Re: [tor-talk] pdf with tor
couldnt we just code some protection against this On Thursday, July 09, 2015 01:41:44 AM Apple Apple wrote: > I feel like the wrong issue is being discussed here; the real danger is not > really IP leaks. If you skipped Seth's post because of its length I suggest > you go back and read it. > > If someone manages to trick your PDF viewer into running arbitrary code > with a malicious PDF file, that person may then have full control over your > machine and all your files, passwords, emails etc. In this situation Tor > cannot protect your privacy and anonymity anymore. > > This is why the Tor project provides the stringent recommendation of > dedicating an isolated virtual machine to opening PDF files. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Letsencrypt and Tor Hidden Services
Im wondering , have anyone got letsencrypt to work with a .onion site? Or is it jus clearnet Alec Muffett skrev: (19 augusti 2015 20:43:53 CEST) >Pardon me replying to two at once... > > >> On Aug 19, 2015, at 18:34, Seth David Schoen wrote: >> >> [...] >> Right now, the industry allows .onion certs temporarily, but only EV >> certs, not DV certs (the kind that Let's Encrypt is going to issue), >> and the approval to issue them under the current compromise is going >> to expire > > >...or perhaps not... > > >> It's seemed like the efforts at IETF to reserve specific >"peer-to-peer >> names" would be an important step in making it possible for CAs to >issue >> certs for these names permanently. These efforts appeared to get >somewhat >> bogged down at the last IETF meeting. > > >Hi, I'm Alec, and I am co-author of the Onion RFC draft with Jacob >Appelbaum. > >Reports of the bogging-down have been greatly exaggerated, and I wish >people would stop repeating them. > >The status of the Onion RFC draft is viewable at: > >https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ > >...and this afternoon I created some amendments to the draft to address >IETF and IANA concerns, and have circulated them amongst the team (me, >Jake, Mark) to see if I've goofed. > >We will merge them, soon, in good time for the next review. > >In the most recent review IANA in particular were very helpful, >offering to rewrite some of their stuff in order to make it abundantly >clear to CA/B-Forum that: > >1) onion will be a special case >2) onion should never be delegated >3) but nonetheless SSL certificates should be issued for it > >...which proactively addresses a concern from a few months back re: >whether CA/B-Forum would nitpick a "Special Use" designation. > > >TL;DR - we are not past the finish line yet, and there is work to be >done and challenge, but we're not down nor are we out. > >Deadline is November 1st, as explained at length, here: >https://www.ietf.org/mail-archive/web/dnsop/current/msg14065.html > > >> (I'm hoping to write something on the EFF site about this issue, >which >> may have kind of far-reaching consequences.) > > >Good. Please avoid repeating the doom-and-gloom stuff that I've seen >elsewhere, it distracts from the discussion to have to expend time >correcting folk on Twitter. > > >> Anyway, I would encourage anyone who wants to work on this issue to >get >> in touch with Christian Grothoff, the lead author of the P2P Names >draft, >> and ask what the status is and how to help out. > > >The P2P Names draft is not relevant for ".onion" registration; for >other Tor-related names such as ".exit", and other services such as >".i2p" it is still relevant. > > >> Theoretically the Tor Browser could come up with a different optional >> mechanism for ensuring the integrity of TLS connections to hidden >services >> (based on the idea that virtually everyone who tries to use the >hidden >> services is using the Tor Browser code). I don't know whether the >Tor >> Browser developers currently think this is a worthwhile path. I can >> think of arguments against it -- in particular, the next generation >hidden >> services design will provide much better cryptographic security than >the >> current HS mechanism does, so maybe it should just be a higher >priority >> to get that rolled out, rather than trying to make up new mechanisms >to >> help people use TLS on hidden services. > > >I would recommend against giving up the pursuit of HTTPS certificates >on Onion sites. > >I explained some of this at >https://lists.torproject.org/pipermail/tor-talk/2015-August/038712.html >as follows: > > >Alec wrote: >>> The reason [ for pursuing SSL ] is simply that HTTP and HTTPS have >diverged (and are apparently likely to diverge further?) in how they >treat (eg:) secure cookies, and rolling a custom version of our >codebase to know and understand that “HTTP over Onion” >will/may/will-not have features like referrer-scrubbing or CORS in a >HTTPS-sympathetic manner (whilst the scheme in the request still *says* >that it arrived over HTTP) would be complex. I personally feel that to >expect more common codebases such as Wordpress or Drupal to >special-case Onion addresses would be presumptuous, be unlikely, add >cost, and inhibit Onion adoption. > > >Not creating barriers to wider onion adoption seems like a good idea to >me. > >Giving TorBrowserBundle special powers to make secure connections to >Onion sites, thereby making (say) "stunnel" or "wget" ineffective for >OnionSites, seems also to be a bad idea for adoption. > >Conversely: Mozilla are going to start gating some of their features to >be SSL-only: >https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/ > >Thus: making SSL work *somehow* - with privacy preservation where >relevant - on onion sites, appears to be the path to greatest onion >adoption. > > >> elrippo writes: >> >>> Hy, >>> i don't think letsencrypt will work on a HS because letsen
Re: [tor-talk] tor + twitter issues
I have sceen Twitter sending warnings saying that ppl/users that useage tor gets warnings message and IF they Dont stop using it they will be banned/account deleted Tempest skrev: (20 september 2015 19:43:48 CEST) >XiaoLan (小蓝): >> Twitter uses IP address as a factor to detect "abnormal activities" >just >> like Google sometimes gives us some CAPTCHA...maybe we need more exit >nodes > >i believe that is the issue, which is why i find their recent public >comments over the past 7 days about how "twitter is not targeting tor" >to be either entirely dishonest spin at worst, or proof of a rushed >security model with an ignorant understanding of its implications at >best. for the users i've communicated with since i brought this up who >have been experiencing issues, they've simply been using the tor >browser >to connect to twitter and post. twitter is apparently viewing this as >activity which is similar to a spambot. since they told >i...@torproject.org that they fixed the issue, it's apparent that they >need to continue working on this, as it is still broken. > >-- >gpg key - 0x2A49578A7291BB34 >fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34 > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor + twitter issues
Nice! Im gonna try it out ma...@wk3.org skrev: (20 september 2015 22:10:55 CEST) >Maybe this is a good opportunity to invite people to Diaspora again. >It's still not perfect, but it's running for something like 5 years now >without major glitches and is only getting better. > >It is tor-friendly (some admins even run relays and exits) and not >censorable in whole (admins of a Diaspora instance can take measures, >though, to block posts from another pod or a specific user). > >You can find a list of pods you can register on on https://podupti.me/ >and the general >project site on https://diasporafoundation.org/. > >Easiest way to find posts on topics is via hashtags like on Twitter. >The >hashtag streams for #tor on three exemplary pods: > >https://wk3.org/tags/tor >https://pod.geraspora.de/tags/tor >https://pod.disroot.org/tags/tor > >What you can see is that the contents are similar but not equal as the >federation of posts depends on who is following who. Larger pods have a >more comprehensive list of public posts than smaller ones. I rather >consider this a feature than a bug. > > >See you there! > >Malte > > >PS: I am search- and findable under the same handle that is this email >address. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: [guardian-dev] first beta release Orfox!
VXSkp1TPMGN >/VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ >6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8 >6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL >u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1 >wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW >MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz >+v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku >E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9 >8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5 >GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP >p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE= >=otlL >- -END PGP PUBLIC KEY BLOCK- > > >-BEGIN PGP SIGNATURE- >Version: APG v1.1.1 > >iQJcBAEBCgBGBQJWCBsePxxlbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0 >ZWQpIDxlbHJpcHBvQGVscmlwcG9pc2xhbmQubmV0PgAKCRAkQ93r2VDR6we1D/sF >Ul7XyBkzos4NdWrMDNETDHpjByrhaR7ZU6HRPqhid6GwSAPuAdwjMgadD6w79vqa >11gY35kg2Y6v1pSOphuPTOPFd+uaI2C52UaagE5w74srHQc9xV/8tE9fzWHKeog2 >7wnzvwmFjTxIJBGzqA32eO6twd6tDz5jj5YXOXwC/ourzdJq0PGGJ8uTJR8Uqx9c >glskR3wk3diQvq40ui/oBQPQC0RgNq2ga94ySIZ7SzqW3itQzPiKAnSLNi6cZx3P >In0wV0khMLaCFUXZC0Q75nW45X+BpK2vLT2pHtYIav/BjPOv/AXe0xd+JoKt7cAH >FrMnsgYRJCz+qjYcaZ5cSK1riVdmnCViLmhgL0Oxq6MtCYI8e8hdOwpQwcyPy22f >SJA1phio8FqEVu8vC4fb28p+pU2zRienPQlUQKuuAIT9qwJnx8g7IlcZc8zgK1xt >LlULtm9/uEeD9r2YEbLEsyBOU/cBSSKDjVhQiuCD/3aVGYjQklyF5cE4DZMxnaLs >2QgpObJslZlcLHtNh4ChlYPBtfQvaNLIb7dtXjV9UriiyOpYWEvWNGlqfPzp6NUi >dxchuwpZwlzF+EqSm4K6DVeRKlX9CPx6KXY62kLbQMFc9Yc4zTGlxrseIOYxweSZ >cC1At9lkR32lwzd8f2qPBI1UxiIVwMxsgrkI648a8A== >=Z+wI >-END PGP SIGNATURE- > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Proxy logos
Greatings fellow friends,devs and bots of the tor talk . i am working on a encrypted chat server like IRC almost anyhow im designing the gui for it and i am really not good at makeing logo's does anyone got a cool logo to recommend that symbolize's irc/proxy/encrypted chat . Take care -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Question
Sure man :) email me Idel Martinez Ramos skrev: (11 oktober 2015 19:30:57 CEST) >Hello! >I'm an 11th grade student and I'm doing a science fair about Anonymity >on the >Internet. Now, even though it is not possible, it can be partly >achieved. I'll >be using different programs, add-ons. settings, etc. to figure out if I >can be >tracked. I was wondering if I could get assistance from you guys since >you must >know a lot about the subject. > >Thanks >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Get Tor bridge via python code
Just use a captacha resolver:) bots use EM all the time Ben Tasker skrev: (16 oktober 2015 18:28:03 CEST) >> The reason for this is because if an API were available for this then >it >would need to support CAPTCHA-like (proof-of-humanity) functionality > >The captcha on bridges.torproject.org isn't so much as proof of >humanity, >as proof of humanity with absolutely impeccable eyesight. Either those >things are even harder to read than they appear, or cloudflare have >given >someone at the Tor project stockholm syndrome with their own captchas. > >On Fri, Oct 16, 2015 at 5:04 PM, Matthew Finkel > >wrote: > >> On Fri, Oct 16, 2015 at 02:52:33PM +0330, Farbod Ahmadian wrote: >> > Hello every one: >> > How can i get tor bridges via a python code? >> > I mean i run the python code and it give me my bridges. >> > Thank you :) >> >> Hi Farod, >> >> Sadly no, you can not retrieve bridges easily using a python script. >The >> website (https://bridges.torproject.org) and email >> (brid...@bridges.torproject.org) are the only two available methods. >The >> reason for this is because if an API were available for this then it >would >> need to support CAPTCHA-like (proof-of-humanity) functionality, and >there >> was not an easy way to implement this - nor was there any need >because no >> one had previously requested it. Without some sort of CAPTCHA it >would >> be extremely easy for anyone to retrieve all available bridges and >then >> block their IP addresses - thus making the bridges useless. >> >> - Matt >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org >> To unsubscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> > > > >-- >Ben Tasker >https://www.bentasker.co.uk >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Freedombox Halloween Hackathon
Sounds great any code challanges i and others can join remotely ?:)(would be fun to come But i personally cant come to ny ) Take care Marc Jones skrev: (30 oktober 2015 13:07:02 CET) >Dear Tor community, > >If there is anyone in the NYC area, the FreedomBox Foundation is >holding >a hackathon this Saturday, October 31st. We would love it if some >people >from the Tor community dropped by. We have integrated tor services into >Freedomboxes, but we are trying to build personal server/wireless >router >that makes existing software like Tor as easy to use as possible while >still using it in a secure fashion. Feedback and contributors on how to >improve our Tor integration would be very appreciated! > >Hope to see some off you Saturday! > >-Marc > > > >FreedomBox Halloween Hack-a-thon > >The FreedomBox Foundation [1][2] is hosting a Halloween hack-a-thon on >Saturday October 31st at the offices of the Software Freedom Law Center >[3] from 10 am to 6 pm, near Lincoln Center in New York City. New and >existing contributors will be getting together to work on our >Debian-based privacy-respecting self-hosting software suite and >wireless >router. > >Members of the FreedomBox core development team will be on hand to help >new contributors get involved and to get some actual work done! We are >going to be talking about: >* how to use a FreedomBox as a secure home router; >* using existing Debian packages to integrate them into FreedomBoxes; >* integrating in a secure decentralized social network; >* replacing passwords with an integrated authentication system based on >PGP; > >We live in a world where our use of the network is mediated by >organizations that often do not have our best interests at heart. To >regain control of our privacy, the FreedomBox >(https://wiki.debian.org/FreedomBox/) project is building an integrated >suite of software that does not rely on centralized services. Of course >much of this software already exists. We are hacking, tweaking, and >molding it into a easy to use software suite so everyone can regain >control of their privacy by running a FreedomBox at home. > >Bring yourselves, your ideas, your PGP keys, and your Raspberry Pis (or >other device you want to try FreedomBox on!) We will bring the pizza, >over-caffeinated soda, and Halloween candy. > > >Time: 10:00 am to 6:00 pm, October 31st, 2015 >Location: Software Freedom Law Center, > 1995 Broadway, 17th Floor, New York, NY > >To let us know you are coming so we can be sure to order enough food >and >caffeine email . > >[1] FreedomBox Project: https://wiki.debian.org/FreedomBox/ >[2] FreedomBox Foundation: http://freedomboxfoundation.org/ >[3] Software Freedom Law Center: http://softwarefreedom.org/ > > >-- >Marc Jones >Counsel >Software Freedom Law Center >1995 Broadway, 17th Floor >New York, NY 10023 >Tel: 212-461-1919 >Fax: 212-580-0898 >Email: mjo...@softwarefreedom.org >www.softwarefreedom.org > > > > > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Projects? (in anticipation of the TPP deal?)
I know of a case where a friend of my got smtor/smtpovertor to work with hotmail and mozillas email client , or kind of, the client would send a email to an SMTP server and that then recoded it and forwarded it to the smtor/smtpovertor server so it useages a normal SMTP server as gateway . ma...@wk3.org skrev: (8 november 2015 16:50:01 CET) >Hi, > >a lot of what you described sound like different parts of > >- pond (https://github.com/agl/pond) >- tox (https://tox.chat/) >- Ricochet (https://ricochet.im/) >- SMTPoverTor >(https://lists.torproject.org/pipermail/tor-dev/2015-November/009877.html) > >Maybe you can extend on that (like: integrating pond into Thunderbird >for example)? > > >Sincerely, > >Malte >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Security of running Tor on a Linux VM on a Windows host
Well as long as u update it , never forget the venom vuln :) Michael McConville skrev: (12 november 2015 18:00:36 CET) >Anthony Papillion wrote: >> A friend is hell bent on running Tor on a Linux VM hosted on Windows >> 8. this doesn't seem like the best idea to me but I thought I'd ask >> the experts. What are the security implications of doing so? Are >> there any mitigations that can make things more secure? Any >'gotchas'? >> For what it's worth, the have chosen to use VirtualBox over VMware. > >Not necessarily a bad idea, but could be a waste of system resources on >a laptop. > >And, as has already been mentioned, they might as well run Whonix or >Tails if they're using a VM. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: [tor-relays] Tor Project slandered?
99% of all TV shows and movies gets hackin wrong the only legit hacking movie i like is hackers from 1995 and i have been a pentester for 10years Ben Tasker skrev: (4 november 2015 20:33:46 CET) >Sadly I don't think it'll make much difference. As a franchise, NCIS >has >been publicly criticised for it's portrayal of tech and "hacking" for >years. > >My favourite being the 4 handed, no talking CND - >https://youtube.com/watch?v=1Y2zo0JN2HE > >Basically, they don't and haven't ever given a toss about whether >something >they portray is accurate, realistic or even possible. > >The claim that 97% happens on the darknet is awesome though, especially >with the UK govt publishing the draft IPB today >On 4 Nov 2015 19:15, "Kevin Flowers" >wrote: > >> Whats his addy? >> >> -Original Message- >> From: tor-talk [mailto:tor-talk-boun...@lists.torproject.org] On >Behalf Of >> grarpamp >> Sent: Wednesday, November 4, 2015 12:18 PM >> To: tor-talk@lists.torproject.org >> Subject: [tor-talk] Fwd: [tor-relays] Tor Project slandered? >> >> -- Forwarded message -- >> From: Larry Brandt >> Date: Wed, Nov 4, 2015 at 12:01 PM >> Subject: [tor-relays] Tor Project slandered? >> To: tor-rel...@lists.torproject.org >> >> >> Last night my wife and I caught an episode of 'NCSI New Orleans.' The >plot >> involved a brainiac from DARPA with a congenital heart problem. >> His job, he reported to NCSI, was to decrypt the Tor network. He >needed a >> new heart to finish what was almost done. He stated: "97% of all >illegal >> internet activity occurs on the deep web". He made no distinction >between >> deep web and Tor. This morning I fired off an email to the show >producer >> telling him what a disservice he was doing to people worldwide who >needed >> anonymity. Maybe some of you will join me in communicating to him. >> LB >> ___ >> tor-relays mailing list >> tor-rel...@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe >or >> change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> >> >> -- >> Powered by Xeams. Visit xeams.com for more information >> -- >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org >> To unsubscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Bear Bonds - a new cryptocurrency that uses Tor
Python thats nice :) al...@bearbonds.org skrev: (13 november 2015 02:52:50 CET) >I'm involved in a project to create a new cryptocurrency called Bear >Bonds(TM). > >One of the notable features for the Tor community is that all >communication is via Tor using Tor hidden services. This includes >communication between users and the network, and all communication >between network nodes. Tor is used for both privacy and security. In > >particular, since the users are anonymized, it prevents a node on the >network from attempting to send targeting information to a certain >user or group of users. > >If Bear Bonds is successful, we of course plan to give extensive >support back to the Tor community. > >We have a whitepaper, technical documentation and a technology preview > >software release on our website at https://www.bearbonds.org. The >code is over 80% complete and we are working to finish it as quickly >as possible. > >Please feel free read the documentation and try out the wallet >simulation script. We welcome any comments and questions. > >Thank you, > >Allen > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Running a relay on a raspberry pi
Have anyone done this with a raspberrypi ? I have found some tutorials http://m.instructables.com/id/Raspberry-Pi-Tor-relay/?ALLSTEPS and stuff , anyhow email back IF anyone is running a tor relay on a raspberry pi -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Running a relay on a raspberry pi
Thanks to all i got it up and running :) Chris Dagdigian skrev: (14 november 2015 13:18:09 CET) > >I run an exit node on a raspberry pi 2 just fine, 'arm' reports that >it's pushed 2.4TB over the last 90 days. >The previous B+ model also worked OK but the '2' model does more with >less load. > >> Flipchan <mailto:flipc...@riseup.net> >> November 14, 2015 at 3:32 AM >> Have anyone done this with a raspberrypi >> ? >> I have found some tutorials >> http://m.instructables.com/id/Raspberry-Pi-Tor-relay/?ALLSTEPS and >> stuff , anyhow email back IF anyone is running a tor relay on a >> raspberry pi > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How does one remove the NSA Virus off the BIOS Chip as described by Snowden in the ANT Program
I would like to help in anyway i can , i'm currently developing an anti virus and auditing multi platform program , So if u can find out/copy all the viruses the nsa have given You and send it i would love to help on detecting and protecting ppl from it :) coderman skrev: (21 november 2015 13:10:05 CET) >On 11/20/15, Virilha wrote: >> >> I believe you need immediate help, to capture evidence and/or reverse >> engineer malware. > >it will be persistent but latent. > e.g. after a time period of "unable to successfully implant in OS" >it will quit trying. or maybe not! unknown unknowns, etc. >or maybe not! large variance between paid proprietary LE only exploit >kit >and truly exceptional nation state intelligence and exploitation >techniques. >you should use the BIOS adventures below to find out. > [the TAO-related Snowden leak details are informative] > >mobile implants are observed "geofenced" by tower or stringray. by >activity of other apps. by network traffic. by time of day, ... this >is a long list :) > >your router(s) are trash, now. (maybe you can directly flash, like >BIOS adventures below?) > > > >> If the first case (capture evidence), advise you to join an IRC >> channel on server irc.oftc.net channel #debian - > >capture is good first step, and if not in this instance perhaps the >next. >capture is always useful! (via independent and not networked device) > > > >> If the second (reverse engineer the malware), I advise you to join an >> IRC channel on server irc.freenode.net on channel ##asm and/or >channel >> ##re - me or others can help you with x86/64 stuff (assembly). > >you can open up and search for BIOS flash chip. if you're lucky it >will be a 3.3V SPI flash chip in 4 or 8MByte (they often measure in >bits, too, don't ask me why). > >you can use a rPi to do it, even! >http://www.win-raid.com/t58f16-Guide-Recover-from-failed-BIOS-flash-using-Raspberry-PI.html >http://satxhackers.org/wp/hack-content/uploads/2013/04/rPI_flashrom.pdf >http://www.winbond-usa.com/resource-files/w25q64fv_revl1_100713.pdf > >that last is an SPI chip in my pair of ASUS B43J laptops - it is nice >to have a pair, saving the good one, in case something like this >happens. the stealthy stuff will betray power consumption and forensic >flash image digest values (sha256 of specific flash regions) > >remember to adjust configuration parameters for SPI support if using >the rPi. > >i highly recommend the Shikra as well, however, it requires postal >CUSTOMS. :) > http://int3.cc/products/the-shikra > >this is just the start, of course, but enough to give tells... > > > >best regards, >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] ru news
Hahah lol! aka skrev: (25 november 2015 16:40:14 CET) >Do you honestly let a snakeoil company read all your emails and let >them >fingerprint every email you send? > >Allen: >> ><https://www.avast.com/?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> >> This >> email has been sent from a virus-free computer protected by Avast. >> www.avast.com >> ><https://www.avast.com/?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> >> <#DDB4FAA8-2DD7-40BB-A1B8-4E2AA1F9FDF2> >> >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Autoupdateing
I tried to code an autoupdater for my tor relay , IF anyone is a king/queen on node.js or got any other awnser on how to autoupdate ur server , i am almost their but havent got it to work 100% , link: github.com/flipchan/autoupdater Take care n keep it codein;) -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Auto updateing tor relays
I tried to code an autoupdater for my tor relay , IF anyone is a king/queen on node.js or got any other awnser on how to autoupdate ur server , i am almost their but havent got it to work 100% , link: github.com/flipchan/autoupdater -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Autoupdateing
so if i create an update.sh script with apt-get update && apt-get upgrade -y in it and add it to run like this crontab -l # m h dom mon dow command * 12 * * * ./update.sh On 2015-12-01 02:28, Scfith Rise up wrote: I have to agree. crontab -e and add in the commands you want to run automatically at set intervals. On Nov 30, 2015, at 4:10 PM, Michael McConville wrote: Flipchan wrote: I tried to code an autoupdater for my tor relay, IF anyone is a king/queen on node.js or got any other awnser on how to autoupdate ur server, i am almost their but havent got it to work 100%, link: github.com/flipchan/autoupdater Why not just a cron job with pkg_add, apt-get, or whatever else you use? There are existing tools like Debian unattended-upgrades for this. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Autoupdateing
yupp , i added a crontab guide in the github project https://github.com/flipchan/autoupdater/crontab.txt On 2015-12-02 12:52, James Harrison wrote: On 30/11/15 21:10, Michael McConville wrote: There are existing tools like Debian unattended-upgrades for this. +1. Enable unattended-upgrades and security updates for _all_ your system components will be handled, which is much better than just updating Tor. -- Cheers, James Harrison -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor-ramdisk 20151215 released
nice work! openssh update is important and kernel updates also great goin to try it out(Y) On 2015-12-16 01:36, Anthony G. Basile wrote: Hi everyone, I want to announce that a new release of tor-ramdisk is out. Tor-ramdisk is a uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhanced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP or SCP. Changelog: Tor was updated to version 0.2.7.6, busybox to 1.24.1, openssh to 7.4_p1, and the kernel to 4.2.6 plus Gentoo's hardened-patches-4.2.6-8.extras. We also switched from openssl to libressl 2.2.5. i686: Homepage: http://opensource.dyc.edu/tor-ramdisk Download: http://opensource.dyc.edu/tor-ramdisk-downloads x86_64: Homepage: http://opensource.dyc.edu/tor-x86_64-ramdisk Download: http://opensource.dyc.edu/tor-x86_64-ramdisk-downloads -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hello I have a few question about tor network
U gotta know all networks can be hacked , but the reason that tor is great is cuz its volunteers running tor Aeris skrev: (29 december 2015 12:06:02 CET) >Hello and welcome here ! > >> 1. Tor network is 100% security network? that can not be hacked by >other >> cracker? > >Tor is not a security network per se, it provides only anonymity from >the >point of view of the servers you use : nobody can say this is you >behind this >Tor visitor. > >> 2. If not, How can cracker attack tor network that tor can't prevent? > >Tor network can be hack (ie. deanonymizing users) with a sybill attack. >If an attacker control more than 66% of the Tor nodes, he has some >probabilities to control 2 of the 3 nodes you will use (the most >important are >the first and the last), and so can link each hop with each others, >leading to >user deanonymization. > >For more details, read >https://svn.torproject.org/svn/projects/design-paper/ >tor-design.html#sec:assumptions and >https://svn.torproject.org/svn/projects/ >design-paper/tor-design.html#subsec:threat-model > >Regards, >-- >Aeris >Individual crypto-terrorist group self-radicalized on the digital >Internet >https://imirhil.fr/ > >Protect your privacy, encrypt your communications >GPG : EFB74277 ECE4E222 >OTR : 5769616D 2D3DAC72 >https://café-vie-privée.fr/ > > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] OFTC semi-permanent Tor Blocking
Great i trust riseup sajolida skrev: (6 januari 2016 15:36:01 CET) >Patrick Schleizer: >> Please suggest Tor-friendly IRC networks. >> >> Ideally ones, that would welcome the Tor community and actively >> ensure/prioritize keeping it functional for Tor users. > >In Tails, we're moving our meetings to xmpp://conference.riseup.net. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] OFTC semi-permanent Tor Blocking
Ur own jabber server? Pickfire skrev: (6 januari 2016 15:38:50 CET) >I trust riseup too. But now I am creating my own. > >On Wed, Jan 06, 2016 at 03:37:27PM +0100, Flipchan wrote: >>Great i trust riseup >> >>sajolida skrev: (6 januari 2016 15:36:01 CET) >>>Patrick Schleizer: >>>> Please suggest Tor-friendly IRC networks. >>>> >>>> Ideally ones, that would welcome the Tor community and actively >>>> ensure/prioritize keeping it functional for Tor users. >>> >>>In Tails, we're moving our meetings to xmpp://conference.riseup.net. >>>-- >>>tor-talk mailing list - tor-talk@lists.torproject.org >>>To unsubscribe or change other settings go to >>>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > >-- > _ >< Do what you like, like what you do. > > - >\ ^__^ > \ (oo)\___ >(__)\ )\/\ >||w | >|| || >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] OFTC semi-permanent Tor Blocking
I know a friend of mine is using https://github.com/anders/bircd And then runs it throw tor , so nothin touches clearnet, it works fine Flipchan skrev: (6 januari 2016 15:37:27 CET) >Great i trust riseup > >sajolida skrev: (6 januari 2016 15:36:01 CET) >>Patrick Schleizer: >>> Please suggest Tor-friendly IRC networks. >>> >>> Ideally ones, that would welcome the Tor community and actively >>> ensure/prioritize keeping it functional for Tor users. >> >>In Tails, we're moving our meetings to xmpp://conference.riseup.net. >>-- >>tor-talk mailing list - tor-talk@lists.torproject.org >>To unsubscribe or change other settings go to >>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > >-- >Sincerly Flipchan >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TorChat or other for IRC?
I use irssi and proxy it throw tor , usewithtor irssi andr...@fastmail.fm skrev: (6 januari 2016 15:56:42 CET) >Is TorChat the usual program used for IRC? > >Or, there another irc client that's recommended? > >Where can it be downloaded from? There seem to be way too many places >to download TorChat. > >Thanks, > >Andre > >-- >http://www.fastmail.com - Send your email first class > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TorChat or other for IRC?
yeah freenode blocked tor ... On Wed, Jan 06, 2016 at 04:06:32PM +0100, Flipchan wrote: I use irssi and proxy it throw tor , usewithtor irssi Is it possible to connect to freenode? I remember they were banned TOR network. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Using VPN less safe?
