Re: [tor-talk] Terminology: Deep v Dark Web
-- more like on the order of 1000 hidden services, many of which aren't I'll try to post a current datapoint on this later. No real news though. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB 3.5 starts w/ size buttons hidden
On Sat, 2014-01-25 at 21:37 -0600, Joe Btfsplk wrote: On 1/25/2014 9:22 PM, Nils Kunze wrote: You can use the windows key + an arrow key to resize and move windows. So for example win + left arrow to make the window take over the left half of the screen. With that you should be able to put it in the position you like anytime. Thank you. However, is anyone else having that problem? This is something I haven't seen in any apps for a long time. Firefox remembers the last window size when it was closed. TBB 3.5 doesn't seem to, nor where it was positioned. The size of your window can leak information that reduces your anonymity, at least if Javascript is enabled (maybe even if it's disabled?). I suspect that TBB has been intentionally modified to start with the same window size every time. It sounds odd that it starts with the title bar off-screen though. --ll signature.asc Description: This is a digitally signed message part -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia has been replaced with Tor Launcher
Nathan Suchy: Katya Titov: TT Security: 1. So Network Map and New Identity are absent now. When these functions will be add to the TBB? Vidalia is now a stand-alone package. Details: https://www.torproject.org/docs/faq#WhereDidVidaliaGo I'm unsure, The New Identity function is critical, I think Tor Button has it, but Network might be a deprecated function... New Identity works from both TBB and Vidalia. The difference is that from TBB the entire browser closes and restarts and you lose open tabs. When choosing a new identity from Vidalia the browser remains open. If I had time and experience with Firefox plugins I would look at developing something similar to the Network Map as a native plugin. I still find it very useful as a visual cue. -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia has been replaced with Tor Launcher
Joe Btfsplk: On 1/25/2014 5:07 PM, Lunar wrote: Joe Btfsplk: I missed the memo on all reasons why Vidalia - bad, Tor Launcher - good. At least: http://users.encs.concordia.ca/~clark/papers/2007_soups.pdf http://petsymposium.org/2012/papers/hotpets12-1-usability.pdf and Vidalia has no maintainers for a while now. Thanks Lunar. I perused those papers at my convenience (sounds fancy). It was lost on me if they in fact pointed out (important) flaws in Vidalia that Tor launcher doesn't have. Other than Vidalia not being maintained. I see the main message as being that the TBB is too different from other software to allow non-technical users to use it confidently. Some specifics: - 2007_soups.pdf - G5 Users should not make dangerous errors from which they cannot recover. - G7 Users should be sufficiently comfortable with the interface to continue using it. - G8 Users should be aware of the application's status at all times. - hotpets12-1-usability.pdf - C.) Download Clarity: User wasn’t sure where on website to download the TBB - D.) Window discriminability: User wasn’t sure which window was TBB and which was a normal browser. - G.) Security Measure Confusion: Security measures taken by the TBB (such as redirecting from Google CAPTCHA, to DuckDuckGo) confused users. Some of these are being addressed by the simplification of the interface in the 3.x series (G7) and some are are not really Tor specific (G5, C). Others are more difficult, and if I had answers I would suggest them. Unfortunately, if the software is not simple to use then people will make mistakes, and those mistakes could result in the front door being kicked in by jack boots, or worse. Tails and Whonix fit the bill here and they make it very difficult to make mistakes, but they aren't the answer for everyone. -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia has been replaced with Tor Launcher
Katya Titov: New Identity works from both TBB and Vidalia. The difference is that from TBB the entire browser closes and restarts and you lose open tabs. When choosing a new identity from Vidalia the browser remains open. I need to point this out one more time: In the case of the latter, the browser content stays the same. All the browser content. Including cookies, history, and many other things that are used to fingerprint a browser session. This means that from the websites point of view, nothing changes except the IP address. You keep the same identity there. -- Lunar lu...@torproject.org signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Terminology: Deep v Dark Web
Mirimir: On 01/25/2014 04:53 AM, Katya Titov wrote: https://trac.torproject.org/projects/tor/wiki/doc/HowBigIsTheDarkWeb I've never liked the term Dark Web. There's nothing dark about it, except in the sense that Africa was called the Dark Continent because it was little known in Europe. It was not especially dark there, until the European invasion. Virtually all of the Dark Web examples are networks that are routed through the Internet. Most accurately, they are Virtual Webs. Drawing on Vernor Vinge, one could call them High Webs, with the current Internet being the Deep Web.[1] If that's too evocative of The Silk Road et alia, perhaps Supra Web would do. Typical Dark Web examples are Tor and its hidden services, I2P and Freenet. But there are many other private networks (government, military, academic, enterprise, etc) that are routed via VPNs through the Internet, and yet are not readily accessible from it. Whatever we call this category, they belong in it too. Analogous private networks, generally called anonets, are also routed via VPNs through the Internet. Most of them use unallocated IP space. Some of them route those addresses to the Internet, using customized DNS services. And so they arguably become part of the Internet. This will all become far easier with IPv6. There are also physical networks that extend the Internet in various ways. Some of them arguably become part of the Internet. But many, including most meshnets, are rather too impromptu for that. I generally agree, however the term is in common usage and we're probably stuck with it, just as we're stuck with the common definition of the word 'hacker'. I guess we could define a synonymous word and use that in lieu of dark ... 'private' isn't quite correct, and 'hidden' probably isn't either. I like 'overlay' but I'm not sure how it would go with the media and users. I've placed some definitions in the article and made some rearrangements and minor additions. Please feel free to update and/or discuss. -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Vidalia has been replaced with Tor Launcher
Lunar: Katya Titov: New Identity works from both TBB and Vidalia. The difference is that from TBB the entire browser closes and restarts and you lose open tabs. When choosing a new identity from Vidalia the browser remains open. I need to point this out one more time: In the case of the latter, the browser content stays the same. All the browser content. Including cookies, history, and many other things that are used to fingerprint a browser session. This means that from the websites point of view, nothing changes except the IP address. You keep the same identity there. Thanks Lunar, this is an excellent point. From my perspective this is expected and welcome, however others may be looking for something different. -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Thunderbird leak
I just blogged about a general security issue in Thunderbird which may also affect people who are using Tor: https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs Basically, an email can be crafted such that when you click a link in that email it is opened within a Thunderbird tab instead of in your usual (potentially torified) web browser. Bypassing any other defenses you might also have, including NoScript etc. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Terminology: Deep v Dark Web
On 01/26/2014 06:23 AM, Katya Titov wrote: I generally agree, however the term is in common usage and we're probably stuck with it, just as we're stuck with the common definition of the word 'hacker'. I guess we could define a synonymous word and use that in lieu of dark ... 'private' isn't quite correct, and 'hidden' probably isn't either. I like 'overlay' but I'm not sure how it would go with the media and users. I've placed some definitions in the article and made some rearrangements and minor additions. Please feel free to update and/or discuss. Why should you be stuck with anything? You're writing an important piece for an important project: You know... the onion with the crown? What you're writing may well become a source, a reference. You drive the conversation. All the words are belong to you. :) In a very broad sense I'd suggest: 'Commercial' that is open to all (sort of) and is after whatever can be monetized. 'Private' that is behind all those heavy-metal firewalls and exists primarily in support of 'commercial'. 'Neutral' for those referred to as 'deep' or 'dark' and, like Tor, seek to be common carriers:Identity is by choice, not by mandate. The connotations of the word 'neutral' are benign. It also suggests 'net neutrality' (original recipe... not KFCC's extra-crispy). Further, 'Neutral Net' has a nice ring to it. Shorten that to 'NeuNet' and the media might run with the concept. They love that stuff; it makes the Pulitzer fairies run around in their heads. Happy trails, Rick -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB 3.5 starts w/ size buttons hidden
Nils wrote: You can use the windows key + an arrow key to resize and move windows. DOESN'T work on my machine in Vista x64 (for any app). No effect. Maybe some Windows option turned off? On 1/26/2014 12:56 AM, Lars Luthman wrote: On Sat, 2014-01-25 at 21:37 -0600, Joe Btfsplk wrote: Re: TBB 3.5 doesn't seem to remember its window position between sessions. The size of your window can leak information that reduces your anonymity, at least if Javascript is enabled (maybe even if it's disabled?). I suspect that TBB has been intentionally modified to start with the same window size every time. It sounds odd that it starts with the title bar off-screen though. Thanks. Good point. Starting in reduced size isn't the issue - hidden title bar is. Starting w/ the title bar buttons hidden on a common 1920x1080 native (21.5 in.) monitor is odd. Nothing unusual about the monitor no issue w/ other apps. I'd think many would complain about TBB 3.5 if it's widespread. This began *ONLY* in TBB 3.5 - 1st launch has persisted (erratically). Checked this again in TBB 2.4.17 no issue w/ opening size or position. Further testing - TBB 3.5 opening UI alignment is erratic. Sometimes after maximizing, then closing - it reopens w/ title bar aligned - but often NOT. * Title bar being hidden on TBB start happens most often when I maximize its UI, then minimize, then close. That seems the MOST common scenario, when title bar's completely hidden on restart. But NOT ONLY time. Not using any extensions, plugins - except default. Tried it enough to see, even w/ no other changes between restarts, proper title bar alignment is erratic. * If title bar IS aligned, TBB sometimes starts w/ bottom border hidden well below the Windows task bar (I've only 1 task bar row small icons). Not a huge issue, as I can then maximize UI - but still odd. Tested a bunch of apps Firefox - none have these issues. Further, I've (always) had checked - keep *task bar* on top, but NOT locked or auto hide. No changes on task bar properties in ages. * With TBB 3.5 started in part-screen mode with (if) its bottom border hidden (that actually aligns w/ monitor's bottom IF... I hide task bar), when I hide, then UNhide task bar, TBB instantly adjusts its bottom border to just touch the task bar - for that session. But doesn't always remember ANY positions / alignment on next restart. When I think I've figured out sequence, it surprises me again. * Sometimes, if click maximize UI button, then reduce, it'll immediately change UI position, so all but ~ the LOWER 1/4 of resizing buttons are hidden off the monitor. Sometimes NOT. But doing that, buttons *may* display OK. * Still common for TBB 3.5 to start w/ title bar completely off monitor. If so, only way I've found to maximize TBB UI is IF... the bottom border is showing above task bar, drag it UP a bit, then PART of title bar instantly displays (showing small part of buttons). Then click maximize button. (Why would dragging TBB's bottom border make the title bar SUDDENLY jump / partially appear? Dunno - never seen it before.) Whatever my Windows / display settings are, haven't changed work OK w/ other apps previous TBB versions. That's why I asked - so not to file a bug if I'm the only one. Other than bug / Vista incompatibility, can't imagine why ONLY TBB 3.5 would do this. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
Also you might want to post this on the tails list. On Sun, Jan 26, 2014 at 5:33 PM, Andrew F andrewfriedman...@gmail.comwrote: YIKES... Are you sure, how did this slip by? On Sun, Jan 26, 2014 at 3:06 PM, Mike Cardwell t...@lists.grepular.comwrote: I just blogged about a general security issue in Thunderbird which may also affect people who are using Tor: https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs Basically, an email can be crafted such that when you click a link in that email it is opened within a Thunderbird tab instead of in your usual (potentially torified) web browser. Bypassing any other defenses you might also have, including NoScript etc. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
YIKES... Are you sure, how did this slip by? On Sun, Jan 26, 2014 at 3:06 PM, Mike Cardwell t...@lists.grepular.comwrote: I just blogged about a general security issue in Thunderbird which may also affect people who are using Tor: https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs Basically, an email can be crafted such that when you click a link in that email it is opened within a Thunderbird tab instead of in your usual (potentially torified) web browser. Bypassing any other defenses you might also have, including NoScript etc. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
On 1/26/2014 11:33 AM, Andrew F wrote: YIKES... Are you sure, how did this slip by? On Sun, Jan 26, 2014 at 3:06 PM, Mike Cardwell t...@lists.grepular.comwrote: I just blogged about a general security issue in Thunderbird which may also affect people who are using Tor: https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs Basically, an email can be crafted such that when you click a link in that email it is opened within a Thunderbird tab instead of in your usual (potentially torified) web browser. Bypassing any other defenses you might also have, including NoScript etc. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk I've seen a few links in emails open in new Tbird tabs, instead of Firefox (email from persons I know, or think I know it's from them) . I usually just copy links paste in Fx. Safer. If it's from someone I know AND was expecting a msg, I rarely forget just click links. Rarely, those WILL open in a new Tbird tab, but usually in default browser (Fx). Don't know if has (anything) to do w/ Tbird options setting, under Advanced Reading Display: Open Messages In: New tab; New msg window; Existing msg window. Never seen a Tbird setting about open links in -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
Mike Cardwell wrote (26 Jan 2014 18:34:59 GMT) : Also you might want to post this on the tails list. I am not on the Tails list. Perhaps somebody who is already there might bring it up? FYI, Tails does not ship Thunderbird. Also, anyone can post on the Tails lists (no need to subscribe first). Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
* on the Sun, Jan 26, 2014 at 05:33:45PM +, Andrew F wrote: YIKES... Are you sure, how did this slip by? Yes, I am sure. Also you might want to post this on the tails list. I am not on the Tails list. Perhaps somebody who is already there might bring it up? -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
* on the Sun, Jan 26, 2014 at 12:04:24PM -0600, Joe Btfsplk wrote: I've seen a few links in emails open in new Tbird tabs, instead of Firefox (email from persons I know, or think I know it's from them) . I usually just copy links paste in Fx. Safer. If it's from someone I know AND was expecting a msg, I rarely forget just click links. Rarely, those WILL open in a new Tbird tab, but usually in default browser (Fx). As mentioned in the blog post, when right clicking one of these links in order to select Copy Link Location from the context menu, you will find that the option is missing. I imagine that many people at this point would skip their usual copy/paste routine and just click the link for convenience. Don't know if has (anything) to do w/ Tbird options setting, under Advanced Reading Display: Open Messages In: New tab; New msg window; Existing msg window. Never seen a Tbird setting about open links in You're definitely not supposed to be able to do this. Mozilla acknowledged that it was a security issue and classified it as moderate. It has been over two years since I told them about it and it hasn't been fixed, hence why I am now making it public. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 signature.asc Description: Digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
Did you open a bug on it within Mozilla's bugzilla? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
This issue does not affect TorBirdy as it disables HTML emails. From [0]: emails you send will be in plain text and HTML emails you receive will be sanitized and converted to plain text. (I have tried to reproduce this leak and can confirm that Thunderbird + TorBirdy is not vulnerable.) [0] - https://trac.torproject.org/projects/tor/wiki/torbirdy#HowdoIsendandreceiveHTMLemails -- Sukhbir -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
Assuming we’re talking about people opening web pages in TB tabs, that normally can only happen if someone installs Thunderbrowse or a similar extension. By default, TB doesn’t render web pages. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
At Sun, 26 Jan 2014 17:33:19 + tor-talk@lists.torproject.org wrote: YIKES... Are you sure, how did this slip by? On Sun, Jan 26, 2014 at 3:06 PM, Mike Cardwell t...@lists.grepular.comwrote: I just blogged about a general security issue in Thunderbird which may also affect people who are using Tor: https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs Basically, an email can be crafted such that when you click a link in that email it is opened within a Thunderbird tab instead of in your usual (potentially torified) web browser. Bypassing any other defenses you might also have, including NoScript etc. The woes of HTML E-Mail... -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Robert Heller -- 978-544-6933 / hel...@deepsoft.com Deepwoods Software-- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
What is the bug number? -- Al Billings http://www.openbuddha.com http://makehacklearn.org On Sunday, January 26, 2014 at 10:43 AM, Mike Cardwell wrote: You're definitely not supposed to be able to do this. Mozilla acknowledged that it was a security issue and classified it as moderate. It has been over two years since I told them about it and it hasn't been fixed, hence why I am now making it public. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] NoScript for TOR disabled by default
Hi, The NoScript addon is a powerful way to improve privacy, but version after version, by default it comes DISABLED! Is there any possibility to release the next TOR versions with NoScript enabled? I think this will be helpful, especially for new TOR users. Sukhoi -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] question about bridge relays
Hi! all of your posts and videos about setting up for to use a bridge rely on an older version of bridge that uses vidalia separately. Now that everyone can only download the Tor browser bundle that opens as a single browser (mine being a mac), you can not get anything in the settings menu that gives you the option to “find bridges.” What can you do to find a local bridge? Thanks! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
On 1/26/2014 1:15 PM, Al Billings wrote: Assuming we’re talking about people opening web pages in TB tabs, that normally can only happen if someone installs Thunderbrowse or a similar extension. By default, TB doesn’t render web pages. I thought the same thing. I'm pretty sure I've had links in email open IN Tbird tabs. It happened so rarely, took me by surprise. For safety, I never really clicked links in email. After that, I never do. I'm guessing it may've been a confirmation email for website forum, tech support w/ a link, etc. Something I expected, or likely wouldn't just have clicked it, regardless of what Tbird's supposed / not supposed to do. Of course, NSA could've intercepted the real confirmation sent a link that downloaded malware. If R click copy link location was missing, I'd not click it at all, or erase msg or at bare minimum (if it was important), look at the msg source to see the real link. When you're tired, may not realize you're in email absent mindedly click a link. Rather than a browser - where it's common to click links. Something to be said for using email text only mode. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
Like I said, Thunderbird doesn't allow for pages to open in tabs without an extension. So., if you have reliable repro steps, it is a bug that should be fixed and I can push on it to get it addressed. Al On Jan 26, 2014 5:11 PM, Joe Btfsplk joebtfs...@gmx.com wrote: On 1/26/2014 1:15 PM, Al Billings wrote: Assuming we’re talking about people opening web pages in TB tabs, that normally can only happen if someone installs Thunderbrowse or a similar extension. By default, TB doesn’t render web pages. I thought the same thing. I'm pretty sure I've had links in email open IN Tbird tabs. It happened so rarely, took me by surprise. For safety, I never really clicked links in email. After that, I never do. I'm guessing it may've been a confirmation email for website forum, tech support w/ a link, etc. Something I expected, or likely wouldn't just have clicked it, regardless of what Tbird's supposed / not supposed to do. Of course, NSA could've intercepted the real confirmation sent a link that downloaded malware. If R click copy link location was missing, I'd not click it at all, or erase msg or at bare minimum (if it was important), look at the msg source to see the real link. When you're tired, may not realize you're in email absent mindedly click a link. Rather than a browser - where it's common to click links. Something to be said for using email text only mode. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] no more Vidalia for TOR, what if...
Sukhoi: Hi, Many TOR exit nodes were banned to access some sites. One way to by-pass this is taking a new identity to change tor exit node. But now, the latest TOR browser version has no more the Vidalia client. So, how to change the exit node? Click on the green onion under the tab bar and select 'New Identity'. Note that this will close all existing tabs and not re-open them. As Lunar recently pointed out this is more consistent with actually getting a 'new identity' rather than just changing your IP address via Vidalia. If you want Vidalia back then read: https://www.torproject.org/docs/faq#WhereDidVidaliaGo -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Terminology: Deep v Dark Web
You are hard to follow. Dont get rid of me yet ok? I'm not ready to go, Julie Chartier On Jan 26, 2014 8:45 PM, Katya Titov katti...@yandex.com wrote: Rick: Why should you be stuck with anything? You're writing an important piece for an important project: You know... the onion with the crown? What you're writing may well become a source, a reference. You drive the conversation. All the words are belong to you. :) In a very broad sense I'd suggest: 'Commercial' that is open to all (sort of) and is after whatever can be monetized. 'Private' that is behind all those heavy-metal firewalls and exists primarily in support of 'commercial'. 'Neutral' for those referred to as 'deep' or 'dark' and, like Tor, seek to be common carriers:Identity is by choice, not by mandate. The connotations of the word 'neutral' are benign. It also suggests 'net neutrality' (original recipe... not KFCC's extra-crispy). Further, 'Neutral Net' has a nice ring to it. Shorten that to 'NeuNet' and the media might run with the concept. They love that stuff; it makes the Pulitzer fairies run around in their heads. Thanks Rick, for the encouragement and the suggestions. I've added a few definitions ('Open Internet' to represent your 'Commercial', as well as a 'Private network'), but I've left the dark web as is ... not sure that 'Neutral' fits, but I will keep it in mind. -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Terminology: Deep v Dark Web
Rick: Why should you be stuck with anything? You're writing an important piece for an important project: You know... the onion with the crown? What you're writing may well become a source, a reference. You drive the conversation. All the words are belong to you. :) In a very broad sense I'd suggest: 'Commercial' that is open to all (sort of) and is after whatever can be monetized. 'Private' that is behind all those heavy-metal firewalls and exists primarily in support of 'commercial'. 'Neutral' for those referred to as 'deep' or 'dark' and, like Tor, seek to be common carriers:Identity is by choice, not by mandate. The connotations of the word 'neutral' are benign. It also suggests 'net neutrality' (original recipe... not KFCC's extra-crispy). Further, 'Neutral Net' has a nice ring to it. Shorten that to 'NeuNet' and the media might run with the concept. They love that stuff; it makes the Pulitzer fairies run around in their heads. Thanks Rick, for the encouragement and the suggestions. I've added a few definitions ('Open Internet' to represent your 'Commercial', as well as a 'Private network'), but I've left the dark web as is ... not sure that 'Neutral' fits, but I will keep it in mind. -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] no more Vidalia for TOR, what if...
Seems that right there, at the green onion button, there could be, under New Identity, a selection for New IP address that would retain the old functionality. On 01/26/2014 08:53 PM, Katya Titov wrote: Sukhoi: Hi, Many TOR exit nodes were banned to access some sites. One way to by-pass this is taking a new identity to change tor exit node. But now, the latest TOR browser version has no more the Vidalia client. So, how to change the exit node? Click on the green onion under the tab bar and select 'New Identity'. Note that this will close all existing tabs and not re-open them. As Lunar recently pointed out this is more consistent with actually getting a 'new identity' rather than just changing your IP address via Vidalia. If you want Vidalia back then read: https://www.torproject.org/docs/faq#WhereDidVidaliaGo -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] no more Vidalia for TOR, what if...
On 01/27/2014 04:24 AM, Douglas Lucas wrote: Seems that right there, at the green onion button, there could be, under New Identity, a selection for New IP address that would retain the old functionality. There never was a new IP address function in Tor. https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=control-spec.txt NEWNYM-- Switch to clean circuits, so new application requests don't share any circuits with old ones. Also clears the client-side DNS cache. (Tor MAY rate-limit its response to this signal.) Two things are important here: * existing/open application requests still use old circuits * new circuits don't exclude previously used relays; after New Identity, you might end up exiting from the same exit relay, for example See also https://trac.torproject.org/projects/tor/ticket/10400 -- Moritz Bartl https://www.torservers.net/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
On 01/26/2014 08:42 PM, Al Billings wrote: What is the bug number? https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs The bugzilla report is currently locked from being viewed, but for when it becomes unlocked, here it is: bug 700979 https://bugzilla.mozilla.org/show_bug.cgi?id=700979 -- Moritz Bartl https://www.torservers.net/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] NoScript for TOR disabled by default
On 01/26/2014 10:44 PM, Sukhoi wrote: Hi, The NoScript addon is a powerful way to improve privacy, but version after version, by default it comes DISABLED! Is there any possibility to release the next TOR versions with NoScript enabled? I think this will be helpful, especially for new TOR users. Sukhoi https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled -- Moritz Bartl https://www.torservers.net/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] no more Vidalia for TOR, what if...
Douglas Lucas: Seems that right there, at the green onion button, there could be, under New Identity, a selection for New IP address that would retain the old functionality. Good idea, and looks like it has already been requested: https://trac.torproject.org/projects/tor/ticket/9442 This also has some similarities and probably provides the same result: https://trac.torproject.org/projects/tor/ticket/9892 -- kat -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Thunderbird leak
Yep. Already found it and just commented on it. From: Moritz Bartl Moritz Bartl Reply: tor-talk@lists.torproject.org tor-talk@lists.torproject.org Date: January 26, 2014 at 9:11:30 PM To: tor-talk@lists.torproject.org tor-talk@lists.torproject.org Subject: Re: [tor-talk] Thunderbird leak On 01/26/2014 08:42 PM, Al Billings wrote: What is the bug number? https://grepular.com/Security_Bug_Thunderbird_Websites_Tabs The bugzilla report is currently locked from being viewed, but for when it becomes unlocked, here it is: bug 700979 https://bugzilla.mozilla.org/show_bug.cgi?id=700979 -- Moritz Bartl https://www.torservers.net/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Al Billings http://makehacklearn.org -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] question about bridge relays
On Sun, Jan 26, 2014 at 04:43:02PM -0600, Kevin Nestor wrote: all of your posts and videos about setting up for to use a bridge rely on an older version of bridge that uses vidalia separately. Now that everyone can only download the Tor browser bundle that opens as a single browser (mine being a mac), you can not get anything in the settings menu that gives you the option to ?find bridges.? What can you do to find a local bridge? The find bridges button was broken on Vidalia anyway, ever since https://bridges.torproject.org/ added a captcha to make it harder for bad guys to automate pretending to be lots of people and learn lots of bridges addresses. Now the right answer is to go to https://bridges.torproject.org/ and learn some bridges. Then you can either choose 'configure' rather than 'connect' when you start TBB the first time, in which case it will walk you through adding the bridges you found, or if you've already started TBB, go to 'open network settings' in your Torbutton (the green onion near the URL bar) and select 'my ISP blocks connections to the Tor network'. If somebody reading this wants to make some updated screenshots for https://www.torproject.org/docs/bridges#UsingBridges that would be swell. --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk