is good enough. :)
Yea, the extension quirk I think is a bit much, but I fixed the number
of hops - now that I think about it closer, 3 makes more sense.
On 9 May 2015 at 12:35, grarpamp grarp...@gmail.com wrote:
On Tue, May 5, 2015 at 7:49 PM, Tom Ritter t...@ritter.vg wrote:
It's (now) http
On 5 May 2015 at 07:53, Fabian Keil freebsd-lis...@fabiankeil.de wrote:
Great.
A couple of comments (about v1.3):
Thanks! I made the changes and put up a 1.4
Page 141 and 142 seem to suggest that parsing strings is more
likely to be vulnerable than parsing binary data. Is that intended?
No
Hi all,
I've put together a slide deck that aims to provide a 100-foot
overview on little-t tor and Tor Browser. 100 foot, meaning I go into
a lot of technical detail, but not 10 or 1 foot which means some
things are definitely glossed over or handwaved a little. My
consistency with the 'foot
On 5 November 2014 03:04, grarpamp grarp...@gmail.com wrote:
On Tue, Nov 4, 2014 at 12:25 PM, Libertas liber...@mykolab.com wrote:
I think it would be a good idea to add OpenBSD to doc/TUNING because [...]
promoting OpenBSD relays benefits the Tor network's security.
Absolutely. Not just due
On 3 November 2014 17:05, Mike Perry mikepe...@torproject.org wrote:
I also have an OpenWRT configuration I can give you to monitor for proxy
leaks on an upstream router, but you need to be able to configure Tor
Bridges to make use of it.
Same idea, but I use a full linux machine as a router
On 28 August 2013 12:29, lee colleton l...@colleton.net wrote:
There is an indication that computers are connecting to the Tor
anonymizing proxy network from Antarctica. This information is anonymously
self-reported by the connecting client computers and it's entirely possible
that the
On 13 August 2013 05:48, Hyoseok Lee zeusy...@gmail.com wrote:
In Tor network
Is it possible to make specific node as exit node?
The ExitNodes configuration parameter.
https://www.torproject.org/docs/tor-manual.html.en
The standard caveat applies: messing with Path Selection in this way
is
Hey grarpamp,
You may have explained this elsewhere, but if so I missed it
(potentially while on an internet moratorium for the past week) - how
are you observing these statistics?
Thanks,
-tom
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go
On 19 July 2013 06:35, Ed Fletcher e...@fletcher.ca wrote:
On a related note, does having (what I assume is) a serious percentage of
the Tor relays in the Amazon cloud make it easier for the NSA to compromise
anonymity?
I don't think a 'series percentage' of relays are in EC2. I would
On Jul 11, 2013 11:41 PM, cl34r an0n102...@riseup.net wrote:
On 07/11/2013 11:24 PM, Gabrielle DiFonzo wrote:
Hi there,
Hi
I am currently running Windows 7 and my usual browser is Internet
Explorer. If I download Tor, will I still be able to use Internet Explorer
when I want to?
You can
On Jun 17, 2013 5:41 PM, Lunar lu...@torproject.org wrote:
Runa A. Sandvik:
On Mon, Jun 17, 2013 at 3:09 PM, Lunar lu...@torproject.org wrote:
One of the concern that was raised by Moritz is export capabilities of
Stack Exchange. How likely are we to switch to a self-hosted
application
Not that, this:
http://www.clearbits.net/feeds/creator/146-stack-overflow-data-dump.rss
It's torrent of all the data, made every 3 months, in a machine
readable format. Frankly, the StackExchange folks are pretty good
about this, if they didn't make the data available in that sort of
dump,
On 27 May 2013 20:52, Nathan Suchy theusernameiwantista...@gmail.comwrote:
Hi Everyone,
I looking for a good VPS provider in the United States for hosting a Tor
Exit Node. I am considerog linode. My price range is up to $20/month. I
would like the exit node to have power servers and very
On 28 May 2013 14:41, Nathan Suchy theusernameiwantista...@gmail.comwrote:
Would running a bridge on Amazon be a bad idea? I could afford that. I know
of an offshore provider that loves privacy projects. They only cost £10 a
month.
It's a supported mechanism: https://cloud.torproject.org/
On 27 May 2013 14:39, Micah Lee micahf...@riseup.net wrote:
Would it be fair to say that using the techniques published in this
paper an attacker can deanonymize a hidden service?
...but for the time being
the anonymity of the document upload server isn't one of them.
Switching to
On 24 May 2013 02:36, Andreas Krey a.k...@gmx.de wrote:
Can hidden services talk SPDY?
Sure they can. Just as well as ssh, smtp or pop3 or
anything else that goes over TCP.
I guess I should have phrased this as Can TBB talk to a SPDY enabled
HS? or Can users take advtange of a HS running
On 24 May 2013 09:25, Andreas Krey a.k...@gmx.de wrote:
On Fri, 24 May 2013 07:22:28 +, Tom Ritter wrote:
...
... Actually that's not true. I could have bought a certificate for a
.onion address, any .onion address, from any CA until the end of 2015.
How that?
.onion is not a real TLD
On 24 May 2013 15:36, Chris Patti cpa...@gmail.com wrote:
I understood the legal implications. See my above note about the abuse
report from Linode.
I'm not complaining, just noting that it's unfortunate that folks have to
abuse things.
In my opinion the tragedy here is not that people
On 23 May 2013 16:27, Nathan Suchy theusernameiwantista...@gmail.com wrote:
The hidden service protocol needs major modifications as it is very slow. I
actually don't use hidden services but see the use in them and think that
the hidden services need a better protocol...
Can hidden services
Hm, that's an tough question. TBB doesn't modify the FF code very
much at all, and the patches are pretty lightweight - they're all
listed here:
https://gitweb.torproject.org/torbrowser.git/tree/HEAD:/src/current-patches/firefox
although some of them do deal with caching.
The about:config
VLC has a lot of stuff going on inside of it. I would not be
surprised if there were proxy leaks that might be able to be forced by
someone doing something tricky. Say you enter a url to a flash video
and the content is intercepted and replaced with an RTSP stream that
VLC somehow interprets,
On 1 May 2013 15:29, David Vorick david.vor...@gmail.com wrote:
I don't know what I'm talking about, but here goes:
If you were to put flash in a sandbox that had a fake IP address, might
that make the sandbox incompatible with the tor network? When you are
communicating, even over the tor
I finally watched the recent FlashProxy talk, and the bit about Not
working on HTTPS intrigued me. I looked into it, and had two initial
ideas.
==
Mixed Content. This isn't great, but it's something that might work for now.
Chrome and FF do not block an HTTP iframe on an
On 15 March 2013 18:34, Joe Btfsplk joebtfs...@gmx.com wrote:
Don't know if this will always work, for all providers, but I have set torrc
to use only exit nodes in my country
I don't think this should be a recommended practice, because (while
you are in that country) it explicitly enables your
On 16 March 2013 13:54, Joe Btfsplk joebtfs...@gmx.com wrote:
I think Gmail may do same thing, if try to login w/ exit
node from a different country than used to sign up for the acct (not sure).
According to the guy at Google who has posted here before, they
require you to verify yourself (e.g.
On 9 January 2013 10:05, Alexandre Guillioud
guillioud.alexan...@gmail.com wrote:
Hi all,
I'm reading your conversation, and i'm not understanding very well what you
mean by high/low latency network. Isn't it just a ping duration delta ?
You speak about low and high latency like it's a
On 9 January 2013 10:33, Alexandre Guillioud
guillioud.alexan...@gmail.com wrote:
Wooo thank's Tom ! First time using mailing lists, i'm going to like it :D
(and it's not a problem to answer from work :DD).
Ok, so i understand what you're meaning by high/low latency network.
Just, why don't
On 8 January 2013 01:18, Moritz Bartl mor...@torservers.net wrote:
On 08.01.2013 05:29, grarpamp wrote:
It is an interesting questions, if with a modern user interface, can they
get to new life?
I see no reason the state of the art from the legacy remailer types
can't be combined and updated
I'm hoping this will be of interest to this list. To encourage
interest in the waning art of remailers, I'm starting what I aim to be
a long series on how they work, design choices, technical limitations,
and attacks. The first five are now live at https://crypto.is/blog/
-tom
On 7 January 2013 15:53, David H. Lipman dlip...@verizon.net wrote:
I hope you fully elaborate on how remailers are used for abuse.
--
Dave
I intend to, but I've never been the receiving end of remailer abuse,
so I've only got academic knowledge. I had a few ideas I was
brainstorming about
On 19 December 2012 07:16, and...@torproject.is wrote:
There's a larger plan forming to scrap the current blog and convert it
to something like jekyll/hakyll with the content served from git. We'd
like to do this for the entire website, too. The step holding up the
blog migration is the
On 18 December 2012 17:52, nile...@hushmail.com wrote:
Hello everyone.
I have a small question.
Does Tor Browser protect against IP/DNS leaks more than regular Firefox?
If I change the network settings in regular Firefox to local proxy and then
disable the Tor service, I cannot connect to
I'd design as much or all of the db-parts of the site to load over AJAX as
possible, so you can put up a nice Loading... message. Keep a persistent
connection to the database; don't connect for every client (pconnect in
PHP). Maybe do a redundant design that aims for eventual consistency if
you
On 12 November 2012 08:27, HardKor hardkor.i...@gmail.com wrote:
Looks easy no ?
Any way for Alice to mitigate such attacks ?
Two nodes hosting the same .onion in diffrent locations ?
Something else ?
I think different operational practices would solve the problem. For
example, Host the
On 4 October 2012 00:27, and...@torproject.is wrote:
I think you would be the first to want this
I don't know if I'd say that... I think TorBrowser could be improved
by integrating Tor+Vidalia+Firefox into a single app. This may also
go towards fixing the user confusion with having several
Other good news: no one registered for .onion, and it's going to be
several years until the next round of applications open. Hopefully by
then, the process will be much smoother than this time around.
It's possible that next time around, Tor could apply for .onion, and
use it as a tor2web portal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I agree with Jake. Less information disclosed is better.
Under some circumstances I will encrypt a message to recipients not in the
email. For example, if I am emailing on behalf of a group, I will encrypt to
the group, even if I do not CC/BCC
On 23 June 2012 18:20, Roger Dingledine a...@mit.edu wrote:
- Start summarizing Tor research papers on the blog more regularly. There
have been a huge number of really important research papers lately,
and most Tor people don't know about them. Should I summarize them on
the blog (for a
On 5/9/12 2:52 PM, Jerzy Łogiewa wrote:
when building webserver I want only 127.0.0.1 able to connect - not the
internet and not 192.168.x.x even!
this is for hidden service _ONLY_ and no one even on local network should be
able to probe for it.
i know how to setup hidden service
On 19 April 2012 11:50, Fabio Pietrosanti (naif) li...@infosecurity.ch wrote:
Apache does it with Mod_Security:
http://www.modsecurity.org/documentation/apache-internal-chroot.html
ProFTPD does it with DefaultRoot:
http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html
To
40 matches
Mail list logo