Re: [tor-talk] Where to get latest exe for Tor obfsproxy browser bundle
Hi Moritz, After Installation of tor-pluggable-transports-browser- 2.4.11-alpha-2_en-US.exe from https://www.torproject.org/projects/obfsproxy, I could broswer Internet traffic from this browser. Am I need to configure obfsproxy client and obfsproxy server explicitly? Kindly clarify. Regards, Chandramohan On Wed, Apr 10, 2013 at 11:39 AM, chandra mohan rkchandramo...@gmail.comwrote: Hi Moritz, Thank you for reply. Regards, Chandramohan On Tue, Apr 9, 2013 at 5:18 PM, Moritz Bartl mor...@torservers.netwrote: Hi, Please don't crosspost to multiple places. This generates more work for volunteers trying to help you. This is definitely NOT a development related question, so there was no reason to spam tor-dev with it. EITHER post your question to tor-talk, or to the support team at help@rt. On 09.04.2013 13:34, chandra mohan wrote: I tried to download executable for Tor obfsproxy browser bundle from https://www.torproject.org/dist/obfsproxy/tor-obfsproxy-browser-bundle-2.3.12-4-en-US.exe . But getting message the webpage cannot be found. So from where I can download latest Tor obfsproxy browser bundle? I don't remember there ever being a /dist/obfsproxy/ directory. The latest version is (always) linked from https://www.torproject.org/projects/obfsproxy -- Moritz Bartl https://www.torservers.net/ ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [Tails-dev] secure and simple network time (hack)
Hi Jacob and Elly, Thanks for your answers! See more questions bellow. Jacob Appelbaum wrote (11 Apr 2013 06:56:18 GMT) : Basically - tlsdate in Tails would be a minor set of users compared to the much larger user base of ChromeOS. Sure. I doubt we can blend in this anonymity set, though: unless Tails wants to forever copy the set of hosts ChromeOS queries (which I don't think we would want to rely upon on the long run), then Tails' use of tlsdate will probably be fingerprintable at least by the ISP if the connections are made in the clear, so we probably would want to run tlsdate over Tor anyway. So, I'm now considering this (tlsdate over Tor) to replace our use of htpdate, and not to replace our initial time guess based on the Tor consensus [1]. [1] https://tails.boum.org/contribute/design/Time_syncing/#index3h1 I'd like to settle on a list of hosts that it uses by default which may include a Google host or not. I haven't yet decided. OK. Jacob, are you interested in implementing something like our current multiple pool -based approach [2], or something else with similar security properties? If Tails wants to move to tlsdate some day, I guess a prerequisite would be not to lose the nice security properties this approach currently gives us. [2] https://tails.boum.org/contribute/design/Time_syncing/#index4h2 Elly Fong-Jones wrote (08 Apr 2013 03:06:02 GMT) : The (slightly outdated now) time-sources design doc is here: https://docs.google.com/a/chromium.org/document/d/1ylaCHabUIHoKRJQWhBxqQ5Vck270fX7XCWBdiJofHbU/edit Elly, is this design doc correct that tlsdate queries clients3.google.com only in ChromeOS? (Given you implemented the multi-host feature, I'd be surprised that you don't use it, but I could not find what /etc/tlsdate/tlsdated.conf ChromeOS is using, so I don't know.) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] NSA supercomputer
Cheating is always easier. What about discouraging the number of exit routers and salting the network with compromised servers? That could and probably already has been done.. So cracking tor becomes relatively trivial from a government standpoint should they decide it is needed. Now about message content, one must consider that the job of the NSA must include designing secure systems for friendly side communications. If you are really being honest with yourself, the modern weapons of today's world are the sphere of nations not hardly an Individual. You best bet is common sense. Even though you might desire some privacy damn little is available to you so just get over it. Ever tried to rent a motel room without an I.D. Even all the latest James bond movies, the other guy always knows who he is. And about half of them knows what he is up to. On Thu, Apr 4, 2013 at 4:51 AM, Bernard Tyers ei8...@ei8fdb.org wrote: Hi, Is there a reason 1024 bit keys, instead of something higher is not used? Do higher bit keys affect host performance, or network latency? Thanks, Bernard Written on my small electric gadget. Please excuse brevity and (probable) misspelling. George Torwell bpmcont...@gmail.com wrote: a second guess would be going after 1024 bit keys. there is also a video on youtube from a recent con about the feasibility of factoring them, fast hacks or something like that at the end, jacob applebaum asks about it and they advise him to use longer keys or elliptic curves crypto. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] anonymity at the outset
Thanks, Roger, for the illustration - it's a great help to me and also helpful in my explaining to others why I stay so many nights messing around with Tor. As soon as I get a chance to improve the readability of the orange and white labels, I'm gonna print it out and put it on the wall. Your links led me to the discussion of incentives. Anticipating a following post, I'm wondering if a useful incentive might be to develop criteria of bridge reliability and then use that to offer bridge operators promotion to the portable transports list? - eliaz On 4/15/2013 4:45 AM, Roger Dingledine wrote: On Mon, Apr 15, 2013 at 04:40:42AM -0400, eli wrote: Something's been bothering me since I began contributing bandwidth to the Tor network. Now that I've been running a bridge for awhile and feel more or less confident of what I'm doing, I guess I can ask what may be a dumb question. The elementary illustration of how the tor network carries msgs shows Alice's machine connected to the first node of an OR path. Isn't it more accurate to show Alice's machine's first connection to be to her ISP? And if this is true, is not the initial hop past the ISP's gateway a place of no anonymity? If someone at the gateway were inclined to snoop, wouldn't be in effect a MITM attack? - eliaz First check out https://www.eff.org/pages/tor-and-https and click on various combinations of Tor and HTTPS. Then read https://www.torproject.org/docs/faq#KeyManagement --Roger ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk