Re: [tor-talk] is it me or did tor talk get really quiet?

> tort...@arcor.de wrote: >> It depends on what you want to read. If you want some scary rants >> about Tor and 0 days you might want to read: >> >> http://arstechnica.com/security/2016/09/bug-that-hit-firefox-and-tor-browsers-was-hard-to-spot-now-we-know-why/ >> "Bug that hit Firefox and Tor

Re: [tor-talk] A community concern that needs to be addressed,

> When I was at HOPE in July, men and women were saying (to me at least) > that they were happy that Tor is progressing, that they think we're > growing as a community, and they look forward to volunteering. Hi Griffin,Two questions for the Tor project:1) Do most, some, or any of the core Tor

Re: [tor-talk] FBI cracked Tor security

> However, if one's mum is willing to invest the time, they'll more than likely install the system successfully. Jon,If Haroon's simplification were to make sense to an audience of people who aren't UX experts, it would be trivial to understand the constraints.  For example, if I say, "explain

Re: [tor-talk] FBI cracked Tor security

athan On Saturday, July 16, 2016 11:11 PM, Mirimir <miri...@riseup.net> wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/16/2016 08:21 PM, Jonathan Wilkes wrote: >> I'm hardly asking for perfection. Just a little heads up for the >> sheep. > You're unwilling

Re: [tor-talk] FBI cracked Tor security

> I'm hardly asking for perfection. Just a little heads up for the sheep. You're unwilling to even describe non-technical users as human beings, yet you want Tor to suggest a vastly more complex alternative for them? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or

Re: [tor-talk] Wikileaks is the Endgame

If that log is accurate, the most important part of that transcript IMO is the discussion about funding.  Both Mike Perry and Jacob Appelbaum agreed in it that the current funding model "comprimises" the project (their word). Preferably someone from Tor can answer this: Why can't Tor use a

Re: [tor-talk] Bittorrent starting to move entirely within anonymous overlay nets

> # Putting the "Tor" back in Torrent https://gist.github.com/obvio171/addb26214a8c159f84a8 https://news.ycombinator.com/item?id=8022341 The problem is getting the software in the first place.  Popcorn Time #1 got bullied off the web, then sprouted two forks, neither of which could keep a

Re: [tor-talk] Tor (and other nets) probably screwed by Traffic Analysis by now

On 2016-06-05 17:59, Jonathan Wilkes wrote: >> Another idea is to use >> search engines that protect your privacy such as ixquick or duckduckgo >> (they store search queries but they don't track individuals (I.e they >> don't store your IP Address, as far as we know that is). >

Re: [tor-talk] Tor (and other nets) probably screwed by Traffic Analysis by now

@riseup.net" <notfrien...@riseup.net> wrote: On 2016-06-05 13:38, Jonathan Wilkes wrote: >> Prediction market (place your bids): >> "First networks utilizing fill traffic as TA countermeasure to > emerge and reach early deployment by year end 2017..." >

Re: [tor-talk] Audio fingerprinting

> So it’s not collecting sound played or recorded on a machine but rather > harvesting the audio signature of the individual machine and using that as an > identifier to track a web user. "Audio signature" seems a bit broad.  From what I can tell it could be doing about three things:1)

Re: [tor-talk] FBI harassing Tor devs

> Now, as an NSL-issuing entity you need to come up with a source code modification that induces a backdoor, and is reasonably defensible by a dev, and then force that dev to include this change into the git repo, and defend it in reviews. But the FBI has as much proof in the field as you've 

Re: [tor-talk] FBI harassing Tor devs

> "Hi, you're the one who is packaging tor, right? Please[tm] run this program on the binary, and don't tell anyone." Developer from community that leverages gitian: I can totally do that. Community that leverages gitian: Hm, this package looks different.  Let's quarantine it and let the world

Re: [tor-talk] FBI harassing Tor devs

> If I recall correctly, Mike Perry considered pressure on individual developers to be sufficiently threatening that it was a major reason why he set up reproducible builds.  (I believe he said this at his CCC talk.) Are the current Tor binaries compiled from a deterministic build process?

Re: [tor-talk] Where is the Tor source code? [Was Re: FBI harassing Tor devs]

> Go to https://www.torproject.org/download/download and click on 'source code'. Starting from the frontpage I click on the "Download" button and arrive here:https://www.torproject.org/download/download-easy.html.en And no obvious links to the source code. So I look at the heading:"Home »

Re: [tor-talk] FBI harassing Tor devs

Small digression... Is there a link to the source code for _Tor_ on http://www.torproject.org/ home page? Also-- it'd be nice if there were a clear link to a git repo that just includes all official Tor projects as submodules. -Jonathan On Friday, May 6, 2016 8:01 AM, isis

Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare

> The potential risks, really, are more a product of one party being the endpoint for so many sites. This is so important. As things stand, it still accurate to categorize Tor as a functioning example of "privacy by design"? -Jonathan On Sunday, April 24, 2016 7:13 PM, Ben Tasker

Re: [tor-talk] 1 Million People use Facebook over Tor

> It's like building a steel pipeline of Coca-Cola to a drought stricken country and advertising that Coke is mostly composed primarily of water. > Not exactly certain that 'grateful' is the right feeling here. * Steel pipes can be copied for zero dollars* Various governments around the world

Re: [tor-talk] Tor in Haskell and Other Unikernel Tricks

This was an informative video, especially wrt unikernels.  Certainly this Haskell implementation can be a useful research tool. However, the author strongly implies that it would/could be a "good thing" having this other implementation running in the wild, side by side with the current

Re: [tor-talk] Lets Encrypt compared to self-signed certs

> We don't know how large the risk of legally-compelled misissuance is, but we have lots of lawyers who would be excited to fight very hard against it.  I think that makes us a less attractive target than other CAs that might not find it as objectionable or have as many lawyers standing by to

Re: [tor-talk] [Fwd: Multiple Internets]

> some fucking arrogant shit but some info as well Totally.  He's so patronizing.  Reminds me of the oracle from the Matrix, if instead of baking cookies she had defended Phil Zimmerman in a criminal investigation of PGP and helped win the crypto wars. -Jonathan On Friday, February 19,

Re: [tor-talk] Cicada 3301: 2016

> I suspect that Cicada 3301 is run by some old-time cypherpunks looking for > more people who are interested in building and deploying tech and not just > posting to a mailing list. That seems odd, but then I don't know much about old-time cypherpunk ethos. Anyhow, are there examples of

[tor-talk] hierarchy anonymity

Hi Tor,Suppose there are twitter users @Alice000...@Alice999 who all know each other's public key.  One of them is a teacher of an online security class.  The rest are students. The class consists of the teacher sending the students a link to a Wikipedia page each day, for an entire year.  Each

Re: [tor-talk] LeMonde: France To Block Tor

Possibly related... Say a well-funded attacker takes the Carnegie Mellon deanonymization attack and introduces Sybil slowly over several months.  What then is the defense? -Jonathan On Monday, December 7, 2015 10:56 PM, grarpamp wrote:

Re: [tor-talk] A little more hostility towards Tor from Twitter

Hi Alec,Have you shown that link to the Twitter devs you know?  If so, what steps did they take in response to make Twitter more amenable to Tor? -Jonathan On Wednesday, October 28, 2015 2:21 AM, Alec Muffett <al...@fb.com> wrote: > On Oct 27, 2015, at 9:31 PM, Jonath

Re: [tor-talk] A little more hostility towards Tor from Twitter

Anyone know how Snowden posts to Twitter?  Does he use Tor? If someone could convince him and/or other celebrities to complain that Twitter is denying them location anonymity, then that might make a difference. There's some leverage here, too, because, "even Facebook let's you use Tor if you

[tor-talk] ethical repo criteria

GNU has an "ethical repository criteria" with Tor making a prominent appearance:https://www.gnu.org/software/repo-criteria.html It's nice to see that access over Tor is necessary to get anything above a failing grade. -Jonathan -- tor-talk mailing list - tor-talk@lists.torproject.org To

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]

On 5/28/2015 7:34 PM, Jonathan Wilkes wrote: On 05/26/2015 09:13 PM, Mike Ingle wrote: I tried out Bitmessage and it did not seem to deliver without the sender and recipient online. It's supposed to, it just didn't. Waiting for key exchange. Any response from the devs/forum when you

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]

On 05/29/2015 05:57 PM, Jonathan Wilkes wrote: [...] (Confidential to cryptography list lurkers: IMO we have plenty of Ben Lauries at this point, and could use a lot more Hal Finneys. :) It just occurred to me how obscure that sentence is. Let me explain... When Satoshi (or whoever

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]

On 05/26/2015 09:13 PM, Mike Ingle wrote: I tried out Bitmessage and it did not seem to deliver without the sender and recipient online. It's supposed to, it just didn't. Waiting for key exchange. Any response from the devs/forum when you reported the bug? It's also a bandwidth pig due to

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]

On 05/26/2015 07:36 PM, carlo von lynX wrote: On Thu, May 21, 2015 at 12:03:24PM -0700, Yuri wrote: On one hand, Mailpile is after security, which is great. But on the other hand they use node which doesn't sign packages, therefore What a shame! Somebody please fix this node thing. I can't

Re: [tor-talk] Mailpile SMTorP [ref: nexgen P2P email]

On 05/22/2015 05:52 AM, Ben Tasker wrote: What procedure did you use to try and make the package? I'm running Mailpile and definitely don't have node set up. If you're building the dev version, one of it's requirement's is nose so perhaps there's a typo kicking about? On Fri, May 22, 2015 at

[tor-talk] Tor from 10 years ago

Hi list,Imagine that the trickster god magically downgraded everyone running Tor to the version of Tor from 2005.  Additionally, the trickster god fixes any bugs found in the past 10 years related to DOS but leaves everything else as it was. In such a system, would users of such a Tor network

Re: [tor-talk] Why corrupt government officials are strongly opposed to this Tor project (a Gestapo government run amok!)

On 03/05/2015 11:05 AM, Goltz, Jim (NIH/CIT) [E] wrote: So you use your perceived authority of an upset citizen to mask your incapacity to use filters? Not all of us read this list on a MUA that has easy-to-use filters. We generally subscribe to lists that contain useful information, have a

Re: [tor-talk] Why corrupt government officials are strongly opposed to this Tor project (a Gestapo government run amok!)

On 03/05/2015 12:28 AM, Mirimir wrote: On 03/03/2015 01:17 AM, Lara wrote: Travis Bean: I am giving everyone on this mailing list a heads-up regarding what I have uncovered about the Gestapo government here in the United States and why corrupt government officials are so strongly opposed to

Re: [tor-talk] REAL-ID Internet Access Coming Soon

Hi Joe,I'm confused.  If you don't hold the opinions of some in your first paragraph, then what do they have to do with your first-person generalizations in the second paragraph? Anyway, the proper metaphor for people who don't understand technology is certainly not historically inevitable

Re: [tor-talk] Giving Hidden Services some love

On 01/01/2015 10:54 AM, spencer...@openmailbox.org wrote: Jonathan Wilkes jancsika at yahoo.com wrote: This has long been a chicken-or-egg problem. A general audience (i.e., not digital security specialists) must know what hidden services do before they get involved in hosting hidden services

Re: [tor-talk] Giving Hidden Services some love

On 12/31/2014 11:53 PM, Scott Arciszewski wrote: Trigger warning: This entire reply is going to be shameless (though non-profit) self-promotion. The current state of diversity in Onion Land is disappointing. So many of the sites still online emphasize things like drugs, porn, and hacking. I

Re: [tor-talk] [tor-dev] Hidden service policies

Hi grarpamp,To what aim do you do this? -Jonathan On Tuesday, December 30, 2014 2:29 AM, grarpamp grarp...@gmail.com wrote: I've blocked Mike's known nodes from my configs as I simply do not agree with his apparent ethos in this regard. That being themes of censorship, policing, etc.

[tor-talk] phantom protocol

Hi Tor people, Does anyone here know about the Phantom Protocol: https://code.google.com/p/phantom/ It looks like it's abandonware, although someone sent a message to the list that they had done some tests with virtual machines. My main question is this: how does it bootstrap? I'm asking

Re: [tor-talk] Tor and solidarity against online harassment

On 12/12/2014 02:20 PM, Roger Dingledine wrote: On Fri, Dec 12, 2014 at 03:23:42PM -0300, Juan wrote: You might like https://www.torproject.org/docs/faq#Backdoor We won't put backdoors in Tor. Ever. LOL! You work for the pentagon and are subjects of the US state. The

Re: [tor-talk] Tor and solidarity against online harassment

On 12/13/2014 03:04 PM, Mirimir wrote: On 12/13/2014 11:28 AM, Jonathan Wilkes wrote: On 12/12/2014 02:20 PM, Roger Dingledine wrote: On Fri, Dec 12, 2014 at 03:23:42PM -0300, Juan wrote: You might like https://www.torproject.org/docs/faq#Backdoor We won't put backdoors in Tor. Ever

Re: [tor-talk] Tor and solidarity against online harassment

Hi a,How would such a thing happen in your estimation? There's no way I know of to change an anonymity overlay like Tor to implement such a feature. Best,Jonathan On Friday, December 12, 2014 10:49 AM, a akademik...@googlemail.com wrote: #Feminism huh? How long till we see Your

Re: [tor-talk] Idea: Public verification of exit nodes and their maintainers - Fwd: [tor-relays] specifying your own entrance and exit nodes

grarpramp,If Tor only consisted of hidden services, wouldn't this class of traffic-fudging problems go away? (I'm assuming the handful of centralized services most people use would just generate vanity addys.) -Jonathan On Thursday, December 11, 2014 11:52 AM, grarpamp grarp...@gmail.com

Re: [tor-talk] Tor and solidarity against online harassment

Hi Gregory,Do you stand in solidarity with the Tor devs against online harassment?  A wish to refrain from deflecting a conversation isn't exactly the same thing. I stand in solidarity with the Tor community against online harassment.  I also wish to point out that I have noticed online

[tor-talk] routing Pure Data messages over Tor

Hi list, I'm experimenting with sending messages over Tor using the program Pure Data.  Pure Data (or Pd) is a graphical programming environment.  It typically runs two processes-- a tk GUI process, and the main process.  The two communicate over the loopback device 127.0.0.1.  (Can't