Re: Google language turns depending on tor node...
On Sat, 19 Jun 2010 19:52:56 +0530 emigrant wrote: > when i give a keyword to search, in most cases, i get results in > languages i cannot read. > is there any way to keep it always to english? There is a fine FAQ answer for this: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhydoesGoogleshowupinforeignlanguages -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Rogue exit nodes - checking?
Hello, yes, there is a way how to detect corrupted/malicious node. I wrote Tor exit node scanner with some advanced techniques (for example clustering or source tree analysis) as my thesis last year. During debugging and testing I checked all exit nodes with many common pages (google, few news pages etc) but did not found anything critical (except bug #779 which is fixed now). If there is a demand, I'm able to publish my scanner as hidden service in some way (at this time, it does not have any WUI). Unfortunately I cannot publish source codes because attackers can adapt own techniques (though it would be very difficult). My Tor scanner also consume many resources of Tor network because need to download given link from all or almost all exit nodes. Marek On Sat, Jun 19, 2010 at 11:20 PM, Matthew wrote: > This is especially dangerous if you are using Yahoo Mail, because evenif you > trust the person who sent you the document, your attachment will be > downloaded in plaintext (via http, not https). This means that the exit node > you use can replace or alter your document to unmask you (or worse, exploit > your document reader and run arbitrary code). > > > I am curious to know if there is a way of identifying "bad" exit nodes? Do > people who are more technical than me (not hard!) somehow search for exit > nodes with interesting configurations? Or, unless you use StrictExitNodes > and are confident of the honesty of the operator, are you simply hoping the > exit node owner is benign? > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ > *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Rogue exit nodes - checking?
This is especially dangerous if you are using Yahoo Mail, because evenif you trust the person who sent you the document, your attachment will be downloaded in plaintext (via http, not https). This means that the exit node you use can replace or alter your document to unmask you (or worse, exploit your document reader and run arbitrary code). I am curious to know if there is a way of identifying "bad" exit nodes? Do people who are more technical than me (not hard!) somehow search for exit nodes with interesting configurations? Or, unless you use StrictExitNodes and are confident of the honesty of the operator, are you simply hoping the exit node owner is benign? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
You could set "StrictExitNodes 1" in your .torrc file with a series of exit servers that are based in countries where English is the first language (USA, Canada, UK, Ireland, Australia, etc). That way all results will be in English. emigrant wrote: when i give a keyword to search, in most cases, i get results in languages i cannot read. is there any way to keep it always to english? thank you very much. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor Extension possible for Safari, others ?
Hi, With the recently released of Safari 5, its now possible to write extensions in HTML / CSS. It would be nice to know whether the browser API exposed by Apple is capable of allowing / exposing the Browser requests to a Socks Proxy (for Tor). Ie like FoxyProxy, TorButton etc does for Firefox. Similarly, it would be nice to know if Chrome or other browsers may be capable of this? Best regards dreamcat4 dreamc...@gmail.com *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
On Sat, 2010-06-19 at 10:59 -0400, Aplin, Justin M wrote: > On 6/19/2010 10:22 AM, emigrant wrote: > > when i give a keyword to search, in most cases, i get results in > > languages i cannot read. > > is there any way to keep it always to english? > > > > There are many ways to do this listed in the FAQ. Please see: > https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhydoesGoogleshowupinforeignlanguages > > ~Justin Aplin > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ THANK YOU ALL FOR THE TIPS :) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
Le Sat, 19 Jun 2010 16:24:39 +0200, "Runa A. Sandvik" a écrit : > On Sat, Jun 19, 2010 at 4:22 PM, emigrant > wrote: > > when i give a keyword to search, in most cases, i get results in > > languages i cannot read. > > is there any way to keep it always to english? > > Well, you could always go to google.co.uk. > A solution are to use www.scoogle.org ( with ssl possible) and just select the languages you want in scroogle site ;) Best Regards SwissTor *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
On Sat, Jun 19, 2010 at 07:52:56PM +0530, emigrant wrote: > when i give a keyword to search, in most cases, i get results in > languages i cannot read. > is there any way to keep it always to english? > > thank you very much. Make http://google.com/ncr your home page. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
On 6/19/2010 10:22 AM, emigrant wrote: when i give a keyword to search, in most cases, i get results in languages i cannot read. is there any way to keep it always to english? There are many ways to do this listed in the FAQ. Please see: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhydoesGoogleshowupinforeignlanguages ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading attachments with Tor - is this secure?
Thank you all for this advice - I'm pleased that my question was not so basic. I was not using Torbutton. However, I had previously used www.decloak.net and it could not get my real IP. I tried www.decloak.net again and I am still anonymous. The reasons are (even in the absence of Torbutton) because I have no plugins functioning (e.g. Flash is off). Also, no Java (JavaScript is on). When www.decloak.net asks me to download a Word document (although I am using OpenOffice under Ubuntu so not the "normal" Word) irrespective of whether I open the document or save it then open it, www.decloak.net cannot get my IP. When I expand the little icon in OpenOffice Writer (which starts http://) the IP address is that of the Tor exit node (for testing I am using StrictExitNodes so I know what my Tor IP is). However, I am going to start using Torbutton. Thanks again. Aplin, Justin M wrote: Yes, if you use Torbutton, the attachment itself will be downloaded only via Tor. I believe this is the short answer to your question, though everything else Mike said is good to keep in mind as well, especially in situations where paranoia is appropriate. This is especially dangerous if you are using Yahoo Mail, because even if you trust the person who sent you the document, your attachment will be downloaded in plaintext (via http, not https). Watch out for this. Yahoo's *login* page for webmail and other services may be HTTPS, but this reverts to plain HTTP once you're actually viewing your mail and downloading attachments. A simple solution for secure webmail at the moment is using Gmail and the new Firefox addon "HTTPS-Everywhere" available from https://www.eff.org/https-everywhere . This addon is *NOT* magic, as it only works with the particular list of websites available on its option page, but making sure "Google Services" is checked in it's options will allow all Gmail connections (including downloading attachments) to happen over HTTPS. ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
On 2010-06-19 16:22, emigrant wrote: > when i give a keyword to search, in most cases, i get results in > languages i cannot read. > is there any way to keep it always to english? I prefer: https://ssl.scroogle.org/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
On Sat, Jun 19, 2010 at 4:22 PM, emigrant wrote: > when i give a keyword to search, in most cases, i get results in > languages i cannot read. > is there any way to keep it always to english? Well, you could always go to google.co.uk. -- Runa A. Sandvik *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Google language turns depending on tor node...
when i give a keyword to search, in most cases, i get results in languages i cannot read. is there any way to keep it always to english? thank you very much. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading attachments with Tor - is this secure?
Yes, if you use Torbutton, the attachment itself will be downloaded only via Tor. I believe this is the short answer to your question, though everything else Mike said is good to keep in mind as well, especially in situations where paranoia is appropriate. This is especially dangerous if you are using Yahoo Mail, because even if you trust the person who sent you the document, your attachment will be downloaded in plaintext (via http, not https). Watch out for this. Yahoo's *login* page for webmail and other services may be HTTPS, but this reverts to plain HTTP once you're actually viewing your mail and downloading attachments. A simple solution for secure webmail at the moment is using Gmail and the new Firefox addon "HTTPS-Everywhere" available from https://www.eff.org/https-everywhere . This addon is *NOT* magic, as it only works with the particular list of websites available on its option page, but making sure "Google Services" is checked in it's options will allow all Gmail connections (including downloading attachments) to happen over HTTPS. ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor-ramdisk 20100618 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi everyone I want to announce to the list that a new release of tor-ramdisk is out. Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhenced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP. Changelog: Tor was upgraded to 0.2.26, busybox to 1.16.1 and the kernel to 2.6.32.15 plus Gentoo's hardened-patches-2.6.32-12 for the i686 and x86_64 ports. i686: Homepage: http://opensource.dyc.edu/tor-ramdisk Download: http://opensource.dyc.edu/tor-ramdisk-downloads x86_64: Homepage: http://opensource.dyc.edu/tor-x86_64-ramdisk Download: http://opensource.dyc.edu/tor-x86_64-ramdisk-downloads MIPS: Homepage: http://opensource.dyc.edu/tor-mips-ramdisk Download: http://opensource.dyc.edu/tor-mips-ramdisk-downloads - -- Anthony G. Basile, Ph. D. Chair of Information Technology D'Youville College Buffalo, NY 14201 (716) 829-8197 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwcqGgACgkQl5yvQNBFVTXhiACfR1KFNS1bh842SRtWSgeAwzUQ qqYAnRPCeooAs4TIQ1pJnqLrrLmgBTEn =hiBN -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading attachments with Tor - is this secure?
Thus spake Matthew (pump...@cotse.net): > When you are go into for example Yahoo webmail (without Tor) and > download an attachment (say a Word document or a photo) then your > browser asks you where on your hard drive you wish to save that > attachment. > > Then do the same thing using Tor (and Polipo). > > I assume the attachment downloads from Yahoo Mail (or whatever) through > the three Tor nodes before being unencrypted at the final node and then > is downloaded to my computer. In other words: the attachment (or for > that matter any file downloaded in the same way) is never downloaded > "outside" the Tor system - that is directly from the website to me > bypassing the Tor nodes? Yes, if you use Torbutton, the attachment itself will be downloaded only via Tor. If you do not use Torbutton, your browser may autolaunch a plugin or helper application to download the attachment and display it, which may *not* happen via Tor. See https://www.torproject.org/torbutton/design/#SingleStateTesting for example exploits against non-Torbutton users. Also, when you open your attachment after downloading it (either via Tor or not), the program that opens it may be induced into making a network connection outside of Tor. For example, .doc files, .pdf files, .torrent files, and many many others can reference images, urls, IP addresses, and other content from the Internet, which causes the application that opened them to connect to a server outside of Tor. This is especially dangerous if you are using Yahoo Mail, because even if you trust the person who sent you the document, your attachment will be downloaded in plaintext (via http, not https). This means that the exit node you use can replace or alter your document to unmask you (or worse, exploit your document reader and run arbitrary code). If you need to view these documents in a safe way, your best bet is to use VirtualBox or some other virtualization software to run a VM that you can disconnect from the network while you view the file, and roll back to a safe snapshot after you have viewed the file. Torbutton has a warning to attempt to explain all of this when you download documents handled by external applications, but it is a lot to get across in such a small amount of space. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgp1RM2E0FR8T.pgp Description: PGP signature
Re: Downloading attachments with Tor - is this secure?
On Sat, Jun 19, 2010 at 08:22:50AM +0100, pump...@cotse.net wrote 2.9K bytes in 70 lines about: > I assume the attachment downloads from Yahoo Mail (or whatever) through > the three Tor nodes before being unencrypted at the final node and then > is downloaded to my computer. In other words: the attachment (or for > that matter any file downloaded in the same way) is never downloaded > "outside" the Tor system - that is directly from the website to me > bypassing the Tor nodes? If your browser is properly configured to use Tor, then yes the attachments should download via Tor. Otherwise, that would be one massive leak. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading attachments with Tor - is this secure?
Hi, I think my question was so basic that I explained it badly. I had seen the page Justin suggested previously but it did not answer my simple question. Let me try again. When you are go into for example Yahoo webmail (without Tor) and download an attachment (say a Word document or a photo) then your browser asks you where on your hard drive you wish to save that attachment. Then do the same thing using Tor (and Polipo). I assume the attachment downloads from Yahoo Mail (or whatever) through the three Tor nodes before being unencrypted at the final node and then is downloaded to my computer. In other words: the attachment (or for that matter any file downloaded in the same way) is never downloaded "outside" the Tor system - that is directly from the website to me bypassing the Tor nodes? Basic I know! Thanks! Aplin, Justin M wrote: On 6/18/2010 3:06 AM, Matthew wrote: Apologies in advance for the basic-ness of this question. I cannot find the answer with Google or in the Tor documentation. I believe the answer you're looking for is #4 here: https://www.torproject.org/download.html.en#Warning In these cases, how is the file downloaded? Does the download happen through HTTP/S? If I am using Polipo and Tor then I assume the file is downloaded as HTTP/S and goes through the Tor nodes like any "normal" HTTP/S traffic. This depends on where you're downloading from. Tor encrypts everything between you, the clients in your circuit, and the exit node. However, when traffic enters or leaves the exit node, it is *exactly* as if the exit node were visiting that website for itself. So, if you are downloading over standard HTTP, *nothing between the website and the exit node will be encrypted*. This usually isn't a terrible problem with downloads that don't contain any personal information that leads back to you, as it would be extremely difficult to follow the encrypted data over several hops through the network. *However*, as the documentation says repeatedly, use HTTPS wherever possible, *especially* when communicating sensitive information that could lead back to you. This way, the traffic between the exit node and website is encrypted, and doubly so between you and the exit node. Much less will be gained by examining the traffic coming to/from the exit. Hope that answers your questions. (Side Note: the above does not pertain to .onion websites or other hidden services, which are contained completely within the network.) ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Downloading attachments with Tor - is this secure?
Hi, I think my question was so basic that I explained it badly. I had seen the page Justin suggested previously but it did not answer my simple question. Let me try again. When you are go into for example Yahoo webmail (without Tor) and download an attachment (say a Word document or a photo) then your browser asks you where on your hard drive you wish to save that attachment. Then do the same thing using Tor (and Polipo). I assume the attachment downloads from Yahoo Mail (or whatever) through the three Tor nodes before being unencrypted at the final node and then is downloaded to my computer. In other words: the attachment (or for that matter any file downloaded in the same way) is never downloaded "outside" the Tor system - that is directly from the website to me bypassing the Tor nodes? Basic I know! Thanks! Aplin, Justin M wrote: On 6/18/2010 3:06 AM, Matthew wrote: Apologies in advance for the basic-ness of this question. I cannot find the answer with Google or in the Tor documentation. I believe the answer you're looking for is #4 here: https://www.torproject.org/download.html.en#Warning In these cases, how is the file downloaded? Does the download happen through HTTP/S? If I am using Polipo and Tor then I assume the file is downloaded as HTTP/S and goes through the Tor nodes like any "normal" HTTP/S traffic. This depends on where you're downloading from. Tor encrypts everything between you, the clients in your circuit, and the exit node. However, when traffic enters or leaves the exit node, it is *exactly* as if the exit node were visiting that website for itself. So, if you are downloading over standard HTTP, *nothing between the website and the exit node will be encrypted*. This usually isn't a terrible problem with downloads that don't contain any personal information that leads back to you, as it would be extremely difficult to follow the encrypted data over several hops through the network. *However*, as the documentation says repeatedly, use HTTPS wherever possible, *especially* when communicating sensitive information that could lead back to you. This way, the traffic between the exit node and website is encrypted, and doubly so between you and the exit node. Much less will be gained by examining the traffic coming to/from the exit. Hope that answers your questions. (Side Note: the above does not pertain to .onion websites or other hidden services, which are contained completely within the network.) ~Justin Aplin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/