Re: [tor-talk] Helping with the website

2018-06-08 Thread Jacki M 
Here is the main ticket for TorProject.org  redesign 
21222 , you can see if 
they need help with the redesign. 

> On Jun 8, 2018, at 2:04 PM, Kevin Simper  wrote:
> 
> Hi tor talk
> 
> I really want to help and where I would like to participate is with the
> website, I think there are a few things that can be improved for newcomers
> in terms of making it more understandable, also some better directions and
> tutorials for developers on how to host their website on tor onion services.
> 
> But it looks to be that the tor website is not part of the git repo like it
> used to?
> 
> Best regards
> Kevin
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] PGP fiddly-diddly - action required

2018-05-26 Thread Jacki M 
No, PGP is not broken, not even with the Efail vulnerabilities

https://protonmail.com/blog/pgp-vulnerability-efail/ 


> On May 16, 2018, at 4:51 AM, Sydney  wrote:
> 
> 
>> On 16 May 2018, at 9:42 pm, Lara  wrote:
>> 
>> On Wed, 16 May 2018, at 11:31, Sydney wrote:
>>> 
>>> encrypted email.”
>>> 
>>> This could easily be interpreted — especially by someone that doesn’t
>>> natively speak English — that PGP is not safe.
>> 
>> Hence the corollary: if you are not a native speaker wait for a
>> translation.
>> 
>>> This is how I initially read the article.
>> 
>> Stop reading PGP email means "everyone would be able to read ALL my
>> email". A problem it is, but language is not.
> 
> It’s a effectively security alert; it warrants caution. I’m a native speaker 
> and read it the same way. 
> 
> You need to pull your head in.
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Post Quantum Tor

2018-05-26 Thread Jacki M 
Here is the parent trac ticket for PQ 
https://trac.torproject.org/projects/tor/ticket/24985 


> On May 25, 2018, at 10:39 PM, Kevin Burress  wrote:
> 
> Hi,
> 
> I was just wondering since the NSA has quantum computers that can break
> ECDSA (As they have stated they could break bitcoin in an interview, and
> telecomix unlocked Cameron's hard drive.) When is Tor going to be upgraded
> to post quantum?
> 
> Can we at least hack together an interleaving of RSA and ECDSA with some
> secure number of rounds in the interim?
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Who controls Tor's DNS Traffic?

2018-05-10 Thread Jacki M 
Can you open a ticket on Trac.torproject.org  with 
a explanation of the problem and proposed solutions? This will make it much 
easier for the Tor Devs to address the Problem.
 
> On May 10, 2018, at 2:53 PM, nusenu  wrote:
> 
> I had a look at the Tor DNS landscape:
> 
> An Analysis of the Tor DNS Landscape
> https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca
> 
> -- 
> https://mastodon.social/@nusenu
> twitter: @nusenu_
> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?

2018-04-30 Thread Jacki M 
The service The latest TorBrowser alpha uses to connect to obtain the bridges 
“BridgesDB" has been down for a while, so I can not test this. It should be up 
and running before the stable is ready. 

> On Apr 29, 2018, at 9:21 PM, Nathaniel Suchy (Lunorian) <m...@lunorian.is> 
> wrote:
> 
> So the concerns I brought up are already addressed in an upcoming update?
> 
> Cheers,
> Nathaniel
> 
> Jacki M:
>> Torbrowser 8a3 added moat which I’m actually fetches new bridges, without 
>> requiring you to go to bridges.torproject.org.
>> 
>> Bug 23136: Moat integration (fetch bridges for the user)
>> Download the latest alpha https://dist.torproject.org/torbrowser/8.0a6/
>> Remember this is an alpha and should only be used for testing purposes, moat 
>> should be included in the next major stable.
>> Sent from my iPad
>> 
>>> On Apr 29, 2018, at 12:41 PM, Nathaniel Suchy (Lunorian) <m...@lunorian.is> 
>>> wrote:
>>> 
>>> Thank you for clarifying that. The obfs4 bridges you can get at
>>> bridges.torproject.org also pose an interesting risk, the ports each
>>> Bridge IP Address is using seem to be non-standard, I'm in the US and
>>> most networks I am at do not censor although sometimes certain ports at
>>> public wifi networks are blocked, could a threat actor threatening you
>>> or tor users in general realize an IP Address was a Tor Bridge by
>>> identifying a large amount of traffic to a non-standard port on random
>>> datacenter IP Addresses?
>>> 
>>> You can tell Tor Browser your Firewall only allows connections to
>>> certain ports which I assume when used with bridges would help further
>>> hide the fact you are using Tor.
>>> 
>>> The fact I email here obviously shows I am a Tor user, although I'd like
>>> more technical measures built into Tor Browser to obfuscate the times I
>>> am using Tor.
>>> 
>>> Cheers,
>>> Nathaniel Suchy
>>> 
>>>>> On 4/29/18 2:36 PM, Matthew Finkel wrote:
>>>>> On Sun, Apr 29, 2018 at 02:06:49PM -0400, Nathaniel Suchy (Lunorian) 
>>>>> wrote:
>>>>> I see that Tor Browser, for users who are censored in their country,
>>>>> work, or school (or have some other reason to use bridges) has a variety
>>>>> of built in bridges. Once of those are the OBFS4 bridges. My first
>>>>> thought would be these are hard coded, of course giving everyone the
>>>>> same set of bridges is bad right?
>>>> 
>>>> Currently this is how it works, yes. It is not ideal, and there is
>>>> on-going development work for rolling out a more scalable method.
>>>> 
>>>>> Then a bad actor could download Tor
>>>>> Browser, get the list, and null route the IPs on their network(s). Also
>>>>> these bridges could get quite crowded. Are the bridges being used to
>>>>> fetch other bridges, or something else? How does Tor Browser handle
>>>>> these risks / technical issues?
>>>> 
>>>> Indeed "Bad actors" could block the bridges hard-coded in Tor Browser.
>>>> It is also true many of those default bridges are overloaded.
>>> 
>>> -- 
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] How do the OBFS4 "built-in" Bridges work?

2018-04-29 Thread Jacki M 
Torbrowser 8a3 added moat which I’m actually fetches new bridges, without 
requiring you to go to bridges.torproject.org.

Bug 23136: Moat integration (fetch bridges for the user)
Download the latest alpha https://dist.torproject.org/torbrowser/8.0a6/
Remember this is an alpha and should only be used for testing purposes, moat 
should be included in the next major stable.
Sent from my iPad

> On Apr 29, 2018, at 12:41 PM, Nathaniel Suchy (Lunorian)  
> wrote:
> 
> Thank you for clarifying that. The obfs4 bridges you can get at
> bridges.torproject.org also pose an interesting risk, the ports each
> Bridge IP Address is using seem to be non-standard, I'm in the US and
> most networks I am at do not censor although sometimes certain ports at
> public wifi networks are blocked, could a threat actor threatening you
> or tor users in general realize an IP Address was a Tor Bridge by
> identifying a large amount of traffic to a non-standard port on random
> datacenter IP Addresses?
> 
> You can tell Tor Browser your Firewall only allows connections to
> certain ports which I assume when used with bridges would help further
> hide the fact you are using Tor.
> 
> The fact I email here obviously shows I am a Tor user, although I'd like
> more technical measures built into Tor Browser to obfuscate the times I
> am using Tor.
> 
> Cheers,
> Nathaniel Suchy
> 
>>> On 4/29/18 2:36 PM, Matthew Finkel wrote:
>>> On Sun, Apr 29, 2018 at 02:06:49PM -0400, Nathaniel Suchy (Lunorian) wrote:
>>> I see that Tor Browser, for users who are censored in their country,
>>> work, or school (or have some other reason to use bridges) has a variety
>>> of built in bridges. Once of those are the OBFS4 bridges. My first
>>> thought would be these are hard coded, of course giving everyone the
>>> same set of bridges is bad right?
>> 
>> Currently this is how it works, yes. It is not ideal, and there is
>> on-going development work for rolling out a more scalable method.
>> 
>>> Then a bad actor could download Tor
>>> Browser, get the list, and null route the IPs on their network(s). Also
>>> these bridges could get quite crowded. Are the bridges being used to
>>> fetch other bridges, or something else? How does Tor Browser handle
>>> these risks / technical issues?
>> 
>> Indeed "Bad actors" could block the bridges hard-coded in Tor Browser.
>> It is also true many of those default bridges are overloaded.
> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: TOR

2018-04-15 Thread Jacki M 
Install TorBrowser and set the default search engine to Duckduckgo TorBrowser 
download 


> On Apr 15, 2018, at 10:00 PM, RONALD DOMINIC  wrote:
> 
> -- Forwarded message --
> From: RONALD DOMINIC 
> Date: Sat, Feb 3, 2018 at 3:14 PM
> Subject: Re: [tor-talk] TOR
> To: tor-talk@lists.torproject.org
> 
> 
> I am still lost ,i have mozilla firefox and i use duckduckgo.What  should i
> do with each one?? Don't forget i am a "LAYMAN".Please explain.
> Thank You again Ron
> 
> 
> 
>>  Original Message 
>> On February 2, 2018 2:52 AM, CANNON  wrote:
>> 
>>> On 01/30/2018 04:32 AM, RONALD DOMINIC wrote:
 Your Tor Browser profile cannot be loaded. It may be missing or
 inaccessible.
 I have been trying to open tor for weeks know luck.
 Can anyone help me???
 RON
 expired4...@gmail.com
 
>>> 
>>> What OS are you using?
>>> 
>>> Have you tried re-install?
>>> 
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>> 
>> 
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] RE RE: Re: Tor browser error message

2018-02-25 Thread Jacki M 
Likely a duplicate of ticket:25349#comment:1 


> On Feb 25, 2018, at 1:24 AM, MFP  wrote:
> 
> Since today early in the morning cannot connect to 
> "https://check.torproject.org/?lang=en_US on the 'Welcome page'
> although upon clicking 'Start Torbrowser' button the connection seems to be 
> established. 
> 
> I.e. the situation is getting worse.
> 
> Mfp
> 
> 
> 
> -Original Message-
> From: tor-talk [mailto:tor-talk-boun...@lists.torproject.org] On Behalf Of 
> Georg Koppen
> Sent: Thursday, February 22, 2018 9:40 PM
> To: tor-talk@lists.torproject.org
> Subject: Re: [tor-talk] [!! SPAM] Re: Tor browser error message
> 
> MFP:
>> Have done both - no change.
> 
> There is a bunch of other people suddenly having a similar issue, too. I
> wonder if any of you has some third party software installed (e.g.
> antivirus/firewall software) that got an update and is now intefering
> with your traffic.
> 
> If you have such a tool running, could you uninstall it for testing
> purposes (disabling might not be enough) and report back whether that
> fixes it for you?
> 
> Georg
> 
> [snip]
> 
> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] some websites are blocking me now

2018-01-08 Thread Jacki M 
Here is a fairly detailed list of websites that block tor. 
ListOfServicesBlockingTor 

To change IP on a specific website click the little onion and click new tor 
circuit for this website.

> On Jan 8, 2018, at 3:25 PM, jbclem  wrote:
> 
> Since I started using Tor browser I can't reach certain websites.  
> www.craigslist.org is a good example.  I get an error message that "this ip 
> has been automatically blocked".  
> 
> I wonder if using Tor is causing this, or if I've been assigned an ip address 
> that is unacceptable to these websites?  And how can I get Tor to change the 
> ip address so I can test with a different one...any thoughts on this problem?
> 
> John
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] random onion non-reachability

2018-01-05 Thread Jacki M 
On the Tor Browser where you cannot connect to your onion, create a new circuit 
by clicking the green onion and clicking “new tor circuit for this site” and 
see if you can reach it. Also try setting up a next generation onion service on 
your server and see if the next generation service also has the issue. You can 
set up a V2 and V3 in onion service in tandem/side by side on the same server.
Directions.
 next generation onion service 

> On Jan 5, 2018, at 12:36 AM, Andreas Krey  wrote:
> 
> Hi everyone,
> 
> I keep noticing a phenomenon regarding onion sites reachability.
> Every now and then some onion site becomes unreachable from
> a given tor browser instance while continuing to be reachable
> from others. After a few days it becomes reachable again from
> that instance as well. Happens with different onion services
> and different browser instances (it's not always the same
> service or instance involved).
> 
> Any idea what causes this? Random outage of rendevous points?
> 
> (The onion sites I observe this with are raspberries,
> partially behind a NAT, under my control.)
> 
> - Andreas
> 
> -- 
> "Totally trivial. Famous last words."
> From: Linus Torvalds 
> Date: Fri, 22 Jan 2010 07:29:21 -0800
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Onion Service stock photo anyone?

2017-11-05 Thread Jacki M 
Im not sure about the Licensing for the photo.

> On Nov 5, 2017, at 10:22 PM, Stefan Leibfarth  wrote:
> 
> Hello everyone,
> 
> I'm writing an article about Tor and Onions Services for a German
> teachers magazine [0].
> The publisher suggested the standard 'guy with a ski mask' stock photo
> in the header. m(
> 
> Can anyone point me to a Tor or even better Onion Service related one
> that I can agree with?
> 
> Must be under a license that allows commercial usage.
> 
> Thanks in advance
> Stefan
> 
> [0]
> https://www.friedrich-verlag.de/sekundarstufe/medienpaedagogik/computer-unterricht/
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Onion Service stock photo anyone?

2017-11-05 Thread Jacki M 
tor-powering-digital-resistance.jpg 

 or tor-nextgen-onions.png 



> On Nov 5, 2017, at 10:22 PM, Stefan Leibfarth  wrote:
> 
> Hello everyone,
> 
> I'm writing an article about Tor and Onions Services for a German
> teachers magazine [0].
> The publisher suggested the standard 'guy with a ski mask' stock photo
> in the header. m(
> 
> Can anyone point me to a Tor or even better Onion Service related one
> that I can agree with?
> 
> Must be under a license that allows commercial usage.
> 
> Thanks in advance
> Stefan
> 
> [0]
> https://www.friedrich-verlag.de/sekundarstufe/medienpaedagogik/computer-unterricht/
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Ongoing client problem

2017-10-29 Thread Jacki M 
It is not a good idea to be on such a old version of OS X “security exploits 
that have been fixed in newer versions", my advice is to update to macOS 10.13 
(17A405) or the latest version and try to see if tor works then.

> On Oct 29, 2017, at 2:43 PM, Geoff Down  wrote:
> 
> 
> On Sun, Oct 29, 2017, at 06:59 PM, Roger Dingledine wrote:
>> On Sun, Oct 29, 2017 at 06:48:00PM +, George wrote:
>>> The route to determining the issue probably comes down to this
>>> error:> >
>>> Oct 29 12:50:06.000 [info] onion_skin_ntor_client_handshake():
>>> Invalid> > result from curve25519 handshake: 4
>> 
>> Right. That message comes when you tried to do a circuit-level
>> handshake> with a relay, but you were using the wrong onion key for it.
>> 
>>> ... but let me take a poke and ask if your time is synchronized?
>> 
>> A fine question. My first guess is that somehow your Tor client
>> is trying> to build circuits using obsolete directory information.
>> 
>> Another more distant option is that you (or your platform) have hacked> 
>> together your own curve25519 implementation and it's not working right> for 
>> you.
>> 
>> --Roger
>> 
> Thanks both for responding. It's OSX10.4, the clock is synchronized via
> NTP, openssl is the latest port, and the problem affects any application
> using Tor - curl, polipo, tsocks and even tor-resolve time-out in a
> similar way.I have seen messages to the effect of 'client request when we no 
> longer
> have a valid consensus' and also 'very long circuit build time -
> assuming clock jump'. I think it more likely that Tor is freezing ( I
> see no increase in cpu time at all with 'ps') sometimes and therefore
> the clock appears to jump when it unfreezes. Is that a possibility?
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Ongoing client problem

2017-10-29 Thread Jacki M 
What OS are you using?

> On Oct 29, 2017, at 11:43 AM, Geoff Down <geoffd...@fastmail.net> wrote:
> 
> Sadly not available for my OS.
> 
> 
> On Sun, Oct 29, 2017, at 06:39 PM, Jacki M wrote:
>> Just use the TorBrowser Bundle and see if that fixes your issue.
>> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Ongoing client problem

2017-10-29 Thread Jacki M 
Just use the TorBrowser Bundle and see if that fixes your issue.

> On Oct 29, 2017, at 6:07 AM, Geoff Down  wrote:
> 
> Hello all,
> my current experience of Tor is very frustrating in that it generally
> won't work for any length of time without changing identity, sending a
> SIGHUP or completely restarting. Since I've tried various versions
> (built from source), I assume the problem is with some other OS
> component or dependency. The following unedited log extract typifies the
> problem: identical curl requests to the Socks port which timed out
> 'Failed to receive SOCKS5 connect request ack' when the URL is fine over
> clearnet. Using Vidalia to look at circuits, I often see many in the
> 'Building' state permanently, or even just 'Path empty', but completed
> circuits will often not work either.
> Using 'new identity' usually produces a complete working circuit after a
> few attempts.
> More logs available if anyone wants them - but since this probably isn't
> a Tor bug, I won't open a Trac ticket.
> Regards,
> Geoff
> 
> Oct 29 11:50:02.000 [info] connection_handle_listener_read(): New SOCKS
> connection opened from 127.0.0.1.
> Oct 29 11:50:02.000 [info] connection_edge_process_inbuf(): data from
> edge while in 'waiting for circuit' state. Leaving it on buffer.
> Oct 29 11:50:02.000 [info] choose_good_exit_server_general(): Found 631
> servers that might support 1/1 pending connections.
> Oct 29 11:50:02.000 [info] choose_good_exit_server_general(): Chose exit
> server '$78E2BE744A53631B4AAB781468E94C52AB73968B~bynumlawtor at
> 104.200.20.46'
> Oct 29 11:50:03.000 [info] circuit_send_next_onion_skin(): First hop:
> finished sending CREATE cell to '$yyy~xxx at 51.15.61.46'
> Oct 29 11:50:03.000 [info] circuit_finish_handshake(): Finished building
> circuit hop:
> Oct 29 11:50:03.000 [info] exit circ (length 3, last hop bynumlawtor):
> $yyy(open) $2D5FE8689855F9F36B414B908B807981F18F2683(closed)
> $78E2BE744A53631B4AAB781468E94C52AB73968B(closed)
> Oct 29 11:50:03.000 [info] circuit_send_next_onion_skin(): Sending
> extend relay cell.
> Oct 29 11:50:12.000 [info] connection_edge_process_inbuf(): data from
> edge while in 'waiting for circuit' state. Leaving it on buffer.
> Oct 29 11:50:12.000 [info] connection_edge_reached_eof(): conn (fd 13)
> reached eof. Closing.
> Oct 29 12:50:03.000 [info] connection_handle_listener_read(): New SOCKS
> connection opened from 127.0.0.1.
> Oct 29 12:50:03.000 [info] connection_edge_process_inbuf(): data from
> edge while in 'waiting for circuit' state. Leaving it on buffer.
> Oct 29 12:50:05.000 [info] choose_good_exit_server_general(): Found 631
> servers that might support 1/1 pending connections.
> Oct 29 12:50:05.000 [info] choose_good_exit_server_general(): Chose exit
> server '$A571351082A9E04F14A0A3DF27E0637231D57B84~torfa at
> 79.172.193.32'
> Oct 29 12:50:05.000 [info] circuit_send_next_onion_skin(): First hop:
> finished sending CREATE cell to '$yyy~xxx at 51.15.61.46'
> Oct 29 12:50:05.000 [info] circuit_finish_handshake(): Finished building
> circuit hop:
> Oct 29 12:50:05.000 [info] exit circ (length 3, last hop torfa):
> $yyy(open) $823701D5C4C5D72C3FF533113F25A1922DED6303(closed)
> $A571351082A9E04F14A0A3DF27E0637231D57B84(closed)
> Oct 29 12:50:05.000 [info] circuit_send_next_onion_skin(): Sending
> extend relay cell.
> Oct 29 12:50:06.000 [info] entry_guard_inc_circ_attempt_count(): Got
> success count 230.375000/279.125000 for guard xxx ($yyy)
> Oct 29 12:50:06.000 [info] circuit_finish_handshake(): Finished building
> circuit hop:
> Oct 29 12:50:06.000 [info] exit circ (length 3, last hop torfa):
> $yyy(open) $823701D5C4C5D72C3FF533113F25A1922DED6303(open)
> $A571351082A9E04F14A0A3DF27E0637231D57B84(closed)
> Oct 29 12:50:06.000 [info] circuit_send_next_onion_skin(): Sending
> extend relay cell.
> Oct 29 12:50:06.000 [info] onion_skin_ntor_client_handshake(): Invalid
> result from curve25519 handshake: 4
> Oct 29 12:50:12.000 [info] connection_edge_process_inbuf(): data from
> edge while in 'waiting for circuit' state. Leaving it on buffer.
> Oct 29 12:50:12.000 [info] connection_edge_reached_eof(): conn (fd 13)
> reached eof. Closing.
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor in Russia, blocked from Nov 1st?

2017-10-25 Thread Jacki M 
Using a obfs4 pluggable transport bridge from 
https://bridges.torproject.org/options  
should work. As Jim said its a “arms race between the Tor developers and 
censors” to keep governments from blocking all the bridges.

> On Oct 25, 2017, at 9:49 PM, Moses  wrote:
> 
> In recently Tor bridges do not work in China, AFAIK.
> 
> Best Regards.
> 
> --
> M.
> 
> On Mon, Oct 16, 2017 at 8:25 PM, InterN0T  wrote:
> 
>> If you can use Tor bridges in China, then you can probably use Tor bridges
>> in Russia :-)
>> 
>> Best regards,
>> MaXe
>> 
>>>  Original Message 
>>> Subject: [tor-talk] Tor in Russia, blocked from Nov 1st?
>>> Local Time: October 16, 2017 10:16 PM
>>> UTC Time: October 16, 2017 8:16 PM
>>> From: torli...@yandex.ru
>>> To: tor-talk@lists.torproject.org
>>> 
>>> Greetings!
>>> 
>>> Seems that TOR will be blocked from Nov 1st in Russia. Any info on this?
>>> In such a case, will it be possible to use Tor through "bridges"?
>>> 
>>> Thank you!
>>> --
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] 'resolving or connecting to address '[scrubbed]' at 3 different places. Giving up.' error?

2017-10-07 Thread Jacki M 
Add this line tor your torrc file, and restart TorBrowser.  "Log debug file 
/Users/“your username"/tor.log”

Adapt the directory to your OS's filesystem.

> On Oct 7, 2017, at 9:20 AM, Seby  wrote:
> 
> nd try to connect to a hidden
> service that is up and running? If not we should open a ticket

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] noise traffic generator?

2017-10-06 Thread Jacki M 
Major features (traffic analysis resistance):
Connections between clients and relays now send a padding cell in each 
direction every 1.5 to 9.5 seconds (tunable via consensus parameters). This 
padding will not resist specialized eavesdroppers, but it should be enough to 
make many ISPs' routine network flow logging less useful in traffic analysis 
against Tor users.

Padding is negotiated using Tor's link protocol, so both relays and clients 
must upgrade for this to take effect. Clients may still send padding despite 
the relay's version by setting ConnectionPadding 1 in torrc, and may disable 
padding by setting ConnectionPadding 0 in torrc. Padding may be minimized for 
mobile users with the torrc option ReducedConnectionPadding. Implements 
Proposal 251 and Section 2 of Proposal 254; closes ticket 16861 
<https://bugs.torproject.org/16861>.
Relays will publish 24 hour totals of padding and non-padding cell counts to 
their extra-info descriptors, unless PaddingStatistics 0 is set in torrc. These 
24 hour totals are also rounded to multiples of 1.
Copied for tor-0317-now-released 
<https://blog.torproject.org/tor-0317-now-released>

> On Oct 6, 2017, at 4:03 PM, Jacki M <jackiam2...@yahoo.com> wrote:
> 
> TorProject has added some traffic padding in Tor 0.3.1.7 
> <https://blog.torproject.org/tor-0317-now-released>
> And they are working on Adaptive traffic padding 254-padding-negotiation 
> <https://gitweb.torproject.org/torspec.git/tree/proposals/254-padding-negotiation.txt>.
> 
>> On Oct 6, 2017, at 12:12 PM, Seth David Schoen <sch...@eff.org 
>> <mailto:sch...@eff.org>> wrote:
>> 
>> Matej Kovacic writes:
>> 
>>> Hi,
>>> 
>>> there is some interesting project called Noiszy: https://noiszy.com/ 
>>> <https://noiszy.com/>
>>> 
>>> It generates fake traffic. It is more "artists" project that real
>>> countermeasure, but I am thinking to implement something like this on my
>>> network with several machines inside.
>>> 
>>> However, the main problem is that Noiszy works too random, and is not
>>> "walking" in websites enough time and enough consistent to give an
>>> impression someone is really browsing something.
>> 
>> There have been a few projects in this space before, like Helen
>> Nissenbaum's TrackMeNot, and at least two others that I'm not thinking
>> of right away.
>> 
>> I agree with your concern that it's currently too easy for an adversary
>> to use statistics to learn if traffic is human activity or synthesized.
>> Another problem is that the sites that the traffic generator interacts
>> with might themselves get suspicious and start responding with CAPTCHAs
>> or something -- which would then also reduce the plausibility of the
>> traffic.
>> 
>> I also wonder if someone has studied higher-order statistics of online
>> activity, in the sense that engaging in one activity affects your
>> likelihood of engaging in another activity afterward (or concurrently).
>> For example, you might receive an e-mail or instant message asking you
>> to look at something on another site, and you might actually do that.
>> On the other hand, some sites are more distracting and less conducive
>> to multitasking than others.  For example, you probably wouldn't be
>> playing a real-time online game while composing an e-mail... but you
>> might play a turn-based game.
>> 
>> There are also kind of complicated probability distributions about events
>> that retain attention.  For instance, if you're doing something that
>> involves low-latency interactions with other people, it's only plausible
>> that you're actually doing that if the other people were also available
>> and interacting with you.  The probability that a given person continues
>> communicating with you declines over time, and is also related to time
>> zone and time of day.  But there's also a probability that someone else
>> starts interacting with you.
>> 
>> Some of these things will probably have to be studied in some depth in
>> order to have a hope of fooling really sophisticated adversaries with
>> synthesized online activity.
>> 
>> -- 
>> Seth Schoen  <sch...@eff.org <mailto:sch...@eff.org>>
>> Senior Staff Technologist   https://www.eff.org/ 
>> <https://www.eff.org/>
>> Electronic Frontier Foundation  https://www.eff.org/join 
>> <https://www.eff.org/join>
>> 815 Eddy Street, San Francisco, CA  94109   +1 415 436 9333 x107
>> -- 
>> tor-talk mailing list - tor-talk@lists.torproject.org 
>> <mailto:tor-talk@lists.torproject.org>
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk 
>> <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>
> 

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] noise traffic generator?

2017-10-06 Thread Jacki M 
TorProject has added some traffic padding in Tor 0.3.1.7 

And they are working on Adaptive traffic padding 254-padding-negotiation 
.

> On Oct 6, 2017, at 12:12 PM, Seth David Schoen  wrote:
> 
> Matej Kovacic writes:
> 
>> Hi,
>> 
>> there is some interesting project called Noiszy: https://noiszy.com/
>> 
>> It generates fake traffic. It is more "artists" project that real
>> countermeasure, but I am thinking to implement something like this on my
>> network with several machines inside.
>> 
>> However, the main problem is that Noiszy works too random, and is not
>> "walking" in websites enough time and enough consistent to give an
>> impression someone is really browsing something.
> 
> There have been a few projects in this space before, like Helen
> Nissenbaum's TrackMeNot, and at least two others that I'm not thinking
> of right away.
> 
> I agree with your concern that it's currently too easy for an adversary
> to use statistics to learn if traffic is human activity or synthesized.
> Another problem is that the sites that the traffic generator interacts
> with might themselves get suspicious and start responding with CAPTCHAs
> or something -- which would then also reduce the plausibility of the
> traffic.
> 
> I also wonder if someone has studied higher-order statistics of online
> activity, in the sense that engaging in one activity affects your
> likelihood of engaging in another activity afterward (or concurrently).
> For example, you might receive an e-mail or instant message asking you
> to look at something on another site, and you might actually do that.
> On the other hand, some sites are more distracting and less conducive
> to multitasking than others.  For example, you probably wouldn't be
> playing a real-time online game while composing an e-mail... but you
> might play a turn-based game.
> 
> There are also kind of complicated probability distributions about events
> that retain attention.  For instance, if you're doing something that
> involves low-latency interactions with other people, it's only plausible
> that you're actually doing that if the other people were also available
> and interacting with you.  The probability that a given person continues
> communicating with you declines over time, and is also related to time
> zone and time of day.  But there's also a probability that someone else
> starts interacting with you.
> 
> Some of these things will probably have to be studied in some depth in
> order to have a hope of fooling really sophisticated adversaries with
> synthesized online activity.
> 
> -- 
> Seth Schoen  
> Senior Staff Technologist   https://www.eff.org/
> Electronic Frontier Foundation  https://www.eff.org/join
> 815 Eddy Street, San Francisco, CA  94109   +1 415 436 9333 x107
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Help-not downloading

2017-09-28 Thread Jacki M 
Try moving tour browser out of the downloads folder first, like the desktop. 
And then try opening it again.

Sent from my iPad

> On Sep 28, 2017, at 1:25 PM, Kailee Thadeus  wrote:
> 
> When I try to open tor from my downloads, it says 
> “Tor unexpectedly exited. This might be due to a bug in Tor itself, another 
> program on your system, or a faulty hardware. Until you restart Tor, the Tor 
> browser will not be able to reach any websites. If the problem persists, 
> please send a copy of your Tor log to the support team.”
> 
> I have deleted and re downloaded Tor like 10 times now and it still pops up 
> with this message. Is there any way I can fix this so I can finally use Tor.
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

2017-08-30 Thread Jacki M 
This would also effect Onionshare’s user hosting anonymity, it would require 
file hosts to Reveal their identity or there onion address would keep changing.
onionshare 
> On Aug 30, 2017, at 10:18 AM, Roger Dingledine  wrote:
> 
> This is a really important point. Thinking of onion space right now as
> the sum total of all that it can be is cutting off all of the future
> innovation.
> 
> My claim isn't "onion services are 3% of Tor traffic, so don't get
> upset about anything you find on an onion service" -- my claim is "onion
> services are still very early in terms of adoption, and as is usual for
> many decentralized techologies the extra-early adopters are not great use
> cases, and that means we need to help the space grow, and as it grows,
> if we do it right, it will become more broad and thus more good".
> 
> One concrete example of an onion service that the proposed design would
> cut off is Ricochet. Ricochet users want longterm-stable identifiers,
> and they want the identifiers to be self-authenticating. And of course
> making every Ricochet user register and maintain a domain, plus run a
> webserver, is both silly and harmful.
> 
> This example also helps to illustrate why thinking of onion services as
> only websites also artificially constrains their future. What if your
> smart refridgerator registers an onion address when you first plug it
> in, and it's only willing to receive secure updates via that channel,
> meaning it has a hugely reduced surface area to attacks?
> 
> As Alec says, the list of "things that could benefit from having a safe
> communication channel" is both enormous and open-ended. People like to
> use phrases like "dark web" or "dark continent" to evoke mystery and
> intrigue, but really, do you want to use the communications channel where
> you know for sure that you're talking to the person you meant to talk
> to, and you know that it's hard for somebody to eavesdrop on the content
> or the metadata? Or do you want to use the communications channel where
> you don't know who you're talking to, you don't know who is listening,
> and you don't know whether somebody is modifying the traffic?
> 
> Calling onion services the "secure web" and everything else the "insecure
> web" isn't very catchy, so maybe we should settle on calling everything
> else (the places where you don't know who you're talking to or who's
> listening) "dark". :)
> 
> For those following along who haven't watched our 32c3 onion services
> talk, you might find it enlightening:
> https://media.ccc.de/v/32c3-7322-tor_onion_services_more_useful_than_you_think
>  
> 
> (The Defcon talk has a few more details about the next-generation onion
> service design, but I'm told the video for it won't be up for another
> couple of months.)
> 
> I think finding ways to tie onion addresses to normal ("insecure web")
> domains, when a service has both, is really important too. I'd like to
> live in a world where Let's Encrypt gives you an onion altname in your
> https cert by default, and spins up a Tor client by default to let users
> reach your webserver using whichever level of security they prefer.
> 
> And for those who made it this far down the mail, you might enjoy this
> historical tor-talk mail too:
> https://lists.torproject.org/pipermail/tor-talk/2015-April/037538.html 
> 
> (see the paragraph towards the bottom that starts "I should also make
> clear my opinion on some of the bad uses of Tor.")

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] MTor (multicast tor), is it going to be released?

2017-08-22 Thread Jacki M 
Tor version 0.2.3.25 is no longer supported and that last comment on the mtor 
project was more than a year ago, Latest commit f50af12 on Aug 17, 2016, so it 
looks like the project is no longer in development and the version of tor it is 
based on is extremely outdated, and not secure. Currently supported builds of 
tor CoreTorReleases 

> On Aug 21, 2017, at 11:49 PM, Yuri  wrote:
> 
> Here is the white paper with MTor design: 
> https://www.degruyter.com/downloadpdf/j/popets.2015.2016.issue-2/popets-2016-0003/popets-2016-0003.pdf
> 
> And here is an implementation based on tor-0.2.3.25: 
> https://github.com/multicastTor/multicastTor/tree/master/shadow/build/tor
> 
> 
> But ChangeLog doesn't mention it, and there are no mentions of it on 
> torproject.org.
> 
> 
> So, what is MTor's status?
> 
> 
> Yuri
> 
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] help

2017-08-15 Thread Jacki M 
Try and use a Tor bridge with obsf4 to connect to tor, you can get bridges 
here. https://bridges.torproject.org  

On Aug 15, 2017, at 8:46 PM, petey lean  wrote:
> 
> I don't understand why i can't connect to the tor browser, i've joined the
> IRC I just kept getting link to the support page only thing on support page
> i saw about loading tor log files to get help when having a problem was in
> these different mailing lists... here is my tor log file.. or please let me
> know where i should be sending it...
> 
> 
> -- Logs begin at Tue 2017-08-15 19:50:52 UTC, end at Tue 2017-08-15
> 20:24:53 UTC. --
> Aug 15 19:50:55 kali systemd[1]: Starting Anonymizing overlay network for
> TCP...
> Aug 15 19:50:56 kali tor[1400]: Aug 15 19:50:56.422 [notice] Tor 0.3.0.9
> (git-100816d92ab5664d) running on Linux with Libevent 2.1.8-stable, OpenSSL
> 1.1.0f and Zlib 1.2.8.
> Aug 15 19:50:56 kali tor[1400]: Aug 15 19:50:56.424 [notice] Tor can't help
> you if you use it wrong! Learn how to be safe at
> https://www.torproject.org/download/download#warning
> Aug 15 19:50:56 kali tor[1400]: Aug 15 19:50:56.433 [notice] Read
> configuration file "/usr/share/tor/tor-service-defaults-torrc".
> Aug 15 19:50:56 kali tor[1400]: Aug 15 19:50:56.433 [notice] Read
> configuration file "/etc/tor/torrc".
> Aug 15 19:50:56 kali tor[1400]: Configuration was valid
> Aug 15 19:50:56 kali tor[1407]: Aug 15 19:50:56.582 [notice] Tor 0.3.0.9
> (git-100816d92ab5664d) running on Linux with Libevent 2.1.8-stable, OpenSSL
> 1.1.0f and Zlib 1.2.8.
> Aug 15 19:50:56 kali tor[1407]: Aug 15 19:50:56.582 [notice] Tor can't help
> you if you use it wrong! Learn how to be safe at
> https://www.torproject.org/download/download#warning
> Aug 15 19:50:56 kali tor[1407]: Aug 15 19:50:56.583 [notice] Read
> configuration file "/usr/share/tor/tor-service-defaults-torrc".
> Aug 15 19:50:56 kali tor[1407]: Aug 15 19:50:56.583 [notice] Read
> configuration file "/etc/tor/torrc".
> Aug 15 19:50:56 kali tor[1407]: Aug 15 19:50:56.588 [notice] Opening Socks
> listener on 127.0.0.1:9050
> Aug 15 19:50:56 kali tor[1407]: Aug 15 19:50:56.589 [notice] Opening DNS
> listener on 127.0.0.1:53
> Aug 15 19:50:56 kali tor[1407]: Aug 15 19:50:56.589 [notice] Opening
> Transparent pf/netfilter listener on 127.0.0.1:9040
> Aug 15 19:50:56 kali Tor[1407]: Tor 0.3.0.9 (git-100816d92ab5664d) running
> on Linux with Libevent 2.1.8-stable, OpenSSL 1.1.0f and Zlib 1.2.8.
> Aug 15 19:50:56 kali Tor[1407]: Tor can't help you if you use it wrong!
> Learn how to be safe at https://www.torproject.org/download/download#warning
> Aug 15 19:50:56 kali Tor[1407]: Read configuration file
> "/usr/share/tor/tor-service-defaults-torrc".
> Aug 15 19:50:56 kali Tor[1407]: Read configuration file "/etc/tor/torrc".
> Aug 15 19:50:56 kali Tor[1407]: Opening Socks listener on 127.0.0.1:9050
> Aug 15 19:50:56 kali Tor[1407]: Opening DNS listener on 127.0.0.1:53
> Aug 15 19:50:56 kali Tor[1407]: Opening Transparent pf/netfilter listener
> on 127.0.0.1:9040
> Aug 15 19:50:56 kali Tor[1407]: Parsing GEOIP IPv4 file
> /usr/share/tor/geoip.
> Aug 15 19:50:56 kali Tor[1407]: Parsing GEOIP IPv6 file
> /usr/share/tor/geoip6.
> Aug 15 19:50:57 kali Tor[1407]: Bootstrapped 0%: Starting
> Aug 15 19:50:58 kali Tor[1407]: Our clock is 6 hours, 9 minutes behind the
> time published in the consensus network status document (2017-08-16
> 02:00:00 UTC).  Tor needs an accurate clock to work correctly. Please check
> your time and date settings!
> Aug 15 19:50:58 kali systemd[1]: Started Anonymizing overlay network for
> TCP.
> Aug 15 19:50:58 kali Tor[1407]: Signaled readiness to systemd
> Aug 15 19:50:58 kali Tor[1407]: Starting with guard context "default"
> Aug 15 19:50:58 kali Tor[1407]: Opening Control listener on
> /var/run/tor/control
> Aug 15 19:50:58 kali Tor[1407]: Bootstrapped 5%: Connecting to directory
> server
> Aug 15 19:50:58 kali Tor[1407]: Problem bootstrapping. Stuck at 5%:
> Connecting to directory server. (Network is unreachable; NOROUTE; count 1;
> recommendation warn; host 7350AB9ED7568F22745198359373C04AC783C37C at
> 176.31.191.26:443)
> Aug 15 19:50:58 kali Tor[1407]: Problem bootstrapping. Stuck at 5%:
> Connecting to directory server. (Network is unreachable; NOROUTE; count 2;
> recommendation warn; host CF6D0AAFB385BE71B8E111FC5CFF4B47923733BC at
> 154.35.175.225:443)
> Aug 15 19:51:02 kali Tor[1407]: Bootstrapped 10%: Finishing handshake with
> directory server
> Aug 15 19:51:03 kali Tor[1407]: Bootstrapped 15%: Establishing an encrypted
> directory connection
> Aug 15 19:51:03 kali Tor[1407]: Bootstrapped 20%: Asking for networkstatus
> consensus
> Aug 15 19:51:03 kali Tor[1407]: Bootstrapped 25%: Loading networkstatus
> consensus
> Aug 15 20:04:54 kali Tor[1407]: Received directory with skewed time
> (DIRSERV:199.254.238.53:443): It seems that our clock is behind by 7 hours,
> 0 minutes, or that theirs is ahead. Tor requires an

Re: [tor-talk] Comments?

2017-08-04 Thread Jacki M 
Thank you for the explanation.



> On Aug 3, 2017, at 5:05 PM, Paul Syverson <paul.syver...@nrl.navy.mil> wrote:
> 
>> On Thu, Aug 03, 2017 at 04:38:49PM -0700, Jacki M wrote:
>> Comments on Paul Syverson Proposed attack?
>> Paul Syverson - Oft Target: Tor adversary models that don't miss the mark
>> https://www.youtube.com/watch?v=dGXncihWzfw
>> 
> 
> Ermm, brilliant. ;>)
> 
> More seriously. The point of this work is not to propose attacks per se 
> but to observe that a Tor adversary intending to target individuals or
> specific groups might be much more effective against those targets
> than would the usual "hoovering" adversaries described in the literature,
> even if it has roughly the same resources as the usually considered
> adversaries. (Hoovering adversaries simply try to gather as much as
> they can indiscriminantly.) And we observed that targeting adversaries
> are in various ways more realistic. We suggested that Tor design changes
> and security analyses should take targeting into account going
> forward. That was our main point. We also proposed some
> countermeasures for the specific example attacks we introduced to
> illustrate that point, some of which I think are original (onionsite
> templates) while others are part of territory already explored for
> other reasons (guard layering and different guard-set sizes and
> duration).
> 
> aloha,
> Paul
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Comments?

2017-08-03 Thread Jacki M 
Comments on Paul Syverson Proposed attack?
Paul Syverson - Oft Target: Tor adversary models that don't miss the mark
https://www.youtube.com/watch?v=dGXncihWzfw

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk