Re: [tor-talk] High-latency hidden services
If I understand correctly the question here is not about browsing but fetching something that you don't need immediately for offline reading and that you download with high latency using different circuits. That's easy to do, if you take Peersm again, it's easy to send several random requests to different circuits requesting part of the resource to the website and then store them asynchronously, you can request the pieces in the order you like and when you like, you can retrieve them from the website or the peers if they have it. Le 04/07/2014 03:31, Mirimir a écrit : On 07/03/2014 04:16 PM, Seth David Schoen wrote: The Doctor writes: On 07/02/2014 04:18 PM, Helder Ribeiro wrote: Apps like Pocket (http://getpocket.com/) work as a read it later queue, downloading things for offline reading. While you're reading an offline article, you can also follow links and click to add them to your queue. They'll be fetched when you're online so you can read them later. I've been using the Firefox extension called Scrapbook (https://addons.mozilla.org/en-US/firefox/addon/scrapbook/) for this for a while now. I've done some experiments with it (packet sniffing at the firewall and on the machine in question), and from observation it seems sufficiently proxy-compliant that it routes all traffic in question through Tor when it downloads and stores a local copy of a page. Secondary opinions are, of course, welcome and encouraged. That's great, but in the context of this thread I would want to imagine a future-generation version that does a much better job of hiding who is downloading which pages -- by high-latency mixing, like an anonymous remailer chain. One can imagine a browser extension that introduced random delay at each step of getting a page. Webservers tend to drop very slow clients, as defense against slow-loris DoS, so the extension would need to learn the limits for each site. The existing Tor network can't directly support this use case very well, except by acting as a transport. The ability to switch circuits during the process of getting a page would help greatly. Right now, people who are using toolks like Pocket or Scrapbook over Tor _aren't_ really getting the privacy benefits that in principle their not-needing-to-read-it-right-this-second could be offering. That is, a global-enough adversary can sometimes notice that person X has just downloaded item Y for offline reading. There's no reason that the adversary has to be able to do that. -- Peersm : http://www.peersm.com node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] (no subject)
I don think is chatbeat. How many inindetifed servers do u have? On Thu, Jul 3, 2014 at 11:19 PM, Geoff Down geoffd...@fastmail.net wrote: See https://chartbeat.com/faq/what-is-ping-chartbeat-net for what I think you are seeing - website analytics. On Thu, Jul 3, 2014, at 11:56 PM, ideas buenas wrote: Another inidentified URI in TBB: rev-213.189.48.245.atman.pl . Check this,please. Nor in Whois On Thu, Jul 3, 2014 at 9:27 PM, ideas buenas ideasbue...@gmail.com wrote: Another example is this s3-website-eu-west-1.amazonaws.comOR edge-star-shv-08-gru1.facebook.com OR ec2-54-225-215-244.compute-1.amazonaws.com everyone resolving to markmonitor.com On Thu, Jul 3, 2014 at 9:19 PM, ideas buenas ideasbue...@gmail.com wrote: I'm not referring to this.I'm talking of a lot of URI that appears when I try to link to any site. Every one of those Remote Address start with a couple o letters followed by numbers like this: server-54-230-83-145.mia50.r.cloudfront.net . On Thu, Jul 3, 2014 at 2:59 AM, Seth David Schoen sch...@eff.org wrote: ideas buenas writes: Why is markmonitor.com and its derivates in my TBB? How can I do to delete this ? Are they watching me? Hi, Are you talking about seeing a markmonitor.com rule in the HTTPS Everywhere Enable/Disable Rules menu? https://www.eff.org/https-everywhere/atlas/domains/markmonitor.com.html If so, this is one of thousands of HTTPS Everywhere rewrite rules that are included with HTTPS Everywhere, which is included with the Tor Browser Bundle. The goal of HTTPS Everywhere and its rewrite rules is to automatically access as many sites as possible with secure HTTPS connections. HTTPS Everywhere typically does not make your browser access sites or services that it would not otherwise have accessed, so it shouldn't help sites monitor your web browsing if they would otherwise not have been able to. There are definitely lots of sites that can monitor some aspects of your web browsing because the site operator has included content loaded from those sites in their web page (so your browser automatically retrieves that content when you visit the page that embedded the content). For example, there are ad networks whose ads are embedded in thousands or millions of different sites, and if you visit any of those sites without blocking those ads, the ad network operator will get some information about your visit when your browser loads the embedded content from those servers. The monitor in the name of markmonitor is not a reference to monitoring users' web browsing. Instead, it's part of the name of the company MarkMonitor, a subsidiary of Thomson Reuters, that provides certain Internet services mostly to very large companies. https://www.markmonitor.com/ Their name is supposed to suggest that they can monitor their clients' trademarks, but not specifically by spying on Internet (or Tor) users' web browsing. It seems that one of their original lines of business was letting companies know about trademark infringement on web sites, so that MarkMonitor's customers could threaten to sue those web sites' operators. They subsequently went into other more infrastructural lines of business. There was an article a few years ago criticizing the large amount of power that MarkMonitor has, but most of that power seems to have arisen mainly because it's an infrastructure provider that some very popular sites decided to sign up with for various purposes (primarily to register Internet domain names, because MarkMonitor's domain name registration services make it extremely difficult for somebody else to take over control of a domain name illicitly). The markmonitor.com HTTPS Everywhere rule is one of thousands of HTTPS Everywhere rules, and its goal is solely to make sure that if you're visiting a web page hosted at (or loading content from) markmonitor.com itself, that your browser's connection to markmonitor.com's servers will be a secure HTTPS connection instead of an insecure HTTP connection. It is not trying to give any additional information to those servers or to cause your browser to connect to those servers when it would not otherwise have done so. (You can see the rule itself in the atlas link toward the beginning of my message, and see that its effect is to rewrite some http:// links into corresponding https:// links, just like other HTTPS Everywhere rules do.) Having HTTPS Everywhere rules that relate to a site does not necessarily mean that your browser has ever visited that site or will ever visit that site. We've tried to make this clear because many of the rules do relate to controversial or unpopular sites, or sites that somebody could
Re: [tor-talk] Fwd: according to leaked XKeyScore source NSA marks all Tor users as extremists, puts them on a surveillance list
On Fri, Jul 04, 2014 at 07:21:07AM -0500, ba...@clovermail.net wrote: Does the NSA barter this database of suspicious extremists with foreign services? They do, according to Drake. Certainly there are some friendly services eager to get their hands on IP addresses of NSA selected suspicious extremists located in their country. As some day it may happen that a victim must be found, I've got a little list — I've got a little list Of society offenders who might well be underground, And who never would be missed — who never would be missed! In a few years after joining, splitting, mining this subprime database hardly no one will know the insufficient origins of the shiny new AAA+ suspects database. The new witch-hunters fabricate the witches. They have to justify their budget, just as security services fabricate (adaptive increase in number of privacy advocates after each disclosed abuse is predictable) rabbits from their magic hat. They need as many extremists as they can possibly fabricate, and then some. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On 07/03/2014 07:14 PM, Joe Btfsplk wrote: Perhaps out of fear of legal liability, Tor Project doesn't seem to have what would be very helpful for relay operators - guides, documents - even access to basic legal advice, of how to best avoid legal issues to begin with. https://www.torproject.org/eff/tor-legal-faq.html.en https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines#Legal I know nothing of legalities surrounding that, but people starting a relay w/o proper guidance on how to avoid legal problems as much as possible, *doesn't quite seem right.* If you have any specific ideas on how to improve the material, please contribute! We do whatever possible to support relay operators, both in regard to organizing a lawyer as well as funding the legal battle. A generic Tor relay operator legal fund is not simple to set up, especially if the case involves other allegations than just running a relay. We have to be careful. I have talked to multiple lawyers, and this case would be very easy to defend against. William was sadly unable or unwilling to communicate properly, and he's not willing/able to put it to a fight. It is a sad situation overall, but it does not change the clear legal status of relay operation. All lawyers I talked to expect this case to be more complicated than it looks, and it makes no sense to discuss this purely based on what we have right now, which is some lawman's blog post. -- Moritz Bartl https://www.torservers.net/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] messing with XKeyScore
http://blog.erratasec.com/2014/07/jamming-xkeyscore_4.html?m=1
Errata Security
Advanced persistent cybersecurity
Friday, July 04, 2014
Jamming XKeyScore
Back in the day there was talk about jamming echelon by adding keywords to
email that the echelon system was supposedly looking for. We can do the same
thing for XKeyScore: jam the system with more information than it can handle.
(I enumerate the bugs I find in the code as xks-00xx).
For example, when sending emails, just send from the address
brid...@torproject.org and in the email body include:
https://bridges.torproject.org/
bridge = 0.0.0.1:443
bridge = 0.0.0.2:443
bridge = 0.0.0.3:443
...
Continue this for megabytes worth of bridges (xks-0001), and it'll totally mess
up XKeyScore. It has no defense against getting flooded with information like
this, as far as I can see.
Note that the regex only cares about 1 to 3 digit numbers, that means the
following will be accepted by the system (xks-0002):
bridge = 75.748.86.91:80
The port number matches on 2 to 4 digits ([0-9]{2,4}). Therefore, bridges with
port numbers below 10 and above will be safe. I don't know if this code
reflect a limitation in Tor, or but assuming high/low ports are possible, this
can be used to evade detection (xks-0011).
Strangely, when the port number is parsed, it'll capture the first non-digit
character after the port number (xks-0012). This is normally whitespace, but we
could generate an email with 256 entries, trying every possible character. A
character like or ' might cause various problems in rendering on an HTML page
or generating SQL queries.
You can also jam the system with too many Onion addresses (xks-0003), but there
are additional ways to screw with those. When looking for Onion addresses, the
code uses a regex that contains the following capture clause:
([a-z]+):\/\/)
This is looking for a string like http://; or https://;, but the regex has no
upper bounds (xks-0004) and there is no validation. Thus, you can include
goscrewyourself://o987asgia7gsdfoi.onion:443/ in network traffic, and it'll
happily insert this into the database. But remember that no upper bounds
means just that: the prefix can be kilobytes long, megabytes long, or even
gigabytes long. You can open a TCP connection to a system you feel the NSA is
monitoring, send 5 gigabytes of lower-case letters, followed by the rest of the
Onion address, and see what happens. I mean, there is some practical upper
bound somewhere in the system,, and when you hit it, there's a good chance bad
things will happen.
Likewise, the port number for Onion address is captured by the regex (d+),
meaning any number of digits (xks-0005). Thus, we could get numbers that
overflow 16-bits, 32-bits, 64-bits, or 982745987-bits. Very long strings of
digits (megabytes) at this point might cause bad things to happen within the
system.
There is an extra-special thing that happens when the schema part of the Onion
address is exactly 16-bytes long (xks-0006). This will cause the address and
the scheme to reverse themselves when inserted into the database. Thus, we can
insert digits into the scheme field. This might foul up later code that assumes
schemes only contain letters, because only letters match in the regex.
In some protocol fields, the regexes appear to be partial matches. The system
appears to match on HTTP servers with mixminion anywhere in the name. Thus,
we start causing lots of traffic to go to our domains, such as
mixminion.robertgraham.com, that will cause their servers to fill up with
long term storage of sessions they don't care about (xks-0007)
Let's talk X.509, and the following code:
fingerprint('anonymizer/tor/bridge/tls') =
ssl_x509_subject('bridges.torproject.org') or
ssl_dns_name('bridges.torproject.org');
Code that parses X.509 certificates is known to be flaky as all get out. The
simplest thing to do is find a data center you feel the NSA can monitor, and
then setup a hostile server that can do generic fuzzing of X.509 certificates,
trying to crash them.
It's likely that whatever code is parsing X.509 certificates is not validating
them. Thus, anybody can put certificates on their servers claiming to be
'bridges.torproject.org' (xks-0008). It's likely that the NSA is parsing SSL on
all ports, so just pick a random port on your server not being used for
anything else, create a self-signed CERT claiming to be
bridges.torproject.org', then create incoming links to that port from other
places so at least search-engines will follow that link and generate traffic.
This will cause the NSA database of bridges to fill up with bad information --
assuming it's not already full from people screwing with the emails as noted
above :).
img src=http://www.google.com/?q=tails+usb; /
Putting the above code in a web page like this one will cause every visitor to
trigger a search for TAILS in the XKeyScore rules. The more people who do this,
Re: [tor-talk] (no subject)
I don't have any unidentified servers - I don't know what you mean by that. Which webpage are you visiting? Have you compared what happens when visiting with Torbrowser and visiting with normal Firefox over the normal internet? On Fri, Jul 4, 2014, at 02:06 PM, ideas buenas wrote: I don think is chatbeat. How many inindetifed servers do u have? On Thu, Jul 3, 2014 at 11:19 PM, Geoff Down geoffd...@fastmail.net wrote: See https://chartbeat.com/faq/what-is-ping-chartbeat-net for what I think you are seeing - website analytics. On Thu, Jul 3, 2014, at 11:56 PM, ideas buenas wrote: Another inidentified URI in TBB: rev-213.189.48.245.atman.pl . Check this,please. Nor in Whois On Thu, Jul 3, 2014 at 9:27 PM, ideas buenas ideasbue...@gmail.com wrote: Another example is this s3-website-eu-west-1.amazonaws.comOR edge-star-shv-08-gru1.facebook.com OR ec2-54-225-215-244.compute-1.amazonaws.com everyone resolving to markmonitor.com On Thu, Jul 3, 2014 at 9:19 PM, ideas buenas ideasbue...@gmail.com wrote: I'm not referring to this.I'm talking of a lot of URI that appears when I try to link to any site. Every one of those Remote Address start with a couple o letters followed by numbers like this: server-54-230-83-145.mia50.r.cloudfront.net . On Thu, Jul 3, 2014 at 2:59 AM, Seth David Schoen sch...@eff.org wrote: ideas buenas writes: Why is markmonitor.com and its derivates in my TBB? How can I do to delete this ? Are they watching me? Hi, Are you talking about seeing a markmonitor.com rule in the HTTPS Everywhere Enable/Disable Rules menu? https://www.eff.org/https-everywhere/atlas/domains/markmonitor.com.html If so, this is one of thousands of HTTPS Everywhere rewrite rules that are included with HTTPS Everywhere, which is included with the Tor Browser Bundle. The goal of HTTPS Everywhere and its rewrite rules is to automatically access as many sites as possible with secure HTTPS connections. HTTPS Everywhere typically does not make your browser access sites or services that it would not otherwise have accessed, so it shouldn't help sites monitor your web browsing if they would otherwise not have been able to. There are definitely lots of sites that can monitor some aspects of your web browsing because the site operator has included content loaded from those sites in their web page (so your browser automatically retrieves that content when you visit the page that embedded the content). For example, there are ad networks whose ads are embedded in thousands or millions of different sites, and if you visit any of those sites without blocking those ads, the ad network operator will get some information about your visit when your browser loads the embedded content from those servers. The monitor in the name of markmonitor is not a reference to monitoring users' web browsing. Instead, it's part of the name of the company MarkMonitor, a subsidiary of Thomson Reuters, that provides certain Internet services mostly to very large companies. https://www.markmonitor.com/ Their name is supposed to suggest that they can monitor their clients' trademarks, but not specifically by spying on Internet (or Tor) users' web browsing. It seems that one of their original lines of business was letting companies know about trademark infringement on web sites, so that MarkMonitor's customers could threaten to sue those web sites' operators. They subsequently went into other more infrastructural lines of business. There was an article a few years ago criticizing the large amount of power that MarkMonitor has, but most of that power seems to have arisen mainly because it's an infrastructure provider that some very popular sites decided to sign up with for various purposes (primarily to register Internet domain names, because MarkMonitor's domain name registration services make it extremely difficult for somebody else to take over control of a domain name illicitly). The markmonitor.com HTTPS Everywhere rule is one of thousands of HTTPS Everywhere rules, and its goal is solely to make sure that if you're visiting a web page hosted at (or loading content from) markmonitor.com itself, that your browser's connection to markmonitor.com's servers will be a secure HTTPS connection instead of an insecure HTTP connection. It is not trying to give any additional information to those servers or to cause your browser to connect to those servers when it would not otherwise have done so. (You can see the rule itself in the atlas link toward the beginning of my message, and see that its effect is to rewrite
Re: [tor-talk] (no subject)
Visiting the same website with Tor or normal Firefox its gave me the same Remote Address: s3-us-west-2-w.amazonaws.com ec2-174-129-247-121.compute-1.amazonaws.com edge-star-shv-04-gru1.facebook.com as an example. While ones repeat themselves in both browsers, others not. One class of unidentifies servers are the ones that not respond to a whois lookup. Other class use an address that not resolve in whois with that address and instead belongs to other On Fri, Jul 4, 2014 at 2:47 PM, Geoff Down geoffd...@fastmail.net wrote: I don't have any unidentified servers - I don't know what you mean by that. Which webpage are you visiting? Have you compared what happens when visiting with Torbrowser and visiting with normal Firefox over the normal internet? On Fri, Jul 4, 2014, at 02:06 PM, ideas buenas wrote: I don think is chatbeat. How many inindetifed servers do u have? On Thu, Jul 3, 2014 at 11:19 PM, Geoff Down geoffd...@fastmail.net wrote: See https://chartbeat.com/faq/what-is-ping-chartbeat-net for what I think you are seeing - website analytics. On Thu, Jul 3, 2014, at 11:56 PM, ideas buenas wrote: Another inidentified URI in TBB: rev-213.189.48.245.atman.pl . Check this,please. Nor in Whois On Thu, Jul 3, 2014 at 9:27 PM, ideas buenas ideasbue...@gmail.com wrote: Another example is this s3-website-eu-west-1.amazonaws.comOR edge-star-shv-08-gru1.facebook.com OR ec2-54-225-215-244.compute-1.amazonaws.com everyone resolving to markmonitor.com On Thu, Jul 3, 2014 at 9:19 PM, ideas buenas ideasbue...@gmail.com wrote: I'm not referring to this.I'm talking of a lot of URI that appears when I try to link to any site. Every one of those Remote Address start with a couple o letters followed by numbers like this: server-54-230-83-145.mia50.r.cloudfront.net . On Thu, Jul 3, 2014 at 2:59 AM, Seth David Schoen sch...@eff.org wrote: ideas buenas writes: Why is markmonitor.com and its derivates in my TBB? How can I do to delete this ? Are they watching me? Hi, Are you talking about seeing a markmonitor.com rule in the HTTPS Everywhere Enable/Disable Rules menu? https://www.eff.org/https-everywhere/atlas/domains/markmonitor.com.html If so, this is one of thousands of HTTPS Everywhere rewrite rules that are included with HTTPS Everywhere, which is included with the Tor Browser Bundle. The goal of HTTPS Everywhere and its rewrite rules is to automatically access as many sites as possible with secure HTTPS connections. HTTPS Everywhere typically does not make your browser access sites or services that it would not otherwise have accessed, so it shouldn't help sites monitor your web browsing if they would otherwise not have been able to. There are definitely lots of sites that can monitor some aspects of your web browsing because the site operator has included content loaded from those sites in their web page (so your browser automatically retrieves that content when you visit the page that embedded the content). For example, there are ad networks whose ads are embedded in thousands or millions of different sites, and if you visit any of those sites without blocking those ads, the ad network operator will get some information about your visit when your browser loads the embedded content from those servers. The monitor in the name of markmonitor is not a reference to monitoring users' web browsing. Instead, it's part of the name of the company MarkMonitor, a subsidiary of Thomson Reuters, that provides certain Internet services mostly to very large companies. https://www.markmonitor.com/ Their name is supposed to suggest that they can monitor their clients' trademarks, but not specifically by spying on Internet (or Tor) users' web browsing. It seems that one of their original lines of business was letting companies know about trademark infringement on web sites, so that MarkMonitor's customers could threaten to sue those web sites' operators. They subsequently went into other more infrastructural lines of business. There was an article a few years ago criticizing the large amount of power that MarkMonitor has, but most of that power seems to have arisen mainly because it's an infrastructure provider that some very popular sites decided to sign up with for various purposes (primarily to register Internet domain names, because MarkMonitor's domain name registration services make it extremely difficult for somebody else to take over control of a domain name illicitly). The markmonitor.com
Re: [tor-talk] (no subject)
On Fri, Jul 4, 2014, at 04:51 PM, ideas buenas wrote: Visiting the same website with Tor or normal Firefox its gave me the same So this is nothing to do with Tor. Remote Address: s3-us-west-2-w.amazonaws.com ec2-174-129-247-121.compute-1.amazonaws.com edge-star-shv-04-gru1.facebook.com as an example. While ones repeat themselves in both browsers, others not. That's not particularly unusual - the website you are visiting is seeing accesses from different countries, and so may be serving slightly different content to suit those countries. It may also server slightly different content at different times. One class of unidentifies servers are the ones that not respond to a whois lookup. If you mean that there is no Whois entry for s3-us-west-2-w.amazonaws.com , for example, that is normal: Whois only provides data for second-level domains (in this case amazonaws.com), not subdomains of those. Also of course some Top-Level-Domains (.eu,.au for example) provided only limited information - which they are entitled to do. Other class use an address that not resolve in whois with that address and instead belongs to other I don't understand this, sorry. Can you give an example? GD -- http://www.fastmail.fm - Choose from over 50 domains or use your own -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
Hi! On 04 Jul 2014, at 15:31, Moritz Bartl mor...@torservers.net wrote: I have talked to multiple lawyers, and this case would be very easy to defend against. William was sadly unable or unwilling to communicate properly, and he's not willing/able to put it to a fight. It is a sad situation overall, but it does not change the clear legal status of relay operation. All lawyers I talked to expect this case to be more complicated than it looks, and it makes no sense to discuss this purely based on what we have right now, which is some lawman's blog post. I've talked to William's lawyer in person as well as the ISPA jurist (Austrian Inter Service Provider's Association) who both joined our Tor-ops meeting in Vienna yesterday (2014-07-03). What I can sum up: It is not illegal to run a Tor relay/exit/bridge in Austria. We can not take William's case any further. Doing so would neither help William nor help to clear up the legal status of running relays in Austria. William's lawyer said he personally considers the court judgement to be wrong. The Austrian Tor-Community is working to form an official association (Verein) to get a better standing. Goals shall be education about anonymity, better communication with law enforcement, better communication with ISPs as well as the usual technical mumble to build secure and high bandwidth relays. Building up a legal defense fund and getting a clear statement on whether Tor-networks fall under the legal term of „communications network“ as defined in ECG §13 is also part of that. So if you're in Austria and run a relay/exit/bridge, please get in touch, join our Mailinglist (yes another one) at torservers.at to see if you can help and to stay in the loop. Best regards MacLemon -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] XKeyscore-Quellcode: more english details requested
* elrippo schrieb am 2014-07-04 um 20:30 Uhr: Missed it, but watched it in the ARD Mediathek [1]. Could someone advise, how a copy could be downloaded as mp4, divx, ogg or some other format? You can use URL:http://zdfmediathk.sourceforge.net/. -- Jens Kubieziel http://www.kubieziel.de Perl – The only language that looks the same before and after RSA encryption. - Keith Bostic signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] messing with XKeyScore
On Fri, Jul 4, 2014 at 10:56 AM, Eugen Leitl eu...@leitl.org wrote: http://blog.erratasec.com/2014/07/jamming-xkeyscore_4.html?m=1 Good work, glad someone had time to really dig in, perhaps even drawing on some comments from others in the early buzz such as https://lists.torproject.org/pipermail/tor-talk/2014-July/033695.html Andreas Krey grarpamp http://daserste.ndr.de/panorama/xkeyscorerules100.txt 2) rules100... this thing likely has more N00 rulesets as well. Er, no. ndr.de always uses URLs with 100 or similar in them. (No idea why.) That is not the original file name. Ahh, good to know, thanks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] XKeyscore-Quellcode: more english details requested
Am Freitag, 4. Juli 2014, 20:48:09 schrieb Jens Kubieziel: * elrippo schrieb am 2014-07-04 um 20:30 Uhr: Missed it, but watched it in the ARD Mediathek [1]. Could someone advise, how a copy could be downloaded as mp4, divx, ogg or some other format? You can use URL:http://zdfmediathk.sourceforge.net/. Thank you, works like a charm!!! -- We don't bubble you, we don't spoof you ;) Keep your data encrypted! Log you soon, your Admin elri...@elrippoisland.net Encrypted messages are welcome. 0x84DF1F7E6AE03644 -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v1.4.11 (GNU/Linux) mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+ B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5 Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9 jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7 uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/ axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5 KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv 5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs 9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj 1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU 3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr 9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN /VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ 6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8 6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1 wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz +v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9 8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5 GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE= =otlL -END PGP PUBLIC KEY BLOCK- signature.asc Description: This is a digitally signed message part. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
On Fri, Jul 4, 2014 at 8:15 AM, Nathan Andrew Fain nat...@squimp.com wrote: Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf the two seem very similar. in the case of the paper linked amazon services were utilized. or perhaps someone can explain where the two research groups differ? Yes, clearly an extension, optimization, or new work along the lines of the above paper. Perhaps more interesting is this dilemma... https://lists.torproject.org/pipermail/tor-talk/2014-July/033693.html They wanted a NDA, so most Tor Project's core contributors don't know what's in the air. So we have at least one core person who knows. Now assuming this presentation [1] is in fact 'Really Bad News' for, at minimum, Hidden Services... will the details of it be leaked in order to 'save' HS operators/users before CERTs/GOVs/LEAs/Vigilantes/Spies and the thought police have time to get at them (or what unexposed elements still remain of them)? This is premised upon CERT's typical cozy relationships with LEA's, naturally leading to sharing with them what are potentially ... 'tested ... in the wild ... dozens of successful real-world de-anonymization case studies, ranging from attribution of' ... really diskliked things. Particularly cases of human harm where it is only natural to seek intervention. Then there are the cases worthy of every possible protection outlined here... https://www.torproject.org/about/torusers.html.en Therein lies the dilemma. What do you do? [Note that even if the above relationships, or desire to intervene, do not exist... said spies and their actors are likely to monitor the full research details, and know who in the public knows as well. This could lead to shorter time constraints on all sides.] [1] Which I forgot to link in the OP, thanks Matthew. https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Tor!
Running an internal relay in Graz since 7/2013, where William Weber's
appartment was raided in 2012, when some idiot misused his exit for
illegal stuff, I became interested in his case. But I know it only
from the newspapers.
The raid took place on Wed, 2012-11-28 (1). William did intensive
blogging afterwards (2)(3), the legal process started, and ended this
week Mon, 2014-06-30, with 3 y probation. I found a German article
which provides a good summary (4, Google Translate).
He was not convicted for operating an exit (!!), what is legal in
Austria. But, according to the opinion of the judges, for
contribution to delinquency ('Beitragstaeterschaft' in German):
(...) that he answered in an interview to the question whether he was
aware that Tor could be used for distribution of child pornography,
responded at a conference: I do not give a fuck.(...)
(...) that the prosecutor quoted from chat logs in which he for
anonymous hosting of everything, including child pornography,
recommended Tor (...) (4)
- -- The proofs for such an attitude are not really helpful when
getting to court.
Anyway, if you would like to help him with his lawyer costs, he takes
Bitcoin donations (5).
Perhaps next time it's you, or me, or ...
Best regards
Anton
1)
http://arstechnica.com/tech-policy/2012/11/tor-operator-charged-for-child-porn-transmitted-over-his-servers
2) http://raided4tor.cryto.net
3) http://rdns.im
4)
https://translate.google.com/translate?sl=detl=enjs=yprev=_thl=enie=UTF-8u=http%3A%2F%2Ffuturezone.at%2Fnetzpolitik%2Fstrafe-fuer-tor-betreiber-grazer-urteil-wirft-fragen-auf%2F73.173.618%2Fprintedit-text=
5) http://raided4tor.cryto.net/donate
- --
no.thing_to-hide at cryptopathie dot eu
0x30C3CDF0, RSA 2048, 24 Mar 2014
0FF8 A811 8857 1B7E 195B 649E CC26 E1A5 30C3 CDF0
Bitmessage (no metadata): BM-2cXixKZaqzJmTfz6ojiyLzmKg2JbzDnApC
On 04/07/14 19:11, MacLemon wrote:
Hi!
On 04 Jul 2014, at 15:31, Moritz Bartl mor...@torservers.net
wrote:
I have talked to multiple lawyers, and this case would be very
easy to defend against. William was sadly unable or unwilling to
communicate properly, and he's not willing/able to put it to a
fight. It is a sad situation overall, but it does not change the
clear legal status of relay operation. All lawyers I talked to
expect this case to be more complicated than it looks, and it
makes no sense to discuss this purely based on what we have right
now, which is some lawman's blog post.
I've talked to William's lawyer in person as well as the ISPA
jurist (Austrian Inter Service Provider's Association) who both
joined our Tor-ops meeting in Vienna yesterday (2014-07-03).
What I can sum up: It is not illegal to run a Tor relay/exit/bridge
in Austria. We can not take William's case any further. Doing so
would neither help William nor help to clear up the legal status of
running relays in Austria. William's lawyer said he personally
considers the court judgement to be wrong.
The Austrian Tor-Community is working to form an official
association (Verein) to get a better standing. Goals shall be
education about anonymity, better communication with law
enforcement, better communication with ISPs as well as the usual
technical mumble to build secure and high bandwidth relays.
Building up a legal defense fund and getting a clear statement on
whether Tor-networks fall under the legal term of „communications
network“ as defined in ECG §13 is also part of that.
So if you're in Austria and run a relay/exit/bridge, please get in
touch, join our Mailinglist (yes another one) at torservers.at to
see if you can help and to stay in the loop.
Best regards MacLemon
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBAgAGBQJTtwhVAAoJEMwm4aUww83w+1oIAI80jAQj4mOpwsiYdnJGstA4
A25lb+2wDpI/zgKhttkJk1t6I1Ff3/+F5lmU7Eh6nO1RlgcPUVzZJtex1pAZ0P+z
AIo9FnsF2UJbkPU/CR2hC96yfb8cw0lEyo+zUVCi5YcrZyDbKpgiJvFB2uIuM98P
3/8XP5NteqhmBQ+WPSWAo9A7EoCuzFpSpGRhfj+osgjRWIwR75CGJErLLmSYZqP0
unSji6zJycbb6u3NOtUlVijLBGBdoXt+oQBKf8tttB3yK+WTBpMZ8P9qVb5IuKCW
/hJeqX1a2MmPG+jSjpunY/W1oBVHeDooYp4qdNIYAeVsZDVm8LSbD1g7r4aFk/o=
=0Zsp
-END PGP SIGNATURE-
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On 7/3/2014 2:23 PM, C B wrote: I agree that collecting stories about why/how I use Tor is useful, but I disagree that any special education or warning should be needed before setting up an exit node. Setting up an exit node is simply providing another IP that can be used for traffic and nothing else. Holy... they may not have a clue what danger lies ahead, Batman. We're going to have to agree to disagree, that at least some basic info on potential dangers be supplied, if only links. We've all seen several people conversing on tor-talk now, that were run through the ringer, for running Tor relays. I don't think any of them thought they'd be fighting for their freedom; spending a huge part of savings to defend themselves or going through extended, true mental anguish of wondering if they'd lose their freedom family. Maybe Tor Project itself isn't the one that should be doing the educating in this case - dunno. Though I don't like the thought of people going through hell on Earth, because they didn't understand the dangers, I also understand it's not in Tor Project's best interest to scare off relay operators. One issue is, every Tor user is encouraged to run a relay. Kind of like the US Army commercials promoting adventure visiting foreign lands, instead of bullets grenades coming at you. Moritz, I'm not sure if the 1st FAQ at the link https://www.torproject.org/eff/tor-legal-faq.html.en portrays an accurate picture of potential dangers: Has anyone ever been sued or prosecuted for running Tor? *No*, we aren't aware of anyone being sued or prosecuted in the United States just for running a Tor relay. Further, we believe that running a Tor relay --- including an exit relay that allows people to anonymously send and receive traffic --- is legal under U.S. law. That may need a bit of revision. :D Maybe no one has been prosecuted in the US (I don't know), but people in other countries sure have. And being investigated or going through court hearings trials - maybe for months or yrs, can destroy a person. It can be devastating, even if you're never formally charged. Many people who've never gone through something like that can't fully understand the incredible stress of being investigated threatened. The concept of, No one's been *prosecuted* in the US, therefore running Tor relays has no potentially serious legal ramifications, is glossing over the dangers. Running a relay may not be *the* most dangerous activity, but it sure carries significant risk. Many that get tor-talk regularly have read that. But some potential relay operators might not read tor-talk every day for months, to read about someone that got in serious legal trouble, before they decide to / not to run a relay. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
On 7/4/14, grarpamp grarp...@gmail.com wrote: https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget I2P is a tool that likely presents the nearest analog to Tor's hidden services (.i2p) to the user. Usable in much the same way. Always good to be familiar with and have other options out there. And see that they receive community research and review efforts too. http://geti2p.net/en/comparison/tor -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I fully agree with Joe! Running an exit can get you in serious legal trouble, because Tor /and all other anonymity services/ will always be misused for illegal activities. Every interested operator must make his personal moral trade-off and come to a decision. Sartre described such a discussion in a more extreme scenario in Les mains sales (= Dirty hands) Anyway, I decided not to run an exit but only an internal relay. And to join German CCC and Zwiebelfreunde (Hello to the colleagues by the way!). We operate really big relays, secured by professional admins. Much better than I could setup at home as hobbyist w/o IT-education. So you are an association and the legal risk and potential lawyer costs are distributed. Even the simple use of Tor is not w/o risk for everyday use: https://translate.google.com/translate?hl=enie=UTF8prev=_tsl=detl=enu=http://www.heise.de/ct/heft/2013-20--2248651.html%3Fview%3Dprint I think one should have at least some basic knowledge about what the Internet, SSL certificates, browsers, scripting and plugins are and how they work. Best regards Anton - -- no.thing_to-hide at cryptopathie dot eu 0x30C3CDF0, RSA 2048, 24 Mar 2014 0FF8 A811 8857 1B7E 195B 649E CC26 E1A5 30C3 CDF0 Bitmessage (no metadata): BM-2cXixKZaqzJmTfz6ojiyLzmKg2JbzDnApC On 04/07/14 22:56, Joe Btfsplk wrote: On 7/3/2014 2:23 PM, C B wrote: I agree that collecting stories about why/how I use Tor is useful, but I disagree that any special education or warning should be needed before setting up an exit node. Setting up an exit node is simply providing another IP that can be used for traffic and nothing else. Holy... they may not have a clue what danger lies ahead, Batman. We're going to have to agree to disagree, that at least some basic info on potential dangers be supplied, if only links. We've all seen several people conversing on tor-talk now, that were run through the ringer, for running Tor relays. I don't think any of them thought they'd be fighting for their freedom; spending a huge part of savings to defend themselves or going through extended, true mental anguish of wondering if they'd lose their freedom family. Maybe Tor Project itself isn't the one that should be doing the educating in this case - dunno. Though I don't like the thought of people going through hell on Earth, because they didn't understand the dangers, I also understand it's not in Tor Project's best interest to scare off relay operators. One issue is, every Tor user is encouraged to run a relay. Kind of like the US Army commercials promoting adventure visiting foreign lands, instead of bullets grenades coming at you. Moritz, I'm not sure if the 1st FAQ at the link https://www.torproject.org/eff/tor-legal-faq.html.en portrays an accurate picture of potential dangers: Has anyone ever been sued or prosecuted for running Tor? *No*, we aren't aware of anyone being sued or prosecuted in the United States just for running a Tor relay. Further, we believe that running a Tor relay --- including an exit relay that allows people to anonymously send and receive traffic --- is legal under U.S. law. That may need a bit of revision. :D Maybe no one has been prosecuted in the US (I don't know), but people in other countries sure have. And being investigated or going through court hearings trials - maybe for months or yrs, can destroy a person. It can be devastating, even if you're never formally charged. Many people who've never gone through something like that can't fully understand the incredible stress of being investigated threatened. The concept of, No one's been *prosecuted* in the US, therefore running Tor relays has no potentially serious legal ramifications, is glossing over the dangers. Running a relay may not be *the* most dangerous activity, but it sure carries significant risk. Many that get tor-talk regularly have read that. But some potential relay operators might not read tor-talk every day for months, to read about someone that got in serious legal trouble, before they decide to / not to run a relay. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBAgAGBQJTtyMGAAoJEMwm4aUww83wBsgH/iymnTz9KSoiy4XqlXDpRjTD ki08BxScRcx1JPbGe/QXFAO0Nu4dmnr6qC5chti8qjsmupvsiNqr4+8pxTRh3yWH FToWon/Qt6TiSBAqAvxUGc5UrEK4vhzHfaXcY5H/vnIJazjeYZKXo00ca3jV1e7o Qeo8Algk/9Vp5So5aIkD+p706vQa564s6lpBrFZ0ULB+gHlvvZe29AudkuvGYIPh SJSAnAVs9LjBmx5H64S/Wqk4S2WFRlT+UgwfgSLEoO3rGgJdwtv50bUkKxXBk3MW nhXc48ujJHcChhqmf2I6sh96zDiImT/E4PQrHvs2IHvCNIPrgN/rtvQejd8e3Qw= =MlMt -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] (no subject)
Do a Whois lookup of the addreses I gave u before and check that all of this resolve to markmonitor. s3-us-west-2-w.amazonaws.com ec2-174-129-247-121.compute-1.amazonaws.com edge-star-shv-04-gru1.facebook.com st http://edge-star-shv-04-gru1.facebook.com just when I was visiting www.lemonde.fr ? http://edge-star-shv-04-gru1.facebook.com On Fri, Jul 4, 2014 at 4:51 PM, Geoff Down geoffd...@fastmail.net wrote: On Fri, Jul 4, 2014, at 04:51 PM, ideas buenas wrote: Visiting the same website with Tor or normal Firefox its gave me the same So this is nothing to do with Tor. Remote Address: s3-us-west-2-w.amazonaws.com ec2-174-129-247-121.compute-1.amazonaws.com edge-star-shv-04-gru1.facebook.com as an example. While ones repeat themselves in both browsers, others not. That's not particularly unusual - the website you are visiting is seeing accesses from different countries, and so may be serving slightly different content to suit those countries. It may also server slightly different content at different times. One class of unidentifies servers are the ones that not respond to a whois lookup. If you mean that there is no Whois entry for s3-us-west-2-w.amazonaws.com , for example, that is normal: Whois only provides data for second-level domains (in this case amazonaws.com), not subdomains of those. Also of course some Top-Level-Domains (.eu,.au for example) provided only limited information - which they are entitled to do. Other class use an address that not resolve in whois with that address and instead belongs to other I don't understand this, sorry. Can you give an example? GD -- http://www.fastmail.fm - Choose from over 50 domains or use your own -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BlackHat2014: Deanonymize Tor for $3000
On Fri, Jul 4, 2014 at 6:02 PM, Paweł Zegartowski pze...@gmail.com wrote: I2P (aka Invisible Internet Protocol) is designed to be a real undernet Using I2P to acces a standard Internet but in anonymous way is much less Right, in the likely context of the subject exploit, I referred only to the similar .onion/.i2p hidden constructs that available for users. Binding to and using them is a bit different of course but it all works. And the .i2p's are generally as 'efficient' (speedy) in use regarding initial connect, latency and bandwidth, if not better. (A lot of filesharing is on i2p.) Bootstrapping into the net does take a while though. And of course as with any other darknet you should run a 'non-exit' relay to help out. i2p does have 'exits' you can compare to tor as well. Anyone can run an exit. But users have first find one on a wiki list or somesuch, and then manually configure their i2p to use it. Consider it like a bolt on proxy. Last I checked one comes preconfigured but as such expect it to be far overloaded. No reason there can't be many, there just aren't. http://geti2p.net/en/comparison/tor -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On 7/5/14, no.thing_to-h...@cryptopathie.eu
no.thing_to-h...@cryptopathie.eu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Tor!
Running an internal relay in Graz since 7/2013, where William Weber's
appartment was raided in 2012, when some idiot misused his exit for
illegal stuff, I became interested in his case. But I know it only
from the newspapers.
The raid took place on Wed, 2012-11-28 (1). William did intensive
blogging afterwards (2)(3), the legal process started, and ended this
week Mon, 2014-06-30, with 3 y probation. I found a German article
which provides a good summary (4, Google Translate).
He was not convicted for operating an exit (!!), what is legal in
Austria. But, according to the opinion of the judges, for
contribution to delinquency ('Beitragstaeterschaft' in German):
(...) that he answered in an interview to the question whether he was
aware that Tor could be used for distribution of child pornography,
responded at a conference: I do not give a fuck.(...)
(...) that the prosecutor quoted from chat logs in which he for
anonymous hosting of everything, including child pornography,
recommended Tor (...) (4)
Contribution to delinquency it seems he was charged with.
Evidently one must demonstrate one _does_ indeed
give a fuck (care for), at least for the law.
- -- The proofs for such an attitude are not really helpful when
getting to court.
Undoubtedly.
Anyway, if you would like to help him with his lawyer costs, he takes
Bitcoin donations (5).
Perhaps next time it's you, or me, or ...
Best regards
Anton
1)
http://arstechnica.com/tech-policy/2012/11/tor-operator-charged-for-child-porn-transmitted-over-his-servers
2) http://raided4tor.cryto.net
3) http://rdns.im
4)
https://translate.google.com/translate?sl=detl=enjs=yprev=_thl=enie=UTF-8u=http%3A%2F%2Ffuturezone.at%2Fnetzpolitik%2Fstrafe-fuer-tor-betreiber-grazer-urteil-wirft-fragen-auf%2F73.173.618%2Fprintedit-text=
5) http://raided4tor.cryto.net/donate
- --
no.thing_to-hide at cryptopathie dot eu
0x30C3CDF0, RSA 2048, 24 Mar 2014
0FF8 A811 8857 1B7E 195B 649E CC26 E1A5 30C3 CDF0
Bitmessage (no metadata): BM-2cXixKZaqzJmTfz6ojiyLzmKg2JbzDnApC
On 04/07/14 19:11, MacLemon wrote:
Hi!
On 04 Jul 2014, at 15:31, Moritz Bartl mor...@torservers.net
wrote:
I have talked to multiple lawyers, and this case would be very
easy to defend against. William was sadly unable or unwilling to
communicate properly, and he's not willing/able to put it to a
fight. It is a sad situation overall, but it does not change the
clear legal status of relay operation. All lawyers I talked to
expect this case to be more complicated than it looks, and it
makes no sense to discuss this purely based on what we have right
now, which is some lawman's blog post.
I've talked to William's lawyer in person as well as the ISPA
jurist (Austrian Inter Service Provider's Association) who both
joined our Tor-ops meeting in Vienna yesterday (2014-07-03).
What I can sum up: It is not illegal to run a Tor relay/exit/bridge
in Austria. We can not take William's case any further. Doing so
would neither help William nor help to clear up the legal status of
running relays in Austria. William's lawyer said he personally
considers the court judgement to be wrong.
The Austrian Tor-Community is working to form an official
association (Verein) to get a better standing. Goals shall be
education about anonymity, better communication with law
enforcement, better communication with ISPs as well as the usual
technical mumble to build secure and high bandwidth relays.
Building up a legal defense fund and getting a clear statement on
whether Tor-networks fall under the legal term of „communications
network“ as defined in ECG §13 is also part of that.
So if you're in Austria and run a relay/exit/bridge, please get in
touch, join our Mailinglist (yes another one) at torservers.at to
see if you can help and to stay in the loop.
Best regards MacLemon
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On 7/4/2014 3:02 PM, no.thing_to-h...@cryptopathie.eu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Tor!
Running an internal relay in Graz since 7/2013, where William Weber's
appartment was raided in 2012, when some idiot misused his exit for
illegal stuff, I became interested in his case. But I know it only
from the newspapers.
The raid took place on Wed, 2012-11-28 (1). William did intensive
blogging afterwards (2)(3), the legal process started, and ended this
week Mon, 2014-06-30, with 3 y probation. I found a German article
which provides a good summary (4, Google Translate).
He was not convicted for operating an exit (!!), what is legal in
Austria. But, according to the opinion of the judges, for
contribution to delinquency ('Beitragstaeterschaft' in German):
(...) that he answered in an interview to the question whether he was
aware that Tor could be used for distribution of child pornography,
responded at a conference: I do not give a fuck.(...)
(...) that the prosecutor quoted from chat logs in which he for
anonymous hosting of everything, including child pornography,
recommended Tor (...) (4)
- -- The proofs for such an attitude are not really helpful when
getting to court.
Interesting. Taking that account at face value, then apparently at
times, the rule of law is as subjective in Austria as it is in many
countries.
What do we take away from Weber's conviction? That it's illegal (or at
least punishable) to speak your mind in Austria?
Unless there's more to the story, I would think that judge believed he
pulled a fast one, by giving Mr. Weber probation for something that's
not against the law.
Answered in an interview ... that he didn't give a ...? Was that an
interview with the Pope or something?
There's no freedom of speech in Austria? Or is cursing during
interviews a possible felony?
If attitude or personal opinion were against the law, half the people in
the world would be in jail.
I understand (completely) Mr. Weber's decision - right now - not to want
to go through an appeal, but I'm concerned that after he's had some much
needed rest time to reflect, that he may regret accepting a guilty
plea for something that apparently isn't against the law, even in
Austria. But it is his decision.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] messing with XKeyScore
On Fri, Jul 04, 2014 at 09:36:23PM +, isis wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Eugen Leitl transcribed 5.8K bytes: http://blog.erratasec.com/2014/07/jamming-xkeyscore_4.html?m=1 Errata Security Advanced persistent cybersecurity Friday, July 04, 2014 Jamming XKeyScore Back in the day there was talk about jamming echelon by adding keywords to email that the echelon system was supposedly looking for. We can do the same thing for XKeyScore: jam the system with more information than it can handle. (I enumerate the bugs I find in the code as xks-00xx). For example, when sending emails, just send from the address brid...@torproject.org and in the email body include: https://bridges.torproject.org/ bridge = 0.0.0.1:443 bridge = 0.0.0.2:443 bridge = 0.0.0.3:443 ... Continue this for megabytes worth of bridges (xks-0001), and it'll totally mess up XKeyScore. It has no defense against getting flooded with information like this, as far as I can see. Hi. I maintain and develop BridgeDB. For what it's worth, the released XKS rules would not have worked against BridgeDB for over a year now. I have no knowledge of what regexes are currently in use in XKS deployments, nor if the apparent typos are errors in the original documents, or rather typos in one of the various levels of transcriptions which may have occurred in the editing process. If these typos were at some point in the original rules running on XKS systems, then *no* bridges would have been harvested due to various faults. None. Ergo, as Jacob has pointed out to me, the regexes which are released should be assumed to be several years out of date, and also shouldn't be assumed to be representative of the entire ruleset of any deployed XKS system. I am willing to implement tricks against specific problems with them, mostly for the lulz, because fuck the NSA. But it should be assumed that the actual regexes have perhaps been updated, and that highly specific tricks are not likely to land. The ticket for this, by the way, was created by Andrea this afternoon, it's #12537: https://trac.torproject.org/projects/tor/ticket/12537 In reality it's a bit silly to try to mess with these rules if they are n-years old. Based on the pics, simply requesting that all users use brid...@bridges.torproject.org instead of brid...@torproject.org is the easiest change that by-passes this specific set of rules. But, I think it is more realistic that these minor points are moot and the regexes were fixed long ago and that the ruleset more fully covers Tor's distributors now. This problem makes me sad on many levels, and I'm not opposed to implementing mitigation techniques (within reason) based on the rulesets, however we shouldn't do anything that will hurt our users nor should be do anything that makes tor more difficult to use (unfortunately this includes sending users bogus bridge addresses). For the use-case of bridges, where a user tries to circumvent local network interference and implicitly expects they're not fingerprinted by NSA, we are mostly failing right now. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On 07/04/2014 10:56 PM, Joe Btfsplk wrote: *No*, we aren't aware of anyone being sued or prosecuted in the United States just for running a Tor relay. Further, we believe that running a Tor relay --- including an exit relay that allows people to anonymously send and receive traffic --- is legal under U.S. law. That may need a bit of revision. :D Maybe no one has been prosecuted in the US (I don't know) Not that I know of. We also can't simply edit that page, since it was produced as is by the EFF. We can revise the pages, yes, but we need help with that. You can't possibly expect a magic somebody to do it. Everyone is free to submit a patch! , but people in other countries sure have. sure have? I know of no other case that got not immediately dropped. With the exception of William, whose, sorry I must say this, behavior and combining circumstances didn't exactly help. We could have easily fought this, and we would have organized and paid a lawyer, if he didn't overall act as bad as he did. And that something like a raid, seizure and potential _prosecution_ (not: conviction) that happen, yes, that is something every exit operator should be aware of. The legal FAQ is a legal FAQ. It is still completely legal in all countries we know of. It is not the how you should behave and what is the worst case scenario FAQ: That is https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines . A legal FAQ in my eyes should mention that a lot of cases already proved the legality of Tor exit relays. You can't expect this document to be up to date by the minute. It also clearly states that it is something written by the EFF for United States only: Tor cannot give legal advice, US entities seem to have to be very careful about that. Sorry for sounding a bit rude, but yes, to say it frankly, I am pissed off because of this case. There was no reason for making this public before the written statement other to scare away other Tor relay operators. As if Tor didn't already have enough bad press, some fuckup THAT HAS NO LEGAL CONSEQUENCES FOR OTHER TOR RELAYS WHATSOEVER and WHERE THERE IS NOT EVEN A WRITTEN STATEMENT YET TO BASE ANY CONSTRUCTIVE DISCUSSION ON is not helpful. Pleaaase, everyone, you don't have to jump on everything on the Internet that some dude posted to a blog and waste your time discussing THINGS THAT NOBODY KNOWS ANYTHING ABOUT YET. If you want to be constructive, think about how we can properly design a legal fund. WE DO HAVE MONEY FOR THIS. No, I do NOT plan on throwing 3 Euro to waste just because the operator didn't want our help and handled the whole case completely wrong. YES, I feel bad about this and we wanted to help him all this time. I understand it is not his fault, but sadly there is nothing we can do if the accused does not want our help. Please, understand that we have an active interest in updating the website, providing a legal fund, organizing lawyers and all that. Several of you make it sound like it's the Tor project's fault, and demand that magically someone writes elaborate and brilliant guides for the website and from one day to another sets up an international legal fund. You're all invited to investigate options and write guides, but just ranting on a mailinglist is not getting us anywhere. I will pick up this thread only after we have seen a written statement by the court. Please start separate threads if you have good and well-thought ideas about how we can organize a legal fund, send a patch for the website if you have good writing skills, and edit the Tor Exit Guidelines page if you think it is wrong. It is a wiki, wikis are there to be edited. The concept of, No one's been *prosecuted* in the US, therefore running Tor relays has no potentially serious legal ramifications, is glossing over the dangers. I agree. -- Moritz Bartl https://www.torservers.net/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
