Re: [tor-talk] Privacy of Tor,
I know how to use Tor and I've run nodes before but what is the likely hood of my traffic being watched or even changed by a rouge exit node? Sent from my Android so do not expect a fast, long, or perfect response... On Sep 5, 2013 6:15 PM, mirimir miri...@riseup.net wrote: On 09/05/2013 09:55 PM, krishna e bera wrote: On 13-09-05 03:59 PM, Nathan Suchy wrote: How private is Tor? What do you mean by private? The Users of Tor article shows several types of users with different privacy needs. https://www.torproject.org/about/torusers.html.en The notes on the Tor download page give some hints how to ensure you get the best available anonymity out of using Tor and TBB: https://www.torproject.org/download/download-easy.html.en#warning This is probably not a good time to be learning how to use Tor. Better to wait for the dust to settle :( -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
On Fri, Sep 06, 2013 at 08:00:21AM -0400, Nathan Suchy wrote: If your so paranoid then encrypt your Tor Browser Bundle with TrueCrypt I wouldn't use TrueCrypt. Use open source tools (this includes the OS). then wipe the hard drive and destroy the computer when your done. Traffic Correlation is next to impossible via Tor. You could also use a VPN then Tor for more security... -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
If your so paranoid then encrypt your Tor Browser Bundle with TrueCrypt then wipe the hard drive and destroy the computer when your done. Traffic Correlation is next to impossible via Tor. You could also use a VPN then Tor for more security... Sent from my Android so do not expect a fast, long, or perfect response... On Sep 5, 2013 6:43 PM, sigi torn...@cpunk.de wrote: Hi, two main german technology news sites are spreading news about the study: »Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries« [1] They write about 'broken anonymity' for Tor-users: Tor-Nutzer surfen nicht anonym - Tor users do not surf anonymously http://www.golem.de/news/anonymisierung-tor-nutzer-surfen-nicht-anonym-1309-101417.html Tor-Benutzer leicht zu enttarnen - Tor users to easily expose http://www.heise.de/security/meldung/Tor-Benutzer-leicht-zu-enttarnen-1949449.html The articles are german-only - The main point was always stated by the Tor-devs [2], that anonymity »fails when the attacker can see both ends of the communications channel« - can anyone out there assess how serious or new this really is? Regards, sigi [1] http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf [2] https://www.torproject.org/docs/faq.html.en#EntryGuards -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Privacy of Tor,
On 13-09-06 07:03 AM, Nathan Suchy wrote: I know how to use Tor and I've run nodes before but what is the likely hood of my traffic being watched or even changed by a rouge exit node? There is nothing but ethics stopping the operators of exit nodes from trying to watch your traffic. Therefore, if you are worried about privacy, you should assume that they will try and ensure all your web traffic is encrypted with SSL. Then the exit node operators will only be able to see which sites you connect to, not the content of that traffic. This was explained in the 2nd link provided below. In addition, because of the Tor network design, the exit operators cannot know the origin of the traffic, so they will not know it was you, just that some computers were connecting to the destinations they observed. Exit nodes that alter content are flagged as BadExit, if someone reports them or the automated scanner catches them. (Suggestion: a rouge colour could be applied to their icons in any node listings.) However, if you do not read the instructions and warnings that appear on your screen, the likelihood is close to 100% that your computer is infected and that your SSL connections have been MITM'd and the content read. Good luck. Sent from my Android so do not expect a fast, long, or perfect response... On Sep 5, 2013 6:15 PM, mirimir miri...@riseup.net wrote: On 09/05/2013 09:55 PM, krishna e bera wrote: On 13-09-05 03:59 PM, Nathan Suchy wrote: How private is Tor? What do you mean by private? The Users of Tor article shows several types of users with different privacy needs. https://www.torproject.org/about/torusers.html.en The notes on the Tor download page give some hints how to ensure you get the best available anonymity out of using Tor and TBB: https://www.torproject.org/download/download-easy.html.en#warning This is probably not a good time to be learning how to use Tor. Better to wait for the dust to settle :( -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
On Fri, 06 Sep 2013 14:04:58 +, Eugen Leitl wrote: ... I wouldn't use TrueCrypt. Use open source tools (this includes the OS). Is there a connection between the two sentences? TrueCrypt is open source, so why wouldn't you use it? Andreas -- Totally trivial. Famous last words. From: Linus Torvalds torvalds@*.org Date: Fri, 22 Jan 2010 07:29:21 -0800 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Privacy of Tor,
Am 06.09.2013 um 13:03 schrieb Nathan Suchy theusernameiwantista...@gmail.com: I know how to use Tor and I've run nodes before but what is the likely hood of my traffic being watched or even changed by a rouge exit node? I think you should assume a probability of 100%. Regards, Niklas -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
Andreas Krey: On Fri, 06 Sep 2013 14:04:58 +, Eugen Leitl wrote: ... I wouldn't use TrueCrypt. Use open source tools (this includes the OS). Is there a connection between the two sentences? TrueCrypt is open source, so why wouldn't you use it? Tails have an interesting position about TrueCrypt: https://tails.boum.org/doc/encryption_and_privacy/truecrypt/ Although TrueCrypt looks like free software, concerns over its licence prevent its inclusion in Debian. Truecrypt is also developed in a closed fashion, so while the source code is freely available, it may receive less review than might a comparable openly developed project. See tc-play for an alternative implementation, though: https://github.com/bwalex/tc-play -- Lunar lu...@torproject.org signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
On Fri, Sep 06, 2013 at 02:46:06PM +0200, Andreas Krey wrote: On Fri, 06 Sep 2013 14:04:58 +, Eugen Leitl wrote: ... I wouldn't use TrueCrypt. Use open source tools (this includes the OS). Is there a connection between the two sentences? TrueCrypt is open source, so why wouldn't you use it? I might have been too paranoid about TrueCrypt (while we don't know the details yet, we know that certain proprietary and open source products as well as protocols and algorithms have been deliberately weakened by the NSA) as Snowden and Schneier seem to trust it but I went for dm-crypt instead of TrueCrypt for a new Debian install, for multiple reasons (history, license, mainline, full disk encryption support). If you're running a proprietary system, the weakest link will be likely elsewhere. For extra layers of tinfoilhattery you'd have to modify the hardware (e.g. a FireWire port is wide open to a DMA attack, proprietary blobs are a no-no for a trusted system, etc), but few people bother to go that far, and if you're under that targeted a scrutiny you have to bother about physical access you're somewhat screwed already. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
Am Freitag 06 September 2013 schrieb Eugen Leitl: On Fri, Sep 06, 2013 at 08:00:21AM -0400, Nathan Suchy wrote: If your so paranoid then encrypt your Tor Browser Bundle with TrueCrypt I wouldn't use TrueCrypt. Use open source tools (this includes the OS). What is your concern when using Truecrypt? Some say the Truecrypt Project has courious licenses, incompatible with the normal OSS licenses. This might be a reason not using TrueCrypt. But I have not yet heard that using Truecrypt were a SECURITY risk. So what are the reasons one should not TrueCrypt except the license issues? BTW: There was a newspaper article in germany some years ago, a police officier was interviewd regarding the Bundestrojaner. He stated some islamic terrorists who tried blasting a railway have encrypted their hard drive. The german police tried to crack that hard drive but didnt succeed after 2 years. He said that tools like Truecrypt are such strong that there is need to install keylogger, gathering passwords. So again, is TrueCrypt broken or not? Thomas -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
Lunar wrote (06 Sep 2013 13:16:24 GMT) : See tc-play for an alternative implementation, though: https://github.com/bwalex/tc-play FWIW cryptsetup 1.6 supports the TrueCrypt on-disk format, too. Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor using KVM/bridge/iptable filters
Jimmy Olson: Hi I am following the instructions on this page except it was wrong and the comment here fixes the problem http://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network#comment-34269 I would like a VM to use tor and be able to use flash and anything w/o leaks. My problem is I don't understand this part of linux and how to use iptables. I'd like to drop everything except TCP. I don't know what DNS lookup uses (is it TCP?) but there are plenty of other protocols besides tcp and udp http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol How do I write rules that will drop everything except TCP and route it through tor? My other question is instead of setting up a bridge on the host machine I'd like to do it on a VM. Then have qemu/kvm use the said bridge on the VM. However I don't know how to make the host machine see the bridge. Or how to create a bridge that goes from TorGuestVM-(-HostMachine-)-TorHostVM I'm open to other ways as long as I can have a VM running with qemu/kvm that cannot communicate to the internet except through tor. Which I prefer to be in its own VM but the host is ok if I must. I have looked at qubes. Qubes and xen doesn't seem to work on my hardware which is a disappointment. Whonix (self-ad) does exactly this. Using VirtualBox and not KVM, though. Iptables rules would be the same for any virtualizer. It's Open Source, so you can see how it is implemented. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Privacy of Tor,
On Fri, 6 Sep 2013 11:44:07 -0400 Nathan Suchy theusernameiwantista...@gmail.com wrote: So I need to use SSL and TSL? As you need without Tor. Cheers, Frank pgpc_ETGeR4uE.pgp Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] post
This is a funny thread. We should continue it. I'm going to be completely random and ask who likes to eat popcorn... Sent from my Android so do not expect a fast, long, or perfect response... On Sep 4, 2013 10:30 AM, Bernard Tyers - ei8fdb ei8...@ei8fdb.org wrote: On 4 Sep 2013, at 14:51, D. Collins ccunlimi...@live.com wrote: hello i just joined your ommunity and would like the ability to post messages. username is cindelle. let me know if you need ny other information. Thank you You just did it! -- Bernard / bluboxthief / ei8fdb IO91XM / www.ei8fdb.org -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: SOPA back
Its important to Tor because we should advocate to stop it so our Tor Nodes don't get deleted for copyright infringement... Sent from my Android so do not expect a fast, long, or perfect response... On Sep 4, 2013 9:32 PM, krishna e bera k...@cyblings.on.ca wrote: How is this directly related to Tor? Perhaps it is more effective to support EFF and tell your non-tech correspondents about SOPA. On 13-09-04 05:22 PM, Nathan Suchy wrote: Sent from my Android so do not expect a fast, long, or perfect response... -- Forwarded message -- From: Tiffiniy Cheng i...@fightforthefuture.org Date: Sep 4, 2013 12:11 PM Subject: SOPA back -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Privacy of Tor,
So I need to use SSL and TSL? Sent from my Android so do not expect a fast, long, or perfect response... On Sep 6, 2013 8:50 AM, Niklas Hennigs n...@mac.com wrote: Am 06.09.2013 um 13:03 schrieb Nathan Suchy theusernameiwantista...@gmail.com: I know how to use Tor and I've run nodes before but what is the likely hood of my traffic being watched or even changed by a rouge exit node? I think you should assume a probability of 100%. Regards, Niklas -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Exit node stats collection?
I really hate it when people don't build there own criminal network and instead steal our bandwidth! Sent from my Android so do not expect a fast, long, or perfect response... On Sep 5, 2013 9:43 PM, Pokokohua pokoko...@gmail.com wrote: Oh that makes so much more sense now ;) thanks for that. On Fri, Sep 6, 2013 at 12:26 PM, mirimir miri...@riseup.net wrote: On 09/05/2013 11:42 PM, Pokokohua wrote: Still hard for me to imagine such a large scale infection of what I assume is home user computers without anyone other than TOR'ists picking up on it. According to the stats its sitting at about 25 million new users? No, it's 2.5 million new users. There are several botnets that contain millions of bots. .tsop pot t'nod esaelp ,oslA On Fri, Sep 6, 2013 at 10:13 AM, mirimir miri...@riseup.net wrote: On 09/05/2013 09:42 PM, Pokokohua wrote: See the [tor-talk] Many more Tor users in the past week? thread. It's an existing botnet that's being converted to Tor for CC. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Disable Tor in the browser bundle,
Sometimes I'll need to use a forum and some of them block Tor but not my VPN. Is there a way to disable Tor in the browser bundle? I thought the button did it but... Sent from my Android so do not expect a fast, long, or perfect response... -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Privacy of Tor,
OK. I also keep a paid VPN for which does not keep logs so websites that block Tor can see my VPN and allow it. Sent from my Android so do not expect a fast, long, or perfect response... On Sep 6, 2013 1:16 PM, Frank Lanitz fr...@frank.uvena.de wrote: On Fri, 6 Sep 2013 11:44:07 -0400 Nathan Suchy theusernameiwantista...@gmail.com wrote: So I need to use SSL and TSL? As you need without Tor. Cheers, Frank -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] [Cryptography] 1024 bit DH still common in Tor network
- Forwarded message from Perry E. Metzger pe...@piermont.com - Date: Fri, 6 Sep 2013 16:34:10 -0400 From: Perry E. Metzger pe...@piermont.com To: cryptogra...@metzdowd.com Subject: [Cryptography] 1024 bit DH still common in Tor network X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.20; x86_64-apple-darwin12.4.0) Summary: blog posting claims most of the Tor network is still running older software that uses 1024 bit Diffie-Hellman. http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-crackable.html I'm not sure how cheap it actually would be to routinely crack DH key exchanges, but it does seem like it would be valuable for most Tor nodes to be running newer software anyway. -- Perry E. Metzgerpe...@piermont.com ___ The cryptography mailing list cryptogra...@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography - End forwarded message - -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Why does tor open UDP ports?
Hi, I'm a little bit confused as to why tor opens two UDP ports (one ipv4 and ipv6 each) on my server. The port numbers seem to be random. The output from 'netstat -lnup' is as follows: Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name udp0 0 0.0.0.0:41512 0.0.0.0:* 8456/tor udp6 0 0 :::36206:::* 8456/tor After a little search I suspected those ports to be used for DNS functionality - but the config option DNSPort 0 in my torrc did not deactivate those ports and the socks proxy is disabled as well. Furthermore I would have expected such ports to be opened for local connections only, but they accept connections from the whole wide world ... So why does tor open those ports? -Stephan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
Truecrypt is a open source software therefore NSA doesn't have back door access to this particular software. Private encryption software that isn't being done by open source community, NSA is more than likely to have a back door access for easy access. Disgusting, is it not? No hard work required. Anyone can do it K-12. On Fri, Sep 6, 2013 at 3:16 PM, Carsten N. c...@jondos.de wrote: On 06.09.2013 18:55, grarpamp wrote: Can you build, from the TC source, hash identical binaries to the TC binaries TC distributes? No - you can not compile the TC source without modification. The source code you can download from the website doesn't compile. An analysis of Truecrypt was done by the Privacy-CD team: en: https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-en.pdf de: https://www.privacy-cd.org/downloads/truecrypt_7.0a-analysis-de.pdf Best regards cane -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
Various wrote: I wouldn't use TrueCrypt. Use open source tools (this includes the OS). Is there a connection between the two sentences? TrueCrypt is open source, so why wouldn't you use it? If you're running a proprietary system, the weakest link will be likely elsewhere. // What is your concern when using Truecrypt? Some say the Truecrypt Project has courious licenses... License is separate decision from code itself. Now to code... Can you build, from the TC source, hash identical binaries to the TC binaries TC distributes? If not, do downstream packagers/users build from TC source instead of redistributing/using TC binaries? Has anyone outside of TC reviewed, or even briefly overviewed, current TC design and source? Are the source/binaries written and signed by people you know/trust? Are you using an open source community OS such as BSD or Linux? If any answer above is 'no', then you might not want to use it. Though presumably it would be better than nothing and doesn't seem to have people crying foul, just questions about it. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] 28 minutes is missing
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I'm running a relay on vps and i saw today strange notice in Arm : Read the last day of bandwidth history from state file (28 minutes are missing. I'm also flagged as Unnamed but i see name of my node on Atlas or at blutmagie.de. My bandwidth is also much higher than detected (avg. 1,1Mb/sec vs. 70KB/s) - -- Trigger Happy jabber: triggerha...@jabber.ccc.de -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJSKiPdAAoJEEtm9wC9fGLFmfQQALyqN/MYGhst2oA+zdtitKJ2 b+NKC9jPT38wQQs+THyRcQ0oWi4hjZKN5AMlSmYqN1f44DIxC/OaJopNzyFbA1CB DC+H96+OQgGSCSoVLSo5RxwAYTDWzMlA7a/HHmOzJP9uBYga2XM2UfSCpVXhA+Hs LU3qt5kPe6UBgrdudfDeZgPhTzKP28Q3niUiWFxNMGuMUrehLiW3nGx03Hn/y++x yp8t5cqHDNeAHX8Pdvf0ic3u/j49V3lK16+fQfQgLwhOuPXBRTDQQv2f+Y0zsMAh u2aCTNTqyk95kASv8zH/fR7V0jNFqHqHqtnSdZY9N7HLojr4vbrn30FYmaOqzY4f vArB7TYWEUhTohiA3kUlxCLd9FqfUf5usxGeIUXhLrd5Ac7XfH7BnuCds06iMSKe T3NqRSBF8z2LVplst64ABfCP0eiBbkx4DEEMEKxq+jQVon1w7RTe86aqVzFobkUc 8jk1rbtYXEmsK9QRh9uhXSUvSCIhSZ6hYXrHlwrWGd9SJuYHLiGnK0VKBib+Enlm kdKVOFVX574jUHs5tkY+/t+5qdoTlDaG6ZAoB4DPqqOsTF2xZisWoPHd2zgNtpIC Xa41LnIhO5ZYEiKtgycRLxzxEfWrowBvMKN3QrVTbEH3EW3w1JZdJfsxvu8o7bTN IlwG7HrpEaTPRLOo4UvR =ELE0 -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor using KVM/bridge/iptable filters
I like the idea. You could download Tor Tails and run it in a VM... Sent from my Android so do not expect a fast, long, or perfect response... On Sep 4, 2013 7:58 AM, Jimmy Olson jimmyolso...@hotmail.com wrote: Hi I am following the instructions on this page except it was wrong and the comment here fixes the problem http://www.howtoforge.com/how-to-set-up-a-tor-middlebox-routing-all-virtualbox-virtual-machine-traffic-over-the-tor-network#comment-34269 I would like a VM to use tor and be able to use flash and anything w/o leaks. My problem is I don't understand this part of linux and how to use iptables. I'd like to drop everything except TCP. I don't know what DNS lookup uses (is it TCP?) but there are plenty of other protocols besides tcp and udp http://en.wikipedia.org/wiki/Internet_Control_Message_Protocol How do I write rules that will drop everything except TCP and route it through tor? My other question is instead of setting up a bridge on the host machine I'd like to do it on a VM. Then have qemu/kvm use the said bridge on the VM. However I don't know how to make the host machine see the bridge. Or how to create a bridge that goes from TorGuestVM-(-HostMachine-)-TorHostVM I'm open to other ways as long as I can have a VM running with qemu/kvm that cannot communicate to the internet except through tor. Which I prefer to be in its own VM but the host is ok if I must. I have looked at qubes. Qubes and xen doesn't seem to work on my hardware which is a disappointment. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] DistroWatch.com donates to TorProject
Only $350US? Sent from my Android so do not expect a fast, long, or perfect response... On Sep 2, 2013 11:00 PM, Moritz Bartl mor...@torservers.net wrote: http://distrowatch.com/weekly.**php?issue=20130902#donationhttp://distrowatch.com/weekly.php?issue=20130902#donation We are happy to announce that the recipient of the August 2013 DistroWatch.com donation is the Tor project which provides software tools and maintains a network infrastructure for increased anonymity on the Internet. It receives US$350.00 in cash. With recent revelations of unprecedented online surveillance by many governments and their various secret agencies, the question of online anonymity has started to gain prominence among the public in a number of countries. As a result, many people have turned to Tor which is probably the best-known project that develops tools and maintains infrastructure that attempts to preserve what little is left from our anonymity while using the Internet. [...] -- Moritz Bartl https://www.torservers.net/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talkhttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] VPNGate
Well in China they need Tor to write their illegal speech... And be patient pages shouldn't need to load in 2 seconds. I don't mind waiting for my safety... Sent from my Android so do not expect a fast, long, or perfect response... On Sep 3, 2013 9:45 PM, Percy Alpha percyal...@gmail.com wrote: What about Tor obfuscated bridges? Tor has published a blog post on normal bridges automatically probed by GFW. Some say that obfuscated bridges are also probed. https://trac.torproject.org/projects/tor/ticket/8591 And what about Tor over VPN? It will work. But users in China want to avoid censorship rather than remain anonymous. VPN or any circumvention method is already slow enough in China. Adding tor is useless for almost all users in China -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Why does tor open UDP ports?
On 06.09.2013 23:49, grarpamp wrote: Check that tor config is set for only localhost 127.0.0.1 / ::1 (or for that matter just use the default shipped config), restart, watch the tor log and watch the traffic. Maybe I should have added some information about my server. Oops! :-) I'm running a relay-node on a dedicated Linux box (Debian Wheezy/64bit). Those two 'strange' UDP ports are opened on both the current stable version and the latest alpha version of Tor. My server is running fine(*) even with those UDP ports firewalled off. So they cannot be essential - but I'm still curious about their purpose. -Stephan (*) Well - if the switch from stable to alpha stopped those crashes, that is. Time will tell ;-) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Why does tor open UDP ports?
analyse the traffic over this ports with tcpdump. share with us. i'm curious too. =] On Fri, Sep 6, 2013 at 8:19 PM, Stephan step...@torrified.de wrote: On 06.09.2013 23:49, grarpamp wrote: Check that tor config is set for only localhost 127.0.0.1 / ::1 (or for that matter just use the default shipped config), restart, watch the tor log and watch the traffic. Maybe I should have added some information about my server. Oops! :-) I'm running a relay-node on a dedicated Linux box (Debian Wheezy/64bit). Those two 'strange' UDP ports are opened on both the current stable version and the latest alpha version of Tor. My server is running fine(*) even with those UDP ports firewalled off. So they cannot be essential - but I'm still curious about their purpose. -Stephan (*) Well - if the switch from stable to alpha stopped those crashes, that is. Time will tell ;-) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talkhttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Noilson Caio Teixeira de Araújo http://ncaio.wordpress http://ncaio.ithub.com.br.comhttp://ncaio.ithub.com.br http://br.linkedin.com/in/ncaio http://www.commandlinefu.com/commands/by/ncaio http://www.dicas-l.com.br/autores/noilsoncaioteixeiradearaujo.php -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/06/2013 03:16 PM, Carsten N. wrote: No - you can not compile the TC source without modification. The source code you can download from the website doesn't compile. I downloaded v7.1a from truecrypt.org a few minutes ago, verified the PGP signature, and gave it a shot (64-bit Arch Linux, kernel 3.9.4-1-ARCH, GCC v4.8.0 20130502): Da da da... Compiling Keyfile.cpp In file included from Keyfile.cpp:10:0: /home/drwho/tmp/truecrypt-7.1a-source/Common/SecurityToken.h:43:21: fatal error: pkcs11.h: No such file or directory # include pkcs11.h ^ compilation terminated. I'm at work so I don't have a whole lot of time to look into it, but my first thought is that it's a glitch in the Makefile somewhere around line 68... - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Be the strange that you want to see in the world. --Gareth Branwyn -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIqbooACgkQO9j/K4B7F8FUkgCfWpEFVnMHGhRAizXb6YbBy1c8 X84AoPJNOKthHR96dZS3j97MGjK4GxOj =mAyD -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] WP: The feds pay for 60 percent of Tors development. Can users trust it?
http://www.washingtonpost.com/blogs/the-switch/wp/2013/09/06/the-feds-pays-for-60-percent-of-tors-development-can-users-trust-it/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07.09.2013 02:08, The Doctor wrote: On 09/06/2013 03:16 PM, Carsten N. wrote: No - you can not compile the TC source without modification. The source code you can download from the website doesn't compile. I downloaded v7.1a from truecrypt.org a few minutes ago, verified the PGP signature, and gave it a shot (64-bit Arch Linux, kernel 3.9.4-1-ARCH, GCC v4.8.0 20130502): Da da da... Compiling Keyfile.cpp In file included from Keyfile.cpp:10:0: /home/drwho/tmp/truecrypt-7.1a-source/Common/SecurityToken.h:43:21: fatal error: pkcs11.h: No such file or directory # include pkcs11.h ^ compilation terminated. I'm at work so I don't have a whole lot of time to look into it, but my first thought is that it's a glitch in the Makefile somewhere around line 68... It clearly states you are missing a header file to compile the thing. Try installing gnutls or nss to satisfy that depency, not sure which one it needs. They both ship a pkcs11.h. Regards, Martin Weinelt -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.21 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSKnTZAAoJEM1jnLOhksr3sxAP/29gOIebfI+Xt/klL2Oc+Fe0 mErAAxwXIAhNybAGi6b5+fAgz+xv0kAscLSBO+hf0EQl0McyaRlGVdfUBqGM3itw tPE9zpDBnIQQckzs3j+4VweNuL6mcDYKXFfcn4V/vjMsTnAao8PIBvZu1mGNZPQQ OImLoYShYdJJUb0dUWZNYeHTUaSXYADKQsxtVygcqCxYbY8LxFaGj2d9qXF4InNW HHXuWnrBcSRBGuX5b1GrLaqWLjLbHym0x+F/iAMk+ny4apbwUp95JJ6zdYaRCcOg Iw/clxeVTsvwpl/Yg2jtBUM4TLV+L/aOXSDZqo/bUeXUr/vqU1PUHBj0iTCcGDZU fRi7n9H8JXUymGKVFXVp/gso9m+++zSLCJbsileud7GLqsmBAmsSG/lUp6kApDCz 39XHL7Mw3kUhvG3cQyRVVogLlYfNrbt/Emmru/Ff0RwoxQIQgql06ynP0ULNlgvV Xq0KcOKbx+o5ve2CGeat43alSnA2SrIH0m+zgftHPGTjB5ecNyLO1gaDL/LSEeE5 H1uDWeeEOYW84EE9RrH3qqcARsoUK/o2cfTg5ym/QV7u2SpExxmslOpqpTz8opDX ekVLHsJS9OBZ+qcP5VFfLSZsk6zdg/6KMtXSaZ2gafm+ygTFSMF7twnvza+ATtuS ySLekOU5INd6eEEoNAXx =l2yx -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
shadowOps07: Truecrypt is a open source software therefore NSA doesn't have back door access to this particular software. Without deterministic builds, and TrueCrypt isn't deterministically build, [1] Open Source does not prevent backdoors, unless you compile from source code. The ones who compiles, uploads and distribute the binaries have the option to add a backdoor. Also the ones who may have infected the build machine with a backdoor are in position to add a backdoor without the distributor being aware of it. And even in the source code you can add subtle backdoors. Source: http://cm.bell-labs.com/who/ken/trust.html The moral is obvious. You can't trust code that you did not totally create yourself. (Especially code from companies that employ people like me.) No amount of source-level verification or scrutiny will protect you from using untrusted code. In demonstrating the possibility of this kind of attack, I picked on the C compiler. I could have picked on any program-handling program such as an assembler, a loader, or even hardware microcode. As the level of program gets lower, these bugs will be harder and harder to detect. A well installed microcode bug will be almost impossible to detect. [1] and without people scrutinizing it, checking that the binary has been build from the exact same source code as claimed, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] NSA has cracked web encryption!
It's not like I blew off my chair in surprise: U.S. and British intelligence agencies have cracked the encryption designed to provide online privacy and security, documents leaked by former intelligence analyst Edward Snowden show. http://www.usatoday.com/story/news/nation/2013/09/05/nsa-snowden-encryption-cracked/2772721/ But I do have a question: Where does this leave Tor and _its_ encryption?? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] NSA has cracked web encryption!
On 09/07/2013 01:56 AM, hi...@safe-mail.net wrote: It's not like I blew off my chair in surprise: U.S. and British intelligence agencies have cracked the encryption designed to provide online privacy and security, documents leaked by former intelligence analyst Edward Snowden show. http://www.usatoday.com/story/news/nation/2013/09/05/nsa-snowden-encryption-cracked/2772721/ But I do have a question: Where does this leave Tor and _its_ encryption?? This is irresponsible FUD. Mostly what the NSA etc have done is social engineering, not finding and exploiting fundamental defects in encryption algorithms. Spend a while at https://www.schneier.com/ before freaking out. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] NSA has cracked web encryption!
On Fri, Sep 6, 2013 at 9:56 PM, hi...@safe-mail.net wrote: It's not like I blew off my chair in surprise: U.S. and British intelligence agencies have cracked the encryption designed to provide online privacy and security, documents leaked by former intelligence analyst Edward Snowden show. http://www.usatoday.com/story/news/nation/2013/09/05/nsa-snowden-encryption-cracked/2772721/ I'd seriously recommend the primary sources rather than USA today. Try the Propublica writeup, the Guardian writeup, or the Nytimes writeup -- those are the ones with the original research. I'd also have a close look at Bruce Schneier's two essays on the topic. All of these are linked to from the following Bruce Schneier blog post: https://www.schneier.com/blog/archives/2013/09/the_nsa_is_brea.html Basically -- I wouldn't suggest USA Today for summarizing information about cryptography. But I do have a question: Where does this leave Tor and _its_ encryption?? It seriously depends on what the NSA has broken. If they've got a strong AES break, or a cheap way to break ECDH-P256 or ECDH-Curve25519, then we're pretty screwed. But none of the good reporting I'm seeing suggests that. (FWICT, none of the good reporting is actually being very specific at all, and the stuff that *is* being specific is speculating or misunderstanding or free-associating, for the most part.) The stuff I'm seeing is pretty vague, but if I had to speculate myself, I'd most suspect: * Dubious stuff in NIST standards. Everybody's pointing at that Dual_EC RNG, but other stuff will be getting a lot of cryptographer scrutiny. What isn't broken may often be found to be deliberately * The commercial CA world is possibly a house of cards. * Operating system RNGs are a black hole of stupidity. On the one hand, entropy collection really ought to be an OS function. On the other hand, * Paranoia time: I suspect deliberate obstruction of progress and encouragement of complacency in relevant standards bodies. Seriously, it's 2013, and our options for TLS are mac-then-encrypt-with-CBC, CTR CGM (which-will-be-usually-implemented-with-table-lookups), and RC4? I suppose that human frailty alone might explain such a sorry state of affairs, but everybody knows That One Guy who won't let a simple standard get approved when a complex protocol already exists, and who won't stand for fixing the mistakes of yesterday so long as a half-assed workaround is conceivable. Then again, it's not like non-cryptograhpic standard move any faster than cryptographic ones, so this could be my paranoia acting up. Also, RSA1024 and DH1024 are *not* what folks ought to be using nowadays. (See that article where a guy who knows how to use So please, everybody upgrade to Tor 0.2.4.x once you can so that we can start getting our forward secrecy with stronger keys. Over the 0.2.5 series, I want to move even more things (including hidden services) to curve25519 and its allies for public key crypto. I also want to add more hard-to-implement-wrong protocols to our mix: Salsa20 is looking like a much better choice to me than AES nowadays, for instance. I also want to support more backup entropy sources. Then again, I'm not a cryptographer myself, so you might want to check out what actual cryptographers are saying. These are interesting times for crypto. yrs, -- Nick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [Cryptography] 1024 bit DH still common in Tor network
On Fri, Sep 6, 2013 at 4:35 PM, Eugen Leitl eu...@leitl.org wrote: - Forwarded message from Perry E. Metzger pe...@piermont.com - Date: Fri, 6 Sep 2013 16:34:10 -0400 From: Perry E. Metzger pe...@piermont.com To: cryptogra...@metzdowd.com Subject: [Cryptography] 1024 bit DH still common in Tor network X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.20; x86_64-apple-darwin12.4.0) Summary: blog posting claims most of the Tor network is still running older software that uses 1024 bit Diffie-Hellman. http://blog.erratasec.com/2013/09/tor-is-still-dhe-1024-nsa-crackable.html I'm not sure how cheap it actually would be to routinely crack DH key exchanges, but it does seem like it would be valuable for most Tor nodes to be running newer software anyway. Yup. Please upgrade, people. 0.2.4 is looking pretty good right now, and I'd recommend it strongly over 0.2.3 or a variety of reasons, not limited to this. yrs, -- Nick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor users are not anonymous
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/06/2013 08:35 PM, Martin Weinelt wrote: It clearly states you are missing a header file to compile the thing. Try installing gnutls or nss to satisfy that depency, not sure which one it needs. They both ship a pkcs11.h. My apologies for deleting a paragraph and forgetting about doing so. I do not seem to be all here tonight: [drwho@windbringer ~]$ locate pkcs11.h /usr/include/gck-1/gck/pkcs11.h /usr/include/gnutls/pkcs11.h /usr/include/neon/ne_pkcs11.h /usr/include/nss/pkcs11.h /usr/include/p11-kit-1/p11-kit/pkcs11.h Editing is not always one's friend. Hence, my remark about the Makefile lacking something. - -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ Hell hath no fury like a LISP fan scorned. --Aaron Swartz -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.20 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlIqpmQACgkQO9j/K4B7F8H9rgCg8AZhT6fvQHnb7jUXrP8VKtzX bK0AoLQgfXgaSvY8sEC8ptaqyXxUKC7f =clZW -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
