J B:
> I have both TB 7.0.2 and TB 7.5a2 installed separately (different
> dirs) - they are
> fully different apps.
> I do NOT run them in parallel as that would normally cause a problem.
> But I do sometimes run them one after another by starting and closing
> e.g. TB TB 7.5a2 and after a few
Random User:
> Random User asked Katya Titov:
>>> Would you know if any of those [Yandex, GMX and ProtonMail ] are
>>> functional without JavaScript?
>
> K.T. answered no, did not know, at least not as concerns using via
> each provider's web interface.
>
> T
>>> Yandex, GMX and ProtonMail all work well.
>>
>> Would you know if any of those are functional without JavaScript?
>
> I use Claws Mail and torsocks, so technically yes, but that probably
> doesn't answer your question.
>
> I don't use the web interface, and it has been a while since I
Random User:
> Katya Titov:
>
>> Yandex, GMX and ProtonMail all work well.
>
> Would you know if any of those are functional without JavaScript?
I use Claws Mail and torsocks, so technically yes, but that probably
doesn't answer your question.
I don't use the web interfac
Muppet96:
> Hi,
> is there any chance to send an E-Mail message from the Tor network to
> gmail accounts or any other E-mail service providers ?
> Usually each E-mail which is sent from the IP where for example: tor
> relay is running - is immediately block by the spam filters.
> Till now I havent
Oskar Wendel:
> I need an email provider who will:
>
> a) allow receiving mail through pop3 or imap over tls (or tor hidden
> service)
>
> b) allow sending mail through smtp over tls (or tor hidden service)
>
> c) be tor-friendly (my current provider blocks some tor exit nodes
> when I try to
Found this on Motherboard
https://motherboard.vice.com/read/tor-is-teaming-up-with-researchers-to-protect-users-from-fbi-hacking
> Tor Is Teaming Up With Researchers To Protect Users From FBI Hacking
> Written by
> Joshua Kopstein
> Contributor
>
> June 19, 2016 // 03:28 PM EST
>
> The FBI
grarpamp:
> Yandex was very aggressive with their outbound spam
> filtering, so ability to reliably send messages became
> very annoying, with no way to disable / train it.
>
> Has yandex corrected this problem?
I've never had any issues.
--
kat
--
tor-talk mailing list -
blo...@openmailbox.org:
> Can anyone suggest a reputable webmail provider that is not totally
> anti-Tor.
>
> Cock.li and Sigaint and Unseen.is and Mail2Tor are out as the names
> look weird to "normal" people.
>
> Ruggedinbox is unreliable as the site is often down. VFEmail used to
> work but
Joshua Hull:
> I've been thinking about how to get onion services transparently
> selected over non-onion services in order to drive adoption. It seems
> to me that a simple strawman proposal would be that before attempting
> to connect to a domain name, do a lookup for a specific type of TXT
>
> I suggest torproxy could generate a random CA certificate when its
> installed and transparently convert all http to https, generating the
> required SSL certificates on-the-fly and signing them with the random
> CA certificate. The user would then have to add the random CA
> certificate to
Joe Btfsplk:
> Is there a specific set of scripts now required to play youtube vids
> in TBB - & the other aren't needed?
> Not long ago, the only scripts required on youtube for TBB or Firefox
> seemed to be youtube.com & s.ytimg.com.
>
> I get mixed results by trying to test which ones are now
Lara:
I use torsocks 2.1.0 with youtube-dl.
After the upgrade the connection keeps breaking off. Quite often the
dns resolution. And less often the connection just breaks. Everything
but TBB is unchanged.
So I have made the experiment. With TBB 4.5 everything works fine with
no error.
Zenaan Harkness:
Is there an upgrade process for TBB by e.g. unpacking the tarball over
the existing installation directory, or does one have to use the
in-browser upgrade-in-place option or install to a separate directory?
TIA
Zenaan
If you follow the tor-qa list you can see the new version
grarpamp:
Internet access is generally provisioned and billed as... choose
the max bandwidth you want, pay for it whether you use it or not.
Therefore if you have idle capacity within your max at some moment,
you have the bandwidth to dynamically fill it with padding at no
additional cost.
Title: Games Without Frontiers: Investigating Video Games as a
Covert Channel [ http://arxiv.org/pdf/1503.05904v1.pdf ]
I say maybe, just maybe, it would have been a nice thing to test:
Access Denied
Sadly, you do not currently appear to have permission to access
This PoC has made its ways around. Using webRTC to deanonomize your
IP. New to me: https://diafygi.github.io/webrtc-ips/
This PoC works for me when i use firefox with a proxy switcher, but
it doesn't work if i run firefox via torsocks.
Doesn't work at all for me using TBB.
Forcing Chrome
i am concerned about https not being enough to protect tor2web
users. In particular, I am concerned about what subdomain a user is
visiting being leaked. Are there any established ways of preventing
the subdomain from being leaked? Because none spring to my mind.
I've just reviewed a
Katya Titov:
Colin Mahns:
I'm wondering if a few from the community should take part in a
nagging effort? I'd gladly throw some time of mine into helping get
more hidden services. Any takers?
I'll help.
Attempts to far have failed.
I've tried to get in touch with Google and Wikipedia
Jesse B. Crawford:
[Explanation of EV certificates]
Now, two HUGE caveats:
1) Facebook does not actually have an EV cert for their hidden
service! they have an OV cert with O=Facebook, Inc. but for various
(largely political but still largely valid) reasons Firefox does not
trust the O
New paper Systemization of Pluggable Transports for Censorship
Resistance from Ross Anderson's research group at Cambridge:
http://www.arxiv.org/abs/1412.7448 [0]
Related blog entry:
https://www.lightbluetouchpaper.org/2015/01/02/systemization-of-pluggable-transports-for-censorship-resistance/
Thomas White:
The whole CA system is a broken model in many ways yes, but that
doesn't mean we should totally disregard it. We can work with the CA's
to build up a standing as long as we don't forget that CA's are no
requirement to legitimacy. If a standard is set by the CA community
this
Virgil Griffith:
If an existing website simply wants to improve performance for Tor
users, my understanding is that it's more efficient simply to run an
Exit Enclave instead of a hidden service. Is that true?
https://trac.torproject.org/projects/tor/wiki/doc/ExitEnclave
I have no direct
Colin Mahns:
That was my fault, must've deleted a character by mistake.
https://github.com/chris-barry/darkweb-everywhere is the right link
Installed and working. (Yes, I read issue #32. What happens now that TBB
updates in place? Will I remain with DWE when a new TBB is released?)
I'm
Colin Mahns:
I've written up an example email here:
http://zerobinqmdqd236y.onion/?31934b9e07f96171#GM3e5ekrDUakoz612PNB8tCBmme/QRrj6zMgd1amZpU=
Feel free to improve on it, I based it off of emails I've sent in the
past. I'm not sure if we should list security concerns in the general
sense,
Thomas White:
As per Nick's post, I fully agree that hidden services do need some
work, but I imagine the vast majority of people on this list are not
skilled in the languages and areas required to do any kind of
technical reform to them. However, technical reform of them is only
one aspect.
This could be combined with a change to HTTPS Everywhere to prefer
HS sites over clear web sites, just as it prefers HTTPS over HTTP.
(I think this has been mentioned before?)
You mean like what we've been doing over on
https://github.com/chris-barr/darkweb-everywhere? :)
I knew it was
Paolo Cardullo:
This was an interesting discussion.
I was just thinking of starting a thread on why people use the
appellative 'dark' as for 'dark net'. I found it quite disturbing and
offensive, also in a racialised way.
[...]
I strongly disagree and I suggest to drop 'dark' from TOR
I wrote:
Katya, and all,
So why don't we use sensible, plain language and stick to it
to distuingish ourselves from them?
This article (German) has just been published which is quite
dispassionate and factual, avoiding hype. This is the type of
explanation and coverage that (I think)
Philip Georgiev:
I download and use tor-browser-linux64-4.0_en-US.tar.xz
$ cat /etc/debian_version
jessie/sid
$ uname -a
Linux debian 3.10-2-amd64 #1 SMP Debian 3.10.7-1 (2013-08-17) x86_64
GNU/Linux
KDE is my desktop environment
open some panel - bookmarks (ctrl+b) or history (ctrl+h)
Article named Best Alternatives to Tor: 12 Programs to Use Since NSA,
Hackers Compromised Tor Project:
http://www.idigitaltimes.com/best-alternatives-tor-12-programs-use-nsa-hackers-compromised-tor-project-376976
Some quotes:
Tor has been compromised, the Tor Project has recently suffered from
ITechGeek:
I would just like to chime in as a Comcast customer, tonight was the
first time I've tried hopping on tor browser since this rumor
surfaced and traditionally when I launch the tor browser I see tor
connect and I'm on.
Tonight it took a couple minutes before I was able to connect
Öyvind Saether, in a thread about captchas:
I am not sure this is something most corporations would care about
since Tor users tend to block their (javascript-using) advertisements
anyway but webmasters, know that I am probably not the only one who
will go somewhere else instead of enabling
SecTech:
I have accidently checked the do not ask again checkbox of the load
external content security question in TBB. Could someone tell me how
to reenable it?
One of the fantastic things about Tor: just extract a fresh copy and
start again!
--
kat
--
tor-talk mailing list -
Griffin Boyce:
Roger Dingledine wrote:
Two lessons I've learned from recent CCC talks:
A) Social commentary works much better than technical things. That
is, the audience respects us for our technical work, and now they
want to hear
our perspective on what's going on in the world. So while
yppahreggirt bm-2ct8owthqrph8ufqkje4vvxffndywy1...@bitmessage.ch:
Hi list,
Linkedin.com is crashing my TBB (latest - linux32) during login. Can
someone confirm ?
Confirmed.
A few seconds after loading the page CPU usage spikes to 100%. If the
tab is closed immediately then TBB works OK, but
://lists.torproject.org/pipermail/tor-talk/2014-January/subject.html
The post 'Terminology: Deep v Dark Web' originated by Katya Titov
might be a good start. We would, I'm sure, welcome any thoughts or
results that you and your group might have on the matter.
An academic study into the size of the deep
Luther Blissett:
Katya Titov:
Nicolas Vigier:
I don't know what is the exact definition of open Internet, but
I'm not sure we should oppose that to Tor hidden services. The
Tor hidden services are accessed using the internet, and they
also look very open to me: anybody can access them
On Wed, 29 Jan 2014 18:00:55 +
mick m...@rlogin.net wrote:
Katya's wiki page nicely encapsulates some the definitions, but I
think the definition of deep web might benefit from some tweaking to
take account of such commentary as Sergey Brin's lament back in april
2012 (1)
According to
Nicolas Vigier:
On Sat, 25 Jan 2014, Katya Titov wrote:
- Dark web: Sites not accessible from the open Internet (Tor
hidden services, I2P eepsites, etc)
I don't know what is the exact definition of open Internet, but I'm
not sure we should oppose that to Tor
Parity Boy:
@Katya
From my own perspective, a network can be considered overlay if
some or all of the nodes perform a relay and/or routing function via
server-to-server or peer-to-peer communications.
Obvious candidates include Tor, I2P and various VPN implementations,
as well as IRC.
Nathan Suchy:
Katya Titov:
TT Security:
1. So Network Map and New Identity are absent now. When these
functions will be add to the TBB?
Vidalia is now a stand-alone package. Details:
https://www.torproject.org/docs/faq#WhereDidVidaliaGo
I'm unsure, The New Identity function is critical
Joe Btfsplk:
On 1/25/2014 5:07 PM, Lunar wrote:
Joe Btfsplk:
I missed the memo on all reasons why Vidalia - bad, Tor Launcher -
good.
At least:
http://users.encs.concordia.ca/~clark/papers/2007_soups.pdf
http://petsymposium.org/2012/papers/hotpets12-1-usability.pdf
and Vidalia has no
Mirimir:
On 01/25/2014 04:53 AM, Katya Titov wrote:
https://trac.torproject.org/projects/tor/wiki/doc/HowBigIsTheDarkWeb
I've never liked the term Dark Web. There's nothing dark about it,
except in the sense that Africa was called the Dark Continent
because it was little known in Europe
Lunar:
Katya Titov:
New Identity works from both TBB and Vidalia. The difference is that
from TBB the entire browser closes and restarts and you lose open
tabs. When choosing a new identity from Vidalia the browser remains
open.
I need to point this out one more time: In the case
Sukhoi:
Hi,
Many TOR exit nodes were banned to access some sites. One way to
by-pass this is taking a new identity to change tor exit node.
But now, the latest TOR browser version has no more the Vidalia
client. So, how to change the exit node?
Click on the green onion under the tab bar
Rick:
Why should you be stuck with anything? You're writing an important
piece for an important project: You know... the onion with the crown?
What you're writing may well become a source, a reference. You drive
the conversation. All the words are belong to you. :)
In a very broad sense I'd
Douglas Lucas:
Seems that right there, at the green onion button, there could be,
under New Identity, a selection for New IP address that would
retain the old functionality.
Good idea, and looks like it has already been requested:
https://trac.torproject.org/projects/tor/ticket/9442
This
Hi all,
I have a question or two about terminology in use when discussing
non-indexable portions of the web.
Relevant terms I see are deep web and dark web, with occasional
references to dark Internet. Definitions which I use, and which seem
to be reasonably popular are:
- Deep web:
Roger Dingledine:
On Sat, Jan 25, 2014 at 06:44:11PM +1000, Katya Titov wrote:
So are there any useful stats on the size of the dark web?
Check out http://freehaven.net/anonbib/#oakland2013-trawling
for some statistics about the number of hidden services as of about
a year ago. It's not all
TT Security:
1. So Network Map and New Identity are absent now. When these
functions will be add to the TBB?
Vidalia is now a stand-alone package. Details:
https://www.torproject.org/docs/faq#WhereDidVidaliaGo
--
kat
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or
krishna e bera:
On 14-01-25 06:53 AM, Katya Titov wrote:
I've put together an article and placed it on the Tor Trac/Wiki:
https://trac.torproject.org/projects/tor/wiki/doc/HowBigIsTheDarkWeb
Cool - it's concise and useful as a reference point for media or
public relations.
To push
Moritz Bartl:
There are approximately 5000 Tor relays and under 2500 Tor bridges,
this may provide an indication of an upper bound on the number of
hidden services.
There is no correlation between the number of relays and hidden
services? Hidden services should rather be behind simple Tor
nano:
I took another run at this and managed to get a bridge running under
the free usage tier.
It works fine, but I have an Amazon problem (that some here may know
how to solve).
I am trying to setup a Billing Alert[1] to notify me when I exceed my
free usage limit. However, despite
David:
Hey everyone,
I've been searching around for a few hours now looking for a good VPS
service to host a non-exit relay. It seems as if most VPS services
cringe at the word Tor, and the ones that allow it are either slightly
sketchy looking or somewhat expensive.
In fact, I had one
Roger:
On Sat, Nov 23, 2013 at 07:35:54AM +1000, Katya Titov wrote:
The advantage that I see is that is there is no way to directly
access a .onion site without using Tor, so it is a clear indicator
that Tor is in use, visible to the user.
Not necessarily. Imagine a local network attacker
Roger:
On Sat, Nov 23, 2013 at 06:04:54PM +1000, Katya Titov wrote:
But if we're talking about TBB then a local network attacker should
never see the request, just the resultant Tor traffic. Unless my
understanding is very off.
If we're talking about TBB and it's working correctly
On reflection, I think I should clarify ...
Roger:
As for having a network map for TBB 3, I agree in theory. But
somebody needs to actually do it. Promising routes include writing
it into Tor Launcher (harder to do, but easier to maintain and
probably safer) or writing instructions for how
Moritz Bartl:
On 11/22/2013 05:49 PM, Ed Fletcher wrote:
This is something that I have also wondered about. Why go outside
of the Tor network to check that you're using Tor?
A hidden service adds extra hops to hide the (location of the)
service. There's some movement towards allowing
Roger Dingledine:
Almost true. check.tp.o will no longer be the homepage (which also
gives a usability advantage on startup -- a local homepage will mean
you're not waiting for some outside page to load, and you're not
doing it while your Tor is bootstrapping its directory information,
making
Roger Dingledine
Hi folks,
I rewrote our two FAQ entries on JavaScript-in-TBB, and merged them
into one:
https://www.torproject.org/docs/faq#TBBJavaScriptEnabled
Did I leave out any important points, or are there ways to make the
issues clearer?
Hi Roger, I think it reads well.
David Vorick
But right now Tor is one of the best tools we have. I would like to
see ways to make relaying easier - I've never been able to set up a
relay because I've always been behind some firewall (EG my community
college) that has stopped the relay. It's been technically beyond me
to
anonymous coward:
Karsten N.:
Latest Thunderbird versions enforce STARTTLS if it was selected. The
weak option Use STARTTLS if possible is not available any more in
Thunderbird. You may use IMAP with STARTTLS, if your provider does
not offer IMAPS.
I changed to SSL/993 which should be
Karsten N.:
On 05.07.2013 08:41, Katya Titov wrote:
You can't really trust the CAs, at least not from state-level
attackers.
See: Certified Lies - Detecting and Defeating Government Interception
Attacks against SSL ( C. Soghoian and S. Stamm, EFF.org, 2010)
https://www.eff.org/deeplinks
Karsten N.:
HTTPSEverywhere can use the SSL Observatory of EFF.org to warn you, if
something goes wrong with the SSL certificate of a visited webserver.
But I am not sure, if it was now proxy safe. In TorBrowser this option
is disabled.
Thanks Karsten, I use HTTPSEverywhere but wasn't aware
adrelanos:
Hi Katya,
thanks for looking into these solutions.
Katya Titov:
If anyone else knows of some other good plugins or approaches then
I'm also looking for more options.
I take you by your word.
http://web.monkeysphere.info/
https://addons.mozilla.org/en-us/firefox/addon
Katya Titov:
Karsten N.:
HTTPSEverywhere can use the SSL Observatory of EFF.org to warn you,
if something goes wrong with the SSL certificate of a visited
webserver. But I am not sure, if it was now proxy safe. In
TorBrowser this option is disabled.
Thanks Karsten, I use HTTPSEverywhere
Andrew F:
krishna,
Tor minimizes the variables that can Identify you via fingerprinting
techniques, but
a dedicated team can still track you with enough effort. I know form
personal experience
Andrew, I'm interested in any more light you can shine on this. I don't
expect full details, but:
Sebastian G. bastik.tor bastik@googlemail.com:
Karsten N.:
Hi,
using old versions of TorBrowserBundle it was possible to edit the
configuration torrc to set the SocksPort to 9050. It was possible
to use Tor with Pidgin or Thunderbird+TorBirdy.
Now the settings are ignored
Juan Garofalo juan@gmail.com:
Anna Brown c76h52...@yahoo.com:
Hello. When I login no mediafire.com, I cannot see my files. I see
next progressbar , which never ends :
You probably need to enable javascript for it to work.
I've also noticed this, starting sometime last year. I
Hello. When I login no mediafire.com, I cannot see my files. I
see next progressbar , which never ends :
You probably need to enable javascript for it to work.
I've also noticed this, starting sometime last year. I don't
believe that JS is the problem as it should be OK under a
Raynardine raynard...@tormail.org:
I do not like connecting to clearnet services from Tor.
I am not alone in this.
There are arguments about the reasons why Tor hidden services can be
better than clearnet services for users as well, but that would derail
this thread.
I would be
Raynardine raynard...@tormail.org:
I do not like connecting to clearnet services from Tor.
I am not alone in this.
There are arguments about the reasons why Tor hidden services can be
better than clearnet services for users as well, but that would derail
this thread.
I would be
Runa A. Sandvik:
On Fri, Sep 14, 2012 at 12:42 PM, r...@tormail.org wrote:
This notice- There is a security update available for the Tor
Browser Bundle appears after a installing Tor 0.2.2.39
Is this a cause for concern?
I've noticed the same thing. The notice disappears if you
Runa A. Sandvik:
o Any reason why there was no testing via tor-qa?
Tor 0.2.2.39 was a security-fix release for a fairly severe bug and we
wanted to get a new release out as soon as possible.
OK, understood.
o Any reason why the release wasn't sent to tor-talk?
We announce new Tor
On Wed, 15 Aug 2012 01:43:27 +0200
Philipp Winter:
ethio tor wrote:
What if there is a tor virus (pardon for the choice of word) that
can infect such pc and make a relay, bridge, or what ever on the
background undetected.
Sounds like a human rights worm. Some people thought about that
jed c:
I wouldn't recommend TOR for anything personally identifying
(anything done on TOR has a chance of greater scrutiny and malicious
subversion).
Agree with that, however just because I'm using Facebook doesn't mean I
will be identifying myself ... ;-)
Have used Facebook through TOR with
adrelanos:
Katya Titov:
I'm wondering whether there are any bootable distros out there
which are designed to be used on free WiFi networks (e.g.
Starbucks, McDonalds) and enforce some level of network encryption.
Tails would obviously provide a solution here by forcing everything
through Tor
adrelanos adrela...@riseup.net wrote:
Good idea. Just created:
https://trac.torproject.org/projects/tor/ticket/6451
Thanks! And thanks to all for the feedback on the ticket ... enjoying
the discussion.
--
kat
___
tor-talk mailing list
Hi Jake,
Understanding is the key to security, not convenience. That being
said, TorBirdy is both convenient and great. I'm not sure that's
it's ready for primetime yet, but I do try to test and feed back
(using another nym ...) and definitely see the value.
Happy to help. :)
Is
Every major data harvester and private
data seller does that as they really really need you to confirm they
are tracking the right person. Go to other, nicer, services. Also
free. But with less mbox space. And you'll find out that's not a
problem.
Yes, Yandex and Fastmail are both good in
On Thu, 12 Jul 2012 20:23:38 +
Ethan Lee Vita ethanleev...@riseup.net wrote:
I plan to keep working on this because at the moment I see no other
real alternative email client for Windows, Mac OS X, or Gnu/Linux.
I agree, but what about the email client for Tails? Will
Thunderbird can be run directly from a USB drive or
other removable media. You could probably download and extract it
directly within Tails so that as long as you keep all your email on
the server you don't need to leave a trace on the disk.
Thanks. I realize that I could've done that, but
83 matches
Mail list logo