Re: [tor-talk] Revolt Against Tor Over Rape Claims, Process, Board, Etc

[Zenaan Harkness]

ny - none of you (employees of Tor Inc) are held by us in
the Tor community as "normal" employees or "regular" folks - we have
been, are, and shall continue to hold you to a higher standard than we
hold "normal" capitalist 'pigs' to.

That also means you suffer a far greater disgrace, and far more
publicly, than most other normal people ever would suffer.

And this is simply how it is - it is not something you have any control
over. It is we, the Tor community, who choose how to hold our so called
and purported (even though self elected) "leaders".


You have no choice in the standard we hold you to.


You have no choice in the consequences in our minds and in our hearts
when you fall from the grace we previously assumed you to be in.


You have absolutely no choice in the long term default consequences in
our respective consciousnesses, each of us individually, of how we hold
each and every one of you in the face of your words, your actions, and
your non-actions.


And take good notice - it is perhaps most often your non-actions, which
demonstrate your tacit support for evils done, which have the greatest
consequences in our consciousness.


Meet our (!!) standard and you shall stand as heroes.


Fail to meet our standard and you and your purported principles shall
forever be "the ones who fell from grace, disgraced themselves and
disgraced the community, spitting on the very principles we all held to
be sacred and inviolable".


   Your time is close to running out.


Your sincerely,
With absolute, unequivocal, and unshakable conviction,
Zenaan Harkness,
Victoria, Australia

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Project Corporate Document FOI Request

[Zenaan Harkness]

On Thu, Jul 21, 2016 at 10:01:58AM -0400, z9wahqvh wrote:
> On Thu, Jul 21, 2016 at 9:46 AM, Zenaan Harkness <z...@freedbms.net> wrote:
> 
> > Nope, you can make an FOI request of anyone. You can make an FOIA
> > request of any government agency and they have certain statutory (the
> > "A"ct part of FOIA) obligation to respond in a certain way.
> >
> >
> >
> "I know a term has a generally accepted and even legal meaning, but I'm
> going to use it however I want and demand you use it that way too."
> 
> always a great way to start a dialogue.
> 
> the principles you express are all correct and I agree with them. why it
> helps to muddy the waters by using a term that means something specific to
> most people  that hear it is beyond me.

As follows:

1) The "tor community" as we consider ourselves collectively, are under
the umbrella of Tor Inc.

2) As said many times in the past, and loudly proclaimed on the tpo
website, both Tor Inc, and therefore the community that has arisen under
its aegis, consider certain principles as foundations of our community,
and as reasonable expectations (and frankly, stated intentions) to be
achieved - transparency, privacy, anonymity, trust etc.

3) The term "FOI" hints at this "duty" we project upon Tor Inc, it hints
at our community members' expectations that this particular request be
treated -not- as a flippant "oh by the way, can I get a copy of all
these documents", but a little more seriously, to treat the request as
sincere, genuine, in the interests of the community, and that likely a
lot of us onlookers ("community members") will in fact be treating the
response to this "FOI" request with this level of gravitas.


So, it was not only an entirely appropriate term to use in this request
that grarpamp made, matching what "we" consider a "duty" of a sort, upon
Tor Inc, pursuant to its position in this community, but gave a little
hint to those who actually care about this community, who care about the
fallout happening at the moment, and who care about the truth, to keep
our eyes open and perhaps, respectfully, do our bit to support this
community.

Why that cannot be considered eminently reasonable?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Project Corporate Document FOI Request

[Zenaan Harkness]

On Thu, Jul 21, 2016 at 08:03:49AM -0400, Allen wrote:
> >
> > One can request anything.
> 
> For starters, you can't legally request that someone assassinate the
> President, send you child pornography, provide you with weapons of mass
> destruction, etc.  So definitely not anything.

So definitely not anything, --legally--!

> And while you can make some requests, you can only make an FOI request
> of a government agency.

Nope, you can make an FOI request of anyone. You can make an FOIA
request of any government agency and they have certain statutory (the
"A"ct part of FOIA) obligation to respond in a certain way.

Tor Inc presents itself as a certain type of entity, via its website and
other forums of communication, the statements of its employees and also
the non-refuted statements of the users, volunteers and other supporters
of tor.

This generates certain expectations in the "members of the community",
which align with my comprehension of the terms "freedom", "information
about the entity Tor Inc" and "freedom of information".

How much those in control of Tor Inc release in response to grarpamp's
"FOI" request, beyond that which they statutorily release to the public
already, is a matter for them, their courtesy, their sense of proper
behaviour, their desire to meet the expectations of "the tor community",
their sense of duty to disclose to this community, their personal
principles, their need to manage the fallout from recent events, and
their willingness to demonstrate certain principles which we in the
community clearly expect, including transparency, honesty, and trust.

Let's be generous in our expectations of those directly inside Tor Inc
meeting this simple genuine and frank request, and at the same time
let's be cautious and publicly curious in respect of any "no" responses.

As always, let's assume good faith in general and keep our communication
as constructive as possible.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Recent news stories regarding Tor

[Zenaan Harkness]

On Thu, Jun 30, 2016 at 05:23:48PM -0700, Spencer wrote:
> Hi,
> 
> >
> >Zenaan Harkness:
> >tor-talk is about to be replaced with tor-users.
> >
> 
> Tor-users sounds like a usability list.
> 
> >
> >[criticism on] tor-talk is going away.
> >
> 
> What a shame.  With that goes much of the comic relief ):

You might try the cypherpunks@cpunks DOT org list.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor is anti-censorship software

[Zenaan Harkness]

On Thu, Jun 30, 2016 at 03:10:42PM -0400, Paul Syverson wrote:
> On Wed, Jun 29, 2016 at 11:54:04AM -0400, Mansour Moufid wrote:
> > The advertising doesn't correspond to reality, because it's false
> > and dishonest, not because the user is dumb.
> 
> Why do you imply the user is dumb? I certainly reject that
> characterization of users. I assume that, like myself, most users
> can't give an accurate description capturing every important property
> of most of the tools they use, microchips, automobiles, airplanes,
> etc.  That's not because they're dumb, but because nobody can, or
> indeed should try to, know all the important things about everything
> they rely on.

"Users are dum" in this context is not pejorative!

It means many tor users these days, because it is so easy to use,
are not able to take the language as it is currently used on the tpo
website, and subtract out what it does not mean.

To be more blunt, these "dum" users are reading a lot more into the
terminology --as it is currently used on the tpo website--, than they
should.

Average users who are competant to install TBB with a "yeah, I want some
anonymity" and a "great, protects us from traffic analysis" and a
whistle dixie.

Users should be reading such terms extremely conservatively, and with
many "caveats", and the tpo website does not help them to assume these
caveats, so these dum users make all sorts of assumptions based on
intuitive and --common-- understandings of the terms as currently used
on the tpo website.

That can, and should, be named as false marketing.


> What I think Tor does well (but could always do better)
> is get the gist of things across, and then (more than most other
> communities or organizations) provide the means for anyone who has the
> time, tools, and inclination to fruitfully probe as far as they wish.

TPO website needs to lower expectations.

Common understanding of terms used ("dum users") causes assumptions by
these dum users which do not match reality.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Recent news stories regarding Tor

[Zenaan Harkness]

On Thu, Jun 30, 2016 at 04:56:57AM +, cicada_3...@riseup.net wrote:
> On 2016-06-30 01:49, Mirimir wrote:
> >On 06/29/2016 01:14 PM, Allen wrote:
> >>>
> If it were up to me, I would vote at this point to ban grarpamp from
> this
> list for at least a month for keeping this topic alive.  While being
> a
> frequent contributor may have its privileges, the line has been
> crossed.
> >>>
> >>>So make your own ban list.  It's trivially easy to send anything from
> >>>grarp...@gmail.com straight to the trash can.
> >>>
> >>
> >>It would be even easier for me to unsubscribe from the tor-talk list,
> >>which
> >>I'm close to doing, and I'm sure a lot of people have already done
> >
> >Well hey, it's probably not going to be around for much longer, anyway.
> 
> 
> It is one thing understanding how conversations and ideas are shaped on
> mailing lists, and a different ballgame bringing censorship into the
> picture.

I agree. But Tor Inc, and the so-called "volunteers" who run this and
other mailing lists, are choosing to not provide an uncensored mailing
list.  That doesn't match my prior expectation, but this is the reality.

tor-talk is about to be replaced with tor-users.

tor-users will be "lightly" censored".

tor-talk is going away.

One of grarpamp's links points to the tar trac ticket which explains all
this. The new tor-users list will be advertised to this list.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Reminder to stay on-topic

[Zenaan Harkness]

On Thu, Jun 23, 2016 at 11:37:08PM -0400, Griffin Boyce wrote:
>   I've been fairly surprised that the response has been almost entirely
> positive.  The 45-post thread on cypherpunks where Zenaan Harkness called me
> a "fake man" (classy) notwithstanding.

Taking out of context an "expressed suspicion" as a fact of name calling,
won't do you any favours.


>   And is Zenaan banned?  No.  Is grarpamp or most of the other people who
> posted in support of Jacob Appelbaum banned?  No.  And is Jacob Appelbaum
> himself on the ban list?  No.  So please let us dispense with the idea that
> the handful of people banned from this list are being persecuted for their
> beliefs.
> 
>   There are thousands of people on this mailing list who receive *every*
> message -- this is not a forum where off-topic posts can be deleted before
> being seen.  And quite frankly, three weeks of unbridled posting seems like
> plenty to me.

"We gave you enough rope to hang yourself, and those who went slightly
overboard by my personal definition (at least until next week or
whenever I change the rules again) are now banned, without even a single
individual warning/ request to keep on topic, being given to said
individuals.

Classy. List administration at its best there Boyce. Not.

"Arbitrary justice", which you might like to inform yourself regarding,
is where "the rules" are not known in advance, and no concession is made
to those who break the rules, WHEN THEY DON'T KNOW THOSE RULES.

Your choice to allow "three weeks of unbridled posting" created in many
of our minds, a rule which we all thought we were following - ja.talk
kept reposting media crap, we had a right to respond (or so we thought).

Your executive choice to ban certain individuals who "broke" your rule
(because they went three weeks and ONE EXTRA DAY (let's say)), when you
NEVER STATED to us your rule about "three weeks is OK, but three weeks
+ one day and THEN you will be banned with no right to recourse nor even
any right to request me personally to change my mind" is EXTREMELY
arbitrary.

You have told us by your actions as well as your words (besides a few
other things about yourself) that you WILL exercise arbitrary power
over real humans attempting to communicate their truth, their soul,
their pain, their attempts to find resultion on at least one of the
normally -most- challenging and difficult conversations we Westerners
have to confront, rape.

Aren't you a bloody hero now?!!

Three claps for Boyce, dispensing justice and facilitating community.

Clap, clap, clap.


>   Tor is a software project, not a telenovela.  Please keep posts
> on-topic in the future.

"And those who broke my rule in the past, are now kill filed by me, and
even if you genuinely want to join and participate and abide by my
rules, well who gives a flying f*** about you, this is MY list, and I AM
the administrator, and I SET THE RULES!"

Three cheers for Boyce, bringing real empathy and humanity to the Tor
project, making the world a better place, cleaning up unsavoury posters.

"Boyce, doing the Right Thing (cause he said so)."


> There are endless opportunities to express an opinion
> online, and everyone is free to seek them out.

Of course. As I too have said.

And we are now clear on your choice to exercise your predatorial right
to arbitrary exercise of power. Fascism in action.

How very American (hat tip to Juan)...

Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Day of Action: Is the FBI targeting YOU??

[Zenaan Harkness]

On Thu, Jun 23, 2016 at 01:49:44PM -0500, Joe Btfsplk wrote:
> On 6/21/2016 11:58 AM, Kate Krauss wrote:
> >Greetings, Tor Talkers!
> >
> >The US Department of Justice is trying to institute new rules that would
> >let the FBI hack computers that use Tor and other
> >privacy-protecting technologies--all over the world.
...
> >Spread the word! Forward this email! Tweet out the news! Protect the
> >right to privacy!
> >
> >Cheers,
> >
> >Katie
> >@TorProject
>
> If we sign this, will black sedans w/ dark windows park outside our homes?
> Will records of our bank accounts or financial holdings suddenly disappear?
> :) 8-(

At the point where the fear and oppression is such that we as
individuals are afraid to even put our name to a demand for our rights,
tyranny has well and truly begun, and the imperative to do something
about it is that much greater.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Reminder to stay on-topic

[Zenaan Harkness]

On Thu, Jun 23, 2016 at 04:14:02PM -, Ben wrote:
> > Rules or policies should be enforced equally in an unbiased way. Even 
> > moderated forums allow certain "unpermitted" discussions while deleting 
> > / closing others immediately.

+100

And, any individual to be banned, when their posts are not outright in
violation of law or list policy, MUST be given at least ONE chance to
agree to "stop posting offtopic".

Surely?

How can doing what was done, with no warning other than the general/
public "Careful now, we're discussing whether to start a new moderated
mailing list!" statement.

Seriously? This was an appropriate warning to all those who got banned?

And do those wielding this authority seriously think this will be
conducive to empathy with the tor-project, to a sense of "community" on
tor-talk list etc???


> As much as I (and presumably everyone else) was getting sick of updates
> on the topic coming into my inbox, there's definitely an argument, given
> the position Jacob held, that it is/was at the very least Tor Project
> related - so tangentially on topic, And as noted, there are plenty of
> other discussions in the past that have wandered far, far off course.

ACK!

> But, for my 2 cents, it's some of the bans I have an issue with. Even if
> we agree that the stuff related to Jacob was off-topic, for me
> personally, it still doesn't sit right.
> 
> ja.talk was spamming the list with reposts - sure, chuck them a ban.

Even then I'd suggest at the least, ONE warning and therefore ONE
opportunity for the poster to comply with the demand thereafter.


> But some of those responding (described as "ludicrous rape
> apologetics" nice, classy) were responding to say they felt the
> evidence doesn't weigh up. It's an emotive topic for many, so of course
> people are going to respond to repeated posts that colour someone elses
> character - especially early on when the evidence was best described as
> anecdotal and flimsy, and particularly if they happen to know the guy
> and believe (for whatever reason) that the allegations are false.
>
> Put it another way, regardless of forum, if you saw someone you knew
> being (to your mind) libelled and labelled a rapist, would you sit back
> or would you respond? IMO a warning would have sufficed - assuming there
> isn't other stuff that's happened in the background

When someone brings their heart to a conversation, in this example:
 - a woman
 - who knew intimately the accused
 - who says she found it difficult to stop crying at the allegations
   that kept pouring out from ja.talk postings
 - who spoke from her own experiences
 - who is an actual rape victim
 - who demonstrated a level of inner strength and courage to speak up
   in the face of an avalanche of public opinion (a literal lynch mob,
   whether founded on true facts or not)

And is treated in response with:
 - not even a SINGLE warning or request re her own posts
 - an accusation that she is a rape apologist
 - no right of reply/ response to the ban (the tor-talk list
   administrator personally kill-filed her)
 - no "thanks for your courage and empathy, but this is just too
   offtopic for tor-talk"

WTF?

She was raped ffs, and she brought genuineness, her own reality/ soul/
truth, and Tor treats her this way?! 

Are the administrators out of their firetrucking minds?

Seriously, this is really, really messed up.

Except that somehow this tor-talk "community" clean itself up, or I'm
out of here - at the moment, your record is shameful, and damn, it
speaks for itself!


> At the end of the day though it's the Tor Project's call. I'm not going
> to miss the JA related threads, though I may miss some of the input of
> some of those who've been banned.

When a Juan brings his brash words, at least he has the heart to shout
out!

When Cecilia brings her words, at least she brought her courage to speak
out!

When Alex spoke out in support of Cecilia, and bared his soul, at least
he had the guts to speak his truth!


The rest of us?

Must of us? Fucking corwards!


Folks can create and run and administrate and moderate as many private,
semi public, and "public" private clubs as they do, with whatever rules
they choose.

Take notice, how you treat those who bring their hearts and bare their
souls, determines the so-called "community" you are creating by your
actions.

It is good to have technical forums, where non-technical discussions are
off topic.

But my expectation that Tor Inc was a direct supporter of freedom of
speech, open communication, whistleblowers, tolerance, "community" etc,
is dashed in the face of not even one list supported by Tor Inc, where
those who feel the need to speak their piece, can do so.

Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Design of next-generation Tor systems

[Zenaan Harkness]

FYI

- Forwarded message from carlo von lynX <l...@time.to.get.psyced.org> -
On Wed, Jun 22, 2016 at 10:05:27PM +1000, Zenaan Harkness wrote:
> Great discussion, great questions, fascinating to read!

Thx

> If building a new physical layer network (neighbour to neighbour), which
> layer would be recommended - ethernet or UDP?

Performancewise it hardly makes a difference if you have a bit
of IP on top. I would guess TCP/IP buys you more flexibility.

> Would the gnunet/Tor type network layers/ protocols, be built always in
> UDP, or is this a silly question? (Sorry, I don't exactly know what I'm
> asking about properly...)

To defy censorship all the systems use TLS to be harder to
distinguish from HTTPS. You can avoid that whenever you're
no longer running over the broken Internet. In that case
you can use UDP or even bake up a new wire protocol. For
Tor it makes no sense, as it depends on the old Internet.
gnunet already supports UDP as one possible transport.

UDP isn't as bad as its reputation. I've been using it for
cross-server notification for years. But when people start
having NATted and firewalled networks, it all starts looking
ugly.

Feel free to publish if you think this is useful. I would
assume many already know what I just wrote.

-- 
  E-mail is public! Talk to me in private using encryption:
 http://loupsycedyglgamf.onion/LynX/
  irc://loupsycedyglgamf.onion:67/lynX
 https://psyced.org:34443/LynX/
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Question for those who say "Tor is pwned"

[Zenaan Harkness]

On Mon, Jun 20, 2016 at 07:12:31PM -0700, Ted Smith wrote:
> Paul, it pains me to see someone, who has contributed so much to
> humanity through a long and celebrated career as a scientist, feel the
> need to engage with what is at worst an agent of some oppressive
> government hoping to scare people off Tor, and at best a hostile crank.
> As a counterpoint, I'd like to thank you for everything you've
> contributed,

I ack your thanks to Paul, and concern for him, and for the tor
"community".

I don't share your aspersions - certain styles of communication, though
brash, may be just what's needed by an individual who actually needs tor
for something, but is a bit too sleepy to realise they need to up their
personal opsec game.

Again, Paul thank you for the time you spent responding here. Really
appreciated.


> and beg the Tor Project to take better care of its public
> channels of discourse. Things weren't always this way, and regardless of
> the motivations of those involved, this behavior is an attack that needs
> to be defended against. 

In situations where great personal angst/ emotional pain are experienced
by one or more individuals, I think we need to show a little tolerance to
the need for the members of a community to talk through their
conversation, to engage with one another - and yes, sometimes this will be
rough and or very distracting to say developement and helping users.

What's happened in recent weeks is about as big as it gets. And is also by
nature pretty rare. I am personally confident that the list will settle
down again soon enough.

If we really want to separate public discussions and offtopic but
hopefully related matters, or to "control" these, the question arises: Is
the Tor project willing to host a genuinely "off topic and unmoderated
(barring statute law in jurisdiction of origin) with firm intention to be
at least in some way related to Tor" type mailing list?

If not, we need to know so that we who want such a thing can have it. For
example I subscribed to tor-talk in the understanding that it is
unmoderated. I would personally like to know if the Tor project find this
list (or perhaps another with a slightly better name to remind people it
is unmoderated and separate it from end user support requests) untenable.

Many individuals seek community, yet some of course have different ideas
of what that means.

And what humans need or find useful is another matter.

Thanks for listening,
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Food for thought

[Zenaan Harkness]

On Mon, Jun 20, 2016 at 09:31:12PM -0300, juan wrote:
> On Tue, 21 Jun 2016 10:12:51 +1000
> Zenaan Harkness <z...@freedbms.net> wrote:
> 
> 
> > Those who remain there and genuinely thought/ think they were "for the
> > cause" prolly have some serious soul searching to do on an
> > organisational humans level.
> 
>   I wish, but I'm not holding my breath. Just look at the latest
>   message from dear roger dingledine...
> 
> 
>   "Also, yes, this mailing list has gotten out of control - I
>   think we should soon find the time anyway to proceed to the
>   "clean up our lists" plan." 
> 
>   priceless!!!

Oh go on, he probably means "dive in publicly and make some formal
clarifications, demonstrating respect and understanding for the problems
that the Tor project employees may have caused and how we will do better
next time".

Juan - so quick to judge :)

Admittedly, the context of "control" doesn't sound overly promising...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Food for thought

[Zenaan Harkness]

On Mon, Jun 20, 2016 at 05:07:30PM -0300, juan wrote:
> On Mon, 20 Jun 2016 14:00:25 -0600
> Mirimir  wrote:
> > Do you actually understand Tor's design?
>   Yes. Do you? 
>   And do you understand why the US military created tor? 
> > >> For links, check out /r/Tor.
> > > So far I found this :
> > > https://assets.documentcloud.org/documents/2858268/Appelbaum- 
> > > Wurde-Im-Jahr-2015-Ausgesetzt.txt
> > Also https://cryptome.org/2016/06/tor-appelbaum-separation.pdf
>   Thanks.

Juan, your endless poignant notes of caution re the tor project and those
who run it, now has another mighty arrow in -that- bow :)

Those who remain there and genuinely thought/ think they were "for the
cause" prolly have some serious soul searching to do on an organisational
humans level.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] "But he does good work." *Appelbaum*

[Zenaan Harkness]

On Mon, Jun 20, 2016 at 02:19:59PM +, Tempest wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
> 
> thomas.hluch...@netcologne.de:
> > You have. You might consider that intelligent services have large
> > amounts of resources. If this is a planned attack from a group of
> > interested people, they are able to do so.
> 
> so they are all government agents/assets then in a grand conspiracy
> against one person?

"all"?!! Please!

Classic dichotomy thinking! "It must be saintliness or abject evil."

Can someone be human, make mistakes yet be constructive in this world,
attempt to crack open some mind prisons for individuals here and there,
and sometimes succeed, sometimes not reach own standards? Have personal
things to handle, learn, improve on?

Is a human who does make a mistake entitled to speak to it, or to remain
silent, or to have a space where genuine communication with aggrieved one
can occur?

Did you read "The Weaponising Of Social Part 2: Stomping On IOError’s
Grave"? If not, perhaps go and read it now...


> > Wrong. We have a legal system and a generic rule: someone has to be
> > assumed not guilty until the opposite is proofed.
> 
> that rule only applies in a court of law.

You apply the rules you choose to apply, in your own mind!

Most of us are mostly in self imposed mind prisons, self censoring,
endlessly bound in dichotomies, failing to bring empathy (a common
Westerner failing these days), failing to bring nuance to our
conversation, just leaping on a black or white lynch mob train.

We HAVE to do better.


> if you steal from me and are never taken to court, it's not a violation
> of "due process" if i call you a thief,

If you have facts proving the theft, then I agree with you.

If you only have a feeling, or assumption, or "well he's the most likely
one", then YES, that IS a violation of due process, due care to one
another, due consideration of the types of conversations and society/
community we want to live in, to create by our conversations for our
children to live in.

If you can't live the law, the law is not real for you. If it's not worth
living, then it is not true/ natural law.


> nor is it defamation.

You are binding yourself/ your conversation to an unnecessarily extreme
legal think.

How do you --want-- to live? Who do you want to be? How would you want
people to think/ consider/ treat you in conversation in such
circumstances, or are we really wasting our time trying to wear another's
boots?

The law should only be a backup for when people -fail- to live the law in
their interactions - "the law" that goes beyond this is mostly artificial,
against our interests, against common sense, and destructive of community.

Please, let's try to lift the conversation. Now is the moment. Now is YOUR
opportunity to live a higher ethic (by your own standard, not mine) - live
the highest you are capable of and it WILL make for a better world.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Debian Developer, removed since 2016-06-18 *Appelbaum*

[Zenaan Harkness]

On Mon, Jun 20, 2016 at 01:36:54PM +0300, ja.talk wrote:
> https://nm.debian.org/public/person/error
> 
> Jacob Appelbaum
> 
> Account name
> error
> 
> OpenPGP fingerprint
> 043E 0E69 DD56 BA59 5905  8756 90BC 9192 B062 91B2
> 
> Status
> Debian Developer, removed since 2016-06-18


Debian is not, and never has been, about justice.

Debian developer voting base has public foundations which fail to have any
separation of powers - just a single public "community" executive/ power of
authority, with no formal nor rigorous nor easy to identify appeal/ right
of reply/response process.

Debian is not about human rights.

Debian is not about justice.

Without foundations of human rights and justice, Debian fails
fundamentally to provide an effective --long term-- foundation for
effective community.

Debian is about their operating system/ software distribution and
packaging, and the whims of the developers who are the only ones who get
to vote on anything.

See Debian's Social Contract, which is all about (free libre) software,
its utility and benefits, and even their "3. We will not hide problems"
clause is purely utilitarian and software based, and has nothing to do
about humans, rights, justice nor ethics! :
https://www.debian.org/social_contract

and Debian's Code of Conduct :
https://www.debian.org/code_of_conduct


Debian fails to have any of:
   -  due process
   -  separation of powers
   -  right to respond
   -  right to appeal
   -  ethical foundation
   -  principled foundation other than utility

And before you leap in with an excessively quick "oh, you can respond,
just send an email" - take notice, if it is not written into the
foundation rights, there is no such right in operation in Debian!

So take your false beliefs and read Debian's foundation documents again
before embarrassing yourself publicly.


---
Fundamentally, with only a "be excellent to each other" hippy ethos,
tyranny can (and I say in the long term shall) reign supreme; despots can
hide, well intentioned idiots can pave abundant roads to hell, and all
without realising their mistakes nor the years of damage to their hailed
"community", since that damage is predominantly unseen.

Debian is no friend to ethics nor justice nor fundamental community
building principles - nothing more than the grandiose principle of
"Utility"!




Yes, "free libre software" is indeed more useful than proprietary closed
source software. You heard it here first.



Debian? An excellent operating system for a certain category of
individual. Just don't expect your idea of community to remotely prevail
within the "Debian" project.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] "But he does good work." *Appelbaum*

[Zenaan Harkness]

> Indeed, Jake's dementi is consistent with many of the allegations.

dict dementi does not turn up a definition - ??
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fw: FOAD argentina scum

[Zenaan Harkness]

Hey hey, you've hit the big time! Amazing that anyone could even begin to
think that such eloquent discourse with yourself would have any outcome
approximating their own idea of "utility".

Epitomes of self parodying irony come to mind ...  gee, dunno why :D

 Methinks a button pushed doth fire,
 the evil oppositional ire;
 In rage foreseeing community will,
 about to rise against their ill.

 "Let no man stand with another!" he shout,
 freedom's fire, desperately to stomp out.
 But in vain they burn, their evil turn,
 plain to see for all who yearn :)

 anon.



On Fri, Jun 17, 2016 at 10:52:53PM -0300, juan wrote:
> Just got this from some upstanding member of this fine 'community'.
> 
> 
> Begin forwarded message:
> 
> Date: Sat, 18 Jun 2016 03:32:34 +0200 (CEST)
> From: Nomen Nescio 
> To: juan@gmail.com
> Subject: FOAD argentina scum
> 
> 
> Re: [tor-talk] Bittorrent starting to move entirely within anonymous 
> overlay nets
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Bittorrent starting to move entirely within anonymous overlay nets

[Zenaan Harkness]

On Fri, Jun 17, 2016 at 11:20:16PM +0200, Aymeric Vitte wrote:
> Le 17/06/2016 à 12:51, Zenaan Harkness a écrit :
> >> Even if an interesting move as you described (ie onions + onioncat) I
> >> > don't really think that it can scale to the extent required by a bt p2p
> >> > network, I don't think either that using hidden services is a good
> >> > solution to reach peers, and is it not an issue to have potentially
> >> > plenty of new nodes (peers) relaying the Tor traffic and decreasing the
> >> > efficiency of the Tor circuits due to their upload bandwidth?
> > Those are not grarpamp's point - as load increases toi the point where the
> > network has some actual "problem", this will motivate various people to do
> > those things required to actually improve the network.
> 
> That's what I am saying, move bt to anonymous, more traffic, increasing
> nodes, this will never happen with the Tor network

Why not?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Bittorrent starting to move entirely within anonymous overlay nets

[Zenaan Harkness]

On Fri, Jun 17, 2016 at 12:41:51PM +0200, Aymeric Vitte wrote:
> Le 17/06/2016 à 06:55, grarpamp a écrit :
> > On 6/10/16, Mirimir  wrote:
> >> But there's still the traffic load. Or maybe, one could consider it as
> >> chaff. Just sort of, though. Right?
> > If that's the old "OMG, too much" argument... load re anon overlay nets
> > may be more like bitcoin's interrelated variables... difficulty, txfees, 
> > reward,
> > watts, price, txrate, etc... they'll slide nicely around to compensate until
> > some unsolveable fundamental limit is reached. ie:
> > Private (non-exit/I2P) use of these nets... if they slow, users will start
> > talking urging more nodes, which they'll readily deploy themselves since
> > private is low risk and satiates their use case. If the required node count
> > to support n-million users starts blowing up CPU/RAM, devs will
> > start getting poked to work on layering that. Even parallel nets
> > with usage charters may arise by then as a given networks adversary
> > resistance begets users begets trust begets honoring narrower charter.
> > Besides, load happens to useful nets, no point trying to stave it off
> > (nets are anon so staving is a no anyway), and trying to stave makes
> > the stavers look stupid.
> > A little education helps too, users will self regulate if they sense that,
> > "Oh shit, I know this net is used for , but I can't
> > even get my own  through, so I better ease up on variable ".
> 
> Even if an interesting move as you described (ie onions + onioncat) I
> don't really think that it can scale to the extent required by a bt p2p
> network, I don't think either that using hidden services is a good
> solution to reach peers, and is it not an issue to have potentially
> plenty of new nodes (peers) relaying the Tor traffic and decreasing the
> efficiency of the Tor circuits due to their upload bandwidth?

Those are not grarpamp's point - as load increases toi the point where the
network has some actual "problem", this will motivate various people to do
those things required to actually improve the network.

The fed guys might be pissed because their little spy comms network has a
problem, but soon enough, those problems will get solved, be sure of that
:)

Now, I would personally advise against something which would be known to
stress the network to the point of failure, e.g. changing a very popular
torrent software default config on the latest auto update to default to
Tor or I2P only.

But, I certainly do subscribe to grarpamp's position that bringing
at least a littl real pressure is bound to have some medium term
positive effects. These seems to me like logic 1-0-1!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Food for thought

[Zenaan Harkness]

On Thu, Jun 16, 2016 at 10:05:23PM -, foodforthou...@sigaint.org wrote:
> Things are never black and white, there are always two sides of a story
> and people are never only good or bad.
> 
> But was it really our first and foremost concern to find out the "truth"?
> Is the lesson to be learned, if you will, about who is to blame? About
> shaming the victims or shaming the alleged perpetrator? About whether or
> not the "accused" will be found "guilty"? Is an "evidence-based
> discussion" or "due process" really going to solve the greater issue here?
> 
> In a community that claims to strive for equality, accusations against one
> person raise much broader questions and issues, like:
> 
> -) How much leadership/charisma/hero-worshiping can be healthy for a
> community of self-empowered people?
> 
> -) What is not criminal can still be harmful, disrespectful, humiliating or
> violating consent, just as what is criminal can still be ethical or
> consensual. Innocent until found guilty misses the mark in this context.
> 
> -) If we were living in a community/society of fulfilled people, who feel
> accepted, approved of and loved by their peers, there would be no such
> thing as abuse or harassment. But we don't. (Yet?) How do we deal with
> this discrepancy in a constructive way?

Beautiful!

> -) If someone voices concerns about a certain individual, how do we open
> lines of communication before too many get harmed? How do we treat both
> parties involved respectfully?
> 
> -) Even when a person, from the bottom of their heart, talks about
> sex-positivism, respect for others, transparency and equality, it does not
> mean that they can live up to their own expectations. Their own disability
> to do so may make them even more enthusiastic talking about it.
> 
> -) We are all humans, we are fallible, we are flawed, we cause harm in
> others. The question is, do we create an environment where failure is
> recognized, do we surround ourselves with friends who will tell us we
> failed? Will they express concern, when self-reflection and self-criticism
> have failed us? Will people speak up even to the one person considered a
> role model? Or do we kick issues into the long grass and surround
> ourselves with yes-men?
> This ties in with the first question.

Great questions. Thanks for being so constructive!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Please suggest domain registrats that are Tor (and bitcoin) friendly.

[Zenaan Harkness]

> Here's the point: in a VPS situation, you are, absolutely, at the mercy of
> the provider of the VPSes, and possibly to the providers of the data
> center.

And here's a topical article if you ain't seen it yet:
https://it.slashdot.org/story/16/06/11/1247240/bitdefender-finds-hypervisor-wiretap-for-reading-tls-encrypted-communications
"
Orome1 quotes a report from HelpNetSecurity:
Bitdefender has discovered that encrypted communications can be decrypted
in real-time using a technique that has virtually zero footprint and is
invisible to anyone except extremely careful security auditors. The
technique, dubbed TeLeScope, has been developed for research purposes and
proves that a third-party can eavesdrop on communications encrypted with
the Transport Layer Security (TLS) protocol between an end-user and a
virtualized instance of a server.

Bitdefender says the new technique "works to detect the creation of TLS
session keys in memory as the virtual machine is running." According to
HelpNetSecurity, this vulnerability "makes it possible for a malicious
cloud provider, or one pressured into giving access to three-letter
agencies, to recover the TLS keys used to encrypt every communication
session between virtualized servers and customers. CIOs who are
outsourcing their virtualized infrastructure to a third-party vendor
should assume that all of the information flowing between the business and
its customers has been decrypted and read for an undetermined amount of
time."
"
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Jake Fan-Fic

[Zenaan Harkness]

Well this is useful, it highlights how someone, perhaps more than one,
may well got their nickers in a real tight not over Jake.

And given that any of the below is true (don't know, never met the guy),
such provocative, bluntly sexual, tacky gutter "humour" as he probably
intended it (and hey, perhaps some of that actually works to pick up
chicks - I wouldn't know, I'm not a chick) and the fact that the initial
email/ story of the "onlooker" which triggered the lynch mob has been
shown to be bluntly in error, we do start to get a clearer picture.

Some people really would get a belly laugh out of the below - just watch
any MSM hollywood "comedy" movie these days for the level of humour which
evidently sells a -lot- of tickets. Perhaps Jake was practicing for his
Hollywood debut? Perhaps Jake a compulsive social boundary pusher? Perhaps
these lines worked to pick up partners in the past and really, as in
really really did not work with ja.talk/ dungeonmaster (strange that a
dungeonmaster would get perturbed with penis jokes but hey, perhaps she's
a dungeonmaster with delicate sensibilities...

What I can say from personal experience is that some folks take such
attempts at humour as a violation of their god given right to ever hear
only swallows and tits (two types of birds btw) singing from the rooftops,
and only rainbows and daisy chains on a sunny Sunday morning to ever
assault their eyes. Mild innuendi shall be regarded with deep suspician
and gutter talk shall be vehemently, violently if necessary, stopped, at
least when I find someone to do it for me, like I dunno, may be a lynch
mob...

What is useful is that this particular episode of presumed subtlety (not)
on Jake's presumed part leads us to consider how to provide genuine
processes for actual justice in the face of real or potentially real
crimes (such as rape, property damage or battery of a human by a lynch
mob). I hope some sincere thought continues to be put to this.

Secondly, we are reminded that some cotton wool darlings will and do cross
our paths, and we also need processes to handle the fall out from their
unfortunately tarnished ears. Freedom of speech is definitely not for all,
so for those who desire something different to freedom of speech, we need
ways to handle those types, ways to encourage them in constructive
directions such as creation of forums where they personally are the
moderator, where individuals can feel as though their feelings are
respected and that they are empowered to unleash their perfect world into
a forum with like minded individuals.

And I am reminded that those who push the limits of social sensibility
need a really really thick skin. A thick skin is a good skill to have, but
the pushing part can still have sometimes very serious consequences, as we
may be seeing here.

Looks like ja.talk is knicker knot's needing to be presented as a "clean
look ma I'm only presenting facts" account, where dungeonmaster is her
"damn, the truth that I'm a one disgruntled woman lynch mob instigator is
coming out, and I'm still so reactive I have to try another tack but not
disrupt my first account" account. All postulation of course.

Yes, justice demands accountability. But accountability may be all but
impossible in a lynch mob and so ja.talk come dungeonmaster has possibly
done the most efficient possible exoneration if there was any real
wrongdoing which may now be impossible to properly determine.

I've never met Jake, nor read any of his words that I recall. Until this
thread, Jake Applebaum was just some guy doing a lot of work with the tor
crowd, and someone who Juan probably bitched about (Juan, love you bro,
never stop being you, not that you need to be told :).  But seriously, I
never would have remembered even that.

Now, well, this lynching brouhaha is something I will always remember.

Along with dungeonmaster's knickers (may peace be on them).

 Never knot your nickers 'fore that bad comedic stops,
 For if ya knot your nickers with a public lynching mob
 you may spit a royal dummy losing clarity and the plot!

 But more, listen carefully my ja.talk dungeon dear! No judge nor jury, yet 
executioner be you,
 inciting others rage, from impotence to lynch mob they do;
 for the day may come on karmas turn,
 
   where the lynch mob turns on you.

 Anon.


As topical as ever:
https://en.wikipedia.org/wiki/First_they_came...
(those dots are part of the url)



On Sat, Jun 11, 2016 at 08:37:26PM -, dungeonmas...@sigaint.org wrote:
> The fantastic adventures of Jake "it's not rape if they're not awake"
> Appelbaum. Installment 1.
> 
> 
> "Welcome to today's workshop where you will learn how to setup a Tor
> relay. Is anyone up for a hardcore S session after lunch?"
> 
> "My dick is the biggest talent attractor for Tor hands down."
> 
> 
> "Mmm the steak here is quite delicious."
> "Have you tried nipple torture before? How many needles can you take?"
> "Pass the ketchup please!"
> "The Pinot is exquisite. I hear 

Re: [tor-talk] Please filter "Appelbaum"!!!!!

[Zenaan Harkness]

On Sat, Jun 11, 2016 at 12:47:34PM +0300, 4torlist2 wrote:
> Tired of reading bullsh*t about Appelbaum! If he did what it is said, should

> In my mail program I setup a filter on the word "Appelbaum", messages with
> it are automatically trashed. But that should have been done by the Tor-List
> admins at the list level!

Bzzt. Nope. Shouldn't happen, won't happen, would be rejected by many, if
it did happen it would result in a new 'uncensored' list being created.


> Censorship is sometimes necessary, sorry to have
> to say this, when some ass*oles by their stupid attitude in fact attack the
> whole Tor system.

Your humble opinion is noted. Not gonna happen (not that I'm a list admin,
but I'm pretty sure you'd lose a lot of the list if you did). At best you
would open a massive and endless ongoing debate every single time
something contentious shows up; this would destroy this list as I
understand the intention of this list.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Please suggest domain registrats that are Tor (and bitcoin) friendly.

[Zenaan Harkness]

On Sat, Jun 11, 2016 at 08:55:18AM +, contact_...@nirgal.com wrote:
> ng0 wrote:
> > I am not 100% sure about the tor part, but OrangeWebsite[0] supports
> > 2 kinds of coins.
> > You could get in touch with support to ask about the tor part of the 
> > question.
> 
> I strongly advise against using orangewebsite: They rent "freshly
> installed servers" with /root/.ssh/authorized_keys that is pre-seed!
> (backdoor)
> Maybe their dns service is ok however...
> 
> (It's a real pity because they use 100% renewable energy, and that was
> great.)

The following may seem cynical, resigned and fatalistic, BUT:

I am Mr ISP.

I run a few boxen and my hosting service, with some hardware level
virtualization, to provide VPSs to inspired individuals.

So my web front end takes a credit card, or some bitcoin, and configures
and spins up a brand spanking new VPS.

The customer must have an initial log in to that VPS. 

Either:
a - I do an initial Debian install, and display the SSH key on the screen
for cut and paste.
b - I offer to receive an initial public key and insert that into the VPS.
c - I somehow provide end customer access to a "lower level" VPS
installer/ console.

Is there any other option?

Assuming option c, where I really go out of my way to maximise customer
trust in my administrative honour.

Now, if I don't actually have administrative honour, the files for the VPS
(e.g. when it's rebooted) or even the current live files (let's assume a
really radical memory-only "live Qubes VPS which dies on any software or
hardware reboot") exist at the very least in memory.

This is a unix system. The VPS files are, or can be mounted somewhere by
root.

Or, I can just write a little memory scanner and look for the appropriate
location for the private keys in memory.


Here's the point: in a VPS situation, you are, absolutely, at the mercy of
the provider of the VPSes, and possibly to the providers of the data
center.


Unless I'm really really missing something obvious about computer
security, your concern is a misunderstanding.

As in, SSH in the first time, and issue/ generate yourself a new key pair
- it's not hard, but won't provide much if any benefit to you. Your
administrator --always-- has root. And that's root at the hardware level,
well below your 'root' access.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Can we have less of Jacob Appelbaum here, please?

[Zenaan Harkness]

On Fri, Jun 10, 2016 at 09:38:46PM -0400, grarpamp wrote:
> SJW tactics were well known since years. Mechanisms thus
> should have been put in place to communicate, listen, early
> intercept and resolve professionally / legally. It and others like
> it should never have been here or on the net in the first place,
> most certainly not with the undertones some of it has teken.

A minimal "suggested handling of shit" doc that folks can refer other
folks to might be useful. Although there may well be multiple versions, as
different folks have very different ideas at times ... it seems.

protocols-re-bullies-and-justice.txt
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Graffiti "rapist lives here" at Jacob Appelbaum's house

[Zenaan Harkness]

On Fri, Jun 10, 2016 at 06:42:04PM -0400, Kevin wrote:
> We talk about how internet bullying is wrong.  Well, this is internet
> bullying.

This is internet bullying, descended into an internet lynch mobbing,
descended further into physical net vigilante crimes.

The mindset allowing for such descent, and such crimes, I believe arises
from the not-handled suppression/ repression from our government organs.

When we don't handle the bully in our face (papers please show your
license, insert this piece of plastic into an orifice of your body so we
can verify your DNA^Bblood alcohol level, your bank account has just been
fleeced for your oustanding $3K of fines since that's all you had stashed
their and we will take the rest next time you pass, etc etc), we repress
ourselves. We have submitted to a bully, we have accepted by default
(tacitly) an injustice. We are leaving the problem to the next guy as
well, and to who knows perhaps our grandchildren. And the problem is, we
are not leaving the same problem, we are leaving a bigger problem because
the bully got a little bit more confident with his/her bullying.

There are state sponsored bullies, and there are individual bullies.

And the sense of powerlessness which arises since we let so many bullies
(mostly the state sponsored ones) prevail in our weekly lives, leving
these bullies "to the next guy", is a foundation which is ripe for YOU
jumping into a lynch mob!

"Oh look, a single non state sponsored individual who REALLY did something
wrong! Yeah let's crucify him! Crucify him now! I know the courts are
fucked and the police are corrupt, so we must crucify him/her NOW so we
can finally FEEL a bit of justice!"

Fact is, the foundation of a lynch mobber is one of intense cowardice.
The public cricifixion is nothing but a release valve, and the weak (non
state sponsored) individual target of the mob, pays a very high and very
public price for the cowardice of the many.

EVERY one must ask themselves, am I a coward? Am I not doing my part to
handle the bullies in my own life? Am I leaving the problems to the next
guy "who I'm so fucking grateful for, my heroes"?

When will I start living my part for the world I want to live in, which
starts in my own home, my own communities, my own country?

Or will I continue to cowardly leave shit to the next guy...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Can we have less of Jacob Appelbaum here, please?

[Zenaan Harkness]

On Fri, Jun 10, 2016 at 03:23:16PM +, df. wrote:
> Agreed Mirimir, it is VERY difficult to avoid or ignore talking about
> someone who at the time of there collaboration with the tor project was
> allegedly involved in some type of "sexual misconduct".
> 
> Just for the record:
> Actually I asked 5 days ago, on this list, I asked with all due respect
> if we could "just move on to other topics" the reason was because I
> thought all the comments that were being made were out of line and not
> very constructive. Why did no one follow suite then?

A silver lining:
- the instigation/ relentless rumour mongering is on the record

- some who lynch mob showed that part of themselves

- some with some strength in the face of such 'intense' conversation
  showed themselves

- some with such impatience that "delete thread" and "well, may be don't
  read the emails in that thread" is too much effort, showed themselves

- for some (such as myself) some insight arose from those who shared their
  clarity on appropriate pathways of action in such situation

I dare say more than one individual has had the opportunity to do a little
mirror gazing, looking inside themselves so to speak.

Thank you again to all those who persist in bringing their best intentions
to this community, notwithstanding even ones own failings. We are human,
we fail, we make mistakes. Surely we would like others to have towards
ourselves, some due process, care, love, understanding, empathy and
opportunity to rise to the challenge of communication, reparation and
healing, in the face of our own failures.

I hold we can demonstrate love toward one another.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Statement by Jill Bähring regarding Jacob Appelbaum

[Zenaan Harkness]

On Fri, Jun 10, 2016 at 03:09:20AM +, df. wrote:
> 
> Mirimir:
> > | On June 7, 2016, Gizmodo published a story in which “eyewitnesses” -
> > | Emerson Tan, Meredith Paterson, and Andrea Shepard - supposedly
> > | “recount” Jacob Applebaum’s “unwanted sexual advances”. The article
> > | was quickly picked up and developed further, for example by the
> > | dailydot. I am the girl in that story.
> > 
|
> > | I recall that night clearly, and my story is entirely different.
> > | This is how it happened.
> > 
> > http://www.twitlonger.com/show/n_1sop8ps
> > 
> > 
> 
> and now strangely no one has nothing to say.

Those who had something real, and confronting, and not easy to say, said
it (e.g. the beautifully worded Cecilia amongst others).

Defending the presumption of innocence is hard when in the thick of
information and interpersonal 'warfare', easy and often glib when spoken
otherwise.

Would be nice to see a "the very foundation/ origin of this targetting of
Jacob now appears, prima facie, to exonerate him, perhaps the rest is just
slander, apologies for leaping onto the lynch mob bandwagon".

Sadly, humans are known mostly for lynch mobbing, not for such apologies,
and so rarely for standing up for 'right', presumption of innocence etc
when shit is actually happening.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] CULT OF THE DEAD COW Statement on Jacob Appelbaum / ioerror

[Zenaan Harkness]

On Thu, Jun 09, 2016 at 12:23:52PM +0200, carlo von lynX wrote:
> On Thu, Jun 09, 2016 at 11:16:24AM +1000, Zenaan Harkness wrote:
> > I agree with you. Some say "naming and shaming" is the way - I say naming
> > bad behaviour, publicly, is not shaming.
> > 
> > Naming simply says "Hang on, that's threatening, are you serious or
> > letting your words preceed you?" or "That's agressive and likely hurtful
> > communication, do you care to rephrase or retract?"
> 
> Er, that's not exactly what I meant. Just because you "define" it to not
> be shaming doesn't mean you can't keep the person you are "naming" from
> feeling shamed and therefore, like most adults, go into defense and fire
> back mode rather than accepting criticism.
> 
> I was suggesting to interact in private, work out the contents of the
> posting together. Certainly complicated by mail, but it is kind of feasible
> with recent forum softwares such as Discourse.

This is a valid approach. Where you have an individual receptive to your
position that you put privately, it may be "successful". If not, others
may be able to assist. If not, involve the whole community. If there's
unanimity against your view, find another community.

These are valid pathways of course.


> > For those who care, I think this discussion you are spearheading is very
> > good.
> 
> Thanks a lot. We've been discussing this in the Italian pirate community

Wow, I did not realise that pirates were not limited to South Cape and
Somalians. Or perhaps you refer to copyright infringement community?

Or PiratParty community?


> > > That is natural, and it is sociologically a losing game.
> > 
> > I completely disagree. It's only a losing game when one of the individuals
> > involved is repressed. When all parties are not in the slightest repressed
> > by the vehemence, vitriol or other intesity of the 'conversation', then
> > the conversation is great entertainment.
> 
> Oh you mean if the debate is intense in the contents but respectful
> of the contendants? Yes ok, then ideally it becomes a winning game.  :)

Winning game yes.

Respect? Sort of - even disrespect/ vitriol can be brushed off as "oh
that's just his way of communicating" or "wow, intense, I feel sorry for
you if you really feel that way" or...


> > Neither you, SJWs, nor anyone, will ever convince me otherwise. There are
> > actually people in this world who will take verbal blows from any and all,
> > in order to learn how to joust, in order to cut to the chase, in order to
> > (try to) identify bullshit as quickly as humanly possible.
> > 
> > It's a very useful skill to be able to go hammer and tong for a few
> > rounds, then turn around in the few minutes and discuss technical details
> > of some computer program - with the same person. That's liberating. That's
> > a sign of being able to handle your emotions.
> 
> Oh.. hm.. well it causes damage by looking like a serious fight to third
> parties.

If you're ever unsure as an onlooker, I suggest actually asking the
jousters.

They may even find your interjection useful you know :)


> Would you be able to take it private or does it need an audience
> to be enjoyable?

Let's say you, and someone you are on generally agreeably vehement and
vitriolic communication terms, have a verbal jihad against one another.

Right. So, if you do that privately, I don't get to watch and enjoy it do
I? That's what I'm sayin...


> Aren't you a bit egoistic if you're more focused on your
> joy than on the general progress of the project?

Probably. I hope my subtlety precedes me - you know, like the 'Dalai Lama
takes humility lessons from me' kind of subtlety...


> And how can you be sure 
> the other side indeed never gets hurt by your words? In digital words, 
> there's no recognizable difference, or is there?

Case by case, but I've been talking mostly about me as an onlooker. Though
I have been one to leap in (often to my superficial detriment by the way).


> Wouldn't it be better in most cases if a vibes watcher kept you guys
> from getting personal and made you stick to a fact-oriented debate?
> Doesn't mean you can't hammer out strong statements - just cut out the
> hurting.

F*iretr*uck no! And no, it's not about hurting.

Think boxing - verbal jousting is less painful than physical boxing. I
take it you would not be one to choose to train and be a physical boxer?

Now, put yourself in the shoes of the boxers, who go to a match, like a
Fight Club match, and you decide to go there and teach them all how
fighting is so yesterday, and can we be robustly firm with a bit of arm
wrestling since blood and bruises really are too personal and
fact-oriented ok so jus

Re: [tor-talk] Sorry Jake I know you are innocent

[Zenaan Harkness]

Notwithstanding the veracity of the sender of the email you replied to,
your english is more than good enough, and thank you for being succinct,
on topic of the thread and relevant.


On Thu, Jun 09, 2016 at 10:29:49AM +0200, tom wrote:
> Hello ja.talk,
> 
> if you are a man, then block yourself. The main distinction between men an 
> animals is that animals can't choose, they have to suffer their being as they 
> are. Men have always the choice. and are able to change themselfes.
> 
> So don't spread you stupid "I am an asshole". Think about what you want to 
> be: a human or an animal. It's your choice.
> 
> Excuse my bad english
> 
> 
> 
> Am Thursday 09 June 2016 02:10:45 schrieb ja.talk:
> > 
> > Like I said: I am a asshole.
> > 
> > Just making a bunch of shit up and putting it here.
> > 
> > I do not like Jake and that is it.
> > 
> > List admin can you block me please?  I am an out of control loser with a
> > lot of time on my hands.
> > 
> > 
> > Kevin:
> > > Why would you even joke about this situation?
> > >
> > >
> > > On 6/8/2016 7:13 PM, ja.t...@eugeni.torproject.org wrote:
> > >> Hey guys I am just making all this stuff up, sorry for being such a
> > >> stuipd asshole!
> > >
> > >
> > > ---
> > > This email has been checked for viruses by Avast antivirus software.
> > > https://www.avast.com/antivirus
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Free Australia: www.UPMART.org
Please respect the confidentiality of this email as sensibly warranted.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Bittorrent starting to move entirely within anonymous overlay nets

[Zenaan Harkness]

On Thu, Jun 09, 2016 at 12:52:35AM -0400, grarpamp wrote:
> First come the clearnet indexes...
> 
> # kickass torrents
...

Before I blinmked I read that as "first they came for the clearnet
torrents" as a riff on
https://en.wikipedia.org/wiki/First_they_came...

Might be topical at this moment:

First they came for the Bulletin Boards,
and I did not speak out, for I had no need of gratis files.

Then they came for the Usenet,
and I did not speak out, for I had no need of wildly differing opinions.

Then they came for the time shifters and file sharers,
and I did not speak out, for I had no need of others files.

Then they came for the IRC,
and it still survives so still I have no need to speak out.

Then they came for the world wide web,
and I certainly did not speak out, for I had no need of porn.

Then they came for the napster, gnutella, freenet and edonkey,
and still I did not speak out, for I had no need of copyright violating
culture sharers.

Then they came for the clearnet torrents,
and I did not speak out, for I'm busy paying my mortgage and watching footy.

Then they came for the darknet,
and I did not speak out, for I had no need of whistleblowing.

Then they came for me,
and there was no one left to speak up for me.



With credits to the history of filesharing,
https://en.wikipedia.org/wiki/File_sharing_timeline


-- 
Free Australia: www.UPMART.org
Please respect the confidentiality of this email as sensibly warranted.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Jacob Appelbaum Has Allegedly Engaged in Sexual Misconduct for Over a Decade

[Zenaan Harkness]

Cecilia, you are an amazing person, to transform the experiences you have
had and to be able to come to this conversation with the love and
gentleness - this brings a tear to my eye.

Thank you.

Truly, you are an inspiration,
Zenaan


On Wed, Jun 08, 2016 at 08:58:49PM -0300, Cecilia Tanaka wrote:
> My dear ja.talk,
> 
> The most sad about this kind of stories of abuse and rape is having
> absolute conviction that some of Jake's "victims" are much more pervert,
> rapist and hypocrite than Jake, me and great part of people here.
...
much heartfelt sharing and insight from Cecilia,
well worth reading if you aint done so yet
...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] CULT OF THE DEAD COW Statement on Jacob Appelbaum / ioerror

[Zenaan Harkness]

On Wed, Jun 08, 2016 at 05:32:31PM +0200, carlo von lynX wrote:
> > Fistly, identify if someone is being bullied, and second, if the target of
> > the bully appears strong enough to handle the "bully".
> 
> Even if the target is strong enough, the constellation will still cause
> damage I believe.

In this world, you're stuck with humans, as you find them/ as they present
themselves to you. You can't get around this little thing called
reality...

> > If not, or if you are unsure, talk with the targetted one offlist and
> > check in to see if they're ok or would like any offlist ear to talk to.
> 
> That is a possible way a vibes watcher could go about it, but I would
> rather intercept any aggressive postings to appear in the original form,
> but rather send them back to the writer asking to clear up some aspects
> that may be misunderstandable or in plain disregard of the code of conduct.
> In the scenario I described earlier either I should have received a mail,
> explaining how my mail had a potential of being misunderstood and needed
> rephrasing, or the reply that attacked me as a reasonable human being 
> shouldn't have seen the light.

I agree with you. Some say "naming and shaming" is the way - I say naming
bad behaviour, publicly, is not shaming.

Naming simply says "Hang on, that's threatening, are you serious or
letting your words preceed you?" or "That's agressive and likely hurtful
communication, do you care to rephrase or retract?"

These types of public naming are very good, often useful, and I do
recommend them - should be on the list of standard possible responses I
agree.

> Unfortunately the work of vibes watching moderators is frequently confused
> with censorship, but that goes back to the fallacious understanding of
> freedom of expression that I mentioned in previous postings and which is
> also addressed in convivenza.

For those who care, I think this discussion you are spearheading is very
good.

In any particular "community", if there's not at least one other person
who 'cares', my default suggestion is move on, find another group.


> > For the one who is conscientious, such communication comes naturally and
> > hopefully contributes to a stronger, all around warmer community.
> > 
> > Those who just love to go at it hammer and tong at each other, well,
> > perhaps sit back and enjoy the view, and if the view is too personally
> > distressing to you, consider Ye Goode Olde Kille File - it's not that
> 
> Just a few mails ago I listed a bunch of links that elaborate how the
> "Don't Feed The Troll" maxime is fundamentally flawed and punishes the
> victims while letting the troll achieve their political aims.

I agree with you, and in hindsight I can see I failed to state the pathway
of naming the "bad behaviour" publicly - just make sure to not get sucked
in to your own ad-hom or other emotional type attacks, because then its
all over, you're in the gutter and no better than the purported bully.


> > hard to change the view. I personally find it difficult to restrain myself
> > from leaping into the fray on one side, then the other, rather than simply
> > sit back and enjoy the view. I personally really enjoy it when individuals
> 
> That is natural, and it is sociologically a losing game.

I completely disagree. It's only a losing game when one of the individuals
involved is repressed. When all parties are not in the slightest repressed
by the vehemence, vitriol or other intesity of the 'conversation', then
the conversation is great entertainment.

Neither you, SJWs, nor anyone, will ever convince me otherwise. There are
actually people in this world who will take verbal blows from any and all,
in order to learn how to joust, in order to cut to the chase, in order to
(try to) identify bullshit as quickly as humanly possible.

It's a very useful skill to be able to go hammer and tong for a few
rounds, then turn around in the few minutes and discuss technical details
of some computer program - with the same person. That's liberating. That's
a sign of being able to handle your emotions.

Sure, some people, perhaps most, are not there yet. And warm cosy
comfortable 'communities' are just what the doctor ordered for those who
are unwilling to stretch such personal boundaries.


> Systems need to
> be designed around humans *as they are*, not try to change the behaviour
> of all involved humans, then find out it doesn't work.

I heartily agree - and some people enjoy "vigorous" communication, they
consider vigorous communication not only "does work", but "works very
well, thank you very much, and by god I'll verbally crucify you should
dare to take my entertainment away from me".

And we have these incredible devices called computers and programs where
with the click of a few buttons, a whole new forum with rules, moderators,
mechanisms for joining and giving the boot etc can be had. That's amazing.
Anyone can create whatever genre of online "community" they think will
save the 

Re: [tor-talk] CULT OF THE DEAD COW Statement on Jacob Appelbaum / ioerror

[Zenaan Harkness]

On Wed, Jun 08, 2016 at 12:47:15PM +0200, ma...@wk3.org wrote:
> Quoting carlo von lynX (2016-06-08 08:28:23)
> > The problem is, if the victims have committed crimes themselves
> > by making their stories public, then going before a judge may
> > backfire on them. Not just fake victims, also real victims.
> > They may get prosecuted for defamation on top of having suffered
> > a crime. We know that the justice system may not be able to
> > punish even a true offender if no legal proof can be produced.
> > So if you want victims to feel safe to talk to the authorities,
> > you must keep them from committing a counter-crime.
> 
> ???
> 
> > That's why I am in favor of pre-emptive management of social
> > issues (aka "vibes watching") and a more fine-grained justice
> > system internal to the hacktivist movement. A court made of
> > people we trust that victims can turn to safely, without 
> > engaging in further crimes, yet enabling that court to take 
> > measures to protect future people from becoming victims.
> 
> You mean like "Someone is abrasive on mailing lists all. the. time. 
> Let's talk to them about it in private, oh they are still abrasive,
> let's talk to them in private, oh, now they are writing weirdly
> misogynistic things, let's not let that stand unchallenged, suddenly
> they are implicitly threatening you with physical violence.", that
> kind of thing?
> 
> Where would you go, and what would you do, if you felt physically
> threatened by someone, and that same person would be discussing
> how to design systems to deal with such situations?

A very good question. Not many have answers, especially those who have
suffered in such situations.

Unfortunately "SJW" has taken on some denigrating meanings, since quite a
few SJW poseurs have popped up here and there and often times ended up
creating problems, which have in some online communities persisted for
years.

An answer?

Fistly, identify if someone is being bullied, and second, if the target of
the bully appears strong enough to handle the "bully".

If not, or if you are unsure, talk with the targetted one offlist and
check in to see if they're ok or would like any offlist ear to talk to.

For the one who is conscientious, such communication comes naturally and
hopefully contributes to a stronger, all around warmer community.

Those who just love to go at it hammer and tong at each other, well,
perhaps sit back and enjoy the view, and if the view is too personally
distressing to you, consider Ye Goode Olde Kille File - it's not that
hard to change the view. I personally find it difficult to restrain myself
from leaping into the fray on one side, then the other, rather than simply
sit back and enjoy the view. I personally really enjoy it when individuals
are strong enough to joust back and forth, and back, and forth, then do it
all again tomorrow. Can't get much better entertainment.

Thirdly, if you feel that you personally are being targetted by a bully
and that you are finding it challenging, or really not coping, I suggest
saying less where possible and reasonable, and identifying one or more
individuals whom you consider would be receptive to you and listen to you
with empathy.

NOW, if you are unable to identify such a receptive, empathetic individual
within your chosen community, you are going to find it tough going and I
don't have much more in the way of suggestions for you, other than to find
a community with like minded individuals. Forums are not so difficult to
create these days, and if ultimately your version of a warm and caring
community requires moderation, you may have to experience that pathway in
your own little online community to discover how that goes...

Good luck
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] fwd: FBI Is Pushing Back Against Judge's Order to Reveal Tor Browser Exploit

[Zenaan Harkness]

On 5/19/16, Joe Btfsplk  wrote:
> bad ideas.  It just struck me as odd that this topic was one of very few
> when most tor-talk subscribers decided to adhere to communication
> silence.

That's potentially inflammatory. I have not chosen to "adhere to
communication silence", I just raised some considerations, well, for
your consideration.

If you have some ideas, legal or technical or otherwise, feel free to
kick off a thread.

One of the problems here is people expecting other people, that is,
someone -other- than themselves, to have specific discussions on
particular matters in a particularly public way.

You can demand that other people perform to your expectations all you
like. But perhaps consider leading by example.

And if you have nothing significant to contribute, then perhaps ask if
you're just wanting to be entertained?

If you have some great legal insight for example, I suggest to you to
consider whether to plaster that across a public mailing list, or
whether to discretely contact those who can make use of it,
potentially to ambush the other side (in this case the FBI/ CIA/ US
govt).

Because frankly, we "little folk" need every bit of advantage we can
possibly get - unless you can personally pony up for some serious
dollar$, we certainly don't have money on our side!!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] fwd: FBI Is Pushing Back Against Judge's Order to Reveal Tor Browser Exploit

[Zenaan Harkness]

On 5/19/16, krishna e bera  wrote:
> On 05/18/2016 11:40 AM, Joe Btfsplk wrote:
>> I'm surprised there are no discussions or questions on tor-talk about
>> this issue .
>> Since any exploits - whether due to "flaws" in Firefox or TBB, or not -
>> potentially have broader implications & applications.
>>
>> Normally, there'd be many comments on far less serious but important
>> issues.
>> I doubt comments are being censored.
>
> Actually i am not surprised there are few comments from the Tor
> community - maybe not smart to discuss legal strategy in the open...

See that on sl4shd0t all the time - "market testing" "think testing"
etc - unknown entity wants to know current 'think' and potential of an
idea, just throw it up on slashdot and many people chime in, giving
away their best thoughts and insights to anonymous entity without any
thought to contributing to a specific libre project. Action is
important, ideas are otherwise used by those with money in our
capitalist greed oriented instant gratification society.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] OT: Bitmessage

[Zenaan Harkness]

On 2/7/16, grarpamp  wrote:
> On Sat, Jan 30, 2016 at 6:14 AM, Tom A.  wrote:
>> Yes take care and look yourself or believe so called experts or
>> multiplicators.
>
> Fine example of the classic passive shilling for GoldBug / BitMail, etc.
>
>> I agree that all closed source crypto is obsolete.
>
> Yeah, so is all the non-reproducible binaries of opensource code
> above, deleting critiques off your own forums, etc... ahem.

There's a theory that the stupider someone is, the less it costs to
buy their corruption.


>>> Also, since Tom spammed a link to BitMail, it's worth noting that
>>> BitMail appears to be developed by the same people who made GoldBug.
>>> For those of you keeping score at home, GoldBug falsely claimed to be
>>> a project of EFF and CCC.  It would be wise to assume that BitMail is
>>> malware or backdoored unless proven otherwise.
>
> Tom's long been associated with their little game.
> Search the whole scam out on tor-talk, cpunks, google, etc.
>
> Till y'all step up to the plate... hasta Asta.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] There might be someone who needs help

[Zenaan Harkness]

cypherpu...@cpunks.org might have more posts and discussion you like
including general crypto and privacy, unless you specifically want to
talk tor.
Excellent is good :)


On 3/13/16, tor_t...@arcor.de  wrote:
> Hi Tor Talkers,
>
> http://www.nytimes.com/2016/03/13/opinion/sunday/should-all-research-papers-be-free.html
> "a graduate student from Kazakhstan named Alexandra Elbakyan is believed to
> be hiding out in Russia after illegally leaking millions of documents"
>
> I feel sometimes to write off topic and you are so kind not to mention it,
> thx...is there any netiquette to read...or is it just "be excellent to "
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] does TBB 'advertise' the list of actual plug-ins, or only a static/fixed list?

[Zenaan Harkness]

Since this is a significant privacy/ anonymity issue, and we are
generally recommended to not install any plugins into TBB at all, due
to these reasons/ problems, can someone tell us please:

does TBB 'advertise' the list of actual plug-ins (like I assume
Firefox does), or only a static/fixed list?

Thanks,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Time for p2p, content addressed, pre-emptively cached web pages - Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic

[Zenaan Harkness]

On 2/28/16, Jason Turning  wrote:
> I'd bet if you took a hard look at their venture capitalist
> funding some interesting links would emerge.

And with significant funding comes board seats; same as Facebook - a
bunch of "ex-" CIA and NSA guys jumped on the Facebook board once it
became clear Facebook would be dominant (over the previous attempts
like MySpace etc). The irony was, the person who did the research and
made a slideshow video with voiceover, distributed this on Facebook!
It was ironic that the bulk of sheeple didn't bat an eyelid.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Time for p2p, content addressed, pre-emptively cached web pages - Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic

[Zenaan Harkness]

Perhaps someone can design something to counteract the CIA and NSA's
Cloudflare tool?

Evidently we need a better way to read our news and blogs. Cloudflare
is getting to pervasive.

http://yro.slashdot.org/story/16/02/26/1816211/tor-project-accuses-cloudflare-of-mass-surveillance-sabotaging-traffic
Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic
>From the men-in-the-middle department
An anonymous reader writes: Tensions are rising between Tor Project
administrators and CloudFlare, a CDN and DDoS mitigation service
that's apparently making the life of Tor users a living hell. Tor
administrators are saying that CloudFlare is...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor for everyone; introducing Eccentric Authentication

[Zenaan Harkness]

On 2/26/16, Guido Witmond  wrote:
> On 02/25/16 01:58, Paul Syverson wrote:
>> On Thu, Feb 25, 2016 at 12:26:02AM +0100, Guido Witmond wrote:
>>> I don't want *people* to exchange keys. I envision people to exchange
>>> names and let computers do the key lookup.

That's fine but should be achievable with a DHT yes?

>> The description below sounds a fair amount like Keybase
>> (https://keybase.io)
>> Perhaps it would be helpful to contrast your goals with theirs?
> Both Keybase.io and Eccentric Authentication share the same goal: Crypto
> for everyone!
>
> But there are differences:
>
> 1. Technology
>
> - Keybase uses PGP, Eccentric uses X509;
> - Keybase uses the Bitcoin blockchain as trust anchor, Eccentric uses
> DNSSEC and a separate verification service like Certificate Transparency.

- separate verification service
- sub certificates
- mitm

This model is fundamentally broken and asking for MITMs.
Why re-use such a model?

Why do you say you considered, but discarded, the blockchain as trust anchor?


> 2. Model
>
> - Keybase has a person centric key model:

Surely that's just an end-user app consideration.

This seems to be your primary gripe about keybase (from what I can
tell) - have you discussed this "limitation" with the keybase
developers/ designers to see if your concept might fit nicely into
keybase?

If you have discussed, please refer us with link(s) to such
discussions - this will be important information for anyone
considering your "solution".

If you have not, perhaps you need to have a good hard think about
whether you are a NIH dope.


> Even though people can have multiple private keys, these are connected.
> Each user has 1 identity. That means, every message sent is attributed
> to the person.
>
> In this model, each of the actions strengthens the faith in the relation
> between the key and the identity.

Again, please provide links to the discussions you've had with the
keybase folks about exactly these points you raise, so we can read for
ourselves, their responses!


> - Eccentric uses a key model where each user has many keys:

This should of course also be raised with the keybase folks.

> Each of those keys is an identity, tied to the site that signed it. Keys
> cannot be shared between sites. This prevents linking of identities
> unless the person reveals it. Or if cookies betray him.

and this

> In Eccentric, people are advised to use a throwaway identity whenever a
> site requires an identity. In Keybase, it's much harder to remain
> anonymous as I expect sites to encourage linking your account to your
> identity.

and again

> 3. Central / Dispersed
>
> Keybase uses a central repository for all key/identity announcements.
> This makes them a single high value target.

Perhaps keybase needs to be forked due to some fundamental
limitations? (it is libre source yes? - before this thread, I'd never
heard of either of these projects...). Perhaps the keybase devs are
aware of such fundamental "problems"?

> Eccentric uses a single CA per site. There is no central repository. The
> risks of compromise are spread out. With some proper use of subkeys, the
> scary part of key management can be outsourced to a service provider.

"every site has it's own CA"

That's a burden upon site operators that will never be "widely"
achieved - except perhaps the large blogging platform providers,
facebook etc.

When a site can use HTTPS, users can create identities on the site,
and then users can use perfect forward secrecy with throwaway keys for
"ephemeral" communications, really, what does some new CA per site
actually provide?

I'm just not getting the significant value proposition or even
properly understanding your use case and why most people would bother
with all your proposed infrastructure.

Without a significant "value proposition" for the sites, or for the
users (and implicitly perhaps for the sites as a result of that),
who's going to bother?

But then I'm biased - neither do I understand the value proposition of keybase.


> 4. User Security
>
> Keybase provides confidentiality of the message contents but as it uses
> existing email transport, neglects meta data protection, in fact it
> gives up meta data protection to gain stronger ties between usernames,
> keys and identity.

In other words they've delegated part of meta data protection back to
the user "you'll have to use a throwaway email account if you want any
anonymity in your keybase communications".


> Eccentric offers much stronger protection of meta data and equals
> protection of message confidentiality.

So you're building a messaging platform?

Or building infrastructure which you expect others to build messaging
platforms on top of?


> With Eccentric it's harder to
> assure a certain key belongs to an author of a publication.

So what value does it provide (sorry, I'm a slow learner).
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to

Re: [tor-talk] Fwd: Cryptopolitik and the Darknet

[Zenaan Harkness]

On 2/25/16, Yaron Goland  wrote:
> Tor has argued that we have the right to listen without being forced to
> expose our identity. Don't we also have the right to be heard without being
> forced to expose our identity?

This can only partially be achieved at the moment - think "network
shock testing" by a state-level actor (i.e. someone like NSA who has
pervasive network monitoring, and some link-level control) - so you
have say a juicy government leak, whip it up on your local Tor
'anonymous' web server, and the state actor, monitoring the
underground forum you happen to mention your leak on, floods your IP
connection with 100 tor connections, then after only ~3% of the
download each, disconnects those 100 connections simultaneously.

The immediate and corresponding drop in bandwidth consumption by your
particular mobile phone computer is noted, and thereafter you are
specifically targeted in other ways.


> It would be awful if just as people's personal devices are powerful to give
> them a voice, Tor takes away the infrastructure needed to make that voice
> audible.

Being able to publish, and being able to publish pseudo-anonymously,
are different things, and pseudo-anonymous publishing will not be
removed from Tor, but please be aware of its limitations.

(If hidden services were removed, Tor would be immediately forked and
the current devs would lose their credibility, so don't worry about
that part, but frankly, that's the least of our problems anyway...)

Good luck,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: Cryptopolitik and the Darknet

[Zenaan Harkness]

On 2/25/16, eliaz  wrote:
> Elaboration: I said in my previous post that I never quite believed that
> "there are more good than bad people."  I think it's more to the point
> of upgrading tor architecture to say that I don't feel comfortable
> relying on "there are more good than bad people" as a justification for
> the Tor Project's laudable aims. Regardless of numbers there *are*
> people who will misuse tor, and the article gives good evidence that
> those people are the ones who employ anonymous content platforms. - eliaz

There is a principle: to give up anonymous publishing for the ~2% of
bad actors, you will give up that right for the rest of us as well.

Same goes for other rights, not just anonymity.

By allowing people to drive on public roads, we accept that
occasionally some nutcase will also drive on the roads, run down a
pedestrian or cop and or cause a lot of damage to property. It's part
of the bargain.

Then some people will suggest "time for full time GPS tracking of all
vehicles, you know, to stop the crazies", thereby giving up our right
to anonymous travel.

Once again, you will not stop the crazies, and you give up a basic
right, something fundamental to being human, to being in society/
community.

There's probably a fancy logical name for this "bad bargain" that
"well meaning" humans seem to always want to make. Somehow they are
wired differently to me and many others on this list. You see I always
ask another question immediately to the thought or suggestion to "give
up a liberty" (e.g. anonymous publishing, private phone calls,
anonymous travel, pseudonymous travel, freedom of thought, etc), and
that question I always ask is "do we lessen our humanity by treating
ourselves as children, with cotton wool gloves?"

Guns, knives, cars and communication are topical examples these days.

I find it mind bending, but some folks actually think mandatory
registration, rego plates and licensing, is a great idea for bicycles
- you see, some folks on bikes have run into pedestrians, ride fast on
footpaths, and if they're being chased on foot by police they can get
away, not to mention how dangerous they are to the rider, there's just
so many problems with bicycles we could probably raise a good argument
to ban them completely - perhaps a govt buy back scheme and a govt
financial compensation scheme for stationary exercise bikes to
compensate for the health problems which would statistically arise due
to the reduction in exercise of the population when bicycles are
banned.

These are serious problems. We must not be flippant about the dark
dangers of cyclists traveling anonymously and dangerously, not to
mention their rogue machinery!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: Cryptopolitik and the Darknet

[Zenaan Harkness]

On 2/25/16, eliaz  wrote:
> Elaboration: I said in my previous post that I never quite believed that
> "there are more good than bad people."  I think it's more to the point
> of upgrading tor architecture to say that I don't feel comfortable
> relying on "there are more good than bad people" as a justification for
> the Tor Project's laudable aims. Regardless of numbers there *are*
> people who will misuse tor, and the article gives good evidence that
> those people are the ones who employ anonymous content platforms. - eliaz

There is a principle: to give up anonymous publishing for the ~2% of
bad actors, you will give up that right for the rest of us as well.

Same goes for other rights, not just anonymity.

By allowing people to drive on public roads, we accept that
occasionally some nutcase will also drive on the roads, run down a
pedestrian or cop and or cause a lot of damage to property. It's part
of the bargain.

Then some people will suggest "time for full time GPS tracking of all
vehicles, you know, to stop the crazies", thereby giving up our right
to anonymous travel.

Once again, you will not stop the crazies, and you give up a basic
right, something fundamental to being human, to being in society/
community.

There's probably a fancy logical name for this "bad bargain" that
"well meaning" humans seem to always want to make. Somehow they are
wired differently to me and many others on this list. You see I always
ask another question immediately to the thought or suggestion to "give
up a liberty" (e.g. anonymous publishing, private phone calls,
anonymous travel, pseudonymous travel, freedom of thought, etc), and
that question I always ask is "do we lessen our humanity by treating
ourselves as children, with cotton wool gloves?"

Guns, knives, cars and communication are topical examples these days.

I find it mind bending, but some folks actually think mandatory
registration, rego plates and licensing, is a great idea for bicycles
- you see, some folks on bikes have run into pedestrians, ride fast on
footpaths, and if they're being chased on foot by police they can get
away, not to mention how dangerous they are to the rider, there's just
so many problems with bicycles we could probably raise a good argument
to ban them completely - perhaps a govt buy back scheme and a govt
financial compensation scheme for stationary exercise bikes to
compensate for the health problems which would statistically arise due
to the reduction in exercise of the population when bicycles are
banned.

These are serious problems. We must not be flippant about the dark
dangers of cyclists traveling anonymously and dangerously, not to
mention their rogue machinery!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Saving images from TBB

[Zenaan Harkness]

Sadly I'm stuck on gmail at the moment. Happily it works fine in TBB.
Sadly when I click to save an image from an email, that image gets
re-downloaded.

Is this latter problem a Firefox thing, or a TBB thing?

In either case, is there an about:config setting to override the
behaviour, so that I can right click an image and save it, without
that image being REdownloaded?

TIA
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] ru news

[Zenaan Harkness]

Well if nation-states can compete against each other in this way,
perhaps this is the best overall outcome we can hope for?


On 11/25/15, Vladimir Teplouhov  wrote:
> http://www.securitylab.ru/news/476982.php
>
>
> Должен заметить, что сумма контракта была по российским меркам очень
> значительна - что говорит о многом - не зависимо от результатов и
> возможностей...
>
>
> Гос-оклад инженера в институте(не Москва, но в регионах специалисты
> даже лучше) - 5445 rub/month.
>
> 39/5445 /12 = ~ 6 человеко-лет!
>
> То есть в принципе эта сумма экв. зарплате 6 инженеров в течении
> года, или 6000 чел в течении 10 лет.
> (можете аналогично пересчитать возможности в USD с учетом окладов у
> вас - я думаю экв. сумма у вас составила бы порядка 60$)
>
>
> Вывод:  вас кто-то зачем-то очень сильно хочет ;))
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] ru news

[Zenaan Harkness]

Of course not - I mean compete in running Tor ("sub") networks, e.g.
running a bunch of state level relays/ guard nodes/ exit nodes, with
intention to monitor in and out traffic for as much of the network as
they can.

This has been discussed before.
Zenaan


On 11/25/15, Anton Nesterov <koma...@openmailbox.org> wrote:
> Compete against each other in mass surveillance? Well, no, I don't see
> any overall outcome in this.
>
> Zenaan Harkness:
>> Well if nation-states can compete against each other in this way,
>> perhaps this is the best overall outcome we can hope for?
>>
>>
>> On 11/25/15, Vladimir Teplouhov <vladimir.teplou...@gmail.com> wrote:
>>> http://www.securitylab.ru/news/476982.php
>>>
>>>
>>> Должен заметить, что сумма контракта была по российским меркам очень
>>> значительна - что говорит о многом - не зависимо от результатов и
>>> возможностей...
>>>
>>>
>>> Гос-оклад инженера в институте(не Москва, но в регионах специалисты
>>> даже лучше) - 5445 rub/month.
>>>
>>> 39/5445 /12 = ~ 6 человеко-лет!
>>>
>>> То есть в принципе эта сумма экв. зарплате 6 инженеров в течении
>>> года, или 6000 чел в течении 10 лет.
>>> (можете аналогично пересчитать возможности в USD с учетом окладов у
>>> вас - я думаю экв. сумма у вас составила бы порядка 60$)
>>>
>>>
>>> Вывод:  вас кто-то зачем-то очень сильно хочет ;))
>>> --
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>>
>
>
> --
> https://nesterov.pw
> GPG key: 0CE8 65F1 9043 2B11 25A5 74A7 1187 6869 67AA 56E4
> https://keybase.io/komachi/key.asc
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] KARMA POLICE

[Zenaan Harkness]

On 10/1/15, Ryan Carboni  wrote:
> http://arstechnica.com/tech-policy/2013/06/exclusive-in-2009-ed-snowden-said-leakers-should-be-shot-then-he-became-one/
>
> https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities/
>
> Yep.
>
> Time to create a massive donation drive for Tor.

I applaud and share your enthusiasm and intention. But.

The assumption that "enough money will solve the problem" is generally false.

What is needed is a supra-tor or supra-"supplied by the govt/ isp"
physical network layer - or at least enough nodes in a 'slightly new
design' network which can use those nodes (assuming there are enough
of them, which might be large number, I have no idea).

That means individuals setting up their own links between them and
their neighbors. Neighbors is a loose concept - wireless links can hop
a fair distance.

The principle is:
- if you don't control it, if you did not physically set it up, it monitors you;
- if you don't install and 'control' the software running on the
hardware, it monitors you;
- if your hardware is backdoored before you receive it (e.g. built in
hidden other-than-wifi radio, keylogging cpu microcode, full hidden
net sniffing computer in your ethernet port), notwithstanding the
software you install on it, it monitors you.

There is so much room for necessary improvement that the situation is
depressingly grim.

TBB/Tor is at least something - just be sure you understand what it
is, and what it is not.

Good luck and surf safe,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Detritus

[Zenaan Harkness]

On 9/18/15, Lara  wrote:
> paul.cra...@sdf.org:
>> I'd like to ask individuals to take a moment to erase the detritus of
>> earlier messages before hitting "Send".  Otherwise, I'm going to get
>> carpel tunnel syndrome hitting "Page Down" to get to the meat in the
>> message.
>
> They simply can't. The brainpower is too low. This is what makes email
> so much more beautiful. Top reply, inability to edit even the mailing
> list signature, all these are there to help you filter up the junk. Just
> set the list to individual emails instead of digest and start adding
> emails to one long list destined to /dev/null or whatever equivalent you
> have on your system. In a few days idiots would be far fewer and further
> apart. Than you can do even nicer things like adding the nuts that pop
> around this list so often, the ones who don't have a clear idea what's
> going on, but they badly need *total* government protection in less than
> $200.

Wow - government totally protecting me, for just $200.
What a thought :D
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] TBB update using offline/ downloaded tarball?

[Zenaan Harkness]

Is there an upgrade process for TBB by e.g. unpacking the tarball over
the existing installation directory, or does one have to use the
in-browser upgrade-in-place option or install to a separate directory?
TIA
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Historically speaking, what was the U.S. navy /military

[Zenaan Harkness]

On 7/31/15, Cari Machet carimac...@gmail.com wrote:
 dear roger that is your opinion

Roger D:
 ... please think through whether it contributes usefully to the topic at
 hand, and whether it contributes *sufficiently* for many thousands of
 people to read it.

Roger asked us to think, before we type. He was courteous in my book.
And he is generally entirely conservative/ restrained-in-a-good-way on
such matters too.

Hard to ask for more than that.

Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Historically speaking, what was the U.S. navy /military

[Zenaan Harkness]

On 7/30/15, Alexandre Guillioud guillioud.alexan...@gmail.com wrote:
 To Zenaan :

 I havn't enough grasp on english language (i have a hell of time to debunk
 sarcastics comment in my own language, let alone english) to determine if
 you are backing me or are pushing me into the cliff.

Don't sweat on it - the cliff might be better/ more comfort, than
knowing more :)

Some things in onion web bring tears. Some things our governments do
bring tears. The world is sometimes a harsh place.

 Anyway, I back you on your description of the situation. A few 'genuine
 members' (everyone in here is tor dev ?) are slowing down tor development,
 by making the possibility of a move out of sight.

I described Juan's terminology, my interpretation anyway.

 Friend ! \o/

 Isn't out there tor forks with enough peers ?

Search e.g. GnuNET, I2P, etc - these are different software stacks,
not forks of TOR stack. TOR fork might not make sense - one of the
security benefits is the large number of people using TOR - then you
become a needle in the haystack. Same for other networks, more or
less.

The centralized parts of TOR need to be (at least partially)
decentralised, at least for scalability - TOR currently will fall over
if most of Internet tries to use it on one day. So if you are a
programmer have a go - you will be welcomed.

If you trust TOR devs (and centralised TOR network parts) as
benevolent dictators, then theory says TOR network can be more
secure. Personal opinion's on actual security of a particular web
surfing activity in current actual TOR network, are probably only
relevant to the individual who owns the said opinion :)

I suggest that you try to avoid are you for me, or against me - it
is not useful. Sharing ideas is useful. Highlighting blind trust is
useful, highlighting unseen assumptions, and unseen facts (thank you
Juan!) are useful activities. Assisting each other's understanding,
even if we differ in opinions on small things (all things are small ;)
 is more important than saying we do or do not oppose one another.

Juan rowed a tough road for some time - he kept highlighting the USA
government funding at the core of TOR, and highlighted assumptions
some of us made. Some people take his brash manner as though it is
oppositional - yes it is oppositional to institutionalised human
killing, as so we all should be, and his language is sometimes harsh;
but for me, if I actually had need for some level of genuine privacy
and/ or anonymity when using TOR and my mind be sleepy, then Juan's
voice is very much needed by me and my sleepy mind! Juan says wake
up! and he also often adds you fool! - ignore the second part and
you will enjoy most people :)

Peace,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] TBB image cache bug?

[Zenaan Harkness]

Anyone else seeing this?:
For a couple weeks now, with sites like gizmag.com, but also others,
TBB seems to mix up some of the images, where Firefox does not.

Eg http://www.gizmag.com/bionicon-e-ram/38687/

Right now for me contains a side image with this caption:
Age-related macular degeneration patient receives bionic eye transplant
and the image in TBB is a mountain bike, and the image in FF is an
elderly man wearing funky glasses.

Happens on TBB 4.5.3 and on 4.5.2.

Could be in the networking code - I saw a slashdork page with an image
at the very end of the page - after the normal web site/page bottom,
which was from russia-insider.com, stuck to the very bottom left of
the page after all else.

Willing and capable to run more tests if needed.

Thanks,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Historically speaking, what was the U.S. navy /military

[Zenaan Harkness]

On 7/29/15, Juan juan@gmail.com wrote:
 On Wed, 29 Jul 2015 12:32:56 +
 Virgil Griffith i...@virgil.gr wrote:
 Historically speaking, what was the U.S. navy /military
 ntending to use Tor for?
 me:
 Exactly the same things they use it for right now.
  Communications for their murdering operations, spying,
  propaganda.
  Spread of american fascism.
   addendum : a Pretty Good Name (PGN) and description for tor is
   'controlled opposition'.

You wouldn'... couldn'... Juan, surely you're not suggesting TOR's a
Controlled Oppositional Network i.e. a big CON??
...
blink
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Historically speaking, what was the U.S. navy /military

[Zenaan Harkness]

On 7/29/15, Lara lara@emails.veryspeedy.net wrote:
 Alexandre Guillioud:
 People which need tor for security, anonymity, can and will inform
 themselves.. If they don't, they risk exactly what they were risking
 withiut it.

 But if that's so, than the sky is not falling. Won't Jeebus come on and
 stain his white cloud?

 I bet in the next post you're going to say Terminator 2 is just a script.

Termoinator 2 is just a ... hey, wha..?!!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Historically speaking, what was the U.S. navy /military

[Zenaan Harkness]

On 7/30/15, Alexandre Guillioud guillioud.alexan...@gmail.com wrote:
 Reread a few post back.
 First you are whining about tor being misused, and after being put in place
 by Lara, you say internet is full of ressources anyway ?

 Plain nonsense.

 Plus, making citation on two weird sentences i wrote a 2am, out of a long
 and meaningful message, is equally plain non sense.

 I will stop discussing with you now. Troll or dumb, that's not my problem
 and i will not give more time to it.

Aww ... even they need to be entertained tooo. You need to pull your
comedy weight - no slacking now.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Historically speaking, what was the U.S. navy /military

[Zenaan Harkness]

On 7/30/15, Alexandre Guillioud guillioud.alexan...@gmail.com wrote:
 Guy, this could be reversed.
 Tor has limitations ? Make a pretty infographics on the subject and move
 on.
 It's not by using these kind of epistomologique principle that you'll
 educate the mass.

 My point is you are putting your head into the oven by doing what you do :
 you don't want to teach, you want to impress with pretty words.

 My question was, what do you mean by controlled opposition ?
 Answer you gived me was there is no proof but you know, i'm sure they are
 doing it ! Follow me, trust me, i said it.

Easy words definitely +1.

My take on 'controlled opposition' is that TOR effectively collects
most/ many of the Snowden's of the world who might be considered
USA opposition. By collecting them onto one network, the important
targets, although mixed with not important targets, are collected
into one technology and therefore much easier to identify - correlate
TOR users with ISP sign up accounts.

Years ago a friend coined the term the FOG - the False Oppositional
Group. In many cases of community issues here in Australia, one or two
people offer to lead a committee to fix the community problem,
and we have seen time after time, these self-proclaimed leaders get
the large initial group on a tread mill of ineffective tasks and
activities - like writing letters to parliament, like walking down the
main street of their local town, like ringing the radio station, and
endless more tasks which achieve absolutely nothing.

This FOG committee then also belittles ideas which might have traction
(e.g. class action lawsuit, civil disobedience) telling their group
oh that can't work and similar. Over time, the people in the
community who are active (but ineffective direction activity set by
saviour committee) initially, die away (leave the group, stop
participating), since no progress is ever made.

This is extremely effective tactic by e.g. developers who want to
develop seaside foreshore multi billion $ developments, significantly
blocking the surrounding property owner's significant sea views. In
three years, 500 people is reduced to about 5 hard core genuine
people, by the 5 False Oppositional Group committee members. More
details available but already probably too much.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] evidence that Tor isn't amoral?

[Zenaan Harkness]

On 7/10/15, Juan juan@gmail.com wrote:
 On Fri, 10 Jul 2015 14:35:04 -0500
 Drew Fustini pdp7p...@gmail.com wrote:
 Greetings - I am a Tor Browser user and also an operator of a couple
 Tor relays.  I believe the Tor Project has a noble mission.

 An online friend recently claimed to me that amoral content is a huge
 portion of the exit node traffic.  I believe by amoral he meant
 sexual exploitation.


   You mean porn? Yes, a lot of tor traffic is prolly porn.
   But, amoral?

   No. What is morally fucked up or 'morally bad' if you prefer, is
   the use of tor as a propaganda tool for the US government. And
   that's what tor really is.

   The fact that tor is used to view porn is the only good thing
   about it.


   ps : 'amoral' is not the right word for things that fucked up
   conservatives dislike.

Come on Juan! Grow the f*** up already and apply for Executive
Director of TorProject, then we can all finally feel protected, safe,
secure and private when using TBB!

Really, it's fence-sitting amoral positions like yours that really get
my chicken going... fix the world already,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] TBB: on/offline button in toolbar

[Zenaan Harkness]

Hi, I am familiar and very content with the Firefox toolbar-buttons
plugin - which provides a couple of key toolbar buttons, such as:

- work on/offline
This allows e.g. for sites which insist on messing with my cache
settings/ sanity and reloading the dang page when I go back and or
forward in tab history, to do the following 3-step:
Work Offline - Back (prev page in history) - Work Online
more quickly than navigating through menus - which is quite the
frustrating experience when one does this often.
This is useful as I can get a very quick redisplay of a previous (or
subsequent) web page in my history without the site reloading it
unnecessarily which seems to happen on so many sites these days.

- proxy toggle (3-way)
This button does what it says, cycling through:
no proxy - auto proxy - manual proxy
Again, this is a great time saver in certain situations.

I guess we can be confident that others will have their own favourite
time saver buttons from Toolbar Buttons plugin.

Is it possible for some TBB dev to audit Toolbar Buttons firefox
plugin for security/ safety and/ or inclusion in TBB?

I will be very grateful.

Thank you,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] torproject.org being redirected/ DNS multi link paged to ww2.torpoject.org

[Zenaan Harkness]

going to torproject.org, redirects to http://ww2.torpoject.org/ ,
which comes up with what appears to have a link at the bottom to:

http://www.gstatic.com/domainads/privacy/

It should instead redirect to this page:
https://www.torproject.org/index.html.en

Just a config oversight, or an undermining somewhere?

FYI
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Matryoshka (fill traffic in networks?) [was: Are TOR holes intentional?]

[Zenaan Harkness]

On 6/18/15, grarpamp grarp...@gmail.com wrote:
 On Thu, Jun 18, 2015 at 12:51 AM, Roger Dingledine a...@mit.edu wrote:
 but it sure looks like another case of somebody not understanding the
 research field, and thinking that solving the traffic confirmation
 attack is easy, without actually thinking through the engineering side,
 the scaling side, or the statistics side.

 There's certainly no easy solution to all problems. Though
 there could be value in those that put more odds in your favor,
 even though they do not yield 100% solution or protection.

 If you rarely tx but then emit something [unique or timely]
 that pops out at some [rare] destination, you're done for.
 I think we've seen posts from some people who slow crawl the
 web 24x7 when their client is running just to add cover at their
 end for their interspersed real web activity.

For a potentially useful project to many: software to crawl and cache
popular news sites into a content addressed darknet/ localnet cache,
so that folks can browse the daily news without using exit nodes.

Trust network above that is a separate task entirely.

For bonus points, have the content addressing be in git.


 But even full scale padding, ignoring the practical side of how to get a
 Tor network that can afford to waste so much bandwidth

 Waste is an incorrect, negative term for designed in padding (fixed
 set of lengths) or fill (empty links) or chaff (ratio) or whatever this is.

 A design where fill traffic gets out of the way when real data is
 being sent might have periods of congestion or underutilization
 of the link depending on the distance in hops the fill is managed
 over, and the speed of the sensing and feedback controls.
 Seems that might need to be as fast as you could initiate a first
 packet across, unless you inhibit that packet until ready.

Just as the disadvantages of HFT (high frequency trading) can be
handled with a trade-window model (all trades are batched into a 1s,
or 10s or whatever window to be resolved by the exchange at the end of
each window), inhibit packet until ready makes me think this might
be applied to Tor networks - specifying a relatively high minimum
latency for new session initiation. But again, it's the type of
problem/solution potential which needs genuine analysis to know if
there's going to be a non-trivial privacy enhancing benefit. I can
only make assumptions sorry.


 doesn't provide
 protection in the face of active attacks where you induce a gap on one
 side and then observe the gap on the other side. And it might even be
 the case that these gaps happen naturally by themselves, due to network
 congestion and so on, so maybe passive observers will be winners even
 against a design that does full padding.

 I've said that fill seems useful against passives, not actives.
 However a design may actually be possible such that any disturbance
 or deficiency in fill might be possible to make up from other sources.

E.g. your entry point (e.g. ISP) introduces random peak bandwidth
drops/ latency holes and when the ISP's incoming networks fail to
keep up their side of this same bargain, the link deteriorates
completely.

This implies an ISP who is on the side of the users, at this point a
rare thing (if it exists at all).


 In other words, if I knock you off the net, the remaining path your data
 would have taken to your endpoint will still be filled so as not to expose
 the far end as being tied to you (if the fill management scope of the
 network is finer grained than just the end nodes negotiating end-to-end
 with each other (ie: I think the entire net will need to negotiate their
 own
 mesh of fill peers as an underlying management layer, with possible
 cues from above)). You get knocked off, your former peers sense this
 and recalc their fill sources and sinks.

This 'feels' like it has potential. Except I think it presumes that at
least your starting node(s) (eg ISP) are not actively adversarial to
you - but are we assuming this anyway with current Tor? (Sorry for my
ignorance.)


 tl;dr the whole premise of this person's blog post is flawed, since
 their design likely does not work as they think it does.

 While someone's design may be insufficient to solve some problem,
 it does add value in the form of talk of possible solutions and trialing
 them. Thereby others can try different / related avenues to a solution.

A thought I've pondered for a couple years now - and now in this
context, let's say my geographic neighbour and I each have an ISP
uplink, and wireless connection between one another.

If my underlying fill traffic network (physical/PHY layer, at least
from my perspective as an end user) can somehow include the private
connection between my neighbour and I, and if the ISP actively targets
one of us and crimps the connection, and then the neighbour similarly
(pro-actively) crimps his connection in 'almost parallel', could
this provide some level of plausible deniability of the exit-node
traffic 

Re: [tor-talk] Tor Browsers on SourceForge

[Zenaan Harkness]

On 6/7/15, Griffin Boyce grif...@cryptolab.net wrote:
 Fabio Pietrosanti (naif) - lists wrote:
 Given that there could be sketchy reasons to distribute Tor Browser
 unofficially and that Tor it's a copyright of Tor Project, shouldn't
 the
 Tor Project ask to SourceForge to act to:

 a) Or Remove those project

 b) Or ask to change name and remove any occurrence of Tor in the name
 of the projects, title, sub descriptions that may lead to misleading
 interpretation that this is tor browser


Andrew and others have asked for these to be taken down in the past.
 Most listings are shady and likely contain malware.  I contacted the
 developer of the first listing last year [1] but he never responded.
 While SourceForge might not care about malware*, large US-based
 companies usually care about copyright and trademark violations (which
 was a solid legal basis for Andrew to request takedown).

I'm not super sure where to go from there though.  This might be a
 better question for Wendy Seltzer.

Thoughts:
- contact Bradley Kuhn of the Software Freedom Conservancy
- contact the Free Software Foundation (USA)
- create competing projects on sourceforge - open a new account
torproject.org and upload at least one TorBrowser binary - perhaps a
stub which points the user to the official web page
- write some software to auto-create projects on all the commercial
sites out there, in a single hit, make your code libre licensed of
course :)

In fact, all existing projects on SourceForge ought (evidently)
maintain their admin-ship of their existing project pages, just to
ensure SF does not fuck them over.

Sadly we live in a world of many financial, and other, predators.

Do Not give up control of your SF or GitHub or
__pick-a-commercial-entity__ project!

If your project gets mirrored on one of these types of sites - set
up your own project just to have an official presence on that site.

This is a sad form of digital thuggery which ultimately may need a
legislative fix - in the meantime, the consequence is more work for us
(but hopefully minimal) who admin projects.

Good luck,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [Cryptography] Dark Web should really be called the Twilight Web

[Zenaan Harkness]

On 5/29/15, grarpamp grarp...@gmail.com wrote:
 On Thu, May 28, 2015 at 2:08 AM, Zenaan Harkness z...@freedbms.net wrote:
 On 5/28/15, grarpamp grarp...@gmail.com wrote:
 to be taken other than filling your unused capacity with fill traffic.
 No network to date appears to be developing or using that defense.

 I thought that was the main differentiator for I2P (as compared with
 TOR)??

 Nope. As above.

Just finished reading a bunch of I2P pages, and can confirm what you
say - I'm guessing I read this section, and forgot the but not yet
implemented bit:
Various mixing strategies at the tunnel level (e.g. create a tunnel
that will handle 500 messages / minute, where the endpoint will inject
dummy messages if there are insufficient messages, etc) 
https://geti2p.net/en/comparison/tor
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] [Cryptography] Dark Web should really be called the Twilight Web

[Zenaan Harkness]

On 5/28/15, grarpamp grarp...@gmail.com wrote:
 On Wed, May 27, 2015 at 11:08 PM, Phillip Hallam-Baker
 ph...@hallambaker.com wrote:
 Tor certainly works for some of its intended uses. If you are in a
 repressive state and want to get access to CNN or the like, Tor is your
 friend. It isn't going to prevent a police state noticing that you might
 be
 up to some sort of unapproved activity but they won't be able to tell the
 difference between a dissident and someone surfing for porn etc. So it is
 useful and reduces risk in countries like Iran or Russia. But using it in
 North Korea would mean risking a death sentence.

 Where I don't see Tor being remotely safe is trying to operate an online
 Drug bazar as a hidden service. I mean seriously guys, cryptography isn't
 magic and traffic analysis is a very effective tool.

Do you mean like analysing the trafficking of drugs in their physical
form. Traditional law enforcement seems to do this type of traffic
analysis reasonably well on occasion.

:)


 For whatever part of your threat models above includes global passive
 adversary watching the input and output points of your network
 of choice and lining up traffic observations... there is little defense
 to be taken other than filling your unused capacity with fill traffic.
 No network to date appears to be developing or using that defense.

I thought that was the main differentiator for I2P (as compared with TOR)??
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] New Astoria Tor client is said to be better than plain Tor

[Zenaan Harkness]

NOTE, if you want newbies (and occasionally potential contributors) to
not be really frustrated with your communciation, perhaps define your
key terms on first use.

Since AS has not been defined anywhere in this thread (yet), I
downloaded the paper (OK, that might be a reasonable desire - get
people to download and read the original source, but still ...
please!), only to find the term AS used nearly half a dozen times
before it's ever defined/unpacked in the paper itself!

Zenaan

PS: For those who were wondering: AS ~= autonomous system.


On 5/24/15, Rishab Nithyanand rishabn@gmail.com wrote:
 I would like to stress that most of the news articles I've come across have
 some incorrect claims. It is sad that none of them got in touch with us
 before publishing their stories. Please read the paper [1] if you'd like to
 know what Astoria actually tries to do.

 We'd rather have informed positive or negative feedback from interested
 people, than uninformed approval or dismissal of our work. In the end, our
 goal is to build something useful for the Tor community.

 [1]  http://arxiv.org/pdf/1505.05173.pdf
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Use of TOR [sic] for illegal activities

[Zenaan Harkness]

On 5/21/15, grarpamp grarp...@gmail.com wrote:
 On Wed, May 20, 2015 at 6:53 PM, Paul A. Crable p...@crable.us wrote:
 I'd support censorship if I was in charge of it

 You won't be.

 but I doubt most others would go along with my idea.

 No one here will be either. As you've discovered, it's
 non negotiable.

 So I guess we must leave things as they are, flawed
 as they may be.

 The only flaws here are the censors, and we're tired of leaving
 them be as they were.

 I think they'd be surprised it is being used today.

 Did you know there are hidden service forums for worshippers of SATAN?
 And ones for atheists, muslims and the FSM? And for Christians?

 By the way, theaters of today are built such that they don't burn
 in a way that would threaten the lives of rational moviegoers.
 The irrational ones are like censors, they are the ones
 that stampede and kill people.

Great analogy! Cheers.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Meeting Snowden in Princeton

[Zenaan Harkness]

 March 1st Tor cooperates with LEO

 Tor has been giving talks to LEOs since its initial
 release as a public software project.

Pretty impressive software. IBM might be interested in that one,
assuming the talks have been two-way things of course ...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Zenaan Harkness]

The GNS/ alternate distributed DNS thing is the bit I was specifically
referring to.
I do share your assessment that Gnunet does not provide anything like
adequate anonymity.

GnuNet's GNS could be (I assume) run across TOR or I2P - this is what
might be interesting to explore (for someone who wants to get their
configuration and thinking hats on).

Cheers
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Zenaan Harkness]

On 4/25/15, goofyzrn...@vfemail.net goofyzrn...@vfemail.net wrote:
 Roger Dingledine:
 And to be clear, I think this is a great trend: we need to make onion
 services easier to understand and more accessible (and faster and more
 robust) for ordinary people, or we'll remain stuck with all the metaphors
 that include the word 'dark'.

 Realizing that there are many different considerations of which I'm
 not aware, (also that this is a feature request of sorts, so please do
 point me in the right direction here) I for one would really like to
 see TBB automatically translate (for example) 3g2upl4pq6kufc4m.onion
 into the human readable DuckDuckGo, perhaps in a similar manner as
 with EV SSL cert's, though perhaps only for location-known and
 the-content-is-legal-everywhere onion services.

 Perhaps some sort of opt-in procedure would be reasonable for those
 high-security-yet-not-location-anonymous onion services who really
 would rather be more easily identified?  That would save the users'
 time of verifying their .onion URL's at least (plus, it could possibly
 decrease any phishing / link-jacking opportunities as well).

Something like
https://gnunet.org/taxonomy/term/34
?

You can run that now.
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Zenaan Harkness]

On 4/24/15, Andreas Krey a.k...@gmx.de wrote:
 On Thu, 23 Apr 2015 11:31:18 +, benjamin barber wrote:
 ...
 ... , and actively
 steering people away from tor, if they are looking for real anonymity or
 security.

 Where do you steer them *to*?

At this point in time, there's no I2PBrowser for example, so TOR is
the only ready option for members of the Crackatinny tribe (from
outbak ya c).

For those with a little willingness to learn, I2P and GNUnet are
IMSEHO (in my so extremely high opinion) worthy of investigation.
GNUnet even has an apt-get installable gui - but I do not yet
understand it's design (haven't gone reading), so cannot speak at all
to it's potential, let alone it's usefulness today.

I2P appears to have a design with some benefits over TOR, although
TOR's current size has (I think) some real benefits too.

Nothing is yet ideal. More love is needed everywhere.

Ideally, start building physical (wireless would be most practical)
'run and control your own personal node and talk to others
individually' independent network, and run I2P or etc on top of that;
see:
https://projectmeshnet.org/

Happy creating :)
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

[Zenaan Harkness]

On 4/24/15, Zenaan Harkness z...@freedbms.net wrote:
 On 4/24/15, Andreas Krey a.k...@gmx.de wrote:
 On Thu, 23 Apr 2015 11:31:18 +, benjamin barber wrote:
 ...
 ... , and actively
 steering people away from tor, if they are looking for real anonymity or
 security.

 Where do you steer them *to*?

 At this point in time, there's no I2PBrowser for example, so TOR is

Correction, Azureus Vuze has both TOR and I2P modules built in, and by
some definitions, Vuze is relatively end user friendly, and an older
but functional version can be installed in Debian using your package
installer of choice.

Vuze provides a SOCKS proxy option with it's I2P module, and a wiki
page on how to configure firefox to send all its DNS queries through
the proxy, see:

https://wiki.vuze.com/w/I2PHelper_HowTo

But I still recommend running your privacy browser in a VM, perhaps
using Whonix.

Happy surfing,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hi!

[Zenaan Harkness]

On 4/8/15, gary02121...@openmailbox.org gary02121...@openmailbox.org wrote:
 How do I anonymize my phone? Yeah I have heard that phones are tracking
 devices. I have to use my phone right now. If I have the money to buy a
 replicant compatible phone, I will. I'm running on Android OS and I as
 much as possible get my apps from F-droid. I rarely get apps from the
 Play Store.

There are so many issues at the moment, not the least of which is you
understand what you mean by anonymizing my phone.

You might start by looking into/ learning about:

- how to load your own operating system (replicant, cyanogen ,ubuntu,
debian, tizen or whatever) onto your phone?

- how phones are tracked?

- what TOR can and cannot provide, even in the best circumstances?

- how to load custom linux kernel firewall rules?

- what is os fingerprinting?

- what is a mobile phone stingray device?

- what is a virtual machine? how to run one?

Wax on, wax off. And good luck :)
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Summer of Privacy

[Zenaan Harkness]

On 4/8/15, Juan juan@gmail.com wrote:
 On Mon, 6 Apr 2015 20:35:44 -0400
 Paul Syverson paul.syver...@nrl.navy.mil wrote:
 More details on the history at
 https://www.acsac.org/2011/program/keynotes/
 I mean we don't need to repeat yet again that tor is a
 project of the US military. As such it doesn't make
 sense for it to be 'decentralized'.
 For the technical reasons behind the degree and nature of
 centralization and decentralization, see the above paper and the Tor
 design paper. Also note that ironically the first few major design
 versions made purely by govt. employees were actually more
 decentralized. E.g. see the above paper, also
 http://www.onion-router.net/Archives/TNG.html
 It was only when we moved to the Tor design, that we moved to being
 a bit less P2P with directory authorities.
   And what point are you making with all that hand waving? 'a bit
   less p2p'? That's some technical language.

Exactly. Appropriate non-technical pseudo summarization. Do you want
the whole bloody paper copied and pasted into the email? I don't - I
appreciate the link, specifically addressing your point, thank you
very much! Have you read it?


 For more technical arguments why this is in practice more secure than
 other designs known at the time see
  http://freehaven.net/anonbib/#danezis-pet2008 and
  http://freehaven.net/anonbib/#entropist
   Even assuming that the central servers are more
   'secure' (although that's vague - more secure for whom
   against what kind of attacks) the fact remains that centralized
   control over the network is something obviously in line with
   the political objectives of your employers.

May be so. And highlighting (your) concerns is a good thing. As I've
pointed out before, if I were actually in need of some level of
anonymity/security on the internet, and I were a newbie, I would be
very appreciative of your vehement notes of caution.

BUT, the TOR guys do have many published papers on many aspects of
TORs design over the years (I've even read a few of them) and they
describe why they've made certain of the technical decisions they've
made - eg centralization vs decentralization (or a bit less p2p)).

Juan what I would like to see from your passionate desire to
communicate caution and sanity (which I really appreciate) is for you
to temper your passionate communication by, for example taking a key
technical point written about in a paper linked such as in the very
links put to you (us) here and respond in a technically meaningful
way.

I accept your notes of caution, I really do. I even appreciate them. I
think your repetition (to a degree) is acceptable. But I do not accept
-your- handwaving, especially in the light of calling out the TOR
technical foundation design documents as handwaving. Not cool.

 But by all means please continue justifying everything you say based
 on what you tenaciously are sure some large organizations must intend
   Is your contention that your employers don't have any purpose
   at all?  Or that the government responsible for a global
   surveillance system (among many other sick crimes) also pays you
   to counter them? lol

   See, you can play that game only so far. You can pretend to be a
   'technician' who knows nothing about politics only so far.

Juan, the game goes both ways. You know that as well as anyone here.

No one could dispute that analysing the intent of all players involved
is a good thing to do. In fact, as you rightly point out, an
especially important thing to do in this TOR ('freedom communication
tech') environment.

Likewise, no one can dispute that (and the relevant people agree that)
some technical and other questions simply cannot be answered. We
cannot work in an idealised world, we must work in the world we live
in.

I intuit that your primary point is that the TOR devs ought
acknowledge we can only do so much, we can only program within the
limitations of the greater environment which includes problems a, b
and c, and there are potential or real conflicts of interest due to
funding sources, etc, etc.

Frankly, I see the TOR guys acknowledge all of this.


   On the other hand I do realize that you are just playing a part
   here, for your audience of lackeys.

Juan, here is a classic statement which says nothing. On the other
hand, it implies caution is warranted.

Also, the concept of troll fishing can be taken as far you choose,
of course - that is, try to expose they who you might  consider to
ultimatly be trolls (individuals with bad intent), by continually
bating and fishing for such.

It gets a little tiresome, but from a cold hard lets do the best we
can by all newbies perspective, I can't really fault you. That is,
putting up with tiresome is better than the alternative.


   By the way, have you and your friends received any national
   security letter lately?

Getting a TOR dev canary thing happen would, I say, be 

Re: [tor-talk] Tor Summer of Privacy

[Zenaan Harkness]

On 4/8/15, Speak Freely when2plus2...@riseup.net wrote:
 Holy fuck you're still talking? Give it a rest buddy.

Gold! Absolute gold.

We do have freedom of speech, at least to this limited degree. I am grateful.

Thanks all, and keep it up eh,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Summer of Privacy

[Zenaan Harkness]

On 4/7/15, Moritz Bartl mor...@torservers.net wrote:
 On 04/06/2015 05:44 AM, Juan wrote:
  I doubt that's something the US military is going to favor. I'm
  guessing that having a bunch of 'directory authorities' under
  their full control was one of the basic design requirements.

 This is bullshit. I don't even know why I am replying to this, but you
 better make your homework before you make stupid accusations like that
 and embarrass yourself.

Thank you for spending that moment to reply.

Regards
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Summer of Privacy

[Zenaan Harkness]

On 4/6/15, Juan juan@gmail.com wrote:
 On Mon, 6 Apr 2015 12:51:31 +1000
 Zenaan Harkness z...@freedbms.net wrote:

 - full decentralization model for TOR

   I doubt that's something the US military is going to favor. I'm

I too seriously doubt that.

   guessing that having a bunch of 'directory authorities' under
   their full control was one of the basic design requirements.

Well, I haven't read a lot, but I think there was this history of TOR
where a couple of blokes did what made most sense to them at the time,
and the government (I would attribute opportunistically) chose to
fund that.

Pro-actively supporting/funding those technologies which are useful to
big-govt-self, in this case TOR, could be attributed as having malice,
but I tend to the schizophrenic nature/ conflicting interests side
of the debate.

Notwithstanding, TSOC is a prime opportunity, Juan (hint hint, nudge
nudge) to verify or otherwise disprove your primary intent is one of
malice position - if a well-written design document (including an
as-yet-unsolved trust model which you magically solve) for dir-auth
de-centralization gets rejected for a couple years in a row, your
hypothesis is then proven, and we'd all have a wonderful data point on
the evil-ness of the TOR-backers-and-string-pullers.

Until then, I do (hint hint, nudge nudge), encourage you to write up
your TSOC project proposal :) :)

Please. Please do. Please pretty please with cherries on top please?


   On a somewhat related note, has google or any other big and
   corrupt american organization pretending to care about 'freedom'

Unrelated to but prompted by your question, I assert the following:
Google, (and I think TOR) started as a hacker- or uni- sponsored
let's try this concept project.

Ie, started by one or a few hackers with a great idea and usually
spouting (and I use the word spouting here intentionally) good and
magnanimous intentions (eg Google's do no evil as they used to say).

Concept works, within its parameters.

Concept takes off due to overwhelming (yet relative) effectiveness
(within its parameters) as  compared with existing 'solutions' for the
problem domain.

Funding offers comes in, with prerequisite of diluting ownership, and
most significantly, diluting control.

The hackers (fellow humans I do note), take the money, dilute their
ownership, and (most significantly) dilute their control. The
share-sale contract, at this stage usually private (I'm thinking
google and most startups here), usually carries condition(s) that
further funding be accepted, or at least, more of the same happens, in
particular with the IPO. Now there are shareholders. These
shareholders are superannuation hedge-funds, government bodies
(through proxies) such as the NSA, FBI etc, and more similarly-good
goodness (please note facetious tone at this point in my typing).

If the original developers/ controllers of the new-fangled concept
didn't lose control in the first round(s) of funding, they certainly
do at the IPO stage.

Basically, most humans take the money and run.

I.e., most humans are greedy, and put their personal wealth ahead of principle.

Thus becoming a large company carries with it:
- personal cashing out of the founders;
- the sociopathic nature of companies;
- diluted control;
- control of said company through acts of government;
- control by those with the most money (to buy the shares, or to have
enough group- or individual share-voting control to put in place
chosen sock-puppets (evil doers) at the helm of said companies;
- concentrated control in the hands of those entities which act
sociopathically (shed a tear, I do);

If one or more of the founders continue at the helm of such
sociopathic-by-nature-and-by-founding-constitution entities, then it
can be reasonably inferred that such founders are inherently with that
same nature;

witness the nature of humans; the five passions, the seven deadly
sins, a rose is a rose by any cow pat you see.

So for the thinking man (man in the generic sense, including woman,
but in particular, being s/he who has come of age within themselves,
which is different to actual physical age), what to do?

If we want a better future in 30 years, how can we achieve that?

Public statements of commitment to do no evil (does google even
pretend to say that any more at a corporate slogan level?), evidence
possible underlying good intention.

What is the next step?

Bind oneself (oh ye powerful tech hacker for freedom) to make no
compromise of means, for any purported ends.

Here is one example from which I draw some limited personal inspiration:
http://www.theguardian.com/commentisfree/2014/may/20/why-did-lavabit-shut-down-snowden-email

That's a tough road to hoe though. I say it's the only road worth
walking. I wish there were more. Often I experience emotional
satisfaction from the enslavement of humans - when so many fall, fail
to act in interests beyond self, I see that the way things

Re: [tor-talk] Tor Summer of Privacy

[Zenaan Harkness]

On 4/6/15, Zenaan Harkness z...@freedbms.net wrote:
 On 4/6/15, Juan juan@gmail.com wrote:

 Until then, I do (hint hint, nudge nudge), encourage you to write up
 your TSOC project proposal :) :)

The point being, a project proposal, for others to take by the horns,
unless of course you yourself actually wanted to be the TSOC
candidate, but that's by the by.

Cheeers
Z
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Summer of Privacy

[Zenaan Harkness]

On 4/6/15, Juan juan@gmail.com wrote:
 On Sun, 5 Apr 2015 18:25:59 -0700
 Damian Johnson ata...@torproject.org wrote:
 Thanks to Google,
   http://www.wikileaks.org/Op-ed-Google-and-the-NSA-Who-s.html

 //rest of establishment vomit snipped

Ahh, Juan, dear Juan - a breath of fresh air from you again. I do hope
you never cease to be you :)

Perhaps, on another similarly subtle and constructive note, those who
are passionate about achieving some sort of genuine online anonymity
and/ or effective presence,
cough caugh hint hint Juan Juan/ smiley,
could not only suggest but bullet-point and flesh out some TSOC
potential projects, like say:
- full decentralization model for TOR
- seamless and sane integration with I2P
- new-user documentation strong points
- modular get-off-TOR-forever migration plan for Juan

... or like, whatever :D
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] rant - just want a bit of music

[Zenaan Harkness]

I am presently in New Zealand, and when I try to view in firefox or
download with youtube-dl, some a Capella music, half the time I get a
message from Google saying SME (Sony Music Entertainment) has blocked
this track in my country. Surely solving the ready-access to censored
content problem would be a good start for our freedom lovin'
community?

Example a capella failures to download:
$ youtube-dl 
'https://www.youtube.com/watch?v=Toga5cWRi0klist=PLBCnvBvQEJRpdirUvR1CKLMhESI7whlWM'
-i
[youtube:playlist] Downloading playlist
PLBCnvBvQEJRpdirUvR1CKLMhESI7whlWM - add --no-playlist to just
download video Toga5cWRi0k
[youtube:playlist] PLBCnvBvQEJRpdirUvR1CKLMhESI7whlWM: Downloading webpage
[download] Downloading playlist: Top Tracks for Street Corner Symphony
[youtube:playlist] playlist Top Tracks for Street Corner Symphony:
Collected 13 video ids (downloading 13 of them)
[download] Downloading video 1 of 13
[youtube] Toga5cWRi0k: Downloading webpage
[youtube] Toga5cWRi0k: Extracting video information
[youtube] Toga5cWRi0k: Downloading DASH manifest
[download] Street Corner Symphony - Hallelujah (Live)-Toga5cWRi0k.mp4
has already been downloaded
[download] 100% of 80.02MiB
[download] Downloading video 2 of 13
[youtube] EZYN2o1tsIA: Downloading webpage
[youtube] EZYN2o1tsIA: Downloading video info webpage
ERROR: EZYN2o1tsIA: YouTube said: This video contains content from
SME, who has blocked it in your country on copyright grounds.
[download] Downloading video 3 of 13
[youtube] xzF4IS1Vwac: Downloading webpage
[youtube] xzF4IS1Vwac: Extracting video information
[youtube] xzF4IS1Vwac: Downloading DASH manifest
[download] Destination: Drift Away - Street Corner Symphony-xzF4IS1Vwac.mp4
[download] 100% of 26.96MiB in 09:32
[download] Downloading video 4 of 13
[youtube] QV1Vq2kqDNw: Downloading webpage
[youtube] QV1Vq2kqDNw: Downloading video info webpage
ERROR: QV1Vq2kqDNw: YouTube said: This video contains content from
SME, who has blocked it in your country on copyright grounds.
[download] Downloading video 5 of 13
[youtube] hBEuZappnAk: Downloading webpage
[youtube] hBEuZappnAk: Extracting video information
[youtube] hBEuZappnAk: Downloading DASH manifest
[download] Destination: World To Me - Street Corner Symphony-hBEuZappnAk.mp4
[download] 100% of 26.69MiB in 09:27
[download] Downloading video 6 of 13
[youtube] EZmUCmRSvO0: Downloading webpage
[youtube] EZmUCmRSvO0: Downloading video info webpage
ERROR: EZmUCmRSvO0: YouTube said: This video contains content from
SME, who has blocked it in your country on copyright grounds.
[download] Downloading video 7 of 13
[youtube] pGrxy72nxo0: Downloading webpage
[youtube] pGrxy72nxo0: Downloading video info webpage
ERROR: pGrxy72nxo0: YouTube said: This video contains content from
SME, who has blocked it in your country on copyright grounds.
[download] Downloading video 8 of 13
[youtube] PJAfoSsZgY8: Downloading webpage
[youtube] PJAfoSsZgY8: Downloading video info webpage
ERROR: PJAfoSsZgY8: YouTube said: This video contains content from
SME, who has blocked it in your country on copyright grounds.
[download] Downloading video 9 of 13
[youtube] 8H7A5UhR7Vw: Downloading webpage
[youtube] 8H7A5UhR7Vw: Extracting video information
[youtube] 8H7A5UhR7Vw: Downloading DASH manifest
[download] Destination: Most of It - Street Corner Symphony (Original)
- A cappella-8H7A5UhR7Vw.mp4
[download] 100% of 44.23MiB in 15:39
[download] Downloading video 10 of 13
[youtube] v197cMu4D8Y: Downloading webpage
[youtube] v197cMu4D8Y: Extracting video information
[youtube] v197cMu4D8Y: Downloading DASH manifest
[download] Destination: Streetcorner Symphony - Eleanor
Rigby_Help!_Hey Jude - Live 1_26_11-v197cMu4D8Y.mp4
[download] 100% of 16.13MiB in 05:42
[download] Downloading video 11 of 13
[youtube] xYyl1ZjzKzM: Downloading webpage
[youtube] xYyl1ZjzKzM: Downloading video info webpage
ERROR: xYyl1ZjzKzM: YouTube said: This video contains content from
SME, who has blocked it in your country on copyright grounds.
[download] Downloading video 12 of 13
[youtube] ZBKtYAZ4UGo: Downloading webpage
[youtube] ZBKtYAZ4UGo: Extracting video information
[youtube] ZBKtYAZ4UGo: Downloading DASH manifest
[download] Destination: Dead Man's Will (lyrics)- Street Corner
Symhony.wmv-ZBKtYAZ4UGo.mp4
[download] 100% of 3.26MiB in 01:09
[download] Downloading video 13 of 13
[youtube] nz1VSUoeUaU: Downloading webpage
[youtube] nz1VSUoeUaU: Downloading video info webpage
ERROR: nz1VSUoeUaU: YouTube said: This video contains content from
SME, who has blocked it in your country on copyright grounds.

More than half of this group's vocal performances are blocked!!

We need some sort of bit-torrent for censored youtubes, where those
who've already downloaded a youtube file, can automatically make it
available to others - this could also speed up download perhaps,
taking a load off those poor overworked google servers...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other 

Re: [tor-talk] Hi!

[Zenaan Harkness]

On 4/5/15, goofyzrn...@vfemail.net goofyzrn...@vfemail.net wrote:
 gary02121993,
 Perhaps the relationships between the various legal definitions of
 'malice' and 'restraint' would be somewhat instructive?

Touche :)
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hi!

[Zenaan Harkness]

On 4/4/15, blo...@openmailbox.org blo...@openmailbox.org wrote:
 On 2015-04-03 20:13, Alexis Wattel wrote:
 Sure! Glad to help!
 PS. I know this is vague but please ask away for anything you guys are
 not clear about or something.
 Malicious uses of Tor include child raping through the use of an
 anonymising onion condom.
 This is not funny. I was raped by Tor condom last year and now I am
 totally fucked up. I go mad and do crazy shit. My mom is so upset with
 Tor. She sued for 1 billion dollars but the Tor people are really well
 connected. They are evil and worship Satan.

I think they are called the Illuminetti. I've heard lots of
conspiracies about them. Pretty bad stuff indeed.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hi!

[Zenaan Harkness]

On 4/5/15, luis lu...@riseup.net wrote:
 On 04/04/2015 11:30 PM, Zenaan Harkness wrote:
 On 4/4/15, blo...@openmailbox.org blo...@openmailbox.org wrote:
 On 2015-04-03 20:13, Alexis Wattel wrote:
 Sure! Glad to help!
 PS. I know this is vague but please ask away for anything you guys are
 not clear about or something.
 Malicious uses of Tor include child raping through the use of an
 anonymising onion condom.
 This is not funny. I was raped by Tor condom last year and now I am
 totally fucked up. I go mad and do crazy shit. My mom is so upset with
 Tor. She sued for 1 billion dollars but the Tor people are really well
 connected. They are evil and worship Satan.

 I think they are called the Illuminetti. I've heard lots of
 conspiracies about them. Pretty bad stuff indeed.

 Curse those Tor people! I bet they know who killed Tupac!

SHHH!!! You broke the first rule - even knowing that they know is too
much information to give away.

Whoops - I just gave away another rule. Dang!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Why corrupt government officials blah blah bleh blah

[Zenaan Harkness]

On 3/9/15, Travis Bean tlb...@tlbean.com wrote:
 On 03/07/2015 08:37 PM, Zenaan Harkness wrote:
 On 3/8/15, Travis Bean tlb...@tlbean.com wrote:
 ...
 What I have for download on my website, especially the version for
 Linux, makes it very simple for an individual with zero computer
 knowledge

 My mom showed me how ta turn it on, but I might need some help with
 that step next time tha power goes out, cause there were a few steps,
 and it seems a bit complicated for me. She said it was more secure if
 it didn't come on automatically.

 Is this enough computer knowledge?


 to setup a high-security, military-grade

 Awesome!

 I'm sold! Tell me more - I turned my computer on again, but
 something's not right since the screen seems black to me, but it could
 be my eyes.

 Is there something I'm doing wrong?


 communications system
 in a matter of minutes. This takes hour on end for someone who is not
 familiar with Linux and not an expert in computer security.

 Well it's been an hour, and my computer screen is still black. I'm
 pretty sure I'm doin somthing wrong...


 Zenaan Harkness, you are being given fair warning! I suggest you stop
 with the condescending B.S. while you are still ahead. You and your
 cohorts from the UK will be subjected to a defamation lawsuit if you
 keep it up. Any further B.S. from any wacko from the UK will be pursued
 very vigorously. This include any further libelous statements from those
 of you on this mailing list who have made threatening, derogatory,
 libelous remarks towards me that will be prosecuted to the fullest
 extent of the law!

Travis (if that be your real name), I applaud your passion and conviction.

If you are truly a supporter of freedom, then you will find like minds
around here.

BUT, you have not heard my response to you in the light it was
intended, your rashness appears to lead you to attack when you might
consider thanking, and the responses around here are mostly
considerate and caring - please consider doing likewise.

I know as well as I hope you do, that there is a lot of crap going on
in the world at the moment and our fundamental human rights are well
and truly under attack. Most humans (since I know nearly all of them
:D) appear on the surface to be not deserving of freedom. The
consequence of mass (semi?) willful ignorance has to be enslavement
and human microchipping looks like the end game (book of Revelation
for any biblical-foiled hatters around) - that vision is not a world I
wish to have.

In the meantime, read between the lines. If you believe in yourself
and have a vision you hold as worthy of manifesting, take the
constructive criticisms on board, rather than lash out at those who
are trying to assist. Every tool has its purpose, and that includes
sarcasm.

Good luck,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Why corrupt government officials blah blah bleh blah

[Zenaan Harkness]

On 3/8/15, Travis Bean tlb...@tlbean.com wrote:
...
 What I have for download on my website, especially the version for
 Linux, makes it very simple for an individual with zero computer
 knowledge

My mom showed me how ta turn it on, but I might need some help with
that step next time tha power goes out, cause there were a few steps,
and it seems a bit complicated for me. She said it was more secure if
it didn't come on automatically.

Is this enough computer knowledge?


 to setup a high-security, military-grade

Awesome!

I'm sold! Tell me more - I turned my computer on again, but
something's not right since the screen seems black to me, but it could
be my eyes.

Is there something I'm doing wrong?


 communications system
 in a matter of minutes. This takes hour on end for someone who is not
 familiar with Linux and not an expert in computer security.

Well it's been an hour, and my computer screen is still black. I'm
pretty sure I'm doin somthing wrong...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor as a network filter

[Zenaan Harkness]

On 2/8/15, spencer...@openmailbox.org spencer...@openmailbox.org wrote:
 Can Tor be used as a system-wide network filter?

 Wordlife,
 SpencerOne

Some questions belie a lack of understanding of Tor, and/ or a lack of
understanding of your own question.

This is possibly one of those times.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Confidant Mail

[Zenaan Harkness]

On 2/4/15, Mike Ingle m...@confidantmail.org wrote:
 On 2/3/2015 10:31 AM, Kevin wrote:
 On 2/3/2015 12:33 PM, krishna e bera wrote:
 On 15-02-02 09:57 PM, Mike Ingle wrote:
 http://www.confidantmail.org
 Mike Ingle m...@confidantmail.org
 d2b89e6f95e72e26e0c917d02d1847dfecfcd0c2
 I am curious why someone delivering security and privacy software does
 not have HTTPS on their webserver.  Also what is that string after your
 email address for?

 That string looks like a key

 That string is indeed a key. The format is Name email keyid
 and you can search for either the name or the keyid to find someone's
 key. If you search for the keyid
 you know you have the right key. If you search for the name, you have to
 verify the keyid somehow.

If this is a 'general protocol' type of thing (email), is there any
sense in having say a key prefix or namespace of some sort, so that
confindant mail keys aren't mixed up with tox keys etc?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor - VPN Clarification

[Zenaan Harkness]

On 2/2/15, Joe Btfsplk joebtfs...@gmx.com wrote:
 On 2/1/2015 4:11 AM, Bill Berry wrote:
 My take (on his take :) ) was that;

 a) trusting a VPN for security is a bad idea because no VPN operator is
 going to go to jail for you (see HideMyAss and Sabu etc)
 More details about the reference to HideMyAss  Sabu, Re: them not going
 to jail for users?

 This VPN  Tor (or Tor  VPN) subject - and its discussion here has
 become complex.
 Maybe too complex for all but a handful of folks?

 Does Tor Project or sources they recommend (trust) have more down to
 Earth guides to If, when, where, how - of using VPN  Tor?

I agree that the descriptions / ascii arts are probably not up to
scratch at this point.

Let's create some diagrams so we can talk about scenarios (this is
just a rough crack at it, please modify/ fix as needed):

vpn = virtual private network
vps = virtual private server
www = destination website/ public internet service
tor hs = tor hidden service
tbb = tor browser bundle
| = or

**) vpn then tor:
browser
 - vpn proxy - VPN - tor proxy - TOR
 - www | tor hs

where:
 TOR = tor entry - tor mid - tor exit

and where:
 VPN = vpn client - local isp - vps/vpn isp
- vps/ mixnet - vpn server/ exit node

The vpn client could be ssh, and vpn server sshd.
Alternatively the JAP client and JAP's backend, etc.

If you run an ssh vpn, say on a vps, then your tor proxy can run on that vps.

This is not recommended.

Although it gives some privacy against your local isp, you would need
to trust your vps isp (assuming you are running your own vps, for your
ssh based vpn) - not recommended since the vps isp will generally have
full root access to your vps (at least to the disk image/ files).

(The terminology here might need to be improved - tor proxy might not
be the right term?)


**) tor through vpn:
browser
 - tor proxy - vpn proxy - VPN - TOR
 - www | tor hs

This is better, since tor is running on top of or through the vpn.
The vps (or vpn mixnet) can still see that you are accessing the tor
network, but at least your local isp cannot (you get some local
privacy, only seeing you running ssh).

(BTW, why is ssh visible at all - surely there is a protocol to set
up an encrypted link, in full privacy? - should be a separate thread
though.)


**) vpn through tor:
browser
 - vpn proxy - tor proxy - TOR
 - VPN - www

Here your local isp might know that you're running tor, but not what
you are accessing (a vpn).

The vpn isp/provider will know (if they want to) what website you're
accessing, assuming they know it's your vpn account (or your vps).

So the only way this would be useful for much is if you don't need
much in the way of privacy/ anonymity against your vpn provider (in
which case, why bother), or your vpn is anonymous (ie the talk about
paying for your vpn/vps with bitcoin).

Also in this scenario, any Tor HS access would not get to your vpn at
all (if you're lucky :)

Good luck,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor - VPN Clarification

[Zenaan Harkness]

On 2/2/15, Joe Btfsplk joebtfs...@gmx.com wrote:
 On 2/1/2015 4:17 PM, Zenaan Harkness wrote:
 Good luck, Zenaan
 Thanks Zenaan, for detailed reply.
 Knowing that this is  only a mailing list - not a Tor or VPN wiki, your
 diagrams  scenarios further show (to me) how complex these issues are.

Indeed they are.


 In spite of your  some others' excellent attempts, it may be so complex
 that unless one is already an expert, mailing list answers won't be
 enough to educate most users.
 Meaning, properly educating users  on Tor (TBB) and VPNs - or anything
 else -  to boost TBB's resistance against more powerful adversaries.

 It may be that for now, Tor Project doesn't suggest using anything like
 VPNs?

If you don't feel competent setting up sshd and ssh tunneling say, or
managing the security updates for your own virtual private server, or
customizing your firewall and TOR configuration so you are certain
about what's travelling through what and across what, then yes, you
are likely to shoot yourself in the foot and is better to just use TBB
or whonix/ tails etc.

And unfortunately yes, there's no simple way to say just do this
extra step and get extra privacy or anonymity or safety - if there
were, it would be in the Tor FAQ, which you have read haven't you?

That FAQ -does- have some hints about next steps you might consider
taking to improve the ecosystem.

I suggest small(ish) steps and getting comfortable with each step as
you go. Just running VirtualBox may be a significant step for you, if
you have not done that before.

Good luck,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor and solidarity against online harassment

[Zenaan Harkness]

 I was interested in hearing what he had to say. You folks may argue
 against him/her but it seems to me he had some valid points though the
 poster probably knows that no one will listen to his frustration.

 Juan's voice is an important voice, as he is hard-core BE CAREFUL,
 and this is a very good thing for anyone who might genuinely -need-
 privacy in their communications, against USA Corp.

 Upon reflection, I totally agree. And I apologize to Juan for being mean
 and dismissive.

 In particular, a healthy (very healthy :)  paranoia enema is important
 for some people. And if a newcomer comes to this list genuinely
 needing privacy, and everyone speaks TOR is, OMG, like s awesome,
 it's just the greatest privacy for everyone, then that newcomer is
 likely to guarantee themselves a serious problem.

 Indeed. In that regard, I am most troubled by the Tor browser.

 So caution, paranoia, attention to detail, proper assessment of the
 risks and technical foundations/ requirements/ possibilities of what
 TOR can, and more importantly cannot provide, is (in such
 circumstances) of utmost importance.

 Yes. I write a lot about such matters.

 However, as Jonathan Wilkes noted yesterday, there's a risk of
 frightening away users and potential relay operators. For better or
 worse, Tor is the best low-latency anonymity network around. In the
 short term at least, hurting Tor benefits many enemies of freedom.

Educating new users must not be allowed to be seen the same as
hurting tor, I'm sure Juan would agree here.

Hurting tor might not be the best term, but perhaps we can say
'scare-mongering' may cause potential users to run away, thereby
reducing our community, and that this is undesirable; I'd hope Juan
would agree with this.

But I have to agree that whenever we see omg tor is so ponies and
freedom, that Juan's voice of whoah, slow the fuck down guys, Tor
and TBB cannot save you from nation-state monitoring, and make sure
you're aware of potential problems a b and c is much better than no
genuine voice of caution.

And I have to say - every newcomer that appears here, must be the
beneficiary of our best efforts in communication, for we simply cannot
know if -this-particular- newbie is in need of the most careful advice
to be cautious or not.

So -because- Tor is the currently most viable privacy of some level/
some sort newtwork today, we particularly owe it to be diligent and
-never- fail to impress upon newcomers what they may need to keep in
their minds.


 There is no question that Tor was developed for the US military. And the
 Tor Project is still funded largely (and for argument sake, entirely) by
 the US government. But even so, I've seen no credible evidence that Tor
 is backdoored or intentionally vulnerable.

 It is true that Tor's threat model explicitly excludes global
 adversaries, who can break anonymity by correlating entry and exit
 traffic. It's also true that some proposed low-latency anonymity
 networks may resist traffic analysis far better than Tor does. However,
 these are highly technical matters, and there is much room for debate. I
 am by no means qualified to have an opinion on the merits.

 One might argue that the US government funding gives Tor an unwarranted
 advantage, or even that it suppresses work on alternatives. As paranoid
 as I am, that seems unworkable. But of course, I defer to evidence.

Mirimir, your words in this email might make a good start for a Quick
educational caution which newcomers ought be pointed to, say on the
tp.o wiki.

To help those who need it stay as safe as might be needed and/ or
possible, certainly requires helping them, as early as possible,
framing a mindset and certain understandings. Perhaps we can do better
on this front.

Over to others,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor and solidarity against online harassment

[Zenaan Harkness]

On 12/16/14, Juan juan@gmail.com wrote:
   And, newcomers, who aren't likely to know too much about
   security take a look at

   https://www.torproject.org/

   and see

   Defend yourself against network surveillance and traffic
   analysis.

   Traffic analysis? That's exactly what tor cannot prevent
   depending on who is doing the analysis.

I agree, what you say ought be in that New user alerts and warnings/
introduction page, in a suitably concise form of course...
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor and solidarity against online harassment

[Zenaan Harkness]

On 12/14/14, andr...@fastmail.fm andr...@fastmail.fm wrote:
 On Sat, Dec 13, 2014, at 03:30 AM, kendrick eastes wrote:
 dont feed the troll. If you ignore them they go away faster.

 I was interested in hearing what he had to say. You folks may argue
 against him/her but it seems to me he had some valid points though the
 poster probably knows that no one will listen to his frustration.

Juan's voice is an important voice, as he is hard-core BE CAREFUL,
and this is a very good thing for anyone who might genuinely -need-
privacy in their communications, against USA Corp.

In particular, a healthy (very healthy :)  paranoia enema is important
for some people. And if a newcomer comes to this list genuinely
needing privacy, and everyone speaks TOR is, OMG, like s awesome,
it's just the greatest privacy for everyone, then that newcomer is
likely to guarantee themselves a serious problem.

So caution, paranoia, attention to detail, proper assessment of the
risks and technical foundations/ requirements/ possibilities of what
TOR can, and more importantly cannot provide, is (in such
circumstances) of utmost importance.

On the other hand, for those on this list for some time, the old
refrain becomes, well, an old refrain.

If I personally were in a position to need some level of privacy in my
online communications, I would be -very- grateful for Juan's voice of
caution, no matter that I might disagree with some (or even many/most)
of his points in particular.

His message of caution is so much more the important thing here, in my
so very high opinion :)

Stay safe if you need it,
Zenaan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Operation Onymous against hidden services, most DarkNet markets are down

[Zenaan Harkness]

On 11/8/14, Derric Atzrott datzr...@alizeepathology.com wrote:
 obvious cointelpro:

 Could you please stop calling people that. Its rude.

As rude as it may be, is it wise to keep people alert and on their
toes, rather than lolled into a false sense of 'perceived security'?

Think if you yourself had 'something important' to communicate with
the world, and you came here and everyone patted everyone else on the
back and agreed that a Tor HS would provide all you need and implied
that everyone on this list can be trusted - is how you'd like to be
treated?

I'd rather stay paranoid and safe.

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Operation Onymous against hidden services, most DarkNet markets are down

[Zenaan Harkness]

On 11/8/14, Zenaan Harkness z...@freedbms.net wrote:
 On 11/8/14, Derric Atzrott datzr...@alizeepathology.com wrote:
 obvious cointelpro:

 Could you please stop calling people that. Its rude.

 As rude as it may be, is it wise to keep people alert and on their
 toes, rather than lolled into a false sense of 'perceived security'?

 Think if you yourself had 'something important' to communicate with
 the world, and you came here and everyone patted everyone else on the
 back and agreed that a Tor HS would provide all you need and implied
 that everyone on this list can be trusted - is how you'd like to be
 treated?

 I'd rather stay paranoid and safe.
 s/safe/possibly a bit safer/

:/

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] TBB 4.0 allowing scripts globally

[Zenaan Harkness]

On 10/29/14, Moritz Bartl mor...@torservers.net wrote:
 On 10/29/2014 09:54 AM, C B wrote:
 I was shocked to see when I upgraded to 4.0 that scripts were allowed
 globally. How did that happen? Pardon me if this has already been
 discussed.

 There has not been a release of TBB that had scripting disabled.

 https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled

See also:
https://trac.torproject.org/projects/tor/ticket/3007

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Bitcoin over Tor isn’t a good idea (Alex Biryukov / Ivan Pustogarov story)

[Zenaan Harkness]

On 10/28/14, s7r s...@sky-ip.org wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Seth,

 Totally agree about undermining decentralization by having to trust a
 single provider. Nobody recommended that, the addresses were for
 informative purpose only, to be used in parallel with other nodes run
 by other operators / organizations. No user is forced to use
 exclusively peers run by the same operator. An user is free to add as
 many hidden nodes for bootstrapping as desired.  Once connected to a
 node that node will exchange information about other nodes and so on.

 I agree the hidden services are old. There is a nice proposal,
 hopefully it will be analyzed more and implemented as soon as possible.

Do you have a link to what you are thinking of?

What comes to my mind just now is DJB's black box (i.e. make it
simple for the developer to do the right thing):
http://nacl.cr.yp.to/
http://rdist.root.org/2009/07/14/nacl-djbs-new-crypto-library/

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] updating Tor

[Zenaan Harkness]

On 10/19/14, Lunar lu...@torproject.org wrote:
 Hartmut Haase:
 how do I update Tor in Linux without loosing my data? InWin7 it is quite
 easy.

 Tor Browser 4.0 now contains an automated upgrade system. To start the
 update, go to the Help menu, open About Tor Browser. If there's an
 upgrade available, there will be a button right there.

Some of us support/admin more than one computer of the same OS.
Does this TBB 4.0 upgrade-with-state function, support offline upgrade
on Debian GNU/Linux - ie download installer, save somewhere, and
update an existing TBB installation, maintaining state (eg guard node,
bookmarks)?

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] List Administrivia

[Zenaan Harkness]

Some people are genuinely naive on a topic, yet get overly
enthusiastic about $RANDOM_IDEA that they have, then share it
immediately with the world.

Yes, it's very close to spam, but just in case the author of it was
just misguided, yet good hearted:
Ben,
go do a _lot_ of reading. Crypto, as in good crypto, is hard. It's
conceptually mind bending at times, and mathematically challenging all
the time.

I profess to know not much of anything about good crypto - I don't
know much at all anyway. There's kernelnewbies.org for os kernels, and
I am not aware of something similar for crypto newbies.

May be go read the TrueCrypt manual and the GnuPG manual, and then
keep reading elsewhere.

And remember boys and girls, excitement != validity!
Zenaan


On 10/15/14, grarpamp grarp...@gmail.com wrote:
 Time to block this rambling spam. Thanks.

 On Mon, Oct 13, 2014 at 7:17 PM, Ben Healey chewy0...@hotmail.com
 wrote:
 Here's some thought I had.

 Physical Digital Encryption
...

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] How does Tor help abuse victims?

[Zenaan Harkness]

On 10/7/14, gary...@safe-mail.net gary...@safe-mail.net wrote:
 The reason people find problems with Tor is because the importance of
 privacy is hidden in a mystery. Most people don't understand the reason Tor
 exist so, how can they judge it?

Ack!

And unfortunately some people get defensive about privacy - as though
we don't have the right to privacy (in general), just as some people
say road tolls, having to pay to travel on public roads, is somehow
not related to our right to travel, or that our right to travel freely
does not exist.

I don't have to be doing anything wrong to want my privacy.

99 instances of individual abuse of a right, in no way removes the right!

The right is inalienable ...


 The problem is that it's easier to focus on
 evil than it is to focus on good. The good Tor offers is much weightier than
 the bad. The good is harder to see because it's not as tangible as the bad.
 For those that understand the details behind the importance of privacy, the
 good is much weightier than the bad. This is just a matter of truly
 understanding the problem Tor was designed to handle. Can the people finding
 problems with Tor correctly describe problem Tor was designed to handle?

Ack, ack, and ack again.


  Original Message 
 From: grarpamp grarp...@gmail.com
 Apparently from: tor-talk-boun...@lists.torproject.org
 To: tor-talk@lists.torproject.org
 Subject: Re: [tor-talk] How does Tor help abuse victims?
 Date: Mon, 6 Oct 2014 17:12:09 -0400

 On Thu, Oct 2, 2014 at 3:39 PM, z9wahqvh z9wah...@gmail.com wrote:
  On 2014-10-01 13:20, Sebastian G. bastik.tor wrote:

  the abuser ... he/she (mostly he)

 Abuse knows no such boundaries, only statistics.

  The people I work with are writing about Tor, and so far, the negatives
  keep far outweighing the positives, meaning that the ultimate analysis
  is
  likely to draw negative conclusions.

 That's because that's what they've grown and wish to see and report,
 particularly in the news for ratings, and in negative politics.
 Tor and the like are merely tools. As with statistics, sometimes
 and with some subjects, you will be hard pressed to find the
 alternative evidence you seek... daylight carries risk to good as
 well. Yet if you can imagine it, it's there. Blue pill, red pill...
 free your mind... whole new worlds of usage will open up. That's
 where the oppurtunity for unique ratings worthy analysis, reporting,
 and policy making resides.

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] How does Tor help abuse victims?

[Zenaan Harkness]

On 10/7/14, Mirimir miri...@riseup.net wrote:
 On 10/06/2014 04:43 PM, gary...@safe-mail.net wrote:
 The reason people find problems with Tor is because the importance of
 privacy is hidden in a mystery. Most people don't understand the
 reason Tor exist so, how can they judge it? The problem is that it's
 easier to focus on evil than it is to focus on good. The good Tor
 offers is much weightier than the bad. The good is harder to see
 because it's not as tangible as the bad. For those that understand
 the details behind the importance of privacy, the good is much
 weightier than the bad. This is just a matter of truly understanding
 the problem Tor was designed to handle. Can the people finding
 problems with Tor correctly describe problem Tor was designed to
 handle?

 Some of them understand all too well, I think. What they actually oppose
 are freedom and the right to privacy. The evil users that they focus
 on are just strawmen. They embody the problem [that] Tor was designed
 to handle.

For those opposed to the right to privacy, privacy -is- the problem.

There are (gasp) those who would give up liberty (or rather, have
others give up their liberty), in order to (attempt to, but ultimately
fail to) control so-called liberty abusers.

'Give up freedom for safety, and you will lose both' as the saying goes.

Applicable regardless of the right chosen to discuss/think about:
speech/ expression, movement/travel, learning/reading, defence/bearing
arms, etc etc.

Zenaan


  Original Message  From: grarpamp
 grarp...@gmail.com Apparently from:
 tor-talk-boun...@lists.torproject.org To:
 tor-talk@lists.torproject.org Subject: Re: [tor-talk] How does Tor
 help abuse victims? Date: Mon, 6 Oct 2014 17:12:09 -0400

 On Thu, Oct 2, 2014 at 3:39 PM, z9wahqvh z9wah...@gmail.com
 wrote:
 On 2014-10-01 13:20, Sebastian G. bastik.tor wrote:

 the abuser ... he/she (mostly he)

 Abuse knows no such boundaries, only statistics.

 The people I work with are writing about Tor, and so far, the
 negatives keep far outweighing the positives, meaning that the
 ultimate analysis is likely to draw negative conclusions.

 That's because that's what they've grown and wish to see and
 report, particularly in the news for ratings, and in negative
 politics. Tor and the like are merely tools. As with statistics,
 sometimes and with some subjects, you will be hard pressed to find
 the alternative evidence you seek... daylight carries risk to good
 as well. Yet if you can imagine it, it's there. Blue pill, red
 pill... free your mind... whole new worlds of usage will open up.
 That's where the oppurtunity for unique ratings worthy analysis,
 reporting, and policy making resides.

-- 
Banned for life from Debian, for suggesting Debian's CoC
is being swung in our faces a little too vigorously.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk