Re: [tor-talk] Request for Tor, king of anonymity graphic
On Sun, Nov 10, 2013 at 10:50 AM, Lazlo Westerhof he...@lazlo.me wrote: https://imgur.com/vYZSu6Q The used clipart crown is public domain. SVG version also exists. liked that one! + sunglasses (poc): http://imgur.com/1CqQJOu -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Gmail and Tor
On Mon, Dec 24, 2012 at 5:40 PM, grarpamp grarp...@gmail.com wrote: (...) https://ripe64.ripe.net/archives/video/25/ This link is embedded in flash, which some browsers don't do. Can you post your talks to youtube so people can get them with youtube-dl? Anti-flash warriors: https://ripe64.ripe.net/archive/video/Mike_Hearn%2C%E2%80%A9_Google-Abuse%E2%80%A9_at_Scale%E2%80%A9%E2%80%A9-20120416-142247.flv ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hard Google Recaptchas with Tor
On Sun, Sep 30, 2012 at 6:53 AM, grarpamp grarp...@gmail.com wrote: Anyone else notice that Google's 'Recaptcha' service serves up really hard images when you're coming via Tor? They're not even words, just random obscured letters. You can still solve it, but not anywhere near as easily. Expect to hit new image often till you do. And the audio version is completely useless (though both via tor or not). yep, noticed about a week ago. I failed several times and thought recaptcha stopped working over Tor. These are the new Tor-only captchas: http://i.imgur.com/pjZOu.jpg ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] wget - secure?
Just tested wget 1.12 with proxychains 3.1 and it does not leak DNS .^^ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Call for volunteers for UCL Usable Security, Privacy, and Tor study
Count me in. my skype: operationmindcrime88 non-activist (normal 21-year-old student from Argentina) By the way, I'm not as tor-savy as roger or any or you guys. I run a relay, saw defcon/c3 talks, etc but I will not be able to answer questions about the math behind crypto, or very hard stuff. Aside from that I think I'm ok and I'll be happy to help in anything I can On Wed, Feb 15, 2012 at 3:30 AM, Andrew Lewman and...@torproject.org wrote: I've started working with some students at University College London to help them figure out usable security, privacy, and tor. We need some volunteers willing to be interviewed via phone/skype/gchat by the students. Preferably, you self-identify as either an activist or a non-activist normal person who uses Tor at least monthly. Three people from each category (activist/non-activist) would be ideal. We will try to protect your privacy, but assume this first part of the study is not anonymous. If you're interested in helping out, please email me directly. I'm going to take the first three people that respond from each group. There will be a second part of the study where we'll look for a large amount of anonymous feedback at some point in the near future. Thanks! -- Andrew http://tpo.is/contact pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Help users in Iran reach the internet
On Fri, Feb 10, 2012 at 8:41 AM, Jacob Appelbaum ja...@appelbaum.net wrote: Here's the deal - we need people to run Tor bridges but a special kind of Tor bridge, one that does a kind of traffic camouflaging - we call it an obfuscated bridge. It's not easy to set up just yet because we were not ready to deploy this for everyone yet; it lacks a lot of analysis and it might even only last for a few days at the rate the arms race is progressing, if you could call it progress. I'm running a middle node, should I switch? Or my IP is already blocked by the Iranian filters? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor-blocking sites
On Wed, Feb 8, 2012 at 9:19 PM, Mr Dash Four mr.dash.f...@googlemail.com wrote: Nope. I am well aware of this and it isn't an issue which just popped yesterday or a week ago - it has been going on for months (scraping Google, that is). I am also aware that Scroogle has a limited (I think about 6-7) number of servers. What I meant with my initial post though is that Scroogle started blocking tor exit nodes recently - about a week or so ago. I know that, because I tried to access it at the same time (via different machines) and all requests which used Tor exit nodes were timing out (or giving me 502) - without exception, while the normal requests (using my own IP address) made at the same time passed through to Scroogle instantaneously! This cannot be a coincidence. Scroogle may give 403 because of mod-evasive. Still, that doesn't explain the times out. :\ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to make 100.000 bridge?
On Fri, Jan 13, 2012 at 2:50 PM, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote: (...) The Web world (including webmaster, blogger, general poweruser) is much wider than the *nix world and that kind of users already have their own paid systems. A webmaster would be able to setup on all his managed website the .php file working as stateless bridge, all wordpress user would be able to install it. I mean, the user base and the simplicity of the procedure to get engaged in supporting the tor network would be much more important if the only action that a person have to do is: - Load a .php file on a webroot or - Install a wordpress application This method would have to deal with PHP default maximum execution time (30 seconds) and Apache default timeout directive (300 seconds) which the non-sysadmin webmaster/blogger can't change. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google as default search engine revisited
On Thu, Jan 12, 2012 at 4:47 PM, Eitan Adler li...@eitanadler.com wrote: While Google does have less than ideal privacy practices they are largely mitigated by the other anonymity preserving measures taken in TBB. In fact the entire point of TBB is to prevent remote sites like Google from being able to determine anything useful from the data being sent. There are two other reasons to prefer Google over other search engines: - Google is better in many (most?) cases such that the majority of people prefer using Google - Every patch against Firefox is another thing to maintain. While it may seem simple, this has non-trivial cost. Every time Firefox changes you have to check each and every patch you have and potentially update it. I'm not saying that Google should remain the default search engine but that to switch there should be a specific threat to mitigate and switching should be the best solution to that threat. I agree with Eitan, google via Tor is not a threat to anonymity. Maybe to privacy, as Kammerer said, Google knows which results you click but doesn't know who clicked them. So privacy is decreased but anonymity is not threatened. But looking at this with a different angle. Google search performance over Tor is horrible. Google instant (a so called feature that makes a request with each letter you type and starts giving you results before you finished typing what you want to search) is quite annoying without using Tor. With Tor, is unusable. Run HttpFox or something and take a look at the number of requests when searching. That's why I like Scroogle, one request, one reply. Moving away from Google as default search engine will not only improve TBB's user experience but also will reduce a the number of connections out there, and that helps the network. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Google as default search engine revisited
On Thu, Jan 12, 2012 at 7:20 PM, Maxim Kammerer m...@dee.su wrote: Google can also potentially use its “suggest” feature (on which “instant” is based) to deanonymize users: http://en.wikipedia.org/wiki/Keystroke_dynamics. You raised a valid point. Although I have looked at the sent requests and they don't collect the necessary information for this attack, they could. And although a statistical attack applying keystroke dynamics with their billion monthly unique visitors is practically impossible, it is theoretically possible. This theoretical threat to anonymity should be enough to make TBB devs move away from Google (or at least remove google.com in NoScript's default whitelist) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor exit+proxy
On Sat, Jan 7, 2012 at 1:00 AM, Maxim Kammerer m...@dee.su wrote: Now imagine the idea Tor + open proxy gets promoted because the devs encourage that with a new option like Tor + your personal extra proxy chain... That wouldn't give Tor more credibility as it would be even harder to stop abuse form it. Don't see why a Tor user should care about Tor's credibility in this scenario. A few thoughts on this user--Tor--open_proxy--website chain. The main reason why very few people run exit nodes is because abuse complaints and raids. If for example a tor exit node exiting only on port 80, could relay all its traffic through an open proxy (or many open proxies), then the abuse complaints will go to the open proxy admin and not to the tor exit node admin. You would think that the open proxy admin will redirect the abuse complain to you, or give your IP to the feds. Maybe, but maybe not. Open proxys admins probably handle much more abuse complaints than tor exit node admins. They will probably ignore it. Some will not, but in the end the exit node admin will receive much more less complaints. This will not only help in recruiting new exit nodes but also making some middle switch to exit. With more exit nodes the bottleneck effect will decrease (at the expense of having a larger circuit) About anonymity, it will be the same. Its the privacy that will get reduced. (anonymity != privacy). Because, as hmoh said, there will be two servers who can log and tamper your cleartext traffic. They will not be able to tell who you are, only what are you doing. Anyway, if you are using plain HTTP you should already assume you are having zero privacy, using or not Tor. So its the same. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
On Mon, Oct 10, 2011 at 1:42 PM, Andre Risling andr...@fastmail.fm wrote: Here's how Google is a compliant slave. You still use Gmail?! http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html#ixzz1aMoq8l2i The secret Google order is dated Jan. 4 January 2011. Seriously? By then I'm sure his gmail account was already full of non-secret/non-important emails and pictures of trollfaces. His secret email address maybe doesn't even use DNS and Julian email him directly to j@203.113.128.15 or something like that. His secret data is probably in a box with a TrueCrypt hidden volume, hosted somewhere in Vietnam. Right now he's laughing at the feds. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hijacking Advertising to give a Tor Exit node economic sustainability?
On Sun, Aug 7, 2011 at 12:06 AM, Dave Jevans wrote: AnchorFree is doing Multi-millions of dollars of business doing targeted ads on a free proxy/vpn service. I don't see why this couldn't be done with Tor. Didn't know about AnchorFree. I don't know how can the advertisers distinguish between impressions/clicks from different users if they have the same IP. They have to trust that they are not one AnchorFree employee refreshing the page with a script that changes the user agent. In our case, it would be difficult for Tor to build that trust because it will depend on each exit node. Quick question: can middle nodes modify traffic? If thats the case we have a bigger problem. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] EFF Tor Challenge
On Thu, Jun 2, 2011 at 11:35 AM, Joseph Lorenzo Hall joeh...@gmail.com wrote: I hate to feed a troll, but many of us run relays that we monitor for badness... it's hard to tell from your curt messages what exactly your issue is or what your use case is. I'm certainly sure you're one of very few people that have alleged Tor is coy about security. Maybe if you laid your case out in more detail, with moderated rhetoric, we could engage on substance. best, Joe What is think he is trying to say is that if someone finds a security vulnerability in Tor/Vidalia (this has happened in the past) the attacker can easily have a list of all IPs running relays, and may compromise all their machines with his 0day. And also he mention that even if Tor is chrooted, the attacker can break out of the chroot jail. This is not as easy as it sounds. To break out of the chroot jail you need to escalate privileges first and how do you get root inside a chroot jail? ( Of course if Tor was not running as root) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] EFF Tor Challenge
By now you all probably know about the EFF Tor Challenge to increment the number of relays: https://www.eff.org/torchallenge I think its a great idea like most EFF's campaigns . You can see in their list that most people (including myself) choose to setup a middle node instead of an exit node, and that's the safest choice for setting up a relay in your home. I thought home PCs should run a middle node while servers from important organizations, universities and news agencies should ran an exit node. I have to say I felt a bit disappointed when I saw that the EFF was also running a middle node. I thought they would be running the openest exit node. I know that they are not encouraging people to run exit nodes. But if they do not setup an exit node, who will? I saw some comments on reddit about this. Does anyone else feels the same? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Torbutton problem
On Thu, Apr 21, 2011 at 5:05 PM, Zaher F. the_one_man...@hotmail.com wrote: yes this what i mean can u explain to me how u can do it??? is it the second one should be portable When you install them just choose two different directories. Make sure the user you will use to run them have privileges to modify the files inside the directories so they can update. Use firefox -profilemanager to create two profiles. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk