Re: [tor-talk] MITM attack: How to see Tor Messenger's exit node?

Nurmi, Juha: >> How can someone mitm Hidden Service connections? > > This has nothing to do with hidden services. I had XMPP conversations with > other jabber users so the traffic exits from the Tor network. > > -Juha > And the jabber servers weren't using TLS? I think it's more likely someone

Re: [tor-talk] MITM attack: How to see Tor Messenger's exit node?

Nurmi, Juha: > Hi, > > Yesterday, when I was using Tor Messenger, I detected that Off-the-Record > Messaging fingerprints are not matching! > > There seems to be a man-in-the-middle attack. The attacker probably is an > exit node. > > I was comparing public key fingerprints through a secure

Re: [tor-talk] Innocent Seattle Exit Operators And Privacy Advocates Raided

Phil Mocek: > This leaves one to wonder if preparation for such potential > seizure, such as isolation of "your computer" on which the exit > runs from other computer hardware effectively satisfies EFF's > objection to running an exit at home. Cops seize everything at the address that has an USB

Re: [tor-talk] Operation Onymous Technical Explanation?

CANNON NATHANIEL CIOTA: > Seeking technical information on how hidden services were de anonymized > and what updates to HS protocol was applied as a mitigation. > Thanks, A protocol flaw allowed Guard-node and Exit-node (or that thing that does rendezvous, forgot the name) to talk to each other

Re: [tor-talk] Tor and browser lock

tor_t...@arcor.de wrote: > Hi Tor Talkers, > > will that "lock" apply to the Tor browser, too? > > https://torrentfreak.com/rightscorp-plans-to-hijack-pirates-browsers-until-a-fine-is-paid-160402/ > The company says new technology will lock users' browsers and prevent > Internet access until

Re: [tor-talk] large increase in .onion domains

Lots of fucking cryptolocker ransomware, generating an own onion and bitcoin address for every "customer". Scfith Rise up: > I am just wondering why there has been a huge increase in .onion domains on > http://metrics.torproject.org. Is this just an error or something else going > on? > --

Re: [tor-talk] Danish data retention on steroids

Niels Elgaard Larsen: > * Session volume (number of bytes) > 1. Tor would kill this right at the entry-node? Even a user fired up > TorBrowser, typed in http://example.com/foo.mp4, watched the video and > closed the brower, there would be enough negoitiation to obfuscate the > bytecount? > I

Re: [tor-talk] Escape NSA just to enter commercial surveillance?

> George: > Moreover, if Facebook, etc, decide to employ hidden services, it is good > publicity against the "hidden services are for terrorists and other > evil-doers" meme. Absolutely this. Also Facebook's intention was to give citizens of oppressive regimes a simple way to access US controlled

Re: [tor-talk] Using VPN less safe?

Oskar Wendel: > Today I thought about something... > > Let's assume that attacker (government) seizes the hidden service and > wants to run it and deanonymize its users with traffic correlation. > > Attacker could easily tap into major VPN providers traffic and try to > correlate their traffic

[tor-talk] Attention tor-talk ,what happened,??

What happened?? tor used to be about torture, killings live killings and videos where are those now I can't even seem to get in a chat room what is up with this, what is up with that?! I want to get through tor talk now guide me!! Y'all become complicated or have you moved to a different website??

Re: [tor-talk] Russia actually kind of cracked (?) Tor

> Tempora. BTW that boxes not only intercept traffic, but also store and > analyze it. > > I recommend you read The Red Web by Andrei Soldatov and Irina Borogan, > it describe Russian surveillance in details. > > aka: >> Looks to me like average lawful interception seen

Re: [tor-talk] ru news

NSA can't listen to traffic inside Russia and vice versa. Both attackers want to redirect traffic to their nodes or nodes inside their wiretapping abilities. Ivan Markin wrote: > aka: >> To correlate Tor traffic you need to control a majority of nodes. If >> both Russia and NSA

Re: [tor-talk] ru news

Do you honestly let a snakeoil company read all your emails and let them fingerprint every email you send? Allen: > > This > email has been sent from a virus-free computer protected by Avast. > www.avast.com

Re: [tor-talk] Russia actually kind of cracked (?) Tor

Looks to me like average lawful interception seen in the west, except crypto is excluded. In no way this can count as mass surveliance. Anton Nesterov wrote: > System of technical facilities aimed to providing functions of Operative > Investigative Operations, it's a Russian mass surveliance

Re: [tor-talk] ru news

To correlate Tor traffic you need to control a majority of nodes. If both Russia and NSA try to control them, both fail. Zenaan Harkness wrote: > Of course not - I mean compete in running Tor ("sub") networks, e.g. > running a bunch of state level relays/ guard nodes/ exit nodes, with > intention

Re: [tor-talk] Answer from Chris Dagdigian to WH Depperman

Please see professional help for your schizophrenia. William H. Depperman wrote: > >bla bla bla > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Islamic State

Remove kebab Terrence Gordon wrote: > How can I help out in the war against ISIS? > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Can it be used on a android phone.

Orweb uses the built in webview feature of android, which can't use remote dns resolving (required for .onion) and is not secure and fails to protect your IP with html5 videos e.g. Use Orfox instead, it's a Firefox fork with full socks5 support, so .onion sites should work too.

Re: [tor-talk] Fwd: [tor-relays] Tor Project slandered?

Television is not a safe space. grarpamp wrote: > -- Forwarded message -- > From: Larry Brandt > Date: Wed, Nov 4, 2015 at 12:01 PM > Subject: [tor-relays] Tor Project slandered? > To: tor-rel...@lists.torproject.org > > > Last night my wife and I caught an

Re: [tor-talk] How the NSA breaks Diffie-Hellmann

Are curve25519 and ed25519 assumed "secure"? Both are not included in cookie cutter crypto libraries like openssl, hence less applications using them. I don't know how to feel about algorithms only used in OpenSSH, Tor, i2p and GNUnet. Lluís wrote: > Pretty reassuring and comforting. :)) > >

Re: [tor-talk] Iovation insinuates Tor Users are bad

A: Hi, I would like to order some snakeoil for my business. B: Would you like to try a new shitty startup waiting to be bought by big players? A: Yes, that sounds nice. B: We serve it as a parallax hipster website hacked together in bootstrap. A: I love to oversimply threats and put all actors

Re: [tor-talk] Super speed Tor

I sometimes get ~1MByte/s on exit nodes, which is enough to stream youtube in 720p. If you parallelize multiple TCP connections you easily get ~2MByte/s to a hidden service. Whole speed = min(your ISP, every relay in circuit, exit node/hidden service) Also the latency has a huge influence on the

Re: [tor-talk] Tor

US Navy wanted a mesh network for their ships so an adversary couldn't determine by passively listening what ship is the flagship. It is literally on the Torproject page https://www.torproject.org/about/torusers.html.en kennedy weinrich: > What was the main purpose in creating Tor or the Tor

Re: [tor-talk] pidgin and tor

Malte wrote: > On Monday 28 September 2015 21:51 mtsio wrote: >> Hello everyone, >> >> Is it safe to use pidgin over tor? > > As an alternative there is https://dist.torproject.org/tormessenger/0.1.0b1/ > > I could not find a release annoncement for the beta but the "don't use it > except for

[tor-talk] Making TBB undetectable!

Wasn't Mozilla working on a Firefox which uses Tor for "Private Browsing"? https://wiki.mozilla.org/Privacy/Roadmap/Tor If millions of people would use the same Firefox on the same version with mostly the same browser/javascript behaviour, it would make TBB obsolete. Wouldn't it make more sense to

Re: [tor-talk] Potential uses for the Tor network

Bryan Gwin wrote: > My name s Bryan Gwin (I have my masters in computer science) and I have a > quick question. Is it possible for someone to design some software that can > utilize the Tor network (i.e. software that will allow users to communicate > with each other through the Tor Network

Re: [tor-talk] How to write program that uses Tor network

Google how to use Socks5 with boost and set 127.0.0.1:9050 as proxy. On Sep 30, 2015 5:14 AM, "Tyler Hardin" wrote: > Hi, I'm writing a spider in C++ and thinking about running it on the Tor > hidden network. I'm using boost::asio for the network API. What would be > the

Re: [tor-talk] Please help us...

Configure your message board software so all posts from Tor exit nodes IPs need to be moderator approved. It takes seconds per post for a mod to check and minutes for a malicious individual to post. If your message board software doesn't support this, just block all Tor exit nodes IPs for a week

Re: [tor-talk] pidgin and tor

Pidgin on Windows by default isn't compiled with libjingle support. k...@jondos.de wrote: > Hi, > >> Is it safe to use pidgin over tor? > > You have to compile Pidgin by self without "libjingle", because the > Interactive Connectivity Establishment (ICE) of "libjingle" will breakout > the proxy

Re: [tor-talk] New methods / research to detect add-ons?

Every add-on installed/not installed gives you one more bit of detection. For example to detect HTTPS-Everywhere you start a http connection via javascript and check if it gets automaticly upgraded to https. To detect Adblock you check via javascript if a certain ad got loaded. To detect

Re: [tor-talk] Making TBB undetectable!

Can't TBB devs just patch in a hardcoded 1366x768 window and screen size in the javascript handler? Also, if you want true undetectability you need to install a Tor instance and your OS for TBB in seperate VMs and setup the Tor VM to be a transparent router for your OS, so even if

Re: [tor-talk] Multiple IP's

You could start multiple Tor instances on different ports (9050, 9051, 9052...) with their own torrc file limiting to only 1 exit. That way you will get the same multiple IPs every time. Your game must support SOCKS proxies though (if it isn't a browser game). kelly marsman wrote: > Hi there!On a

Re: [tor-talk] IBM says Block Tor

IBM also develops surveilance hardware for oppressive regimes, no surprise they are against free speech and democracy. https://www.eff.org/deeplinks/2015/02/eff-files-amicus-brief-case-seeks-hold-ibm-responsible-facilitating-apartheid Anders Andersson wrote: I couldn't find what they mean with

Re: [tor-talk] future of torstatus.blutmagie.de

Did the hosting provider tell you his reason for terminating your contract? Olaf Selke wrote: Hello folks, my hosting provider terminated the contract for my two dedicated servers located in the Bertelsmann data center in Guetersloh, Germany. This is effective to 10/31/15. Thus I will

[tor-talk] Can't automaticly update TBB

Hi, I tried to automaticly update the TBB using the integrated updater, however it doesn't start afterwards anymore. When I manually start firefox.exe it closes without any error message whatsoever. This isn't the first time, I always completely removed the TBB and reinstalled from the installer

[tor-talk] Can't automaticly update TBB

Hi, I tried to automaticly update the TBB using the integrated updater, however it doesn't start afterwards anymore. When I manually start firefox.exe it closes without any error message whatsoever. This isn't the first time, I always completely removed the TBB and reinstalled from the installer

Re: [tor-talk] HORNET onion routing design

Atm CPU is the bottleneck as Tor routers can't keep up with path lookups crypto. Padding messages to consume more unused bandwidth to make netflow correlation attacks more difficult makes sense. Seth David Schoen wrote: Has anybody looked at the new HORNET system?

Re: [tor-talk] problem

This is common behaviour as half of the internet trusts cloudflare and other DDoS protection providers with their traffic. These have built-in anti-Tor measures to make life miserable for people who want anonymity and privacy. Bill Cunningham wrote: Now I am noticing that a lot of things seem to

Re: [tor-talk] tor not running

Tor doesn't need .NET framework. Where did you download your Tor package? It appears you installed malware/adware pretending to be Tor. Bill Cunningham wrote: Hello, I posted a little while back about my XP x64 not opening Tor. I wrote to tor's help desk too and received no answer. I

Re: [tor-talk] evidence that Tor isn't amoral?

Tor is the German word for gate, it's literally a gate to a nazi goverment! WAKE UP SHEEPLE! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] evidence that Tor isn't amoral?

I must admit, I have never ever stumbled upon a single picture of child porn in my entire life, although I frequent imageboards and onion services. I have seen snuff, zoophilia and furry porn, but no porn of clearly underage persons. I would even go as far as saying there never was any child porn

Re: [tor-talk] evidence that Tor isn't amoral?

. Somehow for 1 and 2 our society advises solely psycho therapy, but for 3 we immediately advise irreversible surgery, because it's so progressive, tolerant and people like it on facebook. Andreas Krey wrote: On Mon, 13 Jul 2015 16:38:34 +, aka wrote: ... all other points are just plain

Re: [tor-talk] Hacking Team looking at Tails

Fact 1: Hacking Team could only infect a simple BIOS firmware of some Asus notebooks, because those didn't check for signature. Hacking Team did not have a valid certificate for the Microsoft certificate chain in every mainboard to bypass secure boot. Fact 2: You can always replace the Tails boot

Re: [tor-talk] evidence that Tor isn't amoral?

Ah, I see the zionist in Hollywood are at it again, demonizing technology which supports free speech and anonymity. Drew Fustini wrote: Greetings - I am a Tor Browser user and also an operator of a couple Tor relays. I believe the Tor Project has a noble mission. An online friend recently

Re: [tor-talk] Regarding the Hacking Team leak and the TOR interception (all uppercase Tor obviously)

. The infected client would have to use internet explorer or chrome, setup for tor usage. chloe wrote: Hello, how would this method work if an infected client tries to visit a hidden service? Regards, Chloe aka skrev den 7/7/2015 16:52: Nothing special, they try to infect the machine using

[tor-talk] Regarding the Hacking Team leak and the TOR interception (all uppercase Tor obviously)

Nothing special, they try to infect the machine using browser exploits while the victim surfs without Tor. The malware then manually installs an ssl cert and redirects the browser proxy from 127.0.0.1:9050 to evilguys.com:9050, which does ssl interception with that installed ssl cert. At the time

Re: [tor-talk] Fighting human trafficking (on Tor and elsewhere) with Python

Self-promotion for SJW hipster podcaster who can't program shit and uses python. Muh feels Anonymity is bad Tor is only child porn We need to regulate anonymity fuck off shill Chris Patti wrote: Folks we just did an interview with Eric Schles of the Manhattan DA's office who wrote a bunch of

Re: [tor-talk] Clear net and Tor site on the same server

means you're handling much less traffic, and so the memory footprint is much lower. And running an onion service (aka hidden service) is usually very low memory footprint too, but it depends how popular the service is. Hope that helps, --Roger -- tor-talk mailing list - tor-talk

Re: [tor-talk] Question regarding some strange behavior on some exitnodes

You should also check out cloud hosters: upload pdf, doc or txt with unique hidden service urls and log pageviews with php. Create a dump.php which dumps getallheaders() to a file and then create URL redirections at your webserver so all url requests get internally executed with dump.php without

Re: [tor-talk] Is this still valid?

Your traffic is visible to the exit node. The exit node has to transmit your traffic in plaintext if your destination doesn't support TLS. Same goes for your ISP, country, company firewall and so on. This vulnerability can't be fixed without proper end-to-end encryption. You are much safer with

Re: [tor-talk] Panda antivirus now thinks Tor.exe is a virus

Panda AV detects a lot of false positives, including itself: http://www.pandasecurity.com/usa/enterprise/support/card?id=100045 https://www.virustotal.com/en/file/5590eee15536b9c585e9b8bfebfacebeb6d9b9ef5a436535b48b75a6a029f06b/analysis/1434471994/ VT says it's not detected by Panda, so might be

[tor-talk] Some Tor downloads are 0 byte in size

https://dist.torproject.org/torbrowser/4.5.2/tor-win32-0.2.6.9.zip https://dist.torproject.org/torbrowser/4.5.2/torbrowser-install-4.5.2_it.exe accessed via TBB using HTTPS -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to

Re: [tor-talk] What's better than Tor for criminals?

Proxies on infected machines. Better means higher success when conducting criminal activities: purchases will less likely be marked as fraud, IPS will less likely block a connection. It's not more anonymous, just more useful for criminal activities. torl...@ruggedinbox.com wrote: Hello... I'm

Re: [tor-talk] Hola.org routes his vpn traffic over customers like tor

A blessing for credit card fraudsters. Unsurprisingly the jews are behind this. Muri Nicanor wrote: hi, On 05/24/2015 11:07 PM, aka wrote: https://hola.org/ https://8ch.net/hola.html states: Hola was created by the Israeli corporation Hola Networks Limited at the end of 2012

[tor-talk] Hola.org routes his vpn traffic over customers like tor

https://hola.org/ If you install and use hola, it uses your internet and IP for other customers traffic to unblock media and such. It's basicly tor where every user is an *:* exit. Why are the police states of this world not banning it? Claims to have 46 million users. Tor has a lot less users

Re: [tor-talk] someone doesn't like my IP

Yes, half of the internet doesnt like Tor exits, because they trust an NSA-operated cloud service (cloudfront) with their traffic. Step 1: Be NSA Step 2: DDoS popular websites with NSA botnets Step 3: create anti-DDoS service to protect and wiretap customers d...@openmailbox.org wrote: Hi. I'm

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

Sorry, I forgot to add a trigger warning for you sensitive social justice warriors. Please keep discussion in English and desist from using personal insults or other ad-hominem arguments on tor-talk. Speak Freely wrote: Désolé, mais je pense que vous êtes un chapeau de cul. aka: ... long

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

The common user does not apply to all threat models. If you are a high volume recreational drug salesman, you must expect 0days and snitches. If you however are merely a recreational drug consumer, Tor can cover all of your security risks, because only low cost automated investigation will be used

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

will be a nail in Tor's coffin. t...@t-3.net wrote: On 04/24/2015 06:46 PM, aka wrote: buying recreational drugs and watching censored adult porn (which honestly is 90% of Tor's current userbase anyway) Speak for yourself. (Because, right. Clearly it has proven technically feasible for you

Re: [tor-talk] Clarification of Tor's involvement with DARPA's Memex

We will help collecting metadata to punish opsec failures of Tor users, since the data is public anyway. Also if we don't do it, someone else will. Judging by comments on technews sites, it's highly paradox that Torproject wants to develop a data retention and indexing service for a domain which

[tor-talk] High CPU-usage every hour

Hi, I am using multiple Tor instances on the same machine and my CPU-usage goes goes way up for a few seconds in exact one hour intervals. Is this regular behaviour (generating new RSA keys?) or is it an anomaly of an ongoing attack? -- tor-talk mailing list - tor-talk@lists.torproject.org To

Re: [tor-talk] SSL Visibility Appliance

You need to install the sniffers CA certificate to allow them to break your TLS connections or you need to hack a trusted CA to create some wildcard ones (Comodo incident). Some software like Chrome also uses cert pinning, so only a hardcoded cert is allowed. Afaik Tor uses hardcoded certs for the

Re: [tor-talk] Making Apache server talk to the Tor network?

You probably want your apache to download files from hidden service or web via exit nodes transparently. I advice you to create a virtual machine for the apache server, which has a network interface shared with the host. For the apache vm use 10.192.0.10/255.255.0.0 with 10.192.0.1 as a gateway