This is the third part of our preliminary analysis of how Tor users
interact with onion services [0]. In this part, we look at the
subjective feeling of safety that people experience when using Tor
Browser and onion services, respectively.
Question 6.6 in our survey asked:
> Please tell us
On Sat, Jul 22, 2017 at 10:41:00AM +, Andri Effendi wrote:
> I remember some time last year there was talk about a router for
> journalists to bring with them when they went abroad.
>
> It was really simple. I don't remember what it was called, netaid netkit???
That was probably NetAidKit:
On Wed, Jul 19, 2017 at 04:39:41PM -0500, eric gisse wrote:
> Looking at the exitmap source, as I was curious what modules
> existedthe problem I see is that it does not have modules that are
> capable of the more difficult to pull off things like SSH honeypot
> detection.
The Tor Project
On Wed, Jul 19, 2017 at 01:43:32PM -0500, eric gisse wrote:
> Is there any notion of doing a sort of automated testing for things
> like this that can be easily proven?
Yes, the blog post I linked to contains some more information. We are
using tools such as exitmap [1] to systematically scan
On Wed, Jul 19, 2017 at 04:59:13PM +0200, carlo von lynX wrote:
> Hey out there.. I had two more attempts
> from 'coriandolino' to MITM my ssh traffic!
I could confirm the issue. The relay will no longer be part of the
network consensus once enough directory authorities updated their
config --
On Wed, Feb 15, 2017 at 02:32:32PM +0100, BVpTuvb AVMV wrote:
> What is preventing an attacker to start up a few mid-nodes and
> enumerating all IPs and substracting those from the list of publicly
> known entry-nodes to get a list of (all) unlisted bridges?
That is indeed a problem. Section
On Thu, Nov 17, 2016 at 05:16:49AM -0600, Justin wrote:
> OBFS4 is blocked behind both filters. Cyberoam is doing some sort of
> timing attack, but I’m not sure what. When a bridge is used by lots of
> people, then it doesn’t work. Even enabling Iat mode=1 or 2 doesn’t
> fix the issue. When I
On Sun, Oct 16, 2016 at 01:15:32AM -0400, Nick Mathewson wrote:
> On Fri, Oct 14, 2016 at 11:09 AM, Philipp Winter <p...@nymity.ch> wrote:
> [...]
> > There are two ways to mitigate the issue. First, we need better
> > defences against website fingerprinting, so
On Fri, Oct 14, 2016 at 07:29:17AM -0500, Justin wrote:
> Not too long ago, a paper was published that talks about how Tor users
> can be deanonymized through their DNS lookups. Is this something I
> should be concerned about?
I am one of the authors. While the attack is very precise in our
On Mon, Jul 18, 2016 at 08:39:02AM +0200, Flipchan wrote:
> Hi all ! Im configuring a new debian server
> Can anyone recommend a good dns server?
I assume this is for a Tor relay?
> i Dont want to use my isp default one, i found one that sounded good
> when i read about it uncensoreddns.Org.
On Tue, Jun 21, 2016 at 08:39:22AM +, Imran Ahmad wrote:
> Dear All I am going to start my PhD and I have chosen "Tor Security" as my
> research area.
> I am going to prepare my PhD research proposal.
> It is requested to suggest some latest topics in Tor security and some useful
> links
On Sun, Jun 05, 2016 at 02:34:22PM -0400, grarpamp wrote:
> You need fulltime regulated fill traffic, within which, your traffic resides.
The Aqua design goes in that direction. It is a traffic
analysis-resistant anonymity system for BitTorrent:
On Wed, Mar 30, 2016 at 01:21:05PM +, Martijn Grooten wrote:
> CloudFlare CEO Matthew Prince just posted this blog post
>
> https://blog.cloudflare.com/the-trouble-with-tor/
>
> which I think is worth a read for people on this list.
My blog comment is still awaiting moderation, so I'll
On Thu, Jan 14, 2016 at 05:58:50PM +0100, Markus Hitter wrote:
> To be honest, this surprises me quite a bit. Tor is for anonymisation,
> so one can escape tax paid surveillance by NSA, GCHQ & Co., which is
> useful. And then such a Tor user connects to Facebook, where one has to
> log in, making
On Wed, Dec 16, 2015 at 10:51:21AM +0100, Fabio Pietrosanti (naif) - lists
wrote:
> Basically i would like to extract all emails account from the Contact:
> field of the consensus that end-up with .it.
The contact field is part of a relay's server descriptor, not of the
consensus.
> I'm
On Sun, Nov 29, 2015 at 06:35:12PM +0330, Amin s wrote:
>1. TOR cell size is 512 bytes but most TOR packets have size of 586
>bytes [1].
>
> My question is that why there is such difference in size (74 bytes
> difference)?
The difference is caused by the protocol headers that are wrapped
On Tue, Jul 28, 2015 at 10:09:16AM -0700, Seth David Schoen wrote:
Bill Cunningham writes:
#3 and on I did not know. Never usesd Keys. But I have the gp44win
know. I will let you know the results. After having imported the
keychain If that's the correct wording. How does this download site
On Fri, Jun 26, 2015 at 01:45:13PM +0200, nusenu wrote:
@phw: did the dir authorities blacklist
09A880567B0839B4085C2EC14002DE34AAFE8548 or did it disappear on its
own? (downtime 4 days)
The relay wasn't blacklisted and disappeared on its own.
Chloe is right in saying that the BadExit process
On Fri, Jun 05, 2015 at 11:10:45AM +0200, Philipp Winter wrote:
I attached a list of fingerprints that were rejected by the directory
authorities around May 20.
Apparently the mailing list won't let me. Here's a URL:
https://www.nymity.ch/sybilhunting/misc/rejected_relays.txt
Cheers,
Philipp
On Thu, Jun 04, 2015 at 10:39:03AM +, nusenu wrote:
These relays have previously been excluded from the Tor network.
They have now tried rejoining with new fingerprints. All of the
following relays are confirmed as being managed by the same
operator.
Again, I really dislike the
On Fri, Jun 05, 2015 at 12:14:56PM +, nusenu wrote:
How have they been excluded? (specific IPs, entire IP blocks,
fingerprints, ...)
The relay list I put online? By fingerprint.
All these relays were HSDirs and actively scanned hidden services
they were responsible for.
What does
On Wed, Jun 03, 2015 at 09:32:47AM -0400, Roc Admin wrote:
I wanted to make some of us aware that Recorded Future is a threat intel
service that is doing a webinar in how to run exit nodes that sniff
traffic. In the webinar they will show how to Visualize malicious cyber
activity from Tor exit
On Wed, May 20, 2015 at 10:42:27AM +0800, Virgil Griffith wrote:
Tom: If a hostile relay receives a connection from a ip-address A that
is not listed in the Tor consensus, as far as I understand the hostile
relay stills has two possibilities about ip-address A:
(1) A is the client
(2) A is
On Tue, May 19, 2015 at 06:05:11PM +, reza-ask...@riseup.net wrote:
and i think it seams funny that you use google app engine to unblock tor in
countries like Iran
and then google blocks Iranian access to that service.
There is also meek-azure and meek-amazon, but they might have the same
On Thu, Apr 30, 2015 at 02:20:34PM -0400, Frederick Zierold wrote:
Thanks for replying. I understand it is a spy vs spy type of situation but
what do they see currently? I don't believe they are seeing it by the IP
addresses (or so they claim).
Is it something in the handshake the is
On Thu, Apr 30, 2015 at 02:57:01PM -0400, t...@t-3.net wrote:
One rules file is dedicated to it (emerging-tor.rules), that file has all
the Tor IP addresses hardcoded into it.
That's probably not very effective because the Tor network has quite a
bit of churn, which would lead to plenty of
On Sun, Apr 26, 2015 at 11:19:08AM +, nusenu wrote:
On Thu, Apr 23, 2015 at 07:30:57PM +, nusenu wrote:
Almost all of them were younger than one month and they seem
to have joined the network in small batches. I uploaded
Onionoo's JSON-formatted relay descriptors, so everybody can
On Thu, Apr 23, 2015 at 07:30:57PM +, nusenu wrote:
Almost all of them were younger than one month and they seem to
have joined the network in small batches. I uploaded Onionoo's
JSON-formatted relay descriptors, so everybody can have a look:
On Thu, Apr 23, 2015 at 12:08:05AM -0400, Roger Dingledine wrote:
On Thu, Apr 23, 2015 at 03:03:57AM -, supp...@sigaint.org wrote:
Today we reported 58 bad exit nodes to Philipp. He instantly found 12 more
that
we had missed, and there may be even more of them. (Thank you, Philipp!)
On Fri, Apr 03, 2015 at 10:15:42PM -, throwaway...@sigaint.org wrote:
It will only happen when using Tor. I did a normal DNS dig and a
tor-resolve simultaneously - the first pointing to the real IP, the latter
pointing to said server.
What is the real IP address? All exit relays that are
On Sun, Apr 05, 2015 at 05:10:19PM +, Chuck Peters wrote:
Philipp Winter said:
On Fri, Apr 03, 2015 at 10:15:42PM -, throwaway...@sigaint.org wrote:
It will only happen when using Tor. I did a normal DNS dig and a
tor-resolve simultaneously - the first pointing to the real IP
On Tue, Jan 20, 2015 at 10:26:12PM +0100, intrigeri wrote:
Assuming an ideal world in which they involve an equal amount of work,
among scramblesuit, meek, flashproxy and obfs4, which ones should we
prioritize our efforts on?
You shouldn't prioritise ScrambleSuit because it's superseded by
On Mon, Jan 12, 2015 at 10:51:36PM +0100, Alfredo Palhares wrote:
But using the safe switch does the following:
```
obfsproxy: error: unrecognized arguments: --data-dir=/path/to/data/
```
What is the exact command you are trying to run?
Here's a working example of a server run in external
On Wed, Dec 24, 2014 at 11:54:53AM +, Richard Brooks wrote:
I am a software developer who has been trying to use DNS2SOCKS but haven't
had much success with it communicating with the latest TOR
Bundle.
You might be interested in tor-resolve:
On Sat, Dec 20, 2014 at 09:12:58PM +0100, Sebastian G. bastik.tor wrote:
while there are more pressing issue, or not I had noticed previously
that all papers on anonbib from November 2014 have no papers. Well
November wasn't over, but now it is December.
Up to August 2014 papers have papers
On Thu, Nov 13, 2014 at 06:36:43AM +, Imran Ahmad wrote:
What simulators are available other than Shadow?
It's not a simulator but you might still be interested in ExperimenTor:
https://crysp.uwaterloo.ca/software/exptor/index.html
Cheers,
Philipp
--
tor-talk mailing list -
On Thu, Nov 13, 2014 at 02:08:49PM -0300, hellekin wrote:
I use onionspace regularly, and find onion service and onion site
equally attractive. Just wanted to remind you that not all onion
services are websites.
The term onion service could supersede hidden service and an onion
site could
On Sun, Oct 19, 2014 at 11:04:01PM +, Runa A. Sandvik wrote:
On Sun, Oct 19, 2014 at 11:02 PM, Virgil Griffith i...@virgil.gr wrote:
researchers setup an exit node and then recorded what sites people
were going to?
I believe you are referring to
On Tue, Oct 07, 2014 at 03:57:46PM -0700, Jeremy Gillula wrote:
1. Does anyone have an idea of what the usual churn rate is for Tor
nodes? (I'm guessing fairly low for most nodes, but if anyone has even
rough numbers, that would help...)
I'm late to the party but the following might also be
On Thu, Jul 31, 2014 at 07:21:59PM +, Nusenu wrote:
I think we need to distinguish between the report and the
discussion. Ultimately, a report that is acted upon *cannot* remain
secret. As soon as a relay gets the BadExit flag, the operator can
figure out that they got caught. As a
On Thu, Jul 31, 2014 at 01:58:18PM -0700, Seth David Schoen wrote:
Roger Dingledine writes:
But in this particular case I'm stuck, because the arms race is so
lopsidedly against us.
We can scan for whether exit relays handle certain websites poorly,
but if the list that we scan for
On Wed, Jul 30, 2014 at 11:03:03PM +, Nusenu wrote:
If it's reproducible, we attempt to get in touch with the relay
operator
Does this imply that you try to fix the issue with an confirmed bad
relay before assigning them the badexit flag?
(opposed to flagging them first - which means
On Wed, Jul 30, 2014 at 11:33:05PM +, Nusenu wrote:
I raised this question already some time ago [1] but I guess the
discussion there ended with the busy PETS week ;)
Sorry, I must have missed that email. First of all, thanks for your
feedback and for putting so much thought into this!
On Thu, Jul 10, 2014 at 08:02:32AM -0700, C B wrote:
Any chance of creating a non-javascript version of the Atlas,
at https://atlas.torproject.org/ ? I can access it by allowing
temporary all access, but it seems that it would be easier if a
non-javascript version could be created, or added.
On Sun, Jul 06, 2014 at 10:57:18PM -0400, Soul Plane wrote:
Last night I noticed my relay path was using two PPTOR relays. I don't
know much about Tor but from what I've read I thought servers that are
related are supposed to identify themselves as such. Just because two
servers have similar
On Tue, Jul 01, 2014 at 01:23:27PM +0900, saurav dahal wrote:
In atlas.torproject.org, I saw Bandwidth rate, burst and observed. Can
anybody please explain these terms with the following example:
Nickname IPredator
*Bandwidth values*
Bandwidth rate: 1073.74 MB/S
Bandwidth burst: 2097.15
On Fri, Jun 27, 2014 at 04:26:30AM -0700, Bobby Brewster wrote:
How could a person who is sniffing / stripping exit traffic be detected?
We recently did some work on that:
http://www.cs.kau.se/philwint/spoiled_onions/
Long story short: Active attacks such as sslstripping are easy to detect
On Thu, Apr 10, 2014 at 09:55:03PM +0200, Moritz Bartl wrote:
On 04/10/2014 03:01 PM, Marcos Eugenio Kehl wrote:
Hello experts!
What do you think about Pogoplug?
https://pogoplug.com/safeplug
Why do I use it instead of Tor Browser in my computer?
Nothing is safe enough against NSA.
On Mon, Mar 10, 2014 at 06:43:31PM +, Gordon Morehouse wrote:
I have been doing some testing of sending email over Tor and today ran
into a definite BadExit (but not flagged, clearly) because there was a
blatant MitM attempt on three separate occasions when I initiated a
TLS/SSL SMTP
On Sat, Feb 08, 2014 at 11:11:16PM +, ar...@runbox.no wrote:
I'm using IMAPS over Tor for email purposes. Sporadically I get
'password incorrect' errors which usually go away when I click 'Retry'.
Is this some kind of MitM attack?
Real MitM attacks typically don't cause password
On Wed, Jan 22, 2014 at 03:36:10PM +, Elysius wrote:
The more I read about various exit node exploits, the more convinced I
am that Tor's future is in beefing up hidden service functions and
keeping as much traffic as possible within the Tor network.
These weren't really exploits, just
On Wed, Jan 22, 2014 at 11:30:09AM -0500, William Conlow wrote:
I have a basic question about the Spoiled Onions report. The bad onions
mean that someone could block traffic, could re-direct traffic, or
otherwise censor content, but they couldn't de-anonymize users nor could
they prevent user
On Mon, Nov 25, 2013 at 01:25:37PM +, Gibson, Aaron wrote:
On 2013-11-23 19:38, Philipp Winter wrote:
On Sat, Nov 23, 2013 at 02:22:48PM +, Mark McCarron wrote:
How about a certification program? A company can donate some
funds to have their product evaluated and if successful gain
On Sat, Nov 23, 2013 at 02:22:48PM +, Mark McCarron wrote:
How about a certification program? A company can donate some
funds to have their product evaluated and if successful gain
TOR Certified status. It would stop all this nonsense and
provide everyone the opportunity to request
On Tue, Oct 01, 2013 at 06:21:19PM -0700, Arlo Breault wrote:
We're considering launching a new check,
https://check2.torproject.org/
It'd be appreciated if you could take a moment to look for false negatives,
and let us know.
I just iterated over all active exit relays and used Python's
On Fri, Oct 25, 2013 at 12:17:57PM +, Mads Tinggaard Pedersen wrote:
I am not concerned about the practical stuff, such as IP addresses, version
numbers, etc. Only what nodes in the network graph is connected to one
another.
This paper might interest you:
On Fri, Oct 25, 2013 at 03:33:35PM +0200, Lunar wrote:
Philipp Winter:
On Tue, Oct 01, 2013 at 06:21:19PM -0700, Arlo Breault wrote:
We're considering launching a new check,
https://check2.torproject.org/
It'd be appreciated if you could take a moment to look for false
negatives
On Tue, Oct 01, 2013 at 06:21:19PM -0700, Arlo Breault wrote:
We're considering launching a new check,
https://check2.torproject.org/
How about changing Your browser... to This browser...?
I believe that Andrew once reported that some users interpret your browser as
my most favourite browser
Over the past months, we have been working on the ScrambleSuit pluggable
transport protocol [1]. The code has now reached some maturity and it's time
to test it! I set up a dedicated bridge and compiled a set of installation
instructions listed below. You get bonus points if you test the bridge
On Thu, Aug 01, 2013 at 11:08:04AM +, Marcos Eugenio Kehl wrote:
2. Must I erase all the metadata inside event logs in Windows 8, and use
CCleaner after close Tor Browser?
3. We could talk a little bit more about computer forensics.
Thanks.
You might find this technical report
On Sat, Jul 27, 2013 at 03:06:22PM +0300, Lag Inimaineb wrote:
If so, what I meant was that since the TOR protocol is encapsulated within
TLS, as is HTTPS traffic, then the differentiation will have to occur after
the TLS handshake, which (assuming Iran/China/etc do not have a forged
On Mon, Oct 15, 2012 at 07:25:01AM -0600, somepony wrote:
Is there a reason there is not a board or forum for Tor, or that it
doesn't come up on Google? I'm not talking Usenet or IRC, I'm
talking something my mother-in-law can find, understand and use.
There are several reasons for this.
On Tue, Aug 14, 2012 at 12:29:05AM +0200, HardKor wrote:
Is it possible to connect to Tor from Ethiopia ? Is there any blocking
strategy ?
The standard TBB does not work because Ethiopia is currently fingerprinting and
dropping both, the TLS client and server hello. More details are available
On Thu, Aug 09, 2012 at 11:23:52PM +, adrelanos wrote:
I'd be also interested in a top50, 100, 1000, x of regular Tor exit
traffic.
The following two papers took a look at that, among other things:
http://freehaven.net/anonbib/#mccoy-pet2008
http://freehaven.net/anonbib/#huber2010tor
On Mon, Jul 30, 2012 at 01:11:14AM -0400, Simon Brereton wrote:
Like the OP, I would love a Tor-for-dummies paper/e-book/guide.
The recent reddit.com QA contains some easily digestible information:
On Thu, Jun 28, 2012 at 07:45:53AM +0100, sy00963-...@yahoo.fr wrote:
When using Tor in a local network, what the network administrator can see if
he checks my activity on the network??
The correct answers have already been given but you might also be interested in
this link:
On Thu, May 10, 2012 at 03:08:31PM -0400, Matthew Kaufman wrote:
Why can't there be some manner of anonymity such as remote VNCing to a
remote computer (say a web server desktop on Gnome running on an Amazon AWS
cloud)...
This way your true identity is an Amazon AWS cloud IP and say you are
67 matches
Mail list logo