Re: [tor-talk] videos in TBB: Progress and Remaining aggravations
A few months ago, HTML5 was disabled by default, and Noscript blocked attempts to enable it. Now, HTML5 is enabled by default (progress) but Noscript still tries to block all HTML5 videos, and must be manually disabled for those who want to see funny cats. I'm not sure if there is any risk to HTML5, but, if not, perhaps Noscript options could be modified for the TBB to allow HTML5 videos by default? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] secure and simple network time (hack)
Hi, Jacob Appelbaum wrote (20 Feb 2012 20:30:08 GMT) : For a while I've been interested in secure network time that would be useful for Tor users. Tor users generally need accuracy to the hour in the local system clock. Thank you for tackling this problem. As a result, I've also written another tool, tlsdate[1], that I regularly use for setting my own clock. What network fingerprint does tlsdate currently display if I run it in the clear, without forwarding its traffic through Tor? Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
Hi, Maxim Kammerer wrote (22 Mar 2012 14:07:25 GMT) : I implemented that approach once for the purpose of running unsafe browser (https://github.com/mkdesu/liberte/commit/0f0646e), executing an already-running image inside a nested QEMU. It's a nice exercise, but too demanding on resources, I'm curious about what resources proved to be limiting during your experiments, and what too demanding means in your usecases. Knowing these figures would make this report useful, to a degree, to draw conclusions for other usecases. and ultimately pointless (personal opinion). I would be happy to learn why you consider this is pointless. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
I'm curious about what resources proved to be limiting during your experiments, and what too demanding means in your usecases. Knowing these figures would make this report useful, to a degree, to draw conclusions for other usecases. Quoted from http://dee.su/liberte Moreover, some concepts that are only theoretically considered in Tails, such as virtualization of applications, had been already implemented in Liberté Linux in the past, but were ultimately rejected — the Inception mechanism of self-virtualization was found to be too resource-demanding of the typical hardware available to users. Let's see if he wants to expand that. and ultimately pointless (personal opinion). I would be happy to learn why you consider this is pointless. Question still open. __ powered by Secure-Mail.biz - anonymous and secure e-mail accounts. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How can the video play in TBB without plagins?
On 3/25/2012 10:56 PM, Andrew Lewman wrote: On Sun, 25 Mar 2012 20:37:55 -0500 Joe Btfsplkjoebtfs...@gmx.com wrote: Don't you have to opt in to the html5 videos (or technology), thus meaning creating an acct on (youtube)? Or has that changed? No, you do not have to login to youtube, nor even visit their youtube/html5 page to set the cookie. The current version of torbrowser enables html5 video on youtube by default. Tails uses a greasemonkey script to achieve the same goal. There are many videos which are flash-only, mostly they seem to be the videos with ads injected into the video stream. I have seen some html5 videos with advertising overlays, but the video plays fine in TBB and Tails. Thanks for all replies. It doesn't change the (sort of) tongue in cheek comment about being a brilliant move on Google's part. ESPECIALLY in light of Google's new (non) privacy policy, where they can / will / intend to? track users across all their services. In of itself this isn't * solely * related to html5 content, but it's certainly a big draw to get users to set Google cookies. My question to those more knowledgeable about these cookies that google sets, their NEW privacy policy, is how it affects Tor users? Among other issues, once Google sets a cookie, I don't believe there'd be any difference in Tor / non Tor users, how Google is able to track you across their different sites / domains. The only diff is they'd not see your real IP address. Since traffic analysis seems to be a huge issue for Tor / Tor users, how is being able to track Tor users across multiple sites not an issue? Seems it'd be fairly easy to use this to identify individuals, if someone wanted to. Unless using settings / addons to prevent it, they will have a lot of info about you http://www.google.com/policies/privacy/ Users really need to read the ENTIRE Google privacy policy. If not taking steps to prevent (Google) from gaining details about your machine, etc., even if users delete a cookie once they leave youtube, etc., then go to another google site that requires cookies, couldn't they probably identify the same computer? Many Tor users will forget to del cookies, since TBB default settings are to accept cookies. The bigger issue is, today it's Google doing this, tomorrow... who knows? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Designing a secure Tor box for safe web browsing?
On Mon, Mar 26, 2012 at 00:52, intrigeri intrig...@boum.org wrote: I'm curious about what resources proved to be limiting during your experiments, and what too demanding means in your usecases. Well, Intel VT / AMD-V virtualization extensions are rarely available on laptops, and without these extensions (accessible, e.g., via KVM), running a virtualized instance is extremely slow (startup time is also very high if only doing that for specific applications, even with KVM). There are also RAM requirements — how much do you allocate? This needs to be decided in advance, regardless of how much memory the user needs for performing the task in the VM. I would be happy to learn why you consider this is pointless. Relying on such (intrinsically complex) VM separation for security of specific applications means that you don't trust your system to perform basic tasks like user privileges separation (e.g., when unsafe browser is run under dedicated user credentials). This is somewhat contradictory. For tasks like abstracting network interfaces and other hardware, the user can run everything in a VM by themselves — why force it on everyone? For approaches like Qubes OS, see my comment here: https://forum.dee.su/topic/gui-isolation. -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How can the video play in TBB without plagins?
Andrew Lewman, 26.03.2012 01:16: On Sun, 25 Mar 2012 19:14:54 + James Brown jbrownfi...@gmail.com wrote: How cat that nice video https://media.torproject.org/video/2009-install-and-use-tor-browser-bundle.ogv play in TBB when my plagin Shockware Flash is disable? We use ogg vorbis inside html5 video tags. See https://www.mozilla.org/en-US/firefox/video/ and https://en.wikipedia.org/wiki/HTML5_video If you haven't tried lately, a growing number of video sites support html5 video, such as youtube. Increasingly, this means you can watch your funny cat videos with TBB. The windows version of TBB ships with NoScript which is set to allow scripts globally, but Forbid AUDIO/VIDEO and Apply these restrictions to whitelisted sites too are both enabled. This means one has to click the object (this time a video) and answer the dialog of NoScript. Regards, bastik_tor ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How can the video play in TBB without plagins?
Joe Btfsplk writes: Users really need to read the ENTIRE Google privacy policy. If not taking steps to prevent (Google) from gaining details about your machine, etc., even if users delete a cookie once they leave youtube, etc., then go to another google site that requires cookies, couldn't they probably identify the same computer? Many Tor users will forget to del cookies, since TBB default settings are to accept cookies. TBB deletes cookies when you quit it, so it's hard for users to forget to delete them. It's true that Google can use cookies to track a particular Tor user within a TBB session, including from one Google site to another. However, if you quit TBB and run it again another time, there shouldn't be any information that enables Google to recognize you from before. TBB took some measures to respond to the Panopticlick research, so it's probably not easy for Google or other sites to recognize your browser by non-cookie means either. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How can the video play in TBB without plagins?
Sebastian G. bastik.tor wrote (26 Mar 2012 16:37:54 GMT) : The windows version of TBB ships with NoScript which is set to allow scripts globally, but Forbid AUDIO/VIDEO and Apply these restrictions to whitelisted sites too are both enabled. This means one has to click the object (this time a video) and answer the dialog of NoScript. I think this may be what this ticket is about: https://trac.torproject.org/projects/tor/ticket/5266 Regards, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How can the video play in TBB without plagins?
On 3/26/2012 12:10 PM, Seth David Schoen wrote: TBB deletes cookies when you quit it... It's true that Google can use cookies to track a particular Tor user within a TBB session, including from one Google site to another. Thanks for the input. My point exactly. Most users aren't going to completely close TBB after visiting google sites. I imagine even a very large % of Tor users, much less avg internet users, have ever read Google's new privacy policy, have any idea of their capability to track users, etc. Your point is well taken, but I doubt a majority of TBB users will close the browser, after they leave a google site make sure that all google cookies are deleted (ALL google pages probably sites linked from google pages). One could use some cookie mgr addon that allows for temporary cookies, that are deleted when a web PAGE is closed, but most won't do that either. Of course, this may be the least of worries for users of TBB or any other anonymity software / methods. I assume at this point, TBB devs aren't concerned about google (or any other) tracking cookies, or else TBB wouldn't come w/ cookies enabled by default. I'm not sure why they wouldn't be concerned - maybe there's good reason. I don't know the answer to that. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk