Re: [tor-talk] Directory Listing (Apache) Bug Found on torproject.org
Ha if you want to get a payout for exploit hunting, work for a security firm. Nobody else ever pays for exploit unless they are a 0 days. On Jun 24, 2013 9:25 PM, Andrew Lewman and...@torproject.is wrote: On Mon, 24 Jun 2013 23:57:01 +0500 Ali Hasan Ghauri alihasangha...@hotmail.com wrote: It is Directory Listing (Apache) . An attacker can see the files located in the directory and could potentially access files which disclose sensitive information . This is by design. The smarter attacker would just download the website source in svn, https://svn.torproject.org/svn/website/trunk/. Like any smart company, we have no sensitive files on our websites. Many websites pay bug bounty to researcher who report the bug yo them . Can you ? Thanks for the hint, but as these aren't bugs, nothing to report here. In the future, please don't cross lists. Pick one and stick with it. Thanks. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] The Google Browser, Sand boxing and Tor.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use chrome and tor together, though this is public browser. I use still use firefox always in private mode with tor when I need private. That being said Google chrome, has a Open Source engine Chromium which is Chrome with Pepper. And lastly V8 Javascript has been used in the past as a method to hook browsers to break obfuscations. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) iQEcBAEBAgAGBQJRnkJKAAoJEHJ6fv5JwWqho4IIAJbMttplUxbn+NW/k/C0QhHW WxhKVZkyT+2sNdgCtjVlirUPQYGXapKEjXLH2RrOQnh/xEsdv318GwB8B6FVRLgj 4/krdjAzTxBgba94xnxdcicph20dvxHUh72q8ZeiawrW5PBmVaQfVNdptXkZKje+ 0TV67UbUzqP920o0GjNnvU+rwuNQd7h006hIvGpqJMpNviZ58l1yMbBHjFQzzmX0 d3FaGZu3Qql32uBq/EAx3H6gv4lUAKBog43zTQVOFFu2V+2aI+OCQ+WYpTDM7Efh Kt8j1RNhtBshj8ej7zQ/bGrRxOuvemzarB59o2esJUcNzxDn+r4AyMVhRC8H1Ww= =9pPY -END PGP SIGNATURE- On Wed, May 22, 2013 at 11:22 AM, Andrew F andrewfriedman...@gmail.comwrote: Hi guys, Has anyone looked at the technical issues with using tor and the sandboxing feature of Chrome to isolate flash? I hunted around but have found nothing. I does appear that chrome is a free software but not open source. They call it proprietary but free software. Is the licensing the issue? Apparently they locked down the code with there terms of service. Thanks. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor forum hosted as a hidden service
I can deploy one, I don't like Forums due to they are easy to SQLi. But if the community needs one I can deploy one by today or tomorrow. On Wed, May 8, 2013 at 1:50 AM, Juan Garofalo juan@gmail.com wrote: At 08:50 AM 5/8/2013 +0400, you wrote: Seems like you'd just end up with a kind of chicken and egg problem. Hehe. Yes, you're right in a way. But consider this : downloading the browser bundle and visiting an onion site is something almost anybody can do. But configuring a hidden service for instance isn't as easy. So if people wanted to anonymously discuss more advanced topics regarding Tor, then a hidden service might make sense. Or perhaps I'm overly paranoid =P On Tue, May 07, 2013 at 09:59:55PM -0300, Juan Garofalo wrote: Is there such a thing? A place to ask technical questions about tor, inside the .onion network? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJRidmvAAoJEAXQWoW8lug/zkcH/0bElfX9SG41gJfiCUPzHIh/ 5nWwF0d+ajYzzlqL+Hev6KbAWtxFMeVduQOSur6S6HXQdbpvV8/Kscxd7mqCi/K3 EQAkXXiaSsHzCampSIM1p4jBzmIO34BwaV6VdhHqImrdDJkcxU69Wz/iInMYsTBo 6Vl6ZZUEEtHhI05UwHb1PfO/BNvO+3+oCMybGq4XhsagVdrtWejW9E1mbt0RWUTG +WjiAUPJjuokqljmiBycF0Du7v7IJisk0cCbw5GkzZVlD966coHOR9Vk36DkXJ79 MazzhexT9zigPZnaEUklcex+nv8/SHb0+cI+47OdxQJ6V+JIT0Nfj9dFKk+lwLI= =uAn0 -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Run pyobfsproxy standalone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What type of server?Systems details needed. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) iQEcBAEBAgAGBQJRiTQDAAoJEHJ6fv5JwWqhTBAH/3mwGm0NQFlO5W8o8cFR9NKO L/U1knFMUWgP1fRXx6bEYUkv9ZAMbcH0skzdWk+nr9ojij7oAY1rsUf33b/dUBmK K1dNtSAQKWzr1GAOnnciaqzItwQbqTKBUeMvpHhQmFddLBxQVjf0jU9ZH2pYAfIj vWIyQ6yFEm2+pWGdaJ/dkqlRlfpHsxqO+q+DMcvrOsrbULL2DuB/8WZkdms1UmyH r8glZiyhhtSXZ3TETYvJdqUGhGL8O9v5ResG2OxFadG0FosyLGO7ivJbN54Mg2HB Y7Dl/sE9+ctnTBDlT5HJ+QcfOLIhipMrdEsh3656+sYXMbA2CyvYOM3W6zatfU8= =PdBC -END PGP SIGNATURE- On Tue, May 7, 2013 at 12:58 PM, John Crick wisecr...@gmail.com wrote: I want to run pyobfsproxy standalone on my server to obfuscate ssh traffic. It works without --ext-cookie-file, but it'll also be visible to the supervisor. So I want --ext-cookie-file to be enabled, it works on the server side, but how to config it on the client side? In my opinion, ext-cookie-file is a 64 bytes random data, am I right? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Deterministic Builds - was: Bridge Communities?
So the PKI method that bitcoin uses is a sha256 encoding + sha1 decoding. The OR provides a PKI key (sha256) with hidden services, so the solution may be switches that run openCL or CUDA to authenticate the key to the node (parallel computing is still the fastest way to compute) . If the node key does not match the node could be isolated from the network. On Sun, Apr 14, 2013 at 12:46 AM, Gregory Maxwell gmaxw...@gmail.comwrote: On Sat, Apr 13, 2013 at 8:44 PM, adrelanos adrela...@riseup.net wrote: I assume you're the Gregory Disney who is also one builder of those Bitcoin deterministic builds? Since you're involved in Tor as well, I seems to me you could be a great help by providing some information about the Bitcoin build process. There is no Gregory Disney involved with Bitcoin as far as I know. Where are the instructions how I (or someone else) not involved in Bitcoin development can produce bit identical builds of Bitcoin to match the hash sums which are also distribiuted on sourceforge? If there are none, could you provide them please? They're included with the source: https://github.com/bitcoin/bitcoin/blob/master/doc/release-process.txt and https://github.com/bitcoin/bitcoin/tree/master/contrib/gitian-descriptors Can their system be applied for Tor as well or are there any differences? Yes. It may take a little jiggling to get the builds to actually be deterministic for any particular package, but they should be applicable to anything. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Cowardice and Hypocrisy
Leave shit talking to somewhere else not this mailing list, help the project progress or stop filling peoples emails with your rants. On Sun, Apr 14, 2013 at 7:12 PM, Alex M (Coyo) c...@darkdna.net wrote: Since I cannot reply to anonymous remailers, I will simply post my replies here. Also note how I am not a coward. My IP address is right there in the headers. Unlike you cowards, I really don't care if you block me. I'm forking your code and making all of you irrelevant anyway. https://www.youtube.com/watch?**v=O4Ccfpwc6bghttps://www.youtube.com/watch?v=O4Ccfpwc6bg Have fun with your lives. Bye. On 04/13/2013 05:52 PM, Anonymous wrote: I love you. You're doing exceptional work. Keep at it. But you made a complete fool of yourself on tor-talk. Seriously. Meh, I think I may be getting burned out. I no longer care how I appear to a bunch of deadbeat good-for-nothings. Tor is a huge honeypot, which means anyone who thinks they are hot shit for working on Tor is deluded. So I may appear a fool, but I am far from alone in my foolishness. On 04/13/2013 08:39 PM, Anonymous wrote: How'd you like a nice big cup of shut the fuck up? Think before you say stupid shit. Heh. Look at big man on campus. Why don't you come to my house and say it, asshole? __**_ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talkhttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Bridge Communities?
Let's not dread on things out of our control; IMO we should use these concerns to develop solutions then turn them into soultions that we can implement. Obviously we can't develop around assassinations nor state funded terrorism, but we can develop a solution for backdoors and information leaks. On Sat, Apr 13, 2013 at 10:15 PM, adrelanos adrela...@riseup.net wrote: Sebastian G. bastik.tor: (Fun part?) Not a fun part for me. It's sad that these concern have been raised by a troll (or someone who doesn't know how to behave). However, these concerns are valid, and from my perspective, I can't understand why they are easily dismissed. About assassinating (double ass) the (core?) Tor people I have read that you can hire assassins on hidden-services. Wouldn't it be ironic if one hires an assassin (or many of them) via hidden-services to take the lives or Tor people? They tend to pile up on something they call developers meeting (aka DevMeeting). It's kind of public when and where such a meetings will take place and who will attend to them. The US owns drones (and they love to use them), European states buy also drones so if someone gets accused for treason, which is probably Mr. Jacob Appelbaum because of his relation to wikileaks, while Tor is also a threat such a meeting would be a juicy target. With someone killed for treason or terrorism (or supporting it) the other dead bodies are just collateral damage. That doesn't scare me. It scares me. I'd never want that to happen. Me neither. If it doesn't look like an accident (in this case or any other) people will notice about them missing or being killed. I hope that people will fight murders. Tor might be dead, but people will be upset about the death of innocent people. Yes, people will be upset, too few to see things change. People tortured in Guantanamo, Bradley Manning, list goes on... go through things which are worse than death. What's more concerning is that they could back-door Tor, all it takes is to turn one developer around, let anyone know about the back-door and people will loose trust. Yes. That could kill Tor as well. Or people who could help will finally help pushing the deterministic build feature. Often a fail finally helps to make a change. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Bridge Communities?
I'm down to help with the rebuild. On Sat, Apr 13, 2013 at 12:39 AM, Alex M (Coyo) c...@darkdna.net wrote: On 04/12/2013 11:01 PM, adrelanos wrote: Griffin Boyce: There's really nothing keeping you from making a private bridge network. The documentation's all there. Indeed. One can even make its own (private) Tor network. It will require a considerable amount of learning, though. It would be interesting to see several competing Tor networks. May or may not happen in long term future, if Tor can attract much more users and relays. Alex probable won't be up for creating an alternative Tor network with that threat model. As soon as you host a relay or directory authority, it's difficult (impossible?) to stay anonymous, you move yourself into the target line by doing so. With the current Tor network model, this is apparent. I might fork the Tor codebase and redesign the network from the ground up, and see what I can come up with. Should be interesting. Even if Tor cannot be salvaged, working with the traditional 3rd generation onion routing paradigm should be educational and instructive. __**_ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talkhttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] secure and simple network time (hack)
It's related to Linux NTP and SRTP. On Fri, Apr 5, 2013 at 4:26 PM, intrigeri intrig...@boum.org wrote: Hi, Jacob Appelbaum wrote (19 Jul 2012 23:48:48 GMT) : intrigeri: So, Jake tells me that ChromeOS will use tlsdate by default, and that this should solve the fingerprinting issue. Therefore, I assume this implicitly answer the (half-rhetorical, I admit) question I asked in March, and I assume there is indeed some fingerprinting issue. So, in the following I'll assume it's relatively easy, for a close network adversary (say, my ISP) to detect that I'm using tlsdate. It isn't shipping yet, so we'll see what happens. I'm told ChromeOS ships it nowadays, so I'm excited at the idea to learn more about it, so that we can move forward a bit about the fingerprinting issue. I was not able to find any authoritative information about how they run it. Their time sources [1] design doc is quite clearly outdated. Where can I find up-to-date information on this topic? I assume one of the dozens of Chromius Git repositories [2], but which one? [1] http://www.chromium.org/developers/design-documents/time-sources [2] http://git.chromium.org/gitweb/ Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] NSA supercomputer
Just saying TOR was created by the Naval Research Laboratory a part of DARPA. Since it's inception they could index, spider and track the dark net. On Thu, Apr 4, 2013 at 1:08 PM, grarpamp grarp...@gmail.com wrote: Guys, if you are in trouble with NSA, or other US governmentals agency, you're screwed. Physically. Don't mind your electronical com'. Very good calibration sir :) And come to think of it, being in such trouble might not be so bad, you might find yourself with a lucrative job offer you can't refuse ;) Vacuuming under the floor tiles at a giant datacenter perhaps... ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] FlashProxy and HTTPS
TLS is a top layer cryptography obviously with jitters its exploitable, just like any other s box crypto. That's why it's generally deployed witg secore real time transfer protocol. On Mar 31, 2013 8:40 AM, Tom Ritter t...@ritter.vg wrote: On 31 March 2013 01:39, Gregory Disney gregory.dis...@owasp.org wrote: I suggest you review how PKI works, and what TLS and SSL mean. TLS has many uses, beyond those employed in standard Industry Deployments. If you'd prefer to register your dissent on this being a bad idea that's fine, but otherwise perhaps you can provide a little more feedback, or elaborate on what areas you believe are factually inaccurate? -tom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] FlashProxy and HTTPS
I suggest you review how PKI works, and what TLS and SSL mean. On Sat, Mar 30, 2013 at 9:23 PM, Tom Ritter t...@ritter.vg wrote: I finally watched the recent FlashProxy talk, and the bit about Not working on HTTPS intrigued me. I looked into it, and had two initial ideas. == Mixed Content. This isn't great, but it's something that might work for now. Chrome and FF do not block an HTTP iframe on an HTTPS site. Chrome26 displays a different icon, and logs to console. Chrome Canary (28) did the same FF9.0.2 allows and has no indication IE9 blocks So putting the badge on a page in an iframe could allow a webmaster to deploy it on a HTTPS site. That frame would be on a different domain, to get protections via Same Origin Policy == Root Cert. This one is more than a bit crazy, but I don't believe in discounting crazy out of hand. Basically, if you accept that the TLS connection provides *no security whatsoever*, that is - it does not provide authenticity, and therefore should not be assumed to provide confidentiality - but you want to use it as an opportunistic layer (hey maybe this will help, it can't hurt), or to enable it working on HTTPS sites, or as an anti-fingerprinting tool (now they have to look at the handshake/certificate instead of te traffic) it becomes acceptable. Create a FlashProxy Root Cert, with a critical NameConstraint extension. The Name Constraint would be something like . entire-internet.flashproxy.com. Because it's Name Constrained, and critical, no client will accept a cert for a domain like paypal.com chaining to your root. IIRC the only desktop client that does not support NameConstraints is Safari - BUT because it's critical, Safari will outright reject the certificate. Mobile Clients should behave the same way. A group of CA's and Browser vendors are working to document the veracity of those claims, but I'm pretty confident in them because they recently, to great consternation of the IETF, said we're going to allow non-critical NameConstraint extensions, because if we don't, we'd break Safari. So you've got the root cert. Folks who want to run FlashProxies install it in their browser or OS. (The NameConstraints give them confidence you're not going to, nor can you, mess with them.) Now when a client wants to have a FlashProxy connect to them, they talk to the facilitator or another facilitator like system, and they receive a Root-CA signed cert for 127.0.0.1.entire-internet.flashproxy.com (substitute 127.0.0.1 for the client's actual IP) that's valid for a short window, say 30 minutes. Now, when the FlashProxy connects to the client, they do so using wss:// and receive the FlashProxy Root-signed certificate, and the browser lets the SSL handshake succeed. There's a lot of downsides here: - NameConstraints are not rock-solid in the sense that we've taken them for long test drives, but no one's subjected them to 20 years of continual use. When the value of the system attacked is greater than the cost, the attack happens. What's the cost for an attack on Name Constraints? We don't know. - It requires the FlashProxy user to install a root cert (e.g. do more than just open a webpage) - The requirements for the client - facilitator communication channel go up: it must now be bi-directional and support up to 1K of data or so. - The signing of certificates would introduce a DOS channel. This can be mitigated in some sense by rejecting requests for an IP if you've signed a cert for that IP in the last validity_window / 2, and preventing the IPfrom being spoofed (free if done over TCP, difficult otherwise) -tom ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to obfuscate the Tor Browser activity from the Time/Size correlation attack?
Well Google is not the service to use if privacy is a concern, either way if your really concerned about obfuscating. Entrance node should be through a VPN, then route and relay. On Sat, Mar 23, 2013 at 4:51 PM, avarageanonym...@hushmail.com wrote: If my latest two questions were not meaningful I am asking as meaningful to the current TBB as I can: In a default TBB would the GISP(Google-owned Internet Service Provider) see the traffic coming to Entry Node as a mix of separate connections that are approximately the same size and time comparing to the direct GISP to Gmail connections? Maybe my example is bad as Google use https and the size would be somehow different but I hope you will get my point at large. To address my problem for the obfuscated mix of connections I should use the obfsproxy connection that is by design hiding all the real connections to the one(1) obfuscated so the GISP looking at the TBB to GISP connection would just see one constant connection (with all the real connections obfuscated and mixed into this one) of variable upload and download speeds (because the web application would help to make it variable by speed but constantly open connection)? Bless the Entry Guard. On 03/19/2013 at 10:45 PM, avarageanonym...@hushmail.com wrote: Thank you for all the help, there is some big research on this problem you have showed me. Let me clarify the attack I need to be defended: The user in California sends the E-Mail message from the web client provider, possibly 1Gmail to the 2Gmail address; all 3 Tor nodes in between were not compromised; Google's Internet Service Provider and Gmail were not tagging the traffic; only now as I stopped the writing and file sharing activity they are trying to retrospect and correlate my GISP account with the Gmail. NOW thanks to your replies I know that they could link it very easily because I have used my Gmail only in new Tor Browser instance and I have used it alone from other sites as I wanted to be safe from IP/Time/Size correlation. How stupid I was? My actual questions are: 1. You have introduced me to the https://blog.torproject.org/blog/one-cell-enough and On June 15th, 2012 some other Anonymous said: The Tor design doesn't try to protect against an attacker who can see or measure both traffic going into the Tor network and also traffic coming out of the Tor network. That's because if you can see both flows, some simple statistics let you decide whether they match up. Let the client download / upload random data from / to the relay with a speed at 10-50% (random speed that change frequently) at the download / upload speed. That is, if the download from the relay is with a current speed at 50 KB/sec, the client should download random nonsense data from the relay with a speed between 5 and 25 KB/sec. This result in a average speed at the random data at 30%, and that will not put a hard pressure on the network. Could this example exist as a partial solution in the form of the web application that I could run in the tab next to the Gmail and that would D/U random data making requests from and to the relay for some small or big files? Would in my threat model these still be partially correlated as requested Size (within the overall constant speed) would need to always be obfuscated by bigger Size responses than the real response Size? Other possible variant I see is that loading the full available bandwidth pipe of the Tor Nodes with (two) files would actually reduce the speed for the Gmail server watching and for the GISP it would be still bigger but would just be restricted to the Tor Nodes broadband ability and when the Gmail file is shared, the speed of D/U could jump up quick enough to not be correlate-able because GISP would constantly see the maximum bandwidth. Another variant is the continuous slowdown/speedup of all traffic by some mechanism in TBB or Nodes not by the D/U so it would save the network bandwidth but this is the most insane to propose. What variant is real to deal with or all are garbage? 2. If the web application from the second question could start to partially help the Size obfuscation problem except the GISP to Entry Node requests that are needed to be somehow shown to the GISP by the TBB to Entry Node connection (is it true?), could the requests of TBB potentially be served encrypted and delayed enough so that even so the Gmail server would see the “real” requests timing, the timing would be obfuscated for the GISP to Entry Node connection with a very little delay that would be synchronized with other very little delays that are continuously being sent to and from the Entry Node? These sub-second delays that would just not be the big problem to the Gmail user but all the GISP to Entry Node activity would be synchronized and optimized according to usage and behavior templates like Reading, Writing, File sharing.. for the GISP
[tor-talk] The Onion Server
Hey, I made a lightweight web server (less than 20mb) for hosting onion sites on Linux. Hopefully will be multi-platform within a few releases. https://sourceforge.net/projects/theonionserver/ -Greg ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk