Re: [tor-talk] Ninja Stik?
Jacob, What are the issues with Hardware cypto? Have you addressed this in a talk? If so would pass on a link? Youtube I assume? Thanks On Thu, Jul 18, 2013 at 4:55 AM, Jacob Appelbaum ja...@appelbaum.netwrote: Andrew Lewman: Anyone used one of these ninja stik usb drives? http://www.ninjastik.com It seems to be stock ubuntu with tor installed. People keep coming to me asking how come we called it ninja stik and why we used ubuntu when we have tails. The first question is why people think we produce it at all. I tend to prefer tails on a TrekStor disk - it has a write protect switch which seems to actually do something useful. With tails, LUKS does the job of crypto without the concerns that hardware crypto raises for me... That said - wow, what a website - and also, yeah, wow, why not Tails? :( All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
On Thu, Jul 18, 2013 at 10:45:27AM +, Andrew F wrote: What are the issues with Hardware cypto? Hardware is not inspectable, unless open, and verified to function by an audit. The sad reality of USB drive encryption: http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
Andrew F: Jacob, What are the issues with Hardware cypto? Have you addressed this in a talk? If so would pass on a link? Youtube I assume? Thanks Hardware crypto is difficult to verify on a number of different levels. I don't even trust these write protected switches but at least those can be verified to a degree that is reasonably comfortable... All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
Amazing.. Thanks Eugen Jacob On Thu, Jul 18, 2013 at 1:29 PM, Jacob Appelbaum ja...@appelbaum.netwrote: Andrew F: Jacob, What are the issues with Hardware cypto? Have you addressed this in a talk? If so would pass on a link? Youtube I assume? Thanks Hardware crypto is difficult to verify on a number of different levels. I don't even trust these write protected switches but at least those can be verified to a degree that is reasonably comfortable... All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
Andrew, The real question is about flash. They say that flash sites, including youtube and other tube sites work. Do you no of a way to use flash safely with tor and Ubuntu? I don't. On Wed, Jul 17, 2013 at 3:07 AM, Andrew Lewman and...@torproject.is wrote: Anyone used one of these ninja stik usb drives? http://www.ninjastik.com It seems to be stock ubuntu with tor installed. People keep coming to me asking how come we called it ninja stik and why we used ubuntu when we have tails. The first question is why people think we produce it at all. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
Sure. Only in a vm like Whonix. Not elegant by any means. If the site using flash breaks tor anonymity, all it gets is a bogus ip and bogus mac address. Sent from my NOOK Andrew F andrewfriedman...@gmail.com wrote: Andrew, The real question is about flash. They say that flash sites, including youtube and other tube sites work. Do you no of a way to use flash safely with tor and Ubuntu? I don't. On Wed, Jul 17, 2013 at 3:07 AM, Andrew Lewman and...@torproject.is wrote: Anyone used one of these ninja stik usb drives? http://www.ninjastik.com It seems to be stock ubuntu with tor installed. People keep coming to me asking how come we called it ninja stik and why we used ubuntu when we have tails. The first question is why people think we produce it at all. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
On 17.07.2013 13:54, ra wrote: Virtual Machines can be used to use Flash with Tor securely IMHO. Flash may be used to compute a unique fingerprint of a surfer IMHO. It does not break the anonymity by self if it was correct proxyfied, but it may help to break the anonymity. Best regards Karsten N. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
On Wednesday 17 July 2013 15:19:20 Karsten N. wrote: Flash may be used to compute a unique fingerprint of a surfer IMHO. It does not break the anonymity by self if it was correct proxyfied, but it may help to break the anonymity. Many attributes can be used to compose a unique fingerprint. Though Flash is one of them I don't see anything special about it - assuming a virtualized, non-persistent environment. signature.asc Description: This is a digitally signed message part. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/16/2013 11:07 PM, Andrew Lewman wrote: The first question is why people think we produce it at all. It seems to be common that, if it involves Tor somehow, the Tor Project was somehow behind it. I don't know how that thought process would go, exactly, but its reflected in some of the older threads on this mailing list. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Thoughts good! Slogans bad! Thoughts good! Slogans bad! -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHmyoYACgkQO9j/K4B7F8F/swCgnBVInfNmdfJ+mjiL6gBST6DF bTwAoN7J3U3KDqmyp5EP9Pmb9Ut9L7Hv =pp3c -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/17/2013 06:30 AM, Andrew F wrote: The real question is about flash. They say that flash sites, including youtube and other tube sites work. Uhhh Does anyone know where an image of one of the NinjaStiks could be acquired? It would be pretty easy to tell what's going on in there with a simple loopback mount. Having not seen it, speculation would not be fruitful at this time (but my cynicism subsystem has some ideas). - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Thoughts good! Slogans bad! Thoughts good! Slogans bad! -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlHmyuUACgkQO9j/K4B7F8Ff3gCcD+x37TMnLhK/shs191SHHUrv s8UAnA+kOFBe+uMGmpHAD2/k1oCKHjOJ =EsWy -END PGP SIGNATURE- ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
On 13-07-17 12:47 PM, The Doctor wrote: On 07/16/2013 11:07 PM, Andrew Lewman wrote: The first question is why people think we produce it at all. It seems to be common that, if it involves Tor somehow, the Tor Project was somehow behind it. I don't know how that thought process would go, exactly, but its reflected in some of the older threads on this mailing list. An entry on the TorProject website mentioning the NinjaStik could help: - mention spelling error (TOR) - advise that only the Tor part of it is made by TorProject - advise users of risks of not having the complete audited coverage that Tails provides (and can also run from USB stick) - what about updates for Ninjastick? signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ninja Stik?
Andrew Lewman: Anyone used one of these ninja stik usb drives? http://www.ninjastik.com It seems to be stock ubuntu with tor installed. People keep coming to me asking how come we called it ninja stik and why we used ubuntu when we have tails. The first question is why people think we produce it at all. I tend to prefer tails on a TrekStor disk - it has a write protect switch which seems to actually do something useful. With tails, LUKS does the job of crypto without the concerns that hardware crypto raises for me... That said - wow, what a website - and also, yeah, wow, why not Tails? :( All the best, Jacob ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Ninja Stik?
Anyone used one of these ninja stik usb drives? http://www.ninjastik.com It seems to be stock ubuntu with tor installed. People keep coming to me asking how come we called it ninja stik and why we used ubuntu when we have tails. The first question is why people think we produce it at all. -- Andrew http://tpo.is/contact pgp 0x6B4D6475 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk