Re: [tor-talk] Hiding stuff

antispa...@sent.at: > On Fri, Jul 13, 2012, at 23:37, proper wrote: >> But what will never change is, the more anonymity/privacy/security you >> want, the more technical knowledge you'll need. We'll continue to >> provide loads of additional information to make it

Re: [tor-talk] Hiding stuff

antispa...@sent.at: > On Fri, Jul 13, 2012, at 23:25, proper wrote: >> For people who really can't abstain from Flash / Java it's the best >> option I know of. > > It does sound wonderful. But it sure needs a powerful machine. A CPU > designed for lower

Re: [tor-talk] Hiding stuff

antispa...@sent.at: >> Some are cross platform and depending on your hardware, they are also >> quite fast. > > What do you mean by fast? Can they make tails responsive on a AMD E350. > The qualities of that are low power consumption and being a true dual > core. You must test it and decide if it

Re: [tor-talk] Hiding stuff

Praedor Atrebates: > On 07/13/2012 06:22 PM, antispa...@sent.at wrote: >> On Fri, Jul 13, 2012, at 22:14, proper wrote: >>> My non-offical project supports [1] that. Java and Flash do not leak IP >>> or DNS. >> Even without leaking IP, they have far too much pow

Re: [tor-talk] Hiding stuff

antispa...@sent.at: > On Fri, Jul 13, 2012, at 22:14, proper wrote: >> My non-offical project supports [1] that. Java and Flash do not leak IP >> or DNS. > > Even without leaking IP, they have far too much power for a far too > small benefit. The ability to write or

Re: [tor-talk] Hiding stuff

antispa...@sent.at: > On Fri, Jul 13, 2012, at 16:38, Praedor Atrebates wrote: >> My main interest in emulators and/or VMs is to be able to use tor >> browser but also leave some of the add-ons activated (javascript, flash) >> and STILL defeat tracking. Tor gives you ip X and the VM provides a

Re: [tor-talk] Hiding stuff

Praedor Atrebates: > On 07/13/2012 02:15 PM, antispa...@sent.at wrote: >> On Fri, Jul 13, 2012, at 13:41, Praedor Atrebates wrote: >>> Would not cpu/system data get hidden if you ran tor browser inside an >>> emulator? >> Yes, an emulator with Tails. But, why should people have to do all that >> an

Re: [tor-talk] Hiding stuff

Praedor Atrebates: > Would not cpu/system data get hidden if you ran tor browser inside an > emulator? Depends on virtualizing platform and settings. For Virtual Box... try: cat /proc/cpuinfo Power off VM. Restart VM. Then run: VBoxManage modifyvm "VMname" --synthcpu on check again: cat /proc/c

Re: [tor-talk] Hiding stuff

antispa...@sent.at: > On Fri, Jul 13, 2012, at 15:02, proper wrote: >> antispa...@sent.at: >>> I remember reading about installing more extensions as a bad >>> thing as it might identify a Tor configuration from another. But >>> can't this be hidden? >&g

Re: [tor-talk] Hiding stuff

antispa...@sent.at: > I remember reading about installing more extensions as a bad > thing as it might identify a Tor configuration from another. But > can't this be hidden? Maybe. Would require development which no one wants to take. > I know extensions can answer javascript > requests. Is it po

Re: [tor-talk] Hiding the server

Anthony Papillion: > I know that Tor does a good job at protecting users from discovery but > what about the server? Is it as hard to find as the clients? I'm > thinking no. It's a wide question. What are you interested in? What do you want to know about? Server software, operating system securit

Re: [tor-talk] hidden services 2.0 brainstorming

tor-admin: > Am Mittwoch, 11. Juli 2012, 17:43:52 schrieb Fabio Pietrosanti: >> Don't exaggerate, it still need a software client to access them, so the >> usability is heavily impacted. >> This imply that TorHS are not for general uses in the context of mutual >> anonymity . > What about a Firefox

Re: [tor-talk] hidden services 2.0 brainstorming

Fabio Pietrosanti (naif): > Yo, > > i really appreciate such discussion about empowering TorHS, a lot of > work still have to be done to make proper leverage of the capabilities > that TorHS provide. > > On 7/11/12 5:36 PM, proper wrote: >> I think the concept o

Re: [tor-talk] hidden services 2.0 brainstorming

Rejo Zenger: > Hi, > >> - You get transparent, free end to end encryption. No flawed root CA system. > > Just curious, maybe I am overlooking something: how would this be better than > a self-signed and self-generated certificate (apart from the user not being > nagged with a warning)? Self-si

[tor-talk] hidden services 2.0 brainstorming

I think the concept of hidden services has a lot potential. Not only because they are hidden. Let's face it: - You get a free domain for live. - You get transparent, free end to end encryption. No flawed root CA system. - That's something remarkable, isn't it? With some modifications/improvements

Re: [tor-talk] HTTPS to hidden service unecessary?

HS + SSL makes sense: - stronger encryption Not looking too long for a good source... https://trac.torproject.org/projects/tor/wiki/doc/HiddenServiceNames If you decide to run a hidden service Tor generates an RSA-1024 keypair. The .onion name is computed as follows: first the SHA1 hash [...]

Re: [tor-talk] hidden service on same location as public service

wrote: > i'm wonder if it makes any sense to allow users to access a public web server > access normal at same time as hidden service on same machine? Yes. - saves exit bandwidth - will continue to work even if all exits are shut down - exit policy/ports do not matter - more diversity - more legi

[tor-talk] Torsocks with socks auth defunct? (IsolateSOCKSAuth)

e IsolateSOCKSAuth works, which was the case. Either I my configuration is wrong or this is a bug in torsocks. Do you have any ideas? Cheers, proper __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___

Re: [tor-talk] How to pin the SSL certificate for torproject.org?

wrote: > >> >> Fetchmail, msmtp, etc can all connect to a host, > >> >> take that cert fingerprint, compare it to the one you've > > >> >> configured, and drop the connection if they differ. > >> > > >> > That may work against some adversaries but not against very > clever adversaries. > >> He can

Re: [tor-talk] How to pin the SSL certificate for torproject.org?

wrote: > >> Fetchmail, msmtp, etc can all connect to a host, > >> take that cert fingerprint, compare it to the one you've > >> configured, and drop the connection if they differ. > > > > That may work against some adversaries but not against very clever > > adversaries. > He can let the first co

Re: [tor-talk] TorBirdy 0.0.9 released - testing and feedback requested!

wrote: > First of all thanks all for developing TorBirdy, > > I just DLed and installed Mozilla Thunderbird then TorBirdy, > I have a problem , i can send email via a Gmail account, but via Yahoo > account I get error, it seems that can not connect to Yahoo smtp server, > > the default chosen yaho

Re: [tor-talk] How to pin the SSL certificate for torproject.org?

wrote: > Fetchmail, msmtp, etc can all connect to a host, > take that cert fingerprint, compare it to the one you've > configured, and drop the connection if they differ. That may work against some adversaries but not against very clever adversaries. He can let the first connection alone and tam

Re: [tor-talk] How to pin the SSL certificate for torproject.org?

Thanks to Maxim Kammerer I have now the torproject.org SSL public key. Does anyone know how to sign a certificate, without having the private key or certificate signing request? One post [1] implicates it's possible, but I haven't found out how. If I get this working, I'll add step by step inst

Re: [tor-talk] How to pin the SSL certificate for torproject.org?

wrote: > On Fri, Jul 6, 2012 at 7:24 PM, wrote: > > I didn't even archive to get torproject.org's public key. That's what > I used. > > openssl s_client -showcerts -connect www.torproject.org:443 >/tmp/x.cert > > > > But it doesn't contain the begin public key block. I am not sure what > to use

Re: [tor-talk] How to pin the SSL certificate for torproject.org?

wrote: > On 6 July 2012 11:46, wrote: > > A malicious certificate for torproject.org has been given out at least > twice by broken certificate authorities. (Comodo, DigiNotar, who is next...) > > > > > To prevent that in future, I'd like to pin the SSL certificate's > > fingerprint. > How can t

[tor-talk] How to pin the SSL certificate for torproject.org?

A malicious certificate for torproject.org has been given out at least twice by broken certificate authorities. (Comodo, DigiNotar, who is next...) To prevent that in future, I'd like to pin the SSL certificate's fingerprint. How can that be done? Running an own local CA or is there an easier wa

Re: [tor-talk] TorBirdy 0.0.7 released - testing and feedback requested!

If you ever wanted to contribute something related to Tor, then TorBirdy is a good place to start because the project is relatively new. Therefore it's easy (from user's perspective) to learn everything about it and to stay up to date as it grows. Installation and usage is easy. The issue trac

Re: [tor-talk] [Need quick help] 30+ mbps node taken down by host

wrote: > and then maybe block i.e. exit to the > hotmail IPs, if it was sent via hotmail webinterface (to show them you > are doing something). Not sure if he is allowed to do that. [1] [...] BadExit - Never use as an exit node (for nodes that appear to mess with exit traffic) [...] What is a b

Re: [tor-talk] How to force redirect each application through separate SocksPorts? (preventing identity correlation)

> Once either method has been configured correctly and tested > it should work reliably until the environment changes. > > > I am working on an anonymous operating system (TorBOX [1]) and made > > > a modification to torsocks, called uwt [2]. > > > > Using uwt breaks down to "sudo ip=127.0.0.1 port

Re: [tor-talk] possible to identify tor user via hardware DRM?

wrote: > One of the defenses people have talked about against hardware > fingerprinting is running inside a virtual machine. Normally, > software inside the virtual machine, even if it's malicious, > doesn't learn much about the physical machine that hosts the VM. > If you always use Tor inside a

Re: [tor-talk] possible to identify tor user via hardware DRM?

wrote: > Similarly, having a GPS receiver in your phone does not mean that > everyone you send an SMS to or everyone you call will learn your > exact physical location. However, it does mean that if there's > spyware on your phone, that spyware is able to use the GPS to learn > your location and

Re: [tor-talk] How to force redirect each application through separate SocksPorts? (preventing identity correlation)

freebsd-lis...@fabiankeil.de wrote: > wrote: > > > wrote: > > > That's incorrect. Privoxy can change the forwarding settings based > on > > > tags: > > > > > > http://www.privoxy.org/user-manual/actions-file.html#CLIENT-HEADER-TAGGER > > > > > Excuse me, if I misunderstood. It doesn't look like a

Re: [tor-talk] How to route all connection through tor ?

baksh...@gmail.com wrote: > When using tor bundle what will be the setting in viladia > to route all connection through tor ? No, Vidalia does not claim that and can not do that. __ powered by Secure-Mail.biz - anonymous and secure e-mail accoun

Re: [tor-talk] Force VirtualBox through Tor on Windows XP Host?

wrote: > How can I force VirtualBox to only use Tor? > > Host OS: Windows XP SP3 > > Guest OS: Windows XP SP3 Short answer: Not recommend. Long answer: You can not simply torify VirtualBox with torsocks or so. Easiest thing to use two Virtual Machines. One works as a gateway, the other one as

Re: [tor-talk] How to force redirect each application through separate SocksPorts? (preventing identity correlation)

wrote: > Many applications, such as wget, apt-get, gpg, etc. do not speak socks, are > unlikely to speak socks anytime soon, but support http. > [...] > What other options left, to route, let's say, wget through port 9052, apt-get > through SocksPort 9053, gpg through SocksPort 9054 and so on? An

Re: [tor-talk] Repercussion from turning every Tor user into a hidden service?

wrote: > On 8/06/12 9:53 AM, Matthew Kaufman wrote: > > Great questions. And does hosting a hidden service exposé the machine > to > > penetration attacks? > Yes, if those services are vulnerable whether they're running as a Tor > service or not. > > The other concern is that hidden services expo

Re: [tor-talk] Repercussion from turning every Tor user into a hidden service?

wrote: > To quote the hidden service FAQ > , " If your > computer > isn't online all the time, your hidden service won't be either. This > leaks information to an observant adversary.", so yes. I don't think that applies here. 1. You do not publ

Re: [tor-talk] How to force redirect each application through separate SocksPorts? (preventing identity correlation)

wrote: > That's incorrect. Privoxy can change the forwarding settings based on tags: > > http://www.privoxy.org/user-manual/actions-file.html#CLIENT-HEADER-TAGGER Excuse me, if I misunderstood. It doesn't look like anyone done that ever before (and documented that online). And for that reason, i

[tor-talk] How to force redirect each application through separate SocksPorts? (preventing identity correlation)

Many applications, such as wget, apt-get, gpg, etc. do not speak socks, are unlikely to speak socks anytime soon, but support http. Privoxy or polipo are of no help. They provides only one http port, with the one big drawback: all http connections will be presses through the same SocksPort (ide

[tor-talk] Repercussion from turning every Tor user into a hidden service?

Would it stress the network too much, if everyone had a HiddenServicePort enabled? (For example, TBB or Tails were in the position to enable it for loads of users by default.) Would it improve the anonymity of people who really have hidden servers, if everyone had a hidden service running? Doe

Re: [tor-talk] IPv6

> Tomorrow (June 6) IPv6 is officially out there. And will still take years until most ISPs in most countries offer it. > What are the pros and cons of IPv6 regarding our privacy? Hosting bridges and relays will be easier, because less people are behind NAT. I hope for some more servers, there

Re: [tor-talk] How to Control middle Nodes?

> My test, based on windows, so for VoIP clients I use Phonerlite, it use > UDP. because of TOR is TCP based, I will use openvpn to transferring udp > > packet through TOR network. You should look around, if you can find a voice client supporting TCP. Tunneling Voip-UDP with OpenVPN over Tor-TCP

Re: [tor-talk] DNS and DNSSec Questions

> Hello, I have recently started using TOR and would like to understand and > clarify some doubts: > > > > My DNS doubts: > > 1) If I use Norton ConnectSafe for Home (the cloud-based DNS Web filtering > service); am I risking i) to loose my anonymity (i.e my IP, etc.) and/or > ii) to be totally sus

Re: [tor-talk] email over Tor / anonymity sets vs. source IPs (was: Torbutton-birdy version 0.0.2)

> >> I'd consider it as important to have all torbirdy "stable" > users > >> in one anonymity set as soon as there is a feature complete > >> stable version. I consider the current version as experimental. > > > > > Hrmm. Actually, if we can avoid revealing this anonymity set > > explicitly to mai

Re: [tor-talk] How to get browser after closing it ?

> How can I start the tor browser after closing it ? > villdila is still there but no option to start browser. https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO#UPDATEforTBBTorBrowserBundleusers https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/WebBrowsers#LeaveVidaliaRunn

[tor-talk] Tor 0.2.3 Alpha ready for redistributed projects?

Is it safe to use the Tor 0.2.3 Alpha in redistributed projects for regular use? (Such as Tails or TorBOX.) Or should the alpha branch only be touched by testers and developers? Tor Stable is already labeled as "experimental software" and "do not rely on it for strong anonymity". How much worse

Re: [tor-talk] apt-get over tor

My very first considerations... > What are the dangers of using apt-get over Tor? > > Is privoxy + Tor the safest way to go? I don't think so. > What attacks are possible? 1. Some are documented in the Torify HOWTO. [1] 2. Stale mirror attack. [2] 3. What kind of software you have installed. [

[tor-talk] Tor's stream isolation features defaults

We like to understand Tor's stream isolation features better. For those who don't know, they will be included in Tor 0.2.3 and are already available in the Tor Alpha 0.2.3. See https://www.torproject.org/docs/tor-manual-dev.html.en for more information on the following flags. The following ques

[tor-talk] anonymity: bridge users vs. entry guard users

If I understand correctly, a bridge will be used as the first of three hops. While users in non-censored areas can will use a certain amount of entry guards, users in censored areas get only three bridges per mail. The entry guard users are more unlikely to suffer from unstable (goes offline) e

[tor-talk] Technical Documentation for the TBB Update Notification Mechanism

I know Tor Button fetches https://check.torproject.org/RecommendedTBBVersions but I couldn't find check.torproject.org within the Tor Button source code. How Tor Button comes to its decision to display https://check.torproject.org/?lang=en-US&small=1&uptodate=0 ? The script start-only-torbrowse

Re: [tor-talk] Pittsburgh Bombing Threats and Mix-Master

Tell me if I am wrong, but I think it's not worth to bother with mixmaster, mixmion, remailing, etc. anymore. It's practically dead. Some remailing systems have been written by high profile people, some of them are now working on Tor. Due to high latency, remailers are theoretically more secure

[tor-talk] Tor Browser disabling Javascript anonymity set reduction [WAS: Basic questions ...]

https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled The FAQ entry is very questionable. "Disabling JavaScript by default, then allowing a few websites to run scripts, is especially bad for your anonymity: the set of websites which you allow to run scripts is very likely to uniquely i

Re: [tor-talk] Debian install: Only Tor networking?

> I am making Debian machine and want to allow only networking over Tor (secure > box with no leaks). > > How can I do this? https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy https://trac.torproject.org/projects/tor/wiki/doc/TorBOX ___

Re: [tor-talk] Tor to VPN to Internet = Bad. Why?

> Recently, I'd come across some chatter that suggested that connecting to > a VPN via TOR was not a good idea and, rather, the better idea was to connect > to a VPN that then used Tor. I've not found any articles on the net that > really discuss this issue. My concern stems from more of a curios

Re: [tor-talk] wget - secure?

If you want to to do thoroughly like Robert Ransom, it all comes back to this ticket. https://trac.torproject.org/projects/tor/ticket/5553 __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___

Re: [tor-talk] Recommended method for routing all traffic through Tor on a GNU/Linux distro

> Hi! I've got tor exit relay running on a dedicated host! About to upgrade > > it in a week too! High five to everyone making this project a reality. Thanks for hosting an exit relay. > I'm > wanting all my apps on my desktop to use tor, what is the recommended > method? > polipo or privoxy + to

Re: [tor-talk] Restarting Firefox

> We make an assumption that if you are running some sort of > unix, you > can handle your package management system, or compile from source, > and > edit the torrc file. No good assumption. Using unix doesn't make you a geek. Ubuntu is one of the most widespread AND newbie friendly distribution.

Re: [tor-talk] Restarting Firefox

I don't think that's a clean and easy solution. Your tool laying around on some third party server and barely anyone being aware and using it. Possible solutions: - As a intermediate fix: Simply change the Windows behavior, not to close Vidalia/Tor when Firefox is terminated. (Like already on Li

Re: [tor-talk] Restarting Firefox

> I'm sorry because I haven't read the entire conversation up until now, but > > if people are using Ubuntu, what is stopping them from doing > sudo apt-get > install tor; Will conflict with Tor Browser Bundle. (SocksPort on same port.) > configuring relaying in torrc Vidalia was made for

Re: [tor-talk] Restarting Firefox

> The only safe way to start TBB is to run 'start-tor-browser'. Any > other > method will cause TBB to be in some odd state. Can you expand this please? Odd state in sense of no functionality or negative implications on anonymity? __ powered

Re: [tor-talk] Restarting Firefox

It is really weird, that Vidalia closes by default, when you close Firefox. There is no option to change that. It does not make sense, if people are expected, to enable contributing to the Tor network using Vidalia. No one can be expected to leave Firefox running 24/7. Do we have a ticket about

Re: [tor-talk] problem with cache preferences in TBB

> Hi > the IP anonymity test at http://ip-check.info/ suggests that > browser.cache.memory.enable > should be set to 'false'. in TBB from > about:config I set it to false but > on every restart it is set again to > 'true' (however this is not the case > for browser.cache.disk.enable > which is also

Re: [tor-talk] Designing a secure "Tor box" for safe web browsing?

> Wow, TorBOX? Does that exist yet? Yes. https://trac.torproject.org/projects/tor/wiki/doc/TorBOX > What is the fastest > VM?  VMware is fastest. From my experience... (> means faster than) VMware (fastest) > VirtualBox > Qemu > Bochs (slowest) Untested: KVM, Xen We choose VirtualBox, for rea

Re: [tor-talk] access sites

> In that case I would expect an > appropriate subsection on the Tor users > page, provisionally titled “Stoners > use Tor” — perhaps with the guy > from the bottom half of the following image > as a thumbnail: > http://imgfave.com/view/1134647. Let's assume for one moment, they make a notable fra

Re: [tor-talk] access sites

> The Tor Project site has a rather pathetic (although quite extensive > > and doubtless useful for propaganda purposes) "Who Uses Tor?" section > > [1], a typical example of what I would call “Western sanctimony”. > I > wonder > whether anyone ever attempted to gather some actual > representative

Re: [tor-talk] Designing a secure "Tor box" for safe web browsing?

> I should also mention here that I never got an answer > on this list > about whether Tor is actually designed to withstand active attacks > > from within the client. It could be that running everything inside a > VM doesn't > even help against discovering the externally exposed IP of > an exploit

Re: [tor-talk] Designing a secure "Tor box" for safe web browsing?

Can TorBOX be of any help for your plans? > Because, > while people can run Tails in a VM by themselves already, > doing this certainly > does not give them the same benefits as an > integrated, pre-configured "Live > amnesic host OS + Tor routing VM + > desktop VM" Tails would: Alternative you c

Re: [tor-talk] Tor forum [WAS: Server/host for Tor forum in Iceland or Norway?]

> Hello Proper > > > >> On Fri, March 30, Jef Heri > wrote: > >> Hello list, > >> > >> I am interested in setting > up a small Tor centric > >> message board. > > > On Sat, 3/31/12, pro...@secure-mail.biz > wrote: > &

Re: [tor-talk] Server/host for Tor forum in Iceland or Norway?

> Hello list, > > I am interested in setting up a small Tor centric message board. Nice. You may be interested to report your plans and progress in the Tor trac. https://trac.torproject.org/projects/tor/ticket/3592 Will you allow guest postings? _

Re: [tor-talk] obfsproxy

> > I haven't > seen any ticket for creating a .deb package. > > Perhaps obfsproxy should > also be added to the > > torproject.org repository? > > obfsproxy is in Debian > experimental: > http://packages.qa.debian.org/o/obfsproxy.html That was fast. Thanks for sharing! __

Re: [tor-talk] obfsproxy

> Hi, > > is there any deb package or Ubuntu PPA repository for obfsproxy? > > If > not - are there any plans for that? > > Regards, > > Matej Although compiling obfsproxy is as easy as it could be, I asked that questions myself. https://trac.torproject.org/projects/tor/query?status=accepted&stat

Re: [tor-talk] TorRouter - kickstarter

Thanks Andrew for the detailed answer! > We're pondering kickstarter as well as a for-profit I didn't know that page. Looks very well.. http://www.kickstarter.com That sounds like very reasonable plan. FreedomBox had a lot success using kickstarter. In a very short time they got loads of money

[tor-talk] Status/progress of TorRouter?

What is the status of TorRouter? Any progress on the project? I've been monitoring the active trac tickets and wiki sites. There are no changes since a long time. Is the progress behind closed doors? What is up with that project? Became it to big, unmaintainable, time-consuming? Or what are the

Re: [tor-talk] Designing a secure "Tor box" for safe web browsing?

> I'm curious about what resources > proved to be limiting during your > experiments, and what "too demanding" > means in your usecases. > Knowing these figures would make this report useful, > to a degree, to > draw conclusions for other usecases. Quoted from http://dee.su/liberte "Moreover, some

Re: [tor-talk] TOR bridge mailing list

> Since I was not able to find a place to share tor bridges, I created a > place... > or rather a mailing list: > https://lists.riseup.net/www/info/torbridges > > If > you or people you know are interested in obtaining bridges or > disseminating > them, this would be a good list to be on. The idea

Re: [tor-talk] Azureus cannot work with Tor

> On 22 March 2012 12:15, Robert Ransom wrote: > > > On 2012-03-22, Michael Holzman wrote: > >> > Greetings, > >> > >> I'm a newbie trying to setup a working Azureus > (aka Vuze)-Tor pair. > >> Unfortunately,I cannot achieve that. Reading > the documentation and searching > >> the Internet did no

Re: [tor-talk] A "paranoid" question

> It wouldn't really matter even if they are, would it? If they happen to control all three servers, it does really matter, then it's game over. There is a lot information about tor related attacks. Interesting read: https://blog.torproject.org/blog/one-cell-enough or google for the many papers

Re: [tor-talk] How to contribute / takeover a sub project?

> On Tue, Mar 6, 2012 at 6:27 PM, wrote: > > > ... What I mean by taking over is, when you go on torproject.org, you see > "Our Projects"... > > note that Tor VM is not on that page. ("taking > over" Tor VM would not > grant you a spot ;) There are only spots for projects which are already in pr

Re: [tor-talk] How to contribute / takeover a sub project?

> > I am interested in overtaking the project TorVM. > > I'm not sure what > you mean by 'taking over' the project. Besides > having a copy of the source > archived in svn we aren't associated with > it. What I mean by taking over is, when you go on torproject.org, you see "Our Projects"... Addit

Re: [tor-talk] How to contribute / takeover a sub project?

> On Tue, Mar 6, 2012 at 5:37 PM, wrote: > > > ... Nowadays VirtualBox is fully Open Source. It was not in past, but now > it is. There is a closed source extension package for VirtualBox with stuff > like rdp, but that is not required. We use only the Open Source edition which > is available for

Re: [tor-talk] How to contribute / takeover a sub project?

> On Tue, Mar 06, 2012 at 08:01:36PM +0100, pro...@secure-mail.biz wrote 1.2K > bytes in 19 lines about: > : Please tell me the requirements for overtaking > the project. > > Generally, commit code. That's what we done. Everything is Open Source and documented. ___

Re: [tor-talk] How to contribute / takeover a sub project?

I am delighted that you as one of the original TorVM developers, is answering this thread. If you are still interested in this project, you are invited to join us. > > My project, TorBOX [4] offers the already > same functionality. > > not quite; some differences that drove the original > Tor VM

[tor-talk] How to contribute / takeover a sub project?

I am interested in overtaking the project TorVM. [1] [2] [3] TorVM has been abandoned by it's original authors, no more development and discussions are going on for years. My project, TorBOX [4] offers the already same functionality. And it offers even more. Almost all key features are ready an

Re: [tor-talk] Tor and HTTPS graphic

Nice, I like it very much. It also demonstrates the need for DNSCrypt, then "site.com" would also disappear from a few places. Can you release the source code for the demonstration? That would allow other to build up on your work. Other things like DNSCrypt, distributed DNS, alternative web of

Re: [tor-talk] Awareness for identity correlation through circuit sharing is almost zero.

> > Also tails, which is listed on torproject.org, uses only one > SocksPort [4] > > and mixed all activity into the same SocksPort. > > Using > multiple SocksPorts from the same Tor client only helps if you > are using > Tor 0.2.3.x-alpha, which introduced 'stream isolation'. (I > don't think 0.

Re: [tor-talk] Awareness for identity correlation through circuit sharing is almost zero.

Thanks for your answer. It's immensely helpful. > Everyone who suggests using BitTorrent over Tor is pointed > to > https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea , > > which mentions that issue. It should be more visible. Perhaps you > could > send a patch to add it to the

[tor-talk] Awareness for identity correlation through circuit sharing is almost zero.

The users awareness for identity correlation through circuit sharing [0] is almost zero. There should be more clear warnings about it on torproject.org. People are frequently told to extensively use Google. They do so and will be affected. If you google the term [1] you will see that it has been

Re: [tor-talk] TBB Users: We Need New Directions on Torifying Software! Solution Required! (Still not solved, month #3)

> This is a repost of important question NOT solved within the last two months. > > > This is my second attempt today to send this message. Is it being deleted > > by moderation because I don't think that is the case. Forget about tormail. I also left them. It's too often not online and in meanwh

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

> On Sat, 03 Mar 2012 15:00:51 +, Maxim Kammerer wrote: > > On Sat, Mar > 3, 2012 at 10:33, wrote: > > > The transparently > proxied operating system does not know it's real external IP, only it's Tor > exit IP. And can therefore never leak it's real external IP. > > > > I > see this claim ma

[tor-talk] Obtain real IP behind Tor transparent proxy; was: Operating system updates / software installation behind Tor Transparent Proxy

>> The transparently proxied operating system does not know it's real external > IP, only it's Tor exit IP. And can therefore never leak it's real external > IP. > > I see this claim made all the time — is it actually true? Is Tor > designed > to withstand active attacks where Torified application

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

--- Ursprüngliche Nachricht --- Von: grarpamp Datum: 02.03.2012 07:45:20 An: tor-talk@lists.torproject.org Betreff: Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy > On Thu, Mar 1, 2012 at 11:31 PM, Andrew Lewman > wrote: > > bittorrent trackers ar

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

> > I'm more > worried about the risks to user anonymity. It sucks to be > the user reading > about some sensitive subject when your apt cron job > decides to poke every > package source you install from. “Oh, that guy > who keeps reading about Foozer's > Disease must be in the > Antarctica/McMu

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

> But apt uses GPG > (run with (necessarily) root privileges) to verify > the files it downloads. > Sucks to be a Debian user when someone finds > another code-exec bug in GPG's > parsing code. Indeed. Encrypted updates would be handy. I support http://brainstorm.ubuntu.com/idea/26541/. > > Or

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

Ok, thanks for your reply! __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/lis

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

> "proper proper" writes: > > [...] > > >> > You can easily do so by separating traffic at user level (root vs. regular > users). Why do we need a special package for such a simple task? > > > > > That's not possible. Everything behind th

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

--- Ursprüngliche Nachricht --- Von: Moritz Bartl Datum: 02.03.2012 01:27:58 An: tor-talk@lists.torproject.org Betreff: Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy > On 02.03.2012 00:12, proper proper wrote: > > You ask the user n

Re: [tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

> "proper proper" writes: > > > I > was told, to ask this question here. [3] > > > > Tor's transparent proxy > feature is at the moment a bit complicated to take > > advantage off and > therefore unpopular. That might change in the future,

[tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

on that transparent > proxying is not recommended -- automatic update installers are likely to leak information about the software they are trying to update, whether due to malicious design or due to lack of consideration for users' location privacy. proper: This is the reason why we

[tor-talk] bridges - higher risks for hidden services?

Is it still advisable for users of bridges to host hidden services? Especially for private obfuscated bridges. The bridge users have only a limited number of non-blocked bridge IP addresses. And if the bridge is compromised, isn't the the risk for de-anonymizing the hidden service higher? __

[tor-talk] bridges: stenography to hide Tor traffic

>From the FAQ https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#YoushouldusesteganographytohideTortraffic. "First, in the current network topology, the Tor relays list is public and can be accessed by attackers. An attacker who wants to detect or block anonymous users could always just notic

  1   2   >