On Thu, Dec 11, 2014 at 10:07 PM, Roger Dingledine a...@mit.edu wrote:
I'd like to draw your attention to
https://blog.torproject.org/blog/solidarity-against-online-harassment
https://twitter.com/torproject/status/543154161236586496
One of our colleagues has been the target of a sustained
On Thu, Dec 11, 2014 at 11:04 PM, Ted Smith te...@riseup.net wrote:
This sounds like a very flaky reason to be not okay with a denouncement
of online harassment. You might want to reconsider the communities
you're a member of, if they have to look for reasons so hard for why a
commitment
On Mon, Nov 24, 2014 at 1:07 AM,
bm-2cuqbqhfvdhuy34zcpl3pngkplueeer...@bitmessage.ch wrote:
I have carefully checked trac and torproject.org website for proposals,
seen many interesting ones but not a single one to decentralize the Tor
network from the direcotry authorities. There are many ways
On Mon, Nov 24, 2014 at 3:03 AM, Cari Machet carimac...@gmail.com wrote:
prove decentralization creates vulnerability to a larger degree than
centralization
You haven't specified the decentralization mechanism. So I guess I get to pick?
Okay. Instead of believing the directory authority
On Mon, Oct 27, 2014 at 11:19 PM, Seth David Schoen sch...@eff.org wrote:
First, the security of hidden services among other things relies on the
difficulty of an 80-bit partial hash collision; even without any new
mathematical insight, that isn't regarded by NIST as an adequate hash
So? 80
On Sun, Jun 29, 2014 at 5:58 PM, Seth David Schoen sch...@eff.org wrote:
I wonder if there's a way to retrofit high-latency hidden services
onto Tor -- much as Pond does, but for applications other than Pond's
messaging application.
[...]
Then a question is whether users would want to use a
On Sun, May 4, 2014 at 5:14 PM, Griffin Boyce grif...@cryptolab.net wrote:
Hey all,
So Satori is this app for Google Chrome that distributes circumvention
software in a difficult-to-block way and makes it easy for users to check if
it's been tampered with in-transit.
You might be
One of the current unfortunate properties of hidden services is that
the identity of the hidden service is its public key (or the
equivalent hash, in the current setup), and this key must always be
available for signing on an online host (usually the HS itself, though
potentially on a bastion
With the advent of super fast onion address generators it's become not
too uncommon for hidden services to use vanity addresses, but this
seems to have brought about some vanity attacks where people grind out
lookalike addresses to setup fake sites. People then do a poor job
visually comparing
On Sat, Dec 28, 2013 at 1:15 PM, grarpamp grarp...@gmail.com wrote:
On Sat, Dec 28, 2013 at 6:46 AM, Gregory Maxwell gmaxw...@gmail.com wrote:
One of the current unfortunate properties of hidden services is that
the identity of the hidden service is its public key (or the
This is pretty bad
On Sun, Oct 27, 2013 at 1:08 PM, Andrea Shepard and...@torproject.org wrote:
For defense in depth on the HS side, it's best to run the HS Tor on a
different machine, or at least a different VM, than the HS server, so
that if the HS server software is owned, the HS private key isn't
On Sat, Oct 26, 2013 at 12:57 AM, grarpamp grarp...@gmail.com wrote:
I believe torchat does this
IIRC, torchat is just doing a bidirectional secret passing
pingpong between clients behind the HS addresses, no
actual x509 stuff. There's a good paper on it.
Link please. :)
At least in one
==Background== (you can skip to the Tor section if you don't care)
The Bitcoin universe is in the process of creating a specification for
digital invoices called the bitcoin payment protocol. (More info:
https://bitcointalk.org/index.php?topic=300809.msg3225143#msg3225143)
The payment protocol
On Sat, Sep 7, 2013 at 8:09 PM, Gregory Maxwell gmaxw...@gmail.com wrote:
On Sat, Sep 7, 2013 at 4:08 PM, anonymous coward
anonymous.cow...@posteo.de wrote:
Bruce Schneier recommends *not* to use ECC. It is safe to assume he
knows what he says.
I believe Schneier was being careless
On Sat, Sep 7, 2013 at 4:08 PM, anonymous coward
anonymous.cow...@posteo.de wrote:
Bruce Schneier recommends *not* to use ECC. It is safe to assume he
knows what he says.
I believe Schneier was being careless there. The ECC parameter sets
commonly used on the internet (the NIST P-xxxr ones)
On Sun, Aug 11, 2013 at 2:53 PM, mirimir miri...@riseup.net wrote:
Have you accumulated a list of all hidden services using spiders etc?
The address space of all possible hidden services (36! = 3.72e+41) is
far^N too large to scan, right? ;)
Unfortunately, due to mildly design limitations in
On Sun, Aug 11, 2013 at 5:20 PM, Griffin Boyce griffinbo...@gmail.com wrote:
And if you spider them based on links and onion search engines, you
can get a decent idea of active hidden services. But I'd still like to
No need to do this.
On Mon, Aug 5, 2013 at 11:41 PM, intrigeri intrig...@boum.org wrote:
mirimir wrote (06 Aug 2013 05:46:37 GMT) :
If this exploit had included a Linux component, Tails would not have
protected you.
I've not studied the attack code but this appears to be mostly
correct.
I believe it would have
On Tue, Jul 30, 2013 at 6:07 AM, krishna e bera k...@cyblings.on.ca wrote:
On 13-07-30 12:47 AM, Thomas Asta wrote:
http://bitmail.sourceforge.net/
No design, no specs, no discussion, no docs.
A feature list that looks remarkably like GoldBug,
And source code that looks remarkably like
On Fri, Jul 19, 2013 at 9:45 AM, adrelanos adrela...@riseup.net wrote:
Seems like high latency mix networks failed already in practice. [1]
Can't we somehow get confidence even against a global active adversary
for low latency networks? Someone start a founding campaign?
So have low latency
On Fri, Jul 19, 2013 at 8:35 AM, Jens Lechtenboerger
tort...@informationelle-selbstbestimmung-im-internet.de wrote:
[For those who are confused about the context of this: I started the
original thread. A write-up for my motivation is available at [0].] I
Links to my code and a README.txt
On Thu, Apr 18, 2013 at 2:51 PM, grarpamp grarp...@gmail.com wrote:
Though sure, I do suggest and accept that Tor may present a
different *class* of abuse than other categories of abusable
IP's.
Tor exits were not banned prior to their use for abuse. At the point
automated exitlist banning was
On Sat, Apr 13, 2013 at 8:44 PM, adrelanos adrela...@riseup.net wrote:
I assume you're the Gregory Disney who is also one builder of those
Bitcoin deterministic builds? Since you're involved in Tor as well, I
seems to me you could be a great help by providing some information
about the Bitcoin
On Fri, Apr 5, 2013 at 6:51 AM, Andrew F andrewfriedman...@gmail.com wrote:
I would love to see an analysis of a 128 bit AES encryption VS a 10 exoflop
computer. How long to crack it? Anyone got the math on this?
[...]
So what does this mean? Any article that suggest that brute forcing
This work could be _very_ productive for future transport for TOR:
https://www.usenix.org/conference/nsdi12/minion-unordered-delivery-wire-compatible-tcp-and-tls
As opposed to a raw datagram transport it still gets through the
firewalls and nats that TCP/TLS does and still looks like HTTPS to
On Wed, Sep 19, 2012 at 1:36 AM, grarpamp grarp...@gmail.com wrote:
People use robots.txt to indicate that they don't want their site to
be added to indexes.
And if a site is so concerned about someone else publishing a link,
however obtained, then they should name it something innocent and
On Tue, Sep 18, 2012 at 9:13 AM, adrelanos adrela...@riseup.net wrote:
Jerzy Łogiewa:
How dangerous are the DNS leak for some user?
Very dangerous!
http://www.howdoihidemyip.com/dnsleak.htm
The DNS leak provides your ISP name and location to the website that
you are visiting, thus
[bouncing back to the list because I think it's useful]
On Tue, Sep 18, 2012 at 12:10 PM, Paul Syverson
syver...@itd.nrl.navy.mil wrote:
On Tue, Sep 18, 2012 at 11:21:13AM -0400, Gregory Maxwell wrote:
On Tue, Sep 18, 2012 at 11:01 AM, Paul Syverson
syver...@itd.nrl.navy.mil wrote:
Logic
On Sat, Aug 11, 2012 at 1:54 PM, Mike Perry mikepe...@torproject.org wrote:
But from the paper, it sounds like the BTC flow to Silk Road itself is
quite large and might be measurable or at least can be approximated from
the website itself...
[snip]
Unless I understood the paper, their
On Fri, Aug 10, 2012 at 10:11 PM, Ted Smith te...@riseup.net wrote:
The obvious problem with this (((this, right here, is the productive
contribution to discussion this email has: it points out the problem
with your proposed methodologies))) is that it presumes that these top
50 .onion domains
On Wed, Jul 11, 2012 at 2:30 PM, Rejo Zenger r...@zenger.nl wrote:
Hi,
- You get transparent, free end to end encryption. No flawed root CA system.
Just curious, maybe I am overlooking something: how would this be better than
a self-signed and self-generated certificate (apart from the user
On Mon, Jul 9, 2012 at 5:23 PM, t...@lists.grepular.com wrote:
Exit enclaves no longer work -
https://trac.torproject.org/projects/tor/wiki/doc/ExitEnclave
Bummer, they still work on old nodes (or at least I just tested and it
works for me).
I liked them for unloading exists and narrowing the
On Mon, Jul 9, 2012 at 7:41 PM, proper tor...@riseup.net wrote:
HS + SSL makes sense:
I was under the impression that browsers had generally stronger cookie
and cross domain policies for SSL sessions but maybe I'm imagining
things.
___
tor-talk mailing
On Sat, Jun 30, 2012 at 4:15 PM, Anonymous Person
anonymousperso...@in.com wrote:
I know it is dead, because I have tried to do it, and I can assure you it is
dead.
I had a similar experience.
When I decided to publish a large collection (30gb) of previously
paywalled (but public domain)
On Sun, Jul 1, 2012 at 11:48 PM, grarpamp grarp...@gmail.com wrote:
Do NOT penalize those who need multiple random unlinked accounts
by blocking ip's, making up nym systems, etc. Penalize the accounts
that act up. They are the bad ones, not the former.
It's this kind of thinking that will
On Wed, Jun 27, 2012 at 2:33 AM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
Is bitcoin software going to incorporate tor binaries within the
application standard application
There are no plans to do this currently.
Maybe it makes sense, but I'm somewhat doubtful about that.
On Thu, Jun 21, 2012 at 11:51 PM, grarpamp grarp...@gmail.com wrote:
http://www.forbes.com/sites/jonmatonis/2012/06/19/torwallet-sparks-trust-without-jurisdiction-debate/
A word to the wise: Perhaps this is an earnest effort, but it's
impossible to tell. From appearances it is indistinguishable
On Wed, May 30, 2012 at 9:07 AM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
So basically on top of Tor software and Tor Infrastructure it would be
possible to build other kind of networks, given that they participate to
the Tor network itself.
And the directory authorities could
On Wed, Apr 18, 2012 at 5:54 AM, Tichodroma tichodr...@posteo.de wrote:
Hi,
might be of interest:
http://ultrasurf.us/Ultrasurf-response-to-Tor-definitive-review.html
This is of more interest then their 'response' itself:
On Thu, Mar 29, 2012 at 6:47 PM, Adrian Crenshaw irong...@irongeek.com wrote:
Hi all,
I was under the impression that the .onion names for Tor Hidden Services
were pseudo-random based on the public key. How was someone able to choose
one/choose some character in one? As an example:
On Sat, Feb 4, 2012 at 8:09 PM, Marco Gruß k...@kork.dyndns.org wrote:
with https://cloud.torproject.org/ actively promoting it,
I have been thinking about Tor vs. EC2 for a while.
I'm unqualified to say anything about the specific questions wrt VM
system security... but I thought it might be
On Mon, Jan 9, 2012 at 6:39 PM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
the funny things is that they are among us.
Most probably the guy that wrote the Chinese Tor protocol probe is
subscribed to that mailing list.
And now he feel observed.
He's welcome to send patches to evade
On Sun, Jan 8, 2012 at 12:59 PM, hi...@safe-mail.net wrote:
I guess it's just a matter of weeks or a few months before the bomb blows.
Perhaps this list should be moderated to at least filter out the
crackpots/disinformationists that are hardly even trying? :-/
This sort of trash isn't worth
On Thu, Jan 5, 2012 at 6:15 AM, Jacob Appelbaum ja...@appelbaum.net wrote:
[snip]
If anyone has thoughts on the matter, we'd love to hear how Tor as a
project should tackle verifiable builds of the various software we ship.
This isn't generally a challenge which is unique to Tor, though the
On Sat, Dec 17, 2011 at 11:49 AM, Daniel Cohen danielc...@gmail.com wrote:
Is this a problem with Tor's architecture? If so, has this issue
already been addressed?
You're mistaking the normal purpose of entry nodes.
Normally if Alice is using Tor then she is running it herself. If she
is
On Mon, Dec 5, 2011 at 7:36 PM, Pascal pascal...@users.sourceforge.net wrote:
Note that it does not hurt a server to have itself listed in MyFamily. The
easiest way to maintain this line is to make a list of all your servers and
paste that line verbatim on all of your servers.
But it's N^2
On Fri, Nov 4, 2011 at 10:54 AM, Christian Siefkes
christ...@siefkes.net wrote:
How should using Google as search engine comprise your anonymity? Either
you're anonymous, then you're anonymous on Google too. Or you aren't
anonymous, then avoiding Google won't help you.
Anonymity is not an
On Wed, Oct 26, 2011 at 4:29 PM, Julian Yon jul...@yon.org.uk wrote:
If you're not using a
pseudonym and paying by cash in sealed envelopes through a postal proxy,
wearing disposable gloves in a clean room to avoid forensic evidence,
then you could be traced. Whether this is likely depends on
On Sun, Oct 23, 2011 at 8:42 PM, Xinwen Fu xinwe...@gmail.com wrote:
I'm a bit curious about the legal issue on monitoring traffic at a Tor exit?
Is monitoring Tor traffic at an exit legal? Since the traffic passes my
computer, seems of course I can monitor it or even change it. When people
On Wed, Sep 7, 2011 at 10:21 PM, Indie Intel d577a...@yahoo.com wrote:
Apparently people are spying on Tor users by setting up their own exit nodes
and sniffing traffic?!
For some reason the moral standards people abide to online are unlike
the ones they'd apply in other contexts. I'm
On Wed, Mar 9, 2011 at 1:23 PM, Fabio Pietrosanti (naif)
li...@infosecurity.ch wrote:
Hi all,
i've been thinking and playing a lot about the various possible risk
mitigation scenarios for TOR exit node maintainer.
Now i need to be able to pass all web traffic trough a transparent proxy
in
51 matches
Mail list logo
