Re: Building tracking system to nab Tor pedophiles

On Wed, Mar 07, 2007 at 10:35:54PM -0500, Paul Syverson wrote: > On Wed, Mar 07, 2007 at 09:53:08PM -0500, James Muir wrote: > > >Heheh, well speaking of dreaming big, while both what you and Jason > > >Edwards said are great goals to have, I think we shouldn't get > > >distracted from "stopping th

Re: blog about tor and skype

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 well, 1.) Skype Call Traced http://archives.seul.org/or/talk/Aug-2006/msg00232.html and http://archives.seul.org/or/talk/Aug-2006/msg00252.html also directly relevant to my point 2.) need i mention skype is closed-source? and 3.) when starting To

Re: Building tracking system to nab Tor pedophiles

On Wed, Mar 07, 2007 at 09:53:08PM -0500, James Muir wrote: > >Heheh, well speaking of dreaming big, while both what you and Jason > >Edwards said are great goals to have, I think we shouldn't get > >distracted from "stopping the bleeding" now with a few sentences right > >up front while something

Re: Building tracking system to nab Tor pedophiles

Heheh, well speaking of dreaming big, while both what you and Jason Edwards said are great goals to have, I think we shouldn't get distracted from "stopping the bleeding" now with a few sentences right up front while something more elaborate is devised (or a volunteer steps up). The problem is if

Re: Building tracking system to nab Tor pedophiles

Thus spake Paul Syverson ([EMAIL PROTECTED]): > I don't think it was off topic. To repeat what I already said in > an individual response. > > I think it was not OT since your post addressed the reality of a > situation for which people were designing Tor modifications and > deployments and

Re: Building tracking system to nab Tor pedophiles

As suggested on IRC, I think the Tor documentation strategy needs to be rethought. Most people barely read the download page, let alone the reems of FAQ questions. We've had two "attacks" now on Tor that rely on unmasking users who use Tor incorrectly. One of them actually published a paper and

Boulder Tech report on low-resource routing attacks on Tor

The following are some comments on the Univ. Colorado at Boulder tech report "Low-Resource Routing Attacks Against Anonymous Systems" that has been getting lots of press and other web attention lately and been somewhat discussed on this list. It is only today that I have managed to find time to s

Re: Building tracking system to nab Tor pedophiles

On Wed, Mar 07, 2007 at 02:14:33PM -0600, Mike Perry wrote: > Thus spake Freemor ([EMAIL PROTECTED]): > > > I think what needs to be done here is to create a FAQ or other standard > > document that will 1.) inform the vastly misinformed public. 2.) list > > places and ways they can make a differen

Re: Building tracking system to nab Tor pedophiles

Thus spake Freemor ([EMAIL PROTECTED]): > I think what needs to be done here is to create a FAQ or other standard > document that will 1.) inform the vastly misinformed public. 2.) list > places and ways they can make a difference. Excellent post, even if slight off-topic. As suggested on IRC, I

Re: Compile error w/0.1.2.9-rc on Kubuntu 6.10

checking for libevent directory... configure: error: Could not find a linkable libevent. You can specify an explicit path using --with-libevent-dir ./configure --with-libevent-dir=/usr/local/lib that got it working for me (also Ubuntu 6.10 here, but the gnome variety)

Re: one less onion skin

On Wed, Mar 07, 2007 at 12:07:25AM -0500, James Muir wrote: > I agree that not using k_1, d_1 would allow OR1 to determine that they > are the first node in a circuit. However, Tor clients already leak this > information. The key agreement with OR1 is done using a "CREATE_FAST" > command rathe

Re: Building tracking system to nab Tor pedophiles

A non-issue. The DNS request from the first trick will get routed through TOR. The second trick is easily avoided by blocking Java via NoScript. ~Mike. Fergie wrote: Hmmm. http://blogs.zdnet.com/security/?p=114 Comments? -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the

Re: Building tracking system to nab Tor pedophiles

I've seen a VM that routes all traffic over TOR, invisibly to the O/S. (Not sure what they do about UDP). Developed at Georgia Tech. One better .. TOR on OpenWRT on a Linksys router. Tor at the *hardware* level. ~Mike.

Re: Compile error w/0.1.2.9-rc on Kubuntu 6.10

On Wed, Mar 07, 2007 at 10:59:13AM -0800, light zoo wrote: > > checking for libevent directory... configure: error: > Could not find a linkable libevent. You can specify an > explicit path using --with-libevent-dir > > I had the libevent1 package "libevent1_1a-1_i386.deb" > installed be

Re: Compile error w/0.1.2.9-rc on Kubuntu 6.10

On Wed, Mar 07, 2007 at 10:59:13AM -0800, light zoo wrote: > RE: > > > > Mr. Mathewson wrote > > Again, if any of these warnings actually trigger in > > the code, please let me know. > > While not an error specified in the message above

Compile error w/0.1.2.9-rc on Kubuntu 6.10

RE: Mr. Mathewson wrote > Again, if any of these warnings actually trigger in > the code, please let me know. While not an error specified in the message above I did experience an error when I tried to compile on my Edgy Eft: (I could se

Re: one less onion skin

Nick Mathewson wrote: On Wed, Mar 07, 2007 at 09:29:43AM -0500, Paul Syverson wrote: [...] My kneejerk response is that (a) the overhead from this vs. everything else in Tor is very small, This was one of the major reasons for not doing it at the same time as CREATE_FAST. Assuming that TLS c

Re: one less onion skin

On Wed, Mar 07, 2007 at 09:29:43AM -0500, Paul Syverson wrote: [...] > My kneejerk response is > that (a) the overhead from this vs. everything else in Tor is very > small, This was one of the major reasons for not doing it at the same time as CREATE_FAST. Assuming that TLS conns are mostly long

Re: Building tracking system to nab Tor pedophiles

O.K. I've been biting my tongue on this one for a while now. I'll try to keep this short as it is not specifically TOR related As a survivor of childhood sexual abuse. I'm personally getting annoyed by this whole "nab the paedophiles thing". for several reasons: 1.) 90+ percent of sexual abuse o

Re: Building tracking system to nab Tor pedophiles

On Wednesday, March 07, 2007, at 07:42AM, "Roger Dingledine" <[EMAIL PROTECTED]> wrote: >On Wed, Mar 07, 2007 at 12:56:22AM -0500, James Muir wrote: >> > http://blogs.zdnet.com/security/?p=114 >> >> The approaches suggested won't work if you use Firefox with NoScript set >> to disable JavaScri

Re: Building tracking system to nab Tor pedophiles

On 3/7/07, Nick Mathewson <[EMAIL PROTECTED]> wrote: [...] and fangirls reading harry/ron slashfic online. The picture! It's burning into my brain-patterns! ARGH! Cheers, Alex. -- "I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the

Re: Building tracking system to nab Tor pedophiles

On Wed, Mar 07, 2007 at 02:50:34PM +0100, Alexander W. Janssen wrote: > OK, we heard a lot of technical details, I'll cover the non-tech part of it. > > On 3/7/07, Fergie <[EMAIL PROTECTED]> wrote: > >Comments? > > Yes, it's stupid. Well, it sounds like a pretty thorough implementation of a well

Re: one less onion skin

On Tue, Mar 06, 2007 at 11:11:16PM -0500, James Muir wrote: > A typical Tor circuit looks like > > OP -- OR1 -- OR2 -- OR3 > > where the three "--" links are all TLS connections. TLS protects the > OP's communications from adversaries outside the network, but another > layer of crypto (used in

Re: UDP over Tor [was Re: blog about tor and skype]

On Tue, Mar 06, 2007 at 09:38:54PM +0100, Juliusz Chroboczek wrote: > > Forwarding raw IP is difficult, I agree. But it's UDP I'd like you to > forward. > > Considering your list: [snip] > > 4. I'm not sure I understand this point. You could just forward UDP > over TCP, as long as you make su

Re: Building tracking system to nab Tor pedophiles

OK, we heard a lot of technical details, I'll cover the non-tech part of it. On 3/7/07, Fergie <[EMAIL PROTECTED]> wrote: Comments? Yes, it's stupid. First, the legal issues. What he does is overtaking a TOR-user's machine by malicious code. He's accusing people of being childporn consuments

Re: Privoxy and Java

Dave Jevans <[EMAIL PROTECTED]> wrote: > Privoxy routes DNS through TOR. Like most HTTP proxies, Privoxy doesn't route any DNS requests. It either relies on the operating system to do the DNS resolution, or in the case of socks4a connections, just passes the hostname to the socks proxy. Privoxy

Re: Building tracking system to nab Tor pedophiles

On 3/6/07, Roger Dingledine <[EMAIL PROTECTED]> wrote: ... So the moral of the story appears to be turn the plugins off, period. The broader moral is: don't run code from strangers on your computer. The even broader moral would be to lament that we're still not using SSL on most Internet interact

Re: Building tracking system to nab Tor pedophiles

On Wed, Mar 07, 2007 at 05:28:13AM +, Fergie wrote: > Hmmm. > > http://blogs.zdnet.com/security/?p=114 > > Comments? They seriously expect me to use JavaScript and Java when using Tor? Some uber-hacker, indeed. More of the propeller beanie kind. -- Eugen* Leitl http://leitl.org";>leitl ht