Re: [tor-talk] Hardened Tor Browser for Windows
Why does everyone keep doing this? Stop thinking about computing only from your perspective. It doesn't matter the reason why. People will want, will need a Windows version of Tor. That's why the client already exists. I am simply asking about getting the best version available to the public. Have the choice available for any informed user. It is not possible to install software in many environments (The Tor executable on Windows just extracts so please don't try to argue this point) so installing VirtualBox or using a LiveCD(DVD) or any of those other options are not available to everyone. Sometimes it is really not about "I do not know" or "I am not comfortable with Linux". On Mon, Oct 17, 2016 at 8:08 PM, Tamara Westwrote: > Excuse my ignorance but what exactly must happen for us to get a 64-bit > hardened Tor Browser for Windows? Not everyone in the world is running > Linux and not everyone can run Linux at work. I've been wondering about > this for awhile. Any info would be appreciated. TIA. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hardened Tor Browser for Windows
On 10/17/2016 08:19 PM, I wrote: >> From: miri...@riseup.net > >> Maybe he did. Cite? > > Did you just invent webcitation? No, just curious. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hardened Tor Browser for Windows
> From: miri...@riseup.net > Maybe he did. Cite? Did you just invent webcitation? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hardened Tor Browser for Windows
On 10/17/16 21:18, Mirimir wrote: > On 10/17/2016 06:50 PM, I wrote: >> >>> >>> Running Tor on Windows makes little sense, >> >> Didn't Roger ask for more operating system diversity and mention Windows? > > Maybe he did. Cite? > > But nevertheless, in my opinion, Windows is too snoopy. > The operating system diversity argument is most often focused on the issue of relays and the overwhelming Linux monoculture there. And while I don't touch Windows with any frequency and am not a fan of so much of the Microsoft approach, I think the notion (not from the original poster) that Windows users aren't relevant to a healthy Tor ecosystem is dangerous. The reality of anonymity is that quantity and accessibility, not just diversity, are vital. And since the fact is that most desktop users (discounting smart phones) are Windows users, I hardly think we can build a large, dispersed universe of anonymity-seeking users with the Linux desktop as the central vehicle. And Microsoft and its allies aren't necessarily the most immediate and conscious adversaries to all users. Ordinary users who don't use Linux (or other perceived "acceptable" OSs) are a vital component in the Tor network IMHO. Sure, open source is vital, but reality is much uglier. And let's be honest, a good portion of Linux desktop users are running Ubuntu, which had its own "call back to the mothership" issues (https://fixubuntu.com, eg). In terms of workplace hardware, there are plenty of places where outside devices are not welcomed.. although your smart phone is most likely a workable alternative. -- 5F77 765E 40D6 5340 A0F5 3401 4997 FF11 A86F 44E2 signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hardened Tor Browser for Windows
On 10/17/2016 06:50 PM, I wrote: > >> >> Running Tor on Windows makes little sense, > > Didn't Roger ask for more operating system diversity and mention Windows? Maybe he did. Cite? But nevertheless, in my opinion, Windows is too snoopy. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hardened Tor Browser for Windows
> > Running Tor on Windows makes little sense, Didn't Roger ask for more operating system diversity and mention Windows? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hardened Tor Browser for Windows
On 10/17/2016 06:08 PM, Tamara West wrote: > Excuse my ignorance but what exactly must happen for us to get a 64-bit > hardened Tor Browser for Windows? Not everyone in the world is running > Linux and not everyone can run Linux at work. I've been wondering about > this for awhile. Any info would be appreciated. TIA. Running Tor on Windows makes little sense, given how much activity gets logged, and how much gets reported to Microsoft. If you must use Windows, at least use VirtualBox and run Whonix. While there's no real isolation from the host OS, it's better than nothing. Anyone can run Linux at work, on their own hardware. And running Tor on employer-owned hardware, without permission, may well get one fired. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Hardened Tor Browser for Windows
Excuse my ignorance but what exactly must happen for us to get a 64-bit hardened Tor Browser for Windows? Not everyone in the world is running Linux and not everyone can run Linux at work. I've been wondering about this for awhile. Any info would be appreciated. TIA. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor 0.2.9.4-alpha is released
Hi, all! There is a new alpha release of the Tor source code, with fixes for a security bug. You should probably upgrade as packages become available. (If you are about to reply saying "please take me off this list", instead please follow these instructions: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-announce/ . You will have to enter the actual email address you used to subscribe.) You can download the source from the usual place on the website. Packages should be up within a few days. If you maintain an older version of Tor, you can find backported patches for this fix at https://trac.torproject.org/projects/tor/ticket/20384 . (There is also a concurrent release of Tor 0.2.8.9; for stable releases, see tor-announce@ or the blog. Changes in version 0.2.9.4-alpha - 2016-10-17 Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor that would allow a remote attacker to crash a Tor client, hidden service, relay, or authority. All Tor users should upgrade to this version, or to 0.2.8.9. Patches will be released for older versions of Tor. Tor 0.2.9.4-alpha also adds numerous small features and fix-ups to previous versions of Tor, including the implementation of a feature to future- proof the Tor ecosystem against protocol changes, some bug fixes necessary for Tor Browser to use unix domain sockets correctly, and several portability improvements. We anticipate that this will be the last alpha in the Tor 0.2.9 series, and that the next release will be a release candidate. o Major features (security fixes): - Prevent a class of security bugs caused by treating the contents of a buffer chunk as if they were a NUL-terminated string. At least one such bug seems to be present in all currently used versions of Tor, and would allow an attacker to remotely crash most Tor instances, especially those compiled with extra compiler hardening. With this defense in place, such bugs can't crash Tor, though we should still fix them as they occur. Closes ticket 20384 (TROVE-2016-10-001). o Major features (subprotocol versions): - Tor directory authorities now vote on a set of recommended subprotocol versions, and on a set of required subprotocol versions. Clients and relays that lack support for a _required_ subprotocol version will not start; those that lack support for a _recommended_ subprotocol version will warn the user to upgrade. Closes ticket 19958; implements part of proposal 264. - Tor now uses "subprotocol versions" to indicate compatibility. Previously, versions of Tor looked at the declared Tor version of a relay to tell whether they could use a given feature. Now, they should be able to rely on its declared subprotocol versions. This change allows compatible implementations of the Tor protocol(s) to exist without pretending to be 100% bug-compatible with particular releases of Tor itself. Closes ticket 19958; implements part of proposal 264. o Minor feature (fallback directories): - Remove broken fallbacks from the hard-coded fallback directory list. Closes ticket 20190; patch by teor. o Minor features (client, directory): - Since authorities now omit all routers that lack the Running and Valid flags, we assume that any relay listed in the consensus must have those flags. Closes ticket 20001; implements part of proposal 272. o Minor features (compilation, portability): - Compile correctly on MacOS 10.12 (aka "Sierra"). Closes ticket 20241. o Minor features (development tools, etags): - Teach the "make tags" Makefile target how to correctly find "MOCK_IMPL" function definitions. Patch from nherring; closes ticket 16869. o Minor features (geoip): - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2 Country database. o Minor features (unix domain sockets): - When configuring a unix domain socket for a SocksPort, ControlPort, or Hidden service, you can now wrap the address in quotes, using C-style escapes inside the quotes. This allows unix domain socket paths to contain spaces. o Minor features (virtual addresses): - Increase the maximum number of bits for the IPv6 virtual network prefix from 16 to 104. In this way, the condition for address allocation is less restrictive. Closes ticket 20151; feature on 0.2.4.7-alpha. o Minor bugfixes (address discovery): - Stop reordering IP addresses returned by the OS. This makes it more likely that Tor will guess the same relay IP address every time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027. Reported by René Mayrhofer, patch by "cypherpunks". o Minor bugfixes (client, unix domain sockets): - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as the client address is
Re: [tor-talk] ExcludeExitNodes doesn't take effect at all.
2016-10-17 20:23 GMT+08:00 Geoff Down: > > > On Mon, Oct 17, 2016, at 02:49 AM, Hongyi Zhao wrote: >> The command for obtaining the ExcludeExitNodes list is as follows: >> >> $ curl -s https://collector.torproject.org/recent/exit-lists/ | grep >> -E -m1 'href=\"[0-9-]+\"' | tr '"' '\n' | grep -E '^[0-9-]+' | xargs >> -r -I{} curl -s https://collector.torproject.org/recent/exit-lists/{} >> | grep -Po '(\d+\.){3}\d+' | paste -sd, >> > It looks like you are extracting the IP addresses. It should be the > fingerprints. But, from the in-place manual page of tor, I can find the following description: - | ExcludeExitNodes node,node,... | A list of identity fingerprints, country codes, and address | patterns of nodes to never use when picking an exit node---that is, | a node that delivers traffic for you outside the Tor network. Note | that any node listed in ExcludeNodes is automatically considered to | be part of this list too. See the ExcludeNodes option for more | information on how to specify nodes. See also the caveats on the | "ExitNodes" option below. --- As you can see, all of the fingerprints, country codes, and address patterns can be acceptable for using as ExcludeExitNodes. Why you say that: "It should be the fingerprints."? As a result, I still cann't figure out what's the reason for my original issue posted in this thread. Regards > GD > > -- > http://www.fastmail.com - Access all of your messages and folders > wherever you are > -- Hongyi Zhao Xinjiang Technical Institute of Physics and Chemistry Chinese Academy of Sciences GnuPG DSA: 0xD108493 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] ExcludeExitNodes doesn't take effect at all.
On Mon, Oct 17, 2016, at 02:49 AM, Hongyi Zhao wrote: > The command for obtaining the ExcludeExitNodes list is as follows: > > $ curl -s https://collector.torproject.org/recent/exit-lists/ | grep > -E -m1 'href=\"[0-9-]+\"' | tr '"' '\n' | grep -E '^[0-9-]+' | xargs > -r -I{} curl -s https://collector.torproject.org/recent/exit-lists/{} > | grep -Po '(\d+\.){3}\d+' | paste -sd, > It looks like you are extracting the IP addresses. It should be the fingerprints. GD -- http://www.fastmail.com - Access all of your messages and folders wherever you are -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] assign_to_cpuworker failed. Ignoring
Hello, I found my tor node consuming more CPU than normal since Oct 16 22:13:57.000 (CEST). Also the message form the subject line is logged very often. Memory consumption was higher too. Restarting tor fixes the memory consumption as well as the logging issue but the CPU load remains higher than usual. What is happening? Kind regards, Udo -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk