Re: [tor-talk] Indirect Tor question

On Mon, Sep 09, 2013 at 05:24:31PM -0400, Nathan Suchy wrote: > Well, why don't you write your own bios? Even coreboot helps you very little, as there is simply too much proprietary crap in a typical PC platform where you can drop undetectable (out of band) malware. You need completely open hardw

Re: [tor-talk] The reasoning behind the 'exit' flag definition

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 >> I assume the exit flag was meant to be used by tor clients only >> [2] because destination port 80/443 are probably amongst the >> most frequently accessed services, but was than (mis)used to >> generate (inaccurate) 'Tor exit IP address lists' (?

Re: [tor-talk] Indirect Tor question

Well, why don't you write your own bios? On Mon, Sep 9, 2013 at 5:03 PM, Chris wrote: > > We are not concerned about the price but rather we are concerned about > our > > freedoms to share change etc the source code to suit our needs. Furthmore > > some of us are very paranoid. > > Rightly so.

Re: [tor-talk] TorBirdy doesn't work with Gmail?

For a real fix we need to be able to identify Tor nodes that exit traffic. The fact that some nodes exit traffic but aren't marked as exits would appear to be a design issue with Tor itself. I don't think we can justify a whole lot of engineering time to building a complicated system to identify ev

Re: [tor-talk] Indirect Tor question

> We are not concerned about the price but rather we are concerned about our > freedoms to share change etc the source code to suit our needs. Furthmore > some of us are very paranoid. Rightly so. > Also why can't u make a open source bios? Is that sarcasm or do you genuinely not understand the

Re: [tor-talk] Indirect Tor question

We are not concerned about the price but rather we are concerned about our freedoms to share change etc the source code to suit our needs. Furthmore some of us are very paranoid. Also why can't u make a open source bios? What are u hiding from us? Your NSA backdoor! Sent from my Android so do not

Re: [tor-talk] TorBirdy doesn't work with Gmail?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > It'd be better to find out why nodes that are exiting traffic don't > get marked as exits. Looking at that relay, it seems it doesn't > allow web traffic, but some ports are allowed. Perhaps the > suspicious sign-in in question wasn't a web signin?

Re: [tor-talk] The reasoning behind the 'exit' flag definition

On Mon, Sep 09, 2013 at 07:25:06PM +, tagnaq wrote: > I'd like to understand why the exit flag is defined as it is. > > The current definition can be found in the directory spec [1]: > > " > "Exit" -- A router is called an 'Exit' iff it allows exits to at >least two of the ports 80, 443,

Re: [tor-talk] The reasoning behind the 'exit' flag definition

Interesting how the flag works. I think it should be just at least one port with access to one IP address. Also can you really get banned from Gmail? I access my accounts from normal inet, VPN, and Tor depending on what I'm doing... For example I have some emails I only access via Tor... Sent from

Re: [tor-talk] DocTor spelling mistake

> Hi, > > here: > https://lists.torproject.org/pipermail/tor-consensus-health/2013-September/003506.html > > DocTor doesn't say entries. Thanks Sebastian, fixed... https://lists.torproject.org/pipermail/tor-commits/2013-September/061598.html > (did not know where to put this) A trac ticket or i

[tor-talk] The reasoning behind the 'exit' flag definition

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I'd like to understand why the exit flag is defined as it is. The current definition can be found in the directory spec [1]: " "Exit" -- A router is called an 'Exit' iff it allows exits to at least two of the ports 80, 443, and 6667 and all

Re: [tor-talk] Indirect Tor question

>> I'm wondering about any and all similar tor-based systems wherein there >> is ANY portion that is not opensource. > > Scrutiny is a good thing. I suggest using the vrms tool to find non-free > software. [10] [11] Parts of this non-free software may come without > source code being available. Fr

Re: [tor-talk] Email Clients and Tor - OT addition

On Wed, 4 Sep 2013 00:03:59 +0100 Graham Todd allegedly wrote: > Of course, if you put a decent HOSTS file in /etc/hosts to start with, > it'll make your endeavours easier. The best I've found is at: > > http://winhelp2002.mvps.org/hosts.htmbut that's not really relevent to > discussions about

Re: [tor-talk] TorBirdy doesn't work with Gmail?

Actually, re-reading this thread I recall that tagnaq suggested just disabling the risk analysis entirely once we see a successful Tor login. I've CCd Daniel Margolis who still works on this system (I moved on to other things). Daniel, what do you think? (note that you may have to sign up to the

Re: [tor-talk] TorBirdy doesn't work with Gmail?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I'd suggest the following: Run an hourly job that gives you a list of tor relay IP addresses that actually allow exit traffic to *your* services. To achieve this you probably want to run a tor client to get an authoritative consensus. Then you can

Re: [tor-talk] TorBirdy doesn't work with Gmail?

Yes, but then people who run relays would end up having to deal with the suddenly changed security model. There were people complaining about getting blocked by random websites just because they ran relays elsewhere on this list. I don't think Google wants to actively discourage people from contrib

Re: [tor-talk] TorBirdy doesn't work with Gmail?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/09/2013 12:19 PM, Mike Hearn wrote: > For a real fix we need to be able to identify Tor nodes that exit traffic. > The fact that some nodes exit traffic but aren't marked as exits would > appear to be a design issue with Tor itself. I don't thin

Re: [tor-talk] Indirect Tor question

Nathan Suchy: > The only secure thing is Tor Tails booted from USB. Not against the threat model the original poster is concerned about. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/to

[tor-talk] DocTor spelling mistake

Hi, here: https://lists.torproject.org/pipermail/tor-consensus-health/2013-September/003506.html DocTor doesn't say entries. (did not know where to put this) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-b

Re: [tor-talk] Metrics user-count beta related to performance graph?

08.09.2013 20:08, Noilson Caio: > interesting analysis, Sebastian. > Hello Noilson, I wouldn't have called it an analysis... more an easy observation :) (nevermind) > The top 5 COUNTRIES WITH HIGHEST NUMBER OF INTERNET USERS in the tor > metrics: > > CHINA > USA > INDIA > JAPAN > Brazil > Russi

Re: [tor-talk] Indirect Tor question

Speaking as a maintainer of Whonix... Before answering this, there is some prerequisite knowledge. There is a difference between: - Free Software and free software - Open Source and open source When I am using capitalized Open Source, I am referring to OSI approved [1] licenses (by the Open Sourc

Re: [tor-talk] Indirect Tor question

The only secure thing is Tor Tails booted from USB. Sent from my Android so do not expect a fast, long, or perfect response... On Sep 9, 2013 11:37 AM, "adrelanos" wrote: > Speaking as a maintainer of Whonix... > > Before answering this, there is some prerequisite knowledge. There is a > differe

Re: [tor-talk] odd notice on tor for GUARD

We need to fix Tor's network... Sent from my Android so do not expect a fast, long, or perfect response... On Sep 8, 2013 3:39 AM, "Lunar" wrote: > s: > > Sep 07 17:36:05.834 [Notice] Your Guard KOPA > > ($2386038C4233F8900768EDC03AB6050AD2A04CF0) is failing more circuits > > than usual. Most li

Re: [tor-talk] Indirect Tor question

On 09/09/2013 03:00 PM, Praedor Atrebates wrote: > I'm wondering about any and all similar tor-based systems wherein there > is ANY portion that is not opensource. Hi. Since I'm using virtualbox since almost day 1, I feel competent enough to at least clear up some of the licensing questions. Quo

[tor-talk] Indirect Tor question

In light of the recent revelations of how the NSA has broken commercial software all over the place, I wonder about the security of Oracle's VirtualBox VM software used by Whonix (and other?) tor-based anonymity systems. A large portion of VirtualBox is open source but some libraries used are of d

Re: [tor-talk] TorBirdy doesn't work with Gmail?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > I no longer work on this system but I forwarded your mail to > someone who does. We still get 'Suspicious sign in prevented' emails: The following relay was used: https://atlas.torproject.org/#details/EFAAC1D98176AAD94B1D16E868F51DFBD6BC8CB0 No

Re: [tor-talk] Many more Tor users in the past week?

This explains the Israel anomaly, I think. > The Mysterious Mevade Malware > Published on September 5th, 2013 > Written by: Feike Hacquebord (Senior Threat Researcher) > > ... > > Yesterday, Fox-IT publishe