[tor-talk] Deep Web Business Models
I'm taking this as a good sign that real businesspeople are starting to get interested in deep web marketplaces, where customer data isn't the primary product. Here's one investor's thoughts, http://joel.mn/post/108657860988/deep-web-marketplaces -- Andrew +1-781-948-1982 https://www.torproject.org/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wrong links on Tor Browser download page
On 10/16/2014 02:51 PM, Roger Dingledine wrote: Confirmed. It looks like Andrew was the last to push to the website -- Andrew, can you check your ./publish process and make sure that it includes an 'svn update' before the build and push step? Or can you otherwise try to figure out what went wrong to avoid doing it again? :) Nothing wrong on this side. My script is this, https://svn.torproject.org/svn/website/trunk/publish I've pushed a new (up-to-date) version of the website in the meantime. I just re-pushed to fix the broken homepage. I think all of this pushing the website has left the webserver mirroring process out of sync. Some webservers are up to date, others not. I just forced a sync to all webservers. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Random Networking Upgrades That May Be Of Use In Tor 2
On 2014-10-09 21:17, Ben Healey wrote: Here's some info that may be of use in Tor. Hello Ben, Your past two emails have little to nothing to do with Tor. Please post relevant topics in the future. Thanks. -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wikimedia and Tor
On 2014-10-01 09:57, Derric Atzrott wrote: About once a year the topic of Tor comes up on Wikimedia's technical mailing list. I recently raised the topic again. For those who aren't aware of the situation, currently Wikimedia blocks all edits from Tor users. We are trying to find a way that it might be possible for us to lift that block, while not exposing ourselves to the abuse that seems to inevitably come from Tor and other proxy services. Hello Derric, Thanks for joining the list and starting the conversation. Are there data sets or statistics which quantify tor usage at wikimedia? It might help to frame the discussion if we know the scale of the tor usage or the problem we're trying to address. How does wikimedia handle other proxy and VPN users for logins and edits? Would these solutions work for tor users as well? I imagine the vast majority of tor users are just simply trying to get around Internet censorship of some kind; like that at a national level, public schools, restrictive businesses, or free cafe wifi, etc. Thanks. -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How does Tor help abuse victims?
On 2014-10-01 13:20, Sebastian G. bastik.tor wrote: I appear to lack imagination on how Tor helps abuse victims. Since some of you are involved with some organizations working in that field, I hope you give some insight. Personally I see no benefit in using Tor from the point of view of an abuse victim. Beside the properties why anyone could use Tor. Tor is a tool in a toolbox full of options. It alone isn't going to solve all the problems experienced by a victim. Tor Browser, Tails, and Whonix do provide relief from the constant surveillance experienced by victims. They are tools which give back to a victim a small slice of control over their lives. It helps them feel safe for a period of time, when otherwise there are only risks, dangers, and threats. When working with victims of abuse, the understanding and demystifying of technology is a big help. Helping someone understand how they are being controlled through technology is a huge confidence builder. Helping the person understand how their abuser is using technology makes the other seem far less omnipotent and powerful. Abuse is about power and control. Anything which can return some power and control to the victim does help in immeasurable ways. After the victim feels safe, then we can talk about ways to safely communicate with others, such through OTR-enabled chat, Tor Browser to visit survivor forums safely, and other means of safely using the Internet. -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
On 2014-10-01 17:40, Patrick wrote: Hi everyone, Over the past few weeks, I've talked with a number of Tor people about how the project is portrayed in the media. As a reporter on this beat, the many legitimate criticisms the community have had strike pretty close to home for me. I don't think I need to tell this list why Tor's portrayal in the media is important, now more than ever. So, with the blessing and encouragement of a couple of official Tor people, I've got a question to ask of tor-talk (secure contact info follows at the bottom of the message): -- What untold but important stories about Tor are you willing to share? Hello Patrick, Thanks for joining the list and starting a conversation. And thanks for caring how Tor is portrayed in the media, and trying to do something about it. The first four places I send reporters asking about hidden services are: 1. DuckDuckGo 2. PubLeaks and StrongBox 3. Wildleaks, https://wildleaks.org/ 4. The Hermes Center for Transparency and Digital Human Rights, http://logioshermes.org/ There are others out there, but the organizations don't want any publicity at all. -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor in the media
On 2014-10-02 14:15, z9wahqvh wrote: as I've asked before, I would appreciate any metrics, stats, or other data that can back up claims of this sort, as well as means by which reporters and researchers can assess them. Luckily, we have DARPA working to find out these metrics and stats, see http://www.darpa.mil/Our_Work/I2O/Programs/Memex.aspx -- Andrew https://www.torproject.org/ +1-781-948-1982 pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
On 09/22/2014 05:42 PM, grarpamp wrote: What's the trac ticket for these, or this sort of thing? https://trac.torproject.org/projects/tor/ticket/11515 Sourceforge/Dice don't care. We even sent them snail mail to no effect. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Comcast looking for Tor traffic, contacting customers to threaten termination of service.
On 09/13/2014 06:35 PM, The Doctor wrote: Reports have surfaced that Comcast agents have contacted customers using Tor and instructed them to stop using the browser or risk termination of service. A Comcast agent named Jeremy allegedly called Tor an “illegal service.” The Comcast agent told its customer that such activity is against usage policies. http://www.deepdotweb.com/2014/09/13/comcast-declares-war-tor/ And the counter, http://corporate.comcast.com/comcast-voices/setting-the-record-straight-on-tor -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Misogyny on tor-talk is an existential threat to Tor
On 09/15/2014 07:35 PM, Zenaan Harkness wrote: Those who matter do. A well written article or two on such things would undoubtedly be useful on occasion to point to, and in this (type of) thread in particular, it seems to me that referring to such an article early on may be about the most effect response to the initial post possible. Fortunately, there have been: http://motherboard.vice.com/read/tor-is-being-used-as-a-safe-haven-for-victims-of-cyberstalking http://betaboston.com/news/2014/05/07/as-domestic-abuse-goes-digital-shelters-turn-to-counter-surveillance-with-tor/ -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Misogyny on tor-talk is an existential threat to Tor (was: Re: Comcast looking for Tor traffic, contacting customers to threaten termination of service.)
I just read through this massive thread. I agree with killing the thread. The topic is important, but now no longer constructive for tor-talk. Please no more replies to the thread. Thanks. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] What should our 31c3 talk be?
On 09/08/2014 08:05 PM, Roger Dingledine wrote: The 31c3 talk proposals are due this coming Sunday: http://events.ccc.de/2014/07/12/31c3-call-for-participation-en/ I wonder what would be the most useful topic for this year? Let the community speak about Tor and tell their stories about usage. Let the Syrian woman who used Tor get on stage and tell her story, augmented by technical details of what we've seen in Syria. I think this is a far better use of an hour at 31C3 than another technical talk about Tor. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] how many verify their tbb ?
On Sun, Jul 27, 2014 at 02:09:12PM +1000, shm...@riseup.net wrote 0.3K bytes in 0 lines about: : are there any stats available to see the % of people who verify their : tbb download (cross ref same IP for both the .xz and .asc or shasum txt : file ???) as a % of total tbb downloads ? Here's a rough idea from my website mirror: Since 20 July 2014: cat access.log| cut -d -f7 | grep tor*browser | grep -v html| grep -v png| sort | grep -cv .asc 9122 cat access.log| cut -d -f7 | grep tor*browser | grep -v html| grep -v png| sort | grep -c .asc 1624 This includes all requests (404, 200, 302, etc). So roughly, 9122:1624 or 18% if I did my top-of-the-head math right. And technically, this is just requests for the .asc file, no idea if the person/bot actually ran gpg --verify on it. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Phishing in the Wild // Old Sigs
On 06/24/2014 04:25 PM, Rich Jones wrote: I'm just posting this stuff here for analysis and discussion, not because I need the tech support. But good advice if there were those out there who fell for this scam. Thanks Rich. I've opened https://trac.torproject.org/projects/tor/ticket/12458 to track progress. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Non-free country law preventing Tor from getting donations
On 06/14/2014 03:21 AM, Sebastian G. bastik.tor wrote: That has to be a violation of your rights. It's the law in the USA. Regardless of how one feels about it, it's currently against the law. The citizen resided in a country as listed as a State Sponsor of Terrorism, https://en.wikipedia.org/wiki/State_Sponsors_of_Terrorism According to the advice we received, financial transaction is defined broadly to encompass many things, possibly including bitcoins/dogecoins/and other coins. There are many battles Tor can fight, this is not one of them. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Including Tor into millions of products.
On 06/14/2014 03:09 AM, Sebastian G. bastik.tor wrote: The questions that pop in my head are: 1) What kind of products are that? (Businesses or End-Consumer market?) Yes and yes. 2) What is the intended use-case? (Usage of the Tor network? Contribution to the Tor network? Both?) Privacy through Tor. 3) In any case, doesn't that make you face some challenges? (Scalability, resources for downloads, size of consensuses, possibly bridges cause trouble, e.g. the bridgeDB has to maintain a pool of millions of bridges, maybe.) Yes, many challenges. 4) In the case of those things being relays, can one predict what the effect on network diversity will be? With the current public tor network, implosion. We almost survived 5 million bots barely using the tor network. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Norse Darklist, for blocking Tor
On 06/10/2014 06:17 PM, grarpamp wrote: http://www.norse-corp.com/darklist.html The world's first comprehensive blacklist of the Internet's highest risk IPs. IPs are for routing, not reputation. Ugh. -- Andrew pgp 0x6B4D6475 https://www.torproject.org/ +1-781-948-1982 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Financials [was: General...proxy]
On Tue, May 27, 2014 at 04:37:39AM -0400, grarp...@gmail.com wrote 1.1K bytes in 0 lines about: : : https://blog.torproject.org/blog/transparency-openness-and-our-2012-financial-docs : : 2011 Expenses pie chart : Where is rent, legal, internet/hosting, marketing, capex? It's buried in the audit report, https://www.torproject.org/about/findoc/2012-TorProject-FinancialStatements.pdf. We'll have 2013 out soon. Guidestar does some of this parsing of the 990 and financial statements as well, https://www.guidestar.org/organizations/20-8096820/tor-project.aspx There's an open ticket about this as well, https://trac.torproject.org/projects/tor/ticket/10013 -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] DOJ's Tor traffic estimates - reference?
On Mon, May 26, 2014 at 09:41:50PM -0400, grif...@cryptolab.net wrote 0.6K bytes in 0 lines about: : Ahhh, many thanks for the clarification. Details on this were very : spotty, and I didn't want to speculate. It would be safe to assume details are still spotty. Until someone actually publishes a their numbers, this is the best we have. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] ICANN and .onion
On Mon, May 19, 2014 at 11:24:06AM +0200, pipat...@gmail.com wrote 1.5K bytes in 0 lines about: : I think that's a rather arrogant point of view. If it was not a Tor : problem, .onion would not be needed in the first place. Tor developers do : seem to work hard on making it difficult for a user to accidentally leak : information, so simply saying that users failing to redirect dns into tor : is not a tor problem is a little counterproductive. This is a testable problem, right now. Setup your own DNS server, define .onion as a valid TLD, fire up tor, watch for any and all queries to your custom tld on your dns server. Banks and large enterprises setup custom tld's all the time for their intranets and internal apps. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] ICANN and .onion
On Sun, May 18, 2014 at 07:39:24PM +0200, pipat...@gmail.com wrote 0.9K bytes in 0 lines about: : 2) Has Tor applied to ICANN about the .onion domain, or discussed the pro : and con of doing this? We didn't apply, but when inquiring about it, they wanted us to provide trademark proof (which we have) and prepare to bid $100,000-500,000 for the domain. We can do far better things with that money than get a tld. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Disabling the warning for self signed certificates in Tor Browser
On Wed, Apr 23, 2014 at 09:07:02AM +, antispa...@sent.at wrote 2.2K bytes in 0 lines about: : A self-signed certificate is better than no certificate. Given the : trouble with a CA, it might be just as good as a CA certificate. Perhaps a better complaint for Mozilla than Tor. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Plans to bring safe Firefox to Android?
On Wed, Apr 02, 2014 at 10:52:45PM +, anonymous.cow...@posteo.de wrote 1.9K bytes in 0 lines about: : Thus, is there plans to create a Firefox for mobile that is safe to use : with Tor? Just like the browser bundle for desktop systems. Guardian recommends using Firefox with Proxymob. They don't recommend orweb anymore. There is a plan for Tor Browser equivalent for Android, but I don't think there is a solid plan at this point. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Project and Youtube is blocked in Turkey too
On Thu, Mar 27, 2014 at 05:01:00PM +0200, kusbu...@riseup.net wrote 0.6K bytes in 0 lines about: : Today, Tor Project and Youtube websites are blocked in Turkey by the : biggest Turkish ISP, TTNet. However, other ISPs in Turkey will block them : too. Besides, I'm not sure they're going to block Exit Nodes in days to : come but probably they'll. Hello Kus, Thanks for fighting the good fight. I recently had a similar experience in Egypt, where just about everyone thinks Tor is for criminals, etc. Yet, most of them used Tor in 2011 during their most recent revolution. The first step to the end goal of censorship is surveillance. The Internet might seem like the ultimate tool for free speech, but without tools to protect our privacy, unwanted surveillance online can post a serious threat. Every day around the world, people are using Tor to protect their online privacy, whether they're concerned about surveillance by corporations, their government, or someone else. This is also true for circumventing Internet censorship. Tor, like all technology, can be used for good or bad. Kitchen knives, iPhones, and automobiles are used every day for both good and bad, yet no one is advocating a ban of these technologies. If someone starts a crime wave with crowbars, do you ban crowbars? Then hammers? Then tire irons? The morality is in the user of the technology, not the technology itself. The same Tor that's being maligned in the press is used daily by law enforcement agents to successfully hunt down horrendous criminals by protecting the identity and privacy of the agent. Tell us how we can help Turkey defeat this attempt to censor the Internet. And again, thanks for blogging about Tor in Turkey. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Pissed off about Blacklists, and what to do?
On Sat, Mar 08, 2014 at 05:22:14AM -0500, grarp...@gmail.com wrote 3.6K bytes in 0 lines about: : Theory: Tor is being blocked mostly due to negative news media : perception, and kneejerk catchall solutions taking the cheap and : dumb route to systems and policy... not due to balanced acceptable : facts and specific measures therein... and you have to combat those : errors appropriately with facts and things of your own. One situation not helping the overall blocking situation is the censorship companies enable tor blocking by default. Company A buys some equipment, takes the defaults, and therefore blocks Tor. There was never a discussion about what should or should not have been blocked. It's automatic in the firewall/nat/gateway/perimeter device. Our own funders at the NSF and State Dept have run into this exact situation. The Program Managers try to visit torproject.org, or wiki.torproject.org, and are told Tor is a proxy/circumvention site and blocked for that reason. The PM's sane response is yes, this is exactly why we fund them! And then the PM runs into the bureaucracy of IT and gives up. They then just bring to work TorBrowser on a USB drive and circumvent their own IT censorship, like millions of citizens do daily with their governments. Perhaps focusing efforts to stop the censorware providers from blocking Tor by default will go a long way to making the Internet more tor-friendly. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Torproject frontpage content
On Sat, Mar 08, 2014 at 05:00:04AM -0500, grarp...@gmail.com wrote 0.9K bytes in 0 lines about: : Noticed that the frontpage mentions location/anonymity : but doesn't actually say anything about encryption shielding : your thoughts and interactions from your first hop ISP/employer/wifi/etc. : Location is a big part, but the encryption is equally worthy of mention. : ie: 'why anonymity matters' has two parts... location and encryption. : 'from learning what sites you visit' doesn't tell the full story, it needs : a layman 'what you / your party says' component. : Keep in mind that many people don't 'get' or like anonymity, but they : do get keeping convo private from nearby peepers before coming to : understanding the greater anon thing. Thanks for the feedback, submit a patch? : Also, the 'get involved with tor' link is just standing like thumb out of : place in that top left quadrant of 'about/what/why tor' sales stuff. The paragraph above it needs a few more words to make it not look so lonely. Patches welcome! -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Pissed off about Blacklists, and what to do?
On Sat, Mar 08, 2014 at 08:06:11PM +0100, li...@infosecurity.ch wrote 1.4K bytes in 0 lines about: : From a Security-Wise point of view, if i was the IT Security Manager : of a company, i would definitively block Tor's access to my IT : infrastructure. As a former head of IT for a global company, we made blocking decisions based on data. Blocking was enabled for targeted attacks for limited amounts of time. Infected clients were far, far more problematic than open proxies, vpns, etc. Mass-hosting facilities were far more problematic than open proxies, vpns, etc. Tor barely came up on the list ever. If your goal is to make your information available to any potential or current customer, blocking them is a bad business move. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Problems installing Tor on my server
On Mon, Mar 03, 2014 at 10:47:47PM +, d.dr...@gmail.com wrote 2.1K bytes in 0 lines about: : I'm trying to install Tor on my Centos5 server. I have been running an old : version of Tor as a relay for several years, installed via yum from one of : the Centos repos. I realised I wasn't doing anyone any favours by running : an old version, and decided to upgrade. Your version of CentOS is very old. If you don't want to upgrade it, then you're going to have to compile Tor (and probably libevent and openssl) yourself. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor plugin for Nagios
On Sun, Mar 02, 2014 at 08:41:13AM +0300, r...@goodvikings.com wrote 1.6K bytes in 0 lines about: : Heya List Please use tor-relays OR tor-talk, don't cross lists. -- Andrew pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Adblock for everyone
On Sun, 6 Oct 2013 05:18:18 -0400 (EDT) Alice Anderson foxacidprob...@aol.com wrote: Why you have HTTPSEverywhere and Noscript by default but not Adblockplus on TBB package? it really helps and blcok major tracking companies like Google Facebook ... Tor is not perfect, as almost all web pages have inserted at least one of these trackers on their page's source, one mistake is enough to compromise our privacy. Adblock solve this problem by just blocking these third parties. another danger of these third parties is FoxAcid codes! Facebook button is the best place for FoxAcid calls. please insert adblock by default on TBB package, if not explain why? Adblock whitelists certain advertising companies and ads themselves: See https://adblockplus.org/en/acceptable-ads and http://searchenginewatch.com/article/2280451/Google-Paying-to-Have-Ads-Whitelisted-on-AdBlock-Plus See #5 under https://www.torproject.org/projects/torbrowser/design/#philosophy No filters Site-specific or filter-based addons such as AdBlock Plus, Request Policy, Ghostery, Priv3, and Sharemenot are to be avoided. We believe that these addons do not add any real privacy to a proper implementation of the above privacy requirements, and that development efforts should be focused on general solutions that prevent tracking by all third parties, rather than a list of specific URLs or hosts. Filter-based addons can also introduce strange breakage and cause usability nightmares, and will also fail to do their job if an adversary simply registers a new domain or creates a new url path. Worse still, the unique filter sets that each user creates or installs will provide a wealth of fingerprinting targets. As a general matter, we are also generally opposed to shipping an always-on Ad blocker with Tor Browser. We feel that this would damage our credibility in terms of demonstrating that we are providing privacy through a sound design alone, as well as damage the acceptance of Tor users by sites that support themselves through advertising revenue. Users are free to install these addons if they wish, but doing so is not recommended, as it will alter the browser request fingerprint. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BBG and Tor funding
On Fri, 4 Oct 2013 23:49:47 +0100 mick m...@rlogin.net wrote: • This article was amended on 4 October after the Broadcasting Board of Governors pointed out that its support of Tor ended in October 2012. Actually, the BBG contract ended in June 2013. So. How does this square with BBG's alleged support for financing new fast exit relays? That's from 2012. Wau Holland and Moritz found funding to keep it going. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] development interests
On Thu, 26 Sep 2013 10:29:14 -0400 David Green dgrin...@gmail.com wrote: I imagine, like homebrew (mainly for PPC), I would like to eventually set-up a web-site, or sourceforge presence, for *Luddite* like myself ;) Back when I had an OS X 10.4 PPC machine, I had to compile everything myself, this is tor, openssl, zlib, libevent, etc. You can't use much in the base OS anymore. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] development interests
On Thu, 26 Sep 2013 12:22:54 -0400 David Green dgrin...@gmail.com wrote: I have an Intel and it is possible I shall have to compile the openssl. Assume you're compiling everything. With unsupported OSes, you'll learn to love gcc and its quirks. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor companies
On Mon, 23 Sep 2013 13:14:17 -0700 coderman coder...@gmail.com wrote: in addition The Tor Project, Inc. there appears to be related: Tor Solutions Corporation - Tor Solutions Corporation in Walpole, MA is a private company categorized under Website Design Services. Our records show it was established in and incorporated in Massachusetts. This is our for-profit small business wholly owned by the non-profit, The Tor Project, Inc. A number of places won't do business with a non-profit, only for-profit entities. In this case, a small business was a requirement of BBG to get the recently expired contract. The financials are merged into the non-profit to force transparency and keep everyone involved honest. You can see this show up in our 2012 financial statements and 990 filing. Tor Solutions Group - unknown. No idea what this is. I suspect it is a typo, or someone else created a company and got it funded through BBG for unknown work. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Bandwidth Scheduling for Relays
On Thu, 12 Sep 2013 17:34:43 +0300 Lars Noodén lars.noo...@gmail.com wrote: I have a feature request. It would be nice for a future version of Tor to allow scheduling at least one alternate values for RelayBandwidthRate and RelayBandwidthBurst for a span of time. This would allow relays to operate at higher speeds when their host network is normally less active. Sounds great. We just need some code, https://trac.torproject.org/projects/tor/ticket/2740 -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] GCHQ 'Tor Events' Capture... (scribd.com)
On Tue, 10 Sep 2013 17:09:30 +0200 Eugen Leitl eu...@leitl.org wrote: http://www.reddit.com/r/TOR/comments/1m3jum/gchq_tor_events_capture/ https://blog.torproject.org/blog/tor-nsa-gchq-and-quick-ant-speculation -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor browser can be fingerprinted
On Wed, 11 Sep 2013 12:50:41 -0400 (EDT) Marthin Miller torprob...@aol.com wrote: Hi. The main problem for what you made public as Tor software is that it uses 1024bit RSA keys which can be cracked in a few hours and compromise Tor path. Do you have a source for this claim? All I've seen is speculation about what the NSA or GCHQ can possibly do. but Tor browser have another big problem also which compromise user's anonymity (fixing it is very simple). i checked out http://browserspy.dk/screen.php from different machines running Tor. problem is screen resolution is kind of unique! Maybe still relevant, https://blog.torproject.org/blog/effs-panopticlick-and-torbutton Also if you let users choose how much security they want that's better (for example choose high padding and time delay on relays if security have more priority than speed) This is not so clear, but there's a ticket for it just the same, see https://trac.torproject.org/projects/tor/ticket/9387 -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Financial Transparency
On Fri, 30 Aug 2013 02:16:06 -0700 Mike Perry mikepe...@torproject.org wrote: 3. Find better meds 4. Go fuck off Personal attacks like this are unacceptable. Let's keep it mature and civil, even in the face of immaturity and incivility on other sides. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and Financial Transparency
On Wed, 28 Aug 2013 10:18:31 -0700 bm-2d9whbg2vekslcsgbtplgwdlqypizsq...@bitmessage.ch wrote: Despite this transparency on Tor's own website, Tor's Sponsors page at https://www.torproject.org/about/sponsors.html.en currently lists its largest donor as an anonymous NGO. Isn't SRI an anonymous North American NGO only in the sense that Halliburton or Lockheed Martin could be considered a North American NGO? For the record, I haven't updated the sponsors page for 2012 yet. On my todo list. Second, an anonymous North American NGO isn't SRI, it's someone else we can't list due to contract legalities. The smart investigator will figure it out. In all cases, the financial statements and filed forms are the canonical source for information. They're filed with various US and Swedish Government agencies and are legally binding. The website sponsor page is trying to distill 50+ pages of dense forms for the lay person. In the future, opening a ticket, https://bugs.torproject.org, is a fine way to raise the issue as well. Bonus if it comes with a patch. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Isn't it time to ADMIT that Tor is cracked by now??
On Mon, 26 Aug 2013 17:48:57 -0300 Juan Garofalo juan@gmail.com wrote: Yeah. I find it kind of odd that no one here is saying anything about freedom hosting. I saw some discussion in Roger Dingledine's blog, but it was just one post (plus hundred of comments), but a blog isn't the best medium for discussion, it seems. Because, we don't have any more data as to what happened to FH. We, as the public, still have no idea who is responsible for the FH takedown. What we, as Tor, know is on our blog. There are lots of rumors out there but zero source information as far as I can tell. Feel free to point me at first person interviews about FH and who injected javascript and then took it down. If I were a betting man, I'd bet an exploit in the php or apache software which ran on FH before I look at cracking hidden services themselves. I believe Roger basically said this in his response about the Dutch police cracking sites in the past. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Exit bridges / Tor VPN terminals
On Thu, 22 Aug 2013 20:20:52 -0400 grarpamp grarp...@gmail.com wrote: There are no official exit bridges provided as part of Tor network. However you could setup your traffic to go through Tor to a regular VPN or proxy service and then exit to the destination you want. - This exit bridges is interesting idea. I know of a few orgs which run an exit relay, but set PublishServerDescriptor 0 option so only their social graph knows of the exit relay. I forget how they force their exit relay when they need it, but I've seen it work and the orgs are happy with their solution. One can probably do the same thing with a bridge. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Check Problem?
On Thu, Aug 08, 2013 at 11:21:40PM -0400, and...@torproject.is wrote 0.4K bytes in 0 lines about: : It seems we're getting a flood of IPv6 traffic to the server. We're : investigating. Looks most like someone was trying to use tordnsel wrong and flooded the server with queries for every page view of their site checking if tor or not. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Check Problem?
On Thu, 08 Aug 2013 20:10:31 -0400 Webmaster webmas...@felononline.info wrote: anyone know whats going on with tor check? It seems we're getting a flood of IPv6 traffic to the server. We're investigating. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: Freedom Hosting Owner Arrested, Tormail Compromised, Malicious JS Discovered
On Mon, 05 Aug 2013 06:34:10 +0300 bpmcontrol bpmcont...@gmail.com wrote: did not see this here, might interest some. https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting -- Andrew http://tpo.is/contact pgp 0x6B4D6475 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Ninja Stik?
Anyone used one of these ninja stik usb drives? http://www.ninjastik.com It seems to be stock ubuntu with tor installed. People keep coming to me asking how come we called it ninja stik and why we used ubuntu when we have tails. The first question is why people think we produce it at all. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Recommended method for updating an existing TBB
On Fri, 28 Jun 2013 09:08:06 -0700 (PDT) Cat S catslove...@yahoo.com wrote: Good luck finding anything that's not completely obvious on the Tor Project website or these mailing lists . . . if we had a Tor forum finding your answer would have been super simple and you wouldn't have had to even ask this question. We do need a better search function for all of our sites. There was a plan to use startpage, https://trac.torproject.org/projects/tor/ticket/6454. And there was a yacy search engine we were testing for only *.torproject.org, but it didn't work so well. We're open to better search suggestions for a custom *.torproject.org search. It's easy to complain about lack of forum, harder to do something about it. A forum won't solve your search problem, as most of us will still use the mailing lists. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Recommended method for updating an existing TBB
On Fri, 28 Jun 2013 17:30:32 -0700 (PDT) Cat S catslove...@yahoo.com wrote: I'm not the one asking for help here, the thread starter is, that's person you should be addressing in terms of helping him/her search. And maybe you need to search a little more too, considering what you suggested seems at add to what Mike suggested. Sounds like we need a wiki page with community guidelines and reasons why these are the guidelines. believe?! A forum would solve that problem. But I digress, I'll let you get back to claiming this is *my* search problem . . . A forum will just result in endless threads of ideas, just like a mailing list, and newbs won't read through 5 pages of 50 posts from random people. And at least I have attempted to setup a forum for Tor, I even asked you where to put the server over a year ago. Please don't try to suggest I'm all hot air, pffft, far from it. Setup a forum for the tor community, get the community to use it, it becomes the tor forum. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Recommended method for updating an existing TBB
On Fri, 28 Jun 2013 12:44:53 +1000 bvvq beveryveryqu...@lavabit.com wrote: How do other users update their existing TBB software? Are my steps for updating incorrect or unsafe? Is there a recommended method for updating an existing TBB software? Extracting over existing Tor Browser is strongly discouraged. Installing plugins and changing settings is strongly discouraged. Export your bookmarks. Wipe the existing Tor Browser directory. Extract the new TBB. Import your bookmarks. Or just use firefox sync with a throwaway/anonymous email account. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Directory Listing (Apache) Bug Found on torproject.org
On Mon, 24 Jun 2013 23:57:01 +0500 Ali Hasan Ghauri alihasangha...@hotmail.com wrote: It is Directory Listing (Apache) . An attacker can see the files located in the directory and could potentially access files which disclose sensitive information . This is by design. The smarter attacker would just download the website source in svn, https://svn.torproject.org/svn/website/trunk/. Like any smart company, we have no sensitive files on our websites. Many websites pay bug bounty to researcher who report the bug yo them . Can you ? Thanks for the hint, but as these aren't bugs, nothing to report here. In the future, please don't cross lists. Pick one and stick with it. Thanks. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Until there's a REAL effing way to communicate, that evey1 can use, I'm DONE
On Wed, 19 Jun 2013 06:27:05 -0700 (PDT) Cat S catslove...@yahoo.com wrote: 1. Why is it you didn't answer my main question, that I and others have asked (in and out of my thread): Where did the money go that was earmarked for the forum? please answer that question specifically. The money went to staff and contractors to get Ask running. As we were running out of money, we decided spending it on getting something running at StackExchange was a better use of the money. 2. Why is it that you didn't bother to add anything to this thread except killing it? Because people are complaining about it and we've had this forum or not discuss twenty times in 3 different medium (irc, trac, and now email again). 3. Why is it you guys/gals decided to make this decisions to kill forum plan on your own, with no input to/from your base [0,1]. Do you not think you should ask the people most likely affected by you and others choice not to run a forum, even after _you_ and others were for a forum? Anyone is welcome to run their own forum. The core Tor staff aren't forum people and would rather use email or irc for community interaction. If the community wants a forum, run one by and for the community. 4. Are you really going to put your head in the sand and pretend everything is peachy? Man, if that's the case you guys/gals are surly moving further and further away from helping newbs in an efficient and useful manner. Trust me, I help newebs with Tor all the time. We all help new people with Tor all the time. Forums aren't efficient for us, email and irc are. 4a. If you don't trust me and many others that tell you newbs need more help, why not do (or request someone do) a study on the issue [2]? You cannot claim I have not point if you have no data. This has nothing to do with trust. We can spend our time coding and improving tor, or managing a forum. With limited resources, we have to make decisions as to where our attention is spent. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Browser Bundle 3.0alpha1 test builds
On Mon, 17 Jun 2013 00:33:07 -0700 Mike Perry mikepe...@torproject.org wrote: I would like to blog about these bundles tomorrow morning. Where can they go for that announcement? Leaving them on people is fine with me. I don't appear to have access to archive, nor do I have the infrastructure to set up and seed magnet links atm. Right, I wasn't saying you had to do it all, but these are directions we'd like to go in the near future. Should I just serve them out of people, and should Tor Browser Launcher use my people homedir instead of www? Sure. In the meantime, I've synced the mirrors to create this url, which should be up shortly: https://www.torproject.org/dist/torbrowser/3.0a1 I ended up removing this directory because we ran out of disk space on a few of the webservers. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Browser Bundle 3.0alpha1 test builds
On Mon, 17 Jun 2013 08:09:33 -0400 Andrew Lewman and...@torproject.is wrote: In the meantime, I've synced the mirrors to create this url, which should be up shortly: https://www.torproject.org/dist/torbrowser/3.0a1 I ended up removing this directory because we ran out of disk space on a few of the webservers. Apparently you had it up there long enough to get it into the sync, https://archive.torproject.org/tor-package-archive/torbrowser/3.0a1/ Probably should check that to make sure it's all there and not corrupted. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Third-party QAs
On Sun, 16 Jun 2013 15:03:13 +0200 Sebastian G. bastik.tor bastik@googlemail.com wrote: I'd like to raise concerns about third-party QAs and discuss them. We've had this discussion for the past year or so, see https://trac.torproject.org/projects/tor/ticket/5995 and https://trac.torproject.org/projects/tor/ticket/3592 If someone wants to start a business/project/movement to create an ideal site for all of this, we'll consider using it. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Plans about Askbot?
On Sun, 16 Jun 2013 15:04:08 +0200 Sebastian G. bastik.tor bastik@googlemail.com wrote: You had ask.TPO with Askbot already running and it is still running. All it seems to take is an active community that feeds it with questions and answers them. The askbot software needs work itself, and there's the enhancements we'd want to see for our own needs, such as: * Add a subsite feature: - a single login should allow to post on different subsites - a single user might have different credentials, karmas and badges in different subsites - allow to move questions between subsites (if allowed to do so) - subsites can be tied to one or more languages (see multilanguage) * Enable people to post and comment without having to provide an email address to create an account. * Fix the display issue in the Ajax search box renders it unusable with TBB and Tails. * Add multilanguage feature to: - allow users to change the language of the interface they see - allow to filter the content by the language of the questions * Add askbot to debian wheezy repos for easy installation It came down to the decision of spending money on fixing and modifying askbot and making a better tor. We chose the latter. If some community wants to improve askbot, we'll consider using it in the future. Right now, we have limited resources and had to choose between more tor or askbot. Again, we're always going to choose tor in these decisions. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Browser Bundle 3.0alpha1 test builds
On Sat, 15 Jun 2013 13:59:34 +0300 irregula...@riseup.net wrote: So since Vidalia is removed, there is no easy way for the average user to run a relay? Or you will still distribute packages with Vidalia for this exact reason? Vidalia isn't need to run a relay, it just gives it more eye candy. We have pre-configured bridge and relay bundles at https://www.torproject.org/download/download.html.en -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] (no subject)
This guy is annoying. He's been emailing any address at Tor he can find. I'm not responding to him any more. Basically, he's asking for money to keep our wiki clean. He's implied in the past that if we don't pay him, we'll be spammed ruthlessly. On Mon, 29 Apr 2013 11:13:14 +0400 torwiki torw...@tormail.org wrote: Hello. I am writing on behalf of the administration of the Tor Wiki project. It is a Wiki of a Tor network and the catalog of sites at the same time. We try to develop our project and to hold it as appropriate. We clean links from scammers and openly expose swindlers. But your help is necessary to us. We would like to conclude a partner agreement with you. We would like you to point a link or an advertizing banner to our site on a home page of a Tor browser. It will really help the users of a Tor network. Together we will be able to make a Tor network safer and more interesting. We are ready to listen to your conditions if you are ready to help us with development of a Tor network. Respectfully yours, the administration of the Tor Wiki project. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and BitCoin miner trojans - perfect pair
On Fri, 26 Apr 2013 15:15:52 -0400 David H. Lipman dlip...@verizon.net wrote: I wonder what OTHER malware I am missing that is using the Tor network to obfuscate the malicious activity. Replace Tor network with Internet and the statement is the same. Jerks use tools to be jerks. Good people use tools to be good people. Nothing to see here. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] CloudFlare
On Wed, 17 Apr 2013 23:59:45 -0400 grarpamp grarp...@gmail.com wrote: Noticed a recent surge of sites using CloudFlare. Actually, I've talked to cloudflare in the recent past. They don't block Tor per se, they rate limit connections/request per IP address. While I don't agree with this model, it seems consistent with how they treat Tor. I can connect to cloudflare sites by forcing circuits to exit through non-busy exit relays just fine. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor transparent proxy leaks?
On Mon, 01 Apr 2013 06:40:50 + James Russell jamesruss...@tormail.org wrote: After setting up my computer (Debian Squeeze 6.0) to transparently proxy all my traffic over tor, I decided to verify it by visiting check.torproject.org with chromium. Use tor browser or don't bother. Tor only supports TCP. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Browser Question - Not saving settings
On Mon, 25 Mar 2013 16:04:50 + adrelanos adrela...@riseup.net wrote: Guess the trademark holders never filed a complaint. As the trademark holder, it's a work in progress. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] VOIP over Tor
On Thu, 21 Mar 2013 18:08:39 +0200 Van Gegel torf...@ukr.net wrote: I found that this is a very old idea: https://lists.torproject.org/pipermail/tor-talk/2006-May/thread.html#13379 But why for 6 years no one is interested? Because most VOIP is UDP, and Tor doesn't support UDP. See https://lists.torproject.org/pipermail/tor-talk/2013-January/027183.html for current progress. Skype, Mumble, others work over TCP and therefore Tor just fine. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Torproject.org Being Censored in Canada
On Mon, 11 Mar 2013 14:41:19 -0400 Andrew Paolucci adpaolu...@gmail.com wrote: I made a disturbing discovery for me and my fellow Canucks today when I was sitting at a Tim Hortons(very popular coffee chain in Canada that provides free WiFi) enjoying my coffee while working on my laptop. Tim Horton's filters their wifi. Most coffee shops do. They subscribe, or use a 3rd party who subscribes, to commercial blocklists, like Websense, who classify torproject.org as a proxy avoidance site (why yes, yes we are and we're funded to do just that) as if the world will end when Tim Horton's can't stalk all their customers for datamining, malware protection, or safety--or whatever silly reason they have for censoring the Internet. About the only course of action is to complain to Tim Horton's every time. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Replace Tor directory authority with DHT?
On Sat, 02 Mar 2013 01:03:19 + adrelanos adrela...@riseup.net wrote: Has it been considered to replace the Tor directory authority with a Distributed Hash Table? See this thread, https://lists.torproject.org/pipermail/tor-talk/2013-January/027172.html -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Problem about Tor website
On Sat, 23 Feb 2013 19:03:17 +0900 Nam Su namfree...@gmail.com wrote: I know Tor http website redirects Https version website but http site couldn't open or slowly than Tor connection. Is it government's sensor? http://torproject.org redirects to https://www.torproject.org automatically on our webservers. If you cannot get to torproject.org, likely someone is censoring you. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Bugtracker registrationt buggy
On Sat, 23 Feb 2013 11:31:20 +0100 kwadronaut kwadronaut+...@chocovax.net wrote: I tried to sign up a week or 2 ago at the trac instance. It told me I would get some confirmation url by mail, but it never tried contacting my mailserver. According to the mail server logs, the message was sent successfully. So consider this a bugreport about the bugtracker, I'm a bit wary to actually report bugs there now. This is why we have an anonymous account, as listed on the main page. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Email provider for privacy-minded folk
On Tue, 19 Feb 2013 18:51:55 -0800 (PST) Mysterious Flyer mysteriousfl...@yahoo.com wrote: Yes, thank you. That is EXACTLY what I was looking for. I was thinking that the Tor Project ought to have a list of super-trusted hidden services, as well as a list of known violators. We're not going to become a directory of hidden services. I will delete any page which tries to become a hidden wiki. There are already 20+ hidden wikis out there, use one of them please. If someone wants to start a service like stopbadware.org or mywot.com for hidden services, more power to them. The Tor Project isn't going to do this. What the TorIPViolators page lists is public domains which try to trick users into thinking the domain/company/organization is associated with the Tor Project. A growing number of people around the world are getting really angry at us for their tormail, tor-browser-download, and similar experiences. We're receiving emails and phone calls from global law enforcement about tormail, specifically. They are surprised to learn tormail isn't run by the Tor Project. In the grand scheme, none of these domains have anything to do with us. From a trademark perspective, this is the definition of confusion in the marketplace. Unfortunately in US laws, if we don't address the confusion, we lose our trademark. And then it's open season on the Tor name. It's a totally stupid and crappy situation to be in, but alas here we are. Trademark lawyers tell us this is a sign of success. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB download mirror or p2p?
On Fri, 15 Feb 2013 10:36:37 +0100 David Balažic xerc...@gmail.com wrote: The TBB download https://www.torproject.org/dist/torbrowser/tor-browser-2.3.25-2_en-US.exe is quite slow, getting about 100KB/s (much faster line...). Is this a temporarily (over)load of the server? Did you happen to see which webserver you were connected to for the download? We have 5 webservers for www.torproject.org using DNS round-robin spread across Europe, Iceland, and the USA. Maybe you get one on the wrong continent from you. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tails 0.16: Why the fsck does Tails 0.16 use an ancient version of OpenSSL? And has it been crippled somehow?
Perhaps you want to get in touch with the tails team, https://tails.boum.org/support/index.en.html -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] are 1984.is good guys?
On Wed, 6 Feb 2013 14:36:10 +0100 Eugen Leitl eu...@leitl.org wrote: I take https://blog.torproject.org/category/tags/iceland as an official endorsement of 1984.is for freedom-minded hosting. Is that a correct interpretation? The Tor Project doesn't officially endorse anything. We use 1984.is for hosting some of our infrastructure. And they are made up of fine individuals willing to support us. We don't have, nor give out, official stamps of approval. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TOR Fone - p2p secure and anonymous VoIP tool
On Sun, 3 Feb 2013 12:47:51 -0500 Roger Dingledine a...@mit.edu wrote: I'll try to find some time to contact the person off-line and suggest changing the name to 'OnionFone' or something more generic. Please feel free to do so in parallel to me, since I know somebody here has much more free time than I do. :) I started a wiki page to list out these people, https://trac.torproject.org/projects/tor/wiki/LikelyTMViolators Hopefully this doesn't give them google seo juice. I have this list offline too. It's also been sent to our lawyers for review. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: inreasing MaxClientCircuitsPending useful?
On Fri, 01 Feb 2013 21:50:56 +0100 Quan q...@tormail.org wrote: 2) Bump the parameter value to whatever seems useful. I asked exactly this: which value should I use? And whether should I change it at all (because I do no understand from man page whether this would help me) My guess is, no one knows. Experiment and find out. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Directory Server Decentralization
On Wed, 30 Jan 2013 19:41:50 +0100 Sebastian G. bastik.tor bastik@googlemail.com wrote: How far along is the Directory Server decentralization in general? If you talk about DHT (distributed hash tables) to bootstrap rather than fetching the consensus from a central place or a mirror... I remember that it wasn't safe enough back at that time. I don't know if anyone is working on it. I believe the current state of privacy preserving distributed directories is still at Torsk, http://www-users.cs.umn.edu/~hopper/torsk-ccs.pdf See Hashing it out in public for reasons why DHTs and anonymity don't mix well, http://www-users.cs.umn.edu/~hopper/hashing_it_out.pdf PIR-Tor is another idea, not quite DHT, not quite the current model, http://www.usenix.org/events/sec11/tech/full_papers/Mittal.pdf -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torbrowser with tor 0.2.3.25
On Sat, 19 Jan 2013 13:39:01 -0500 (EST) benjaminlinc...@lavabit.com wrote: I noticed Tor Browser does not use the official stable release of tor. Does using Tor Browser's firefox with tor 0.2.3.25 hurt anonymity? Tor 0.2.3.25 is the official stable release of Tor. What version do you think is stable? -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Mosh safe with tor?
On Fri, 18 Jan 2013 13:40:14 +0100 Jerzy Łogiewa jerz...@interia.eu wrote: Hello! Does anyone know, is the Mosh shell safe for tor use? Any known leaking? It's UDP-based, so no. And it appears to be based upon one person's mods to AES. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Cupcake: browser extension for flash proxies
An administrative note, please don't cross-post lists. Choose one. Thanks. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Caught by mailing list filter?
On Fri, 28 Dec 2012 10:23:37 - anon3...@tormail.org wrote: This is strange. Message [1] is visible in the web archive but not one got a mail. In my inbox is what is on the archive. You don't receive your own messages by default. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Gmail and Tor
On Sun, 23 Dec 2012 22:10:04 + sophia.martin.2...@gmail.com wrote: Can somebody pleease direct me to where I can opt out of this constant emails that I am not even involved in. Please help I get around 4 emails per day. I just removed you manually. Cheers. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor versus freenet
On Mon, 17 Dec 2012 20:25:35 +0100 folkert folk...@vanheusden.com wrote: In short: can't we combine these two? Others have done it, so it can be done. Others have combined tor and tahoe-lafs as well. I'm not sure what you're asking. Are you throwing the idea out there to see if others agree and can help? Or do you have a working config somewhere? -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Make Wifi available through Tor?
On Sun, 16 Dec 2012 21:13:45 + t...@lists.grepular.com wrote: I wouldn't let my mother do her online banking over Tor without explaining to her exactly how it works, and making sure she understands what she is doing. Even if a bad exit node didn't SSL strip her connection, she could still find her online banking access frozen due to accessing it from IPs in unexpected countries. For one piece of data, I've been doing everything via tor for three years now. I have yet to have a problem. This includes banking and filing my taxes in the US. If I were to offer a free Torified WiFi hotspot, I'd feel obliged to put up a splash page explaining how it works, and force people to check a box to state they understand, before they are given access to browse anything else. I normally hate those sorts of splash pages, but in this case, I would make an exception. In past conversations with lawyers, if you throw up a splash screen and require the user to choose I agree/do not agree, this becomes a legal contract and you become liable as a service provider. It's better to leave it completely open, or maybe the captured portal is info only, and the user can read/ignore/bypass the portal with ease to continue browsing. Fine ideas, just the same. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] 'cached-descriptors' replaced with 'cached-microdescs'
On Wed, 12 Dec 2012 23:39:38 +0530 (IST) basmati kasaar bas...@indiatimes.com wrote: 'atlas.torproject.org' appears to contain very, very little useful informations and no informations on specific exit port availability per router. The full exit policy is on atlas, here's a current exit relay: https://atlas.torproject.org/#details/4E377F91D326552AAE818D5A17BC3EF79639C2CD In general, the current tbb package upgraded tor from 2.2 to 2.3. This is a major new version in the tor world. What you're seeing in current tbb with tor 2.3 is that microdescriptors are now live and stable. These were implemented to reduce tor's bandwidth usage. The specification and motivation are here, https://gitweb.torproject.org/torspec.git/blob/HEAD:/proposals/158-microdescriptors.txt Would it be so difficult to make available on torproject.org like was on serifos 6 yrs ago? http://web.archive.org/web/20060718235801/http://serifos.eecs.harvard.edu/cgi-bin/exit.pl Yes. It's a bad idea. If someone wants to run that script themselves, great. You'll also notice someone at harvard.edu ran it, not us. Creating single points of failure on which the world of tor users relies is bad for everyone all around. We already have this problem with check.torproject.org. We're working to replace check.torproject.org with a safe, local solution. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia Bundle (Tor, Polipo Vidalia)
On Thu, 6 Dec 2012 16:47:40 + Julian Yon jul...@yon.org.uk wrote: Sorry? Are you being deliberately obtuse? You can obtain Polipo for yourself. I even gave you the URL for the author's site to save you a Google search. Julian, there's no need for personal attacks. I understand he's upset, and we didn't do the best job of communicating the change. However, attacking him just sets his opinion that tor is full of jerks who don't want to help (and anyone who reads this in the future through the archives). -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] does tor browse bundle really work on UNIX, BSD, etc
tarb...@mixnym.net wrote: I downloaded the tbb again and I noticed there is only one version for Linux, UNIX and BSD. I thought these were all totally different operating systems. I just started with Ubuntu a few months ago so maybe I am wrong. Does the tbb really work everywhere or is the comment on that download dead wrong? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk TBB works in BSD with linux compat enabled. I tested this in freebsd9 recently. --- Andrew http://tpo.is/contact 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Trouble with signal newnym
On Tue, 20 Nov 2012 10:27:48 -0600 Landon Campbell campbelllan...@hotmail.com wrote: other messages logged, and the circuit is not changed. Is there anyone who could tell me what I'm doing wrong? From https://gitweb.torproject.org/torspec.git/blob/HEAD:/control-spec.txt#l375 The key phrase to highlight is so new application requests don't share any circuits with old ones. Are you requesting the same destinations as the previous circuit? -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] What's written to HD?
On Sun, 11 Nov 2012 20:19:56 + (GMT) Dan Hughes danhughes...@yahoo.co.uk wrote: Does browsing with TBB installed on the HD or a USB stick and downloading files (.PDFs, SM vids etc.;)) to a USB stick (but not opening online) result in the content of what's browsed or downloaded being written to the HD at all? No. TBB disables disk cache completely. What's written to disk is updated consensus and state files for Tor, temporary files for Vidalia controller authentication, and any manual changes you make to the modified firefox and torrc. We have an open task to figure out what's changing inside the OS and to confirm zero user content is written to disk at any time. See tickets https://trac.torproject.org/projects/tor/ticket/6845 and https://trac.torproject.org/projects/tor/ticket/6846 -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] where does Tor browser bundle cache the web page content and videos on linux?
On Tue, 23 Oct 2012 11:33:52 +0200 jiang song luolisongji...@gmail.com wrote: does anyone know where TBB cache its web content? In ram. Disk cache is disabled. see browser.cache.disk.enable;false in about:config. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] registration for youtube, gmail over Tor - fake voicemail / sms anyone?
On Tue, 16 Oct 2012 14:36:43 +0200 Mike Hearn he...@google.com wrote: We have a policy of phone verifying every signup via anonymizing proxies. If you signed up via Tor and didn't get asked to phone verify it means the list of exit nodes we're using isn't up to date, or there was a sync issue. Or you used an exit node that isn't in the list for some reason. We use this one: http://exitlist.torproject.org/exit-addresses I'm not sure what using a phone gets you for more verification. I helped a domestic violence survivor get an ATT GoPhone at the local Best Buy for $20. Paid in cash, no identity needed, prepaid service. They signed up for a google account via tor, used the phone for the one sms message and then donated the phone to a homeless shelter. I guess $20 is more than $1 for 1000 CAPTCHA breaks, but I guess that's because the survivor isn't criminal minded enough to steal/clone someone's phone for the sms message. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TB download improvement
On Tue, 16 Oct 2012 14:55:02 -0400 Greg Norcie g...@norcie.com wrote: 1.) Include small windows, apple, and tux logos on the download link on the main tor page... these could serve as a symbolic cue that it is a download link. We had these in the past and people didn't recognize their own OS or what they were. Those interviewed thought they were just odd icons. However, I'm open to trying again. Maybe we have a new userbase. 2.) Once on the download page, in the drop down list of languages that is defaulted to English include a US and UK flag. Include flags from representative countries in each language[1]. This is a common design pattern on sites being accesed by many people speaking many languages (eg: transit sites based in Europe) We had this in the past. The problem we ran into is people getting really angry, or thoroughly confused, at the flag not matching their language. You noted this in your footnote too. I don't have a good option for this. Suggestions, advice, and patches welcome. Making the language drop down larger can possibly help. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TB download improvement
On Tue, 16 Oct 2012 21:12:43 +0200 (CEST) Outlaw out...@omail.pro wrote: I was talking about descriptions outside torproject.org for non-english-speaking people. Imagine blog post that describes benefits of Tor and a link to page that starts downloading right away (or after few seconds). And compare it to the same thing but with a link to page that only leads to download by several (obscure) clicks. Ok. Our website is completely static files for scalability, to avoid a huge class of attacks, for simplicity of maintenance, and mirroring. Suggestions and patches welcome. Ok, I am not going to argue with you anyway, you`re the boss :) Pfft, all the more reason you should question me. ;) -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TB download improvement
On Sun, 14 Oct 2012 21:33:01 +0200 (CEST) Outlaw out...@omail.pro wrote: Hey there, Tor devs :) IMHO present torproject.org is very difficult for average internet user. For those who don`t know english well, it is almost impossible to find proper link. Hmm, the large purple and orange 'Download tor' button on the index page was missed? We spent three months testing website designs based on real user feedback and usability testing. The green box and purple download button were designed to catch your eye first, and testing proves it works. The testing included barely English-speaking users by design. I think it is the question of resources - to provide multilingual website up to date, which Tor team just doesn`t have. So I have two suggestions that require minimal effort: We had one, and it was mostly out of date and giving incorrect advice in many languages. See https://trac.torproject.org/projects/tor/ticket/6851 for the current discussion about re-enabling website translations. 1. Easy one. Make a static link like https://torproject.org/download/torbrowser-win-latest.exe; No. This is a bad idea because then everyone thinks they have the latest tor, all the time. When people ask for support, they explain they have the latest tor, when really their version is 3 years out of date. Our answer to this is a secure updater, codenamed thandy. See https://gitweb.torproject.org/thandy.git/blob/HEAD:/specs/thandy-spec.txt for the details. We just received some funding to implement this over the next year. 2. A bit harder. Make a page for each language and OS with script that starts downloading latest release: http://torproject.org/download/win/de; for example. Advantage of this method will be that you can provide some message, like version or other important stuff. We have this already. When you click the big download button on the homepage, you are sent to https://www.torproject.org/download/download-easy.html.en. There are language drop-downs for the 13 TBB translations. People like one big red button DOWNLOAD and nothing else, Consider Tor as a sophisticated as a formula 1 race car. Just because you have a drivers license and can drive a nice sedan on the street doesn't mean you can hop into a formula 1 car and even get out of the pit lane without killing yourself. People who don't want to read the warnings, and just want to download and run, are dangerous. They will de-anonymize themselves. At best, they disclose they wanted privacy, at worst, they get arrested, tortured, and killed while their family is blacklisted for life. We are working on improving the usability of Tor to help users make smart decisions. Research takes time and thought. The same process goes for the website. Our website is free software, with the repository located at https://svn.torproject.org/svn/website/trunk/. Feel free to submit patches of your ideas to improve the usability of the site. Thanks for the feedback. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TB download improvement
On Sun, 14 Oct 2012 21:53:32 +0100 Matt Joyce torad...@mttjocy.co.uk wrote: Agreed that having more accessibility to at least the key documents available in other languages would be a great addition however tor is an open source project and like all open source projects for anything to get done someone needs to volunteer the time and ability to do it. I believe this is included, or very soon to be, with every Tor browser bundle, https://www.torproject.org/docs/short-user-manual.html.en and translated accordingly. If you download the Mandarin TBB, you get the Mandarin short user manual, etc. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] trac user permission
On Mon, 15 Oct 2012 20:24:31 + adrelanos adrela...@riseup.net wrote: Subscribing is no longer possible. Technically, subscribing by email is no longer possible. Every ticket has an RSS feed. It's listed on the bottom under Download in other formats: -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Covert Browser By Stephan Hoffmann
On Mon, 08 Oct 2012 18:00:07 + SiNA Rabbani s...@redteam.io wrote: Has anyone checked this software out? http://itunes.apple.com/us/app/covert-browser/id477438328?mt=8 When I searched for ipad tor they came up first :/ Ahem. https://lists.torproject.org/pipermail/tor-talk/2012-September/025560.html Please stop cross-posting. Thanks! -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] install adobe flash player on TBB
On Thu, 4 Oct 2012 14:15:51 +0200 esolve esolve esolvepol...@gmail.com wrote: no, in some package, flash plugin is not enabled in TBB by default but in some packages, flash plugin is missing I'm just wondering how to install the flash plugin In all packages we create/provide, flash is disabled by default. Again, please detail the operating system, tbb version, and which packages have flash enabled by default. The flash plugin appearing or not is dependent upon adobe flash being installed in the operating system. If flash is installed in the operating system already, then you start tbb, it is possible to enable the flash plugin in tbb. If you enable flash in tbb, you may lose all of your anonymity, data, and your milk may be sour as a result of a rogue flash application exfiltrating all of your identity and data from your system over tor or not. If you don't understand these instructions, then don't try to use flash with tor. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor advice?
I'm treating this as trolling and summarily nuking the thread to avoid any more stupidity. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Windows Screenreader Users?
On Tue, 11 Sep 2012 05:55:30 -0700 Robert Ransom rransom.8...@gmail.com wrote: A blind user reported to tor-assistants that Vidalia does not work with JAWS. I later tested Vidalia with Windows Narrator, and it did not speak the labels or contents of any 'controls' within Vidalia either. Hmm, it used to work. Maybe we don't include the Qt accessibility stuff, or Qt dropped it in some 4.x release. Sadness. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Bugmenot.com / Cloudflare.com blocking Tor
On Fri, 24 Aug 2012 14:50:09 +0200 antispa...@sent.at wrote: When will this restriction go away? This restriction will disappear when your computer or mobile device is cleaned and no more harmful behavior is detected. Completing the challenge above proves you are a human and gives you temporary access. You can ask the website owner to permanently whitelist you. This comes and goes depending how many requests per time period occur from a particular exit relay. If some jerk runs an attack or crawler through a tor exit, cloudflare will respond with the captcha page automatically. It's really not much different than the Google, Bing, and other 'are you a human?' tests tor users occasionally encounter. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] http://torbrowser.sourceforge.net/
On Tue, 14 Aug 2012 22:09:03 +0200 Randolph D. rdohm...@gmail.com wrote: the domain exists for years, it has been acquired for the Qt update, see the given 2010 release with still firefox. From what I can tell, it didn't look like this since 2010. As there it TBB, Tor Browser Bundle, the TorBrowser should not affect this. It has been there for years, why should the domain be now a spot to look at? there could be a link to the changelog of the browser for the support of evidence of security, next to the features list. The Website is CC and so remixable, there is no need to use another template. Right. Tor Project's Tor Browser is a part of the Tor Browser Bundle. And let me be clear, so there is no confusion, we actively encourage people to take our source code (website, tor browser, etc) and use it, remix it, and try out new things. This is why we use CC-BY and BSD 3-Clause licenses. Personally, I don't particularly care if firefox, dooble, or some other new browser is the core of the Tor Project's Tor Browser. We (as Tor) want whatever solution is best for the users. Right now, we believe Firefox is the best solution. With your input and empirical results, we can change our minds. The disagreement isn't about copyright, it's about trademark. Copyrights and trademarks are two different things. Tor URL and Project has been linked. So there is nothing that is creating doubt, the opposite is to assume, that the high quality standard for this website is overtaken, it is a good template. I asked 10 people in the office we share if they were confused by the two websites (granted they are lawyers, accountants, and paralegals). And yes, they were confused. Adding the disclaimer, seen below, somewhere obvious on your pages would go along way to removing the confusion. “This product is produced independently from the Tor® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.” Thanks. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] http://torbrowser.sourceforge.net/
On Tue, 14 Aug 2012 20:38:13 +0200 Randolph D. rdohm...@gmail.com wrote: Hello there is preparation draft work done to get the vidalia Qt plugin out for the TorBrowser based on Dooble Web Browser 1.35 with lots of security improvments. Is there something to change on the drafted website? http://torbrowser.sourceforge.net/ Can the Tor Onion be shown in the First Feature Box? I refer to https://www.torproject.org/docs/trademark-faq.html.en. Calling it 'Tor Browser' is a bad idea. I appreciate the flattery with the imitation from the real torproject site, but get creative and come up with something that is your own--not a verbatim copy of the look and feel designed to confuse users. Rather than working on the html and a bunch of unknown plugins, spend more time working on the actual design[0], risks, and empirical evidence showing dooble in the tor browser is more anonymous than the current torbrowser with firefox. And no, a simple 's/firefox/dooble/' in that design doc doesn't count as real work. [0] https://www.torproject.org/projects/torbrowser/design/ -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor as ecommerce platform
On Thu, 9 Aug 2012 00:47:26 +0300 Maxim Kammerer m...@dee.su wrote: The “Tor users” page isn't presented as a promotional page, it is presented as a factual one. I also remember discussion on this list where I expressed doubt about some aspects listed there (military uses), and the overall claim was that the page is a good representation of the current userbase. The Tor users page is based on a number of people who have told us how they use Tor. They didn't want to be named, so the profiles are anonymous and aggregated. However, since you want named users willing to put themselves at risk, here they are https://people.torproject.org/~andrew/tor-user-stories/ These were initially public in 2008 and 2009 for a series of articles on the now defunct Knight Pulse blog. I ask again, because I want the answer to improve us: On Wed, Aug 8, 2012 at 8:09 PM, Andrew Lewman and...@torproject.is wrote: How would you have us promote Tor? -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor as ecommerce platform
On Wed, 8 Aug 2012 07:23:46 -0400 grarpamp grarp...@gmail.com wrote: Tor cannot accept known 'illegal' money, therefore acknowledgement is moot. About the best Tor could do is be able to accept anonymous donations in the first place. Then publish a bitcoin address for donations from anyone. Then surely some unaffiliated and helpful bird would send to SR the links to that address and to this thread. This is correct. We've refused donations and grants from organizations that were sketchy enough to be worried, not aligned with our goals, and/or one hop removed from something on the OFAC banned list[0]. On the other side, as a non-profit, we publish our donors and sponsors both on our sponsor page[1] and in our financial reports[2]. Not sure, but I think at one point Tor accepted bitcoin, but then recanted. We've never accepted bitcoin. We point bitcoin donators at other organizations, see https://www.torproject.org/donate/donate#bitcoin. The EFF accepted bitcoins and then removed it. We chose not to fight this battle[3]. [0] http://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/default.aspx [1] https://www.torproject.org/about/sponsors.html.en [2] https://www.torproject.org/about/financials.html.en [3] https://www.eff.org/deeplinks/2011/06/eff-and-bitcoin/ -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk