Re: [tor-talk] Hidden service persistent connections
On 05/20/2019 07:55 AM, George Kadianakis wrote: > Memory Vandal writes: > >> Hi, >> >> Are client connections to a hidden service .onion address that do not >> disconnect for hours safe? >> >> It may be a big file download or multiple keep-alive transactions that uses >> the established connection over and over for lets say few hours. >> >> If its not safe then what should be the max time a connection to .onion >> service should get disconnected so that it uses a new circuit when it >> reconnects? >> > > What kind of attacks are you worried about? I don't see any serious > threats for onion service clients when it comes to long lasting connections. Perhaps there's increased risk of malicious-relay attacks and/or traffic correlation? I vaguely recall papers about that. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hidden service persistent connections
Memory Vandal writes: > Hi, > > Are client connections to a hidden service .onion address that do not > disconnect for hours safe? > > It may be a big file download or multiple keep-alive transactions that uses > the established connection over and over for lets say few hours. > > If its not safe then what should be the max time a connection to .onion > service should get disconnected so that it uses a new circuit when it > reconnects? > What kind of attacks are you worried about? I don't see any serious threats for onion service clients when it comes to long lasting connections. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TOR problem with onion service setup
On Wed, 15 May 2019 19:09:13 +0300 xxx wrote: > May 15 19:01:11.007 [warn] Directory /var/lib/tor/hidden_service/ > cannot be read: Permission denied that directory should be read/write/access for tor user. so on my system it is user: tor and group: tor, maybe its something else on your system. -- Wallichii 0731 FCC1 D00B 2069 1F23 4D22 2032 F592 A338 B781 pgpeveW_SFq13.pgp Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to use Tor without a website knowing I am using Tor - possible?
On Sun, 19 May 2019 20:51:46 - jiggytwi...@danwin1210.me wrote: > What's the best way to connect to a site via Tor if the site engages > in exit censorship? > > Bridges - or is there a better option. bridges don't work like that, they are b/w you and the entry node. your connection still leaves from an exit node. > In short, I want to have all the benefits of Tor without the > destination site knowing I am using Tor. Is this even possible? best you can do is to contact the site owner and let them know about this. -- Wallichii 0731 FCC1 D00B 2069 1F23 4D22 2032 F592 A338 B781 pgpQtCRqSBy9d.pgp Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TOR problem with onion service setup
Nobody? :( On 15-May-19 19:09, xxx wrote: I want to setup an onion service on a VPS. For this I installed a fresh Centos6 copy, replaced Apache by Nginx, got TOR from Epel repo. As long that I simply run Tor, all is right. But when I modify the tor.rc to setup an onion service, problems begin. In tor.rc I unchecked the lines HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:80 Then: # service tor restart Checking if tor configuration is validMay 15 19:01:11.001 [notice] Tor 0.2.9.17 (git-e057a19b74589fca) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.1e-fips and Zlib 1.2.3. May 15 19:01:11.001 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning May 15 19:01:11.002 [notice] Read configuration file "/etc/tor/torrc". May 15 19:01:11.006 [warn] Couldn't find $HOME environment variable while expanding "~/.tor"; defaulting to "". May 15 19:01:11.006 [warn] Default DataDirectory is "~/.tor". This expands to "/.tor", which is probably not what you want. Using "/var/tor" instead May 15 19:01:11.007 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied May 15 19:01:11.007 [warn] Checking service directory /var/lib/tor/hidden_service/ failed. May 15 19:01:11.007 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details. May 15 19:01:11.007 [err] Reading config failed--see warnings above. To solve the $HOME point I uncommented the line #DataDirectory /var/lib/tor But so, remains the problem of May 15 19:01:11.007 [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied May 15 19:01:11.007 [warn] Checking service directory /var/lib/tor/hidden_service/ failed. May 15 19:01:11.007 [warn] Failed to parse/validate config: Failed to configure rendezvous options. See logs for details. I looked online and found a few "solutions", none of them work (changing ownership and permissions of the /var/lib/tor/*, setting a completely different directory in /var/, etc etc) Any help would be welcome, thank you! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to use Tor without a website knowing I am using Tor - possible?
On 05/19/2019 01:51 PM, jiggytwi...@danwin1210.me wrote: > What's the best way to connect to a site via Tor if the site engages in > exit censorship? There is no entirely good way. There's the Cloudflare Onion Service.[0,1,2] Basically, Cloudflare redirects Tor users to its onion service, which then connects to the website. So there's no exit involved, and no CAPTCHAs. However, that only works for sites that use Cloudflare. And both you and the site must trust them. > Bridges - or is there a better option. Not bridges. That's on the guard side. Maybe "exit bridges". But those would be blacklisted just as fast as exits are. > In short, I want to have all the benefits of Tor without the destination > site knowing I am using Tor. Is this even possible? If you're desperate, you can try an HTTPS proxy, or route a VPN via Tor. But HTTPS proxies are typically scummy, and may inject ads, or even drop malware. Some VPN services are probably honest, but most of them are also scummy. Your best bet is running your own HTTPS proxy or VPN, on a VPS. But it must be a VPS leased anonymously through Tor, using Bitcoin that's been mixed at least twice through Tor. Some VPS providers accept other cryptocurrencies that may be intrinsically more anonymous than Bitcoin. But even so, that funnels your Tor traffic through that VPS. So you're no longer just some anonymous Tor user. You're linked to that VPS. So if it gets linked to you, then everything you've done through it gets linked to you. Also, if you use a VPN, that pins the Tor circuit that it's using. And that increases the risk of traffic analysis. Bottom line. Using HTTPS proxies or VPNs through Tor is dangerous. So if you do it at all, you should only do it only when absolutely necessary. Using your own HTTPS proxy is probably the least dangerous option, because that doesn't pin Tor circuits. 0) https://www.securityweek.com/cloudflare-launches-security-service-tor-users 1) https://www.bleepingcomputer.com/news/security/cloudflare-ends-captchas-for-tor-users-while-blocking-bad-actors/ 2) https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk