Hi,
have you seen this:
http://qubes-os.org/Home.html
Qubes is an open source operating system designed to provide strong
security for desktop computing. Qubes is based on Xen, X Window System,
and Linux, and can run most Linux applications and utilize most of the
Linux drivers. In the future it
Hi,
great job!
BTW, is it possible to develop NetworkManager extension for this?
And it would also be great to Tor extension for Network Manager...
Regards,
Matej
***
To unsubscribe, send an e-mail to majord...@torproject.org
Hi,
> Wasn't there a user driven opensource geoip database project
For Debian/Ubuntu:
geoip-database - IP lookup command line tools that use the GeoIP library
(country database)
tor-geoipdb - geoIP database for Tor
bye, Matej
Hi,
> Thanks for the info, it's great to read that and hope that's will help to
> protect the our privacy .
It seems data retention is not completely banned, the problem is only
german implementation.
However, it is important thing.
bye, Matej
*
Hi,
good essay:
http://www.schneier.com/blog/archives/2010/02/anonymity_and_t_3.html
bye, M.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/tal
Hi,
a year ago or so, I was translating TorButton in slovenian language.
Now I see new features were added, but no localisation done.
I am willing to help, however, I lost instructions. Could the author
(Mike Perry) send me .po file or instructions how to finish slovenian
translation?
Thx.
Bye
Hi,
> # Hardware Random Numbers: True random number generation of up to 125 Kbps
What about this:
http://www.entropykey.co.uk/
It is about 40 EUR...
bye, Matej
***
To unsubscribe, send an e-mail to majord...@torproject.org with
Hi,
I have noticed, there is no Ubuntu Karmic repository with Tor binary
packages.
Or am I wrong?
bye, Matej
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archive
Hi,
> Some interesting information about the self signed certificate:
>
> CN: Finjan.com
Could be that provider of this exit point uses some network appliance.
Some special firewall with antivirus, etc. protection, so called UTM
(Unified Threat Management) device, which does traffic interception
Uuuups, it seems BetterPrivacy allows remote code execution.
"This plugin is currently dangerous for anyone to have installed as it
is vulnerable to a 0 day exploit which allows remote code execution. I
wont post the code but lets just say I have a working exploit ( though
benign ) running on
Interesting...
Izvirno sporočilo
Zadeva: Re: BetterPrivacy does not allow remote code execution
Datum: Fri, 21 Aug 2009 10:14:37 +0200
Od: M Krg
Reply-to: M Krg
Za: Matej Kovacic
Hello Matej,
I already commented that "review" on AMO.
It is nothing but a Hoax, m
Uuups, it seems BetterPrivacy allows remote code execution:
This plugin is currently dangerous for anyone to have installed as it is
vulnerable to a 0 day exploit which allows remote code execution. I wont
post the code but lets just say I have a working exploit ( though benign
) running on ht
Hi,
I am not sure if this was on this list, but it is an interesting
information:
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
it seems cookies could be "respawned"...
And there is a plugin to remove this LSO's:
https://addons.mozilla.org/en-US/firefox/addon/6623
Hi,
I added APT line for Ubuntu Jaunty Tor installation:
http://mirror.noreply.org/pub/tor jaunty
I also added GPG key of Peter Palfrader (key ID=94C09C7F).
However, I got this error:
W: GPG error: http://mirror.noreply.org jaunty Release: The following
signatures were invalid: KEYEXPIRED 12176
Hi,
> You might want to take a look at zfone and zrtp. zfone is a free software
> phone that originates zrtp, an encryption scheme about to be implemented into
> a number of other free softphones (ekiga, for instance).
Well, Zfone is not released under GPL licence. And only development
(test)
Hi,
> We've heard rumors they're blocking all encrypted traffic. Does this
> mean everything that does an SSL handshake no matter the port? Or does
> it mean the blocked port 443?
>
> If the former, an automated system like Tor is going to have a tough time
> keeping up -- at least without the tw
Hi,
if I go to the JanusVM deanonimyzer test without being connected through
Tor, the test passes (of course), but I get info, that I have very good
anonymizer service:
If you do not see your real IP address in the report, then CONGRATULATIONS!
This means that you have a very good anonymity servi
Hi,
I just tried to export my personal certificates in Firefox (FF3, Ubuntu
8.10) and found it cannot be done - I get an error "Failed to create the
PKCS #12 backup file for unknown reasons.".
The same problem is with importing PKCS #12 certificates.
However, I found a solution - you must disabl
Hi,
> That's what it is supposed to say until you give it a name. The
> assumption is that you use out of band methods to authenticate the cert
> is correctly assigned. And then you type whatever nickname you want to
> give it into the petname field. Should the slo-tech.com cert change,
> you'l
Hi,
unfortunately Petname tool is not working on this site:
https://slo-tech.com/
It says "unauthenticated", and I cannot change that.
Any other solution?
bye, Matej
Hi,
> 'petname tool'
>
> https://addons.mozilla.org/en-US/firefox/addon/957
No, it is not what I am looking for. And BTW, it is not working on this
site: https://slo-tech.com
bye, Matej
Hi,
problaby you have seen that:
http://www.phreedom.org/research/rogue-ca/md5-collisions-1.0.ppt
My question is - is there a plugin for Firefox, which saves info about
certificate of a website. When user comes back next time, plugin should
check prevous certificate and the new one. If there is c
Hi,
Ubuntu 8.10 has an option to create live USB disk. It could be also
writable and you can install your own software.
So you can customize your portable USB stick, have your encrypted
private directory (https://wiki.ubuntu.com/EncryptedPrivateDirectory)
and install Tor.
But the problem is, tha
Hi,
it is interesting to see that some University research group will go to
court because of their research...
... but NSA, which is doing much more problematic "research" has a full
support from Bush administration and Congress.
bye, Matej
Hi,
I would like to update slovenian translation of Tor Button.
So I went to https://translation.torproject.org, registered myself and
received only my username and e-mail, and not activation code.
So I sent an e-mail to [EMAIL PROTECTED] - and
received "Undelivered Mail Returned to Sender" mess
Hi,
http://www.debuntu.org/how-to-customize-your-ubuntu-live-cd
bye, M.
Hi,
> - someone running Tor routers in a PlanetLab slice
I don't want to be paranoid or think in a terms of conspiracy theory,
but what Dan Egerstad did was that he set up several Tor exit nodes in a
different countries.
More nodes and more diversity (different countries) means greater
possibili
Hi,
> In weeks 8 and 12 there appear to be roughly 50 new nodes added in the
> space of roughly one day.
Some secret service or criminal organisation is trying to repeat what
Dan Egerstad didi in his "embassy hack" last year? :-)
Or maybe someone is donating servers to Tor project? :-))
However
Hi,
> Okay, menu-icon is now fully working in the new package :) Tested with
> gnome-panel and fbpanel on Ubuntu Gutsy Gibbon.
It is working, yes. However, I have had installed Tor before, and when I
startup Vidalia, it says: "Vidalia detected that Tor exited unexpectedly.
Please check the mess
Hi,
looks great, just a small problem: Vidalia is added into menu entry in
Programs - Internet, but there is no icon in menu entry.
bye, Matej
Hi,
>> "SI VIS PACEM, PARA BELLUM"
> Bad idea. Right now we're not criminals, and can even convince the
> interested public of that.
> If we'd start shooting back we would lose public support. Which is the
> factor that will decide this war.
>
> Plus, it would never "really" work. Antivirus softw
Hi,
> When do you use it? On what websites?
It is useful for end-to-end encryption for instance using with Gmail.
Tor does not provide you end-to-end encryption, your traffic is
encrypted only through exit node.
If you are using SSL website, your traffic is accessible to website,
because website
Hi,
check this out: http://firegpg.tuxfamily.org/
Useful in cobination with Tor button.
bye, Matej
Hi,
Personally I cant see the advantage of it be ruined by 'Jews' -
as compared to 'Nazis' - or anyone else. Surely this is just a personal
preference?
In fact, it was a provocation. We should have cleraly in mind that the
most weak point of anonimisation systems are exit points and the
pos
Hum, yes. But the real conspiracy is when Jews hide themselves under
"John Doe".
Sorry, I think it is better Tor network is completely runned by Jews by
than Neonazists.
BTW: That kind of stupid propaganda is very dangerous for the idea of
Tor. We need Tor to enhance freedom of speech in non
Hi,
I'm really sorry to hear about the persecution over there. This
certainly does seem like a campaign against tor. It's important to
remember that although it may seem like an us vs them situation, we
A few days ago I was surfing at our government's website and found
something about electronic
Hi,
that is an interesting information:
http://news.com.com/Police+blotter+Google+searches+nab+wireless+hacker/2100-1030_3-6144962.html?tag=cd.top
It seems Google is becoming evil.
In fact - it is a real problem when monopolists are doing surveillance.
You have no option to hide, because you n
Hi,
Suggestions for content:
* A warm greeting!
* Top Five things all tor users should know
* Appeal for users to run servers and link to how-to
* An introduction to some hidden services
Maybe site should try to execute JavaScript/Java which will "steal" the
real IP address and see if user i
Hi,
slightly OT, but probably interesting for most of people on this mailing
list:
https://addons.mozilla.org/firefox/3208/
Fire Encrypter extension for Firefox. After installation you can find it
at Tools - Fire Encrypter menu.
Nice demonstration/learning tool.
bye, Matej
Hi,
is it possible that Vidalia group or. someone else supports Ubuntu too?
OK, compiling Vidalia on Ubuntu 6.10 is easy, but for 6.06, which has
LONG TIME SUPPORT (!), there is no gt4-dev-tools qt4-designer packages
in repositories.
Ubuntu is very wide used, especially LTS version.
bye, Matej
Hi,
maybe it was published here, but it seems that someone developed
"TorButton" for Safari (Mac OS):
http://slightparanoia.blogspot.com/2006/10/few-useful-applescripts.html
bye, Matej
Hi,
I agree that your idea of using GnuPG for everything is excellent. The IM
client PSI is only one of many IM programs who now support using GnuPG for
chatting. I agree that websites serving pages using GnuPG and Firefox - and
every other browser out there - supporting it. I agree the idea i
Hi,
this is not directly connected to Tor, but I think it is important issue
because we need good support programs for Tor. By support programs I
mean Firefox, etc. which USE Tor.
The problem is people are extensively using webmail. They can use
"mobile" Tor (TorPark), but the problem is the
Maybe it is a stupid question, but why Tor does not create a virtual
network card and passes all the traffic through it?
Wouldn't that prevent DNS and IP leaking?
bye, Matej
Here:
http://www.schneier.com/blog/archives/2006/09/torpark.html
Congratulations!
Hi,
Also my impression is that the European Court didn't rule that
across-border gambling is legal in the whole EU, but that
restrictions are only allowed if they happen in the public interest:
Yes. But if member states would prohibit gambling at all - they could
say it is in public interest
Hi,
I would just like to let you know that Slovenian government (Slovenia is
a member of European Union since last year) a week ago decided to block
two on-line gambling sites, because they do not have a licence to
operate in Slovenia.
There are several problems with this, the major is that
Hi,
I'm not so sure that a dedicated appliance or Torpark-on-USB is going to
help with the confiscation issue. When the police come in, they take
*everything*. They're not going to say "Oh look, it's Torpark on USB,
let's just take the USB drive." They'll take the whole system.
Of course. B
George W. Maschke wrote:
> Considering the recent Tor server seizures in Germany, might it be
> desirable, from a privacy standpoint, to introduce a Tor "Live CD" that
> could be used to boot a PC in Linux and run a Tor server without writing
> any data to disk?
We have been talking about that.
It
Hi,
> That wasn't the original quesiton. The asker specifically said web-based,
> without (in my mind) any of the tricks which would let you do browser
> side decryption. If we're writing applications to do this, decrypting on
> the client end isn't really all that hard or unheard of.
But how is
Hi,
> I don't understand. You want a web based mail service that
> stores the data encrypted on their server, but your browser
> decrypts it when viewing? Also, the browser can't use Java
> or Javascript to do this? How would this be possible?
Why not use portable Thunderbird with GPG on an TrueC
Hi,
"that more people get 'busted', therefore draining the fund even more."
No, because when there will be one case when under some circumstances
Tor operator will be freed, there will be no legal action againt other
Tor operators anymore.
But I see one big problem with EFF. EFF is an US-base
Hi,
Or, they are searching for hidden services. Perhaps there are nodes within tor
that provide content that is unallowed in germany and they start confiscating
all tor nodes and search for unallowed content. If so, some more of us will
get troubles soon.
What?!?
How could be that justified?
Hi,
My reccomendation is to install TorButton addon for Firefox:
http://zargon.hobbesnet.org/~squires/torbutton/
You can also install Live IP addreess (notification bar for Firefox):
https://addons.mozilla.org/addon.php?id=1731
LiveIP har refresh time between 17 to 1422 minutes (see options), but
Skype Call Traced
Kobi Alexander fled the United States ten days ago. He was tracked down
in Sri Lanka via a Skype call:
According to the report, Alexander was located after making a
one-minute call via the online telephone Skype service. The call, made
from the Sri Lankan capital Colombo, al
Hi,
I have another idea. With Snakes On A Tor you are trying to estimate
amount of exit "abusers" and catch them.
What about some simple exit traffic analysis to detect how many people
are using non-encrypted communications?
We would have then the estimation about actual and potential abuse
Hi,
> A handful of hosts could run this thing and publish their results,
> perhaps along with some other manually created list of undesirable
> exits.
Great, that could be an interesting research. However, if someone is
doing this (injection/modifying) not all the time, it would be harder to
dete
A simple example of modifying traffic:
http://www.schneier.com/blog/archives/2006/08/stealing_free_w.html
http://www.ex-parrot.com/~pete/upside-down-ternet.html
Could be easily applied to Tor exit point too.
However, sniffing is not a problem if you are visiting only public
webistes (do not ex
Hi,
> SMTP = The payload (body) should be encypted using
> GnuPG (or other variations).
SMTP can also use TLS/SSL.
bye, Matej
> Is it save to surf with tor and enter login username and passwort for
> the website, if the form is in https ? If it's not https, is it unsafe?
My suggestion is to use:
POP3 --> POP3S
IMAP --> IMAPS
telnet --> ssh
http --> https
and "secure authentication" for mail clients.
At least that.
bye
Hi,
what prevents government from running Tor (exit) points and sniffing
exit (incoming) traffic on them?
bye, Matej
Hi,
what about configuring your SMTP/POP3 port to something else?
bye, Matej
Hi,
How to compile Vidalia on Ubuntu Breezy?
sudo apt-get install qt4-dev-tools
tar -xvf vidalia-0.0.6.tar.gz
cd vidalia-0.0.6
./configure && make
And I got this listing:
configure: Configuring vidalia 0.0.6...
checking for g++... g++
checking for C++ compiler default output file name... a.o
Hi,
> Of course of course... But in a country like Iran where ALL internet access
> are hardly monitored and filtered, where clients have to show their ID to
> enter an internet cafe and where all their data will be recorded, I would
> like to understand how a TOR node can be run, unless
Hi,
>>http://www.freehaven.net/~arrakis/torpark_1.5.0.4L.exe
I downloaded it, unzipped into special directory (let's say "tp") and
runned - but it is not working. It seems that tor service is not runned
or active
bye, Matej
Hi,
>>I see a node in Saudia Arabia. Some nodes in China.. and even a node
>>in Iran! These countries strongly control the internet. How is it
>>possible to believe, that these nodes are not some kind of
>>honeypots ?! And for this, it would be great to be able to easily
>>decide to not use some T
Hi,
> Yes, all tor servers have publicly known IPs and as a result, a query of
> the directory servers by the police could reveal you are a tor server.
Yes, I know, I am asking something else.
Let's say they take your server, and after few months you are "asked to
prove" you really had Tor server
Hi,
I have a question regarding Tor directory. How often is it refreshed? Is
there any history of al Tor points with IP addresses?
I am asking this in case of you are under investigation because someone
abused your Tor exit node, and you have encrypted hard drive. Let's say
you don't want to reve
Hi,
> Yes, once this is passed encrypting storage with a passphrase becomes a
> pointless exercise in the UK unless you are prepared to spend time at
> Her Majesty's pleasure in order to protect your data.
I thought plausible deniability feature of True Crypt is usable for
repressive regimes like
Mike Perry wrote:
> British govt just started pushing for Part III of RIPA citing
> terrorism and kiddie porn as major reasons to require people to
> disclose encryption keys...
We have seen this before. Read the book "The Electronic Privacy Papers"
(http://www.amazon.com/gp/product/0471122971/103
Hi,
> Who said anything about distributing? I thought we were talking about the
> ability to view / download things.
Nothing. I just wanted to say that distributing is illegal - which is
logical.
But in some legislations - British for example - even posession is illegal.
(Similar to illegal dr
Hi,
OK, this need more clarification.
First of all, I am not pro-cenzorship.
But I think that freedom of speech is not unlimited. And if it is not
unlimited, that involves some form of cenzorship.
Foir instance shouting "fire!" in full theatre could be viewed as
freedom of speech, but also as a
Tony wrote:
> Just like any other form of censorship, the definition of 'child', 'porn' and
> 'abuse' is open to interpretation.
That is correct, however legislation is quite exact with these terms.
> Censorship of already published information is never justified imo.
Hm, what about stealing som
Hi,
> i don't want to play the JAP advocacy game, but your information is
> false.
>
> if you check the press releases on anon.inf.tu-dresden.de, you will
> learn that nobody was 'nabbed'. there was a single IP address
I am interested in it, but can't find it (my German is very bad). Can
you pro
Hi!
> The failure of other systems (networks etc) to be practical about child porn
> is one of the main reasons we have so much spying on us today.
That is great for justification. What is better for the government: to
say they are spying on you, because they want to control the political
oponent
OK, the problem is what if authority force you to reveal the keys?
I am sure you all know this:
http://www.cypherpunks.ca/otr/Protocol-v2-3.0.0.html
Perfect forward secrecy
If you lose control of your private keys, no previous conversation
is compromised.
Why not to add aditional feature: to
Hi,
> They send you to prison if you don't give up the information.
> What about the priviledge of non self-accusation?
>
> It is expensive, but you can just piss 'em off and buy new hardware...
It is illegal because European Human Rights Convention prohibits it.
OK, you would go to jail, but
Hi,
> I want to add my two cents about child porn. Censorship is censorship,
> it doesn't matter what you censor or by what logic you censor. Banning
> child porn is censorship, copyright is censorship, and stopping people
> from speaking who have opposing political views is censrorship. It seems
Hi,
> ever heard of cryptfs_luks?
No. Google also finds nothing.
bye, Matej
Hi,
> Not that some powers haven't been known to first interrogate you as
> "unrelated witness" (neither you, nor your family, is accused), where
> remaining silent is obstruction of justice and punishable, and _then_
> charge you with the information thus gleaned.
Now I am talking only for Slove
Hi,
> Under the British "Regulation of Investigatory Powers Act", they would
> simply confiscate the entire machine, demand any authentication tokens
> required to access it, and lock you up if you refused to surrender them.
> I believe similar laws exist in most EU jurisdictions now.
What about
Hi,
this could also be a good idea:
http://www.ubuntuforums.org/showthread.php?t=120097&highlight=cryptsetup
encryption of harddrives from the scratch.
However, I would create a small partition where there will be keys
(files) for decryptig root and home partitions. This small partition
would be
Hi,
> However I might get bad news about this in a few weeks/monthes,
> depending of what the justice wants to do with me. Unauthorised
> cryptographic programs are illegal in france, since the "len" law
> adopted two years ago but I believe there is not much precedent
> equivalent case so they m
https://addons.mozilla.org/extensions/moreinfo.php?id=125&application=firefox
SwitchProxy lets you manage and switch between *multiple proxy
configurations* quickly and easily. You can also use it as an anonymizer
to protect your computer from prying eyes.
That sounds cool, because you can have j
Hi,
I am reviving an idea, which appeared on this mailing list last year:
what about feature to show Tor status (I mean of a Tor process) and
possibilities of auto launching Tor (or relaunching) if it is not active?
And what about settings of Tor through Firefox... something like "light"
Tor
Hi,
> The extension also includes a button which the user can add to the toolbar.
> It
Extension works just great, but I have found a little error.
If I add a button to the toolbar, button label is "Turn Tor on/off".
When I press to button, label changes to "Enable Tor". And when I click
torbut
86 matches
Mail list logo