Do u mean a vpn to tor? Or first tor then a vpn? Oskar Wendel skrev: (24 januari 2016 12:04:30 CET) >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >Today I thought about something... > >Let's assume that attacker (government) seizes the hidden service and >wants to run it and deanonymize its users with traffic correlation. > >Attacker could easily tap into major VPN providers traffic and try to >correlate their traffic with hidden service traffic. And there are >fewer >VPN providers than Tor entry guards (and much less than home >connections >around the globe). > >Does it mean that routing Tor through a commercial VPN could actually >lower the security, compared to routing Tor directly through a home >connection? It's in contrast with what many say, that you should use >a commercial VPN for extra security. > >- -- >Oskar Wendel, o.wen...@wp.pl.remove.this >Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C >Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C >-BEGIN PGP SIGNATURE- > >iQEcBAEBAgAGBQJWpK+8AAoJEGaQzFIxjbhMk6wH/RNFA38ceVBhetnVPUTHhrsz >DC5TerZ0NW39Gn6f4rz66QryjHuTVNqzFwUBTuGSQZw5JjENQeOO53RuFiG1xsWM >iFE/UNgezAIX+AaYoZOdaocICtMkWPW9gyddWbRN8vG3/0L4TQTD2wdND4We2x+6 >W/uQMKtQ/rH8z/O2vMgetsNdNDp/6V7eKrKxWUkq70Nz+LwD5I8K4ONOJgt7Gd1g >Uo8syPFktHlISyquoDDqldOvoN4RTwb8F1+nL8k+q/hYC1HJDHSOjOaMW72OjlpK >fAymg+vzK7yg+pOgBvYhi/ojdHBCiajQBx6X+SI1dodINeQm84SjXBgMXPREVF4= >=B7jK >-END PGP SIGNATURE- > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Using VPN less safe?
Well i never liked vpn , like for example in the US the police can force the vpn provider to give out info without the vpn provider telling the client/customer about it, so u need to put alot of trust in these vpn providers, i am acctually developing a better solution but its only in beta and i havent got it to work 100% , but IF u want a vpn think like this , is this person who is hosting my vpn ready to go to jail for me? Some vpn providers provide logless vpn which is the best ofc , but yeah u need a non US provider and some u trust Oskar Wendel skrev: (24 januari 2016 12:48:57 CET) >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA1 > >Flipchan : > >> Do u mean a vpn to tor? Or first tor then a vpn? > >Tor over VPN. So we first purchase a VPN and then make Tor use it to >connect to the first hop. > >- -- >Oskar Wendel, o.wen...@wp.pl.remove.this >Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C >Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C >-BEGIN PGP SIGNATURE- > >iQEcBAEBAgAGBQJWpLooAAoJEGaQzFIxjbhM7eYH/2a9eKOo4csFUpky4r0DZMGb >FNiUqo14JHXneyu3OV3whQH3UYSJD7Tat3t5e9GY+7ydxyvw1SEcBVhWGZj2VI+M >RylCKStyu0CLIAXAYoTlHLWtRIkr4Dg9MNxIcTrHaqIjULasoixI5us/T5VtcWba >YQzxh5xJ1kMybBEhfBt9g8UCTRUfSCUxDq0tT+nq9nD7W4dv5o4HRYDsbhAnd5yc >pAO9vhwQeAYRRyyyW+qi1vtLcX543S5heC8muNQNd9w+hLJucxVKOSE9XmtFSXAK >7G3JuDoeEthCnnix4N5fJb9B1nrZzqjny/bgtTsxIlMAphdO9HBY1UyaxKBmQtA= >=ouRR >-END PGP SIGNATURE- > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Using VPN less safe?
Instead of goin vpn->tor You could go i2p->tor nobody skrev: (24 januari 2016 21:25:38 CET) >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA512 > > > >On 01/24/2016 03:22 PM, aka wrote: >> Oskar Wendel: >>> Today I thought about something... >>> >>> Let's assume that attacker (government) seizes the hidden service >>> and wants to run it and deanonymize its users with traffic >>> correlation. >>> >>> Attacker could easily tap into major VPN providers traffic and >>> try to correlate their traffic with hidden service traffic. And >>> there are fewer VPN providers than Tor entry guards (and much >>> less than home connections around the globe). >>> >>> Does it mean that routing Tor through a commercial VPN could >>> actually lower the security, compared to routing Tor directly >>> through a home connection? It's in contrast with what many say, >>> that you should use a commercial VPN for extra security. >>> >>> >> >> Why not Tor over Tor? Using a Tor exit to connect to the first >> hop. Would require traffic correlating twice. >> > >Quoting https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO: > >" When using a transparent proxy, it is possible to start a Tor >session from the client as well as from the transparent proxy, >creating a "Tor over Tor" scenario. Doing so produces undefined and >potentially unsafe behavior. In theory, however, you can get six hops >instead of three, but it is not guaranteed that you'll get three >different hops - you could end up with the same hops, maybe in reverse >or mixed order. It is not clear if this is safe. It has never been >discussed. > >You can choose an entry/exit point, but you get the best security >that Tor can provide when you leave the route selection to Tor; >overriding the entry / exit nodes can mess up your anonymity in ways >we don't understand. Therefore Tor over Tor usage is highly >discouraged. > " >-BEGIN PGP SIGNATURE- >Version: GnuPG v2 > >iQIcBAEBCgAGBQJWpTM5AAoJECVOC2Tp0QhT/AIQAJIo6EgeBWWplZ8bU9tx/YHR >umkS8tRy03WX89a6P9MXfnvV3ZTWmHhxWol7ekBhLbU1vZLN9yblEgUDsqX1I2t3 >OVHopy+4WzE48u1KRogCVvcmKvhwNAM5TblET8Euq9Op6tXKLZDVJFqDJ9Z64efO >iJ/G86+d5nc9rz8a0krz2E1GvYV7fJrXn9LivNaf/IYHZsvObgQM+OWyxf8MP7F2 >PWI1cRTHZFMNInZ2KemiANaUGVSqbUmauygosBSUFygIEiRD8cEOh8v79/BIF3nk >JGzGLE/oCSPSPb0gJdfu83+SmdN36zkrFwc4uVfCAqDD7IaUHtDvPvy4SYsLeGJi >wSA1wewYuZ88UrtQ7CYRggAOpINEIQMs2RaskJQ7/PPWHVDA8Lo/IgzS1JV09hP0 >tBr49uZKsXVS6Y3YOxI6PEdIcZprWb75/PzrV0Vq6UpSnyC+JQBVAj4v7i4CfAC1 >/koTsp1Evn1Sul88TjeP7WVY63jdv8C9SFB40VB6u1Hb+s7LxuPk8Z0Ev66Y5Uoy >QNzozyOS/qvye2MLois99Ge+IetA/I/IgksL6jzXDm/+QXUaE5b9PutIfpWWYbb1 >QXvoBmAJ6iQSLOB/zxTK38Y0avm37ZetuKvT0eheT8jczixeAWB08Walnx3n8j/i >yqxbBSiyLM98XueLhgzF >=r1Bz >-END PGP SIGNATURE- >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] onion routing MITM
Try to put up a server n run it throw tor and the generate a key with scallion for example https://github.com/lachesis/scallion , or ur favorite programming lang a55de...@opayq.com skrev: (26 januari 2016 19:37:24 CET) >A CA will not validate a '.onion' address since it's not an official >TLD >approved by ICANN. The numbers aren't random. From Wikipedia: > >"16-character alpha-semi-numeric hashes which are automatically >generated >based on a public key <https://en.wikipedia.org/wiki/Public_key> when a >hidden >service ><https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services> >is >configured. These 16-character hashes can be made up of any letter of >the >alphabet, and decimal digits from 2 to 7, thus representing an 80-bit >number in base32 <https://en.wikipedia.org/wiki/Base32>. It is possible >to >set up a human-readable .onion URL (e.g. starting with an organization >name) by generating massive numbers of key pairs ><https://en.wikipedia.org/wiki/Public-key_cryptography> (a >computational >process that can be parallelized ><https://en.wikipedia.org/wiki/Parallelized>) until a sufficiently >desirable URL is found."[2] ><https://en.wikipedia.org/wiki/.onion#cite_note-scallion-2>[3] ><https://en.wikipedia.org/wiki/.onion#cite_note-facebook_url-3>" > >Cheers, >yodablue > >On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked] >opayq.com> wrote: > >> >> --Blur (formerly >> DoNotTrackMe)--- >> >> -By Abine-- >> >> >> I'm new to tor, trying to understand some stuff. >> >> I understand the .onion TLD is not an officially recognized TLD, so >it's >> not >> resolved by normal DNS servers. The FAQ seems to say that tor itself >> resolves >> these, not to an IP address, but to a hidden site somehow. >> >> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with >> random >> looking names. Why is this? What if someone at thehiddenwiki.org >> registered a >> new .onion site (for example http://somerandomletters.onion), which >then >> relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)? >> Thehiddenwiki could give me the link http://somerandomletters.org, >and of >> course I would never know the difference between that and >> http://3g2upl4pq6kufc4m.onion >> >> Without trusting a CA to validate a site name, what prevents MITM >attacks? >> Am >> I supposed to get the duckduckgo URL from a trusted friend of mine, >and >> then >> always keep it? >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org >> To unsubscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> >> >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] using obfsclient
Cant u just write a plugin in Py for obfs support to ur vpn? Kuhr Stefan skrev: (4 februari 2016 10:52:32 CET) >Hello everyone, > >dunno if this ist the correct list to ask these questions, please let >me know where to place them appropriately if not: > >We want to bundle software from the tor project with our VPN product, >specifically the pluggable transports, most specifically obfs2 and >obfs3. While we could do this with the binaries that ship with the tor >browser bundle (I assume we can just take them and ship them with our >product, alongside the tor license file, right?), we would very much >appreciate to use obfsclient instead of obfsproxy from the TBB, >assuming it is still actively supported. > >I failed to build obfsclient on Ubuntu and cygwin (where can I ask >questions regarding my build errors?), but I managed to cobble together >a binary running on Windows built with MSVC, but when debugging it, I >noticed that all behaviour of obfsclient is controlled using >environment variables. Is there any documentation regarding the usage >of these environment variables? What we want to do is run obfsclient as >a local proxy for an openvpn client, much like we would do with >"obfsproxy.exe obfs2 socks 127.0.0.1:1050". What would be the >equivalent of this using obfsclient? > > >Any help appreciated, > >SKU > > > > >___ >ads-tec GmbH >Sitz: 72622 Nürtingen >Registergericht Stuttgart HRB 224527 > >Geschaeftsfuehrer: >Dipl.-Ing. Thomas Speidel >___ >Diese E-Mail enthaelt vertrauliche und/oder rechtlich >geschuetzte Informationen. Wenn Sie nicht der richtige >Adressat sind oder diese E-Mail irrtuemlich erhalten >haben, informieren Sie bitte sofort den Absender und >vernichten Sie diese E-Mail. Das unerlaubte Kopieren, >jegliche anderweitige Verwendung sowie die unbefugte >Weitergabe dieser Mail sind nicht gestattet. >___ > >This e-mail may contain confidential and/or privileged >information. If you are not the intended recipient (or have >received this e-mail in error) please notify the sender >immediately and destroy this e-mail. Any unauthorized >copying, disclosure, distribution or other use of the >material or parts thereof are strictly forbidden. >___ > > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TB 5.5 for OpenBSD
Great! i will check it out On 2016-02-05 21:38, George wrote: The Tor BSD Diversity Project just released Tor Browser version 5.5 for OpenBSD/amd64. For those interested in running it, you need a very recent -current (snapshot) of OpenBSD/amd64. Here's the official announce: TDP Announce for Tor Browser 5.5 for OpenBSD 20160205 The Tor BSD Diversity Project https://torbsd.github.io/ The Tor BSD Diversity Project (TDP) is proud to announce the release of Tor Browser (TB) version 5.5 for OpenBSD. Please note that this version of TB remains in development mode, and is not meant to ensure strong privacy, anonymity or security. TDP (https://torbsd.github.io) is an effort to extend the use of the BSD Unixes into the Tor ecosystem, from the desktop to the network. The 5.5 version is the eighth Tor Browser release from TDP. To install TB for OpenBSD, please see http://mirrors.nycbug.org/pub/snapshots/packages/amd64/README-55.txt TDP is focused on diversifying the Tor network, with TB being the flagship project. Additional efforts are made to increase the number of *BSD relays on the Tor network among other sub-projects. TDP's source code repository resides at http://github.com/torbsd/ TDP is seeking funding to continue and extend its efforts. Please contact us if interested in assisting TDP, allowing us to dedicate more time to the project. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Which webmail providers are Tor friendly.
Dont forget to encrypt all ur emails with pgp, i have looked at milter filter for email thats auto encrypts all incoming emails which is cool blo...@openmailbox.org skrev: (5 februari 2016 13:09:40 CET) >Hello! > >I am looking for Tor friendly webmail operators. By this, I mean ones >that do not insist on SMS verification and do not block Tor. > >I used to be happy with openmailbox.org but they now block new sign-ups > >that use Tor. > >I like ruggedinbox.com which is very Tor friendly but they are often >down (DDOS perhaps). > >Any other suggestions. I would prefer a basic service. I don't mind >paying a little if I can use crypto-currency. Although free or a >donation model is preferred. > >Thank you. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] orplug, an Android firewall with per-app Tor circuit isolation
Thats cool:) who needs a gui, not me ;) On 2016-02-12 14:31, Rusty Bird wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Maybe someone else will find this useful? https://github.com/rustybird/orplug Rusty orplug, an Android firewall with per-app Tor circuit isolation Not affiliated with the Tor Project. Short intro - - No GUI, please write one ;) - - Default deny pretty much everything. Combinable access policies for individual apps, whole Android user accounts, etc.: transparent torification (circuit-isolated per app), fenced off access to Socks/ Polipo, LAN access, clearnet access - - Multi user account support - - Doesn't leak IPv6 traffic - - Clean DNS, but requires ANDROID_DNS_MODE=local ROM patch - - Logs blocked DNS queries and blocked other packets - - Input firewall allows sshd by default - - Should work with enforcing SELinux - - Includes the "--state INVALID" transproxy leak fix[1] - - Tested on CyanogenMod 13 (Android 6.0.1 Marshmallow) Longer intro Really no GUI, unfortunately I don't have any talent for that. There's a simple plain text configuration format[2] though, and the command line "orplug-reconf" script could work as a backend to a graphical app. (It accepts stdin as well as files for configuration.) Unconfigured processes may only communicate with localhost and the loopback interface. You can configure an individual app, a Unix user/ group, or an Android account: - to be transparently torified, with circuit isolation per rule - to be allowed access to local TCP ports 9050/8118 for native Orbot support - to be allowed LAN access (except DNS) - to be allowed full clearnet access All of the above can be combined: Transparently torify a VoIP app as far as possible, but allow clearnet access for the remainder (UDP voice packets). Or, for a home media streaming app: transparent torification with LAN access. Rules can apply to the primary Android device user account or to other accounts. For incoming traffic, every port is blocked to the outside by default. But a hook loads files with raw ip(6)tables-restore rulesets, and one such ruleset allows TCP port 22 (sshd). The init script uses "su -c", which seems to set up everything properly SELinux-wise on CM13. I'm not really sure because I don't have a device that's able to run in enforcing mode. The DNS mess Android 4.3+ mixes DNS requests of all apps together by default[3]; when a request finally appears in Netfilter, it's unknown where it came from. orplug takes a strict approach and blocks this sludge, so it needs a ROM patched[4] to export the environment variable ANDROID_DNS_MODE=local during early boot. Unfortunately, ANDROID_DNS_MODE=local makes Android send DNS requests to 127.0.0.1, instead of the value of the net.dns1 property. Until this is somehow fixed, a rule has been added to redirect allowed clearnet IPv4 DNS traffic to $ClearnetDNS (defaults to Google's 8.8.8.8). orplug blocks disallowed DNS requests by sending them to a local dnsmasq instance that only logs queries (logcat | grep dnsmasq), but doesn't forward them. This is how I noticed that CM13 with "everything disabled" nevertheless attempts to connect to the hosts stats.cyanogenmod.org, account.cyngn.com, and shopvac.cyngn.com. (Via UID 1000, in this case the Settings package.) Captive portals Enable clearnet access for either UID 1000 (beware of the random stuff apparently floating around there), or for a dedicated browser (and run "settings put global captive_portal_detection_enabled 0" as root). Installation 0. Set up some independent way to check for leaks, e.g. corridor[5]. You've been warned... 1. Copy the orplug subdirectory to /data/local/ on your Android device. "chmod 755" 00-orplug, orplug-start, and orplug-reconf (all in /data/local/orplug/bin/). 2. Add the line ". /data/local/orplug/bin/00-orplug" (note the dot) to /data/local/userinit.sh and run "chmod 755 userinit.sh". 3. Copy the contents of /data/local/orplug/torrc-custom-config.txt into the clipboard, e.g. using File Manager. This file contains directives for tor to open 99 different TransPort and DNSPort ports. 4. In Orbot's settings, paste the clipboard contents into "Torrc Custom Config", disable "Transparent Proxying", disable "Request Root Access", and choose "Proxy None" in "Select Apps" (that last one only applies to current prereleases of Orbot). 5. Reboot your device. 6. Check that orplug has brought the firewall up: The output of "getprop orplug.up" is supposed to say "true". Log files are in /data/local/orplug/debug/ in case it didn't work. 7. Configure your apps by creating one ore more .conf file(s) in /data/local/orplug/conf/ (there's a commented user.conf.example[2]). 8. Run "su -c /data/local/orplug/bin/orplug-reconf". The output is supposed to say "orplug-reconf: populated". This will happen automatically if you reboot. Footnotes 1. "--state
[tor-talk] Bad exit/bad relay list
Does anyone have or know where i can find a list with bad exits/relays -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Bad exit/bad relay list
Great! Thnks Roger Dingledine skrev: (18 februari 2016 00:45:32 CET) >On Thu, Feb 18, 2016 at 12:36:53AM +0100, Flipchan wrote: >> Does anyone have or know where i can find a list with bad >exits/relays > >There aren't great resources for this I think. > >The simple answer is that you can look at your cached consensus file, >and the ones labelled BadExit are the bad exits, and the ones that are >missing (ha) are the bad relays. > >If you want a way to visualize the consensus plus the votes that went >into it, check out >https://consensus-health.torproject.org/consensus-health.html >(warning, it's a huge page) > >For a while it looks like somebody was maintaining >https://trac.torproject.org/projects/tor/wiki/doc/badRelays > >But ultimately this is a really crummy arms race to play, and while I'm >a fan of transparency for most development, it ends up making things >too asymmetric in the wrong direction in this case: >https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html > >As for reporting bad relays, see >https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays > >Hope this helps, >--Roger > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Cloudflare: option available to whitelist the Tor "country" (T1)
Thats awesome! nusenu skrev: (3 mars 2016 21:45:44 CET) >Tor friendly cloudflare customers can now configure their sites to no >longer require captchas for tor users: > > >https://support.cloudflare.com/hc/en-us/articles/203306930 > > > > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] .onion name gen
IF i generate a .onion domain , isnt there a risk that someone can generate the same domain? I mean anyone can generate .onion domains and IF i got an easy .onion address then some could easily generate that rsa key right? -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] cisco blacklist
Is it one IP per line? Lee skrev: (11 mars 2016 00:23:22 CET) >Anyone know why Cisco has so many tor nodes blacklisted? > >Get the Cisco IP blacklist from > http://www.talosintel.com/feeds/ip-filter.blf >Get the TOR node list from > https://www.dan.me.uk/torlist/ > >$ sort ip-filter.blf > cisco-blacklist >$ join -j 1 cisco-blacklist torlist | wc -l >893 > >$ wc -l torlist >7007 torlist > >$ wc -l cisco-blacklist >31516 cisco-blacklist > > >Thanks, >Lee >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Extend auto-IP-switching-time in TorBrowser (and depending from time of inactivity)
I think roundcube(an email client) works with easy session and switchin your IP shoulnd effect that session Ben Stover skrev: (25 mars 2016 12:12:07 CET) >Hello Paul (and others), > >the problem is for example when I login into a remote mailbox through >TorBrowser then the mail box provider >see my IP (=IP of ExitNode). > >Since I often stay longer than 10 minutes in my remote mailbox an IP >switch happens during my mailbox login session. >Unfortunately a lot of mailbox provider setup smart "security session >procedures". >As soon as they detect an IP switch they force the user to re-login >again (at minimum). > >Even worse: Some mail providers consider an account and password break >and force the user to "verify" that >they are really to owner of the account with a long-winded confirmation >procedure. >This could happen when only changing the country as well. >Very annoying. > >So the easiest way to prevent these situation would be to keep the >current Tor circuit (or at least the ExitNode). > >From what I read so far a "keep-circuit-instruction" is currently not >possible. > >Why not offering the user such a (torrc) option? So its up to him if he >wants an extended circuit-session-time or not. > >Ben > >>I'm confused. What is the situation you are concerned about? A new >>stream would go over a new circuit whether the previous stream is kept >>alive or not. Is that not so? And I'm not sure what keeping the idle >>stream open has to do with this. I understand the UX issues of >>switching circuits, and I get the threat if not allowing a stream to >>close causes attaching indefinitely to new circuits. But I don't >>understand why it is bad to have a new stream open on a new circuit >>after another stream closes that was artificially kept open for a >>while vs. having the new stream open after an initial stream closed >>normally. > >>aloha, >>Paul > > > > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Raid of LFM studio over supposed access of onion site by unknown party
Only way is to fight fire with fire , we at the tor community will never give up against fighting against gov or simular anti-tor factors , thnks for the info Chris skrev: (26 mars 2016 17:31:46 CET) >I thought I'd just bring to the attention of the Tor community a very >public (it was recorded and those involved have spoken about it) raid >that occurred upon which the FBI listed in the warrant an onion site >that was connected to what appears to have been Playpen where child >porn >was being distributed by the FBI. In this incident they placed bits of >code on users of the sites systems which enabled them to identify the >user's IP. > >While it is believe that the home and studio that was raided did not >contain any child pornography the objective seems to have been to >discredit a very public critic of the FBI: Ian Freeman. > >http://freekeene.com/2016/03/22/news-and-blog-coverage-of-fbi-raid/ >https://www.freetalklive.com/archives > >This appears to be a direct attack on political persons in the >libertarian community. It is not the first attack. Local government >raided the KAT (Keen Activist Center, which I believe is the same >place) >a few years back and there have been many other legal attacks on Ian >and >other libertarians in the community. Including an attack on James >Cleveland for recording the police (he won) and Rich Paul (he was >arrested for selling pot, but the actual amount was insignificant, and >immediately tried to get him to be an informant on the KAT, he turned >that down and went to trial, and got a year, but risked spending as >much >as 100 years in doing so). Among many other legal shenanigans... all >for >being peaceful activists... > >Anyway- I thought people may want to keep an eye on this. People wonder > >why we need Tor. Well, not only do we need it overseas we need it right > >here in the United States. If you speak publicly against the mainstream > >or against the FBI's choices (like distributing child porn, which two >weeks earlier was covered by the show, and they were critical of the >FBI >in doing this) you might just get raided. I am not aware of the FBI >actually raiding anybody else in connection to Playpen (or users >anyway, >yet) so it seems quite politically motivated. I'm also a little >doubtful >there ever actually was a connection here. Somebody 'accidentally' >misread something and testified to get the warrant in order to >discredit >them or similar is my suspicion right now. They'll probably find >something, but it won't be child porn, and even if they did, I'd call >it >suspect, given all the facts. The FBI aren't angels and play dirty all >the time. Yet- we are suppose to trust them, the courts, etc and the >convictions (or guilty pleas when they twist your arm so there are no >other options of defense). > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Operation Onymous Technical Explanation?
What i have heard was that it was alot of bad opsec and also some pma-exploits CANNON NATHANIEL CIOTA skrev: (26 mars 2016 12:32:21 CET) >Seeking technical information on how hidden services were de anonymized > >and what updates to HS protocol was applied as a mitigation. >Thanks, >-- >Cannon N. Ciota >Digital Identity (namecoin): id/cannon >Website: www.cannon-ciota.info >Email: can...@cannon-ciota.info >PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2 >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Sharing my OpenWrt Tor configuration
I have been wanting to play with openwrt for a while now :) great write up! Rob van der Hoeven skrev: (21 april 2016 19:27:59 CEST) >Hi folks, > >Two months ago I wrote an article named: Thoughts on Tor router >hardware. > >https://hoevenstein.nl/thoughts-on-tor-router-hardware > >In the article I described an ideal Tor router configuration and argued >that having Tor on the router benefits both security and usability. > >Since the article I have been playing a lot with my OpenWrt router, and >I think I now have a very nice configuration. I documented my >configuration in a new article: > >https://hoevenstein.nl/my-openwrt-tor-configuration > >The OpenWrt configuration improves my network security and . made >me >remove Tor from all my computers. Yep, Tor on the router is the way to >go for me. > >Enjoy the article, >Rob >https://hoevenstein.nl > > > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] FBI harassing Tor devs
Did u manage to put up some anti ddos? I wrote a script that blocked my läst attackers ddos attacks might work.. block udp ddos attacks drop em if they are sent more then 15 times iptables -A INPUT -p udp -m connlimit --connlimit-above 15 -j DROP iptables -A OUTPUT -p udp -m connlimit --connlimit-above 10 -j DROP Cloudflare isnt for us tor lovers, take care isis skrev: (6 maj 2016 14:01:56 CEST) >Christian Pietsch transcribed 2.3K bytes: >> On Fri, May 06, 2016 at 01:48:23AM -0500, CANNON NATHANIEL CIOTA >wrote: >> > Anyone know what FBI is trying to do? Rumor that FBI is harassing >Tor >> > developers >> > >https://www.techdirt.com/articles/20160505/00383034349/fbi-harassing-core-tor-developer-demanding-she-meet-with-them-refusing-to-explain-why.shtml? >> > >> > Also... warrant canary is currenlty offline >> > https://fyb.patternsinthevoid.net/canary.html >> >> I can confirm that her warrant canary was online yesterday but is >> unreachable now. As is her blog there. Isis, are you okay? >> >> Greetings from Germany >> Christian > >Hello Christian, > >Thanks for the concern! I'm fine. My server has been under heavy DDoS >since >my last blog post, so it has been intermittently unavailable. It >should be >back again now. > >However, (as the warrant canary text states) "The OpenPGP signature on >this >warrant canary has a pre-determined expiration date that coincides with >the >date on which this canary will die." The website itself being up or >down has >nothing to do with the validity of the canary; the signature is the >only part >which matters. Additionally, the sources used to generate my blog are >available in a git repository: > >https://code.ciph.re/isis/patternsinthevoid >https://github.com/isislovecruft/patternsinthevoid > >In particular, you can find the canary here: > >https://code.ciph.re/isis/patternsinthevoid/src/master/pages/canary.asc >https://github.com/isislovecruft/patternsinthevoid/blob/master/pages/canary.asc > >Best, >-- > ♥Ⓐ isis agora lovecruft >_ >OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 >Current Keys: https://fyb.patternsinthevoid.net/isis.txt > > >---- > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Which reputable webmail providers function well with Tor?
I use riseup.net and can recommend that, i use to use hushmail but u know^^ blo...@openmailbox.org skrev: (25 maj 2016 21:55:15 CEST) >Can anyone suggest a reputable webmail provider that is not totally >anti-Tor. > >Cock.li and Sigaint and Unseen.is and Mail2Tor are out as the names >look >weird to "normal" people. > >Ruggedinbox is unreliable as the site is often down. VFEmail used to >work but I can't seem to sign-up now. > >ProtonMail demands SMS validation. > >Tutanota seems OK but on this list a poster said that they closed his >accounts down for no reason. > >RiseUp requires an invitation. > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Please suggest domain registrats that are Tor (and bitcoin) friendly.
domains4bitcoin is pretty good CitizenZ skrev: (27 maj 2016 16:59:37 CEST) >Blobby, >I have used Namecheap and paid with bitcoin in the past with no >trouble. >But It's been nearly a year. It's possible that the problem is not >specifically Namecheap but the bitcoin payment processor that they use >(e.g Bitpay). Especially if the processor uses Cloudflare. Some of >these >processors block payment requests over Tor. For example some will block >the ability to scan a QR code with the payment details but will accept >the bitcoin fine if you enter in the address and amount manually. > >I recommend Gandi, I have since moved all of my domains to Gandi and >never looked back. They also accept bitcoin and I haven't had any >trouble making payments over tor, since they are their own payment >processor. > >Good luck. >On 05/27/2016 04:41 AM, blo...@openmailbox.org wrote: >> Earlier this week I attempted to buy a domain with Namecheap since >> they accept bitcoin and, helpfully, have WHOISguard free for the >first >> year. >> >> Sadly Namecheap do not like proxies which includes Tor and will >> prevent you from purchasing. >> >> Can anyone suggest a reputable (i.e. one that works) domain registrar >> that accepts bitcoin and has no problem with Tor. I say "reputable" >> because, in the past, I've found that a number of Tor and bitcoin >> friendly registrars have a tendency to time out or hang for some >> reason mid-way through the registration process. >> >> Many thanks. > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor (and other nets) probably screwed by Traffic Analysis by now
That sounds rly good , Dont u mean more like a random time or date ,sure u could pic a random number what if the number is to high? Or to low,anyhow cool idea Allen skrev: (2 juni 2016 17:39:32 CEST) >> >> There's nothing you can do about it but >> - start researching and using networks that use fill traffic >> > >Another alternative would be to re-architect the services of interest >to >use a message or packet store-and-forward protocol with a random delay >to >thwart traffic analysis. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Audio fingerprinting
Isnt it block java? As simple as that "mrnob...@mail-on.us" skrev: (26 maj 2016 08:23:34 CEST) >http://techcrunch.com/2016/05/19/audio-fingerprinting-being-used-to-track-web-users-study-finds/ > >A wide-scale study of online trackers carried out by researchers at >Princeton University has identified a new technique being used to try >to >strip web users of their privacy, as well as quantifying the ongoing >usage of some better-known tracking techniques. > >The new technique unearthed by the study is based on fingerprinting a >machine’s audio stack via the AudioContext API. So it’s not collecting >sound played or recorded on a machine but rather harvesting the audio >signature of the individual machine and using that as an identifier to >track a web user. > >I understand that these methods are not possible without javascript, >are >they? >The example provided in the webpage: >https://audiofingerprint.openwpm.com/ >uses fingerprintjs2 library. > >Any thoughts? > > > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Which reputable webmail providers function well with Tor?
Autistici got lots of domain names to Choice thats cool ng0 skrev: (27 maj 2016 14:21:35 CEST) >On 2016-05-26(04:42:20-0400), Griffin Boyce wrote: >> blo...@openmailbox.org wrote: >> > Can anyone suggest a reputable webmail provider that is not totally >> > anti-Tor. >> >>I've had a good experience with Autistici/Inventati -- which is a >> small Italian co-op similar to RiseUp. MayFirst/PeopleLink and >Electric >> Embers are also great co-ops that are fine with Tor users, but aren't >> free. A/I isn't "free" per se either -- they run on donations -- but >> there's currently no payment required to use their services. They >have >> a dozen or so domains that you can choose from. >> >> https://www.autistici.org/services/ >> http://new.mayfirst.org/en/why-join/ >> http://electricembers.coop/services/ >> >> *lights a candle for Lavabit* > >I have been using A/I for almost 10 years now, but when I wanted to >recommend it >to someone who previously had no email account it did not work as they >require >an existing email account for verification. There might've been also >some >Javascript involved and although they have a .onion address for >www,smtp,pop,imap >and other protocols, you can not register through this .onion > >This year they changed to lets encrypt and faded out their own CA, so >you >have to trust LE as well. > >-- >♥Ⓐ ng0 | http://www.n0.is/n >4096R/13212A27975AF07677A29F7002A296150C201823 > > >---- > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] A possible solution to traffic correlation attacks,
Got any beta code on this? Maybe add/c ode it as a daemon ?;) Not Friendly skrev: (5 juni 2016 16:40:52 CEST) >After about an hour of brain storming I may of found a way to stop >traffic correlation attacks. The idea is to add an artificial delay of >a few randomized ms (two separate delays, one to the tor exit and >another deal on traffic exiting the network) and add an extra chunk of >randomized data (just a small random amount of KB that never exits the >network). It would make traffic harder to correlate. What are your >thoughts on this? >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor doesn't connect over a proxy
Why would u go vpn->tor and not tor->vpn? Not Friendly skrev: (6 juni 2016 21:59:07 CEST) >On 2016-06-06 14:45, katerim...@sigaint.org wrote: >>> On 2016-06-06 14:15, katerim...@sigaint.org wrote: >>>> Hello >>>> I'm trying to connect Tor over a proxy in Qubes. In proxy machine I >>>> have a >>>> proxy software (JonDo) while in the AppVM I have installed Tor. In >>>> torrc I >>>> have setup as socks5 "ip of proxyVM" and as port "4001" (JonDo >port) >>>> but >>>> Tor bootstrap always stops at 80%, showing this: >>>> >>>> "Problem bootstrapping. Stuck at 80%:Connecting to the Tor network. > >>>> (No >>>> route to host; NOROUTE; count 3; recommendation warn; host >>>> A705AD4591E7B4708FA2CAC3D53E81962F3E6F6 at 46.166.170.5:443 >>>> 2 connection have failed >>>> 2 connection died in state connect()ing with SSL state (No SSL >>>> subject) >>>> The connection to the SOCKS5 proxy server at "ipVM":4001 just >failed. >>>> Make >>>> sure that the proxy server is up and running" >>>> >>>> I tried to setup before in whonix but without result >>>> >>>> Thank you >>> >>> Your setup isn't safe. The proper setup is to have tor running in >the >>> "Proxy VM" and then then have the "App VM" tunnel all traffic over >>> through the Proxy VM. I'm not sure why you are using JonDo. Since >they >>> first charge for their services and because of it have billing >records >>> and they are also proven to keep logs on the amount of bandwidth you >>> use. >>> >>> Keep in mind they state: >>> "Only the following non-individual-related information sent by your >>> browser is stored: >>> >>> the visited webpage (URL) >>> browser type / browser version >>> operating system >>> referrer URL (the site visited before) >>> time of the server request" >>> >>> in their privacy policy. >>> >>> You are by no means anonymous while using JonDo nor safe as since >they >>> store the information they could be forced to hand it over. It puts >>> you >>> at risk. Just setup a traditional who-nix setup. >>> -- >>> Not Friendly >>> -- >>> tor-talk mailing list - tor-talk@lists.torproject.org >>> To unsubscribe or change other settings go to >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >>> >> Hello >> Thank you for your reply >> I want setup jondo before Tor >> Vpn-->JonDo-->sys-whonix-->anonwhonix (vpn and Jondo in the same >> proxyVM) >> I use tor to navigate but I would use JonDo for a more long chain (in > >> this >> case JonDo see only tor traffic) >Well I can say one thing about this. With the long chain you are going >to have serious latency issues. Using Tor alone is sufficient. >Increasing the chain length doesn't add to your anonymity nor security >but it does slow down the connection a lot further. >-- >Not Friendly >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Which reputable webmail providers function well with Tor?
I am also very happy with the webui its called roundcube n its opensource:) Crypto skrev: (7 juni 2016 09:44:40 CEST) >Anthony Papillion: >> >> >> On June 6, 2016 7:47:16 PM CDT, Not Friendly >wrote: >>> I'm not sure about registering from Tor but Riseup.net is pretty >>> friendly with Tor. That being said you must have an invite or >request >>> an account. However I will say the interface works great with Tor. >I've >>> never had an issue with them. >> >> You can absolutely register from Tor. As far as I can tell, they put >no restrictions on connecting to the site via Tor at all. Unlike many >others, they actually respect privacy and don't feel the need to treat >every new user as a potential spammer. >> >> Anthony >> > >RiseUp actually has .onion addresses for all of their various services. >They list them in their Help->Security section. > >-- >Crypto > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] What can u code in 2 days ?
I wanted to challenge myself to 100% so i coded a blogging platform in 2 days (rushed it after my regular work) the css and style sucks but i spent most time on the sec and simular stuff i ended up with: https://github.com/flipchan/blogger 2factor pgp auth, btc address gen and ofc anti csrf and password hashing ^^ Was fun to work so intense with something due to the short period of time i had Building this . Anyhow would recommend to do something simular ofc it will turn out with alot of holes but its a fun Project to do, and also a break from all the talk about Jacob ,take care and have a nice day -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Can we have less of Jacob Appelbaum here, please?
I agree T F skrev: (10 juni 2016 12:17:57 CEST) >This is Exactly what I am thinking... tiered and too much rumors >Am 10.06.2016 10:40 vorm. schrieb : > >> Hello, people. Sincerely, I'm tired of this flood of threads. >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org >> To unsubscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Bittorrent starting to move entirely within anonymous overlay nets
Well like he says u cant proxy bittorrent traffic through tor cuz its udp grarpamp skrev: (9 juni 2016 06:52:35 CEST) >First come the clearnet indexes... > ># kickass torrents >http://lsuzvpko6w6hzpnn.onion/ ># the pirate bay >http://uj3wazyk5u4hnvtk.onion/ ># rutor >http://rutorc6mqdinc4cz.onion/ ># btdigg >http://btdigg63cdjmmmqj.onion/ ># torrents md >http://tmdwwwebwyuuqepd.onion/ ># demonoid >http://demonhkzoijsvvui.onion/ > ># Putting the "Tor" back in Torrent >https://gist.github.com/obvio171/addb26214a8c159f84a8 >https://news.ycombinator.com/item?id=8022341 > ># For DHT, PEX, UDP >https://www.onioncat.org/ > >Just a teaser of what's already out there... >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Graffiti "rapist lives here" at Jacob Appelbaum's house
That is so much to far carlos...@sigaint.org skrev: (10 juni 2016 20:32:39 CEST) > > >https://i.imgur.com/N0yv8DU.png > >https://twitter.com/Shidash > >https://pbs.twimg.com/media/Ckl7yTEWEAA6ko8.jpg > >https://pbs.twimg.com/media/Ckm-FkAWgAAJzEc.jpg > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Can we have less of Jacob Appelbaum here, please?
^^ :) I skrev: (10 juni 2016 17:23:00 CEST) >> >> Hello, people. Sincerely, I'm tired of this flood of threads > >..and let's send some t-shirts to me. >. > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor-Friendly Two-Factor Authentication?
Let me awnser this for u:) use pgp , if c alot of ppl that use Googles stuff but all gets send back to Google so i wouldnt want them to get my data, github.com/flipchan/blogger i created 2factor so if the usr got a pgp fingerprint it will be redirected to 2factor.html after login ,then u generate a code(string of chars) and encrypt it with X users fingerprint and give it 2min to decrypt ,thats pgp :) Scott Arciszewski skrev: (11 juni 2016 03:58:16 CEST) >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA256 > >Hi, > >I'm developing a CMS platform called Airship and I'd like to make it >as Tor-friendly as possible. > >Someone from the community suggested Two-Factor Authentication, but as >far as I'm aware there aren't many good options: > >* SMS-based authentication requires a phone number, which is >identifying information >* Google Authenticator requires a Google Account, which now-a-days >requires surrendering your phone number to Google >* FIDO U2F requires users to purchase separate hardware devices which, >while cheap, aren't already in the arsenal of most netizens > >I was curious if anyone in/around Tor was aware of any >privacy-preserving 2FA initiatives. > >Thanks a lot, > >Scott Arciszewski >Chief Development Officer >Paragon Initiative Enterprises >-BEGIN PGP SIGNATURE- >Version: Mailvelope v1.4.0 >Comment: https://www.mailvelope.com > >wsBcBAEBCAAQBQJXW3AsCRBrl6HCgmQE2gAA06YIAIx89seJ/M1Z+8V6+4sP >VRMCOcH2tPBbBl7KW17RRDuO2aoDsWNiaLNgY7ssHcm2xBte0T04uNTxfYxu >8/pzzgUrU6L7WHcUnGdUfqHtdBr6DY6xSrSavu6VwEATm0f5qDl3AouHyd9X >9aZs1nNX0/QQc/hMOE+hfkGl0rUDKKiwXCxLqXTxdxHiNqixQjb2GpfbiUen >ph4BLFAIFsUZ/STGRJOY31SVB/Lk9MOG2VOPlhXa27R+8IV7rcq41sQtEdUL >AdDOOCazmNISpUz1/I6/0wW16fGqrHk3jbtWMklzl4LI5aFg1w3CmV/MLEZE >i2HHPGvMiO3osSmyNBM2lL0= >=a2E8 >-END PGP SIGNATURE- >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Anyone got the sourcecode for "CensorSpoofer"
Hi im writing a whitepaper atm , and im working on a proxy/code for that whitepaper and it would help/be good to look at the source code for the CensorSpoofer if anyone got it,i cant seem to find it anywhere https://people.cs.umass.edu/~amir/papers/censorspoofer.pdf I would be very greatful if anyone had it/knows where it is. Take Care -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Which Dns?
Hi all ! Im configuring a new debian server Can anyone recommend a good dns server? i Dont want to use my isp default one, i found one that sounded good when i read about it uncensoreddns.Org. if anyone know of a better one let me know :) Take care -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] webmail send while using TOR is tagged as spamends up in spam
to move away from yahoo, or will the same stuff happen >when using another email provider? >At least, a mail service of a paid web hoster allows you to turn off > >spam filtering. > > > >But then it still allows spammers to send you spam on that address. :-) > > > >catch and a half. I'm looking for a real solution that solves >the CAUSE of the problem instead of 'pharmaceutical' medicating the >effect, and keeping the cause where it is. (only to sell more crap to >pamper the effect, and give you cancer on top of it that needs even >more pharma shit) > > >Is that a good way to describe it? > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] webmail send while using TOR is tagged as spamends up in spam
But isnt there anyway to unblacklist the emails? Like whitelist them in some setting? Friet Pan skrev: (25 juli 2016 15:25:45 CEST) >Thanks. > >and this was send by me without giung trough TOR, go figure... it >remembers me having used the tor network, and keeps rating my posts as >spam > >THIS ALSO HAPPENS with mails that come from hactivism websites. > >And mails from GNU.org >FSF.org > >what about amnesty international, greenpeace etc. can we check this? >can we ask all the humanitarian organisations to send their mail trough >tor and see what percentage is burned in the spambox? > >how many petition emails are never recieved? > >... ad more questions of the like here: > > >. >. >. > > > > > > >- Original Message - >From: David Balažic >To: tor-talk@lists.torproject.org >Sent: Tuesday, July 19, 2016 1:59 PM >Subject: Re: [tor-talk] webmail send while using TOR is tagged as >spamends up in spam > >On 19 July 2016 at 07:13, Friet Pan wrote: > >> >> So now i also wonder how many people on this list are not receiving >THIS message. > >For me gmail put your message (but not the replies) into Spam. Forgot >to check the reason it gave, sorry. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] webmail send while using TOR is tagged as spamends up in spam
I can say that i get all emails in my main inbox :) Friet Pan skrev: (25 juli 2016 16:03:10 CEST) >Yes i also have a riseup account that i use on other mailing lists now, >but i signed up here with the yahoo account for this reason, to see how >serious it is, and to raise some awareness if needed > > >I wonder how many people on the TOR mailing list receive my post in the >spam box. or a percentage > >I try to post all messages o this subject without going trough tor. >From Yahoo, with an account that sometimes uses TOR. > >And from the looks of it many people on this list get my original post >in the spambox. and maybe this post as well. > > >I'm pissed, i try to stay focussed and to stay to the point. that not >easy... i can snap before i know it. > >But i try my best to avoid a F*CH_SH*T_STACK on this list. >https://vimeo.com/13897452oops slip o't'tongue > > > > > >- Original Message - >From: Flipchan >To: tor-talk@lists.torproject.org >Sent: Monday, July 25, 2016 2:44 PM >Subject: Re: [tor-talk] webmail send while using TOR is tagged as >spamends up in spam > >Have u tried switching email provider? I had alot of problem with gmail >but i switched > >Friet Pan skrev: (25 juli 2016 14:37:00 CEST) >> >> >> >> >>- Original Message - >>From: "m...@beroal.in.ua" >>To: tor-talk@lists.torproject.org >>Sent: Tuesday, July 19, 2016 11:42 AM >>Subject: Re: [tor-talk] webmail send while using TOR is tagged as >>spamends up in spam >> >>Hello. >> >>On 19.07.16 08:13, Friet Pan wrote: >>> i use yahoo to mail with mailinglists but i use TOR to connect to >>yahoo. >>> >>> tuns out that all my posts now end up in everyones spam folders. >>> >>> Is this because the tor exitnodes are used by spammers? >>> >>> or is every mail that was send from a TOR user falsely marked as >>spam? >>> >>> also the subscription confirmation email i received from this list >>ended up in yahoo's spam. >>I see that roughly 10% of messages from tor-talk@lists.torproject.org >>from different people go into Gmail's spam folder. If you send a >>message >>via Yahoo's webmail, the message is sent from Yahoo's server, not from > >>Tor. So it's not likely that using Tor is relevant in your case. >> >> >> >> >> >> >>Yahoo detects that i come from a tor exit node (known tor exit node, >or >>known exit node that once was used to send spam perhaps??) >> >> >>Anyway Yahoo then rates me as 'unauthenticated user' and adds a >>metatag? ot someting that google recognizes as 'unauthenticated' >>whatever that means... >> >>And then in googles terms my mail is 'spam' in googles eyes. >> >>That's WRONG. Since i send a normal mail to a normal mailing list. >> >>Now i cannot sue Google.. But Torproject is harmed by google, and >>yahoo, AOL, and the rest of the cartel. And all TOR users are >affected. >> the cartel damages our privacy. >> >>If the torproject cab sue the crap out of them and then use the money >>that comes out of that to improve TOR and our privacy. Then PLEASE >DO!! >> >> >> >> >> >>> So now i also wonder how many people on this list are not receiving >>THIS message. >>This message has not gone into the spam folder. >> >> >> >>Since i did NOT sent THIS message trough TOR to make sure that it had >a >>chance to come tough (at the expense of MY privacy) >> >> >> >> >> >>> Can i sue yahoo for falsely tagging my mails as spam? or better can >>TOR sue Yahoo? :-D and win and get a lot of money to put into >>development? >>> >>> please have a look at dmarc.org it tries to explain in lawyer-ish >>speak how the yahoo, gmail, facebook aol, paypal, ebay, amazon cartel >>teamed together to force people to 'autenticate' >>> >>> authenticate as in ...get a code that they can use to invade our >>privacy. (or is this my brain going into paranoia mode?) >>No spam filter is perfect. My advice: do something useful, dude, >>instead >>of suing people providing you a service for free. >> >> >> >>I know a way to block spam that is nearly perfect, though i'm not a >>developer, and don't have the skills to DIY it. I want to share this >>idea, and discuss the details. But first i need to see that someone >>grasps the c
Re: [tor-talk] FBI cracked Tor security
Hello , i have exposed some pedofiles (i helped friends trace em) and in my experience pedofiles doesnt have much security, in 4/5cases i got them to go in to a website i owned and they did that and i loged ip hostname etc and only one use a vpn, anyhow like alot of ppl is saying the server must been hacked by them Jonathan Wilkes skrev: (22 juli 2016 17:35:50 CEST) >> However, if one's mum is willing to invest the time, they'll more >than >likely install the system successfully. > > >Jon,If Haroon's simplification were to make sense to an audience of >people who >aren't UX experts, it would be trivial to understand the constraints. >For >example, if I say, "explain like I'm five" and my audience uses simple >sentence >structure and/or pithy metaphors, then I was understood. If instead >they talk in a >condescending tone and try to persuade me not to throw a tantrum, I >wasn't >understood. > >At the very least, the question, "can my mum use this software?" has >the >constraint that "mum" is immutable-- her skills are what they are, >and her time is limited. The upshot is that the software, on the other >hand, >is mutable. We love "mum" and want her to use our software. If we >imagine >she isn't able to use it then it's the software that should change to >correct that. > >And here we have a respondent who does a complete 180 on the >constraints. >Claiming that "mum" just needs to "invest the time" is to do exactly >the opposite of what Haroon was implying. Now it's not the software >that >should change, but "mum's" priorities! >So please show this thread to Haroon as a hopefully final nail in the >coffin >of the >"design-for-that-poor-little-older-or-younger-lady-that-you-love" >trope. The intended audience clearly _not_ understand it. >But unlike everyone else who keeps repeating that trope, I have >complete >faith that a UX expert will know what to do when faced with this data. >Best,Jonathan > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] EU Intel Property Office Report Hates on Tor, Bitcoin, Bittorrent, Goods Pirates and Models
I think its great that u can download it, and if u like it u will/can buy it :) Conrad Rockenhaus skrev: (26 juli 2016 22:47:43 CEST) >Just a short answer to your rant - you are correct about the embrace >of >mp3. Had they done it sooner, they would of banked in quite a bit of >money. > >Regards, > >Conrad Rockenhaus > >On 2016-07-25 09:44, Friet Pan wrote: >> Sounds a bit like the war on drugs. >> >> They refuse to look at the cause of the problem, but jump around the >> effect like their pants are on fire. >> >> the effect is so scary, but refuse to see that THEY are >> the ones who caused it. >> >> In case of the music industry, they ignored MP3, then they ignored, >> napster and co. then they sued napster when the damage was done and >> out of control. >> >> >> If they had embraced MP3 in the very beginning, and had ran their own >> donwload sites at fair prices, then there would not have been a need >> for pirates, it wouldn't even make sense. >> >> But the music industry is greedy, and always wants MORE profit, so >> they make stuff artificially expensive and then moan that people give >> copies to their friends. I have an insane record collection, and when >> i download a track that i already own on Vinyl, on CD, or on BOTH, >> then they still want MORE money, i already paid the damn thing TWICE, >> so why is it a problem to download it?. Is it illegal? NO. Then why >> moan about it? >> And if there is no money in making music, then why do studio's still >> record music?, Why do record labels still produce music? If there was >> no profit then there would be no product. They still make music, and >> still make a living. And now people try before they buy, they >> download, and find new music that the industry does not promote on >the >> radio. And more artist make a chance to make money, all over the >> world, not in a small region. >> >> So that part is one big lie. Torrents do more music promotion then >> what radio ever accomplished. >> >> >> But thats off topic i guess... I had to say something about it. It's >> just silly. >> >> >> If you want fame in the 21th century, then make sure you have a >> torrent available. And you can make yourself more popular then >> 21thcentury fox can do for you with all the money in the world. >> >> And for TAX it doesn't matter, Servers make TAX, advertisment makes >> TAX, Concerts make TAX, more then ever before. >> >> I'm not promoting piracy, i'm only saying that the music industy is >> barking up the wrong tree, torrents SELL MUSIC and without the need >of >> bribing corrupt radio hosts.. It's cheaper then radio. >> >> The other topic have similar answers, movie industry is a bit >> different, buy they could have used torrent as a distribution >> mechanism, and made money without expensive servers and datapipes. >> >> It's their own mistake, and now they need someone to blame. So if TOR >> can protect people who are human and share their cooking recipes then >> that's all good. Without sharing data the human race would be more >> like a bunch of chimps fighting over a branch. If the music industry >> manages to put us in a zoo where we need to pay to look outside, then >> we are like chimps in a boring zoo without any visitors. >> >> thats not human >> >> Damn, i got pissed My apologies for my ranting... i'll buy some >> music next week... >> >> >> >> >> >> >> >> >> - Original Message - >> >> >> A new report published by the European Union Intellectual Property >> Office > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and macOS Sierra
Maybe u are runnin something else on that port? Run netstat? tort...@nym.hush.com skrev: (2 augusti 2016 00:28:17 CEST) >Hey all, > >I am trying to report an issue with Tor Browser and, after consulting >the Tor Stack Exchange forum, this seems like the best place to do so. > >I am but an irregular user of Tor but I like to have it at hand and >use it from time to time. Up until recently, I would update >frequently and it all worked smoothly. However, today is the first >time I try launching it after upgrading to macOS Sierra and I am >bumping into an error for the first time. > >Instead of connecting like it used to, the "Tor Status" window stays >in place for a while and eventually delivers an error message saying >"Tor Launcher. Could not connect to Tor control port". > >I upgraded to the most recent version of Tor Browser (the stable 6.0.2 >and then experimental 6.5a1), created an exception in my Firewall and >even deactivated said firewall for a bit, but all to no avail. Is >this something someone else has bumped into? Could it be connectivity >issues with Sierra itself? Some other functionality that blocks >ports? > >I hope this helps. > >Best, > >L. > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Username Generator programs
http://nsanamegenerator.com/ The Doctor skrev: (11 augusti 2016 21:24:49 CEST) >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA512 > >On Fri, 05 Aug 2016 20:29:38 +0200 >ban...@openmailbox.org wrote: > >> Besides password re-use from non-anonymous accounts (which password >> managers deal with), writing style (Anonymouth is supposed to deal >with >> that - openjdk support in progress), Re-using a non-anonymous >username >> by mistake is a remaining problem. > >Do they need to be 'real' usernames? What about the output of pwgen in >default mode (eight alphanumeric characters)? > >oYahb1ee Abai4su7 ahsh7eiB uGahPie5 Sae0zaej too5Phag Aitie4oo eiP3mief > >Unique as a username; pseudnonymous. Not memorable, though, because >they >look like 1200 bps line noise. > >- -- >The Doctor [412/724/301/703/415] > >PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 >WWW: https://drwho.virtadpt.net/ > >"Keep the lasagna flying." --Robert A. Wilson, final blog post > >-BEGIN PGP SIGNATURE- > >iQIcBAEBCgAGBQJXrNEBAAoJED1np1pUQ8RkGuoQAI3N0k/tdQNAf97ehl9qT/S6 >dwIy2zqJP4NObLIz5vDhN/PNfYdwJiz9Dm8VaGqfAgibMIsF1+e3b4BQ8WSWJkD/ >QaUXR/GEb/VxnKGXOdnZgV5qQHpU9+Iqfp+fWz7s9blZdEVGIc69VQuSW3T749sa >VFfOpV4AMZXiMNtmOeQfcRf03kyYeXU8MbO4ola0muqcjAriEuV0GLvC5PWcaf7B >pyW3uG8y7WdQrTIIxArVwxrPB4ckHzHxHxUScssq1T5De4wEdqR0N3uaab00jf8S >6OXOdK17Nr0M48iRIpKFfdX9Nlei6AYFLxp92lYGSXelAkRfsHI9hNN3kPdlsvjE >kAwyhOKKqc7uhEXcCG19FT2CDJJ+jf9IMBiRMzDMXTHl8YTEal7Rqf4i8uqZsUc3 >gWmdcQAApD/XuefzqSx8aNIeT3kLhP6bZQ/KMt/TMLUzJRsgF9oum0vjMoe5s86M >sZ7DB7xS2AUF1bvZsjpQV7ZDQolHBvN1yb0Pj2ubIGYXNrwwJUQoclvsi+TFXX3G >JRRHTZtaIJPbzO4DIS/Fb/cgeLtUxN41lPbbxoYGiUDigJDy9aBruS/sSRUk4fcd >qpNrWVwHqehuJoF8LA4Fd7NIl7qvPbAyMxezqwDh5UvS9Afonp6q+rBw/MF0n5HQ >iISsQldHtzXXFTL4e6tw >=8HON >-END PGP SIGNATURE- >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Username Generator programs
Python got a random word lib maybe take a that generate a word and some extra chars, maybe i could script up something Marina Brown skrev: (6 augusti 2016 17:36:57 CEST) >On 08/05/2016 02:29 PM, ban...@openmailbox.org wrote: >> Does anyone know about any good username generator programs? >> >> I've been thinking about some of the ways users can deanonymize >> themselves when posting on a forum. >> >> Besides password re-use from non-anonymous accounts (which password >> managers deal with), writing style (Anonymouth is supposed to deal >with >> that - openjdk support in progress), Re-using a non-anonymous >username >> by mistake is a remaining problem. > >I use pwgen as a username generator as well as a password generator. >Here is some of it's output. > >joaS7wai ieyie3Hu eixub4Lu ouChu8oh ned7Eeva eeYaef6w ik9Queib ahviJie6 >laesa2Ee huZ8eeLe feS2eeme een6aeNa ieGh8eBi roop5uCa xoo6ozaD zukaij8Y >uaTheo2a fah4bieY bai0eiFe zoHoi6ee mah4Bah7 sha0Zaes Iefui6ph widiM6xo >Eeda5ooH nao7oeG6 Ook0aila OhTh4po5 Phijee6E Kuk9hi3i fa2meiMi Aengaiv7 >Queigh6e aib7Tuxu Peubae4o ooNgo7ua yahSh2an quum6Ri5 quahYai7 oojo5moS >Aeb7thoo heivu9aS Dahng1ch ohghahX4 Ae1Yujei aeG9hab1 ao3ieSho eD0Puo7i >Elai0ugo Eic6aa1t athai1aP Chiequ9e aCh7leax iquaiD5r aBeng4Ph ic5Aeshi >wi8beeSh oyoh1oiX DaxooFa5 eipaB8ie ohch2Chi iiShu2Qu nooF8joo Cah8eipa >PaevooD9 coo7ieH3 ie9eeThi oot7aeFo thoo3Quu ceeF3iel thoub2Ao theeC6pi >Yoh6joob wohb2Eef UPah6lah Li0thohk eiS9AuMo am8Oothu teek2Aeg AxueZ8AM >uKah8EeS pohy0doW mioShei6 Paphah4z iduiph7L echu1zuX Zoh8bieV ahthaJ6o >iaD1queK Fo3Rurah aiThaek5 zue7uPie geD6Aeto Usai9pho aaqu3Weu Yee9Nu5I >ahj1uT4i uc0Raew9 sauV8aes Eithien5 aibooLe7 nah0Eeph APiSead8 kuWa3Aer >Quieno6e aec5oaKo Toiph4oh Odakuz9p pah6aeDi eeth2Fou Gae4Aeph aiy0Shae >tiefee7J Xi5ooduH Jae7EiJ3 Ofohch6i en3Och7O Ieke0quo Wee3pahn aCh1ash4 >Aingoo6n Yaif8ta2 EephiQu1 wie6ohKu aphur0Ai Phie9Fee Ieshoh4e ua8Yah9u > > >--- Marina Brown > > > > > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] My new whitepaper LayerProx
Hello all, Just wrote my first whitepaper , i turned a theory in reality :) Let me know what u think about it https://github.com/flipchan/LayerProx/blob/master/whitepaper/Whitepaper_LayerProx_by_Filip_Kalebo.txt Take Care and have a nice day -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] A community concern that needs to be addressed,
I thought the same thing regarding hope Plus There was 2-3 tor talks at hope i really enjoyed the tor isp talk Griffin Boyce skrev: (19 augusti 2016 03:17:48 CEST) >myz...@openmailbox.org wrote: >> Their post seems to be somewhat political and based on recent events. >> The user's concern on the lack of technical posts makes a lot of >> sense. I feel like Tor has become increasingly user-friendly and the >> Tor Browser Bundle is by far less 'intimidating' to perform first >time >> configuration than it was a few years ago. The lack of technical >posts >> might concern some people. What are your thoughts on addressing the >> issue? > >When I was at HOPE in July, men and women were saying (to me at least) >that they were happy that Tor is progressing, that they think we're >growing as a community, and they look forward to volunteering. >Honestly, that makes me really fucking happy. That's not really an >`identity politics` thing. I would say that none of the people that I >spoke to who plan to volunteer had any past negative experiences with >any Tor peeps. It's more a matter of seeing a terrible situation >happen >(from afar) and then seeing it handled in a serious way. It's been a >real rough patch for the community, but most everyone seems to be >handling it with grace and professionalism. Things like that can >inspire confidence in a project's team, as weird as that probably >sounds. > > So: I'm happy that people aren't scared away, hope that people of all >genders will keep volunteering, and that everyone will eventually move >beyond this (perhaps to more technical topics). People can always post > >about a Tor-related project on this list and it may well make it to the > >blog or twitter. I mean, if someone posts a cool project here I'm >pretty likely to post it to my twitter stream =) > >~Griffin > >-- >Accept what you cannot change, and change what you cannot accept. >PGP: 0x03cf4a0ab3c79a63 >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] proxy servers compatible with tor and proxychains
I use this freeproxylists.net/ But its very hard to trust proxies message skrev: (18 augusti 2016 19:55:30 CEST) >Readers, > >After searching for free proxies, it has been difficult to find servers > >to add to the proxychains configuration file, to use with tor. Nearly >all ip addresses deny access. > >Is there a list of free proxy servers that are friendly to tor? > >https://diasp.eu/posts/4538347 >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] sadly have to shut down my tor relay after less then 24 hours
Dont forget port 993 for imaps(imap with ssl) so You can use ssl with imap Anthony Papillion skrev: (21 augusti 2016 01:39:01 CEST) >It's actually pretty easy and you definitely don't have to be a coder: > >1. Find your torrc file and open it in a text editor >2. Search for 'ExitPolicy' (all one word) to find the right section >3. Enter a list of the ports you want to allow. Example: > > ExitPolicy accept *:80 > ExitPolicy accept *:443 > ExitPolicy accept *:110 > ExitPolicy accept *:143 > ExitPolicy accept *:465 > ExitPolicy accept *:587 > ExitPolicy reject *:* > >Make sure all of the other ExitPolicy statements are either deleted or >commended out. The exit policy above allows ports 80 and 443 (for web >access), and ports 110, 143, 465, 587 for email access. It rejects >anything else. > >This should stop your copyright infringement problem or at least reduce >it to almost nothing since the users would be restricted to stuff they >can get on regular websites (no torrents, USENET groups, etc). > >Hope this helps! > >Anthony > >On 8/20/2016 6:29 PM, Sarah Alawami wrote: >> Well I'm no coder. How do I then do this? I'm going to start over >from scratch, maybe. I dont' know much about the exit policies as I'm >quite new to this tor thing lol! I wonder what is trigering this to >happen on our vps's, at least o my vps. Lol! >>> On Aug 20, 2016, at 4:23 PM, pa011 wrote: >>> >>> Made the same experience this week within 24 hours as well on Bit >Torrent >>> Changed my Exit-policy - never had that before... >>> >>> Go on... >>> >>> All the best >>> >>> Paul >>> >>> Am 21.08.2016 um 00:49 schrieb Anthony Papillion: >>>> On 8/20/2016 5:47 PM, Sarah Alawami wrote: >>>>> Hello to all. Sadly I have to shut down my tor relay after less >>>>> then 24 hours, as I received a copyright violation and I don't >want >>>>> any network restrictions placed on me as I want the 150mbps >>>>> speed. >>>> >>>>> Sorry to all who were using it, but yeah there it is. >>>> >>>>> Blessings. >>>> >>>> That sucks! Sorry to hear about your experience. Might it be >possible >>>> to run your exit with a greatly reduced exit policy? Maybe just >>>> HTTP/HTTPS and mail? >>>> >>>> Anthony >>>> >>>> >>>> >>>> >>> -- >>> tor-talk mailing list - tor-talk@lists.torproject.org >>> To unsubscribe or change other settings go to >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New relays and bridges.
Good idea! I will try myself laurelai bailey skrev: (21 augusti 2016 21:59:42 CEST) >Since some folks have declined to offer their services in this >department i >thought it might be a good idea to start outreach to get more bridges >and >relays setup. Ill be setting one up myself and encouraging others to do >the >same across various platforms. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Makeing irc look like http PoC
Hi i created a Little PoC on how to use my latest Project LayerProx to make irc data look like http data https://m.youtube.com/watch?feature=youtu.be&v=BeJjUFe-0Vg Take Care and have a Nice day -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Any risk by showing traffic statistic on the DirFrontPage?
Ur thinking of traffic correlation attacks right? You could allways put a delay so that the data isnt shown in real time krist...@ovpn.se skrev: (27 augusti 2016 16:15:37 CEST) >Hello, >my company decided to start a Tor exit relay recently. We now want to >show some statistics on the DirFrontPage which we think people will >find interesting. >The statistic will only be basic and already public information such as >uptime and open ports, but also how much traffic the relay currently is >pushing through. >So I would like to ask if there's a big risk by exposing this (traffic >analysis attacks in mind here)? >If this is a bad idea, is there anything we can show on the >DirFrontPage about the relays current state without it being a risk? >Regards, >Kristian >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Connect Tor to socks4a proxy
Hello everyone:) I am currently working on a proxy Project (github.com/flipchan/LayerProx) and i connect to my proxy with a socks4a, anyhow i am trying to connect first to Tor then to the socks4a proxy like a dynamic_chain proxychain, Does anyone know how to connect to a socks4a proxy with Tor(without proxychains) i have played around with socat But havent rly got it to work and havent rly found any good python libs, does anyone know how to connect to a socks4a proxy using Tor? Or is like proxychains the only way Have great day and Take care -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Document: Building a "Proof of Concept" Onion Site
I just have the hidden service listen on the same port as http/https Alec Muffett skrev: (17 september 2016 22:50:17 CEST) >One of the questions I get asked lots is "How [do I] set up a Onion >site to >be an Onion equivalent to my [normal WWW website]?" > >Some people call these "onion mirrors" or "onion copies" of [a website] >- >but I feel that those are narrow, perjorative and incorrect >descriptions. > >Some websites you access over HTTP, some over HTTPS, and nowadays some >of >them you will access over Onions. > >So, for me these are "Websites accessed over Onions" - or simply "Onion >Sites" because I am old enough to remember "$PROTOCOL sites" for values >of >$PROTOCOL including: https, http, gopher, ftp... > >But how do you set them up? It's pretty simple and I am documenting >and >testing a process. > >The first of (probably several) documents has been posted at: > > >https://github.com/alecmuffett/the-onion-diaries/blob/master/building-proof-of-concept.md > >...and has been written for people who are comfy setting up a simple >Ubuntu >Server instance in a virtualised environment or on (say) AWS. > >The goal of the document is to build an educational, >non-production-quality >"playpen" onion site which uses "man in the middle" >request-and-response >rewriting to make a normal website available as an onion site; this is >not >a technique that I would typically recommend for production use* - but >it's >great for messing around, learning, and starting to see how Onions are >set >up. > >If you like the document and would like to see some prior discussion >and >diagrams, read also: > >https://storify.com/AlecMuffett/tor-tips > >My next document will probably drill into the matter of how subdomains >work >with onion sites, and how to modify the process from the first document >to >experiment with supporting multiple subdomains. > >- alec > > >* although last time I checked I think, Ubuntu and perhaps ProPublica >were >doing this, but rather more professionally than I describe here. > >-- >http://dropsafe.crypticide.com/aboutalecm >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] is it me or did tor talk get really quiet?
We gotta kick it online/make it More active then, we fight fire with fire , if someone wants censorship we defeat them with crypto, code and other Nice stuff grarpamp skrev: (18 september 2016 05:30:07 CEST) >On Sat, Sep 17, 2016 at 10:47 PM, Andrew F > wrote: >> I ued to get several post a day. Now I get less then a couple a >week? > >No it's not just you. Ever since Jakegate / Torgate Tor Project >Incorporated has seemingly enforced lockdown, censorship, and >comms hardening, beginning with their own silence and that of those >they control. A chilling effect. Not helped at all by simple requests >for transparency gone completely ignored by corporate principals in >position to answer... >https://trac.torproject.org/projects/tor/ticket/19794 >Further complicated by Tor being shown to be not exactly strong >against GPA's, certain other classes of attack, financing, etc. >So the whole thing perhaps backfired over a few months to where >people now feel they can't post freely to peers and/or just don't >care to post anymore. >At least that's one theory I've heard to explain the quiet. >Feel free to suggest or show others. >Don't get me wrong, tor and the project are really awesome >in particular areas and totally worth following [1], just that some >talk I've seen seems feeling the blanket pass to all areas has come >and gone. Is that true and good or bad? I don't know. You'd >probably have to look at the history of opensource projects, >reasonably in the public interest, to determine that. And then >talk about it to see further. > >[1] For example, multiplatform, great at hiding traffic content >and sources from casual intermediate observers, exits >all over the first world, fast, reproducible, pushing some legal >boundaries, publishing research for review, etc. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wily repository
The deb files doesnt work on ubuntu 128Ko <12...@protonmail.com> skrev: (21 september 2016 11:21:10 CEST) >Hello every one ! > >I'm new around here and i don't know if i'm on the right list for >posting my question. > >Some month ago, i have installed tor on Ubuntu Wily with the methode >described here : >https://www.torproject.org/docs/debian.html.en > >It's works fine but since a few weeks, every update attempt on the >repository return a 404. And indeed, if i check the repository i only >find Xenial repository > >So, i'm wondering if it's normal or not, cause i tried to search some >news about this, but i didn't find anything > >Thanks > >Thank you >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor-friendly email provider
Well what i look for in a email service is: Support pgp/gnupg No logging(Tor friendly etc..) Some email spam scanner like Spamassain or clamav Imaps Non-usa based isp "Karsten N." skrev: (25 september 2016 13:48:45 CEST) >Hello, > >> Oskar Wendel: >>> Do you have any recommendations? >> >> https://trac.torproject.org/projects/tor/wiki/doc/EmailProvider > >I don't understand the recommendation of this list for mail.ru > >> BAD will lock your account later when using tor, no anon recovery >> possible > >mail.ru will look my account if I was using Tor and this is recommended >by TorProject.org for Tor user? Hmmm - > >Any comments about this recommendation? Did I misunderstood something? > >Greetings >Karsten N. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor honeypot
Hi *:) I have been playing around with some telnet and ssh honeypots lately and caught some malware to learn More about reverse Engineering. And i thought it would be cool to run a Tor honeypot , something that listens on port 9001 and is ofc not connected to the Tor Network. So something that listens on port 9001 and logs all incoming request just to see if there is anything scanning for Tor ports and trying to hack them, has this been done? Would be cool to look at the data from that if anyone got a link. I cant be able to find something like this online:/ Take care -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor honeypot
I was thinking about creating a Tor clone and see the traffic goin to it, something that simulates a Tor relay with a virtual file system Cannon skrev: (11 oktober 2016 19:48:19 CEST) >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA512 > >On 10/11/2016 04:17 PM, Flipchan wrote: >> is ofc not connected to the Tor Network. > >What is "ofc" ? >What would be advantages of having it disconnected from Tor network? >Having the honeypot not listed in the Tor directory servers would only >detect scanners or adversaries that identify targets based on port >number. If I was an adversary I would just refer to the directory >server for listings of Tor routers instead of doing internet wide scans >which could take up to a day. >If concerned about "normal Tor traffic" acting as a cover for malicious >traffic, then perhaps sort log data through a filter omitting traffic >based on following criteria: > >1. OMIT traffic to/from known Tor Nodes and their listed ports, WHICH >ALSO INCLUDES traffic pattern matching normal Tor traffic. > >So what this filter would do is omit traffic between your honeypot node >and other Tor nodes, while bringing to attention traffic that is >connecting to/from non Tor routers or non Tor related ports or traffic >that may be connecting to other Tor routers/ports but with non standard >Tor traffic. > >So even if an adversary is mass hacking Tor from a Tor router as cover, >this would likely pick up traffic that is not matching that of standard >Tor traffic. >-BEGIN PGP SIGNATURE- > >iQIcBAEBCgAGBQJX/SVIAAoJEAYDai9lH2mwnhUP/0RVjI7a7Ysc9iDh5bicQWDa >dV6/fL/enXy0UiryHwA+7tO3is0gctgVmbbFSQNSqSOiDReuRV7KyKW437LsyJoq >YQE5RtiPga9ZdDxCiw3uHGXRYahH/VfZe7D0I+IkZOQdMbFBqo5kPQjAFYhix58l >Q9HFazbmuntXhdTuFgpJlctM1j5objyGi9EFg5+cRfKwIkllGvF2y/42M01yeB0H >9hNpO6KPFm6gHgNQBxJ0VZkP/wXSuYc2n0ae9r+P86Xox6N/xTqJ4ABiwDHGap5u >A4dotNEoW88f+gJx5/1S5i6PpFzll3/MbfH9gnLgRklrDljWS3GWLYhamhRoVbZx >XMPO/5wDwPWnm73EDBQJPbdDyVlFziMrf0d+Tjk3UAtCWODURXx4TTi90WRjZCF0 >rVBYqTP9Qn+0/Y5/wE8tPMjjLQqMaVdSPc5PvrZ+m+Hat7q17T4ZpKAedm7IbqME >G+F51lgqfOLleIabcP76xyEaxoM8jFNcI4oCSCzDLATe+romlE/PNLLlqHGa8VIL >AYhEhkMwgcHsy6eO+e7jcZx/7qC1jOvrxTYuT81cbgjc5VgPwdI9utyYQ85Qz9sO >G4az6M2FTHLnY8scGU4NbIsoZfN4RwNu++DLB0mPOr+iHWmSJZSNNOmz5fyhbLQi >sTWzCCofvLXLyK60RLc9 >=eadK >-END PGP SIGNATURE- > > >-- > >Cannon >PGP Fingerprint: 2BB5 15CD 66E7 4E28 45DC 6494 A5A2 2879 3F06 E832 >Email: can...@cannon-ciota.info >Bitmessage Address: BM-2cVaTbC8fJ5UDDaBBs4jPQoFNp1PfNhxqU >Ricochet-IM: ricochet:hfddt2csxnsb2mdq > >NOTICE: ALL EMAIL CORRESPONDENCE NOT SIGNED/ENCRYPTED WITH PGP SHOULD >BE CONSIDERED POTENTIALLY FORGED, AND NOT PRIVATE. >If this matters to you, use PGP or bitmessage. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor DNS Deanonymization
I have asked around and ppl tell Me that dns over tls is the best , anyhow this is how i solved it https://github.com/flipchan/Nohidy/blob/master/dns Justin skrev: (14 oktober 2016 14:29:17 CEST) >Hi, >Not too long ago, a paper was published that talks about how Tor users >can be deanonymized through their DNS lookups. Is this something I >should be concerned about? >Thanks, >Justin. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Is it secure to use Tor with HTTP Proxies?
I have read alot of bad guys putting up http proxies so i would not recommend useing a public one, here is some cool research https://www.youtube.com/shared?ci=RlSbpVz3RsM Laura Sharpe skrev: (14 oktober 2016 14:20:00 CEST) >Is it secure to use Tor with HTTP proxies? Like this: > > >Use proxychains and in /etc/proxychains.conf use: > > >[ProxyList] > ># defaults set to "tor" > >socks5 127.0.0.1 9050 > > >In "standard" Firefox (not the TBB) set Manual Proxy Configuration to a >HTTP proxy and use the same proxy for all protocols. Make sure Remote >DNS is ticked. > > >Assume that the HTTP proxy is legitimate. > > >From the command line run: > > >proxychains firefoxhttp://www.example_site.com/ > > >Traffic will be routed by proxychains through Tor then is transferred >through the HTTP proxy. > > >You may say that this is a bad idea since HTTP works at the application >layer and hence traffic can be intercepted by the provider of the HTTP >proxy (unlike SOCKS proxies which work at the transport layer (I >think)). But if the traffic from the user is always to a HTTPS site, >then why should there be a problem even if the content was intercepted? > > >I know that you can also use proxychains with SOCKS proxies but my >questions is specifically about using proxychains with HTTP proxies. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and IPv6.
Are You running a relay? In that Case doesnt You manually configure that in the torrc file, also i think alot of sites You curl have only ipv4 support, that was my Case when i had 2ipv4 and One ipv6 blo...@openmailbox.org skrev: (23 oktober 2016 18:58:38 CEST) >How does Tor deal with IPv6? I ask because I recently signed up with a >VPS which automatically allocates both IPv4 and IPv6 addresses. I >checked my IP with a variety of online IP checkers and noticed that one > >checker - http://whatismyipaddress.com/ - showed my IPv6 address rather > >than my IPv4 address. > >How would IPv6 work with Tor? >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration
This only scans for openports right? tort...@arcor.de skrev: (30 oktober 2016 00:57:04 CEST) >Hello Torusers, > >source: > >https://twitter.com/th3j35t3r/status/792438597152481280 >"JΞSTΞR ✪ ΔCTUAL³³º¹ @th3j35t3r >It's an 'Internet of Things' scanner - >http://iotscanner.bullguard.com/search " > >It is. > >Aloha, >Toruser >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Censorship / dpi's in the Netherlands
So i have been running a vps in the Netherlands for around 2years now and lately i have been seeing some kind of dpi system/censor ship being build , with other words they are starting to block sites so i cant curl them. I havent been able to find any online research or some article about censorship in the Netherlands, have anyone looked at deep package inspection systems or simular in the Netherlands? It might just be the isp who has started to block some sites. But this has never happend to Me before when i use a vps in the Netherlands. If anyone got some paper about censorship in the Netherlands let Me know:) Take Care -- Sincerly flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration
Things like mirai run a bruteforce attack on telnet auth , so maybe add a simple telnet scanner? tort...@arcor.de skrev: (30 oktober 2016 09:57:04 CET) >Hello Torusers, > > >Flipchan wrote: >> This only scans for openports right? > >Not only. Otherwise you can't tell if there is a power plant on that >port, a fridge or a toaster...or a Tor Node/User. > >http://iotscanner.bullguard.com/ > >There is link on the site referring to > >http://www.shodan.io/ >"Websites are just one part of the Internet. There are power plants, >Smart TVs, refrigerators and much more that can be found with Shodan!" > >Take a look what is happening these days, please. A toaster was hacked >within one hour since connected to the internet: > >https://www.theatlantic.com/technology/archive/2016/10/we-built-a-fake-web-toaster-and-it-was-hacked-in-an-hour/505571/ >"We built a fake web toaster, and it was compromised in an hour." > >And you could get a slightly bigger picture with that article: > >http://arstechnica.com/security/2016/10/nuclear-plants-leak-critical-alerts-in-unencrypted-pager-messages/ >"Earlier this year, researchers from security firm Trend Micro >collected more than 54 million pages over a four-month span using >low-cost hardware. In some cases, the messages alerted recipients to >unsafe conditions affecting mission-critical infrastructure as they >were detected. A heating, venting, and air-conditioning system, for >instance, used an e-mail-to-pager gateway to alert..." > > >Imagine, when a company shuts its doors after selling IoTs, these >products (Satellites, EDPCs, bulbs, toaster, USB, akku, cars, >drones...) will not get a (licenced) update to be protected from >hacking or prohibited from sending alert msgs and assimilated by a >borgnet. And as you can guess with 54 million alert pages companies >reduce their employees and forget that some chaperoned IoTs alerts. >Sometimes it is just easier/cheaper/faster to plug new things to the >net than to repair the old. > >I could not tell which is more worse to deanonymize a Tor user or to >find such anonymous IoTs to switch on for someones own use. > >Aloha, >Toruser >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor DNS Deanonymization
I have been running dnssec over tor a month now and i am very happy havent had any problems Michael skrev: (3 november 2016 08:20:18 CET) >There are many ways for your browser and other network traffic > to betray your activities; it is not just DNS leaks ya got to be > worried about, checkout the browser cache attacks that where > shown at the BlackHat convention about two months ago. > >Title: I Know Where You've Been: Geo-Inference Attacks... >Link: https://www.youtube.com/watch?v=lGb0AACAk1A > >Also be aware that DNS records are not the only way of linking > specific users (or groups behind the same NAT) of a web > server or multiple servers over time. > >Title : DEF CON 18 - Peter Eckersley - How Unique Is Your Browser? >Link: https://www.youtube.com/watch?v=OwxhAjtgFo8 > >Stay safe y'all. > >On November 2, 2016 10:13:00 AM PDT, sajolida >wrote: >>Alec Muffett: >>> On 14 Oct 2016 1:29 pm, "Justin" wrote: >>>> Not too long ago, a paper was published that talks about how Tor >>users >>>> can be deanonymized through their DNS lookups. Is this something I >>should >>>> be concerned about? >>> >>> That is an excellent question! What are you doing, and who are you >>afraid >>> of? :-P >> >>I bet Justin was referring to [1] which has been announced by its >>authors on tor-dev [2] but I couldn't find an analysis of it by the >Tor >>community (and I don't have the skills to do it myself). >> >>[1]: https://nymity.ch/tor-dns/tor-dns.pdf >>[2]: >>https://lists.torproject.org/pipermail/tor-dev/2016-September/011472.html >>-- >>tor-talk mailing list - tor-talk@lists.torproject.org >>To unsubscribe or change other settings go to >>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Timing attacks and fingerprinting users based of timestamps
So i was thinking about timing attacks and simular attacks where time is a Big factor when deanonymizing users . and created a Little script that will generate a ipv4 address and send a get request to that address https://github.com/flipchan/Nohidy/blob/master/traffic_gen.py then delay x amount of seconds and do it again. This will probelly make it harder for the attacker to fingerprint the users output data due to the increased data flow coming out from the server. So to protect against traffic timing attacks and simular would be to generate More data. Has anyone else got any other solution for these kinds of attacks? Take care -- Sincerly flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Orbot control port
What if You proxy ur app throw 9050? Shouldnt that work? arrase skrev: (13 november 2016 20:05:06 CET) >Orbot control port is randomized every run, is there a way to know the >port >by other app? I would like to write an app who manages his own hidden >service. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TorChat for Android
This sounds cool! Im down :) arrase skrev: (13 november 2016 12:41:15 CET) >I am interested in writing an application like Ricochet for android, if >someone else is interested you can contact me. > >I know about the Guardian project, I find it interesting, I'll get in >touch >with them, thank you > >2016-11-13 3:33 GMT+01:00 Roger Dingledine : > >> On Sun, Nov 13, 2016 at 02:57:15AM +0100, arrase wrote: >> > Is there an app like TorChat for Android? The idea of ??TorChat >is >> > interesting but the current implementation is very basic for normal >use >> >> Careful! You should be aware that "TorChat" is not made or endorsed >> or anything by the Tor people, despite its confusing name. :( I would >> suggest staying away from it on all platforms. >> >> A better choice, for the platforms where it's available, would be >> Ricochet. >> >> But you're right that there isn't a good one on Android, to my >knowledge. >> And I think it would be hard to get Ricochet going on Android, since >> it's tied to the Qt library. >> >> A worthwhile next step would be asking the Guardian folks if they >know >> of anything good on the horizon. >> >> --Roger >> >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org >> To unsubscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] OBFS4 Blocking
Did u only try to connect to a bridge and proxy data throw it? Justin skrev: (17 november 2016 12:16:49 CET) >Hi everyone, >I’ve been doing research to see how some of the pluggable transports >are getting blocked with DPI. I used a Cyberoam filter under my control >for testing, and an iBoss filter at a different location. >OBFS4 is blocked behind both filters. Cyberoam is doing some sort of >timing attack, but I’m not sure what. When a bridge is used by lots of >people, then it doesn’t work. Even enabling Iat mode=1 or 2 doesn’t fix >the issue. When I tried a bridge with not many users, it worked no >matter what Iat mode was set at. Behind iBoss, they are fingerprinting >Packet Interarrival times. Iat mode 1 and 2 worked no matter how much >load the bridges had on them. >Hopefully this information can help people understand a little more >about how these transports are filtered. >Thanks, >Justin. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Cameras
I have been searching around and cant seem to find any code for blocking access to the Camera on a computer. I think this is weird because i can find alot of people that sell stickers that You put in front of ur laptop Camera. I think a logical way would be to chmod the Camera to only be able to run by root or some user or something simular, does anyone know if there is any program or code that blocks the Camera or tells which process is useing it. Take Care //Flipchan -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Cameras
Cool, thanks :) Ben Tasker skrev: (22 november 2016 09:55:03 CET) >The problem with blocking the camera in software is that it can then be >unblocked in software (and still potentially without your permission). > >There have been examples in the past where others have been able to >change >behaviour so that the camera's light doesn't come on to warn the user >that >it's recording. > >In the absence of being able to disconnect the camera, the only way to >be >certain is to physically obstruct the lens, hence the stickers. > >But, if you want to find out which process is using the camera >(assuming >it's using v4l), you can do something along the lines of > >fuser /dev/video0 > >Which should give you the pid of whatever process is using it. > > >On Mon, Nov 21, 2016 at 7:05 PM, Flipchan wrote: > >> I have been searching around and cant seem to find any code for >blocking >> access to the Camera on a computer. >> I think this is weird because i can find alot of people that sell >stickers >> that You put in front of ur laptop Camera. I think a logical way >would be >> to chmod the Camera to only be able to run by root or some user or >> something simular, does anyone know if there is any program or code >that >> blocks the Camera or tells which process is useing it. >> >> Take Care //Flipchan >> -- >> Sincerly flipchan - LayerProx dev >> -- >> tor-talk mailing list - tor-talk@lists.torproject.org >> To unsubscribe or change other settings go to >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk >> > > > >-- >Ben Tasker >https://www.bentasker.co.uk >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Will Quantum computing be the end of Tor and all Privacy?
I dont think so, quantum 4times at fast so we just need to generate 4times as strong keys the entropy will just be bigger, But as Long as we are not useing like 56 bit des keys its okey hi...@safe-mail.net skrev: (27 november 2016 18:54:05 CET) >Will Quantum computing be the end of Tor and all Privacy? > >It's just a matter of time before quantum computers become a reality. >And >who will have the privilege of owning these beasts? Well, first and >foremost >the governments! And considering the insane power of these quantum >computers, even strong encryption, by today's standard on regular >computers, >will be effortlessly broken within reasonable time. > >So, where does this put Tor, encryption and general privacy? Shouldn't >we >start preparing ourselves for the inevitable privacy apocalypse? > >- Hikki >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hacker and Tor.
May i remind You that this is Tor talk mailing list, Tor is made to protect the privacy of people globaly and missuseing Tor is not helping make the Internet safer. Might i suggest that You hack on some vm's instead? Try vulnhub.com Jason Long skrev: (29 november 2016 19:55:18 CET) >Any idea? > >On Sun, 11/27/16, Jason Long wrote: > > Subject: Hacker and Tor. > To: "tor-talk@lists.torproject.org" > Date: Sunday, November 27, 2016, 12:56 AM > > Hello. > If you browse a Cpanel via Tor for deface a website then can > provider or Website admin find your real IP with some > tricks? Any experiences? > > Thank you. > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hacker and Tor
Hidemyass did deanonymize and gave out information to the goverment about One if their own users. If dns is your problem run dns throw Tor. Use dnscrypt throw Tor . A cpanel is often just some php script sure it might record ur ip and useragent But that is mostly the Web server that does that. If You have a fake usr agent and are running Tor You can do like a online browser leakage test. I would not(and this is my opinion use hidemyass). techl...@123mail.org skrev: (2 december 2016 19:21:55 CET) >> > Hello. >> > If you browse a Cpanel via Tor for deface >> > a website then can >> > provider or Website >> > admin find your real IP with some >> > tricks? Any experiences? > > >cPanel security system has been set up to grab the DNS of Tor proxies >used to log in, they will find out your real IP looking at the logs and >you will end up in jail. > >But Hide My Ass, a high security proxy, protects you from DNS caching >security system in cPanel: > >https://www.hidemyass.com/ >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
