Re: [tor-talk] Risk of selectively enabling JavaScript
You have to keep in mind it's a slippery slop of censoring the content of users that use the Tor network. If we were to add an option for filtering out Javascript what would stop a exit-node operator to decide he wants to filter out any webpages that have keywords in them that he finds distasteful. What I'm saying is by trying to make it safer for the users of the Tor network you are in turn making the network itself more vulnerable to censorship by making it easier for exit-node operators to censor traffic. I know it can still be done by the exit-node operator if they want to via a proxy with filtering policies, but why make it easier? Regards, Andrew Paolucci On 1/7/2014 09:47, Mark McCarron wrote: The idea of edge filtering ensures that clients are not exposed to exploits. It is a defense-in-depth strategy. It does not replace any client-side measure, it adds to it. When a stream leave an exist node to request a clearweb, non-encrypted page, there is an opportunity to strip potentially harmful aspects from the returned resource. This should be the default behavior. With requests to non-encrypted content there exists the ability to place additional values in the packet that indicate this should be disabled. Its not really difficult and not applicable to end-to-end tls connections. Regards, Mark McCarron Date: Tue, 7 Jan 2014 15:00:41 +0100 From: a.k...@gmx.de To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Risk of selectively enabling JavaScript On Tue, 07 Jan 2014 12:58:49 +, Mark McCarron wrote: ... The fact that TBB disables javascript is a testimony to how bad the javascript coders of Firefox are. Ex falso sequitur quodlibet. I think there is a solid argument for adding filters to the exit nodes that strip anything that could be used against a person and enforce default headers ,etc. Why should it? The default user uses TBB, i.e. the filtering (of the identical headers each TBB produces) can be done there as well. The exit node doesn't even know that a) a given stream is a HTTP connection, b) can't look at all into HTTPS, and c) has no way of knowing that the user in question has clicked the don't-filter-me-button. Andreas -- Totally trivial. Famous last words. From: Linus Torvalds torvalds@*.org Date: Fri, 22 Jan 2010 07:29:21 -0800 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Torproject.org Being Censored in Canada
Hello Gents, I made a disturbing discovery for me and my fellow Canucks today when I was sitting at a Tim Hortons(very popular coffee chain in Canada that provides free WiFi) enjoying my coffee while working on my laptop. When I went to venture to torproject.org to go lookup some documentation I encountered a invalid cert page from chrome, upon further investigation I found the cert that the server was providing was from a that provides IT services to said coffee chain. I also quick popped up nmap and did a quick traceroute and found the server not to be one of the ones regularly in the tor projects regular pool. At this point I am not sure how to proceed to see that this injustice is fixed. Below is a link to screenshots that I took and a export version of the bad cert. http://imgur.com/a/h3kXB https://dl.dropbox.com/u/3449800/badtor.cer Regards, -- Andrew Paolucci www.paolucci.ca W: +1 (647) 692-0632 M: +1 (416) 276-2021 F: +1 (905) 508-6141 S: adpaolucci ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Multiple interfaces on a bridge/relay
Hey guys, I have a Tor relay that I am going to be setting up soon for an organization I'm with and I have 3 problems I wanted to bring up to you gents/gals. 1. Should I have a VM for each interface I am going to have? If I don't need to how can I set this up to have bridges and relays? 2. I have 3 IPs that are separate from our main IP block and I wanted to make non-bridge relays, and up to 10 that are part of our main IP block that I was going to use for bridges. The problem is we are a Pirate political party and I'm not sure if those IPs in the main block would be blacklisted in countries like Iran/China because our website is on that IP block also. Should I put the nodes on my main IP block as relays and the ones separate as bridges? 3. For the VMs what should the specs(RAM/HDD) be? Thank you for your response(s)! Regards, -- Andrew Paolucci www.paolucci.ca W: +1 (647) 692-0632 M: +1 (416) 276-2021 F: +1 (905) 508-6141 S: adpaolucci ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] DDoS
This is not that type of mailing list, and you shouldn't solicit illegal software on a mailing list that is frequented by federal agents. I would suggest you look towards the almighty Google for your answers. On Mon, Feb 25, 2013 at 7:57 AM, Kamigawa kamig...@mail.ru wrote: Hi guys, I wonder where can I download that interesting flood software for DDoS that I saw in one of the videos about Anonymous Incident in 2010-2011. And btw how can I react rapidly if the HiveMind is going to attack some new targets? I mean, how to connect to the chat or whatever it is in order to know wtf is going on? Great thanks, Kamigawa ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Andrew Paolucci www.paolucci.ca W: +1 (647) 692-0632 M: +1 (416) 276-2021 F: +1 (905) 508-6141 S: adpaolucci ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Padding effective against simple passive end-to-end correlation attacks?
So what you're basically saying is that you are more secure and anonymous if you run your Tor connection as a always on relay and access the Tor network via that relay? On Saturday, January 26, 2013, adrelanos wrote: I'll make a simple example to demonstrate the point. Alice lives in country with few Tor users. Let's take Uganda as random example from the Tor metrics page. There are between ~40 and ~120 Tor users per day from that country. [1] Alice likes to read a local forum and she posts in her local dialect. Behavior A: Alice always starts Tor every day around the time of xx:xx:xx and checks a forum and posts. Behavior B: 1.) Open a Tor connection. 3.) Transfer some cover/dummy traffic. The longer the better? 4.) After some time check doing the stuff. (Ex: check mail, go on irc, post on forum) - Or at some random days, not doing any stuff, supposed to be hidden. 5.) Transfer more cover/dummy traffic. The longer the better? 6.) Close Tor connection. Adversary skills: - Forcing the country's ISP's to log when and for how long someone connects to the Tor network. - Surveillance of the local forum, watching the forum post time stamps. - The adversary compares the time stamp with the the public viewable time stamp of the forum post. - The adversary can watch the amount of encrypted traffic between Alice and the entry guard. Question: Isn't it significantly more difficult for the adversary to find out who is behind Alice's actions, when choosing Behavior B? It gets more difficult than just comparing time stamps? [1] https://metrics.torproject.org/users.html?graph=direct-usersstart=2012-10-28end=2013-01-26country=ugevents=off#direct-users ___ tor-talk mailing list tor-talk@lists.torproject.org javascript:; https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Andrew Paolucci www.paolucci.ca W: +1 (647) 692-0632 M: +1 (416) 276-2021 F: +1 (905) 508-6141 S: adpaolucci ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk