Re: [tor-talk] FBI cracked Tor security

Hi, Mirimir: Why do trusting users get blamed? Victim blaming XD Wordlife, Spencer -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/25/2016 07:31 PM, Tempest wrote: > Jonathan Wilkes: >> And here we have a respondent who does a complete 180 on the >> constraints. Claiming that "mum" just needs to "invest the time" >> is to do exactly the opposite of what Haroon was

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jonathan Wilkes: > And here we have a respondent who does a complete 180 on the > constraints. Claiming that "mum" just needs to "invest the time" is > to do exactly the opposite of what Haroon was implying. Now it's > not the software that should

Re: [tor-talk] FBI cracked Tor security

Hello , i have exposed some pedofiles (i helped friends trace em) and in my experience pedofiles doesnt have much security, in 4/5cases i got them to go in to a website i owned and they did that and i loged ip hostname etc and only one use a vpn, anyhow like alot of ppl is saying the server

Re: [tor-talk] FBI cracked Tor security

> However, if one's mum is willing to invest the time, they'll more than likely install the system successfully. Jon,If Haroon's simplification were to make sense to an audience of people who aren't UX experts, it would be trivial to understand the constraints.  For example, if I say, "explain

Re: [tor-talk] FBI cracked Tor security

On 7/19/16, Mirimir wrote: > I doubt that they hire anons :( US IRS rules prevent that to such degree that any btc anons get beyond trivial limits will not be coming from the audited corporate wallet. While tor may be hodling legacy btc, donations are currently going via

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Jon Tullett: > It is, you know. More complex, and probably not suitable. > > Haroon Meer, who I greatly respect in the security space, describes > UX complexity in terms of his mum. As in, "could my mum do this?" > and if the answer is no, it's too

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/19/2016 04:18 AM, Jon Tullett wrote: > On 19 July 2016 at 12:01, Mirimir wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 07/19/2016 03:50 AM, Jon Tullett wrote: >>> On 19 July 2016 at 08:31, Mirimir

Re: [tor-talk] FBI cracked Tor security

On 19 July 2016 at 12:01, Mirimir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/19/2016 03:50 AM, Jon Tullett wrote: >> On 19 July 2016 at 08:31, Mirimir wrote: >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >>> >>> On 07/18/2016

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/19/2016 03:50 AM, Jon Tullett wrote: > On 19 July 2016 at 08:31, Mirimir wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 07/18/2016 07:08 PM, Jon Tullett wrote: >>> On 18 July 2016 at 16:17, Mirimir

Re: [tor-talk] FBI cracked Tor security

On 19 July 2016 at 08:31, Mirimir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/18/2016 07:08 PM, Jon Tullett wrote: >> On 18 July 2016 at 16:17, Mirimir wrote: >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >>> A few years ago, I

Re: [tor-talk] FBI cracked Tor security

On 7/19/16, Mirimir wrote: > Well, given what we know of TLA capabilities, what Tor Project says at > is tantamount to false advertising: > > | Anonymity Online > | > | Protect your privacy. Defend yourself against network surveillance > | and

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/19/2016 12:02 AM, grarpamp wrote: > On 7/18/16, Mirimir wrote: >> Anyway, what does Tor Project gain by not mentioning Whonix? > > That's a bit sideways, but in the interest of sideways eventually > moving forward... I'd

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2016 07:14 PM, Jon Tullett wrote: > On 18 July 2016 at 18:15, Spencer > wrote: >> Hi, >> >>> >>> Jon Tullett: you just asked a user to conduct a risk analysis. >>> >> >> Who else should do it, someone less

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2016 07:08 PM, Jon Tullett wrote: > On 18 July 2016 at 16:17, Mirimir wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 07/18/2016 07:33 AM, Jon Tullett wrote: >>> On 18 July 2016 at 14:57, Mirimir

Re: [tor-talk] FBI cracked Tor security

On 7/18/16, Mirimir wrote: > Anyway, what does Tor Project gain by not mentioning Whonix? That's a bit sideways, but in the interest of sideways eventually moving forward... 1) Funding of sorts, which spreads around, to develop TBB, a sizable prioject, to do decent things a

Re: [tor-talk] FBI cracked Tor security

On 18 July 2016 at 18:15, Spencer wrote: > Hi, > >> >> Jon Tullett: >> you just asked a user to conduct a risk analysis. >> > > Who else should do it, someone less contextualized to their context? Context matters. Mirimir was asking for what amounts to a very complex

Re: [tor-talk] FBI cracked Tor security

On 18 July 2016 at 16:17, Mirimir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/18/2016 07:33 AM, Jon Tullett wrote: >> On 18 July 2016 at 14:57, Mirimir wrote: >>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >>> >>> On 07/18/2016

Re: [tor-talk] FBI cracked Tor security

Hi, Jon Tullett: you just asked a user to conduct a risk analysis. Who else should do it, someone less contextualized to their context? CIOs can't do an accurate risk assessment Sux 4 them XD Wordlife, Spencer -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2016 07:33 AM, Jon Tullett wrote: > On 18 July 2016 at 14:57, Mirimir wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 07/18/2016 06:11 AM, Jon Tullett wrote: >> >>> Haroon Meer, who I greatly respect in

Re: [tor-talk] FBI cracked Tor security

On 18 July 2016 at 14:57, Mirimir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/18/2016 06:11 AM, Jon Tullett wrote: > >> Haroon Meer, who I greatly respect in the security space, describes >> UX complexity in terms of his mum. As in, "could my mum do

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/18/2016 06:11 AM, Jon Tullett wrote: > On 17 July 2016 at 05:11, Mirimir wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 07/16/2016 08:21 PM, Jonathan Wilkes wrote: I'm hardly asking for perfection.

Re: [tor-talk] FBI cracked Tor security

On 17 July 2016 at 05:11, Mirimir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/16/2016 08:21 PM, Jonathan Wilkes wrote: >>> I'm hardly asking for perfection. Just a little heads up for the >>> sheep. >> You're unwilling to even describe non-technical

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/17/2016 09:58 AM, Jonathan Wilkes wrote: >> OK, they're naive and trusting. For which "sheep" is common >> metaphor. > > Meaning that, for TBB, they're going to click the big "Download" > button that probably is automatically linked to the

Re: [tor-talk] FBI cracked Tor security

> OK, they're naive and trusting. For which "sheep" is common metaphor. Meaning that, for TBB, they're going to click the big "Download" button that probably is automatically linked to the binary for the OS detected by js on the Tor download page. So:1. Click the big "Download" button to

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/16/2016 08:21 PM, Jonathan Wilkes wrote: >> I'm hardly asking for perfection. Just a little heads up for the >> sheep. > You're unwilling to even describe non-technical users as human > beings, yet you want Tor to suggest a vastly more complex >

Re: [tor-talk] FBI cracked Tor security

> I'm hardly asking for perfection. Just a little heads up for the sheep. You're unwilling to even describe non-technical users as human beings, yet you want Tor to suggest a vastly more complex alternative for them? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/16/2016 06:00 AM, Jon Tullett wrote: > On 14 July 2016 at 10:41, Mirimir wrote: > >> There is an aspect of visiting hostile onion sites that's >> especially problematic: forcing direct clearnet connections that >> reveal

Re: [tor-talk] FBI cracked Tor security

On 16 July 2016 at 01:46, Joe Btfsplk wrote: > On 7/15/2016 12:34 AM, Jon Tullett wrote: >> >> On 15 July 2016 at 01:23, Joe Btfsplk wrote: >>> >>> You're not really suggesting that users under hostile dictatorships or >>> ones >>> trying to expose

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 10:41, Mirimir wrote: > There is an aspect of visiting hostile onion sites that's especially > problematic: forcing direct clearnet connections that reveal users' > ISP-assigned IP addresses. It's irresponsible to continue recommending > only vulnerable

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/15/2016 05:46 PM, Joe Btfsplk wrote: > Many of things mentioned in "what else you need to remain > anonymous" type articles - don't use Flash, plugins, file sharing, > etc., are easy. It's all the other things that can go, or are, > wrong

Re: [tor-talk] FBI cracked Tor security

On 7/15/2016 12:34 AM, Jon Tullett wrote: On 15 July 2016 at 01:23, Joe Btfsplk wrote: On 7/14/2016 2:34 PM, Jon Tullett wrote: Thanks Jon. I agree w/ most that you said. Again, semantics. Whether they cracked Tor or Tor Browser won't change if the brutal dictator has

Re: [tor-talk] FBI cracked Tor security

On 15 July 2016 at 05:36, Mirimir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/14/2016 01:34 PM, Jon Tullett wrote: >> If a law enforcement agency cracked Tor, it would be a very >> significant development indeed. The same agency using browser >>

Re: [tor-talk] FBI cracked Tor security

On 15 July 2016 at 01:23, Joe Btfsplk wrote: > On 7/14/2016 2:34 PM, Jon Tullett wrote: >>> >>> 2. Aren't statements (from anyone) like, "... generally crack the >>> servers >>> hosting the illicit material, not Tor itself," sort of a matter of >>> semantics? >> >> Depends on

Re: [tor-talk] FBI cracked Tor security

On 15 July 2016 at 00:07, krishna e bera wrote: >> Should add that users with NoScript enabled would not have been >> vulnerable - I get the "noscript decreases privacy" argument, but I'd >> still kinda like it to be on by default to protect users. Maybe with a >> big red

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/14/2016 01:34 PM, Jon Tullett wrote: > On 14 July 2016 at 21:17, Joe Btfsplk wrote: >> On 7/14/2016 1:23 AM, Jon Tullett wrote: >> 2. Aren't statements (from anyone) like, "... generally crack >> the servers hosting the

Re: [tor-talk] FBI cracked Tor security

Law enforcement agencies exaggerate and lie publicly in order to mislead people, such as unidentified suspects or to weed out claimants to notorious crimes who didn't really do it (there are quite a few), but the recent news report appeared, as I recall, to be based on a court or other official

Re: [tor-talk] FBI cracked Tor security

On 7/14/2016 2:34 PM, Jon Tullett wrote: 2. Aren't statements (from anyone) like, "... generally crack the servers hosting the illicit material, not Tor itself," sort of a matter of semantics? Depends on the context, I guess. To the user, maybe, but in the context of this (Tor) community, the

Re: [tor-talk] FBI cracked Tor security

> Should add that users with NoScript enabled would not have been > vulnerable - I get the "noscript decreases privacy" argument, but I'd > still kinda like it to be on by default to protect users. Maybe with a > big red "Turn on Javascript because I'm happy to get pwned by > malicious ads, FBI

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 21:17, Joe Btfsplk wrote: > On 7/14/2016 1:23 AM, Jon Tullett wrote: >> >> >> I think what you'll find in such cases is that the FBI generally crack >> the servers hosting the illicit material, not Tor itself. >> > 1. Wasn't this discussed back when it

Re: [tor-talk] FBI cracked Tor security

On 7/14/2016 1:23 AM, Jon Tullett wrote: I think what you'll find in such cases is that the FBI generally crack the servers hosting the illicit material, not Tor itself. 1. Wasn't this discussed back when it occurred? As to how they did (or likely did) identify the Tor / Tor Browser users

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 12:52, wrote: > On 14.07.16 09:23, Jon Tullett wrote: >> >> On 14 July 2016 at 01:51, Nick Levinson wrote: >>> >>> The FBI reportedly cracked Tor's security to crack a child porn case with >>> over 100 arrests of Tor users. >> >> I

Re: [tor-talk] FBI cracked Tor security

On 14.07.16 09:23, Jon Tullett wrote: On 14 July 2016 at 01:51, Nick Levinson wrote: The FBI reportedly cracked Tor's security to crack a child porn case with over 100 arrests of Tor users. I think what you'll find in such cases is that the FBI generally crack the

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/14/2016 01:38 AM, Jon Tullett wrote: > On 14 July 2016 at 08:37, Mirimir wrote: > >> On 07/14/2016 12:23 AM, Jon Tullett wrote: > >>> Having pwned the server, a malware component is then injected >>> to visiting computers.

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 08:37, Mirimir wrote: > On 07/14/2016 12:23 AM, Jon Tullett wrote: >> Having pwned the server, a malware component is then injected to >> visiting computers. Ie: when the criminal visits the infected >> site, his PC is infected (over that encrypted,

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/14/2016 12:23 AM, Jon Tullett wrote: > On 14 July 2016 at 01:51, Nick Levinson > wrote: >> The FBI reportedly cracked Tor's security to crack a child porn >> case with over 100 arrests of Tor users. > > I think what

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 01:51, Nick Levinson wrote: > The FBI reportedly cracked Tor's security to crack a child porn case with > over 100 arrests of Tor users. I think what you'll find in such cases is that the FBI generally crack the servers hosting the illicit material,

Re: [tor-talk] FBI cracked Tor security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/13/2016 06:28 PM, Karsten N. wrote: > > > Am 14.07.2016 um 02:02 schrieb Sci Fith: >> Sources? Links? Otherwise why conjecture & possibilities? > > 2013 FBI and Freedom Hosting: > http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/

Re: [tor-talk] FBI cracked Tor security

Am 14.07.2016 um 02:02 schrieb Sci Fith: > Sources? Links? Otherwise why conjecture & possibilities? 2013 FBI and Freedom Hosting: http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/ 2015 FBI operation "Playpen"

Re: [tor-talk] FBI cracked Tor security

Sources? Links? Otherwise why conjecture & possibilities? > On Jul 13, 2016, at 7:51 PM, Nick Levinson wrote: > > The FBI reportedly cracked Tor's security to crack a child porn case with > over 100 arrests of Tor users. I don't know how the FBI did it, and that's a >

[tor-talk] FBI cracked Tor security

The FBI reportedly cracked Tor's security to crack a child porn case with over 100 arrests of Tor users. I don't know how the FBI did it, and that's a good type of case for which to do it, but, considering that legitimate users need to evade high-end intelligence agencies that may be as skilled