Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread CANNON NATHANIEL CIOTA 

On 2016-06-05 16:34, notfrien...@riseup.net wrote:

On 2016-06-05 17:20, Allen wrote:


So randomizing the times that traffic enters the network and exits 
the
network wouldn't work? Like it enters a note and 30 ms after received 
or
another random delay couldn't it exit. It would be harder to 
correlate the

traffic right?



IMO, the packets would probably need to be randomly delayed at each 
node,
not just entering and exiting the network.  A mathematical model would 
be
needed to determine the necessary amount of delay (I doubt 30 ms would 
be
enough).  The delay could be chosen by the originating node, so it 
could

chose the privacy vs latency tradeoff.

It might also be beneficial to have two channels to each exit node, 
with
each channel used in only one direction, i.e., outbound packets travel 
one

route, while inbound packets travel a different route.


That's a good idea. If we could get a system of micro delays which
wouldn't cause major issues it'd be nice in protecting Tor users
anonymity. It's an issue that has been acknowledged by the tor project
but we haven't been able to find a working system yet. I think it's
more important then ever that we begin to address these issues.


I have had the idea of randomized micro delays between each node for 
long time, but have been told by many in the Tor community that this is 
bad idea for low latency network. I know that Tor has stated in past 
that they don't claim to protect from a GPA. But we must realize that 
the true threat is a GPA which must be dealt with by collaborating on 
solutions to protect from global view traffic analysis. Another idea, if 
micro delays would not work out for low latency anonymizing networks 
such as Tor would be to perhaps add padding, randomized padding between 
each node. If micro-delays and/or padding is bad idea, then other 
solutions should be discussed.


--
Cannon N. Ciota
Website: www.cannon-ciota.info
Email: can...@cannon-ciota.info
PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] doing a google search creates a 403 forbidden when I'm on the tor network

2016-06-05 Thread Sarah Alawami 
Hello to all. I was just on the tor network and launched google to do a google 
search. I got a 403 forbidden when trying to search for something. I know this 
might not be fixable, but Can this at least be noted somewhere? Here is the 
contents of the error.


403. That’s an error.

Your client does not have permission to get URL 
/sorry/IndexRedirect?continue=https://www.google.com/search%3Fclient%3Dsafari%26rls%3Den%26q%3Dmp3%2Bgain%2Bfor%2Bosx%26ie%3DUTF-8%26oe%3DUTF-8=CGMSBAWHnmUY_fTTugUiGQDxp4NLCsckqwDOkyn9Xh-kSLm_OFC-oYE
 from this server.  That’s all we know.


I dunno if this will help, as that's all I know at this time. I didn't know tor 
blocked google searches.

Take care and have a happy Sunday to all.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread notfriendly 

On 2016-06-05 22:44, Mirimir wrote:

On 06/05/2016 08:06 PM, Cecilia Tanaka wrote:

On Jun 5, 2016 10:28 PM,  wrote:


It looks like our sender just compromised their anonymity (or at 
least
finally switched to a psudonym). "Hi. I’m Nick Farr" (sent from the 
same
address that sent the http://jacobappelbaum.net/ link). We now have 
more
information on who sent out the original message. I just thought I'd 
point

it out.

Not exactly, my dear.  It was just a transcription of an article 
written
and published by Nick in Medium platform.  The message you mentioned 
was

not sent by Nick Farr.


You don't actually know whether it was, or not, right?


Take care, my dear.

Cecilia



After further reading I realized that we know that's the name of the 
writer on medium however we have nothing to prove or disprove whether 
the sender also wrote the article.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Cecilia Tanaka 
On Jun 5, 2016 11:44 PM, "Mirimir"  wrote:
>
> On 06/05/2016 08:06 PM, Cecilia Tanaka wrote:
> > On Jun 5, 2016 10:28 PM,  wrote:
> >>
> >> It looks like our sender just compromised their anonymity (or at least
> > finally switched to a psudonym). "Hi. I’m Nick Farr" (sent from the same
> > address that sent the http://jacobappelbaum.net/ link). We now have more
> > information on who sent out the original message. I just thought I'd
point
> > it out.
> >
> > Not exactly, my dear.  It was just a transcription of an article written
> > and published by Nick in Medium platform.  The message you mentioned was
> > not sent by Nick Farr.
>
> You don't actually know whether it was, or not, right?

Not exactly too, haha!!  I have my own reasons to believe the message was
not sent by Nick Farr.  Warm hugs from Brazil, my dear Mirimir!  ;)

Ceci, almost zzzleeping, sorry...  I got flu medicines enough to make me
feel really zzzleepy and lazy in this moment.  Good night and a restful
sleep for you all!  :*
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Cecilia Tanaka 
On Jun 5, 2016 11:37 PM,  wrote:

>> Oh OK, sorry for making that assumption.

Nah, no problem.  Everybody is too stressed and worried in this moment.
Take care and be well!  :)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Mirimir 
On 06/05/2016 08:06 PM, Cecilia Tanaka wrote:
> On Jun 5, 2016 10:28 PM,  wrote:
>>
>> It looks like our sender just compromised their anonymity (or at least
> finally switched to a psudonym). "Hi. I’m Nick Farr" (sent from the same
> address that sent the http://jacobappelbaum.net/ link). We now have more
> information on who sent out the original message. I just thought I'd point
> it out.
> 
> Not exactly, my dear.  It was just a transcription of an article written
> and published by Nick in Medium platform.  The message you mentioned was
> not sent by Nick Farr.

You don't actually know whether it was, or not, right?

> Take care, my dear.
> 
> Cecilia
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread notfriendly 

On 2016-06-05 22:06, Cecilia Tanaka wrote:

On Jun 5, 2016 10:28 PM,  wrote:


It looks like our sender just compromised their anonymity (or at least
finally switched to a psudonym). "Hi. I’m Nick Farr" (sent from the 
same
address that sent the http://jacobappelbaum.net/ link). We now have 
more
information on who sent out the original message. I just thought I'd 
point

it out.

Not exactly, my dear.  It was just a transcription of an article 
written
and published by Nick in Medium platform.  The message you mentioned 
was

not sent by Nick Farr.

Take care, my dear.

Cecilia

Oh OK, sorry for making that assumption.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Cecilia Tanaka 
On Jun 5, 2016 10:28 PM,  wrote:
>
> It looks like our sender just compromised their anonymity (or at least
finally switched to a psudonym). "Hi. I’m Nick Farr" (sent from the same
address that sent the http://jacobappelbaum.net/ link). We now have more
information on who sent out the original message. I just thought I'd point
it out.

Not exactly, my dear.  It was just a transcription of an article written
and published by Nick in Medium platform.  The message you mentioned was
not sent by Nick Farr.

Take care, my dear.

Cecilia
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread notfriendly 

On 2016-06-05 19:50, Anthony Papillion wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 6:47 PM, Mirimir wrote:

On 06/05/2016 05:36 PM, Anthony Papillion wrote:

On 6/5/2016 6:30 PM, Mirimir wrote:

On 06/05/2016 05:14 PM, Anthony Papillion wrote:

On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:

On 2016-06-05 18:17, Anthony Papillion wrote: The last
time IOError tweeted was on 30 May. Has anyone on this list
actually HEARD from him since then? We have to remember
that Jake comes from a really fucked up childhood.
Something like these allegations could push someone over
the edge.



Anthony




He might need time to himself for now. He has a lot of
people talking about him right now. He probably needs a
break.


You're probably right. I've just seen this kind of thing get
out of hand before and, innocent or not, people can be pushed
over the edge.



I get where you're coming from, but public comments about his
history, and speculation about suicide, really aren't
appropriate. IMHO, anyway.



Just sayin'.



Showing concern is completely appropriate. And why not discuss
his history? It's not like he hides it or even tries to. He's
very open about it. I'm not saying anything Jake hasn't publicly
said himself, usually in front of a few hundred people. Sorry,
concern for a fellow human being trumps 'appropriateness' IMO.


I'm fine with concern. But on a mail list, it's creepy. But then,
I don't know him. And I'm pretty old-school about privacy.


Yes, I can agree it's kind of creepy. The only reason I sent it down
the list was because I don't know specific people who know him that I
could email privately. Otherwise, I definitely would have preferred
that. But, surprisingly, I'm pretty OK with being creepy lol


I did, however, screw up by sending my own "[OFF-LIST]" message to
the list ;)


That threw me for a second! I saw the off-list designation and then
thought 'oh crap, I just violated his privacy by responding to a
private email on the list'. THen I saw it had been sent to the list. I
should have paid more attention as well and readdressed it. Sorry
about that!



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLqrAAoJEAKK33RTsEsVhCwQAK9azFiK6fluTTPW0pppDxAl
g+NtoThYMeZbKpogHHa5/fkZEH/IxbWCowadLvik+cjP+X+cig2fz6yjQug8yaxc
1SyEXVcAhcqBpj5sVI/CZ9SP80akQD4cEMeYLvqQ0i9SoGDLIofoE9bNOFzka5S8
43XEMDU5CoI32hahuA+B7upae4Ka1yOiKoPUj2bKfScQ/PNqnTIHKsD/yWW4v1Zj
GXfwiGx7M3m2SFLF3Hy74Xnpcl2QwLjzx0BmLzeVleliouO/xtyclvjpPHNXfu2b
Z5WsXy8Q2yR+4HqlQDVV8jCKcGP3uTn4aNXiqtu1AqVH1qBhcyVelCS/lmZChQ/N
NK2K3GR91c7/XY1Z1/WuK5pyr46d/x7+HhgRe59PpNM1GyL6Dm4tyj/BvPGfLQIM
P+jAAOskmL8MNJKqGjGzfSqyw9I+0oDBW+NSpbNxP2btS2R1WMvtQ7L0OTEkKRf8
7tvu+C1S/k/S8j/67Dqyls5Q+dlmzTrHhoFjJfm714I1oXekKoWHVuHyEMdr3znK
cq7Ir9Sl7iQprgoRah3eKEi2aUY8lZ+LRYvbOH7EFmC+FeY9I48I6n0nbhDRLWEy
AklvQFeZWVVxNJF1UF/fthMTuxjOF5wUQ0vADN2/wNb+6EbgaKE4XpHzz+Jaf7cH
h+mWNYiccmj68Vwdhpep
=agD7
-END PGP SIGNATURE-


It's fine. If it wasn't for the fact emails are publicly archived then 
the fact that I delete emails immediately after responding to them would 
be enough to protect his privacy.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread notfriendly 

On 2016-06-05 19:47, Mirimir wrote:

On 06/05/2016 05:36 PM, Anthony Papillion wrote:

On 6/5/2016 6:30 PM, Mirimir wrote:

On 06/05/2016 05:14 PM, Anthony Papillion wrote:

On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:

On 2016-06-05 18:17, Anthony Papillion wrote: The last time
IOError tweeted was on 30 May. Has anyone on this list actually
HEARD from him since then? We have to remember that Jake comes
from a really fucked up childhood. Something like these
allegations could push someone over the edge.



Anthony




He might need time to himself for now. He has a lot of people
talking about him right now. He probably needs a break.


You're probably right. I've just seen this kind of thing get out
of hand before and, innocent or not, people can be pushed over
the edge.



I get where you're coming from, but public comments about his
history, and speculation about suicide, really aren't appropriate.
IMHO, anyway.



Just sayin'.



Showing concern is completely appropriate. And why not discuss his
history? It's not like he hides it or even tries to. He's very open
about it. I'm not saying anything Jake hasn't publicly said himself,
usually in front of a few hundred people. Sorry, concern for a fellow
human being trumps 'appropriateness' IMO.


I'm fine with concern. But on a mail list, it's creepy. But then, I
don't know him. And I'm pretty old-school about privacy.

I did, however, screw up by sending my own "[OFF-LIST]" message to the
list ;)


Haha I was wondering what the whole "[OFF-LIST]" thing was about.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread notfriendly 

On 2016-06-05 19:36, Anthony Papillion wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 6:30 PM, Mirimir wrote:

On 06/05/2016 05:14 PM, Anthony Papillion wrote:

On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:

On 2016-06-05 18:17, Anthony Papillion wrote: The last time
IOError tweeted was on 30 May. Has anyone on this list actually
HEARD from him since then? We have to remember that Jake comes
from a really fucked up childhood. Something like these
allegations could push someone over the edge.



Anthony




He might need time to himself for now. He has a lot of people
talking about him right now. He probably needs a break.


You're probably right. I've just seen this kind of thing get out
of hand before and, innocent or not, people can be pushed over
the edge.


I get where you're coming from, but public comments about his
history, and speculation about suicide, really aren't appropriate.
IMHO, anyway.

Just sayin'.



Showing concern is completely appropriate. And why not discuss his
history? It's not like he hides it or even tries to. He's very open
about it. I'm not saying anything Jake hasn't publicly said himself,
usually in front of a few hundred people. Sorry, concern for a fellow
human being trumps 'appropriateness' IMO.


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLeZAAoJEAKK33RTsEsVK6YP/0dlCDranRHUV6joIOCLSjkf
C9r18sg9+OyQmjVe8FlVzZ7AKi9P4l2vMfeiUxgqQjnt92RYRJdFP1lZQv6ZN6No
VRyIRiZ29ieyL7P8rEXIuMzCSwam/cqzozGM275Z1QYnCxgWieN5jtxyH1cCOFyW
gpAkyjOZpdXWkWddz6RA2sudy3eqkz8kYSLoIVT3qXwOYhSSS92mGe4U9S2Z3KJb
4VSihal1GW07cYc2fs0JGAWkl/0vsPXX3rjLo/Oq5nu4ISAthHe2SLB8PWk/Lr67
C0lVRZZwSs6l2ErWLwpQpdHKx1a8cga0/4DhoW1vTVkQ/klLA2JD5IVtMEGGndot
DML8aJfeswN7yaper02MkfI3s2YYfUcPTY2yhs7POfWIgdpBEGLMVwQ8iYoyv+/q
q+7EeVONv97QX6DE1w1s5mR9WHK6rz8cFsvhB6UoeKj/NBJjlhKzHpWVy1BC1O6C
TPsPc4zSO6AjusHBhSBbm+htHxciuY2QzjVUJQrVa04AwrUHzpCPQfTW3jxnUUTd
daR2nJVHoh/+bi+j2ziZqBObyk5E3CkCEGIQ0th8Z+esLmSxTRL1dravopEMa+Eg
i2U327ahzTnMFMcW89W4EYjDpYUbHgznhD9mP0OGkxp0bXOwooaCPklm0/bSpVIG
j4X37jeETnzx0aQd99mu
=dyjN
-END PGP SIGNATURE-


We didn't say that showing concern was not appropriate. We did say 
however that automatically assuming suicide is inappropriate.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread notfriendly 

On 2016-06-05 19:13, Anthony Papillion wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 6:08 PM, Cecilia Tanaka wrote:

Hi Anthony.

I am really worried about Jake and contacted some friends in
common yesterday and today.  I had no news until now.

I really don't know if he is receiving my messages or reading them
and I tried to contact some CCC friends, but I don't know if he is
in Berlin or not.

He is, probably, very stressed and confused in this moment.  Jake
has much more scars in his soul than he usually exposes in public
and I know very well how hard can be living with deep pain.  I
don't know if God exists or not, but I am sincerely praying for
him.


Thank you for the response Cicilia. While I don't know Jake except
from a few IRC conversations, I find myself worried that, with all of
the stress from these allegations, it could push him over the edge.
I'm glad to find that he has friends like you who are actively
checking up on him.

If there is a chance that he is still in Berlin, do you have any CCC
contacts that might be willing to drop by his apartment to check on
him? I know that sounds paranoid and extreme but this is a pretty
strange time for him I'm sure.

Like you, I am praying for him as well. He needs all the strength and
support he can get right now. I hope that he is at least reading 
messages.


Anthony



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLIVAAoJEAKK33RTsEsVsrEQAJthIy/QS6h4r03py8HUFCQc
FPLS3Tp2BoJubl+gG4xb78bYZ9Wcnf1ocGjdWMONEnfEeW091x+6hOPWlg+3nkPK
frrAAQlSC5MRhcSqE76NpgfLIPRjhrXXrDEuGOwRvl99yue25m2hzhZHq6uKsw4I
0MkjDLzEloiBlqkd3SuBNZ2SyhlhC/k5yWPt+I3OJngdP6slgd5LdeMk/nk+yXCK
AZERaqgxftPKgrIQjJvaDsG8jKlcBqVGR903NJv/IMwKnjzzFKs31lOicT1yWH2U
ugoKCEtxQHA0cQ1MPXUI14vEY/+ekLvmFSx+GJWO5eloGri4FNPzXSa9PNBeyjrX
4kxcx48+C+B/34+rp0F8LXQYLM469F7uXVJMhzzf+RfIUWqy3Kc+REQyZ/tdcfu2
6aSKdpsIhoe14GM2IIzlSl+QPyHcuhmpHIgtQqmtGnAMl9I9QEMC7846pq+ItO1Y
s9pF0CaqgYH/BS94Np0Ra28sTX6Ol5GDh2Uem5+gpRFGJxXaCb4ed6MyAYGXdY/x
4WbXu6glZploy9UqxbyIq6OTsjhmpeJVB2wv/rjz5+11sEt2hfK5oi34sf+KPb3e
l6bhN0uGOpxWauydUH7lCXFQd5MQqRSI6GvpQIJIyqoHXwim3ae1EWOgcVO1D6ZD
3DUMcZyGMZ5H4VK9SX4B
=5skx
-END PGP SIGNATURE-


I hope that he is reading the messages as well. As to the checking if he 
is at his apartment thing that might be seen as invasive to his privacy. 
He is isn't responding to messages he might want to be left alone for a 
little while.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor (and other nets) probably screwed by Traffic Analysis by now

2016-06-05 Thread notfriendly 

On 2016-06-05 19:02, Jonathan Wilkes wrote:

Personally the idea of storing a ton of data isn't the best for me

so rather I simply use Tor + private search engines and trust it to
protect me.
ton = ?
-Jonathan

On Sunday, June 5, 2016 6:15 PM, "notfrien...@riseup.net"
 wrote:


 On 2016-06-05 17:59, Jonathan Wilkes wrote:

Another idea is to use
search engines that protect your privacy such as ixquick or 
duckduckgo

(they store search queries but they don't track individuals (I.e they
don't store your IP Address, as far as we know that is).

Those are solutions of a different kind.  What I'm trying to describe
is
an "everyone gets everything" private information retrieval approach,
but where the "everything" stored on your machine has enormous value
to you, outside of its role as cover traffic.
-Jonathan



    On Sunday, June 5, 2016 4:49 PM, "notfrien...@riseup.net"
 wrote:


  On 2016-06-05 13:38, Jonathan Wilkes wrote:

Prediction market (place your bids):
"First networks utilizing fill traffic as TA countermeasure to

emerge and reach early deployment by year end 2017..."
It's a bit off-topic, but it's worth keeping in mind what
the greater free software community is good at-- like
replicating data-- and what it isn't-- like hiding data.
For example-- if you've been afraid to look up something
on Wikipedia for fear of typing "those words" into Google
or Wikipedia, just download Wikipedia.  They have all the
tools and docs to help you do that, with an archive format
that probably fits very comfortably in your free hard drive
space.
If anyone does this, you'll immediately notice the benefit
of the approach: that cover traffic isn't just random
data-- it's Wikipedia.  You can use it for future queries
regardless of subject matter, with a greater probability of
privacy than anything a future cover-traffic network can get
you.
There are many other examples out there.  If you spend
a little time each week thinking about this approach you'll
find it changes how you use the web and internet.  Those
changes will affect your values, and if enough people do
this it obviously affects what we want and need out of a
future cover-traffic network.

-Jonathan


The idea of downloading the Wikipedia archives is pretty good since it
doesn't note the content you were looking for. Another idea is to use
search engines that protect your privacy such as ixquick or duckduckgo
(they store search queries but they don't track individuals (I.e they
don't store your IP Address, as far as we know that is).
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Absolutely whoever is monitoring (aka spying) on your traffic if they
see you downloaded everything it's hard to determine what your looking
for. Personally the idea of storing a ton of data isn't the best for me
so rather I simply use Tor + private search engines and trust it to
protect me.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


Yes it's proven that Tor IS NOT backdoored meaning that you are safe to 
use tor and a private search engine like ixquick or duckduckgo to stay 
safe.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread notfriendly 

On 2016-06-05 18:43, Paul Syverson wrote:

On Sun, Jun 05, 2016 at 05:20:24PM -0400, Allen wrote:

>
> So randomizing the times that traffic enters the network and exits the
> network wouldn't work? Like it enters a note and 30 ms after received or
> another random delay couldn't it exit. It would be harder to correlate the
> traffic right?


IMO, the packets would probably need to be randomly delayed at each 
node,
not just entering and exiting the network.  A mathematical model would 
be
needed to determine the necessary amount of delay (I doubt 30 ms would 
be
enough).  The delay could be chosen by the originating node, so it 
could

chose the privacy vs latency tradeoff.


You guys might want to look at the stop-and-go mix paper (Kesdogan et 
al. 1998)
and the alpha mixing paper (Dingledine et al. 2006) at 
freehaven.net/anonbib/

Other topics touched on in this thread include defensive dropping
"Timing Attacks in Low-Latency Mix-Based Systems" Levine et al. 2004,
also at anonbib.
There are many research papers that have explored aspects of these 
ideas.




It might also be beneficial to have two channels to each exit node, 
with
each channel used in only one direction, i.e., outbound packets travel 
one

route, while inbound packets travel a different route.


For this you might look at
"Preventing Active Timing Attacks in Low-Latency Anonymous 
Communication"

Johnson et al. 2010, also on anonbib

aloha,
Paul


I just downloaded the PDF and will read it later tonight.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread notfriendly 

On 2016-06-05 17:52, Cecilia Tanaka wrote:

On Jun 5, 2016 5:37 PM, "jacob appelbaum (ioerror) questions" <
jacobappelbaum@yandex.com> wrote:


The conspiracy of silence is unravelling around Jake and luckily, it

hasn’t been forty years.

My dear,

Sorry, I can't believe in someone who is using Jake's own name for 
posting

anonimously articles offending him, his reputation and his work.

You want to humiliate him.  It is being a public lynching, real moral
harassment.

Sorry, you are not being a victim.  Now, in this exact moment, you are
acting just exactly like the people you said that were wrong and it is
really disgusting.

**  Transparency and coherence, please.  **

I am an old grumpy lady with a pretty strong flu and an even more 
terrible
English, really trying to read everything you post here.  I think I 
deserve

a bit more of logic and respect, please.  This thing you are doing is
really offensive not just for Jake, but for my poor neurons too!  :

Cecilia


As I've stated numerous times I have a serious doubt that Jacob (Jake) 
did anything. The poster didn't even bother using a pseudonym the email 
service / address they used "jacobappelbaum@yandex.com" do they not 
realize that yandex provides free email hosting for domains. Their 
address could have been cont...@jocobappelbaum.net but I guess they were 
too lazy to do that. The site is also poorly designed several stories 
just having place holders.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates on hardening a Debian VPS?

2016-06-05 Thread notfriendly 

On 2016-06-05 20:38, ng0 wrote:

On 2016-06-05(03:24:16-0800), I wrote:


notfriendly,

This was a dig at the list.
When questions are asked to get help they are told to stop wasting 
list attention and to be relevant or go elsewhere, but look at the 
energy on the list today.


Jacob has contributed to Tor and that is where my interest stops. The 
rest is for the people involved to deal with elsewhere.

[Sorry to hear what Nick Farr has said.}

However...not wanting to miss an chance to learn

I tried unattended-upgrades but apt-get update and upgrade still had 
to be used.  What is the trick to getting it to automate upgrades?


I've read a bit but still don't know how to set-up iptables.
Is there a tutorial for setting it up on a system just running Tor?

Everywhere I looked presumes knowledge I don't yet have.
I imagine I am not the only one.

Robert




Not to derail from debian, but you might want to look at tor-ramdisk[0]
thought this might require building it yourself[1], last time I tried 
there
were problems with the pre-built images blueness put on the download 
location.


I tried to address this to blueness in irc, but they seem to be busy 
with

other things at the moment.

[0]: http://opensource.dyc.edu/tor-ramdisk
[1]: https://gitweb.torproject.org/tor-ramdisk.git
--
♥Ⓐ ng0
4096R/13212A27975AF07677A29F7002A296150C201823


I am not sure what his intent for his VPS but the tor-ramdisk may or may 
not be out of scope.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread notfriendly 

On 2016-06-05 20:44, tor_t...@arcor.de wrote:

Hi Tor Talkers,

when a Tor developer gets harassed by FBI (talk is done already last
months) there is no doubt about whose side we are

when Jacob Appelbaum gets into sexual allegations (within the
community) i would have had no doubt to tell that the community is up
to he is innocent until judged guilty by an ordinary court
it is not up to Jacob to proof his innocence it is up to a prosecutor
to get evidence for his guilt
i hate to say it but such allegations will last for ever in the
internet...from today's sight it will never forget neither truenesses
nor lies

a person who is exposed as Jacob is/was gets easily shot by back
seated ones or framed or droned by intels
it looks like secret service is going up to something
two lawyers of wikileaks died "suddenly"
they put a rope around Assange in sweden
they harassed e. g. lovecruft
they prosecuted and jailed whistle-blowers and true(th)speakers
some wish Jacob dead (altered account at twitter)
and in the USA they want "h" to be president even if she had issues
with her e-mail server and following wikileaks leaks and media she
could have exposed some agents. i bet Chelsea would be pleased to meet
her to give some advice on "how to whistle-blow" the right way

if there is a rule missing how or why someone is named on papers or
work (or not) you can do apply a rule randomly at start or at the end
for a project
and just to be clear you don't stop reading while Jacob stands on top
of a list all others are honored as well

but perhaps it is time to expose someone else and get Jacob time for a
deep breath

and please don't put Jacob near/in the drawer of (h)suicides that
makes it more easily for THEM to let it look alike
i guess Jacob is all well this will not hurt his "small planet" (quote
from a Tor Talker)


Hopefully it won't get to the point where he is ever prosecuted. If it 
does I hope that he has the evidence to point out that he hasn't done 
anything. I do not believe (at the current time / until further evidence 
proves or disproves) that Jacob is guilty of said allegations.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread tor_talk 
Hi Tor Talkers,

when a Tor developer gets harassed by FBI (talk is done already last months) 
there is no doubt about whose side we are

when Jacob Appelbaum gets into sexual allegations (within the community) i 
would have had no doubt to tell that the community is up to he is innocent 
until judged guilty by an ordinary court 
it is not up to Jacob to proof his innocence it is up to a prosecutor to get 
evidence for his guilt
i hate to say it but such allegations will last for ever in the internet...from 
today's sight it will never forget neither truenesses nor lies

a person who is exposed as Jacob is/was gets easily shot by back seated ones or 
framed or droned by intels 
it looks like secret service is going up to something
two lawyers of wikileaks died "suddenly"
they put a rope around Assange in sweden
they harassed e. g. lovecruft
they prosecuted and jailed whistle-blowers and true(th)speakers
some wish Jacob dead (altered account at twitter)
and in the USA they want "h" to be president even if she had issues with her 
e-mail server and following wikileaks leaks and media she could have exposed 
some agents. i bet Chelsea would be pleased to meet her to give some advice on 
"how to whistle-blow" the right way

if there is a rule missing how or why someone is named on papers or work (or 
not) you can do apply a rule randomly at start or at the end for a project
and just to be clear you don't stop reading while Jacob stands on top of a list 
all others are honored as well

but perhaps it is time to expose someone else and get Jacob time for a deep 
breath

and please don't put Jacob near/in the drawer of (h)suicides that makes it more 
easily for THEM to let it look alike
i guess Jacob is all well this will not hurt his "small planet" (quote from a 
Tor Talker)








-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread notfriendly 

On 2016-06-05 17:20, Mirimir wrote:

On 06/05/2016 03:55 AM, Cari Machet wrote:

it was umn ... sarcasm


Dude, you need to flag that in text comms :)


that any organization has not inset into its guidelines ways of really
structurally dealing with sexual misconduct is profoundly unethical

just another way tor is super fucked up


On Sun, Jun 5, 2016 at 6:52 AM, Mirimir  wrote:


On 06/04/2016 09:38 PM, Cari Machet wrote:
Why would any orginization ever set up best practices in order to 
really

be
dealing with sexual misconduct of an employee ? Why consider such 
levels

of

ethics ? Wierd.


Because otherwise there will be expensive civil liability, no?


On Jun 5, 2016 3:59 AM, "Mirimir"  wrote:

I don't see that this link to a statement from Shari Steele has been
posted yet: https://blog.torproject.org/blog/statement.

She concludes: "We expect that this will be our only public 
statement."


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk







I'm able to access the link just fine.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 6:47 PM, Mirimir wrote:
> On 06/05/2016 05:36 PM, Anthony Papillion wrote:
>> On 6/5/2016 6:30 PM, Mirimir wrote:
>>> On 06/05/2016 05:14 PM, Anthony Papillion wrote:
 On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:
> On 2016-06-05 18:17, Anthony Papillion wrote: The last
> time IOError tweeted was on 30 May. Has anyone on this list
> actually HEARD from him since then? We have to remember
> that Jake comes from a really fucked up childhood.
> Something like these allegations could push someone over
> the edge.
 
> Anthony
 
 
> He might need time to himself for now. He has a lot of
> people talking about him right now. He probably needs a
> break.
 
 You're probably right. I've just seen this kind of thing get
 out of hand before and, innocent or not, people can be pushed
 over the edge.
>> 
>>> I get where you're coming from, but public comments about his 
>>> history, and speculation about suicide, really aren't
>>> appropriate. IMHO, anyway.
>> 
>>> Just sayin'.
>> 
>> 
>> Showing concern is completely appropriate. And why not discuss
>> his history? It's not like he hides it or even tries to. He's
>> very open about it. I'm not saying anything Jake hasn't publicly
>> said himself, usually in front of a few hundred people. Sorry,
>> concern for a fellow human being trumps 'appropriateness' IMO.
> 
> I'm fine with concern. But on a mail list, it's creepy. But then,
> I don't know him. And I'm pretty old-school about privacy.

Yes, I can agree it's kind of creepy. The only reason I sent it down
the list was because I don't know specific people who know him that I
could email privately. Otherwise, I definitely would have preferred
that. But, surprisingly, I'm pretty OK with being creepy lol

> I did, however, screw up by sending my own "[OFF-LIST]" message to
> the list ;)

That threw me for a second! I saw the off-list designation and then
thought 'oh crap, I just violated his privacy by responding to a
private email on the list'. THen I saw it had been sent to the list. I
should have paid more attention as well and readdressed it. Sorry
about that!



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLqrAAoJEAKK33RTsEsVhCwQAK9azFiK6fluTTPW0pppDxAl
g+NtoThYMeZbKpogHHa5/fkZEH/IxbWCowadLvik+cjP+X+cig2fz6yjQug8yaxc
1SyEXVcAhcqBpj5sVI/CZ9SP80akQD4cEMeYLvqQ0i9SoGDLIofoE9bNOFzka5S8
43XEMDU5CoI32hahuA+B7upae4Ka1yOiKoPUj2bKfScQ/PNqnTIHKsD/yWW4v1Zj
GXfwiGx7M3m2SFLF3Hy74Xnpcl2QwLjzx0BmLzeVleliouO/xtyclvjpPHNXfu2b
Z5WsXy8Q2yR+4HqlQDVV8jCKcGP3uTn4aNXiqtu1AqVH1qBhcyVelCS/lmZChQ/N
NK2K3GR91c7/XY1Z1/WuK5pyr46d/x7+HhgRe59PpNM1GyL6Dm4tyj/BvPGfLQIM
P+jAAOskmL8MNJKqGjGzfSqyw9I+0oDBW+NSpbNxP2btS2R1WMvtQ7L0OTEkKRf8
7tvu+C1S/k/S8j/67Dqyls5Q+dlmzTrHhoFjJfm714I1oXekKoWHVuHyEMdr3znK
cq7Ir9Sl7iQprgoRah3eKEi2aUY8lZ+LRYvbOH7EFmC+FeY9I48I6n0nbhDRLWEy
AklvQFeZWVVxNJF1UF/fthMTuxjOF5wUQ0vADN2/wNb+6EbgaKE4XpHzz+Jaf7cH
h+mWNYiccmj68Vwdhpep
=agD7
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Mirimir 
On 06/05/2016 05:36 PM, Anthony Papillion wrote:
> On 6/5/2016 6:30 PM, Mirimir wrote:
>> On 06/05/2016 05:14 PM, Anthony Papillion wrote:
>>> On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:
 On 2016-06-05 18:17, Anthony Papillion wrote: The last time
 IOError tweeted was on 30 May. Has anyone on this list actually
 HEARD from him since then? We have to remember that Jake comes
 from a really fucked up childhood. Something like these
 allegations could push someone over the edge.
>>>
 Anthony
>>>
>>>
 He might need time to himself for now. He has a lot of people 
 talking about him right now. He probably needs a break.
>>>
>>> You're probably right. I've just seen this kind of thing get out
>>> of hand before and, innocent or not, people can be pushed over
>>> the edge.
> 
>> I get where you're coming from, but public comments about his
>> history, and speculation about suicide, really aren't appropriate.
>> IMHO, anyway.
> 
>> Just sayin'.
> 
> 
> Showing concern is completely appropriate. And why not discuss his
> history? It's not like he hides it or even tries to. He's very open
> about it. I'm not saying anything Jake hasn't publicly said himself,
> usually in front of a few hundred people. Sorry, concern for a fellow
> human being trumps 'appropriateness' IMO.

I'm fine with concern. But on a mail list, it's creepy. But then, I
don't know him. And I'm pretty old-school about privacy.

I did, however, screw up by sending my own "[OFF-LIST]" message to the
list ;)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 6:35 PM, notfrien...@riseup.net wrote:
> On 2016-06-05 19:30, Mirimir wrote:
>> On 06/05/2016 05:14 PM, Anthony Papillion wrote:
>>> On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:
 On 2016-06-05 18:17, Anthony Papillion wrote: The last time
 IOError tweeted was on 30 May. Has anyone on this list
 actually HEARD from him since then? We have to remember that
 Jake comes from a really fucked up childhood. Something like
 these allegations could push someone over the edge.
>>> 
 Anthony
>>> 
>>> 
 He might need time to himself for now. He has a lot of
 people talking about him right now. He probably needs a
 break.
>>> 
>>> You're probably right. I've just seen this kind of thing get
>>> out of hand before and, innocent or not, people can be pushed
>>> over the edge.
>> 
>> I get where you're coming from, but public comments about his
>> history, and speculation about suicide, really aren't
>> appropriate. IMHO, anyway.
>> 
>> Just sayin'.
> I agree with that. We shouldn't assume someone died just because
> they are not responding to online communications. The speculation
> is suicide as you said is indefinably inappropriate. He might need
> a break. Another possibility is that he is in an area with a power
> or internet outage (I'm not sure why long term but still). These
> are all possibilities.

I'm pretty sure I never said he had suicided so there's no
'assumption' there. What I did say is that, in light of the stress
he's under, someone should at least check on him. I mean yes there are
other possibilities but nothing should be flippantly ruled out. At
what point is it 'appropriate' to be concerned? A month? A year?
Never? If we never hear from him again should we simply assume he's
alright and just decided to check out of the community? I guess we're
all allowed our opinions but I choose to err on the side of concern
for a fellow human being who's directly impacted my life. Your choices
might be different.



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLiwAAoJEAKK33RTsEsV+gkP/RFuj5jFnglZ/FAAsmrZPjqR
oqDoWbr8axbhw1m7TkI1uGN+YGgLLuK+VsSCtPlQn+J9KN8pj38SvpVzIPA/1Dke
snPdyA59BkE95oN5dkRmzuDT0y9yujgKXOBn/h33pfyRV259lGseJLDzf6y5IcCq
7pSWeoDEBnWqt0LjdLODOQrRCti1Vdiu32tNf5vUQRgX4r1bNvMUPu/xTDcR6/K9
m2zf56ejIgDuiu6wXb1Hu+9Vi5p27UWibt4NvExpxBTCbF9ajbpI4EZtKQi81R1B
JzsNHQS5O2Mg9daCuOYgf0pLXbuhozDeXdoH4mmwTZvkOqoBv843hJl8SrXnZZPK
B6i7kQ0wx0dTMUpbacN3oNLYSaBDdXgDe3HqxRBqWXhTcCEMP0LMzQJ8TEljuYOv
6c3ZMnrOh6hMm1h5ScWSK/MGTil7392PPzt8/MdGWTjwGTq2X+KXhIjfsT6qQ9rz
fg/QgBBNaRFCYLKzEWV+k9JHU8SyFEoI5VK89W39K+sZeemFmTcyOwTFnGPyeBIi
mO7udvZiFyeBoc0r4mYAMh16mcP1JycaG5WSYvA5KlwuUqVWljpyXHp4ib3Og28B
z/cidAxOpaC9jBjZqvmqXbfi3dzzPWd7DWOKsI9k0BPMtWyUuReVutrDnbye/SOk
tGeDevtxHSsxgibhq7MI
=akKt
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread notfriendly 

On 2016-06-05 19:23, Anthony Papillion wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 6:20 PM, notfrien...@riseup.net wrote:

On 2016-06-05 19:08, Cecilia Tanaka wrote:

Hi Anthony.

I am really worried about Jake and contacted some friends in
common yesterday and today.  I had no news until now.

I really don't know if he is receiving my messages or reading
them and I tried to contact some CCC friends, but I don't know if
he is in Berlin or not.

He is, probably, very stressed and confused in this moment.  Jake
has much more scars in his soul than he usually exposes in public
and I know very well how hard can be living with deep pain.  I
don't know if God exists or not, but I am sincerely praying for
him.

Cecilia


I find it concerning we haven't heard from him. His website is
also offline (the one listed on his twitter) which is also
worrying.


IIRC, his website has been offline since a good bit before this. I
tried to visit it late last year and got an offline error.



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLRxAAoJEAKK33RTsEsVfwUQAIr40kNQ3oXoVog5kf8OJKK0
bOG3VoLlaxSCzRtzT51NRIOZeOt4XtORZWLtAosET0s0wUTqOj/gGtpzAGx2K1X1
zTfBdw8rQZnSzWI4eyH4gOFe/HsEoRNu1/75LdAdKpG9I1ocYcoTJyhBlqrAHmfq
TFDyCDLAOC1x9jKEqoV1+PeucKhX0p8wRS9yvgOwRzSLwXnJkkoulsgtSqOAeRTl
PphQfhbl5EbnYF4ptXioiTcNux1gchl/Y+7rIRPa1NCM2VhWjUO9+S+shT9efLou
Jf2+E/j+nxzdImjkRkyjBwOQ08JgYvtg0w4SXyweERBGKgDlPw1NcdqUu3NMnclT
dc1fgyK0u1KTdEiRlyD4mky2i+QDk2u8Q28BOwgOnrcCMF8xM+QJqNsqtdgBJuUA
zXQRA583f2XsVkGpytiNfG0LbxNGC6hJoUnLkrt5RQEJM3auC07K9u3L0fvL4cC2
d2udWwyTsJj/m5Ce2nWkORAoJQUqq6lV4O8wnito+SlAQCkzeOYlmHXqgmxsoxxZ
Xar8UDkvUkHq4Zh8A2+ggLwMUQFdb5OwnNNSo2aioHNj/HHKJ+aQcd3S5JGNC30I
hcofpN/WtkwIVYs10VumbhQB1RfvIQYiQRe/Z2yJ35aoie/anHn6eWWZbUFnb+cM
DyLIbnPw3OjRCHSgHwhh
=E4J5
-END PGP SIGNATURE-


Oh ok. I wasn't sure. Well that removes worries/concerns on that end 
then.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 6:30 PM, Mirimir wrote:
> On 06/05/2016 05:14 PM, Anthony Papillion wrote:
>> On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:
>>> On 2016-06-05 18:17, Anthony Papillion wrote: The last time
>>> IOError tweeted was on 30 May. Has anyone on this list actually
>>> HEARD from him since then? We have to remember that Jake comes
>>> from a really fucked up childhood. Something like these
>>> allegations could push someone over the edge.
>> 
>>> Anthony
>> 
>> 
>>> He might need time to himself for now. He has a lot of people 
>>> talking about him right now. He probably needs a break.
>> 
>> You're probably right. I've just seen this kind of thing get out
>> of hand before and, innocent or not, people can be pushed over
>> the edge.
> 
> I get where you're coming from, but public comments about his
> history, and speculation about suicide, really aren't appropriate.
> IMHO, anyway.
> 
> Just sayin'.
> 

Showing concern is completely appropriate. And why not discuss his
history? It's not like he hides it or even tries to. He's very open
about it. I'm not saying anything Jake hasn't publicly said himself,
usually in front of a few hundred people. Sorry, concern for a fellow
human being trumps 'appropriateness' IMO.


-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLeZAAoJEAKK33RTsEsVK6YP/0dlCDranRHUV6joIOCLSjkf
C9r18sg9+OyQmjVe8FlVzZ7AKi9P4l2vMfeiUxgqQjnt92RYRJdFP1lZQv6ZN6No
VRyIRiZ29ieyL7P8rEXIuMzCSwam/cqzozGM275Z1QYnCxgWieN5jtxyH1cCOFyW
gpAkyjOZpdXWkWddz6RA2sudy3eqkz8kYSLoIVT3qXwOYhSSS92mGe4U9S2Z3KJb
4VSihal1GW07cYc2fs0JGAWkl/0vsPXX3rjLo/Oq5nu4ISAthHe2SLB8PWk/Lr67
C0lVRZZwSs6l2ErWLwpQpdHKx1a8cga0/4DhoW1vTVkQ/klLA2JD5IVtMEGGndot
DML8aJfeswN7yaper02MkfI3s2YYfUcPTY2yhs7POfWIgdpBEGLMVwQ8iYoyv+/q
q+7EeVONv97QX6DE1w1s5mR9WHK6rz8cFsvhB6UoeKj/NBJjlhKzHpWVy1BC1O6C
TPsPc4zSO6AjusHBhSBbm+htHxciuY2QzjVUJQrVa04AwrUHzpCPQfTW3jxnUUTd
daR2nJVHoh/+bi+j2ziZqBObyk5E3CkCEGIQ0th8Z+esLmSxTRL1dravopEMa+Eg
i2U327ahzTnMFMcW89W4EYjDpYUbHgznhD9mP0OGkxp0bXOwooaCPklm0/bSpVIG
j4X37jeETnzx0aQd99mu
=dyjN
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread notfriendly 

On 2016-06-05 19:30, Mirimir wrote:

On 06/05/2016 05:14 PM, Anthony Papillion wrote:

On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:

On 2016-06-05 18:17, Anthony Papillion wrote: The last time IOError
tweeted was on 30 May. Has anyone on this list actually HEARD from
him since then? We have to remember that Jake comes from a really
fucked up childhood. Something like these allegations could push
someone over the edge.



Anthony




He might need time to himself for now. He has a lot of people
talking about him right now. He probably needs a break.


You're probably right. I've just seen this kind of thing get out of
hand before and, innocent or not, people can be pushed over the edge.


I get where you're coming from, but public comments about his history,
and speculation about suicide, really aren't appropriate. IMHO, anyway.

Just sayin'.
I agree with that. We shouldn't assume someone died just because they 
are not responding to online communications. The speculation is suicide 
as you said is indefinably inappropriate. He might need a break. Another 
possibility is that he is in an area with a power or internet outage 
(I'm not sure why long term but still). These are all possibilities.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates on hardening a Debian VPS?

2016-06-05 Thread notfriendly 

On 2016-06-05 19:24, I wrote:

notfriendly,

This was a dig at the list.
When questions are asked to get help they are told to stop wasting
list attention and to be relevant or go elsewhere, but look at the
energy on the list today.

Jacob has contributed to Tor and that is where my interest stops. The
rest is for the people involved to deal with elsewhere.
[Sorry to hear what Nick Farr has said.}

However...not wanting to miss an chance to learn

I tried unattended-upgrades but apt-get update and upgrade still had
to be used.  What is the trick to getting it to automate upgrades?

I've read a bit but still don't know how to set-up iptables.
Is there a tutorial for setting it up on a system just running Tor?

Everywhere I looked presumes knowledge I don't yet have.
I imagine I am not the only one.

Robert


The debian wiki gives some good information on setting up 
unattended-upgrades (https://wiki.debian.org/UnattendedUpgrades). 
DigitalOcean released a tutorial for Ubuntu 12.04 but the same concepts 
can be applied since Ubuntu is based on Debian 
(https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-iptables-on-ubuntu-12-04). 
I hope this helps.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] [OFF-LIST] Re: Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Mirimir 
On 06/05/2016 05:14 PM, Anthony Papillion wrote:
> On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:
>> On 2016-06-05 18:17, Anthony Papillion wrote: The last time IOError
>> tweeted was on 30 May. Has anyone on this list actually HEARD from
>> him since then? We have to remember that Jake comes from a really
>> fucked up childhood. Something like these allegations could push
>> someone over the edge.
> 
>> Anthony
> 
> 
>> He might need time to himself for now. He has a lot of people
>> talking about him right now. He probably needs a break.
> 
> You're probably right. I've just seen this kind of thing get out of
> hand before and, innocent or not, people can be pushed over the edge.

I get where you're coming from, but public comments about his history,
and speculation about suicide, really aren't appropriate. IMHO, anyway.

Just sayin'.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates on hardening a Debian VPS?

2016-06-05 Thread I 

notfriendly,

This was a dig at the list. 
When questions are asked to get help they are told to stop wasting list 
attention and to be relevant or go elsewhere, but look at the energy on the 
list today.

Jacob has contributed to Tor and that is where my interest stops. The rest is 
for the people involved to deal with elsewhere. 
[Sorry to hear what Nick Farr has said.}

However...not wanting to miss an chance to learn

I tried unattended-upgrades but apt-get update and upgrade still had to be 
used.  What is the trick to getting it to automate upgrades?

I've read a bit but still don't know how to set-up iptables.
Is there a tutorial for setting it up on a system just running Tor?

Everywhere I looked presumes knowledge I don't yet have.
I imagine I am not the only one.

Robert






-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread notfriendly 

On 2016-06-05 19:08, Cecilia Tanaka wrote:

Hi Anthony.

I am really worried about Jake and contacted some friends in common
yesterday and today.  I had no news until now.

I really don't know if he is receiving my messages or reading them and 
I
tried to contact some CCC friends, but I don't know if he is in Berlin 
or

not.

He is, probably, very stressed and confused in this moment.  Jake has 
much
more scars in his soul than he usually exposes in public and I know 
very
well how hard can be living with deep pain.  I don't know if God exists 
or

not, but I am sincerely praying for him.

Cecilia


I find it concerning we haven't heard from him. His website is also 
offline (the one listed on his twitter) which is also worrying.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 5:43 PM, notfrien...@riseup.net wrote:
> On 2016-06-05 18:17, Anthony Papillion wrote: The last time IOError
> tweeted was on 30 May. Has anyone on this list actually HEARD from
> him since then? We have to remember that Jake comes from a really
> fucked up childhood. Something like these allegations could push
> someone over the edge.
> 
> Anthony
> 
> 
> He might need time to himself for now. He has a lot of people
> talking about him right now. He probably needs a break.

You're probably right. I've just seen this kind of thing get out of
hand before and, innocent or not, people can be pushed over the edge.




-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLJNAAoJEAKK33RTsEsVuasP/3vZ9KxgPz3JNCpE331mDBOf
lK1+XrXT8MgLxe9McSPwrNLjGdrz92C1w6S9sZc6AS4HngQ6D+B7zrPoKb/kqn6F
SvrICSPoENSfqxooq/LPJH60jHUpm38g/iQNcids1H/j4wLeYCnEXD6eg3uYgKXP
l/EPptVg/f2U/iIBaTXjUbBlCJk/FZQFTyTo6+C98yh28N1cAbEs+LR5Zb4aLKYF
79DGdakHAj/gme8W0x0OOp2dG2S7MEmSucSO9H3sRqQDSXyYfc6Ej2Dk7qq6d+WH
85n0JRNxA4eZ8drlb75ikWwRlN7hNIgmCP8mhnxZPCAvh8Q4xImTlCmudSL2CUgl
jFNdS3DgZUa/WwxCAyKQA416Oa+rcziO+wUEYz14QhrcFtOU5lunnS5dv/mFU2EY
E87QqhfOzlo6sOlWj6mP0G0ZGlZq0TdSs/f2xh+VpljbYgKRa7ikDjZDtxMJw8Yk
qV6vpDNuPKlFsfRQBgkRlHj/0JStsIhc8ZJbjz3uTY7fGj89Jttq9kpV7+nKU6Ij
Jvkj01mlhjiQ7ao8nvEvgWBDbIjBCZ9KF6eL4ULMVfEX923j/7XbE8KloJHjDjR9
AGlIqQ0E9OR+bqrJ4BjdOABF1Oo/lUBaTBks+1CsWcKGDt5FazSrW1ECXN1WVE0B
G+7SPVOteC1M5oDL7epr
=l177
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 6/5/2016 6:08 PM, Cecilia Tanaka wrote:
> Hi Anthony.
> 
> I am really worried about Jake and contacted some friends in
> common yesterday and today.  I had no news until now.
> 
> I really don't know if he is receiving my messages or reading them
> and I tried to contact some CCC friends, but I don't know if he is
> in Berlin or not.
> 
> He is, probably, very stressed and confused in this moment.  Jake
> has much more scars in his soul than he usually exposes in public
> and I know very well how hard can be living with deep pain.  I
> don't know if God exists or not, but I am sincerely praying for
> him.

Thank you for the response Cicilia. While I don't know Jake except
from a few IRC conversations, I find myself worried that, with all of
the stress from these allegations, it could push him over the edge.
I'm glad to find that he has friends like you who are actively
checking up on him.

If there is a chance that he is still in Berlin, do you have any CCC
contacts that might be willing to drop by his apartment to check on
him? I know that sounds paranoid and extreme but this is a pretty
strange time for him I'm sure.

Like you, I am praying for him as well. He needs all the strength and
support he can get right now. I hope that he is at least reading messages.

Anthony



-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVLIVAAoJEAKK33RTsEsVsrEQAJthIy/QS6h4r03py8HUFCQc
FPLS3Tp2BoJubl+gG4xb78bYZ9Wcnf1ocGjdWMONEnfEeW091x+6hOPWlg+3nkPK
frrAAQlSC5MRhcSqE76NpgfLIPRjhrXXrDEuGOwRvl99yue25m2hzhZHq6uKsw4I
0MkjDLzEloiBlqkd3SuBNZ2SyhlhC/k5yWPt+I3OJngdP6slgd5LdeMk/nk+yXCK
AZERaqgxftPKgrIQjJvaDsG8jKlcBqVGR903NJv/IMwKnjzzFKs31lOicT1yWH2U
ugoKCEtxQHA0cQ1MPXUI14vEY/+ekLvmFSx+GJWO5eloGri4FNPzXSa9PNBeyjrX
4kxcx48+C+B/34+rp0F8LXQYLM469F7uXVJMhzzf+RfIUWqy3Kc+REQyZ/tdcfu2
6aSKdpsIhoe14GM2IIzlSl+QPyHcuhmpHIgtQqmtGnAMl9I9QEMC7846pq+ItO1Y
s9pF0CaqgYH/BS94Np0Ra28sTX6Ol5GDh2Uem5+gpRFGJxXaCb4ed6MyAYGXdY/x
4WbXu6glZploy9UqxbyIq6OTsjhmpeJVB2wv/rjz5+11sEt2hfK5oi34sf+KPb3e
l6bhN0uGOpxWauydUH7lCXFQd5MQqRSI6GvpQIJIyqoHXwim3ae1EWOgcVO1D6ZD
3DUMcZyGMZ5H4VK9SX4B
=5skx
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Cecilia Tanaka 
Hi Anthony.

I am really worried about Jake and contacted some friends in common
yesterday and today.  I had no news until now.

I really don't know if he is receiving my messages or reading them and I
tried to contact some CCC friends, but I don't know if he is in Berlin or
not.

He is, probably, very stressed and confused in this moment.  Jake has much
more scars in his soul than he usually exposes in public and I know very
well how hard can be living with deep pain.  I don't know if God exists or
not, but I am sincerely praying for him.

Cecilia
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor (and other nets) probably screwed by Traffic Analysis by now

2016-06-05 Thread Jonathan Wilkes 
> Personally the idea of storing a ton of data isn't the best for me 
so rather I simply use Tor + private search engines and trust it to 
protect me.
ton = ?
-Jonathan 

On Sunday, June 5, 2016 6:15 PM, "notfrien...@riseup.net" 
 wrote:
 

 On 2016-06-05 17:59, Jonathan Wilkes wrote:
>> Another idea is to use
>> search engines that protect your privacy such as ixquick or duckduckgo
>> (they store search queries but they don't track individuals (I.e they
>> don't store your IP Address, as far as we know that is).
> Those are solutions of a different kind.  What I'm trying to describe 
> is
> an "everyone gets everything" private information retrieval approach,
> but where the "everything" stored on your machine has enormous value
> to you, outside of its role as cover traffic.
> -Jonathan
> 
> 
> 
>    On Sunday, June 5, 2016 4:49 PM, "notfrien...@riseup.net"
>  wrote:
> 
> 
>  On 2016-06-05 13:38, Jonathan Wilkes wrote:
>>> Prediction market (place your bids):
>>> "First networks utilizing fill traffic as TA countermeasure to
>> emerge and reach early deployment by year end 2017..."
>> It's a bit off-topic, but it's worth keeping in mind what
>> the greater free software community is good at-- like
>> replicating data-- and what it isn't-- like hiding data.
>> For example-- if you've been afraid to look up something
>> on Wikipedia for fear of typing "those words" into Google
>> or Wikipedia, just download Wikipedia.  They have all the
>> tools and docs to help you do that, with an archive format
>> that probably fits very comfortably in your free hard drive
>> space.
>> If anyone does this, you'll immediately notice the benefit
>> of the approach: that cover traffic isn't just random
>> data-- it's Wikipedia.  You can use it for future queries
>> regardless of subject matter, with a greater probability of
>> privacy than anything a future cover-traffic network can get
>> you.
>> There are many other examples out there.  If you spend
>> a little time each week thinking about this approach you'll
>> find it changes how you use the web and internet.  Those
>> changes will affect your values, and if enough people do
>> this it obviously affects what we want and need out of a
>> future cover-traffic network.
>> 
>> -Jonathan
> 
> The idea of downloading the Wikipedia archives is pretty good since it
> doesn't note the content you were looking for. Another idea is to use
> search engines that protect your privacy such as ixquick or duckduckgo
> (they store search queries but they don't track individuals (I.e they
> don't store your IP Address, as far as we know that is).
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Absolutely whoever is monitoring (aka spying) on your traffic if they 
see you downloaded everything it's hard to determine what your looking 
for. Personally the idea of storing a ton of data isn't the best for me 
so rather I simply use Tor + private search engines and trust it to 
protect me.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


  
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Not Friendly 
Why are the people who know his being silent (or not responding to the 
discussion)? What does it imply?

> On Jun 5, 2016, at 6:46 PM, Lara  wrote:
> 
> jacob appelbaum (ioerror) questions:
>> https://medium.com/@nickf4rr/hi-im-nick-farr-nickf4rr-35c32f13da4d
>> 
>> Hi. I’m Nick Farr. (@nickf4rr)
> 
> A bunch of trolls inventing vague stories. The people who know Jake seem
> silent. Yet sock puppets seem to know a lot. They have never talked
> before, only now they found the courage. Back when the stories are
> generated were on some other mission bought on some Mechanical Turk.
> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Lara 
jacob appelbaum (ioerror) questions:
> https://medium.com/@nickf4rr/hi-im-nick-farr-nickf4rr-35c32f13da4d
> 
> Hi. I’m Nick Farr. (@nickf4rr)

A bunch of trolls inventing vague stories. The people who know Jake seem
silent. Yet sock puppets seem to know a lot. They have never talked
before, only now they found the courage. Back when the stories are
generated were on some other mission bought on some Mechanical Turk.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread notfriendly 

On 2016-06-05 18:17, Anthony Papillion wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The last time IOError tweeted was on 30 May. Has anyone on this list
actually HEARD from him since then? We have to remember that Jake
comes from a really fucked up childhood. Something like these
allegations could push someone over the edge.

Anthony

- --
OpenPGP Key:4096R/0x028ADF7453B04B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP?Jabber:cyp...@chat.cpunk.us
SIP:cajuntec...@sip.linphone.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVKTmAAoJEAKK33RTsEsVN1gP/0wbuIDZKw8jCcie7+vqJCYg
oicLMnRXvN4cQSP3VwFAU4a3oP8rzUAfcP3TlqTSucEgr03ztKPUsOVApuqgk3GG
6TqkW9ifcF/aIbdeYZt98zEIzCOtzJ96fOlBc+uXCxVUw5as/bEL1F0f4y93zB9B
QT47LpKc4HcHGgzmpTQ4b9o7RfFBe2d0n4E17DuO7RsR79K4TZWRuzzVbJDzoE4n
ocMFEuRkOiFZdDTlywAcPdXJQ+vjK0Tna0nI0zdNRg2cYeoYjibra8F/bC2ZwutE
oZgRguqJeMVLzSQK9so9Ta4eVszYC3X8FT5gM2Ekq7tZM4a49zrasuesmHM02HDT
bDJNj0ED2CAIjBNLiBndtgKPVmDOBvX0OCs7uyim8jBnETsS3LbYRJuC23D7yxSI
ac7BeS/fCevVEs4Z0qTRhJVb6at3xC/miR9w4xJ2WwVBATkau0llMr+vDXCUxOwo
Rz5p18bHa0dOzNKXhBSdaZpZlbHywJtdYNkQLX+UOGPiICsd1SQgz/dLM1QI2c8z
Je3RsNrFMw4HRhXZICGwZW8xl8ZhkGpOOBhbgUKqrfeFQgdzb3KEjdhGgPh0lQ7A
DhsNtOoZQQSADmwecf0FACIZ9w7/Rf/alvVk8SG/bXPWv8VavyKXeeh0Az54ddXk
LRziD/JGEvoryJJw5DKG
=NIpt
-END PGP SIGNATURE-


He might need time to himself for now. He has a lot of people talking 
about him right now. He probably needs a break.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread Paul Syverson 
On Sun, Jun 05, 2016 at 05:20:24PM -0400, Allen wrote:
> >
> > So randomizing the times that traffic enters the network and exits the
> > network wouldn't work? Like it enters a note and 30 ms after received or
> > another random delay couldn't it exit. It would be harder to correlate the
> > traffic right?
> 
> 
> IMO, the packets would probably need to be randomly delayed at each node,
> not just entering and exiting the network.  A mathematical model would be
> needed to determine the necessary amount of delay (I doubt 30 ms would be
> enough).  The delay could be chosen by the originating node, so it could
> chose the privacy vs latency tradeoff.

You guys might want to look at the stop-and-go mix paper (Kesdogan et al. 1998)
and the alpha mixing paper (Dingledine et al. 2006) at freehaven.net/anonbib/
Other topics touched on in this thread include defensive dropping
"Timing Attacks in Low-Latency Mix-Based Systems" Levine et al. 2004,
also at anonbib.
There are many research papers that have explored aspects of these ideas.

> 
> It might also be beneficial to have two channels to each exit node, with
> each channel used in only one direction, i.e., outbound packets travel one
> route, while inbound packets travel a different route.

For this you might look at 
"Preventing Active Timing Attacks in Low-Latency Anonymous Communication"
Johnson et al. 2010, also on anonbib

aloha,
Paul
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates on hardening a Debian VPS?

2016-06-05 Thread notfriendly 

On 2016-06-05 18:35, I wrote:

What are the current best things to do to a Debian VPS to stop being
puppeted by clever dicks?

Robert


I have a few suggestions:

* Use SSH Key Based Authnication only (no password based login)
* Update your software frequently
* Enable IPTables and only allow ports that you utilize, if you have a 
static ip address only allow connections to ssh from that ip address

* Enable Tripwire to detect changes to system files

Good luck with securing your VPS
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread jacob appelbaum (ioerror) questions 
http://ethi.cx/forty.html

For Forty Years...

Joe Paterno – praised college football coach and idol to hundreds of thousands 
of people – continued in silence, allowing Jerry Sandusky to nurture a 
mechanism that leveraged the Penn State football program to prey on his 
victims, which totals 32 at the time of writing. Forty years, Paterno continued 
the conspiracy of silence until his dying days, disgraced in the eyes of the 
sane and a mistreated God to the idol worshipers, sycophants and zealots. They 
rioted in the streets, refused to listen to evidence, as more and more piled in 
daily. They screamed and cursed the victims, media and anyone calling Paterno 
an enabler.

In 2012 the famed Statue of Joe Paterno was taken down. After years of 
fighting, Penn State football fans took it into their own hands and made two 
replica statues: one to give to the Paterno family, the other to take to Penn 
State football games. One of the fans who constructed the statues commented, 
“We are creators. We are not in politics. We are not cops…this is who we are.”

This kind of idol worship is terrifying, but very real.

The comparison to the Jerry Sandusky scandal and Jacob Appelbaum's may be wild 
to some people, considering the formers grandiosity, however the similarities 
are astounding. The predatory behavior exemplified by both men is that of 
asserting themselves into places of power and exploiting their positions to 
take advantage of those who admired them or felt safe with. While the many 
people who have been hurt by Jake, either physically, sexually, emotionally, or 
professionally are ignored or even attacked by starry-eyed fans who believe 
their heroes can do no wrong. The statue of ioerror was being built through the 
myth of heroism in the face of tyranny and what better place to provide more 
building material than the Tor Project.

It hasn’t been forty years for the Tor Project, and I’m glad that under new 
management this issue was addressed and brought to light. While personally 
knowing a handful of people he has stolen research from or tried to squeeze his 
way into their research groups, I knew his m.o. and warned anyone that even 
brought him up. For years. I had no idea of the sexual abuse claims, but in 
retrospect it makes complete sense. Some people remained silent, while others 
spoke out and were quickly silenced by the "PROVE IT" brigade. For some people 
it's not that easy. Proving it isn't the hard part, but reliving the pain, 
shame, and loss is.

However terrible the alleged atrocities committed by Appelbaum, if they ever 
all come to light, there will still be a large contingent of naysayers, forever 
trying to pick up their fallen idol to some sort of irredeemable glory. There 
is no government agenda to discredit him, this isn’t JTRIG or the NSA running a 
disinformation operation against him, this is simply just a very bad person.

The conspiracy of silence is unravelling around Jake and luckily, it hasn’t 
been forty years.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates on hardening a Debian VPS?

2016-06-05 Thread I 
What are the current best things to do to a Debian VPS to stop being puppeted 
by clever dicks?

Robert


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Has anyone HEARD from IOError since his last tweet?

2016-06-05 Thread Anthony Papillion 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

The last time IOError tweeted was on 30 May. Has anyone on this list
actually HEARD from him since then? We have to remember that Jake
comes from a really fucked up childhood. Something like these
allegations could push someone over the edge.

Anthony

- -- 
OpenPGP Key:4096R/0x028ADF7453B04B15
Other Key Info: http://www.cajuntechie.org/p/my-pgp-key.html
XMPP?Jabber:cyp...@chat.cpunk.us
SIP:cajuntec...@sip.linphone.org

-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJXVKTmAAoJEAKK33RTsEsVN1gP/0wbuIDZKw8jCcie7+vqJCYg
oicLMnRXvN4cQSP3VwFAU4a3oP8rzUAfcP3TlqTSucEgr03ztKPUsOVApuqgk3GG
6TqkW9ifcF/aIbdeYZt98zEIzCOtzJ96fOlBc+uXCxVUw5as/bEL1F0f4y93zB9B
QT47LpKc4HcHGgzmpTQ4b9o7RfFBe2d0n4E17DuO7RsR79K4TZWRuzzVbJDzoE4n
ocMFEuRkOiFZdDTlywAcPdXJQ+vjK0Tna0nI0zdNRg2cYeoYjibra8F/bC2ZwutE
oZgRguqJeMVLzSQK9so9Ta4eVszYC3X8FT5gM2Ekq7tZM4a49zrasuesmHM02HDT
bDJNj0ED2CAIjBNLiBndtgKPVmDOBvX0OCs7uyim8jBnETsS3LbYRJuC23D7yxSI
ac7BeS/fCevVEs4Z0qTRhJVb6at3xC/miR9w4xJ2WwVBATkau0llMr+vDXCUxOwo
Rz5p18bHa0dOzNKXhBSdaZpZlbHywJtdYNkQLX+UOGPiICsd1SQgz/dLM1QI2c8z
Je3RsNrFMw4HRhXZICGwZW8xl8ZhkGpOOBhbgUKqrfeFQgdzb3KEjdhGgPh0lQ7A
DhsNtOoZQQSADmwecf0FACIZ9w7/Rf/alvVk8SG/bXPWv8VavyKXeeh0Az54ddXk
LRziD/JGEvoryJJw5DKG
=NIpt
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread notfriendly 

On 2016-06-05 18:17, Mirimir wrote:

On 06/05/2016 03:52 PM, Cecilia Tanaka wrote:

On Jun 5, 2016 5:37 PM, "jacob appelbaum (ioerror) questions" <
jacobappelbaum@yandex.com> wrote:


The conspiracy of silence is unravelling around Jake and luckily, it

hasn’t been forty years.

My dear,

Sorry, I can't believe in someone who is using Jake's own name for 
posting

anonimously articles offending him, his reputation and his work.


I totally agree. "jacobappelbaum@yandex.com" is being a jerk. Their
behavior suggests that Jacob is just the target of a witch-hunt.


You want to humiliate him.  It is being a public lynching, real moral
harassment.


Indeed. I'm wondering whether this is one of the Tor haters, leveraging
the situation to amplify the grief. Maybe even playing some Tor devs.


Sorry, you are not being a victim.  Now, in this exact moment, you are
acting just exactly like the people you said that were wrong and it is
really disgusting.

**  Transparency and coherence, please.  **

I am an old grumpy lady with a pretty strong flu and an even more 
terrible
English, really trying to read everything you post here.  I think I 
deserve

a bit more of logic and respect, please.  This thing you are doing is
really offensive not just for Jake, but for my poor neurons too!  
:


It's cool to encounter another sane adult :)


Cecilia

I also agree with this. At the very least the poster could of used his 
real name and not used anonymity to harm someone's reputation. I'm not 
saying the person doesn't have the right to privacy. At least an alias 
or a pseudonym but using the guys name was just wrong. We have to 
remember that there are two sides to every story but we also need to 
make sure that we make every effort to prove each side and then come to 
an agreed upon conclusion.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Mirimir 
On 06/05/2016 03:52 PM, Cecilia Tanaka wrote:
> On Jun 5, 2016 5:37 PM, "jacob appelbaum (ioerror) questions" <
> jacobappelbaum@yandex.com> wrote:
> 
>>> The conspiracy of silence is unravelling around Jake and luckily, it
> hasn’t been forty years.
> 
> My dear,
> 
> Sorry, I can't believe in someone who is using Jake's own name for posting
> anonimously articles offending him, his reputation and his work.

I totally agree. "jacobappelbaum@yandex.com" is being a jerk. Their
behavior suggests that Jacob is just the target of a witch-hunt.

> You want to humiliate him.  It is being a public lynching, real moral
> harassment.

Indeed. I'm wondering whether this is one of the Tor haters, leveraging
the situation to amplify the grief. Maybe even playing some Tor devs.

> Sorry, you are not being a victim.  Now, in this exact moment, you are
> acting just exactly like the people you said that were wrong and it is
> really disgusting.
> 
> **  Transparency and coherence, please.  **
> 
> I am an old grumpy lady with a pretty strong flu and an even more terrible
> English, really trying to read everything you post here.  I think I deserve
> a bit more of logic and respect, please.  This thing you are doing is
> really offensive not just for Jake, but for my poor neurons too!  :

It's cool to encounter another sane adult :)

> Cecilia
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread notfriendly 

On 2016-06-05 18:13, df. wrote:

Nice speech, it looks like you put some time and effort in to it but
it would make a lot more sense to make a case against someone by
presenting factual evidence against that person and not trying to make
absurd comparisons on a mailing list between two things that have
almost nothing in common.

Jacob Appelbaum has the ability to accept or deny these allegations,
if he denies them then a court can find him guilty (and give him an
adequate punishment) or the can find him innocent but all of this is
based on evidence. Really do not think your long winded speeches and
obvious hatred for this is proving anything.

Anyway I respect your opinion no matter how funny and absurd I find it 
be.


Can we not just move on to other topics? This guy is not even with the
Tor project anymore.




jacob appelbaum (ioerror) questions:

http://ethi.cx/forty.html

For Forty Years...

Joe Paterno – praised college football coach and idol to hundreds
of thousands of people – continued in silence, allowing Jerry
Sandusky to nurture a mechanism that leveraged the Penn State
football program to prey on his victims, which totals 32 at the
time of writing. Forty years, Paterno continued the conspiracy of
silence until his dying days, disgraced in the eyes of the sane and
a mistreated God to the idol worshipers, sycophants and zealots.
They rioted in the streets, refused to listen to evidence, as more
and more piled in daily. They screamed and cursed the victims,
media and anyone calling Paterno an enabler.

In 2012 the famed Statue of Joe Paterno was taken down. After years
of fighting, Penn State football fans took it into their own hands
and made two replica statues: one to give to the Paterno family,
the other to take to Penn State football games. One of the fans who
constructed the statues commented, “We are creators. We are not in
politics. We are not cops…this is who we are.”

This kind of idol worship is terrifying, but very real.

The comparison to the Jerry Sandusky scandal and Jacob Appelbaum's
may be wild to some people, considering the formers grandiosity,
however the similarities are astounding. The predatory behavior
exemplified by both men is that of asserting themselves into places
of power and exploiting their positions to take advantage of those
who admired them or felt safe with. While the many people who have
been hurt by Jake, either physically, sexually, emotionally, or
professionally are ignored or even attacked by starry-eyed fans who
believe their heroes can do no wrong. The statue of ioerror was
being built through the myth of heroism in the face of tyranny and
what better place to provide more building material than the Tor
Project.

It hasn’t been forty years for the Tor Project, and I’m glad that
under new management this issue was addressed and brought to light.
While personally knowing a handful of people he has stolen research
from or tried to squeeze his way into their research groups, I knew
his m.o. and warned anyone that even brought him up. For years. I
had no idea of the sexual abuse claims, but in retrospect it makes
complete sense. Some people remained silent, while others spoke out
and were quickly silenced by the "PROVE IT" brigade. For some
people it's not that easy. Proving it isn't the hard part, but
reliving the pain, shame, and loss is.

However terrible the alleged atrocities committed by Appelbaum, if
they ever all come to light, there will still be a large contingent
of naysayers, forever trying to pick up their fallen idol to some
sort of irredeemable glory. There is no government agenda to
discredit him, this isn’t JTRIG or the NSA running a disinformation
operation against him, this is simply just a very bad person.

The conspiracy of silence is unravelling around Jake and luckily,
it hasn’t been forty years.



Well it's possible to move on to other topics. It doesn't change the 
fact that this COULD harm the tor project's reputation. That's one of my 
primary concerns. Even if it is unlikely it's still important.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread df. 

Nice speech, it looks like you put some time and effort in to it but
it would make a lot more sense to make a case against someone by
presenting factual evidence against that person and not trying to make
absurd comparisons on a mailing list between two things that have
almost nothing in common.

Jacob Appelbaum has the ability to accept or deny these allegations,
if he denies them then a court can find him guilty (and give him an
adequate punishment) or the can find him innocent but all of this is
based on evidence. Really do not think your long winded speeches and
obvious hatred for this is proving anything.

Anyway I respect your opinion no matter how funny and absurd I find it be.

Can we not just move on to other topics? This guy is not even with the
Tor project anymore.




jacob appelbaum (ioerror) questions:
> http://ethi.cx/forty.html
> 
> For Forty Years...
> 
> Joe Paterno – praised college football coach and idol to hundreds
> of thousands of people – continued in silence, allowing Jerry
> Sandusky to nurture a mechanism that leveraged the Penn State
> football program to prey on his victims, which totals 32 at the
> time of writing. Forty years, Paterno continued the conspiracy of
> silence until his dying days, disgraced in the eyes of the sane and
> a mistreated God to the idol worshipers, sycophants and zealots.
> They rioted in the streets, refused to listen to evidence, as more
> and more piled in daily. They screamed and cursed the victims,
> media and anyone calling Paterno an enabler.
> 
> In 2012 the famed Statue of Joe Paterno was taken down. After years
> of fighting, Penn State football fans took it into their own hands
> and made two replica statues: one to give to the Paterno family,
> the other to take to Penn State football games. One of the fans who
> constructed the statues commented, “We are creators. We are not in
> politics. We are not cops…this is who we are.”
> 
> This kind of idol worship is terrifying, but very real.
> 
> The comparison to the Jerry Sandusky scandal and Jacob Appelbaum's
> may be wild to some people, considering the formers grandiosity,
> however the similarities are astounding. The predatory behavior
> exemplified by both men is that of asserting themselves into places
> of power and exploiting their positions to take advantage of those
> who admired them or felt safe with. While the many people who have
> been hurt by Jake, either physically, sexually, emotionally, or
> professionally are ignored or even attacked by starry-eyed fans who
> believe their heroes can do no wrong. The statue of ioerror was
> being built through the myth of heroism in the face of tyranny and
> what better place to provide more building material than the Tor
> Project.
> 
> It hasn’t been forty years for the Tor Project, and I’m glad that
> under new management this issue was addressed and brought to light.
> While personally knowing a handful of people he has stolen research
> from or tried to squeeze his way into their research groups, I knew
> his m.o. and warned anyone that even brought him up. For years. I
> had no idea of the sexual abuse claims, but in retrospect it makes
> complete sense. Some people remained silent, while others spoke out
> and were quickly silenced by the "PROVE IT" brigade. For some
> people it's not that easy. Proving it isn't the hard part, but
> reliving the pain, shame, and loss is.
> 
> However terrible the alleged atrocities committed by Appelbaum, if
> they ever all come to light, there will still be a large contingent
> of naysayers, forever trying to pick up their fallen idol to some
> sort of irredeemable glory. There is no government agenda to
> discredit him, this isn’t JTRIG or the NSA running a disinformation
> operation against him, this is simply just a very bad person.
> 
> The conspiracy of silence is unravelling around Jake and luckily,
> it hasn’t been forty years.
> 



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor (and other nets) probably screwed by Traffic Analysis by now

2016-06-05 Thread Jonathan Wilkes 
> Another idea is to use 
> search engines that protect your privacy such as ixquick or duckduckgo 
> (they store search queries but they don't track individuals (I.e they 
> don't store your IP Address, as far as we know that is).
Those are solutions of a different kind.  What I'm trying to describe is 
an "everyone gets everything" private information retrieval approach, 
but where the "everything" stored on your machine has enormous value 
to you, outside of its role as cover traffic.
-Jonathan

 

On Sunday, June 5, 2016 4:49 PM, "notfrien...@riseup.net" 
 wrote:
 

 On 2016-06-05 13:38, Jonathan Wilkes wrote:
>> Prediction market (place your bids):
>> "First networks utilizing fill traffic as TA countermeasure to
> emerge and reach early deployment by year end 2017..."
> It's a bit off-topic, but it's worth keeping in mind what
> the greater free software community is good at-- like
> replicating data-- and what it isn't-- like hiding data.
> For example-- if you've been afraid to look up something
> on Wikipedia for fear of typing "those words" into Google
> or Wikipedia, just download Wikipedia.  They have all the
> tools and docs to help you do that, with an archive format
> that probably fits very comfortably in your free hard drive
> space.
> If anyone does this, you'll immediately notice the benefit
> of the approach: that cover traffic isn't just random
> data-- it's Wikipedia.  You can use it for future queries
> regardless of subject matter, with a greater probability of
> privacy than anything a future cover-traffic network can get
> you.
> There are many other examples out there.  If you spend
> a little time each week thinking about this approach you'll
> find it changes how you use the web and internet.  Those
> changes will affect your values, and if enough people do
> this it obviously affects what we want and need out of a
> future cover-traffic network.
> 
> -Jonathan

The idea of downloading the Wikipedia archives is pretty good since it 
doesn't note the content you were looking for. Another idea is to use 
search engines that protect your privacy such as ixquick or duckduckgo 
(they store search queries but they don't track individuals (I.e they 
don't store your IP Address, as far as we know that is).
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


  
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread jacob appelbaum (ioerror) questions 
https://medium.com/@nickf4rr/hi-im-nick-farr-nickf4rr-35c32f13da4d

Hi. I’m Nick Farr. (@nickf4rr)

I used to be a pretty effective organizer working behind the scenes at Hacker 
Events in Europe and on various projects back in the USA. After a deliberate 
campaign of abuse orchestrated by Jake Appelbaum at the 30c3, I don’t feel safe 
or welcome in the community anymore. In fact, I physically shut down every time 
I get close to going back.

I’m both relieved to talk about it and ashamed that it took me this long.

Jake has targeted, abused and silenced many close friends of mine, many of whom 
are researchers you probably know and respect. Whether it’s ripping off 
research or just harassing someone into submission, somehow we all felt 
powerless to do anything about it. He’s the perfect bully.

Every criticism of him is met with suspicion, every accusation is some 
government-conspiracy-takedown.

Those that tried to stand up to him were destroyed, one even took his own life 
after Jake stole his research. But that’s not my story to tell. In the scope of 
people Jake has targeted, of the number of stories that have emerged in the 
wake of his departure from Tor, my story is fairly benign. I suppose that’s why 
I have the luxury of attaching my name and face to my story.

My first Chaos Communications Congress was the 23c3 in Berlin. The annual C3s 
and biennial European Hacker Camps are the finest gathering of folks working in 
all kinds of technology all around the world. From the crew that first 
jailbroke the iPhone to Julian Assange’s first Wikileaks speech and in 
literally thousands of other ways it’s hard to overestimate the impact the C3s 
and Camps have had on our world today. These events are probably the world’s 
last true “Hacker” gatherings, not having been co-opted by the Network Security 
or Startup industries.

I was invited to the 23c3 on account of my work in the US. Being there, being 
in that open, inclusive, chaotic, intensely creative and amazingly enthusiastic 
environment with thousands of passionate hackers renewed my faith in the 
community to do good work on a global scale. I encourage everyone to go to 
experience it. Complete newbies and the most accomplished Hackers in the world 
talk about their first Camp or Congress with the same level of enthusiasm and 
hope, a feeling hard to describe and unique to those events and that culture in 
particular.

Only a few months after attending the 23c3, I’d be dragging 40 Americans from 
DEFCON to the 2007 CCC Camp on the first Hackers on a Plane. I wanted everyone 
I knew and then some to experience what was happening in Europe.

Jake was on that trip and pretty much every person on that trip can tell you 
what an epic asshole he was. Where everyone else contributed something to 
making the trip a better event, Jake destroyed whatever he needed to in order 
to gain more fame for himself.

At that time, Jake couldn’t overshadow the awesomeness of the Camp and the 
burgeoning Hackerspace scene I started working on back at home. Over the years 
of doing that (HacDC, Unallocated Space, NYCResistor, etc.) I enjoyed coming 
back to Europe to help organize whatever needed organizing. It was a way of 
recharging, taking in the amazing energy at those events in Germany and the 
Netherlands.

One of the many things I used to help out with were the Lightning Talks. From 
the 27c3 onward, I coordinated and emceed these sessions where anyone could 
speak pretty much about whatever they wanted in 5 minutes or less. The format 
that I developed over the years is basically what they use today. If you could 
follow basic directions, I did whatever I could to get you on stage to say what 
you had to say.

Part of this open policy meant dealing with folks who may not be entirely 
stable. Often, these folks would end up not following basic directions and 
they’d fall off the schedule for that reason. Generally, they accepted that and 
trusted I was not trying to silence them, I was just being fair.

One person following this pattern submitted an LT proposal alleging that Jake 
was a US Intelligence Operative. I LOLed. After a few rounds of encrypted 
e-mail pestering and a few texts, they insisted on being put on the schedule. I 
did so to appease, as was my strategy at the time, with every intention of 
pulling them off after they inevitably failed to follow directions. You can go 
look at the wiki histories for any LT I organized to show this was what I often 
did with dubious presentations. Organizing the LTs, answering e-mails, checking 
slides and confirming with each presenter took nearly 3 hours for every hour of 
LTs and a lot of that work happened while I was still in NYC, weeks before the 
event. I often went to bed well after 2 AM the nights leading up to my flight 
out to Europe and I wanted to be done with this fool and get some sleep.

The next day I wake up to an e-mail from Jake, followed by e-mails from very 
important people in the

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread notfriendly 

On 2016-06-05 17:37, juan wrote:

On Sun, 05 Jun 2016 17:13:41 -0400
notfrien...@riseup.net wrote:



So randomizing the times that traffic enters the network and exits
the network wouldn't work? Like it enters a note and 30 ms after
received or another random delay couldn't it exit. It would be harder
to correlate the traffic right?



https://en.wikipedia.org/wiki/Mix_network


Does tor user concepts from mix networks / could it?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread juan 
On Sun, 05 Jun 2016 17:13:41 -0400
notfrien...@riseup.net wrote:


> So randomizing the times that traffic enters the network and exits
> the network wouldn't work? Like it enters a note and 30 ms after
> received or another random delay couldn't it exit. It would be harder
> to correlate the traffic right?


https://en.wikipedia.org/wiki/Mix_network

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread notfriendly 

On 2016-06-05 17:20, Allen wrote:


So randomizing the times that traffic enters the network and exits the
network wouldn't work? Like it enters a note and 30 ms after received 
or
another random delay couldn't it exit. It would be harder to correlate 
the

traffic right?



IMO, the packets would probably need to be randomly delayed at each 
node,
not just entering and exiting the network.  A mathematical model would 
be
needed to determine the necessary amount of delay (I doubt 30 ms would 
be
enough).  The delay could be chosen by the originating node, so it 
could

chose the privacy vs latency tradeoff.

It might also be beneficial to have two channels to each exit node, 
with
each channel used in only one direction, i.e., outbound packets travel 
one

route, while inbound packets travel a different route.


That's a good idea. If we could get a system of micro delays which 
wouldn't cause major issues it'd be nice in protecting Tor users 
anonymity. It's an issue that has been acknowledged by the tor project 
but we haven't been able to find a working system yet. I think it's more 
important then ever that we begin to address these issues.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Mirimir 
On 06/05/2016 03:55 AM, Cari Machet wrote:
> it was umn ... sarcasm

Dude, you need to flag that in text comms :)

> that any organization has not inset into its guidelines ways of really
> structurally dealing with sexual misconduct is profoundly unethical
> 
> just another way tor is super fucked up
> 
> 
> On Sun, Jun 5, 2016 at 6:52 AM, Mirimir  wrote:
> 
>> On 06/04/2016 09:38 PM, Cari Machet wrote:
>>> Why would any orginization ever set up best practices in order to really
>> be
>>> dealing with sexual misconduct of an employee ? Why consider such levels
>> of
>>> ethics ? Wierd.
>>
>> Because otherwise there will be expensive civil liability, no?
>>
>>> On Jun 5, 2016 3:59 AM, "Mirimir"  wrote:
>>>
>>> I don't see that this link to a statement from Shari Steele has been
>>> posted yet: https://blog.torproject.org/blog/statement.
>>>
>>> She concludes: "We expect that this will be our only public statement."
>>>
>>> --
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
> 
> 
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread Allen 
>
> So randomizing the times that traffic enters the network and exits the
> network wouldn't work? Like it enters a note and 30 ms after received or
> another random delay couldn't it exit. It would be harder to correlate the
> traffic right?


IMO, the packets would probably need to be randomly delayed at each node,
not just entering and exiting the network.  A mathematical model would be
needed to determine the necessary amount of delay (I doubt 30 ms would be
enough).  The delay could be chosen by the originating node, so it could
chose the privacy vs latency tradeoff.

It might also be beneficial to have two channels to each exit node, with
each channel used in only one direction, i.e., outbound packets travel one
route, while inbound packets travel a different route.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread notfriendly 

On 2016-06-05 14:34, grarpamp wrote:

On 6/5/16, Not Friendly  wrote:
After about an hour of brain storming I may of found a way to stop 
traffic

correlation attacks. The idea is to add an artificial delay of a few
randomized ms (two separate delays, one to the tor exit and another 
deal on
traffic exiting the network) and add an extra chunk of randomized data 
(just
a small random amount of KB that never exits the network). It would 
make

traffic harder to correlate. What are your thoughts on this?


Doesn't work.
"never exits" - GPA's don't necessarily need to correlate any internal
flows. They can look only at the endpoints. The minute you insert
traffic that lights up some other endpoint, in an otherwise 
sufficiently

quiet network, or distinguishable way (bytes / latency [pump], which is
made even easier for them if they reign over an endpoint), you're done.
You need fulltime regulated fill traffic, within which, your traffic 
resides.


So randomizing the times that traffic enters the network and exits the 
network wouldn't work? Like it enters a note and 30 ms after received or 
another random delay couldn't it exit. It would be harder to correlate 
the traffic right?

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread notfriendly 

On 2016-06-05 16:36, jacob appelbaum (ioerror) questions wrote:

http://ethi.cx/forty.html

For Forty Years...

Joe Paterno – praised college football coach and idol to hundreds of
thousands of people – continued in silence, allowing Jerry Sandusky to
nurture a mechanism that leveraged the Penn State football program to
prey on his victims, which totals 32 at the time of writing. Forty
years, Paterno continued the conspiracy of silence until his dying
days, disgraced in the eyes of the sane and a mistreated God to the
idol worshipers, sycophants and zealots. They rioted in the streets,
refused to listen to evidence, as more and more piled in daily. They
screamed and cursed the victims, media and anyone calling Paterno an
enabler.

In 2012 the famed Statue of Joe Paterno was taken down. After years of
fighting, Penn State football fans took it into their own hands and
made two replica statues: one to give to the Paterno family, the other
to take to Penn State football games. One of the fans who constructed
the statues commented, “We are creators. We are not in politics. We
are not cops…this is who we are.”

This kind of idol worship is terrifying, but very real.

The comparison to the Jerry Sandusky scandal and Jacob Appelbaum's may
be wild to some people, considering the formers grandiosity, however
the similarities are astounding. The predatory behavior exemplified by
both men is that of asserting themselves into places of power and
exploiting their positions to take advantage of those who admired them
or felt safe with. While the many people who have been hurt by Jake,
either physically, sexually, emotionally, or professionally are
ignored or even attacked by starry-eyed fans who believe their heroes
can do no wrong. The statue of ioerror was being built through the
myth of heroism in the face of tyranny and what better place to
provide more building material than the Tor Project.

It hasn’t been forty years for the Tor Project, and I’m glad that
under new management this issue was addressed and brought to light.
While personally knowing a handful of people he has stolen research
from or tried to squeeze his way into their research groups, I knew
his m.o. and warned anyone that even brought him up. For years. I had
no idea of the sexual abuse claims, but in retrospect it makes
complete sense. Some people remained silent, while others spoke out
and were quickly silenced by the "PROVE IT" brigade. For some people
it's not that easy. Proving it isn't the hard part, but reliving the
pain, shame, and loss is.

However terrible the alleged atrocities committed by Appelbaum, if
they ever all come to light, there will still be a large contingent of
naysayers, forever trying to pick up their fallen idol to some sort of
irredeemable glory. There is no government agenda to discredit him,
this isn’t JTRIG or the NSA running a disinformation operation against
him, this is simply just a very bad person.

The conspiracy of silence is unravelling around Jake and luckily, it
hasn’t been forty years.
Do you have a copy of all government documents from every government in 
the world? Unless you do and you are willing to share them all we have 
no proof that there isn't a government agendy to discredit him, we also 
have no proof that there is. What we do know is that it's a possibility. 
The Wikipedia page for Jacob Applebaum actually has incorrect 
information. The first allegations were not made public on the Tor Blog, 
the article actually states "Over the past several days, a number of 
people have made serious, public allegations of sexual mistreatment by 
former Tor Project employee Jacob Appelbaum.". If I recall correctly a 
link was posted on the tor-talk mailing list. Does anyone have an exact 
time when the statement by the tor project was released. The first email 
discussing it (the one with the website link) was sent out on "Sat Jun 4 
19:22:42 UTC 2016".

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread notfriendly 

On 2016-06-05 14:31, Flipchan wrote:

Got any beta code on this? Maybe add/c ode it as a daemon ?;)

Not Friendly  skrev: (5 juni 2016 16:40:52 
CEST)

After about an hour of brain storming I may of found a way to stop
traffic correlation attacks. The idea is to add an artificial delay of
a few randomized ms (two separate delays, one to the tor exit and
another deal on traffic exiting the network) and add an extra chunk of
randomized data (just a small random amount of KB that never exits the
network). It would make traffic harder to correlate. What are your
thoughts on this?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


--
Sincerly Flipchan
I do not have any beta code. This was merely a suggestion. The added 
randomized delays (two separate sets) and randomized data padding (two 
separate sets) would make it more difficult to correlate traffic. I 
think it could be done in a way that still allows Tor to keep latency 
low.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http://jacobappelbaum.net/

2016-06-05 Thread notfriendly 

On 2016-06-05 13:46, juan wrote:

On Sun, 5 Jun 2016 17:03:45 +0200
carlo von lynX  wrote:


Julia Schramm who did everything
right,



https://torrentfreak.com/fail-prominent-pirate-party-politician-polices-book-pirates-120918/#disqus_thread

just in case some people still haven't realized that
"politician" means "worthless scumbag" all-of-them.


yet 50% of pirate party members think she did something
wrong.


-   lolol - sure - if you say so.

Meh politicians have the option to be good except they never are.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor (and other nets) probably screwed by Traffic Analysis by now

2016-06-05 Thread notfriendly 

On 2016-06-05 13:38, Jonathan Wilkes wrote:

Prediction market (place your bids):
"First networks utilizing fill traffic as TA countermeasure to

emerge and reach early deployment by year end 2017..."
It's a bit off-topic, but it's worth keeping in mind what
the greater free software community is good at-- like
replicating data-- and what it isn't-- like hiding data.
For example-- if you've been afraid to look up something
on Wikipedia for fear of typing "those words" into Google
or Wikipedia, just download Wikipedia.  They have all the
tools and docs to help you do that, with an archive format
that probably fits very comfortably in your free hard drive
space.
If anyone does this, you'll immediately notice the benefit
of the approach: that cover traffic isn't just random
data-- it's Wikipedia.  You can use it for future queries
regardless of subject matter, with a greater probability of
privacy than anything a future cover-traffic network can get
you.
There are many other examples out there.  If you spend
a little time each week thinking about this approach you'll
find it changes how you use the web and internet.  Those
changes will affect your values, and if enough people do
this it obviously affects what we want and need out of a
future cover-traffic network.

-Jonathan


The idea of downloading the Wikipedia archives is pretty good since it 
doesn't note the content you were looking for. Another idea is to use 
search engines that protect your privacy such as ixquick or duckduckgo 
(they store search queries but they don't track individuals (I.e they 
don't store your IP Address, as far as we know that is).

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http://jacobappelbaum.net/

2016-06-05 Thread notfriendly 

On 2016-06-05 13:22, df. wrote:

I agree with Cecilia on this.

These are serious allegations but,
Allegations are not equal to Convictions.

Should this man not have the right to a fair trial?

The tor project is not about throwing someones rights out the window.

We all have opinions and are free to share them , but it is 
irresponsible

to publicly defame and bash someone without that person having the
chance to defend themselves in a court of law, no matter how much of a
prick they are.

If there was wrong doing and if Jacob is guilty or not is for a court 
to

determine.

If you like him or not has nothing to do with his possible guilt or
innocence.

Let us be fair.



Cecilia Tanaka:

On Jun 5, 2016 12:32 PM,  wrote:


Some of my personal friends hate Jacob.  Jake is not my best friend, 
we are
not really close, but yes, he is my friend and my heart is with him in 
this
moment, because I already know Jake enough to have absolute conviction 
that

something is terribly "strange" and doesn't sound like "true".

I respect Shari Steele and her work.  I respect Tor Project core team 
and
voluntary collaborators in whole world.  We all want a better world 
for

everybody and each one of us work hard for it.  Maybe with different
personal beliefs, with different backgrounds, life histories and areas 
of

work, but we want a better world, less unfair and sad.

Sorry, it is *not* correct at all to judge a person without defense, 
in a
coward and cruel way.  It's pretty disgusting and unfair.  It's 
brutal.


Really sorry if my personal convictions offend someone here, but I 
know how

easy is to destroy a reputation, years of hard work, a whole life...

Nobody deserves to be hurted and humiliated until losing the faith in
humanity and in Justice.  We saw it happening several times before.  
Human

History is full of sad examples.

Please, be careful before accusing someone.  Every single person in 
this

world deserves respect and has own value.

With tears and sincere and deep hope,

Cecilia



I agree. There isn't proof (yet at least) that he did anything wrong. I 
agree that like everyone else he should have the right to a fair trial. 
Your correct the tor project shouldn't and I also believe wouldn't 
attempt to censor speech (considering that they develop an online 
anonymity and anti-censorship tool). I also agree that due to many (not 
all) people's lack of ability to read everything before making up their 
mind it makes it all the more easier to harm someone's reputation. There 
might be people who were actually hurt but we don't know if it's true 
yet.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http://jacobappelbaum.net/

2016-06-05 Thread notfriendly 

On 2016-06-05 12:39, Cecilia Tanaka wrote:

On Jun 5, 2016 12:32 PM,  wrote:


Wow I just read the site. It makes me quite sad, the videos of his

presentations never indicated he would do something like that.

Sorry, we don't know if something happened or not, if Jake did 
something or

not.

Some of my personal friends hate Jacob.  Jake is not my best friend, we 
are
not really close, but yes, he is my friend and my heart is with him in 
this
moment, because I already know Jake enough to have absolute conviction 
that

something is terribly "strange" and doesn't sound like "true".

I respect Shari Steele and her work.  I respect Tor Project core team 
and

voluntary collaborators in whole world.  We all want a better world for
everybody and each one of us work hard for it.  Maybe with different
personal beliefs, with different backgrounds, life histories and areas 
of

work, but we want a better world, less unfair and sad.

Sorry, it is *not* correct at all to judge a person without defense, in 
a

coward and cruel way.  It's pretty disgusting and unfair.  It's brutal.

Really sorry if my personal convictions offend someone here, but I know 
how

easy is to destroy a reputation, years of hard work, a whole life...

Nobody deserves to be hurted and humiliated until losing the faith in
humanity and in Justice.  We saw it happening several times before.  
Human

History is full of sad examples.

Please, be careful before accusing someone.  Every single person in 
this

world deserves respect and has own value.

With tears and sincere and deep hope,

Cecilia


I couldn't agree more with your statement. Someone quickly makes an 
accusation by the way the domain and hosting was done anonymously. It's 
hosted by https://ititch.com/ with Privacy Protected Whois Contact 
Information by "Privacy Protection Service INC d/b/a 
PrivacyProtect.org". If they are going to make such a statement they 
could at least state who they are. The site has several resource links 
to a GitHub Repository and even links to Jacob's Github Account (or what 
appears to be). I'm not sure if they are trying to make it look like 
Jacob made the site himself (if so it was done from a private 
repository). It might be worth mentioning that http://www.appelbaum.net/ 
is offline at the moment. I'm not sure if it's been like that or not. 
Any thoughts.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Jacob, A legacy tarnished by hubris

2016-06-05 Thread notfriendly 

On 2016-06-05 12:18, Cari Machet wrote:

Please do not demean turks thank you for your clear statement however
On Jun 5, 2016 6:33 PM,  wrote:

In the few interactions I had with Jacob over the years he gave a vibe 
of
being an arrogant, self-worshiping narcissist prick with with 
delusions of
grandeur and an ego the size of a small planet, but he has spent a 
decade
in the Tor Project and despite his tragic character flaws he has 
achieved

much good that should be recounted here for the public record.

Jacob was the developer of the Tor Birdy plugin for Thunderbird, 
giving us
a more anonymous email client. He worked on torsocks, a core part of 
Tor
and was partially responsible for Orbot's conception. A Tor 
evangelist, he

setup relays across the world and raised public awareness about mass
surveillance.

He collaborated on publishing some of the biggest technical stories 
from

the Snowden archive and used his access to turn this information into
actionable counter-intelligence for the  whole software ecosystem.

All in all, its amazing how much he achieved coming from a broken 
family
with no formal education. Instead of lying in a gutter somewhere with 
a

needle coming out from his arm he made something of his life.

Jacob's gift for public speaking sparked his meteoric rise from 
obscurity
and made him the face of the project, a big miscalculation. No doubt, 
the

powerful feeling of swaying crowds and the resulting cult personality
status he achieved gave him a reckless sense of self-entitlement and
illusion of the community as a conveyor belt for free pussy, consent 
be
damned. Kudos to the Tor community for handling the situation the way 
they

did. The reputation of the project should never be tied to that of a
single individual, but be carefully managed by PR specialists. Your 
work

is too important for any dicking around.

Make no mistake, I am not a rape apologist and if the allegations are
true, then he deserves nothing less than an eventful rendezvous with a
big, burly Turkish bubba in the nearest German prison. Sometimes our 
own

worse enemies are ourselves... not the NSA.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk



However what? Your response was so short and not even a complete 
sentence. This is confusing.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Jacob, A legacy tarnished by hubris

2016-06-05 Thread notfriendly 

On 2016-06-05 11:25, t...@sigaint.org wrote:
In the few interactions I had with Jacob over the years he gave a vibe 
of
being an arrogant, self-worshiping narcissist prick with with delusions 
of
grandeur and an ego the size of a small planet, but he has spent a 
decade
in the Tor Project and despite his tragic character flaws he has 
achieved

much good that should be recounted here for the public record.

Jacob was the developer of the Tor Birdy plugin for Thunderbird, giving 
us
a more anonymous email client. He worked on torsocks, a core part of 
Tor
and was partially responsible for Orbot's conception. A Tor evangelist, 
he

setup relays across the world and raised public awareness about mass
surveillance.

He collaborated on publishing some of the biggest technical stories 
from

the Snowden archive and used his access to turn this information into
actionable counter-intelligence for the  whole software ecosystem.

All in all, its amazing how much he achieved coming from a broken 
family

with no formal education. Instead of lying in a gutter somewhere with a
needle coming out from his arm he made something of his life.

Jacob's gift for public speaking sparked his meteoric rise from 
obscurity
and made him the face of the project, a big miscalculation. No doubt, 
the

powerful feeling of swaying crowds and the resulting cult personality
status he achieved gave him a reckless sense of self-entitlement and
illusion of the community as a conveyor belt for free pussy, consent be
damned. Kudos to the Tor community for handling the situation the way 
they

did. The reputation of the project should never be tied to that of a
single individual, but be carefully managed by PR specialists. Your 
work

is too important for any dicking around.

Make no mistake, I am not a rape apologist and if the allegations are
true, then he deserves nothing less than an eventful rendezvous with a
big, burly Turkish bubba in the nearest German prison. Sometimes our 
own

worse enemies are ourselves... not the NSA.
I'm seriously wondering if the site / rumors was setup by a government 
agency (from some country, not sure which one to suspect) to attack 
Jacob Applebaum or even harm the reputation of the infosec community as 
a whole because if one member looks really bad it could harm all of us 
despite lack of involvement in an event that may or may not be true.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread grarpamp 
On 6/5/16, Not Friendly  wrote:
> After about an hour of brain storming I may of found a way to stop traffic
> correlation attacks. The idea is to add an artificial delay of a few
> randomized ms (two separate delays, one to the tor exit and another deal on
> traffic exiting the network) and add an extra chunk of randomized data (just
> a small random amount of KB that never exits the network). It would make
> traffic harder to correlate. What are your thoughts on this?

Doesn't work.
"never exits" - GPA's don't necessarily need to correlate any internal
flows. They can look only at the endpoints. The minute you insert
traffic that lights up some other endpoint, in an otherwise sufficiently
quiet network, or distinguishable way (bytes / latency [pump], which is
made even easier for them if they reign over an endpoint), you're done.
You need fulltime regulated fill traffic, within which, your traffic resides.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread Flipchan 
Got any beta code on this? Maybe add/c ode it as a daemon ?;)

Not Friendly  skrev: (5 juni 2016 16:40:52 CEST)
>After about an hour of brain storming I may of found a way to stop
>traffic correlation attacks. The idea is to add an artificial delay of
>a few randomized ms (two separate delays, one to the tor exit and
>another deal on traffic exiting the network) and add an extra chunk of
>randomized data (just a small random amount of KB that never exits the
>network). It would make traffic harder to correlate. What are your
>thoughts on this?
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http://jacobappelbaum.net/

2016-06-05 Thread juan 
On Sun, 5 Jun 2016 17:03:45 +0200
carlo von lynX  wrote:

> Julia Schramm who did everything
> right, 


https://torrentfreak.com/fail-prominent-pirate-party-politician-polices-book-pirates-120918/#disqus_thread

just in case some people still haven't realized that
"politician" means "worthless scumbag" all-of-them.

> yet 50% of pirate party members think she did something
> wrong.

-   lolol - sure - if you say so.




-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http://jacobappelbaum.net/

2016-06-05 Thread df. 

I agree with Cecilia on this.

These are serious allegations but,
Allegations are not equal to Convictions.

Should this man not have the right to a fair trial?

The tor project is not about throwing someones rights out the window.

We all have opinions and are free to share them, but it is irresponsible
to publicly defame and bash someone without that person having the
chance to defend themselves in a court of law, no matter how much of a
prick they are.

If there was wrong doing and if Jacob is guilty or not is for a court to
determine.

If you like him or not has nothing to do with his possible guilt or
innocence.

Let us be fair.



Cecilia Tanaka:
> On Jun 5, 2016 12:32 PM,  wrote:

> Some of my personal friends hate Jacob.  Jake is not my best friend, we are
> not really close, but yes, he is my friend and my heart is with him in this
> moment, because I already know Jake enough to have absolute conviction that
> something is terribly "strange" and doesn't sound like "true".
> 
> I respect Shari Steele and her work.  I respect Tor Project core team and
> voluntary collaborators in whole world.  We all want a better world for
> everybody and each one of us work hard for it.  Maybe with different
> personal beliefs, with different backgrounds, life histories and areas of
> work, but we want a better world, less unfair and sad.
> 
> Sorry, it is *not* correct at all to judge a person without defense, in a
> coward and cruel way.  It's pretty disgusting and unfair.  It's brutal.
> 
> Really sorry if my personal convictions offend someone here, but I know how
> easy is to destroy a reputation, years of hard work, a whole life...
> 
> Nobody deserves to be hurted and humiliated until losing the faith in
> humanity and in Justice.  We saw it happening several times before.  Human
> History is full of sad examples.
> 
> Please, be careful before accusing someone.  Every single person in this
> world deserves respect and has own value.
> 
> With tears and sincere and deep hope,
> 
> Cecilia
> 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http://jacobappelbaum.net/

2016-06-05 Thread Cecilia Tanaka 
On Jun 5, 2016 12:32 PM,  wrote:

>> Wow I just read the site. It makes me quite sad, the videos of his
presentations never indicated he would do something like that.

Sorry, we don't know if something happened or not, if Jake did something or
not.

Some of my personal friends hate Jacob.  Jake is not my best friend, we are
not really close, but yes, he is my friend and my heart is with him in this
moment, because I already know Jake enough to have absolute conviction that
something is terribly "strange" and doesn't sound like "true".

I respect Shari Steele and her work.  I respect Tor Project core team and
voluntary collaborators in whole world.  We all want a better world for
everybody and each one of us work hard for it.  Maybe with different
personal beliefs, with different backgrounds, life histories and areas of
work, but we want a better world, less unfair and sad.

Sorry, it is *not* correct at all to judge a person without defense, in a
coward and cruel way.  It's pretty disgusting and unfair.  It's brutal.

Really sorry if my personal convictions offend someone here, but I know how
easy is to destroy a reputation, years of hard work, a whole life...

Nobody deserves to be hurted and humiliated until losing the faith in
humanity and in Justice.  We saw it happening several times before.  Human
History is full of sad examples.

Please, be careful before accusing someone.  Every single person in this
world deserves respect and has own value.

With tears and sincere and deep hope,

Cecilia
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Jacob, A legacy tarnished by hubris

2016-06-05 Thread Cari Machet 
Please do not demean turks thank you for your clear statement however
On Jun 5, 2016 6:33 PM,  wrote:

> In the few interactions I had with Jacob over the years he gave a vibe of
> being an arrogant, self-worshiping narcissist prick with with delusions of
> grandeur and an ego the size of a small planet, but he has spent a decade
> in the Tor Project and despite his tragic character flaws he has achieved
> much good that should be recounted here for the public record.
>
> Jacob was the developer of the Tor Birdy plugin for Thunderbird, giving us
> a more anonymous email client. He worked on torsocks, a core part of Tor
> and was partially responsible for Orbot's conception. A Tor evangelist, he
> setup relays across the world and raised public awareness about mass
> surveillance.
>
> He collaborated on publishing some of the biggest technical stories from
> the Snowden archive and used his access to turn this information into
> actionable counter-intelligence for the  whole software ecosystem.
>
> All in all, its amazing how much he achieved coming from a broken family
> with no formal education. Instead of lying in a gutter somewhere with a
> needle coming out from his arm he made something of his life.
>
> Jacob's gift for public speaking sparked his meteoric rise from obscurity
> and made him the face of the project, a big miscalculation. No doubt, the
> powerful feeling of swaying crowds and the resulting cult personality
> status he achieved gave him a reckless sense of self-entitlement and
> illusion of the community as a conveyor belt for free pussy, consent be
> damned. Kudos to the Tor community for handling the situation the way they
> did. The reputation of the project should never be tied to that of a
> single individual, but be carefully managed by PR specialists. Your work
> is too important for any dicking around.
>
> Make no mistake, I am not a rape apologist and if the allegations are
> true, then he deserves nothing less than an eventful rendezvous with a
> big, burly Turkish bubba in the nearest German prison. Sometimes our own
> worse enemies are ourselves... not the NSA.
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Jacob, A legacy tarnished by hubris

2016-06-05 Thread tect 
In the few interactions I had with Jacob over the years he gave a vibe of
being an arrogant, self-worshiping narcissist prick with with delusions of
grandeur and an ego the size of a small planet, but he has spent a decade
in the Tor Project and despite his tragic character flaws he has achieved
much good that should be recounted here for the public record.

Jacob was the developer of the Tor Birdy plugin for Thunderbird, giving us
a more anonymous email client. He worked on torsocks, a core part of Tor
and was partially responsible for Orbot's conception. A Tor evangelist, he
setup relays across the world and raised public awareness about mass
surveillance.

He collaborated on publishing some of the biggest technical stories from
the Snowden archive and used his access to turn this information into
actionable counter-intelligence for the  whole software ecosystem.

All in all, its amazing how much he achieved coming from a broken family
with no formal education. Instead of lying in a gutter somewhere with a
needle coming out from his arm he made something of his life.

Jacob's gift for public speaking sparked his meteoric rise from obscurity
and made him the face of the project, a big miscalculation. No doubt, the
powerful feeling of swaying crowds and the resulting cult personality
status he achieved gave him a reckless sense of self-entitlement and
illusion of the community as a conveyor belt for free pussy, consent be
damned. Kudos to the Tor community for handling the situation the way they
did. The reputation of the project should never be tied to that of a
single individual, but be carefully managed by PR specialists. Your work
is too important for any dicking around.

Make no mistake, I am not a rape apologist and if the allegations are
true, then he deserves nothing less than an eventful rendezvous with a
big, burly Turkish bubba in the nearest German prison. Sometimes our own
worse enemies are ourselves... not the NSA.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http://jacobappelbaum.net/

2016-06-05 Thread notfriendly 

On 2016-06-05 11:03, carlo von lynX wrote:

Woah, looks like some people took those JTRIG slides quite literally.

The problem with (in)justice in open activist communities is
that, even should the facts be clear, those facts affect
private details of life of either contendants or third parties,
which makes it inacceptable to disclose in public.

NGOs solve this by having some leadership figure that takes
some measures in a benevolent dictator manner and if you don't
like the resolution, you just find a different NGO to join.
Some other groups simply do nothing which is also unsatisfac-
tory, since once the strategically oriented people have noted
that harming others will go unpunished, they will start doing
it more frequently and the entire cohesion of the group is
drowned in frustration and paranoia.

The only solution that I find more or less acceptable to this
dilemma is how political parties do it. A previously elected
court of arbitration is entitled to hear all sides of the
dispute, including the intimate things they are not allowed
to disclose, and as they conclude who was right and who may
be to be sanctioned, the rest of the activists are supposed
to shut up the gossip, stop the quick and easy judgements
which are 50% likely to be wrong and trust the court.

Unfortunately even young political parties do not understand
this and have a tendency to do the shitstorm dance, which is
the fastest way to implosion of the political group. A good
example is what happened to Julia Schramm who did everything
right, yet 50% of pirate party members think she did something
wrong.

And the best way to get rid of an important political activist
is to attack them on whatever real or ficticious grounds. The
doubt will persist. Some shit will always stick. A classic
strategy for a political takeover of a group is two-headed:
One is the leadership figure who works hard to get on top of
the de-facto hierarchy while their right-hand wing-person has
the job of throwing themselves at any potential opponent.
Ironically the leader will then find ways to recover their
wing-person, just think of the Kohl/Schäuble team, so it isn't
even bad for person #2.

In the past six years I've seen some pigs fly and my conclusion
is that for a solid activist group to survive threats of take-
over or Zersetzung it takes a solid architecture of separation
of powers and a solid discipline to trust the justice system
rather than your own guaranteed-to-be-incomplete view of the
situation.

I have no idea if my scenario has anything to do with the
case at hand since I am disconnected from it, that's why
I thought I may share some things learned from previous
activism in a generic philosophical way.

If you want to solve this dispute in a fair and reasonable
way for all, "elect" three unrelated people to be the jury,
have all affected persons tell their story to them in
person, Tox or PGP - then express a verdict and respect it.

Public KKK-style trial is certainly not the appropriate way.
In fact it is quite disgusting.



Wow I just read the site. It makes me quite sad, the videos of his 
presentations never indicated he would do something like that. The site 
users place holders for many stories. That makes me somewhat concerned. 
The statement made by the tor project 
(https://blog.torproject.org/blog/statement) blog is even more 
concerning. I'm really surprised that something like this would happen. 
I've always trusted the statements he made. Now I'm not sure. I haven't 
seen any articles in the news yet.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] http://jacobappelbaum.net/

2016-06-05 Thread carlo von lynX 
Woah, looks like some people took those JTRIG slides quite literally.

The problem with (in)justice in open activist communities is
that, even should the facts be clear, those facts affect
private details of life of either contendants or third parties,
which makes it inacceptable to disclose in public.

NGOs solve this by having some leadership figure that takes
some measures in a benevolent dictator manner and if you don't
like the resolution, you just find a different NGO to join.
Some other groups simply do nothing which is also unsatisfac-
tory, since once the strategically oriented people have noted
that harming others will go unpunished, they will start doing
it more frequently and the entire cohesion of the group is
drowned in frustration and paranoia.

The only solution that I find more or less acceptable to this
dilemma is how political parties do it. A previously elected
court of arbitration is entitled to hear all sides of the
dispute, including the intimate things they are not allowed
to disclose, and as they conclude who was right and who may
be to be sanctioned, the rest of the activists are supposed
to shut up the gossip, stop the quick and easy judgements
which are 50% likely to be wrong and trust the court.

Unfortunately even young political parties do not understand
this and have a tendency to do the shitstorm dance, which is
the fastest way to implosion of the political group. A good
example is what happened to Julia Schramm who did everything
right, yet 50% of pirate party members think she did something
wrong.

And the best way to get rid of an important political activist
is to attack them on whatever real or ficticious grounds. The
doubt will persist. Some shit will always stick. A classic
strategy for a political takeover of a group is two-headed:
One is the leadership figure who works hard to get on top of
the de-facto hierarchy while their right-hand wing-person has
the job of throwing themselves at any potential opponent.
Ironically the leader will then find ways to recover their
wing-person, just think of the Kohl/Schäuble team, so it isn't
even bad for person #2.

In the past six years I've seen some pigs fly and my conclusion
is that for a solid activist group to survive threats of take-
over or Zersetzung it takes a solid architecture of separation
of powers and a solid discipline to trust the justice system
rather than your own guaranteed-to-be-incomplete view of the
situation.

I have no idea if my scenario has anything to do with the
case at hand since I am disconnected from it, that's why 
I thought I may share some things learned from previous
activism in a generic philosophical way.

If you want to solve this dispute in a fair and reasonable
way for all, "elect" three unrelated people to be the jury,
have all affected persons tell their story to them in
person, Tox or PGP - then express a verdict and respect it.

Public KKK-style trial is certainly not the appropriate way.
In fact it is quite disgusting.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] A possible solution to traffic correlation attacks,

2016-06-05 Thread Not Friendly 
After about an hour of brain storming I may of found a way to stop traffic 
correlation attacks. The idea is to add an artificial delay of a few randomized 
ms (two separate delays, one to the tor exit and another deal on traffic 
exiting the network) and add an extra chunk of randomized data (just a small 
random amount of KB that never exits the network). It would make traffic harder 
to correlate. What are your thoughts on this?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] delete my email-address on mailing list

2016-06-05 Thread Juan Miguel Navarro Martínez 
You can do it yourself. There's information on how to at the footer of
all messages in this mail list.

El 05/06/16 a las 13:25, Renate Margarete Wöhltjen-Baumann escribió:
> please delete my email-address fom the mailing list. I will no more
> receiving any emails from tor-talk.
> 
> With kind regards, remawoba

-- 
Juan Miguel Navarro Martínez

GPG Keyfingerprint:
5A91 90D4 CF27 9D52 D62A
BC58 88E2 947F 9BC6 B3CF
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] delete my email-address on mailing list

2016-06-05 Thread Renate Margarete Wöhltjen-Baumann 
please delete my email-address fom the mailing list. I will no more 
receiving any emails from tor-talk.


With kind regards, remawoba
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Cari Machet 
i dont like this leader stardum fucked upness - dont have leaders and they
cant take them out - but while you are feeling bad for an elitist please
maybe take 1 second to recognize the put upon on this globe

the letter fr Tor states that they were aware of some things before so...


On Sun, Jun 5, 2016 at 9:11 AM, Ansley Dunbar 
wrote:

> I agree-- but I don't think it's a fully-fledged, far-fetched conspiracy
> theory.
>
> Tor has always been in and out of the news, sure, we all know that too
> well, but lately with the endless headlines of FBI! Child porn! Sex
> offenders! Gotta-catch-em-all! the media-hype-machine has all but cemented
> the idea that Tor = pedophiles into the minds of anyone who doesn't know
> better. These allegations about Jacob fit perfectly into that narrative. A
> cesspool for the sexually-deviant must have a sexually-deviant ring-leader,
> right?
>
> And not to single out GCHQ- because I'm sure the following is a common
> tactic- but it matches their old-ass model of "InfoOps" or using "Online
> Covert Action" to "make something happen in the cyber or real world" with
> the "~*~*~*~4-D's~**~*": Deny/Disrupt/Degrade/Deceive. (Decorative emphasis
> added by author)
>
>
> This is all so fucked up. I feel terrible for him.
>
>
>
> On 6/4/16 20:29, moosehad...@gmail.com wrote:
>
>>
>> On Jun 4, 2016, at 7:52 PM, Cecilia Tanaka 
>>> wrote:
>>>
>>> Nobody knows exactly what happened
>>>
>> If anything happened at all.
>>
>> Not to sound like a conspiracy theorist, but this sounds very much like
>> what happened to Assange.
>>
>> It's possible that all the allegations are true.
>> It's possible that an organization (maybe government) wants to destroy
>> his reputation to discredit him.
>>
>> And we'll never know 100%.
>>
>> Whatever the case may be, I think gossip and speculation on the personal
>> life of a former member is a little too off-topic, and the kind of thing
>> that makes people take sides and tear communities apart.
>>
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Cari Machet
NYC 646-436-7795
carimac...@gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet 

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Cari Machet 
it was umn ... sarcasm

that any organization has not inset into its guidelines ways of really
structurally dealing with sexual misconduct is profoundly unethical

just another way tor is super fucked up


On Sun, Jun 5, 2016 at 6:52 AM, Mirimir  wrote:

> On 06/04/2016 09:38 PM, Cari Machet wrote:
> > Why would any orginization ever set up best practices in order to really
> be
> > dealing with sexual misconduct of an employee ? Why consider such levels
> of
> > ethics ? Wierd.
>
> Because otherwise there will be expensive civil liability, no?
>
> > On Jun 5, 2016 3:59 AM, "Mirimir"  wrote:
> >
> > I don't see that this link to a statement from Shari Steele has been
> > posted yet: https://blog.torproject.org/blog/statement.
> >
> > She concludes: "We expect that this will be our only public statement."
> >
> > --
> > tor-talk mailing list - tor-talk@lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Cari Machet
NYC 646-436-7795
carimac...@gmail.com
AIM carismachet
Syria +963-099 277 3243
Amman +962 077 636 9407
Berlin +49 152 11779219
Reykjavik +354 894 8650
Twitter: @carimachet 

7035 690E 5E47 41D4 B0E5 B3D1 AF90 49D6 BE09 2187

Ruh-roh, this is now necessary: This email is intended only for the
addressee(s) and may contain confidential information. If you are not the
intended recipient, you are hereby notified that any use of this
information, dissemination, distribution, or copying of this email without
permission is strictly prohibited.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Any updates from Tor Project on ioerror?

2016-06-05 Thread Ansley Dunbar 
I agree-- but I don't think it's a fully-fledged, far-fetched conspiracy 
theory.


Tor has always been in and out of the news, sure, we all know that too 
well, but lately with the endless headlines of FBI! Child porn! Sex 
offenders! Gotta-catch-em-all! the media-hype-machine has all but 
cemented the idea that Tor = pedophiles into the minds of anyone who 
doesn't know better. These allegations about Jacob fit perfectly into 
that narrative. A cesspool for the sexually-deviant must have a 
sexually-deviant ring-leader, right?


And not to single out GCHQ- because I'm sure the following is a common 
tactic- but it matches their old-ass model of "InfoOps" or using "Online 
Covert Action" to "make something happen in the cyber or real world" 
with the "~*~*~*~4-D's~**~*": Deny/Disrupt/Degrade/Deceive. (Decorative 
emphasis added by author)



This is all so fucked up. I feel terrible for him.


On 6/4/16 20:29, moosehad...@gmail.com wrote:



On Jun 4, 2016, at 7:52 PM, Cecilia Tanaka  wrote:

Nobody knows exactly what happened

If anything happened at all.

Not to sound like a conspiracy theorist, but this sounds very much like what 
happened to Assange.

It's possible that all the allegations are true.
It's possible that an organization (maybe government) wants to destroy his 
reputation to discredit him.

And we'll never know 100%.

Whatever the case may be, I think gossip and speculation on the personal life 
of a former member is a little too off-topic, and the kind of thing that makes 
people take sides and tear communities apart.


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk