap shows where NSA hacksWhat the NSA can (and can’t) mine from intercepted photosSnowden complained about mass surveillance tactics to his NSA mastersNSA loves The Bahamas so much it records all its cellphone callsView all…Two Germany-based Tor Directory Authority servers, among others, have been specifically targeted by the National Security Agency’s XKeyscore program, according to a new report from German public broadcaster ARD. Tor is a well-known open source project designed to keep users anonymous and untraceable—users' traffic is encrypted and bounced across various computers worldwide to keep it hidden.This marks the first time that actual source code from XKeyscore has been published. ARD did not say how or where it obtained the code. Unlike many other NSA-related stories, the broadcaster did not specifically mention the information being part of the trove leaked by whistleblower Edward Snowden.XKeyscore is one of the high-level NSA surveillance programs that have been revealed via Snowden over the last year. The interface allows NSA and allied intelligence agencies to search all kinds of short-term data captured directly off of various Internet Exchanges worldwide.This new code, which was published on Thursday, appears to flag people who are believed to live outside the United States and who request Tor bridge information via e-mail or who search for or download Tor or the security-minded TAILS operating system . Those users' IP addresses can then be tracked for further monitoring.The report’s authors include Jacob Appelbaum, a well-known American computer security researcher who has taken up residence in Berlin. Appelbaum is also a paid employee of the Tor Project. Two others listed as authors are either contractors or volunteers to Tor.“Their research in this story is wholly independent from the Tor Project and does not reflect the views of the Tor Project in any way,” ARD stated in a disclosure. “During the course of the investigation, it was further discovered that an additional computer system run by Jacob Appelbaum for his volunteer work with helping to run part of the Tor network was targeted by the NSA. Moreover, all members of this team are Tor users and appear to be have been targets of the mass surveillance described in the investigation.”FURTHER READINGBUILDING A PANOPTICON: THE EVOLUTION OF THE NSA’S XKEYSCOREHow the NSA went from off-the-shelf to a homegrown "Google for packets."The code specifically cites IP addresses of the Tor Directory Authority—these servers act as the nine high-level control points that make up the backbone of the Tor Network. These authorities are what keep track of new Tor relays, and they are updated every hour.Tor was originally developed as part of the Onion Routing project at the US Naval Research Laboratory . While today it exists as an independent nonprofit organization headquartered in Massachusetts, it still receives 60 percent of its income (PDF) from US government sources. Tor is used by journalists, law enforcement, military officers, and activists worldwide.Another rule in the published code shows that the NSA is also targeting users of an anonymous e-mail program called MixMinion , which is hosted on a server at the Massachusetts Institute of Technology. Roger Dingledine, who is the head of the Tor Project, also runs this MixMinion server.Vanee Vines, the spokeswoman for the NSA, responded to Ars' request for comment with the same statement that she provided to ARD:In carrying out its mission, NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes—regardless of the technical means used by foreign intelligence targets. The communications of people who are not foreign intelligence targets are of no use to the agency.In January, President Obama issued U.S. Presidential Policy Directive 28 , which affirms that all persons—regardless of nationality—have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities.The president's directive also makes clear that the United States does not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent, or for disadvanta
Re: [tor-talk] High-latency hidden services
On 07/03/2014 04:16 PM, Seth David Schoen wrote: > The Doctor writes: > >> On 07/02/2014 04:18 PM, Helder Ribeiro wrote: >> >>> Apps like Pocket (http://getpocket.com/) work as a "read it later" >>> queue, downloading things for offline reading. While you're reading >>> an offline article, you can also follow links and click to add them >>> to your queue. They'll be fetched when you're online so you can >>> read them later. >> >> I've been using the Firefox extension called Scrapbook >> (https://addons.mozilla.org/en-US/firefox/addon/scrapbook/) for this >> for a while now. I've done some experiments with it (packet sniffing >> at the firewall and on the machine in question), and from observation >> it seems sufficiently proxy-compliant that it routes all traffic in >> question through Tor when it downloads and stores a local copy of a >> page. Secondary opinions are, of course, welcome and encouraged. > > That's great, but in the context of this thread I would want to imagine > a future-generation version that does a much better job of hiding who > is downloading which pages -- by high-latency mixing, like an > anonymous remailer chain. One can imagine a browser extension that introduced random delay at each step of getting a page. Webservers tend to drop very slow clients, as defense against slow-loris DoS, so the extension would need to learn the limits for each site. > The existing Tor network can't directly support this use case very > well, except by acting as a transport. The ability to switch circuits during the process of getting a page would help greatly. > Right now, people who are using toolks like Pocket or Scrapbook over Tor > _aren't_ really getting the privacy benefits that in principle their > not-needing-to-read-it-right-this-second could be offering. That is, > a global-enough adversary can sometimes notice that person X has just > downloaded item Y for offline reading. There's no reason that the > adversary has to be able to do that. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
Adrian Crenshaw writes: > Best guess, many client side and web app attacks Tor can't do much about. > (My talk at Defcon will cover a bunch of folks that got Deanonymized, but > in every case it was not Tor that was really broke) The description on the Black Hat site refers "a handful of powerful servers and a couple gigabit links" that are operated for "a couple of months", which sounds like this involves actually running nodes and getting the attack targets to build circuits through them. -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
Best guess, many client side and web app attacks Tor can't do much about. (My talk at Defcon will cover a bunch of folks that got Deanonymized, but in every case it was not Tor that was really broke) Adrian On Thu, Jul 3, 2014 at 5:49 PM, krishna e bera wrote: > On 14-07-03 02:05 PM, grarpamp wrote: > > You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a > Budget > > Alexander Volynkin / Michael McCord > > if they have followed a responsible disclosure process, tor developers > should already be working on remedies... > > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- "The ability to quote is a serviceable substitute for wit." ~ W. Somerset Maugham "The ability to Google can be a serviceable substitute for technical knowledge." ~ Adrian D. Crenshaw -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] (no subject)
See https://chartbeat.com/faq/what-is-ping-chartbeat-net for what I think you are seeing - website analytics. On Thu, Jul 3, 2014, at 11:56 PM, ideas buenas wrote: > Another inidentified URI in TBB: rev-213.189.48.245.atman.pl . Check > this,please. Nor in Whois > > > On Thu, Jul 3, 2014 at 9:27 PM, ideas buenas > wrote: > > > Another example is this s3-website-eu-west-1.amazonaws.comOR > > edge-star-shv-08-gru1.facebook.com OR > > ec2-54-225-215-244.compute-1.amazonaws.com everyone resolving to > > markmonitor.com > > > > > > On Thu, Jul 3, 2014 at 9:19 PM, ideas buenas > > wrote: > > > >> I'm not referring to this.I'm talking of a lot of URI that appears when I > >> try to link to any site. Every one of those Remote Address start with a > >> couple o letters followed by numbers like this: > >> server-54-230-83-145.mia50.r.cloudfront.net . > >> > >> > >> > >> > >> On Thu, Jul 3, 2014 at 2:59 AM, Seth David Schoen wrote: > >> > >>> ideas buenas writes: > >>> > >>> > Why is markmonitor.com and its derivates in my TBB? How can I do to > >>> delete > >>> > this ? Are they watching me? > >>> > >>> Hi, > >>> > >>> Are you talking about seeing a markmonitor.com rule in the HTTPS > >>> Everywhere > >>> Enable/Disable Rules menu? > >>> > >>> https://www.eff.org/https-everywhere/atlas/domains/markmonitor.com.html > >>> > >>> If so, this is one of thousands of HTTPS Everywhere rewrite rules that > >>> are included with HTTPS Everywhere, which is included with the Tor > >>> Browser Bundle. The goal of HTTPS Everywhere and its rewrite rules > >>> is to automatically access as many sites as possible with secure HTTPS > >>> connections. > >>> > >>> HTTPS Everywhere typically does not make your browser access sites or > >>> services that it would not otherwise have accessed, so it shouldn't help > >>> sites monitor your web browsing if they would otherwise not have been > >>> able to. There are definitely lots of sites that can monitor some > >>> aspects > >>> of your web browsing because the site operator has included content > >>> loaded > >>> from those sites in their web page (so your browser automatically > >>> retrieves > >>> that content when you visit the page that embedded the content). For > >>> example, there are ad networks whose ads are embedded in thousands or > >>> millions of different sites, and if you visit any of those sites without > >>> blocking those ads, the ad network operator will get some information > >>> about your visit when your browser loads the embedded content from those > >>> servers. > >>> > >>> The "monitor" in the name of markmonitor is not a reference to monitoring > >>> users' web browsing. Instead, it's part of the name of the company > >>> MarkMonitor, a subsidiary of Thomson Reuters, that provides certain > >>> Internet services mostly to very large companies. > >>> > >>> https://www.markmonitor.com/ > >>> > >>> Their name is supposed to suggest that they can "monitor" their clients' > >>> trademarks, but not specifically by spying on Internet (or Tor) users' > >>> web browsing. It seems that one of their original lines of business was > >>> letting companies know about trademark infringement on web sites, so that > >>> MarkMonitor's customers could threaten to sue those web sites' operators. > >>> They subsequently went into other more infrastructural lines of business. > >>> > >>> There was an article a few years ago criticizing the large amount of > >>> power that MarkMonitor has, but most of that power seems to have arisen > >>> mainly because it's an infrastructure provider that some very popular > >>> sites decided to sign up with for various purposes (primarily to register > >>> Internet domain names, because MarkMonitor's domain name registration > >>> services make it extremely difficult for somebody else to take over > >>> control of a domain name illicitly). > >>> > >>> The markmonitor.com HTTPS Everywhere rule is one of thousands of HTTPS > >>> Everywhere rules, and its goal is solely to make sure that if you're > >>> visiting a web page hosted at (or loading content from) markmonitor.com > >>> itself, that your browser's connection to markmonitor.com's servers will > >>> be a secure HTTPS connection instead of an insecure HTTP connection. It > >>> is not trying to give any additional information to those servers or to > >>> cause your browser to connect to those servers when it would not > >>> otherwise have done so. > >>> > >>> (You can see the rule itself in the atlas link toward the beginning of > >>> my message, and see that its effect is to rewrite some http:// links > >>> into > >>> corresponding https:// links, just like other HTTPS Everywhere rules > >>> do.) > >>> > >>> Having HTTPS Everywhere rules that relate to a site does not necessarily > >>> mean that your browser has ever visited that site or will ever visit > >>> that site. We've tried to make this clear because many of the rules > >>> do relate to controversial or unpopular s
Re: [tor-talk] (no subject)
Another inidentified URI in TBB: rev-213.189.48.245.atman.pl . Check this,please. Nor in Whois On Thu, Jul 3, 2014 at 9:27 PM, ideas buenas wrote: > Another example is this s3-website-eu-west-1.amazonaws.comOR > edge-star-shv-08-gru1.facebook.com OR > ec2-54-225-215-244.compute-1.amazonaws.com everyone resolving to > markmonitor.com > > > On Thu, Jul 3, 2014 at 9:19 PM, ideas buenas > wrote: > >> I'm not referring to this.I'm talking of a lot of URI that appears when I >> try to link to any site. Every one of those Remote Address start with a >> couple o letters followed by numbers like this: >> server-54-230-83-145.mia50.r.cloudfront.net . >> >> >> >> >> On Thu, Jul 3, 2014 at 2:59 AM, Seth David Schoen wrote: >> >>> ideas buenas writes: >>> >>> > Why is markmonitor.com and its derivates in my TBB? How can I do to >>> delete >>> > this ? Are they watching me? >>> >>> Hi, >>> >>> Are you talking about seeing a markmonitor.com rule in the HTTPS >>> Everywhere >>> Enable/Disable Rules menu? >>> >>> https://www.eff.org/https-everywhere/atlas/domains/markmonitor.com.html >>> >>> If so, this is one of thousands of HTTPS Everywhere rewrite rules that >>> are included with HTTPS Everywhere, which is included with the Tor >>> Browser Bundle. The goal of HTTPS Everywhere and its rewrite rules >>> is to automatically access as many sites as possible with secure HTTPS >>> connections. >>> >>> HTTPS Everywhere typically does not make your browser access sites or >>> services that it would not otherwise have accessed, so it shouldn't help >>> sites monitor your web browsing if they would otherwise not have been >>> able to. There are definitely lots of sites that can monitor some >>> aspects >>> of your web browsing because the site operator has included content >>> loaded >>> from those sites in their web page (so your browser automatically >>> retrieves >>> that content when you visit the page that embedded the content). For >>> example, there are ad networks whose ads are embedded in thousands or >>> millions of different sites, and if you visit any of those sites without >>> blocking those ads, the ad network operator will get some information >>> about your visit when your browser loads the embedded content from those >>> servers. >>> >>> The "monitor" in the name of markmonitor is not a reference to monitoring >>> users' web browsing. Instead, it's part of the name of the company >>> MarkMonitor, a subsidiary of Thomson Reuters, that provides certain >>> Internet services mostly to very large companies. >>> >>> https://www.markmonitor.com/ >>> >>> Their name is supposed to suggest that they can "monitor" their clients' >>> trademarks, but not specifically by spying on Internet (or Tor) users' >>> web browsing. It seems that one of their original lines of business was >>> letting companies know about trademark infringement on web sites, so that >>> MarkMonitor's customers could threaten to sue those web sites' operators. >>> They subsequently went into other more infrastructural lines of business. >>> >>> There was an article a few years ago criticizing the large amount of >>> power that MarkMonitor has, but most of that power seems to have arisen >>> mainly because it's an infrastructure provider that some very popular >>> sites decided to sign up with for various purposes (primarily to register >>> Internet domain names, because MarkMonitor's domain name registration >>> services make it extremely difficult for somebody else to take over >>> control of a domain name illicitly). >>> >>> The markmonitor.com HTTPS Everywhere rule is one of thousands of HTTPS >>> Everywhere rules, and its goal is solely to make sure that if you're >>> visiting a web page hosted at (or loading content from) markmonitor.com >>> itself, that your browser's connection to markmonitor.com's servers will >>> be a secure HTTPS connection instead of an insecure HTTP connection. It >>> is not trying to give any additional information to those servers or to >>> cause your browser to connect to those servers when it would not >>> otherwise have done so. >>> >>> (You can see the rule itself in the atlas link toward the beginning of >>> my message, and see that its effect is to rewrite some http:// links >>> into >>> corresponding https:// links, just like other HTTPS Everywhere rules >>> do.) >>> >>> Having HTTPS Everywhere rules that relate to a site does not necessarily >>> mean that your browser has ever visited that site or will ever visit >>> that site. We've tried to make this clear because many of the rules >>> do relate to controversial or unpopular sites, or sites that somebody >>> could disagree with or be unhappy about in some way. Each rule just >>> tries to make your connection more secure if and when you as the end >>> user of HTTPS Everywhere decide to visit a site that loads content from >>> the servers in question. >>> >>> You can disable the markmonitor.com HTTPS Everywhere rule from within >>> the >>> E
Re: [tor-talk] High-latency hidden services (was: Re: Secure Hidden Service
The Doctor writes: > On 07/02/2014 04:18 PM, Helder Ribeiro wrote: > > > Apps like Pocket (http://getpocket.com/) work as a "read it later" > > queue, downloading things for offline reading. While you're reading > > an offline article, you can also follow links and click to add them > > to your queue. They'll be fetched when you're online so you can > > read them later. > > I've been using the Firefox extension called Scrapbook > (https://addons.mozilla.org/en-US/firefox/addon/scrapbook/) for this > for a while now. I've done some experiments with it (packet sniffing > at the firewall and on the machine in question), and from observation > it seems sufficiently proxy-compliant that it routes all traffic in > question through Tor when it downloads and stores a local copy of a > page. Secondary opinions are, of course, welcome and encouraged. That's great, but in the context of this thread I would want to imagine a future-generation version that does a much better job of hiding who is downloading which pages -- by high-latency mixing, like an anonymous remailer chain. The existing Tor network can't directly support this use case very well, except by acting as a transport. Right now, people who are using toolks like Pocket or Scrapbook over Tor _aren't_ really getting the privacy benefits that in principle their not-needing-to-read-it-right-this-second could be offering. That is, a global-enough adversary can sometimes notice that person X has just downloaded item Y for offline reading. There's no reason that the adversary has to be able to do that. -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
On 14-07-03 02:05 PM, grarpamp wrote: > You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget > Alexander Volynkin / Michael McCord if they have followed a responsible disclosure process, tor developers should already be working on remedies... -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Funny, but not amusing browsing
The addon list is: * Adblock Plus 2.6.3 * Adblock Plus Pop-up Addon 0.9.2 * DownThemAll! 2.0.17 * DownThemAll! AntiContainer 1.3 * Flash and Video Download 1.58 * GrabMyBooks 1.8 * HTTPS-Everywhere 3.5.3 * Internote 3.0.2 * Mozilla Archive Format 3.0.2 * NoScript 2.6.8.31 * Self-Destructing Cookies 0.4.4 * Torbutton 1.6.10.0 * TorLauncher 0.2.5.5 * Tranquility 1.1.4 Also the firewall makes all ports on the LAN IP closed. And the localhost has the 53/DNS and Tor 9150 and 9151 open and that's it. Cheers! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] (no subject)
Another example is this s3-website-eu-west-1.amazonaws.comOR edge-star-shv-08-gru1.facebook.com OR ec2-54-225-215-244.compute-1.amazonaws.com everyone resolving to markmonitor.com On Thu, Jul 3, 2014 at 9:19 PM, ideas buenas wrote: > I'm not referring to this.I'm talking of a lot of URI that appears when I > try to link to any site. Every one of those Remote Address start with a > couple o letters followed by numbers like this: > server-54-230-83-145.mia50.r.cloudfront.net . > > > > > On Thu, Jul 3, 2014 at 2:59 AM, Seth David Schoen wrote: > >> ideas buenas writes: >> >> > Why is markmonitor.com and its derivates in my TBB? How can I do to >> delete >> > this ? Are they watching me? >> >> Hi, >> >> Are you talking about seeing a markmonitor.com rule in the HTTPS >> Everywhere >> Enable/Disable Rules menu? >> >> https://www.eff.org/https-everywhere/atlas/domains/markmonitor.com.html >> >> If so, this is one of thousands of HTTPS Everywhere rewrite rules that >> are included with HTTPS Everywhere, which is included with the Tor >> Browser Bundle. The goal of HTTPS Everywhere and its rewrite rules >> is to automatically access as many sites as possible with secure HTTPS >> connections. >> >> HTTPS Everywhere typically does not make your browser access sites or >> services that it would not otherwise have accessed, so it shouldn't help >> sites monitor your web browsing if they would otherwise not have been >> able to. There are definitely lots of sites that can monitor some aspects >> of your web browsing because the site operator has included content loaded >> from those sites in their web page (so your browser automatically >> retrieves >> that content when you visit the page that embedded the content). For >> example, there are ad networks whose ads are embedded in thousands or >> millions of different sites, and if you visit any of those sites without >> blocking those ads, the ad network operator will get some information >> about your visit when your browser loads the embedded content from those >> servers. >> >> The "monitor" in the name of markmonitor is not a reference to monitoring >> users' web browsing. Instead, it's part of the name of the company >> MarkMonitor, a subsidiary of Thomson Reuters, that provides certain >> Internet services mostly to very large companies. >> >> https://www.markmonitor.com/ >> >> Their name is supposed to suggest that they can "monitor" their clients' >> trademarks, but not specifically by spying on Internet (or Tor) users' >> web browsing. It seems that one of their original lines of business was >> letting companies know about trademark infringement on web sites, so that >> MarkMonitor's customers could threaten to sue those web sites' operators. >> They subsequently went into other more infrastructural lines of business. >> >> There was an article a few years ago criticizing the large amount of >> power that MarkMonitor has, but most of that power seems to have arisen >> mainly because it's an infrastructure provider that some very popular >> sites decided to sign up with for various purposes (primarily to register >> Internet domain names, because MarkMonitor's domain name registration >> services make it extremely difficult for somebody else to take over >> control of a domain name illicitly). >> >> The markmonitor.com HTTPS Everywhere rule is one of thousands of HTTPS >> Everywhere rules, and its goal is solely to make sure that if you're >> visiting a web page hosted at (or loading content from) markmonitor.com >> itself, that your browser's connection to markmonitor.com's servers will >> be a secure HTTPS connection instead of an insecure HTTP connection. It >> is not trying to give any additional information to those servers or to >> cause your browser to connect to those servers when it would not >> otherwise have done so. >> >> (You can see the rule itself in the atlas link toward the beginning of >> my message, and see that its effect is to rewrite some http:// links into >> corresponding https:// links, just like other HTTPS Everywhere rules do.) >> >> Having HTTPS Everywhere rules that relate to a site does not necessarily >> mean that your browser has ever visited that site or will ever visit >> that site. We've tried to make this clear because many of the rules >> do relate to controversial or unpopular sites, or sites that somebody >> could disagree with or be unhappy about in some way. Each rule just >> tries to make your connection more secure if and when you as the end >> user of HTTPS Everywhere decide to visit a site that loads content from >> the servers in question. >> >> You can disable the markmonitor.com HTTPS Everywhere rule from within the >> Enable/Disable Rules menu -- but that won't stop your web browser from >> loading things from markmonitor.com's servers if and when you visit pages >> that refer to content that's hosted on those servers. It will just stop >> HTTPS Eveyrwhere from rewriting that access to tak
Re: [tor-talk] Funny, but not amusing browsing
Seth David Schoen: > Can you right-click on the image and Inspect Element? If so, does it > reference > > style="background-image: > url(//upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png);" http://s4.postimg.org/u8lb1dv7x/Screenshot_from_2014_07_03_23_15_59_1.png The source does not point to other places but wikimedia. > or the equivalent for the language version of Wikipedia that you're > visiting? > > Can you press Ctrl+I while visiting that page and look through the Media > list to find that image? Can you see exactly what URL it was loaded from? http://s29.postimg.org/tjl55d1bb/Screenshot_from_2014_07_03_23_27_12_1.png There you can see that in the Info page the thumbnail is the right one. On the screen is a bogus thumbnail. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] (no subject)
I'm not referring to this.I'm talking of a lot of URI that appears when I try to link to any site. Every one of those Remote Address start with a couple o letters followed by numbers like this: server-54-230-83-145.mia50.r.cloudfront.net . On Thu, Jul 3, 2014 at 2:59 AM, Seth David Schoen wrote: > ideas buenas writes: > > > Why is markmonitor.com and its derivates in my TBB? How can I do to > delete > > this ? Are they watching me? > > Hi, > > Are you talking about seeing a markmonitor.com rule in the HTTPS > Everywhere > Enable/Disable Rules menu? > > https://www.eff.org/https-everywhere/atlas/domains/markmonitor.com.html > > If so, this is one of thousands of HTTPS Everywhere rewrite rules that > are included with HTTPS Everywhere, which is included with the Tor > Browser Bundle. The goal of HTTPS Everywhere and its rewrite rules > is to automatically access as many sites as possible with secure HTTPS > connections. > > HTTPS Everywhere typically does not make your browser access sites or > services that it would not otherwise have accessed, so it shouldn't help > sites monitor your web browsing if they would otherwise not have been > able to. There are definitely lots of sites that can monitor some aspects > of your web browsing because the site operator has included content loaded > from those sites in their web page (so your browser automatically retrieves > that content when you visit the page that embedded the content). For > example, there are ad networks whose ads are embedded in thousands or > millions of different sites, and if you visit any of those sites without > blocking those ads, the ad network operator will get some information > about your visit when your browser loads the embedded content from those > servers. > > The "monitor" in the name of markmonitor is not a reference to monitoring > users' web browsing. Instead, it's part of the name of the company > MarkMonitor, a subsidiary of Thomson Reuters, that provides certain > Internet services mostly to very large companies. > > https://www.markmonitor.com/ > > Their name is supposed to suggest that they can "monitor" their clients' > trademarks, but not specifically by spying on Internet (or Tor) users' > web browsing. It seems that one of their original lines of business was > letting companies know about trademark infringement on web sites, so that > MarkMonitor's customers could threaten to sue those web sites' operators. > They subsequently went into other more infrastructural lines of business. > > There was an article a few years ago criticizing the large amount of > power that MarkMonitor has, but most of that power seems to have arisen > mainly because it's an infrastructure provider that some very popular > sites decided to sign up with for various purposes (primarily to register > Internet domain names, because MarkMonitor's domain name registration > services make it extremely difficult for somebody else to take over > control of a domain name illicitly). > > The markmonitor.com HTTPS Everywhere rule is one of thousands of HTTPS > Everywhere rules, and its goal is solely to make sure that if you're > visiting a web page hosted at (or loading content from) markmonitor.com > itself, that your browser's connection to markmonitor.com's servers will > be a secure HTTPS connection instead of an insecure HTTP connection. It > is not trying to give any additional information to those servers or to > cause your browser to connect to those servers when it would not > otherwise have done so. > > (You can see the rule itself in the atlas link toward the beginning of > my message, and see that its effect is to rewrite some http:// links into > corresponding https:// links, just like other HTTPS Everywhere rules do.) > > Having HTTPS Everywhere rules that relate to a site does not necessarily > mean that your browser has ever visited that site or will ever visit > that site. We've tried to make this clear because many of the rules > do relate to controversial or unpopular sites, or sites that somebody > could disagree with or be unhappy about in some way. Each rule just > tries to make your connection more secure if and when you as the end > user of HTTPS Everywhere decide to visit a site that loads content from > the servers in question. > > You can disable the markmonitor.com HTTPS Everywhere rule from within the > Enable/Disable Rules menu -- but that won't stop your web browser from > loading things from markmonitor.com's servers if and when you visit pages > that refer to content that's hosted on those servers. It will just stop > HTTPS Eveyrwhere from rewriting that access to take place over HTTPS URLs. > > -- > Seth Schoen > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or
Re: [tor-talk] Funny, but not amusing browsing
Michael O Holstein: >> I got worried yesterday when instead of the Wikipedia logo on the >> top-left corner there was the picture of a nazi (army) guy with a > > Is this reproducible? In this instance of TBB, yes. But I haven't tried on a second computer. > To successfully (without error) insert into an HTTPS connection you > must be trusted by the client .. would need list of CAcerts from > firefox/iceweasel, the received HTML, and (ideally) a debug TOR log > that shows which exit is doing it. How can I dump them to make a comparison between a new TBB instance, freshly unziped and mine? > A rouge cert signed by a vanilla/public CA would be *very* > problematic, and unlikely to be wasted screwing with Wikipedia .. > it's far more likely a bogus CA got trusted by your browser, hence > the interest in verifying all the certs that are in the keystore. How? Cheers! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Funny, but not amusing browsing
Spam 06 writes: > I admit I have installed more extensions to TBB. Only FSF approved > licenses, mind you ;-) I have no flash, no java, only the add-ons. > > When I browse Wikipedia some of the images are messed up. Meaning there > is another image, most of the time a detail from a larger picture in > place. You can see the not so sharp image and check with the captions - > that is certainly the wrong image. > > Wikipedia, thanks to HTTPS Everywhere is always on HTTPS. > > I got worried yesterday when instead of the Wikipedia logo on the > top-left corner there was the picture of a nazi (army) guy with a > swastika and all. I haven't noticed any other site to have this problem. > And I have no issues using other protocols routed through Tor. Can you right-click on the image and Inspect Element? If so, does it reference style="background-image: url(//upload.wikimedia.org/wikipedia/en/b/bc/Wiki.png);" or the equivalent for the language version of Wikipedia that you're visiting? Can you press Ctrl+I while visiting that page and look through the Media list to find that image? Can you see exactly what URL it was loaded from? -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On Thu, Jul 3, 2014 at 10:47 AM, Seth David Schoen wrote: > ... > Does anyone have theories about this part right at the bottom? .. >/** > * Placeholder fingerprint for Tor hidden service addresses. > * Real fingerpritns will be fired by the plugins > * 'anonymizer/tor/plugin/onion/*'... >fingerprint('anonymizer/tor/hiddenservice/address') = nil; this says to me "we used to directly implement linking processes at print "... hiddenservice/address" but now we have improved our infrastructure of XKS workflow to abstract plugin interfaces of which this functionality is now implemented as "... plugin/onion". > Does this suggest anything interesting about the ability to determine > either the physical location of a hidden service's service or instances > of people accessing a hidden service? directories and authorities being of interest is interesting ;) best regards, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Funny, but not amusing browsing
>I got worried yesterday when instead of the Wikipedia logo on the >top-left corner there was the picture of a nazi (army) guy with a Is this reproducible? To successfully (without error) insert into an HTTPS connection you must be trusted by the client .. would need list of CAcerts from firefox/iceweasel, the received HTML, and (ideally) a debug TOR log that shows which exit is doing it. I have seen HTTPS MiTM attempts in the past but those exits get blacklisted pretty fast for trying to do it .. maybe you're one of the lucky canaries. A rouge cert signed by a vanilla/public CA would be *very* problematic, and unlikely to be wasted screwing with Wikipedia .. it's far more likely a bogus CA got trusted by your browser, hence the interest in verifying all the certs that are in the keystore. Regards, Michael Holstein Cleveland State University -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget -- Christopher Booth From: grarpamp To: tor-talk@lists.torproject.org Cc: cypherpu...@cpunks.org Sent: Thursday, July 3, 2014 2:05 PM Subject: [tor-talk] BlackHat2014: Deanonymize Tor for $3000 You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget Alexander Volynkin / Michael McCord -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Funny, but not amusing browsing
I admit I have installed more extensions to TBB. Only FSF approved licenses, mind you ;-) I have no flash, no java, only the add-ons. When I browse Wikipedia some of the images are messed up. Meaning there is another image, most of the time a detail from a larger picture in place. You can see the not so sharp image and check with the captions - that is certainly the wrong image. Wikipedia, thanks to HTTPS Everywhere is always on HTTPS. I got worried yesterday when instead of the Wikipedia logo on the top-left corner there was the picture of a nazi (army) guy with a swastika and all. I haven't noticed any other site to have this problem. And I have no issues using other protocols routed through Tor. I double checked with a clean install of TBB. The page is clean. I triple checked with my regular connection: IceWeasel plus HTTPS Everywhere. The page looks fine. Back to a new instance of the initial TBB: the third opened page on Wikipedia has messed images. Anybody has met anything like that? Anybody can explain this behavior? Maybe removing the installation folder would solve the issue. Maybe removing some of the add-ons too. But I would miss the opportunity if that is a serious issue. Cheers Spam, Spam, Spam, Spam, Lovely Spam, Wonderful Spam -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] High-latency hidden services (was: Re: Secure Hidden Service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/02/2014 04:18 PM, Helder Ribeiro wrote: > Apps like Pocket (http://getpocket.com/) work as a "read it later" > queue, downloading things for offline reading. While you're reading > an offline article, you can also follow links and click to add them > to your queue. They'll be fetched when you're online so you can > read them later. I've been using the Firefox extension called Scrapbook (https://addons.mozilla.org/en-US/firefox/addon/scrapbook/) for this for a while now. I've done some experiments with it (packet sniffing at the firewall and on the machine in question), and from observation it seems sufficiently proxy-compliant that it routes all traffic in question through Tor when it downloads and stores a local copy of a page. Secondary opinions are, of course, welcome and encouraged. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ SEARCH PARTY ATTACKED BY MONSTER -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJTta6QAAoJED1np1pUQ8RkBioP/1zf6licBKXytqRLbHGdypst Lq05nUbRiwh7C+NVGi1uJmu1yG0qUcRunQ7Mpk1RADsPqan3sqGLuVaxJHv59dc6 IUvWN0THgwWi6OnUd5bwU4/y82nbYro/w6gfIQtrJflokjKbOWantAoRlC+Fbd7K OlJJCY2XcLdGoHnSU9tDl4wLUKPc6aU4Ser5BBcX9hYOsnSP64yKuXT0ckGMeBYi 3k1nVBGk0oA5usvh/RLUI5fYAc8DNMIDXEyGgH8zyzFO3+iYnthoPK8RIVxIBVbE IVZsy+ZTcFKgRlWdoqBLE9iswGE580KrSRFq0/nyDtRvGi3cnqPQSzesQji153SW dh0ViFyvsAAf8sHDu05DqB6+YhyG4AAe+zktFzgOmBOebMUaBs3uHUsvEmOQchdb tumRIUolnkvg46nkes/I/O9h4qwB0hwcuW4dAMYcFa/YMefSmVxFK6m/HGsz/xan 3hnGYp2E9gg0FLOLF8ZI1lZ3GL9xzPYjYoVy5nXw1FZohHZYZlJFfeffyQtFw4fV 5vpe4cLmFei5Sop6sjIAbHiichnYZXLYJuztkQbQELzvWwEnpWh5sitz24ARPBKR fKwMctiS/v2T1it2mP8Emr8JxSfTWAGVtBx8Pb9gJkpPo+sI5pTqYIsH3XQBy5Bi VB9TM5TdFZQvYGpXnORg =iiTZ -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget On Thu, Jul 3, 2014 at 2:05 PM, grarpamp wrote: > You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget > Alexander Volynkin / Michael McCord > > [...] > Looking for the IP address of a Tor user? Not a problem. Trying to > uncover the location of a Hidden Service? Done. We know because we > tested it, in the wild... > > In this talk, we demonstrate how the distributed nature, combined with > newly discovered shortcomings in design and implementation of the Tor > network, can be abused to break Tor anonymity. In our analysis, we've > discovered that a persistent adversary with a handful of powerful > servers and a couple gigabit links can de-anonymize hundreds of > thousands Tor clients and thousands of hidden services within a couple > of months. The total investment cost? Just under $3,000. During this > talk, we will quickly cover the nature, feasibility, and limitations > of possible attacks, and then dive into dozens of successful > real-world de-anonymization case studies, ranging from attribution of > botnet command and control servers, to drug-trading sites, to users of > kiddie porn places. The presentation will conclude with lessons > learned and our thoughts on the future of security of distributed > anonymity networks. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
I agree that collecting stories about "why/how I use Tor" is useful, but I disagree that any special education or warning should be needed before setting up an exit node. Setting up an exit node is simply providing another IP that can be used for traffic and nothing else. It is useful to provide warnings about protecting your own traffic, and protecting your own computer against attack from traffic to your exit node. For a while I was able to set up an exit node and run it for about 4 days at a time before Windows got clogged up and I needed to reboot to keep the computer from locking up. The only thing I had to do was change my IP address, as whatever IP address I was using for Tor gets tagged and blocked by many sites (unreasonably, but still done). But then I started receiving immediate attacks that shut down the node. I am not sure if those were coming from my ISP or from outside, and I am not interested in notifying my ISP that I am operating an exit node - what I do with my Internet connection is my business, not theirs. I am not the least bit concerned of any legal issues associated with operating an exit node, because any concerns are blatantly unreasonable. Basically Tor, and https, are just necessary mechanisms for using the Internet, and nothing else. Boo hoo that no one can see what you are doing. That is just too bad. Everyone has the right to privacy. I list public key cryptography as the most important invention of the 20th century, because it allows privacy in the digital world. The same privacy that was obtained centuries earlier by sealing a letter with hot wax and a monogram seal. -- Christopher Booth From: Joe Btfsplk To: tor-talk@lists.torproject.org Sent: Thursday, July 3, 2014 1:14 PM Subject: Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court On 7/3/2014 10:34 AM, Zenaan Harkness wrote: > Agreed, great news. > > In hindsight, it is clear that we as a community have an interest to > build a resource of amicus curiae briefs - friend of the court briefs. > So PLEASE make moves in the direction of contributing and collecting > documents which may be relevant to future cases - at the least a > simple collection of legal docs. > Definitely! /"An ounce of prevention is worth a pound of cure."/ - Ben Franklin. Perhaps out of fear of legal liability, Tor Project doesn't seem to have what would be very helpful for relay operators - guides, documents - even access to basic legal advice, of how to best avoid legal issues to begin with. I know nothing of legalities surrounding that, but people starting a relay w/o proper guidance on how to avoid legal problems as much as possible, *doesn't quite seem right.* In a worst case scenario, running relays can be truly *life destroying.* It seems volunteers need better preparation & education about potential ramifications. If after being educated, they still choose to run relays (especially exit), that's fine. However, it would seem wrong to not make reasonably complete education materials available to potential relay operators, to prepare them & warn them of potential downside. Without relay operators, there won't be much left (unless independent volunteers no longer handle that function). Accused persons dealing w/ problems like this after the fact, is far, far worse than even an extraordinary amount of time spent on preventing / avoiding them. If LEAs / judicial system actively investigates someone (throwing around terms like child porn), or indicts a person, the mental stress alone is enough to ruin one's life. That is no exaggeration. If you've never been falsely accused of something & had to defend yourself - even before it goes to trial (or never does), the stress is incredible. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Benefits of Running TBB in a VM?
On Thu, 7/3/14, Tempest wrote: Subject: Re: [tor-talk] Benefits of Running TBB in a VM? To: tor-talk@lists.torproject.org Date: Thursday, July 3, 2014, 5:48 AM Bobby Brewster: > What are the benefits of running TBB in a VM? > > AIUI, there are two advantages. > > 1. If malware infects the VM, then just the VM is compromised. If your Windows/Mac/Linux system is infected, then your entire system is affected (yes, I realise that it should be only the user account for Linux unless you are root). > > 2. If your system is comprimised, your real IP cannot be discerned. For example, in my non-VM Ubuntu machine, my wlan0 IP is listed as 192.168.1.50. However, on my NAT'd VirtualBox Ubuntu, there is no wlan0, only eth1. This gives an IP of 10.0.2.15 which is obviously not the IP assigned by my ISP. > > Does this make sense? Are there other benefits? Any disadvantages? Thanks. point 1 makes sense. it's not bullet proof. but, unless you are dealing with malware that is designed to break out of the restrictions imposed by a vm, you have spared yourself a headache. you can further mitigate against such common malware risks by using a system of snapshots. while not as ideal as a "live" configuration, after you set up your virtual machine for use, you can make a snapshot of it and, after each completed session, restore your vm from the snapshot. unless you received malware designed to exploit a vm, this will result in the malware being gone the next time you use the vm as well. point 2 does not work. any malware that phones home will show your ip address in that configuration. however, if you use something like whonix, where you have a gateway vm that pushes all of your workstation vm traffic through tor, you have another layer of protection against malware with phone home capabilities. -- Currently, my Tor use model is as follows: Me (TBB in Ubuntu) ---> VPN ---> Tor (entry node) ---> Tor network I could, instead, do: Me (TBB Ubuntu VM) ---> VPN (configured in VM) ---> Tor (entry node) ---> Tor network However, from what I've read, there isn't really any advantages to using a VM unless the non-VM system has been compromised (e.g. trojan / rootkit / whatever). Also, one thing I'm unclear about is, if one is using a VM, whether a bridged or NAT'd connection is superior. The only difference I can see is that the bridge provides a 192.168.x.x address while the NAT provides a 10.0.2.x address. Both appear as the interface eth1. Any opinions? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
++ 03/07/14 16:11 + - Jacob Appelbaum: >Here is some of the source code: > > http://daserste.ndr.de/panorama/xkeyscorerules100.txt Can you tell us something about the source of this code? The articles of the ARD do not mention any source at all, while other outlets mentioned Snowden whenever they were releasing documents that apparently originated from him. Thanks in advance! -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpIsFvTOkB1p.pgp Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] BlackHat2014: Deanonymize Tor for $3000
You Don't Have to be the NSA to Break Tor: Deanonymizing Users on a Budget Alexander Volynkin / Michael McCord [...] Looking for the IP address of a Tor user? Not a problem. Trying to uncover the location of a Hidden Service? Done. We know because we tested it, in the wild... In this talk, we demonstrate how the distributed nature, combined with newly discovered shortcomings in design and implementation of the Tor network, can be abused to break Tor anonymity. In our analysis, we've discovered that a persistent adversary with a handful of powerful servers and a couple gigabit links can de-anonymize hundreds of thousands Tor clients and thousands of hidden services within a couple of months. The total investment cost? Just under $3,000. During this talk, we will quickly cover the nature, feasibility, and limitations of possible attacks, and then dive into dozens of successful real-world de-anonymization case studies, ranging from attribution of botnet command and control servers, to drug-trading sites, to users of kiddie porn places. The presentation will conclude with lessons learned and our thoughts on the future of security of distributed anonymity networks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
Jacob Appelbaum writes: > On 7/3/14, Eugen Leitl wrote: > > > > http://www.heise.de/newsticker/meldung/XKeyscore-Quellcode-Tor-Nutzer-werden-von-der-NSA-als-Extremisten-markiert-und-ueberwacht-2248328.html > > > > Here is our larger story (in English) which includes excerpts of source code: > > > http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html Does anyone have theories about this part right at the bottom? /** * Placeholder fingerprint for Tor hidden service addresses. * Real fingerpritns will be fired by the plugins * 'anonymizer/tor/plugin/onion/*' */ fingerprint('anonymizer/tor/hiddenservice/address') = nil; // END_DEFINITION Does this suggest anything interesting about the ability to determine either the physical location of a hidden service's service or instances of people accessing a hidden service? I also think that it's interesting that there's a category called "documents/comsec", so the bigger picture is that there's an organized way to find out about people who are interested in or becoming educated about COMSEC. It seems conceivable that documentation that I and other people here have helped write is a part of other "documents/comsec" fingerprints. -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On Jul 3, 2014 9:57 AM, "Jacob Appelbaum" wrote: > > On 7/3/14, coderman wrote: > > On Thu, Jul 3, 2014 at 8:36 AM, coderman wrote: > >> ... > >> i presume you mean as below: > >> (more a translation than additional QUELLCODE info though ;) > > > > Here is some of the source code: > > http://daserste.ndr.de/panorama/xkeyscorerules100.txt Quellcode means source code. It's a secret compartment inside GERMAN. > > Happy hacking, > Jacob > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On 7/3/2014 10:34 AM, Zenaan Harkness wrote: Agreed, great news. In hindsight, it is clear that we as a community have an interest to build a resource of amicus curiae briefs - friend of the court briefs. So PLEASE make moves in the direction of contributing and collecting documents which may be relevant to future cases - at the least a simple collection of legal docs. Definitely! /"An ounce of prevention is worth a pound of cure."/ - Ben Franklin. Perhaps out of fear of legal liability, Tor Project doesn't seem to have what would be very helpful for relay operators - guides, documents - even access to basic legal advice, of how to best avoid legal issues to begin with. I know nothing of legalities surrounding that, but people starting a relay w/o proper guidance on how to avoid legal problems as much as possible, *doesn't quite seem right.* In a worst case scenario, running relays can be truly *life destroying.* It seems volunteers need better preparation & education about potential ramifications. If after being educated, they still choose to run relays (especially exit), that's fine. However, it would seem wrong to not make reasonably complete education materials available to potential relay operators, to prepare them & warn them of potential downside. Without relay operators, there won't be much left (unless independent volunteers no longer handle that function). Accused persons dealing w/ problems like this after the fact, is far, far worse than even an extraordinary amount of time spent on preventing / avoiding them. If LEAs / judicial system actively investigates someone (throwing around terms like child porn), or indicts a person, the mental stress alone is enough to ruin one's life. That is no exaggeration. If you've never been falsely accused of something & had to defend yourself - even before it goes to trial (or never does), the stress is incredible. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On Thu, 3 Jul 2014 16:11:39 + Jacob Appelbaum allegedly wrote: > On 7/3/14, coderman wrote: > > On Thu, Jul 3, 2014 at 8:36 AM, coderman wrote: > >> ... > >> i presume you mean as below: > >> (more a translation than additional QUELLCODE info though ;) > > > > Here is some of the source code: > > http://daserste.ndr.de/panorama/xkeyscorerules100.txt > > Happy hacking, > Jacob Interestingly there is no mention of "dl.amnesia.boum.org" (the download sites) in "$TAILS_websites=" Nor is there any mention of whonix. Mick - Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net - signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On Thu, Jul 3, 2014 at 9:11 AM, Jacob Appelbaum wrote: > ... > Here is some of the source code:... merci beaucoup :) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On 7/3/14, coderman wrote: > On Thu, Jul 3, 2014 at 8:36 AM, coderman wrote: >> ... >> i presume you mean as below: >> (more a translation than additional QUELLCODE info though ;) > Here is some of the source code: http://daserste.ndr.de/panorama/xkeyscorerules100.txt Happy hacking, Jacob -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On Thu, Jul 3, 2014 at 8:36 AM, coderman wrote: > ... > i presume you mean as below: > (more a translation than additional QUELLCODE info though ;) detailed technical info via J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge --- http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html The investigation discloses the following: Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA. Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA. Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states. The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum". Three authors of this investigation have personal and professional ties to the Tor Project, an American company mentioned within the following investigation. Jacob Appelbaum is a paid employee of the Tor Project, Aaron Gibson is a paid contractor for the Tor Project, and Leif Ryge is a volunteer contributor to various Tor-related software projects. Their research in this story is wholly independent from the Tor Project and does not reflect the views of the Tor Project in any way. During the course of the investigation, it was further discovered that an additional computer system run by Jacob Appelbaum for his volunteer work with helping to run part of the Tor network was targeted by the NSA. Moreover, all members of this team are Tor users and appear to be have been targets of the mass surveillance described in the investigation. It is a small server that looks like any of the other dozens in the same row. It is in a large room devoted to computers and computer storage, just like every other room in this industrial park building on Am Tower Street just outside the city of Nuremberg. That the grey building is surrounded by barbed wire seems to indicate that the servers' provider is working hard to secure their customers' data. Yet despite these efforts, one of the servers is targeted by the NSA. The IP address 212.212.245.170 is explicitly specified in the rules of the powerful and invasive spy software program XKeyscore. The code is published here exclusively for the first time. After a year of NSA revelations based on documents that focus on program names and high-level Powerpoint presentations, NDR and WDR are revealing NSA source code that shows how these programs function and how they are implemented in Germany and around the world. Months of investigation by the German public television broadcasters NDR and WDR, drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems. The NSA program XKeyscore is a collection and analysis tool and "a computer network exploitation system", as described in an NSA presentation. It is one of the agency’s most ambitious programs devoted to gathering "nearly everything a user does on the internet." The source code contains several rules that enable agents using XKeyscore to surveil privacy-conscious internet users around the world. The rules published here are specifically directed at the infrastructure and the users of the Tor Network, the Tails operating system, and other privacy-related software. Tor, also known as The Onion Router, is a network of several thousand volunteer-operated servers, or nodes, that work in concert to conceal Tor users' IP addresses and thus keep them anonymous while online. Tails is a privacy-focused GNU/Linux-based operating system that runs entirely from an external storage device such as a USB stick or CD. It comes with Tor and other privacy tools pre-installed and configured, and each time it reboots it automatically wipes everything that is not saved on an encrypted persistent storage medium. Normally a user's online traffic - such as emails, instant messages, searches, or visits to websites - can be attributed to the IP address assigned to them by their internet service provider. When a user goes online over the Tor Network, their connections are relayed through a number of Tor nodes using another layer of encryption betwee
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
(Thread start: https://lists.torproject.org/pipermail/tor-talk/2014-July/033573.html ) On 7/3/14, Anders Andersson wrote: > On Thu, Jul 3, 2014 at 5:53 AM, Moritz Bartl wrote: >> On 07/02/2014 11:00 PM, Anders Andersson wrote: >>> Unfortunately he doesn't seem to want to take this further, so the >>> ruling will stand. It's his choice, but it could be a very bad >>> deterrent to other potential exit node operators in Austria. >> >> We are in contact with William, and quite possibly there is the option >> of following this further with another Austrian operator who >> self-reports himself, with our help. Please everyone give us time to >> look into this together with some lawyers. > > Thank you! That's amazing! I'm quite sure that the support you get > from the Tor community when running an exit node really helps in > giving people the courage to do so. Agreed, great news. In hindsight, it is clear that we as a community have an interest to build a resource of amicus curiae briefs - friend of the court briefs. So PLEASE make moves in the direction of contributing and collecting documents which may be relevant to future cases - at the least a simple collection of legal docs. We have an interest in protecting our free-speech networks (Tor, I2P etc), legally as well as technologically and politically. The Torproject.org website does a good job IMHO of presenting the social case for free-speech networks. No matter the circumstances of a particular case (a particular free speech node operator), we the global free-speech promoting and free-speech facilitating community, have an interest to advise the courts regarding matters of technology and free speech, in order to maximise the sanity of the outcomes brought about by our courts (and yes, another operators courts are as good as mine, in terms of global impact). For example a tor-network node operator charged for actual illegal activity, should not cause legal suppression of free-speech networks in general. To kick things off, here's the gist of what I have in mind (this is in no way directly responsive to the case that started this thread, which I know nothing about): " In this matter an individual has been charged with a [criminal] offence. The case of a matter of an individual committing a proven criminal defamation or incitement must not be used by the court to suppress free speech generally by way of the court's power of judicial sanction. Similarly in this case the [Defendant] was the operator of a 'digital communications facility' which facility was a node in a free-speech network, in particular the [Tor|I2P} free speech network; where the operator is found by this court to have committed unlawful acts, then this court must only target those unlawful acts when it makes its determinations, by way of this court's power of judicial sanction exercised according to law; and this court must not reach beyond those unlawful acts in its determinations/ rulings/ sanctions; if the court exercises its power in reaching beyond those unlawful acts then such exercise of judicial power is likely to undermine confidence in the court by all other operators of the free-speech network and by users of the free speech network. A ruling by this court will be seen by many humans around the world, both operators of free speech nodes in the free speech networks, as well as by users and by potential users of free speech networks around the world. In this case, the rulings of this court are visible globally, and shall be watched by many; there is therefore a great burden upon this court in this case, and this court therefore has a special duty of care when it makes its rulings/ determinations, to be conservative and cautious, in particular regarding any general deterrents this court might ordinarily be minded to create by its rulings which deterrents might unintentionally dampen confidence in this court and/ or confidence in the courts generally to protect our human rights including freedom of communication. This court must be especially careful in its rulings in this matter, since the court is in a position to bring about chilling effects upon the liberties of not only those humans within its immediate jurisdictions, but also upon the broader global community. " (A glosary, localisation, much enhancement and other legal polishing would be required of course, along with subroutined/ separate submissions regarding each relevant law, and regarding each relevant precedent in the jurisdiction in question and/ or in jurisdictions relevant (some cases/precedents are so poignant, so timeless, that they apply all over the world, e.g. the Credit River Decision, as well as the trial of William Penn).) Such advice or briefs to the court are ideally tailored to each particular country/jurisdiction. However, even a brief prepared for some country other than the country at issue, is likely to be useful to those attempting to create a brief for a particular case in another cou
Re: [tor-talk] according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On 7/3/14, Eugen Leitl wrote: > > http://www.heise.de/newsticker/meldung/XKeyscore-Quellcode-Tor-Nutzer-werden-von-der-NSA-als-Extremisten-markiert-und-ueberwacht-2248328.html > Here is our larger story (in English) which includes excerpts of source code: http://daserste.ndr.de/panorama/aktuell/NSA-targets-the-privacy-conscious,nsa230.html All the best, Jacob -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On Thu, Jul 3, 2014 at 8:13 AM, -John wrote: > I thought JY at cryptome.org was already doing what you suggest. i presume you mean as below: (more a translation than additional QUELLCODE info though ;) --- http://cryptome.org/2014/07/nsa-tor-de.htm Donate for the Cryptome archive of files from June 1996 to the present 3 July 2014 NSA Hacks TOR in Germany, Calls Users Extremists Original German: http://www.tagesschau.de/inland/nsa-xkeyscore-100.html https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie= UTF-8&u=http%3A%2F%2Fwww.tagesschau.de%2Finland%2Fnsa-xkeyscore- 100.html&edit-text= German named an extremist targeted by U.S. intelligence from the NSA Published: 07.03.2014 05:00 clock The NSA peeks specifically from German that deal with encryption on the Internet. This emerges from a secret source, the NDR and WDR exists. NSA victim can thus be identified by name. One of them is a student from Erlangen. By Lena Kampf, Jacob Appelbaum and John Goetz, NDR [Images omitted.] It is one of the most sensitive secrets of the NSA, the engine of the global monitoring machine: the source code of the XKeyscore program, the most comprehensive Ausspähprogramm of U.S. foreign intelligence. NDR and WDR have excerpts of the source code. Parts of the collection infrastructure ie, so-called software rules that define the intelligence, what or who they want to investigate. There are only a few numbers and characters to string together the programmer. But when the program executes XKeyscore these rules, get people and their data in their sights. The connections from computers to the Internet are identified and stored in a database type. The users are quasi marked. It is the dragnet of the 21st century. Download the video file Users of the Tor network aim of penetration In the present source is about the spying infrastructure and the users of the Tor network. Tor stands for "the onion router" - a program in which Internet traffic, such as a query to a search engine, is passed through various servers and lie encryption layers like an onion to make the request. Thus, the origin of the request, so obscures the IP address. The IP address is like a mailing address and reveals among other things, the location of the computer. There are about 5,000 Tor servers worldwide which are operated by volunteers. It is an anonymizing infrastructure, which is often used, especially in countries where it is dangerous to abandon the regime, which websites you visited or where they retrieve. In Iran and Syria, for example. Tor is used by journalists, human rights activists and lawyers worldwide. Popular German IP addresses in Fort Meade The reporting of the "Guardian" on PowerPoint presentations from the Snowden archive has shown in the past year that the Tor network the NSA is a particular thorn in the side. The top-secret documents and the first time published the source code show that the NSA is making significant efforts to deanonymisieren users of the Tor network. Search of the NDR and WDR show: German IP addresses are defined in the source code of the NSA as a unique destination. The IP 212 212 245 170 leads to a gray, factory-like building, whose high walls are fenced with barbed wire. "On the Tower" is the street in an industrial area near Nürnberg. There is a computer center with Mietservern in long shelves. They all look the same. But one is spied on by the NSA. Sebastian Hahn, a student and employee of the computer science department in Erlangen has rented this server. The program goal: TOR a thorn in the NSA. Momentous commitment to the Internet community In his spare time he is involved in the Tor network, as well as one of the authors of this paper. The gate community trusts Sebastian Hahn especially: He may run one of nine so-called "Directory Authorities". On his server is a list, in which all Tor servers are listed. Users who connect to the Tor network, automatically access to one of the nine "Directory Authorities" to download the latest list. Hundreds of thousands of hits a day there are at Sebastian Hahn. All of these accesses are marked by the NSA and land according to research by the NDR and WDR then in a special NSA database. In the source code appeared even the name of the server on tap: "Gabelmoo" had called him cock predecessor, Frankish for "fork man," as the Bamberger call a Poseidon statue lovingly. "This is shocking," says Hahn. Because: "The connection data of millions of people are listed every day." Sebastian Hahn found next to "Gabelmoo" all other names of "Directory Authorities" in Berlin, the Netherlands, Austria, Sweden and the USA. They are also target of the NSA. Second notably known NSA victims Although he is only a means to an end for the NSA - finally, the intelligence want to filter on its server who uses the Tor network - Hahn feels violated his privacy. Because he wanted to do so
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 7/3/2014 4:16 PM, Anders Andersson wrote: > On Thu, Jul 3, 2014 at 5:53 AM, Moritz Bartl > wrote: >> On 07/02/2014 11:00 PM, Anders Andersson wrote: >>> Unfortunately he doesn't seem to want to take this further, so >>> the ruling will stand. It's his choice, but it could be a very >>> bad deterrent to other potential exit node operators in >>> Austria. >> >> We are in contact with William, and quite possibly there is the >> option of following this further with another Austrian operator >> who self-reports himself, with our help. Please everyone give us >> time to look into this together with some lawyers. > > Thank you! That's amazing! I'm quite sure that the support you get > from the Tor community when running an exit node really helps in > giving people the courage to do so. > You will be amazed of the quality of some important people inside Tor community and torservers.net organization, and the kind of help they are willing to offer, regardless if it's financial, legal, technical or you name it. - -- s7r PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) iQEcBAEBAgAGBQJTtWvoAAoJEIN/pSyBJlsRxGkIAIQ5xARuiA5J0U0PSwBn9yvS 06r7VRUt6y4F5shL6XU1+5OnNVzbiGLY0g5UwiaQp7Wvpx0XSrO8emQrlQMTNCZf cfVccmHA11gXMZHOjCSC+wpX0IWbmvmUOSqN+kzveWh54CRod1QbCysis0v4A57K 8O/lDGNmdm2o+Na/NSD5Zq2/c3kcSegs5/dLzPD1+O2tLPmj8XJ8+gJhavhGeQ6o zjWTl23cglkk/mQ3yXDcxa+GuMtVyzWDLb/U+I04Zq0mYT1X+NqP7VatlVGWSVb0 XKMCsACQrHgOYXCv+ApdnOhn8YoNsMLjOVd2B8oCAPkbBdQ+6PjVY5gJUMfOjWg= =qYLI -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] XKeyscore-Quellcode: more english details requested
* Elrippo schrieb am 2014-07-03 um 16:22 Uhr: > On which station can we watch the story on German TV today? Will be broadcasted on ARD at 21:45 (9:45 pm, 20:45 UTC). http://daserste.ndr.de/panorama/archiv/2014/Quellcode-entschluesselt-Beweis-fuer-NSA-Spionage-in-Deutschland,nsa224.html> -- Jens Kubieziel http://www.kubieziel.de Das einzige, was hierzulande regelmäßig abnimmt, ist der Mond. Werner Mitsch signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] OTFC IRC issues - new Tor friendly IRC network?
BlueStar88: > On Wed, 02 Jul 2014 09:15:47 + > Patrick Schleizer wrote: > >> BlueStar88: >>> >>> 37lnq2veifl4kar7.onion:6697 is up and running fine. >> >> Who runs that server? Inoffical one? >> >> I was more looking for a scalable, robust solution rather than >> individual quick fix. > > Hello Patrick, > > I don't know, who runs that service, but by using SSL, certificate > verification and fingerprinting and optional OTR on top of that, there's > nothing wrong with that one. Better having a stable unknown channel, than > blocked official ones. > > That hidden service works well with my IRC-bouncer, which I use with > "usewithtor" (torsocks wrapper). It seems to be quite robust to me. > > Well, your initial request was to have at least a temporary alternative. Doesn't work either at the moment. Closing Link: asteria.debian.or.at (No more connections from this host allowed. See http://www.oftc.net/oftc/LimitExceptions for more info.) Disconnected (Remote host closed socket). -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] XKeyscore-Quellcode: more english details requested
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On which station can we watch the story on German TV today? On 03. Juli 2014 14:01:15 MESZ, Jacob Appelbaum wrote: >Hi, > >On 7/3/14, coderman wrote: >> request for more (english speaking) details on QUELLCODE part of >> XKeyScore(XKS) >> >> >http://www.bild.de/politik/ausland/nsa/us-geheimdienst-spionierte-deutschen-studenten-aus-36657402.bild.html >> >> specifically subsequent tasking associated with selected anonyms... >> -- > >More information will be published shortly, including a long technical >English story with source code and a video this evening on German TV. > >Here are the first bits of our story: > > http://www.tagesschau.de/inland/nsa-xkeyscore-100.html >http://www.daserste.de/information/politik-weltgeschehen/morgenmagazin/politik/deutsche-im-visier-der-nsa-100.html >http://daserste.ndr.de/panorama/archiv/2014/Quellcode-entschluesselt-Beweis-fuer-NSA-Spionage-in-Deutschland,nsa224.html > >Stay tuned for the next two publications which will happen in the next >twelve hours. > >All the best, >Jacob >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk - -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin elri...@elrippoisland.net Encrypted messages are welcome. 0x84DF1F7E6AE03644 - -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5 KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv 5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs 9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj 1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU 3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr 9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN /VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ 6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8 6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1 wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz +v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
> On Thu, Jul 3, 2014 at 5:53 AM, Moritz Bartl > wrote: > > On 07/02/2014 11:00 PM, Anders Andersson wrote: > >> Unfortunately he doesn't seem to want to take this further, so the > >> ruling will stand. It's his choice, but it could be a very bad > >> deterrent to other potential exit node operators in Austria. > > > > We are in contact with William, and quite possibly there is the option > > of following this further with another Austrian operator who > > self-reports himself, with our help. Please everyone give us time to > > look into this together with some lawyers. And if there is some trustworthy way of contributing to William's legal fund, I'm sure many here would do so who have not previously. GD -- http://www.fastmail.fm - Access your email from home and the web -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On Thu, Jul 3, 2014 at 5:53 AM, Moritz Bartl wrote: > On 07/02/2014 11:00 PM, Anders Andersson wrote: >> Unfortunately he doesn't seem to want to take this further, so the >> ruling will stand. It's his choice, but it could be a very bad >> deterrent to other potential exit node operators in Austria. > > We are in contact with William, and quite possibly there is the option > of following this further with another Austrian operator who > self-reports himself, with our help. Please everyone give us time to > look into this together with some lawyers. Thank you! That's amazing! I'm quite sure that the support you get from the Tor community when running an exit node really helps in giving people the courage to do so. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Benefits of Running TBB in a VM?
Bobby Brewster: > What are the benefits of running TBB in a VM? > > AIUI, there are two advantages. > > 1.If malware infects the VM, then just the VM is compromised. If your > Windows/Mac/Linux system is infected, then your entire system is affected > (yes, I realise that it should be only the user account for Linux unless you > are root). > > 2.If your system is comprimised, your real IP cannot be discerned. For > example, in my non-VM Ubuntu machine, my wlan0 IP is listed as 192.168.1.50. > However, on my NAT'd VirtualBox Ubuntu, there is no wlan0, only eth1. This > gives an IP of 10.0.2.15 which is obviously not the IP assigned by my ISP. > > Does this make sense? Are there other benefits? Any disadvantages? Thanks. point 1 makes sense. it's not bullet proof. but, unless you are dealing with malware that is designed to break out of the restrictions imposed by a vm, you have spared yourself a headache. you can further mitigate against such common malware risks by using a system of snapshots. while not as ideal as a "live" configuration, after you set up your virtual machine for use, you can make a snapshot of it and, after each completed session, restore your vm from the snapshot. unless you received malware designed to exploit a vm, this will result in the malware being gone the next time you use the vm as well. point 2 does not work. any malware that phones home will show your ip address in that configuration. however, if you use something like whonix, where you have a gateway vm that pushes all of your workstation vm traffic through tor, you have another layer of protection against malware with phone home capabilities. -- gpg key - 0x2A49578A7291BB34 fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Benefits of Running TBB in a VM?
++ 03/07/14 04:39 + - scarp: >Most attacks about breaking out of a VM rely on you installing the >guest tools, so never do that. What are "guest tools" in this context? -- Rejo Zenger E r...@zenger.nl | P +31(0)639642738 | W https://rejo.zenger.nl T @rejozenger | J r...@zenger.nl OpenPGP 1FBF 7B37 6537 68B1 2532 A4CB 0994 0946 21DB EFD4 XMPP OTR 271A 9186 AFBC 8124 18CF 4BE2 E000 E708 F811 5ACF pgpbhOBfZtu2_.pgp Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Yahoo bounces Re: Fw: confirm [whatever]
The same thing happened to Yahoo and AOL users in tor-relays: https://lists.torproject.org/pipermail/tor-relays/2014-June/004752.html To summarize, your only practical remedy at this time is to use an email address not on Yahoo or AOL. On 14-07-01 04:41 PM, Bobby Brewster wrote: > What does this mean? Excessive bounces? > > > --- On Mon, 6/30/14, tor-talk-requ...@lists.torproject.org > wrote: > >> From: tor-talk-requ...@lists.torproject.org >> >> Subject: confirm 2f46a3f2170a69c943fccd83ed3ef5ea29118c4b >> To: bobbybrewster...@yahoo.com >> Date: Monday, June 30, 2014, 3:01 PM >> Your membership in the mailing list >> tor-talk has been disabled due to >> excessive bounces The last bounce received from you was >> dated >> 30-Jun-2014. You will not get any more messages from >> this list until >> you re-enable your membership. You will receive 3 more >> reminders like >> this before your membership in the list is deleted. >> >> To re-enable your membership, you can simply respond to this >> message >> (leaving the Subject: line intact), or visit the >> confirmation page at >> >> https://lists.torproject.org/cgi-bin/mailman/confirm/tor-talk/[whatever] >> >> >> You can also visit your membership page at >> >> >> https://lists.torproject.org/cgi-bin/mailman/options/tor-talk/bobbybrewster203%40yahoo.com >> >> >> On your membership page, you can change various delivery >> options such >> as your email address and whether you get digests or >> not. As a >> reminder, your membership password is >> >> sunourug >> >> If you have any questions or problems, you can contact the >> list owner >> at >> >> tor-talk-ow...@lists.torproject.org >> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] (no subject) HTTPS Everywhere
On 14-07-02 10:59 PM, Seth David Schoen wrote: > ideas buenas writes: > >> Why is markmonitor.com and its derivates in my TBB? How can I do to delete >> this ? Are they watching me? > > Hi, > > Are you talking about seeing a markmonitor.com rule in the HTTPS Everywhere > Enable/Disable Rules menu? > > https://www.eff.org/https-everywhere/atlas/domains/markmonitor.com.html > > If so, this is one of thousands of HTTPS Everywhere rewrite rules that > are included with HTTPS Everywhere, which is included with the Tor > Browser Bundle. The goal of HTTPS Everywhere and its rewrite rules > is to automatically access as many sites as possible with secure HTTPS > connections. > > HTTPS Everywhere typically does not make your browser access sites or > services that it would not otherwise have accessed, so it shouldn't help > sites monitor your web browsing if they would otherwise not have been > able to. "typically does not"?! Why is that not "never"? i am guessing either a) rogue or buggy HTTPS Everywhere rules b) sites that redirect SSL/TLS connections elsewhere -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] XKeyscore-Quellcode: more english details requested
Hi, On 7/3/14, coderman wrote: > request for more (english speaking) details on QUELLCODE part of > XKeyScore(XKS) > > http://www.bild.de/politik/ausland/nsa/us-geheimdienst-spionierte-deutschen-studenten-aus-36657402.bild.html > > specifically subsequent tasking associated with selected anonyms... > -- More information will be published shortly, including a long technical English story with source code and a video this evening on German TV. Here are the first bits of our story: http://www.tagesschau.de/inland/nsa-xkeyscore-100.html http://www.daserste.de/information/politik-weltgeschehen/morgenmagazin/politik/deutsche-im-visier-der-nsa-100.html http://daserste.ndr.de/panorama/archiv/2014/Quellcode-entschluesselt-Beweis-fuer-NSA-Spionage-in-Deutschland,nsa224.html Stay tuned for the next two publications which will happen in the next twelve hours. All the best, Jacob -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] XKeyscore-Quellcode: more english details requested
request for more (english speaking) details on QUELLCODE part of XKeyScore(XKS) http://www.bild.de/politik/ausland/nsa/us-geheimdienst-spionierte-deutschen-studenten-aus-36657402.bild.html specifically subsequent tasking associated with selected anonyms... -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Does an Exit Node will be tagged with an "Exit" flag?
On Thursday 03 July 2014 11:06:15 Bron Taylor wrote: > p accept 25,110,119,143,443,465,995 > "252.94.2.188.25.27.196.125.74.ip-port.exitlist.torproject.org. 1799 IN > A 127.0.0.2" from Google Public DNS. Moreover, the answer from TorDNSEL > told that the node with the ip address "188.2.94.252" is an ExitNode and > allow any smtp traffic to exit through it. However, at the same time, > the cached-consensus file doesn't show that the node is published with > "ExitFlag". I would like to ask if an Exit Node will comes with a "Exit" > flag or not? Thanks! Yes, it is possible that a node has no exit flag but allows exiting. https://gitweb.torproject.org/torspec.git/blob/HEAD:/dir-spec.txt#l1850 https://trac.torproject.org/projects/tor/ticket/9932 Best, Robert signature.asc Description: This is a digitally signed message part. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
http://www.heise.de/newsticker/meldung/XKeyscore-Quellcode-Tor-Nutzer-werden-von-der-NSA-als-Extremisten-markiert-und-ueberwacht-2248328.html All accesses (several 100 k/day) to Tor directory authorities (at least some IPs hardcoded, Sebastian Hahn one of the targets) intercepted and logged, Tor users are considered extremists (hello, self-fullfilling prophecy at work here, no doubt intended for further justify operation budgets) according to comments in the source and shortlisted for further surveillance (email intercept explicitly mentioned) and attempted deanonymization. Conclusion: the world needs way more extremists. If they want cake, they should get it in abundance. Further suggestion: we need an online database to deanonymize intelligence operatives. We need their faces, their license plates, their home addresses, and any dirt you can get on them. Name them, and shame them. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Does an Exit Node will be tagged with an "Exit" flag?
Hi there, I used the TorDNSEL to verify an ip address of an exit node whether I can sent some kind of traffic through that node and found something is weired. First the information of the node can be found in the cached consensus file on my system with running a tor client. The following is the information i got from the file: r RaspberryPiNode W0bcalLslxBCGL+ZSEf+rcrB4kg 0i+Gakd+PPsGt7NB80GVzBNnfhA 2014-07-03 00:41:38 188.2.94.252 443 80 s Named Running V2Dir Valid v Tor 0.2.3.25 w Bandwidth=5 p accept 25,110,119,143,443,465,995 The node is claiming that is accepting mail related traffic exit through it, however, we can noticed that this node doesn't come with an "Exit" flag. Therefore, I tried to send a dns query to TorDNSEL to see if the node is in ExitList and the policy is as the same as I seen on my host: The dns query is as the following: dig 252.94.2.188.25.27.196.125.74.ip-port.exitlist.torproject.org And I got the answer "252.94.2.188.25.27.196.125.74.ip-port.exitlist.torproject.org. 1799 IN A 127.0.0.2" from Google Public DNS. Moreover, the answer from TorDNSEL told that the node with the ip address "188.2.94.252" is an ExitNode and allow any smtp traffic to exit through it. However, at the same time, the cached-consensus file doesn't show that the node is published with "ExitFlag". I would like to ask if an Exit Node will comes with a "Exit" flag or not? Thanks! -- BR, BT -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Does an Exit Node will be tagged with an "Exit" flag?
Hi there, I used the TorDNSEL to verify an ip address of an exit node whether I can sent some kind of traffic through that node and found something is weired. First the information of the node can be found in the cached consensus file on my system with running a tor client. The following is the information i got from the file: r RaspberryPiNode W0bcalLslxBCGL+ZSEf+rcrB4kg 0i+Gakd+PPsGt7NB80GVzBNnfhA 2014-07-03 00:41:38 188.2.94.252 443 80 s Named Running V2Dir Valid v Tor 0.2.3.25 w Bandwidth=5 p accept 25,110,119,143,443,465,995 The node is claiming that is accepting mail related traffic exit through it, however, we can noticed that this node doesn't come with an "Exit" flag. Therefore, I tried to send a dns query to TorDNSEL to see if the node is in ExitList and the policy is as the same as I seen on my host: The dns query is as the following: dig 252.94.2.188.25.27.196.125.74.ip-port.exitlist.torproject.org And I got the answer "252.94.2.188.25.27.196.125.74.ip-port.exitlist.torproject.org. 1799 IN A 127.0.0.2" from Google Public DNS. Moreover, the answer from TorDNSEL told that the node with the ip address "188.2.94.252" is an ExitNode and allow any smtp traffic to exit through it. However, at the same time, the cached-consensus file doesn't show that the node is published with "ExitFlag". I would like to ask if an Exit Node will comes with a "Exit" flag or not? Thanks! -- BR, BT -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
MacLemon: > German language Austrian Legalese background: > Austrian E-Commerce Law §15: Ausschluss der Verantwortlichkeit bei > Zwischenspeicherungen http://j.mp/1iYdg4L > > § 15. Ein Diensteanbieter, der von einem Nutzer eingegebene > Informationen in einem Kommunikationsnetz übermittelt, ist für eine > automatische, zeitlich begrenzte Zwischenspeicherung, die nur der > effizienteren Gestaltung der auf Abruf anderer Nutzer erfolgenden > Informationsübermittlung dient, nicht verantwortlich, sofern er > > 1. die Information nicht verändert, > 2. die Bedingungen für den Zugang zur Information beachtet, > 3. die Regeln für die Aktualisierung der Information, die in > allgemein anerkannten und verwendeten Industriestandards > festgelegt sind, beachtet, > 4. die zulässige Anwendung von Technologien zur Sammlung von > Daten über die Nutzung der Information, die in allgemein > anerkannten und verwendeten Industriestandards festgelegt sind, > nicht beeinträchtigt und > 5. unverzüglich eine von ihm gespeicherte Information entfernt > oder den Zugang zu ihr sperrt, sobald er tatsächliche Kenntnis > davon erhalten hat, dass die Information am ursprünglichen > Ausgangsort der Übertragung aus dem Netz entfernt oder der > Zugang zu ihr gesperrt wurde oder dass ein Gericht oder eine > Verwaltungsbehörde die Entfernung oder Sperre angeordnet hat. > > > > IANAL Paraphrased: > == > A service provider who transmits user-input over a > communications-network is not liable for a automated, time restricted > caching which only purpose is to more effectively provide information > requested by a user given that: > 1. the information is not altered > 2. access requirements are honored > 3. commonly accepted rules and industry standards for updating are > honored > 4. the lawful application of technology to collect data about > the usage of information as defined in commonly accepted and > applied industry standards is not harmed > 5. recorded information is immediately deleted or access to that > recorded information is denied as soon as they are informed of > the fact that the information has been deleted at it's point of > origin, access has been denied or in case a court or > regulatory-body(?) has ordered the blocking. For the record, this is the transcription of Article 12 of the european directive 2000/31/CE of 8 June 2000 which defines the “mere conduit” status. http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32000L0031:En:HTML Unless I'm mistaken, this means that this can also be appealed at the european level. -- Lunar signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] High-latency hidden services (was: Re: Secure Hidden Service
Maybe one day, something like Peersm combined with [1] in order to follow/or use [2] and [3] (don't focus on google developing this here, these concepts are the only way to really secure a web page) Basically you fetch the web page with something like Peersm, then retarget it in a sandboxed context (sandboxed window like Caja or node-dom inside browsers can do), so the website appears inside your browser like a standalone widget/gadget (and certainly not an iframe) and then you parse the links and fetch the resources with the same techno used by Peersm (ie Tor protocol inside the browser). Once you have captured the initial web page, you can do all this offline and queue the fetching. This must work without hacking inside the browser, unfortunately you can not easily say to the browser "fetch everything using 'my secure function'". It's very difficult to do but not impossible and some advanced features will not work due to the same origin policy but that's not an issue for the intended use. Coming back to the origin of this thread, it's more easy to use Peersm as it is and have some kind of distributed P2P hidden services with difficult end to end corelation possibilities, even if we don't advise to use it to do strange things. [1] https://github.com/Ayms/node-dom [2] https://code.google.com/p/google-caja/wiki/SES [3] http://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en//pubs/archive/37199.pdf Le 03/07/2014 07:04, grarpamp a écrit : On Wed, Jul 2, 2014 at 7:18 PM, Helder Ribeiro wrote: On Sun, Jun 29, 2014 at 9:58 PM, Seth David Schoen wrote: Then a question is whether users would want to use a service that takes, say, several hours to act on or answer their queries (and whether the amount of padding data required to thwart end-to-end traffic analysis is acceptable). I probably missed some context in thread. Link padding doesn't imply or have a tie to high[er] latency (other than minimal processing overhead). It's just the usual committed bandwidth, but always full, with wheat, or backed by chaff when there's not enough wheat to fill it. High-latency web browsing is actually a great use case and could benefit from the extra security. Apps like Pocket (http://getpocket.com/) work as a "read it later" queue, downloading things for offline reading. I think it was Freenet where 'web' (page/browsing) was modeled as a non-real-time-interactive, retrievable (and updateable) object. Essentially documents. But were delivered in real time over the net. Torrents seem similar... queing, updatable, latency tolerant. Though there's no 'hours' delay storage buffer nodes between actual source and sink either. Besides mail mixes, what systems use such formal buffers in between? -- Peersm : http://www.peersm.com node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] High-latency hidden services (was: Re: Secure Hidden Service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 07/03/2014 05:12 PM, grarpamp wrote: >> High-latency web browsing is actually a great use case and could >> benefit from the extra security. >> >> Apps like Pocket (http://getpocket.com/) work as a "read it >> later" queue, downloading things for offline reading. > > I think it was Freenet where 'web' (page/browsing) was modeled as a > non-real-time-interactive, retrievable (and updateable) object. > Essentially documents. But were delivered in real time over the > net. > > Torrents seem similar... queing, updatable, latency tolerant. > Though there's no 'hours' delay storage buffer nodes between actual > source and sink either. > > Besides mail mixes, what systems use such formal buffers in > between? > A few from the I2P sphere: Syndie [0] - distributed forum system that can sync data from various sources at any desired interval. I2P-Bote [1] - distributed encrypted email. Can be configured so that emails are stored via relays which delay before passing on packets, so the "visible" store of an encrypted email packet in the DHT can occur hours after it was sent and the original Bote node disconnected. str4d [0] http://syndie.i2p2.de/ [1] http://i2pbote.i2p.me/ -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJTtO5eAAoJEIA97kkaNHPnS0sP+gOOg7NSp1JSzdX8FqnGCUEV +MKdZwHSt+gGGINBgGxEX8ooxVdjsYfO6w1FpSNPZWh2mI0yNvF0kfM+WCzGJI4B ABFSjaxHPX09bmVVwZq7nKZTgOjXgdYbeqYqZHNkYRLFxP3FDVGnHUaAVhfVx2Ct hx+4GgFPWmiKaL2BaksEwarfUEWsv/yrt98rv9gDxZzunSyPYFI/RkP0nwa8wqKr jzBySUxPE3YXAN2ZdwvwLTI74D2Y+IIuorJF2MCOxYOJGn/apUHsh/n7E+n1b70L VpXeW8gkp6jSNaYWbaX8Q06ZwobjIv9c2dkuUHS5qZ/x+hPWUhU2pW8AjqsGC27R 28QlALTW0oaP0ZMORBAPHX894LwGTDtL2Z4c1IEL3lBpW4VPz6Ccu+Q1LJbtKLb4 9V9Fdpbq7amQipsnC+2es4v37UDxz10NPkKi9LYaqgw1UmJMxG/S3qY0rvi6wyui tbbz7EFRd6K/1qInTTmTfRjazBz6Z/lAXTYffaVvPZTS7ym46Bpi9emsckinfsWn nn17DBLBtehN28c2GyHxDsQtaNCTopwTbR7WDvGIcAI1x1yAhA5vQngZNUWkXexT E6Eniyltjyz8Tl6VwvgW7NnR8htGaFbxQJegiIkaXp0tSbpBrqDtY4QjtTjNrZ9l P4GyhG8HUsjFwhObAiUI =n6vI -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
When Edith Windsor approached Roberta Kaplan to take her case after she had been forced to pay $363,053 in estate taxes only because she had been married to a woman, instead of a man, she offered to pay for the defense, and Roberta immediately agreed to take the case and immediately said, no we will take it pro bono - you don't understand - and the defense in United States v. Windsor ended up costing $3 million, but helped millions of homosexuals who had been affected by DOMA. Legal cases are expensive but important to fight. -- Christopher Booth From: Roman Mamedov To: tor-talk@lists.torproject.org Sent: Wednesday, July 2, 2014 11:33 PM Subject: Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 03 Jul 2014 03:54:32 +0300 s7r wrote: > In the blockchain I saw a pretty good fed of BTC to his donation > address - folks in the community didn't turn back on this. With that > sum donated there he could arrange for a top lawyer, minimum. I don't > know what was the exact rate when he cashed those into FIAT anyway but > still it was something. "...261.91743313 in bitcoin donations which is worth almost $170,000 today" "Yes, this is correct. Back then i sold them (entirely) for around 5000EUR via Virwox and BTC24." "For clarification: My lawyer costs 250EUR / hour, this 1EUR total (Paypal+BTC) funded (with tax i paid ignored, else around 30) 40 hours of my lawyer which obviously in such a case is not enough by far. I myself invested more than this in the case." http://lowendtalk.com/discussion/comment/644383/#Comment_644383 - -- With respect, Roman -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlO0zvIACgkQTLKSvz+PZwhSqwCbB3oT+50Bumm/+XC1g41PrYh/ e48An0Yor/YePh+nBb95fjECUoCJVmi8 =sJ+g -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk