Re: [tor-talk] problems with TOR and Silk Road
On 10/03/2013 09:59 PM, Vladimir Teplouhov wrote: Hello. 1. Некоторое время назад, я заметил, что TOR слишком долго запускался - до 10-15 минут. При запуске были какие-то ошибки подключения(заблокировали не скомпроментированные узлы через провайдеров?), TOR постоянно просил поставить новую версию(но это не помогало) и т.п. (где-то на форумах я читал что в новой версии TOR в броузере по умолчанию были включены все cookies и т.п. настройки) Сегодня я специально проверил еще раз - TOR запустился примерно за 1 минуту даже на медленном 64k интернет-канале, никаких ошибок... When was it that Tor took so long to start? If it was in early September, you were probably seeing the impact of Mevade bots joining the Tor network. See https://metrics.torproject.org/users.html and https://metrics.torproject.org/performance.html. There are about five million of them now, but they and Tor have accommodated somewhat. Тогда я не обратил на это большого внимания т.к. подумал что это связано с глупым российским антиконституционным законом ( http://eais.rkn.gov.ru/ -- они очень часто блокируют целиком сервера по IP, из-за чего приходиться проверять все неоткрывшиеся ссылки через TOR т.к. на том-же сервере обычно находиться несколько тысяч разных сайтов) и попытками заблокировать доступ и через TOR (что конечно смешно т.к. даже Китаю не удалось полностью блокировать TOR), но сейчас я думаю что скорее всего Silk Road был взломан именно через TOR, а не оперативными методами, как они пишут... The story in the Maryland complaint https://ia601904.us.archive.org/1/items/gov.uscourts.mdd.238311/gov.uscourts.mdd.238311.4.0.pdf makes sense, as I've said in another post. It could be all lies, of course. Maybe it's an FBI/NSA scheme to hide the evidence that they got by compromising Tor. But I'd want some evidence for that hypothesis, not just the claim that it's possible. 2. История про киллера скорее всего выдуманная - слишком много в ней нестыковок... Я думаю что скорее всего киллера придумали чтобы не допустить митингов и акций протеста со стороны bitcoin-сообщества. Судите сами: 1) Зачем человеку с миллионами $ связываться с криминалом?.. 2) Чем мог бы помоч киллер, если бы он подстраховался, либо работал не один?.. (а это наверняка так, люди которые занимаются шантажом не настолько глупы чтобы не предусмотреть этот вариант) 3) Посмотрите внимательно его профиль - обыкновенный университетский ботаник - научные статьи RD по полупроводникам и т.п. Indeed, he was totally unprepared for any of that. According to the Maryland complaint, he delegated the transfer of 1 Kg cocaine to the guy who was administering his servers! And then that guy got busted, and made a deal with the FBI. The rest of it was all manipulated by the FBI, total entrapment, in my opinion. 3. Если он такой отмороженный преступник как пишут, то почему удалось получить доступ к серверу, почему он оказался не заминированным, как этого требует сама идеология TOR как военного проекта?.. He's not a criminal! He was just playing at being one ;) He was apparently a fool to give someone he didn't have any reason to trust full access to his servers. He should have hired a professional anonymous administration team, with distributed trust. Tor is, in some sense, a military project. But that's a good thing, in the sense that it's well designed. But no tool, no matter how well designed, is idiot-proof ;) Vladimir -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] New Onions
There's a new wave of services appearing. More blogs/personal, lots of multihoming (incl the EUCOM, CCC, cryptoparties, activist media, ru). Lots of Brazil/Petro/etc. GlobalLeaks. And other interesting services/types to mention later. Also many new addresses appearing, yet their content predates by up to a year and more, ie: dejavu Feb 2012, I have ideas yet no confirm why yet. Lots of identical banners... Tails/Whonix are you shipping some defaults? ie: It works! This is the default web page for this server. The web server software is running but no content has been added, yet. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] problems with TOR and Silk Road
04.10.13, mirimirmiri...@riseup.net написал(а): On 10/03/2013 09:59 PM, Vladimir Teplouhov wrote: 1. Некоторое время назад, я заметил, что TOR слишком долго запускался - до 10-15 минут. При запуске были какие-то ошибки подключения(заблокировали не скомпроментированные узлы через провайдеров?), TOR постоянно просил поставить новую версию(но это не помогало) и т.п. ... When was it that Tor took so long to start? If it was in early September, you were probably seeing the impact of Mevade bots joining я точно не помню, помню что отнес это на счет российских служб и разозлился, но я думаю гораздо раньше, еще с лета... (а если так, то получается, что АНБ фактически админит все российский сети, включая стратегические?..Что не мудрено тк наше ФСБ от безделья уже шьет липовые дела на депутатов и тп...) У меня несколько провайдеров, на 40 мбит канале я мог бы и не заметить разницу, но где-то в середине лета с ним возникли проблемы, а на 64 кбит 3G модеме разница во времени запуска сильно бросается в глаза, фактически невозможно дождаться когда он запускается 10-15 минут, это злит, я помню приходилось его запускать когда уходил и не останавливать сутками... (в принципе если там ведуться логи, я могу поискать на дисках что осталось, но я сильно глубоко не разбирался с устройством TOR тк для патентного поиска и обхода дебильного zapret-info особая анонимность не требовалась... (если напишите точные названия файлов логов и пути, то могу поискать на дисках) 3) Посмотрите внимательно его профиль - обыкновенный университетский ботаник - научные статьи RD по полупроводникам и т.п. Indeed, he was totally unprepared for any of that. According to the Maryland complaint, he delegated the transfer of 1 Kg cocaine to the подумайте сами, у вас есть магазин который приносит миллионы и имеет без риска % от всех сделок(включая и от этого кг героина, если его продадут через SR), зачем владельцу магазина так рисковать и подставляться? (была же еще недавно статья какого-то журналиста про SR, там я так понял у него вообще какая-то параноя на безопасности, и тут вдруг кг героина, пистолеты, киллеры - похоже уровень познания тех кто стряпал это дело ограничивается голивудсткими боевиками, не могли что-нить более правдоподобное придумать ;) ) И _куда_ потом девать кг? Это ведь не доза для личного применения - для продажи такого количества надо уже иметь серьезную не ботаническую сеть распостранителей... (да и зачем работать, если % и так капает? ) В общем это тоже мало похоже на правду. bitcoin придумали какие-то ботаники, да, они придумали как обложить налогом наркоторговцев, но я не думаю что бегать с пистолетами и самим таскать наркотики это их стиль, я думаю что скорее всего никто бы из биткойнеров даже не прикоснулся к наркотикам или оружию, да и зачем, когда % и так идут, без риска... Не тот тип людей просто. He's not a criminal! He was just playing at being one ;) He was apparently a fool to give someone he didn't have any reason to trust full access to his servers. He should have hired a professional anonymous administration team, with distributed trust. Tor is, in some sense, a military project. But that's a good thing, in the sense that it's well designed. But no tool, no matter how well designed, is idiot-proof ;) я думаю что вычислить сервера тора давно не составляло никаких проблем, вроде бы это смогли даже какие-то хакеры без доступа к СОРМ (не знаю как у вас называется американская аналогичная система, кажеться эшелон?), а взлом тора был нужен для сбора данных на клиентов и продавцов SR... (зачем они его закрыли и арестовали владельца если честно не понимаю, наверно данных удалось собрать не так много и пришлось сдавать все что было) Vladimir -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Onions
grarpamp wrote (04 Oct 2013 08:25:51 GMT) : Lots of identical banners... Tails/Whonix are you shipping some defaults? Tails doesn't ship any web server by default. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Onions
On Fri, Oct 04, 2013 at 10:52:53AM +0200, intrigeri wrote: :grarpamp wrote (04 Oct 2013 08:25:51 GMT) : : Lots of identical banners... Tails/Whonix are you shipping some defaults? : :Tails doesn't ship any web server by default. But that does sound like the default Apache banner, especially if the It Works is h1 -Jon -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Onions
On 10/04/2013 10:25 AM, grarpamp wrote: It works! This is the default web page for this server. The web server software is running but no content has been added, yet. Define a bunch -- I've given some basic instructions to several people recently on how to set up a hidden service. It could also be related to the Circumvention Tech Summit, which just wrapped up on Tuesday. ~Griffin -- Cypherpunks write code not flame wars. --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de My posts are my own, not my employer's. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor-talk Digest, Vol 33, Issue 17
My problem is SR did not sell anything,the vedorers did the selling? On Fri, Oct 4, 2013 at 2:37 AM, tor-talk-requ...@lists.torproject.orgwrote: Send tor-talk mailing list submissions to tor-talk@lists.torproject.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk or, via email, send a message with subject or body 'help' to tor-talk-requ...@lists.torproject.org You can reach the person managing the list at tor-talk-ow...@lists.torproject.org When replying, please edit your Subject line so it is more specific than Re: Contents of tor-talk digest... Today's Topics: 1. Re: Silk Road taken down by FBI (mirimir) 2. Re: Silk Road taken down by FBI (Juan Garofalo) 3. Re: Silk Road taken down by FBI (Phil Mocek) 4. Re: Silk Road taken down by FBI (mirimir) 5. Re: Silk Road taken down by FBI (Juan Garofalo) 6. Re: problems with TOR and Silk Road (Vladimir Teplouhov) 7. Re: problems with TOR and Silk Road (mirimir) -- Message: 1 Date: Fri, 04 Oct 2013 03:22:24 + From: mirimir miri...@riseup.net To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Silk Road taken down by FBI Message-ID: 524e3470.1070...@riseup.net Content-Type: text/plain; charset=ISO-8859-1 On 10/04/2013 02:21 AM, Roger Dingledine wrote: On Fri, Oct 04, 2013 at 02:11:26AM +, mirimir wrote: On 10/04/2013 01:54 AM, Juan Garofalo wrote: I'm wondering if I got this right: The NSA is supposed to be concerned only with 'national security' issues and can't spy on 'ordinary Americans'. In practice the NSA spies on everyone paying no attention to 'legal' restraints. If the NSA happens to find the location of, say, a 'criminal' tor hidden service, the NSA will forward the information to the pertinent 'agency', say, the DEA, and the DEA will lie about how they got the information, presenting a 'plausible' alternate explanation. Is that how they basically operate? [snip] Of course, the FBI could be totally lying in the complaint. Can you point to a specific statement in the affidavit that would be a lie if the NSA conspires to tip off FBI theory were true? OK, I just read the Maryland complaint. It's obvious what happened. An FBI undercover agent contacted him, wanting to sell large quantities of cocaine. He found a buyer, and delegated the details to his employee. Said employee had full admin access to his servers. His employee then provided his ACTUAL PHYSICAL ADDRESS to the undercover FBI agent. The FBI mailed 1 Kg (very highly cut) cocaine to said employee, and arrested him on receipt. Said employee soon told the FBI all that he knew. So now the FBI had access to the servers. There's no reason to suspect that they needed to compromise Tor to gain access, or for anything else. There's more drama about the murder for hire stuff, but it's irrelevant. Remember, the job of the guy writing the document is to lay out a set of correct facts which together show clear evidence that he's a criminal. Or to say it differently, it's his job to figure out the right way (including the right order, and the right subset) of presenting his facts so they make his case the best way he can. And he's under no obligation to include all of the facts -- just the ones that make his case most likely to win. I'm not saying that this version of the conspiracy did or didn't happen this way. You're right that look, he screwed up enough different ways, why do you need a more complicated theory? is a convincing argument. But if it *did* happen, there's no reason for them to have to lie -- they could have (should have) just gone and done all the things they say they did, to be able to write a winning case. --Roger -- Message: 2 Date: Fri, 04 Oct 2013 00:50:45 -0300 From: Juan Garofalo juan@gmail.com To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Silk Road taken down by FBI Message-ID: 860ACA42A227315F5D668D6B@F74D39FA044AA309EAEA14B9 Content-Type: text/plain; charset=us-ascii; format=flowed --On Friday, October 04, 2013 2:11 AM + mirimir miri...@riseup.net wrote: On 10/04/2013 01:54 AM, Juan Garofalo wrote: I'm wondering if I got this right: The NSA is supposed to be concerned only with 'national security' issues and can't spy on 'ordinary Americans'. In practice the NSA spies on everyone paying no attention to 'legal' restraints. If the NSA happens to find the location of, say, a 'criminal' tor hidden service, the NSA will forward the information to the pertinent 'agency', say, the DEA, and the DEA will lie about how they got the information, presenting a 'plausible' alternate explanation. Is that how they basically operate? Yes,
[tor-talk] SR take down
SR did not sell anything the vendors did the selling.All he has now is all the COINS -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
On Fri, 2013-10-04 at 03:22 +, mirimir wrote: OK, I just read the Maryland complaint. It's obvious what happened. An FBI undercover agent contacted him, wanting to sell large quantities of cocaine. He found a buyer, and delegated the details to his employee. Said employee had full admin access to his servers. His employee then provided his ACTUAL PHYSICAL ADDRESS to the undercover FBI agent. The FBI mailed 1 Kg (very highly cut) cocaine to said employee, and arrested him on receipt. Said employee soon told the FBI all that he knew. The way I read it, it seemed like the address was for a SR vendor, not for the employee (they use the names VENDOR and EMPLOYEE in the complaint). How did the employee get arrested? -- Sent from Ubuntu signature.asc Description: This is a digitally signed message part -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
NSA Calls TOR the king of high-secure, low-latency internethttp://www.theguardian.com/technology/internet anonymity http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption On Fri, Oct 4, 2013 at 11:01 AM, Ted Smith te...@riseup.net wrote: On Fri, 2013-10-04 at 03:22 +, mirimir wrote: OK, I just read the Maryland complaint. It's obvious what happened. An FBI undercover agent contacted him, wanting to sell large quantities of cocaine. He found a buyer, and delegated the details to his employee. Said employee had full admin access to his servers. His employee then provided his ACTUAL PHYSICAL ADDRESS to the undercover FBI agent. The FBI mailed 1 Kg (very highly cut) cocaine to said employee, and arrested him on receipt. Said employee soon told the FBI all that he knew. The way I read it, it seemed like the address was for a SR vendor, not for the employee (they use the names VENDOR and EMPLOYEE in the complaint). How did the employee get arrested? -- Sent from Ubuntu -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Guardian Tor article
Just to start off the new media frenzy thread. http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document (Did I miss any good links?) Enjoy, --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Onions
grarpamp: Lots of identical banners... Tails/Whonix are you shipping some defaults? ie: Speaking as a maintainer of Whonix, we currently do not ship any webserver by default. In theory, we could also ship just a pre-configured config file with different defaults. We're not doing that either, because it's better not to leak unneeded information, better to not advertise this webserver runs on Whonix - so we're not doing that either. It works! This is the default web page for this server. The web server software is running but no content has been added, yet. Looks like a default file which comes with the stock package. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article
happy to see that they have not cracked TOR encryption and the anonymity of it. We need to focus more on secure browsers and tools that work over TOR since they are relying on browser exploits and hacking services on TOR. I also think more people should consider being an entry and exit node on the TOR network, we dont want the NSA getting the majority of TOR nodes, if they do they can deanonymize it further. Thanks for the share. On Fri, Oct 4, 2013 at 11:38 AM, Roger Dingledine a...@mit.edu wrote: Just to start off the new media frenzy thread. http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document (Did I miss any good links?) Enjoy, --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rejo Zenger: ++ 03/10/13 13:49 -0400 - Ahmed Hassan: One question is still remain unanswered. How did they locate Silkroad server before locating him? They had full image of the server before his arrest. Where have you read this or deducted this from? It has been reported in several places online. Here's one[1]: In July 2013, a forensic analysis of the hard drives used to run one of the Silk Road servers revealed a PHP script based on curl that contained code that was identical to that included in the Stack Overflow discussion, the complaint alleged. (It appears they were able to find the server and have it imaged well ahead of the arrest, and this is described in the court documents.) 1. http://arstechnica.com/security/2013/10/silk-road-mastermind-unmasked-by-rookie-goofs-complaint-alleges/ Best, - -Gordon M. -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJSTuQvAAoJED/jpRoe7/ujIHIH/3F94LZ6dhvW+JIGpwmMuNp4 U9jxjQrROpWy4+kis1kLwVgiPDxqIKoZyoYpsR58SV8Y4U+vxsN/LvkHHRX6XOMZ I9Po7ol+qblvUpCqR1sSl7OYsPIpGu8LBs9PAle576qSB9P7FygLpeLmQ2r2BWd0 s/0k0oFN2E3gXVchtxv2etYsMM4873lumS9zHlbEQLMOBPkitPoupWPfYkuHahDb r6KJhwVFod9AishRtMUl3K19yhetiZbgrntTvDaLE84RLOgMrJmApqR/wj2xSFTI YHnZaKtOkz+u4MAu4Nrd4JXjluXCaA44jeSbCaa09uqmSt3JqPFXZ8KaK8F87iM= =61NQ -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Remation -- joint GCHQ/NSA meeting on Tor
There's been a really interesting document to come out of the Guardian todhttp://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-documenay: http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document Interestingly: - NSA/GCHQ was fingerprinting using Flash - They were wondering whether to flood the network with slow connections in order to discourage users - Cookie leakage - Timing attacks - Supposed bug in TorButton mid last year There are some questions in my mind as to the legitimacy of this document -- particularly given that a slide is marked 2007, but references 2012. (In particular, neither Torservers nor TorButton existed in 2007). Thoughts? ~Griffin -- Cypherpunks write code not flame wars. --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de My posts are my own, not my employer's. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article
On Fri, Oct 04, 2013 at 11:38:10AM -0400, Roger Dingledine wrote: (Did I miss any good links?) Ah, yes I did: http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
On Fri, Oct 04, 2013 at 08:57:04AM -0700, Gordon Morehouse wrote: I *think* people are mistaking VPN for VPS here - I can't find the source, but there was some well distributed speculation that the FBI was easily able to obtain a server image without disrupting the site itself by having a VPS provider (in a country with Mutual Treaty Assistance or some phrase like that) image it hot. The SOP for physical servers with RAID1 is pull one drive, which contains a perfect mirror copy up to the point of the drive having been pulled. Most operators do not notice, and if they do, it will be chalked up to a faulted drive. signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article
Does NSA attack as much Tor users as they can or only targeted attacks? Are there statements/evidence for the former? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Roger Dingledine: To be more concrete, their job here is to link the guy to the website. So if they had a pretty good idea of who the guy was, but not enough evidence to bust him, it makes sense to me that they would go find one of the servers, collect all the evidence they can from it, and hope to find something specific that points back at the guy. And who knows, maybe they did that several times before they found something they liked enough to build a case from it. Bingo[1]. The clues didn't stop there. In early March 2012 someone created an account on StackOverflow with the username Ross Ulbricht and the rossulbri...@gmail.com address, the criminal complaint alleged. On March 16 at 8:39 in the morning, the account was used to post a message titled How can I connect to a Tor hidden service using curl in php? Less than one minute later, the account was updated to change the user name from Ross Ulbricht to frosty. Several weeks later, the account was again updated, this time to replace the Ulbricht gmail address with fro...@frosty.com. In July 2013, a forensic analysis of the hard drives used to run one of the Silk Road servers revealed a PHP script based on curl that contained code that was identical to that included in the Stack Overflow discussion, the complaint alleged. We also knew that he was sold out by his VPN provider. Hopefully, the identity of that VPN provider will come out soon. Why? So everybody can abandon that VPN and move to a different one that also responds to subpoenas but hasn't been written about in a high-profile court case yet? :) I *think* people are mistaking VPN for VPS here - I can't find the source, but there was some well distributed speculation that the FBI was easily able to obtain a server image without disrupting the site itself by having a VPS provider (in a country with Mutual Treaty Assistance or some phrase like that) image it hot. 1. http://arstechnica.com/security/2013/10/silk-road-mastermind-unmasked-by-rookie-goofs-complaint-alleges/ Best, - -Gordon M. -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJSTuVMAAoJED/jpRoe7/uj9Z0H/1iEdtvsHHKppd5T0mt3I+Ly B8TWt7wepOxkFnAvNfwpjDf+au/+/5ToTDyObvblMC1/gLChvyhPfpintcSa/cF6 nnT1GbRrK/MptTgbN4b7tGnU6IrpTHEYDvpxDQA7J3pN28peja4Z+0zFEoS1vHjr pwu5ksB7yCbfqf7TIsh2CXyI0CTbaQ/sKt9zFEN9Y/wFIq5F4ygsOP54pou4Akan rZxt0/A6HGV5QYAMaNj8xPEK31AqYY4Fh24lk22IBysO2KBAM40IelcpApZjcuvQ VDdz6wNoGKk2VbQwtFh6eXoFqmlESCf6nx3AX4RPI04z+fA9XrYDsNSgUSq0dVQ= =LdAY -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
That's what I thought; if the FBI is guilty of selling the cocaine, then they got away with it? They're using DPR's employee to initiate drug exchange. 1) DPR is not a drug facilitator. He merely host the website for people to use it. 2) Host wasn't located in the US; therefore US has no jurisdiction over it; they're not the world police that they're trying so hard to achieve with that so called treaties. 3) Yes, DPR may have leaked his email and other identities. However, using a static IP address is one big rookie fuck-up. However, how did FBI managed to link DPR to SR? I bet it was from his employee. Also, how did FBI managed to snag one of his employees? That's my question. If I were to host a site like SR; I would do it on my own. Trust no one. If you need to hire someone, get it from a reliable source and must not know each other - a stranger. Of course, any secret agent could be a stranger for all we know. It wouldn't matter because the administrator wouldn't leak his identity. USE BITCOINS AT ALL TIME FOR ANONYMOUS PAYMENT! Use cash or moneypak to get bitcoins. Never use Western Union, PayPal, or any other sites that would reveal your ID to the LE. Use bitmessages for secure communication - it's not in a perfect stage, but it's way better than gmail in terms of security. As for VPN, I know several VPN doesn't keep logs at all regardless if they were subpoenaed or not. And of course, IP is not always static which is a good thing. And most of the virtual server is located outside of US. When paying for service, they only accept bitcoin that couldn't be traced back to me which is a good thing. Of course, USE FAKE EMAIL, and use a different username. PGP is grievously important! As long your message is encrypted with 1024 bit then you're secured! Use 20-50 length, randomly generated password. Lastly, do not involve business-sense to the public that would lead to SR. There's nothing to brag about except prison. Covert behavior is the best form of evasion you could ever get. The downside is that NO ONE KNOWS WHO YOU ARE. And you're not popular except your well known aliases. That's the beauty of operating underground. Mr. Ulrich is one big rookie fuck-up and he's paying for it. I am sure he will get a good lawyer, no.. wait, he got a public defender? Yeah, even if he has tons of money in his bitcoin account, he would retire by the time he's done with prison, outside of the USA. Oh yeah, count on that. Cheers. On Fri, Oct 4, 2013 at 11:01 AM, Ted Smith te...@riseup.net wrote: On Fri, 2013-10-04 at 03:22 +, mirimir wrote: OK, I just read the Maryland complaint. It's obvious what happened. An FBI undercover agent contacted him, wanting to sell large quantities of cocaine. He found a buyer, and delegated the details to his employee. Said employee had full admin access to his servers. His employee then provided his ACTUAL PHYSICAL ADDRESS to the undercover FBI agent. The FBI mailed 1 Kg (very highly cut) cocaine to said employee, and arrested him on receipt. Said employee soon told the FBI all that he knew. The way I read it, it seemed like the address was for a SR vendor, not for the employee (they use the names VENDOR and EMPLOYEE in the complaint). How did the employee get arrested? -- Sent from Ubuntu -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Juan Garofalo: I'm wondering if I got this right: The NSA is supposed to be concerned only with 'national security' issues and can't spy on 'ordinary Americans'. In practice the NSA spies on everyone paying no attention to 'legal' restraints. If the NSA happens to find the location of, say, a 'criminal' tor hidden service, the NSA will forward the information to the pertinent 'agency', say, the DEA, and the DEA will lie about how they got the information, presenting a 'plausible' alternate explanation. Is that how they basically operate? Yes. As the NSA scoops up phone records and other forms of electronic evidence while investigating national security and terrorism leads, they turn over tips to a division of the Drug Enforcement Agency (DEA) known as the Special Operations Division (SOD). FISA surveillance was originally supposed to be used only in certain specific, authorized national security investigations, but information sharing rules implemented after 9/11 allows the NSA to hand over information to traditional domestic law-enforcement agencies, without any connection to terrorism or national security investigations. But instead of being truthful with criminal defendants, judges, and even prosecutors about where the information came from, DEA agents are reportedly obscuring the source of these tips. For example, a law enforcement agent could receive a tip from SOD?which SOD, in turn, got from the NSA?to look for a specific car at a certain place. But instead of relying solely on that tip, the agent would be instructed to find his or her own reason to stop and search the car. Agents are directed to keep SOD under wraps and not mention it in investigative reports, affidavits, discussions with prosecutors and courtroom testimony, according to Reuters. [1] And: U.S. directs agents to cover up program used to investigate Americans (Reuters) - A secretive U.S. Drug Enforcement Administration unit is funneling information from intelligence intercepts, wiretaps, informants and a massive database of telephone records to authorities across the nation to help them launch criminal investigations of Americans. [...] But two senior DEA officials defended the program, and said trying to recreate an investigative trail is not only legal but a technique that is used almost daily. A former federal agent in the northeastern United States who received such tips from SOD described the process. You'd be told only, ?Be at a certain truck stop at a certain time and look for a certain vehicle.' And so we'd alert the state police to find an excuse to stop that vehicle, and then have a drug dog search it, the agent said. PARALLEL CONSTRUCTION After an arrest was made, agents then pretended that their investigation began with the traffic stop, not with the SOD tip, the former agent said. The training document reviewed by Reuters refers to this process as parallel construction. [2] 1. https://www.eff.org/deeplinks/2013/08/dea-and-nsa-team-intelligence-laundering 2. http://www.reuters.com/article/2013/08/05/us-dea-sod-idUSBRE97409R20130805 Best, - -Gordon M. -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJSTubUAAoJED/jpRoe7/ujXkAIALjxAa9lTZJoqRuPBDAvR0Xu cj2eIUYQRVAOcp6zE/FOivv9F0GH4+vmYqz1JDmYN1cvVGjCS0XpGxPzcQ4rSYLp aIijgEA/49KrpahczVNv5W8wvurGjbjvkp0hdFLnWQjIlBVzjnj3DnqnIyhgsuQU Wi8Ad9vTFI6aVXatNIRRzWU+n4vkV0h8QLNpFwC92um9TjDZXkdyvaUxZr08wBMO ZXy81ecvzaFz7huzvdJ7RbPLcytczekVOUXgMRnpk6BqXy8RhAZK4MS4yuKCZA/8 EdQPnFEVVLmNVammvjt2d/rvtYoutGZZVRzQj0ucuZf9cYbskvxgQ9CypY2ftRU= =p6Bp -END PGP SIGNATURE- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] suppression of Guardian story on Tor in Snowden disclosures / FLYING PIG, others?
On Thu, Oct 3, 2013 at 5:59 AM, coderman coder...@gmail.com wrote: ... if this story truly is suppressed / killed, [what if] because the story included detailed technical aspects of how Tor is monitored[0] in the context of international counter-terrorism and other data sharing? not quite how it turned out; see http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document Tor Stinks means you're doing it right; good job Tor devs :) two interesting parts: - GCHQ runs Tor nodes under NEWTONS CRADLE. do they run fast exits too? (some or all of this capacity in Amazon AWS?) - an entire category of feeling lucky collection where Dumb Users (EPICFAIL) cross the streams... best regards, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article
i would imagine that the NSA and GCHQ would try and hack and access as many High bandwidth entry and exit nodes as possible, if unable to hack im sure they would monitor the connection from the ISP. In the case of tormail they were trying to get anyone and everyone's ip address, im sure every ip address gathered from that site is monitored and kept an eye on. Sure they have a few targeted only attacks but in general they need to deanonymize a large portion of the network so they can pinpoint their attack on a specific target. I think anyone who uses Tor is a target, I prefer to use it over vpn to my tor usage is not pointed back to my ISP. Also those whom used Tor on their router or a VPN on their router wouldnt be effected by a browser exploit identifying their real ip unless it used CSS to login to your router and pull your ISP ip, but thats what logins and passwords are for. On Fri, Oct 4, 2013 at 12:02 PM, adrelanos adrela...@riseup.net wrote: Does NSA attack as much Tor users as they can or only targeted attacks? Are there statements/evidence for the former? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article
On Fri, 2013-10-04 at 11:38 -0400, Roger Dingledine wrote: http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document Since it hasn't been quoted on-list yet, page two: TOR STINKS * We will never be able to de-anonymize all Tor users all the time. * With manual analysis we can de-anonymize a **_very small fraction_** of Tor users, however, **_no_** success de-anonymizing a user in response to a TOPI request/on demand. * [redacted block of text, because the Guardian cares more about safeguarding Obama's ability to kill people than it does about the freedom of humanity.] Of course, this is also from 2007. It's been a long time since then. Congrats, torproject :-D -- Sent from Ubuntu signature.asc Description: This is a digitally signed message part -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article - better endpoint and application security
On Fri, Oct 4, 2013 at 8:44 AM, defcon defcon...@gmail.com wrote: ... We need to focus more on secure browsers and tools that work over TOR since they are relying on browser exploits and hacking services on TOR. p7 Tor Project and friends Recent Activity http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity Tails: ... Adds Severe CNE misery to the equation ... good news everybody; defense is depth is effective and practical! this has been a subject of discussion on the Qubes devel list as well, in the content of Whonix, Tails and other Tor packagings. http://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html https://www.whonix.org/wiki/Comparison_with_Others qubes devel threads of interest: Qubes + Whonix https://groups.google.com/forum/#!topic/qubes-devel/2vnGqsoM9p0 QuebesOS - Secure Against Spying? https://groups.google.com/forum/#!topic/qubes-devel/UfmWWiq9-_U Disposable VM versus local forensics? https://groups.google.com/forum/#!topic/qubes-devel/QwL5PjqPs-4 best regards, -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Onions
Where can we see new services? On Fri, Oct 4, 2013 at 4:25 AM, grarpamp grarp...@gmail.com wrote: There's a new wave of services appearing. More blogs/personal, lots of multihoming (incl the EUCOM, CCC, cryptoparties, activist media, ru). Lots of Brazil/Petro/etc. GlobalLeaks. And other interesting services/types to mention later. Also many new addresses appearing, yet their content predates by up to a year and more, ie: dejavu Feb 2012, I have ideas yet no confirm why yet. Lots of identical banners... Tails/Whonix are you shipping some defaults? ie: It works! This is the default web page for this server. The web server software is running but no content has been added, yet. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
Why use VPN at all? Isnt VPN some strange problem? So strange: people keep using the VPN service, but i guess Tor does it better? -- Jerzy Łogiewa -- jerz...@interia.eu On Oct 4, 2013, at 6:09 PM, shadowOps07 wrote: As for VPN, I know several VPN doesn't keep logs at all regardless if they were subpoenaed or not. And of course, IP is not always static which is a good thing. And most of the virtual server is located outside of US. When paying for service, they only accept bitcoin that couldn't be traced back to me which is a good thing. Of course, USE FAKE EMAIL, and use a different username. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Remation -- joint GCHQ/NSA meeting on Tor
same info with slides: http://rt.com/usa/nsa-target-tor-network-739/ signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
Not necessarily, as long VPN provider doesn't keep logs of your traffic. Like for instance, Phantom Peer works wonderfully since you can use bitcoin for their service. Create a different username that's wouldn't link back to you. :) Original Message From: Jerzy Łogiewa To: tor-talk@lists.torproject.org Sent: Fri, Oct 4, 2013, 11:26 AM Subject: Re: [tor-talk] Silk Road taken down by FBI Why use VPN at all? Isnt VPN some strange problem? So strange: people keep using the VPN service, but i guess Tor does it better? -- Jerzy Łogiewa -- jerz...@interia.eu (mailto:jerz...@interia.eu) On Oct 4, 2013, at 6:09 PM, shadowOps07 wrote: As for VPN, I know several VPN doesn't keep logs at all regardless if they were subpoenaed or not. And of course, IP is not always static which is a good thing. And most of the virtual server is located outside of US. When paying for service, they only accept bitcoin that couldn't be traced back to me which is a good thing. Of course, USE FAKE EMAIL, and use a different username. -- tor-talk mailing list - tor-talk@lists.torproject.org (mailto:tor-talk@lists.torproject.org) To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk (https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
Stack Overflow, ah the code forum on the website. Ok. I see. Original Message From: Jerzy Łogiewa To: tor-talk@lists.torproject.org Sent: Fri, Oct 4, 2013, 11:26 AM Subject: Re: [tor-talk] Silk Road taken down by FBI So now we know Stack Overflow works with police. -- Jerzy Łogiewa -- jerz...@interia.eu (mailto:jerz...@interia.eu) On Oct 4, 2013, at 5:57 PM, Gordon Morehouse wrote: The clues didn't stop there. In early March 2012 someone created an account on StackOverflow with the username Ross Ulbricht and the rossulbri...@gmail.com (mailto:rossulbri...@gmail.com) address, the criminal complaint alleged. On March 16 at 8:39 in the morning, the account was used to post a message titled How can I connect to a Tor hidden service using curl in php? Less than one minute later, the account was updated to change the user name from Ross Ulbricht to frosty. Several weeks later, the account was again updated, this time to replace the Ulbricht gmail address with fro...@frosty.com (mailto:fro...@frosty.com). In July 2013, a forensic analysis of the hard drives used to run one of the Silk Road servers revealed a PHP script based on curl that contained code that was identical to that included in the Stack Overflow discussion, the complaint alleged. -- tor-talk mailing list - tor-talk@lists.torproject.org (mailto:tor-talk@lists.torproject.org) To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk (https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
could you not use top posting? Makes things difficult to read.[1] [1] http://www.idallen.com/topposting.html Peace; Fynn. -- Even a stopped clock is right twice a day -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
Juan Garofalo: So that the company can be blacklisted as clowns who cooperate with the US government, unlike a few principled individuals out there? if you trust a vpn, what does that say about you? outting vpns for being put into the situation of either complying with the law or facing criminal sanctions themselves is counter productive. if one is truly concerned about their anonymity, they shouldn't use a vpn. this is just another example of why. - VFEmail.net - http://www.vfemail.net $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
Pretty much.. US is desperate for world control. BEYOND DESPERATION! US is SO hell-bent on a conquest to control the world through deceptions, treaties, and sanctions. Original Message From: Tempest To: tor-talk@lists.torproject.org Sent: Fri, Oct 4, 2013, 12:56 PM Subject: Re: [tor-talk] Silk Road taken down by FBI Juan Garofalo: So that the company can be blacklisted as clowns who cooperate with the US government, unlike a few principled individuals out there? if you trust a vpn, what does that say about you? outting vpns for being put into the situation of either complying with the law or facing criminal sanctions themselves is counter productive. if one is truly concerned about their anonymity, they shouldn't use a vpn. this is just another example of why. - VFEmail.net - http://www.vfemail.net (http://www.vfemail.net) $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- tor-talk mailing list - tor-talk@lists.torproject.org (mailto:tor-talk@lists.torproject.org) To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk (https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
Talk to the people who write mobile email clients. — http://makehacklearn.org On Fri, Oct 4, 2013 at 11:26 AM, Enrique Fynn enriquef...@gmail.com wrote: could you not use top posting? Makes things difficult to read.[1] [1] http://www.idallen.com/topposting.html Peace; Fynn. -- Even a stopped clock is right twice a day -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Onions
Ok, thanks tails/whonix. I saw at least 35 or so, some H1, some nginx and so on... I don't really look beyond trends. That one stuck out. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
--On Friday, October 04, 2013 6:41 PM + Tempest temp...@tushmail.com wrote: Juan Garofalo: So that the company can be blacklisted as clowns who cooperate with the US government, unlike a few principled individuals out there? if you trust a vpn, what does that say about you? outting vpns for being put into the situation of either complying with the law or facing criminal sanctions themselves is counter productive. ` Counter productive to what end? if one is truly concerned about their anonymity, they shouldn't use a vpn. this is just another example of why. If one is truly concerned about their anonimity, then one deals with the source of the problem : government, instead of wasting time with technological patches that won't work in the long run. - VFEmail.net - http://www.vfemail.net $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article
Some have said... this [Snowden meta arena] has been a subject of discussion on the [various] lists as well Congrats, torproject :-D Tor Stinks means you're doing it right; good job Tor devs :) good news everybody; defense in depth is effective and practical! Yes, fine work all hands, everyone have a round at their favorite pub/equivalent tonight. Of course, this is also from 2007. It's been a long time since then. Yet whether from 2007 or last week... when Monday rolls around, we must channel all this joy and get back to work. For the risks and attackers that we all face are real, motivated, well funded, and do not play fair by any set of rules. They do not stop and neither can we. Wins that do not result in elimination from the game are but temporary gains. We must always be better... train, practice, discipline, and enter ourselves into every race... leaving only a continuous cloud of dust behind for our adversaries to choke on. Till Monday, I got this round :) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Onions
re CircTech: onionland has publish and index lag so this crop [of default pages] is likely not attributable to any training event over the last week or two. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
On 10/04/2013 06:41 PM, Tempest wrote: Juan Garofalo: So that the company can be blacklisted as clowns who cooperate with the US government, unlike a few principled individuals out there? if you trust a vpn, what does that say about you? outting vpns for being put into the situation of either complying with the law or facing criminal sanctions themselves is counter productive. if one is truly concerned about their anonymity, they shouldn't use a vpn. this is just another example of why. With proper design and planning, VPN services can operate with no logging, using diskless machines as openvpn servers, with user account details coming from Tor hidden services. If the openvpn servers are impounded, there is no information on them, except for a few bits in memory. After the dust settles, operators can open again somewhere else. See? - VFEmail.net - http://www.vfemail.net $24.95 ONETIME Lifetime accounts with Privacy Features! 15GB disk! No bandwidth quotas! Commercial and Bulk Mail Options! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] BBG and Tor funding
See http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption Note the new addition at the end of this article, presumably added at the request of BBG • This article was amended on 4 October after the Broadcasting Board of Governors pointed out that its support of Tor ended in October 2012. So. How does this square with BBG's alleged support for financing new fast exit relays? https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html Best Mick - Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net - signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] BBG and Tor funding
The thread referenced appears to suggest it's the Wau Holland Foundation.. See http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption Note the new addition at the end of this article, presumably added at the request of BBG ⢠This article was amended on 4 October after the Broadcasting Board of Governors pointed out that its support of Tor ended in October 2012. So. How does this square with BBG's alleged support for financing new fast exit relays? https://lists.torproject.org/pipermail/tor-relays/2013-September/002824.html Best Mick - Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net - -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] best distro to use Tor
Hi, I've been using Tor in Windows for a while now, mostly for practical reasons I couldn't change the OS, but I'm thinking now it's time to change to Linux, and I'm a little lost in what particular distro I should use: * Heard a lot about Talis, but I can't use a live cd for my day to day work * I think Whoinx in a VM could do the work * Is Ubuntu a good option as a guest (and maybe use here the TBB from time to time)? So far is the only Linux distro that I've used Thanks in advance, Gerardo -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Deterministic Builds Part Two: Technical Details
Mike Perry has just posted the second half of his reproducible builds effort: Deterministic Builds Part Two: Technical Details - This is the second post in a two-part series on the build security improvements in the Tor Browser Bundle 3.0 release cycle. https://blog.torproject.org/blog/deterministic-builds-part-two-technical-details -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
mirimir: On 10/04/2013 06:41 PM, Tempest wrote: Juan Garofalo: So that the company can be blacklisted as clowns who cooperate with the US government, unlike a few principled individuals out there? if you trust a vpn, what does that say about you? outting vpns for being put into the situation of either complying with the law or facing criminal sanctions themselves is counter productive. if one is truly concerned about their anonymity, they shouldn't use a vpn. this is just another example of why. With proper design and planning, VPN services can operate with no logging, using diskless machines as openvpn servers, with user account details coming from Tor hidden services. If the openvpn servers are impounded, there is no information on them, except for a few bits in memory. After the dust settles, operators can open again somewhere else. See? And in which data center they can host their VPN service? One not compromised by NSA? Self-hosting? What would that cost? Are there such VPN services in reality? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Remation -- joint GCHQ/NSA meeting on Tor
On Fri, Oct 04, 2013 at 05:43:32PM +0200, Griffin Boyce wrote: There's been a really interesting document to come out of the Guardian todhttp://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-documenay: http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document Interestingly: - NSA/GCHQ was fingerprinting using Flash - They were wondering whether to flood the network with slow connections in order to discourage users - Cookie leakage - Timing attacks - Supposed bug in TorButton mid last year There are some questions in my mind as to the legitimacy of this document -- particularly given that a slide is marked 2007, but references 2012. (In particular, neither Torservers nor TorButton existed in 2007). Thoughts? I think flood the network with slow connections is a mis-read; they seemed to be speaking of slow nodes that falsely advertise high bandwidth, an attack which won't work since we now cap unmeasured bandwidths to 20 kbit/sec IIRC. Their evident interest in this sort of thing suggests we should examine the bwauth system more closely to be sure the node can't distinguish a bwauth measurement from other connections, though - otherwise they could still manipulate the path selection weights like that. -- Andrea Shepard and...@torproject.org PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF DE79 A4FF BC34 F01D D536 PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 pgpthIW0bM9Gh.pgp Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] best distro to use Tor
On 13-10-04 09:01 PM, adrelanos wrote: * Is Ubuntu a good option as a guest (and maybe use here the TBB from time to time)? So far is the only Linux distro that I've used Ditch Ubuntu: https://www.eff.org/deeplinks/2012/10/privacy-ubuntu-1210-amazon-ads-and-data-leaks Those problems are in the bloated default desktop called Unity or ONE, perhaps meant as Canonical's answer to Windows 8. There are plenty other desktop interfaces to use: lxde, flux, cinnamon, xfce, ratpoison, ... -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
On 10/04/2013 11:44 PM, adrelanos wrote: mirimir: On 10/04/2013 06:41 PM, Tempest wrote: Juan Garofalo: So that the company can be blacklisted as clowns who cooperate with the US government, unlike a few principled individuals out there? if you trust a vpn, what does that say about you? outting vpns for being put into the situation of either complying with the law or facing criminal sanctions themselves is counter productive. if one is truly concerned about their anonymity, they shouldn't use a vpn. this is just another example of why. With proper design and planning, VPN services can operate with no logging, using diskless machines as openvpn servers, with user account details coming from Tor hidden services. If the openvpn servers are impounded, there is no information on them, except for a few bits in memory. After the dust settles, operators can open again somewhere else. See? And in which data center they can host their VPN service? One not compromised by NSA? Self-hosting? What would that cost? Are there such VPN services in reality? That I don't know, having never operated a VPN service. LeaseWeb in Netherlands seems popular. Also CyberBunker. Other possibilities are providers that also allow Tor exit relays. But it's best to run your own data centers. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article
NSA mainly attack TOR user (not TOR itself) by exploiting vulnerabilities in Firefox. Should devs consider to replace the browser in TOR bundle with other browsers (such as chromium)? On Fri, Oct 4, 2013 at 7:56 PM, grarpamp grarp...@gmail.com wrote: Some have said... this [Snowden meta arena] has been a subject of discussion on the [various] lists as well Congrats, torproject :-D Tor Stinks means you're doing it right; good job Tor devs :) good news everybody; defense in depth is effective and practical! Yes, fine work all hands, everyone have a round at their favorite pub/equivalent tonight. Of course, this is also from 2007. It's been a long time since then. Yet whether from 2007 or last week... when Monday rolls around, we must channel all this joy and get back to work. For the risks and attackers that we all face are real, motivated, well funded, and do not play fair by any set of rules. They do not stop and neither can we. Wins that do not result in elimination from the game are but temporary gains. We must always be better... train, practice, discipline, and enter ourselves into every race... leaving only a continuous cloud of dust behind for our adversaries to choke on. Till Monday, I got this round :) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Silk Road taken down by FBI
On 10/04/2013 03:01 PM, Ted Smith wrote: On Fri, 2013-10-04 at 03:22 +, mirimir wrote: OK, I just read the Maryland complaint. It's obvious what happened. An FBI undercover agent contacted him, wanting to sell large quantities of cocaine. He found a buyer, and delegated the details to his employee. Said employee had full admin access to his servers. His employee then provided his ACTUAL PHYSICAL ADDRESS to the undercover FBI agent. The FBI mailed 1 Kg (very highly cut) cocaine to said employee, and arrested him on receipt. Said employee soon told the FBI all that he knew. The way I read it, it seemed like the address was for a SR vendor, not for the employee (they use the names VENDOR and EMPLOYEE in the complaint). We're both right. I just reread pp. 4-5 of the Maryland complaint. It says: The Vendor provided the UC with an address to which to ship the cocaine, an address which federal agents later determined was the residence of the Employee. So it seems that Employee was pretending to be the Vendor. Or maybe they lived together. Strange. How did the employee get arrested? The UC had a shipping address for the Vendor. So the FBI was at that address when the cocaine was delivered. And so they arrested the Employee (and maybe also the Vendor, if different person). -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Relay bandwidth limitation
Hello my boss for my company I work for now is concerned about the snowmen and what relevation he is going to run a tor relay but he wants to be able to limit the amount of bandwidth that is used in order not to impact network performance how and what would I put in the line Sam 5097240098 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Guardian Tor article
Moses: NSA mainly attack TOR user (not TOR itself) by exploiting vulnerabilities in Firefox. Should devs consider to replace the browser in TOR bundle with other browsers (such as chromium)? What about Robert Hogan's torora browser for use with Tor (https://code.google.com/p/torora/)? I recall Tor people wanted to help him, or help with funding, or something, and Robert declined. Anyone have word about its current state? Looks like it was last worked on in 2009? On Fri, Oct 4, 2013 at 7:56 PM, grarpamp grarp...@gmail.com wrote: Some have said... this [Snowden meta arena] has been a subject of discussion on the [various] lists as well Congrats, torproject :-D Tor Stinks means you're doing it right; good job Tor devs :) good news everybody; defense in depth is effective and practical! Yes, fine work all hands, everyone have a round at their favorite pub/equivalent tonight. Of course, this is also from 2007. It's been a long time since then. Yet whether from 2007 or last week... when Monday rolls around, we must channel all this joy and get back to work. For the risks and attackers that we all face are real, motivated, well funded, and do not play fair by any set of rules. They do not stop and neither can we. Wins that do not result in elimination from the game are but temporary gains. We must always be better... train, practice, discipline, and enter ourselves into every race... leaving only a continuous cloud of dust behind for our adversaries to choke on. Till Monday, I got this round :) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] problems with TOR and Silk Road
On 10/04/2013 08:40 AM, Vladimir Teplouhov wrote: 04.10.13, mirimirmiri...@riseup.net написал(а): On 10/03/2013 09:59 PM, Vladimir Teplouhov wrote: 1. Некоторое время назад, я заметил, что TOR слишком долго запускался - до 10-15 минут. При запуске были какие-то ошибки подключения(заблокировали не скомпроментированные узлы через провайдеров?), TOR постоянно просил поставить новую версию(но это не помогало) и т.п. ... When was it that Tor took so long to start? If it was in early September, you were probably seeing the impact of Mevade bots joining я точно не помню, помню что отнес это на счет российских служб и разозлился, но я думаю гораздо раньше, еще с лета... (а если так, то получается, что АНБ фактически админит все российский сети, включая стратегические?..Что не мудрено тк наше ФСБ от безделья уже шьет липовые дела на депутатов и тп...) У меня несколько провайдеров, на 40 мбит канале я мог бы и не заметить разницу, но где-то в середине лета с ним возникли проблемы, а на 64 кбит 3G модеме разница во времени запуска сильно бросается в глаза, фактически невозможно дождаться когда он запускается 10-15 минут, это злит, я помню приходилось его запускать когда уходил и не останавливать сутками... (в принципе если там ведуться логи, я могу поискать на дисках что осталось, но я сильно глубоко не разбирался с устройством TOR тк для патентного поиска и обхода дебильного zapret-info особая анонимность не требовалась... (если напишите точные названия файлов логов и пути, то могу поискать на дисках) I don't remember anything unusual around Tor from last summer. And I was using it quite a bit. Freedom Hosting went down in July, but I don't recall that there were general problems in the Tor network. Looking at https://metrics.torproject.org/performance.html?graph=torperf-failuresstart=2012-01-01end=2013-10-05source=allfilesize=50kb#torperf-failures I see that download failures were unusually high during December 2012 through February 2013. Maybe someone else remembers. 3) Посмотрите внимательно его профиль - обыкновенный университетский ботаник - научные статьи RD по полупроводникам и т.п. Indeed, he was totally unprepared for any of that. According to the Maryland complaint, he delegated the transfer of 1 Kg cocaine to the подумайте сами, у вас есть магазин который приносит миллионы и имеет без риска % от всех сделок(включая и от этого кг героина, если его продадут через SR), зачем владельцу магазина так рисковать и подставляться? (была же еще недавно статья какого-то журналиста про SR, там я так понял у него вообще какая-то параноя на безопасности, и тут вдруг кг героина, пистолеты, киллеры - похоже уровень познания тех кто стряпал это дело ограничивается голивудсткими боевиками, не могли что-нить более правдоподобное придумать ;) ) И _куда_ потом девать кг? Это ведь не доза для личного применения - для продажи такого количества надо уже иметь серьезную не ботаническую сеть распостранителей... (да и зачем работать, если % и так капает? ) В общем это тоже мало похоже на правду. bitcoin придумали какие-то ботаники, да, они придумали как обложить налогом наркоторговцев, но я не думаю что бегать с пистолетами и самим таскать наркотики это их стиль, я думаю что скорее всего никто бы из биткойнеров даже не прикоснулся к наркотикам или оружию, да и зачем, когда % и так идут, без риска... Не тот тип людей просто. It was greed, I think. As I read the New York indictment, it was the FBI undercover agent that convinced him to handle large drug sales. The reward was even more money. I think that it was entrapment, for whatever that's worth. He was just a kid. Kids do dumb things. Maybe he listened to too much gangsta rap, or maybe acid crunk ;) Snitches get stitches, as they say http://www.urbandictionary.com/define.php?term=Snitches%20Get%20Stitches. He's not a criminal! He was just playing at being one ;) He was apparently a fool to give someone he didn't have any reason to trust full access to his servers. He should have hired a professional anonymous administration team, with distributed trust. Tor is, in some sense, a military project. But that's a good thing, in the sense that it's well designed. But no tool, no matter how well designed, is idiot-proof ;) я думаю что вычислить сервера тора давно не составляло никаких проблем, вроде бы это смогли даже какие-то хакеры без доступа к СОРМ (не знаю как у вас называется американская аналогичная система, кажеться эшелон?), а взлом тора был нужен для сбора данных на клиентов и продавцов SR... (зачем они его закрыли и арестовали владельца если честно не понимаю, наверно данных удалось собрать не так много и пришлось сдавать все что было) The US NSA has many capabilities analogous to СОРМ. I haven't seen anything yet specifically about information about SR being passed from NSA to FBI. But we do know about the US DEA Special Operations Division (SOD) that received
Re: [tor-talk] Guardian Tor article
What makes you think that Chromium would be more secure? — http://makehacklearn.org On Fri, Oct 4, 2013 at 7:11 PM, Moses moses.ma...@gmail.com=mailto:moses.ma...@gmail.com; wrote: NSA mainly attack TOR user (not TOR itself) by exploiting vulnerabilities in Firefox. Should devs consider to replace the browser in TOR bundle with other browsers (such as chromium)? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk