Re: [tor-talk] Why does parameter "StrictExitNodes" exist?

2016-03-09 Thread Roger Dingledine 
On Thu, Mar 10, 2016 at 08:07:44AM +0100, Ben Stover wrote:
> Assume I specified in "torrc" file
> 
> ExitNodes {fr},{de],{ca}
> 
> According to Tor docs that means that the exit nodes should always (?) be in 
> one of the three countries.
> 
> On the other hand there is another parameter "StrictExitNodes" which forces 
> Tor to use an ExitNode
> from one of the three nodes. This is confusing.

Strictexitnodes went away years ago. It no longer exists.

You might enjoy
https://gitweb.torproject.org/tor.git/tree/ChangeLog?id=tor-0.2.2.7-alpha#n43
for the history of how the design changed (back in 2010).

--Roger

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Does Facebook Onion Work?

2016-03-09 Thread fkqqrr 
Seth David Schoen  writes:

> Fkqqrr writes:
>
>> Oskar Wendel  writes:
>> 
>> BTW, Does facebook has a onion version?
>
> Probably one of the most famous onions, https://facebookcorewwwi.onion/.
>
> See
>
> https://lists.torproject.org/pipermail/tor-talk/2014-October/035421.html
Ha, interesting, let me try
>
> -- 
> Seth Schoen  
> Senior Staff Technologist   https://www.eff.org/
> Electronic Frontier Foundation  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109   +1 415 436 9333 x107

-- 
Who am I? Where am I from? Where am I going?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Why does parameter "StrictExitNodes" exist?

2016-03-09 Thread Ben Stover 
Assume I specified in "torrc" file

ExitNodes {fr},{de],{ca}

According to Tor docs that means that the exit nodes should always (?) be in 
one of the three countries.

On the other hand there is another parameter "StrictExitNodes" which forces Tor 
to use an ExitNode
from one of the three nodes. This is confusing.

Why is "ExitNodes" not sufficient?

Is it only a case of probability?

So with only the ExitNodes statement above it could happen that the exit node 
is in US anyway?

This is strange.

Maybe someone could help me

Thank you
Ben





-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Does Facebook Onion Work?

2016-03-09 Thread Seth David Schoen 
Fkqqrr writes:

> Oskar Wendel  writes:
> 
> BTW, Does facebook has a onion version?

Probably one of the most famous onions, https://facebookcorewwwi.onion/.

See

https://lists.torproject.org/pipermail/tor-talk/2014-October/035421.html

-- 
Seth Schoen  
Senior Staff Technologist   https://www.eff.org/
Electronic Frontier Foundation  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109   +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Does Facebook Onion Work?

2016-03-09 Thread Fkqqrr 
Oskar Wendel  writes:

BTW, Does facebook has a onion version?
> blo...@openmailbox.org:
>
>> I wanted to see if setting up an account on the onion would require SMS 
>> validation as is the case when registering with Facebook from an exit 
>> node IP.
>
> It does, I tried.
>
> -- 
> Oskar Wendel, o.wen...@wp.pl.remove.this
> Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C
> Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C

-- 
Hello, world
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Use another "torrc" with Tor-Browser in Windows?

2016-03-09 Thread Ben Stover 
In the (new) Tor-Browser package I have simply to doubleclick on TorBrowser 
(=firefox) to start the whole Tor architecture
with the default torrc file in

TorBrowser\Data\Tor

I like it.

However sometimes I want to use a different setup with a different torrc with 
other exitnodes and configuration.

At the time when users had to start Tor separately I could pass a second torrc 
by a command line parameter -f like

tor.exe -f E:\browser\Tor\myconfig\torrc123

Since users call/start Tor not directly any more the parameter passing is not 
possible.

Fiddeling around and editing torrc each switch time is not comfortable.

So is there another way of easily temporarily use a different "torrc" file when 
starting TorBrowser?

I can imagine that I can pass a torrc through TorBrowser/Firefox anyway like

firefox.exe -pass2tor_own_config E:\browser\Tor\myconfig\torrc123

Thank you
Ben


-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] One way to protect onions against cloning attack

2016-03-09 Thread Nurmi, Juha 
And the attacker immediately started to override CSS rules. I made a
counter attack again. See

REAL: http://msydqstlz2kzerdg.onion/
FAKE: http://msydqjihosw2fsu3.onion/

Let's see what is the next move from the attacker. He is probably reading
this mailing list.

-Juha


On Tue, Mar 8, 2016 at 2:50 PM, Nurmi, Juha  wrote:

> Hi,
>
> As you may have heard someone runs fake sites on a similar address to the
> original ones and tries to fool people with that. Fake sites are transparent
> proxies with MITM.
>
> I added this detection to ahmia.fi's onion site:
>
> REAL: http://msydqstlz2kzerdg.onion/
> FAKE: http://msydqjihosw2fsu3.onion/
>
> This is a CSS trick and works without JavaScript. CSS checks the address
> using regexp and if it is not correct it will activate warning text.
>
> @-moz-document
> regexp('(?!https?://ahmia\\.fi|https?://localhost|https?://127\\.0\\.0\\.1|
> http://msydqst.*2kzerdg\\.onion).*') {
>
> /* Alternative CSS content rules for fake site. */
>
> }
>
> It's not perfect solution but again we can make the attacker's life hard.
>
> Peace,
> Juha
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk