from:"Lodewijk andré de la porte"

Re: [tor-talk] Post Quantum Tor

2018-05-28 Thread Lodewijk andré de la porte

RSA/ECDSA are both screwed.

SPHINCS seems good.

Post quantum asymcrypt doesn't seem generally ready yet, but hashes work.

2018-05-26 9:04 GMT+02:00 Jacki M :

> Here is the parent trac ticket for PQ 
> https://trac.torproject.org/projects/tor/ticket/24985
> 
>
> > On May 25, 2018, at 10:39 PM, Kevin Burress 
> wrote:
> >
> > Hi,
> >
> > I was just wondering since the NSA has quantum computers that can break
> > ECDSA (As they have stated they could break bitcoin in an interview, and
> > telecomix unlocked Cameron's hard drive.) When is Tor going to be
> upgraded
> > to post quantum?
> >
> > Can we at least hack together an interleaving of RSA and ECDSA with some
> > secure number of rounds in the interim?
> > --
> > tor-talk mailing list - tor-talk@lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] evidence that Tor isn't amoral?

2015-07-12 Thread Lodewijk andré de la porte

2015-07-12 8:38 GMT+09:00 aka akademik...@googlemail.com:

  I don't believe that the majority of Tor traffic is amoral, but I


Hey, who said free speech isn't amoral? The point is that it's essential to
a functioning democracy.

Not to say we have functioning democracy, but walking backwards won't get
us to our destination.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fighting human trafficking (on Tor and elsewhere) with Python

2015-07-04 Thread Lodewijk andré de la porte

nothing interesting discussed. A voting system to ban content on a free
speech platform? Wonder how he got the words out of his mouth.

I also like Anonymity allows for illegal, immoral things like
buying/selling people - it started off pretty half assed, as anonymity
doesn't mean freedom, and finished a bit strange knowing human trafficking
is legally practiced (soccer players get bought/sold) and morality is fluid.

Jep, worthless
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

2015-04-26 Thread Lodewijk andré de la porte

So... nobody thinks using Tor might actually just make you stand out? I
mean, Tor might be quite broken and in that case you're just forwarding the
relevant stuff to the agencies.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

2015-04-25 Thread Lodewijk andré de la porte

And finding information which for some reason is blocked in KR. I've had
some very normal websites block out because they trip the automatic
blocking for no apparent reason! Perhaps a word that's forbidden in some
language's slang appears by accident in my language's pages.

And just trying not to be dragnetted at all times. It's important to
sometimes use Tor, just so that when you actually do (one day, for whatever
reason!) it doesn't seem suspicious :)




2015-04-25 1:26 GMT+09:00 t...@t-3.net:


 On 04/24/2015 06:46 PM, aka wrote:

  buying recreational drugs and watching censored adult
  porn (which honestly is 90% of Tor's current userbase anyway)

 Speak for yourself.

 (Because, right. Clearly it has proven technically feasible for you to
 survey Tor's users (and/or traffic) to
 determine everybody else's uses for Tor).



 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsubscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] CloudFlare fingerprinting

2015-02-28 Thread Lodewijk andré de la porte

Of course it's possible. It's way harder than just, you know, regular
tracking! Cloudflare probably has advanced tracking in order to determine
the likelihood of being spam. Cloudflare also gets headers and IP
addresses, in addition to having many access points already betray the user
a little bit. The NSA only has to make sure to listen to every Cloudflare
in and output, and they'll get a ton of decent info.

A similar argument goes for Google's Recaptcha. I really like the UI for
the new captcha-free-captcha, but I also know that profiling is the main
ingredient for it to work. I also dislike always being given a captcha
anyway, just because I run debian and have minimal anti-tracking. Welcome
to a world where privacy reduces features!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] CloudFlare fingerprinting

2015-02-28 Thread Lodewijk andré de la porte

2015-03-01 16:11 GMT+09:00 Lodewijk andré de la porte l...@odewijk.nl:

 Of course it's possible. It's way harder than just, you know, regular
 tracking! Cloudflare probably has advanced tracking in order to determine
 the likelihood of being spam. Cloudflare also gets headers and IP
 addresses, in addition to having many access points already betray the user
 a little bit. The NSA only has to make sure to listen to every Cloudflare
 in and output, and they'll get a ton of decent info.


Oh, I'm sorry, I didn't notice you meant this as tor-specific. That sure
makes it a more difficult question.  I think there is little information to
go on, given many users use a single Tor exit node, and if all goes well
that information should be inseparable. NoScript makes it much harder to
see what happens on-page, without noscript there's a lot more profiling
info (mouse movement, typing rates, scrolling, those sorts of habits). One
could investigate if cloudflare can use a tracking-cookie (or similar) to
combine visits from a single user, as that would give a lot more profiling
opportunities. I assume every request passes through cloudflare, not just
the first, so site-usage should give a much better profile than the initial
captcha.

Once you've found all the side-channels and their discerning datapoint
quantity you could calculate how often the users of a single tor node are
separable. The data is more complex, sadly, for a full observer, as there's
far more information to go on. A partial or near-full network observer can
combine timing attacks and the like with information gathered here.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] washingtonpost.com: In NSA-intercepted data, those not targeted far outnumber the foreigners who are

2014-07-06 Thread Lodewijk andré de la porte

2014-07-06 16:50 GMT+02:00 C B cb...@yahoo.com:

 All persons, foreigners and Americans have the same right to privacy,
 and it is a crime for the NSA to be collecting Internet traffic from
 everyone.


Thanks from The Netherlands
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Connecting to SQL through TOR

2014-03-03 Thread Lodewijk andré de la porte

2014-03-03 5:13 GMT+01:00 Peter Decker 94032...@gmx.com:

 [03.01 13:34:02] EXCEL.EXE (9376) *64 - o4nel857ejnetkzw.onion:6001 error
 : Could not connect through proxy 127.0.0.1:9150 - Proxy server cannot
 establish a connection with the target - TTL expired.


TTL expired - Time To Live expired. Looks like your client is too
impatient.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] How to test leaks on OSX?

2013-08-29 Thread Lodewijk andré de la porte

A firewall might well help you. Otherwise console output of made
connections might spill the bean.


2013/8/29 Jerzy Łogiewa jerz...@interia.eu

 Hello!

 I am on a Mac and now using the tor as a global (system) proxy for
 connections! I like to test this for leaks. How to do it on the Mac?

 --
 Jerzy Łogiewa -- jerz...@interia.eu

 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsusbscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] HTML5 video and Tor anonymity.

2013-05-17 Thread Lodewijk andré de la porte

2013/5/17 Griffin Boyce griffinbo...@gmail.com

  Flash isn't even as useful as current alternatives (webm video).
 You could make the case that Flash allows for amazing video games, but
 that seems like the perfect use-case for high-throughput/low-lag VPNs.


I don't want to extend a discussion about Flash too much. But with WebGL
HTML5 is up and beyond Flash in terms of potential for games.

There will always remain Flash dependent webpages. And I'm talking about
those build-completely-in-flash websites. I've even experienced a ton of
Korean websites that require you to install COM objects, activate ActiveX
in IE, require you to install some file from a .exe, or all of the above.

Just forget about it, it's not worth the effort. Users should complain and
reject too non-standard webpages so much that they'll stop being developed,
that's the only way to really fix this.

The easiest way now would be sandboxing and manually approving every
network request. The other ways are experimental, circumstantial and
exceedingly hard to program.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [info] Anonymous Publishing Is Dead.

2012-07-01 Thread Lodewijk andré de la porte

2012/7/1 Edward Thompson edward.thomp...@mailoo.org

 And if your threat model
 encompasses an organisation with vast resources, like the NSA for
 example, consider that they haven't yet managed to track down the guys
 running the Silk Road drug site (http://silkroadvb5piz3r.onion)... ;)


The Dutch secretest agency had several forums for extreme Islamics.
Honeypots. Do you know who runs Silk Road?
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Post Quantum Tor

Re: [tor-talk] evidence that Tor isn't amoral?

Re: [tor-talk] Fighting human trafficking (on Tor and elsewhere) with Python

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

Re: [tor-talk] CloudFlare fingerprinting

Re: [tor-talk] CloudFlare fingerprinting

Re: [tor-talk] washingtonpost.com: In NSA-intercepted data, those not targeted far outnumber the foreigners who are

Re: [tor-talk] Connecting to SQL through TOR

Re: [tor-talk] How to test leaks on OSX?

Re: [tor-talk] HTML5 video and Tor anonymity.

Re: [tor-talk] [info] Anonymous Publishing Is Dead.

12 matches

Site Navigation

Mail list logo

Footer information