[tor-talk] Use Tor in a right track.
Hello, I want to secure the internet connection of an application like Telegram. If I set the Telegram proxy to use Socks5(127.0.0.1:9150) then is it enough? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor vs Tor Browser
Hello,In the Tor Browser, we have some options like "Security Level". How about Tor in CLI? How can I define it? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] A security concern about Tor.
Hello Tor Team, I read some articles about Tor security and some of them said that if the governments see your real IP address then they can't see the Tor traffic or websites that visited by Tor and if they can sniff Tor traffic then they can't see your real IP. Is it true? How Tor team members are sure about it? If the governments use any special devices for sniffing Tor traffics then why they should reveal it? If a user use the Telegram messenger with Sock5(Tor) proxy, then is it secure? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to configure Tor for use a built-in bridg
Thank you, but the Tor is censored and with Tor-Browser and built-in bridge(obfs4) I can open Tor, but with Tor CLI I can't. It just has %45 progress.I copied the torrc from Tor-Browser into "/etc/tor" but not worked :( Sent from Yahoo Mail on Android On Wed, Nov 6, 2019 at 12:35 PM, Jonathan Marquardt wrote: On Sun, Nov 03, 2019 at 01:10:39PM +0000, Jason Long wrote: > Hello,I installed Tor on Debian 10.1 x86_64 and I want to configure > "/etc/tor/torrc" for use built-in bridge obfs4.An idea? Run (as root): # apt install obfs4proxy Add the following lines to torrc: UseBridges 1 ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy Then, you need to add some further bridge lines. I recommend that you don't use the "built-in bridges" (they're only built into Tor Browser, not into Tor itself), as you need to add the bridges manually anyways. I recommend that you go to https://bridges.torproject.org/ and get yourself some bridge configuration lines. Then, add your bridge lines to torrc, but add the string "Bridge " to the beginning to each of your lines. So it looks like this: Bridge obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0 Bridge obfs4 192.99.11.54:443 7B126FAB960E5AC6A629C729434FF84FB5074EC2 cert=VW5f8+IBUWpPFxF+rsiVy2wXkyTQG7vEd+rHeN2jV5LIDNu8wMNEOqZXPwHdwMVEBdqXEw iat-mode=0 Bridge obfs4 109.105.109.165:10527 8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E cert=Bvg/itxeL4TWKLP6N1MaQzSOC6tcRIBv6q57DYAZc3b2AzuM+/TfB7mqTFEfXILCjEwzVA iat-mode=1 If you really want to use the "built-in bridges", those lines can be found here: https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/Bundle-Data/PTConfigs/bridge_prefs.js But again, I don't think you should. -- OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3 https://www.parckwart.de/pgp_key -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk On Sun, Nov 03, 2019 at 01:10:39PM +, Jason Long wrote: > Hello,I installed Tor on Debian 10.1 x86_64 and I want to configure > "/etc/tor/torrc" for use built-in bridge obfs4.An idea? Run (as root): # apt install obfs4proxy Add the following lines to torrc: UseBridges 1 ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy Then, you need to add some further bridge lines. I recommend that you don't use the "built-in bridges" (they're only built into Tor Browser, not into Tor itself), as you need to add the bridges manually anyways. I recommend that you go to https://bridges.torproject.org/ and get yourself some bridge configuration lines. Then, add your bridge lines to torrc, but add the string "Bridge " to the beginning to each of your lines. So it looks like this: Bridge obfs4 154.35.22.10:15937 8FB9F4319E89E5C6223052AA525A192AFBC85D55 cert=GGGS1TX4R81m3r0HBl79wKy1OtPPNR2CZUIrHjkRg65Vc2VR8fOyo64f9kmT1UAFG7j0HQ iat-mode=0 Bridge obfs4 192.99.11.54:443 7B126FAB960E5AC6A629C729434FF84FB5074EC2 cert=VW5f8+IBUWpPFxF+rsiVy2wXkyTQG7vEd+rHeN2jV5LIDNu8wMNEOqZXPwHdwMVEBdqXEw iat-mode=0 Bridge obfs4 109.105.109.165:10527 8DFCD8FB3285E855F5A55EDDA35696C743ABFC4E cert=Bvg/itxeL4TWKLP6N1MaQzSOC6tcRIBv6q57DYAZc3b2AzuM+/TfB7mqTFEfXILCjEwzVA iat-mode=1 If you really want to use the "built-in bridges", those lines can be found here: https://gitweb.torproject.org/builders/tor-browser-bundle.git/tree/Bundle-Data/PTConfigs/bridge_prefs.js But again, I don't think you should. -- OpenPGP Key: 47BC7DE83D462E8BED18AA861224DBD299A4F5F3 https://www.parckwart.de/pgp_key-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] How to configure Tor for use a built-in bridge?
Hello,I installed Tor on Debian 10.1 x86_64 and I want to configure "/etc/tor/torrc" for use built-in bridge obfs4.An idea? Thanks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] A question about the Tor Bulk Exit List exporting tool.
Hello.Can I use the IP addresses that "https://check.torproject.org/cgi-bin/TorBulkExitList.py; show me as a proxy? Thanks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to hide using Tor browser?
Thanks for your reply. Some websites blocked Tor and... On Monday, July 1, 2019, 1:49:42 AM GMT+4:30, Roger Dingledine wrote: On Sat, Jun 29, 2019 at 09:21:32AM +, Jason Long wrote: > HelloSome website blocked Tor browser and you can't open them by Tor browser. > Any method to hide using Tor browser? Alas, there are no great answers here. Here's a related FAQ answer: https://2019.www.torproject.org/docs/faq#HideExits You could conceivably find an open proxy or a vpn and chain that at the end of your circuit, but (a) it is messy (hard) to do that from a practical perspective, and (b) it probably harms your anonymity. The better answer is to find the people who run those websites, and help teach them about the value of users who care about privacy: https://2019.www.torproject.org/docs/faq-abuse#Bans But that suggestion will work better on some sites than others. For even more to read, check out https://blog.torproject.org/call-arms-helping-internet-services-accept-anonymous-users --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] How to hide using Tor browser?
HelloSome website blocked Tor browser and you can't open them by Tor browser. Any method to hide using Tor browser? Thanks. Sent from Yahoo Mail on Android -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor-Browser and CLI.
Redesign? Sent from Yahoo Mail on Android On Thu, Jun 13, 2019 at 9:02 PM, Damon H. (TheDcoder) wrote: Ah! Thanks for pointing it out, I vaguely recall finding it initially after the redesign of Tor browser, but I had forgotten about it. On 12/06/19 3:47 PM, Nicolas Vigier wrote: > On Tue, 11 Jun 2019, Damon H. (TheDcoder) wrote: > >> Tor browser used to have this option to refresh the circuits but it >> seems to be removed in the current version as I cannot find it now >> (correct me if I am wrong). > You can still ask Tor Browser to use a new circuit for a site, if you > click on the left of the URL bar. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor-Browser and CLI.
No, I want to do it via CLI because I need it in a bash script. On Wednesday, June 12, 2019, 3:04:10 PM GMT+4:30, Nicolas Vigier wrote: On Tue, 11 Jun 2019, Damon H. (TheDcoder) wrote: > Tor browser used to have this option to refresh the circuits but it > seems to be removed in the current version as I cannot find it now > (correct me if I am wrong). You can still ask Tor Browser to use a new circuit for a site, if you click on the left of the URL bar. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor-Browser and CLI.
Thanks, but I'm using Tor-Browser. On Tuesday, June 11, 2019, 3:06:52 PM GMT+4:30, Damon H. (TheDcoder) wrote: Tor browser used to have this option to refresh the circuits but it seems to be removed in the current version as I cannot find it now (correct me if I am wrong). If you are using Tor directly, you will need to use a controller to instruct Tor to form new circuits. Nyx seems to be the most popular option :) On 11/06/19 11:37 AM, Jason Long wrote: Hello.When Tor-Browser launched then how can I work with Tor deamon via CLI? Something like, renew IP address via CLI. Thanks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor-Browser and CLI.
Hello.When Tor-Browser launched then how can I work with Tor deamon via CLI? Something like, renew IP address via CLI. Thanks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor and iptables
Hello.My iptables rules are as below: -P INPUT DROP-P FORWARD DROP-P OUTPUT DROP-A INPUT -s 127.0.0.0/8 -d 127.0.0.0/8 -i lo -j ACCEPT-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -j REJECT --reject-with icmp-port-unreachable-A FORWARD -j REJECT --reject-with icmp-port-unreachable-A OUTPUT -p tcp -j ACCEPT-A OUTPUT -p udp -j ACCEPT-A OUTPUT -p icmp -j ACCEPT-A OUTPUT -j REJECT --reject-with icmp-port-unreachable When I open Tor then I got below Log: 03/01/2018 14:12:29.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 03/01/2018 14:12:37.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 03/01/2018 14:12:37.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 03/01/2018 14:12:37.800 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 03/01/2018 14:12:37.800 [NOTICE] Opening Socks listener on 127.0.0.1:9150 03/01/2018 14:12:39.000 [NOTICE] Bootstrapped 5%: Connecting to directory server 03/01/2018 14:12:39.000 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 03/01/2018 14:13:09.200 [WARN] Proxy Client: unable to connect to 38.229.1.78:80 ("general SOCKS server failure") 03/01/2018 14:13:09.200 [WARN] Proxy Client: unable to connect to 38.229.33.83:80 ("general SOCKS server failure") 03/01/2018 14:13:13.500 [WARN] Proxy Client: unable to connect to 192.95.36.142:443 ("general SOCKS server failure") 03/01/2018 14:13:16.400 [WARN] Proxy Client: unable to connect to 85.17.30.79:443 ("general SOCKS server failure") 03/01/2018 14:13:20.500 [WARN] Proxy Client: unable to connect to 154.35.22.11:80 ("general SOCKS server failure") 03/01/2018 14:13:21.200 [WARN] Proxy Client: unable to connect to 83.212.101.3:50002 ("general SOCKS server failure") 03/01/2018 14:13:24.100 [WARN] Proxy Client: unable to connect to 154.35.22.10:80 ("general SOCKS server failure") 03/01/2018 14:13:24.100 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure") 03/01/2018 14:13:24.100 [WARN] Proxy Client: unable to connect to 154.35.22.9:443 ("general SOCKS server failure") 03/01/2018 14:13:33.200 [WARN] Proxy Client: unable to connect to 109.105.109.147:13764 ("general SOCKS server failure") 03/01/2018 14:13:37.500 [WARN] Proxy Client: unable to connect to 154.35.22.13:16815 ("general SOCKS server failure") 03/01/2018 14:13:39.000 [WARN] Proxy Client: unable to connect to 85.31.186.98:443 ("general SOCKS server failure") 03/01/2018 14:13:39.000 [WARN] Proxy Client: unable to connect to 85.31.186.26:443 ("general SOCKS server failure") 03/01/2018 14:13:39.100 [WARN] Proxy Client: unable to connect to 37.218.245.14:38224 ("general SOCKS server failure") 03/01/2018 14:13:39.100 [WARN] Proxy Client: unable to connect to 109.105.109.165:10527 ("general SOCKS server failure") 03/01/2018 14:13:39.300 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 03/01/2018 14:14:46.300 [WARN] Proxy Client: unable to connect to 154.35.22.12:4304 ("general SOCKS server failure") 03/01/2018 14:33:09.200 [WARN] Proxy Client: unable to connect to 38.229.1.78:80 ("general SOCKS server failure") 03/01/2018 14:33:09.200 [WARN] Proxy Client: unable to connect to 38.229.33.83:80 ("general SOCKS server failure") 03/01/2018 14:33:13.500 [WARN] Proxy Client: unable to connect to 192.95.36.142:443 ("general SOCKS server failure") 03/01/2018 14:33:16.400 [WARN] Proxy Client: unable to connect to 85.17.30.79:443 ("general SOCKS server failure") 03/01/2018 14:33:20.500 [WARN] Proxy Client: unable to connect to 154.35.22.11:80 ("general SOCKS server failure") 03/01/2018 14:33:21.200 [WARN] Proxy Client: unable to connect to 83.212.101.3:50002 ("general SOCKS server failure") 03/01/2018 14:33:24.100 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure") 03/01/2018 14:33:24.100 [WARN] Proxy Client: unable to connect to 154.35.22.10:80 ("general SOCKS server failure") 03/01/2018 14:33:24.100 [WARN] Proxy Client: unable to connect to 154.35.22.9:443 ("general SOCKS server failure") 03/01/2018 14:33:33.200 [WARN] Proxy Client: unable to connect to 109.105.109.147:13764 ("general SOCKS server failure") 03/01/2018 14:33:37.500 [WARN] Proxy Client: unable to connect to 154.35.22.13:16815 ("general SOCKS server failure") 03/01/2018 14:33:39.000 [WARN] Proxy Client: unable to connect to 85.31.186.98:443 ("general SOCKS server failure") 03/01/2018 14:33:39.000 [WARN] Proxy Client: unable to connect to 85.31.186.26:443 ("general SOCKS server failure") 03/01/2018 14:33:39.100 [WARN] Proxy Client: unable to connect to 37.218.245.14:38224
Re: [tor-talk] What does this log mean?
Yes but It is a little slow :( On Saturday, January 6, 2018, 1:39:36 AM PST, Nathan Freitas <nat...@freitas.net> wrote: On Sat, Jan 6, 2018, at 3:24 AM, Jason Long wrote: > Hello.What does this log mean? It means you successfully connected to Tor, using Orbot. Congratulations! You are using one of the Meek Bridge servers, which has a lot of users, which is likely why you received the message about the overloaded node. Is everything else working for you? > Set background service to FOREGROUNDOrbot is starting…Orbot is starting… > updating settings in Tor serviceupdating torrc custom > configuration...success.Orbot is starting…Waiting for control > port...Connecting to control port: 5SUCCESS connected to Tor control > port.SUCCESS - authenticated to control port.Starting Tor client… > complete.adding control port event handlerSUCCESS added control port > event handlerTor started; process id=2192Starting polipo processPolipo > is running on port:8118Polipo is runningNOTICE: Bootstrapped 80%: > Connecting to the Tor network NOTICE: Bootstrapped 85%: Finishing > handshake with first hop NOTICE: Bootstrapped 90%: Establishing a Tor > circuit Circuit (1) BUILT: TorLandMeekCircuit (2) BUILT: > cymrubridge02NOTICE: Your Guard > $B9E7141C594AF25699E0079C1F0146F409495296 > ($B9E7141C594AF25699E0079C1F0146F409495296) is failing more circuits > than usual. Most likely this means the Tor network is overloaded. > Success counts are 141/213. Use counts are 59/72. 195 circuits > completed, 16 were unusable, 37 collapsed, and 19 timed out. For > reference, your timeout cutoff is 163 seconds. Circuit (4) BUILT: > TorLandMeek > Hindenburg > AccessNow001NOTICE: Tor has successfully > opened a circuit. Looks like client functionality is working. NOTICE: > Bootstrapped 100%: Done Circuit (3) BUILT: TorLandMeek > bonjour2 > > tollanaCircuit (6) BUILT: TorLandMeek > ieditedtheconfig > > morecowbellCircuit (7) BUILT: TorLandMeek > ymkeo > norco176.10.99.201 > Switzerland (SOFTplus Entwicklungen GmbH)Circuit (5) BUILT: TorLandMeek > > PartitoPirata > Multivac85.248.227.164 Slovakia (BENESTRA, > s.r.o.)176.121.10.45 Ukraine (Global Data Networks LLC)176.107.185.22 > Ukraine (PE Freehost)163.172.53.84 France (Online S.a.s.) > > Thank you. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] What does this log mean?
Hello.What does this log mean? Set background service to FOREGROUNDOrbot is starting…Orbot is starting…updating settings in Tor serviceupdating torrc custom configuration...success.Orbot is starting…Waiting for control port...Connecting to control port: 5SUCCESS connected to Tor control port.SUCCESS - authenticated to control port.Starting Tor client… complete.adding control port event handlerSUCCESS added control port event handlerTor started; process id=2192Starting polipo processPolipo is running on port:8118Polipo is runningNOTICE: Bootstrapped 80%: Connecting to the Tor network NOTICE: Bootstrapped 85%: Finishing handshake with first hop NOTICE: Bootstrapped 90%: Establishing a Tor circuit Circuit (1) BUILT: TorLandMeekCircuit (2) BUILT: cymrubridge02NOTICE: Your Guard $B9E7141C594AF25699E0079C1F0146F409495296 ($B9E7141C594AF25699E0079C1F0146F409495296) is failing more circuits than usual. Most likely this means the Tor network is overloaded. Success counts are 141/213. Use counts are 59/72. 195 circuits completed, 16 were unusable, 37 collapsed, and 19 timed out. For reference, your timeout cutoff is 163 seconds. Circuit (4) BUILT: TorLandMeek > Hindenburg > AccessNow001NOTICE: Tor has successfully opened a circuit. Looks like client functionality is working. NOTICE: Bootstrapped 100%: Done Circuit (3) BUILT: TorLandMeek > bonjour2 > tollanaCircuit (6) BUILT: TorLandMeek > ieditedtheconfig > morecowbellCircuit (7) BUILT: TorLandMeek > ymkeo > norco176.10.99.201 Switzerland (SOFTplus Entwicklungen GmbH)Circuit (5) BUILT: TorLandMeek > PartitoPirata > Multivac85.248.227.164 Slovakia (BENESTRA, s.r.o.)176.121.10.45 Ukraine (Global Data Networks LLC)176.107.185.22 Ukraine (PE Freehost)163.172.53.84 France (Online S.a.s.) Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Why Tor can't load on my Linux?
Hello.I'm using Debian 8.9 x64 and when I open Tor browser then it can't work. Tor Logs are: 10/08/2017 18:49:03.900 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] Opening Socks listener on 127.0.0.1:9150 10/08/2017 18:49:10.700 [NOTICE] Bootstrapped 5%: Connecting to directory server 10/08/2017 18:49:10.700 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 10/08/2017 18:49:10.700 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure") 10/08/2017 18:49:10.900 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure") 10/08/2017 18:49:48.300 [WARN] Proxy Client: unable to connect to 85.17.30.79:443 ("general SOCKS server failure") 10/08/2017 18:49:52.900 [WARN] Proxy Client: unable to connect to 83.212.101.3:50002 ("general SOCKS server failure") 10/08/2017 18:50:04.900 [WARN] Proxy Client: unable to connect to 109.105.109.147:13764 ("general SOCKS server failure") 10/08/2017 18:50:09.200 [WARN] Proxy Client: unable to connect to 154.35.22.13:16815 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 154.35.22.12:80 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 38.229.1.78:80 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 85.31.186.98:443 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 154.35.22.9:443 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 38.229.33.83:80 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 85.31.186.26:443 ("general SOCKS server failure") 10/08/2017 18:50:10.800 [WARN] Proxy Client: unable to connect to 37.218.245.14:38224 ("general SOCKS server failure") 10/08/2017 18:50:10.800 [WARN] Proxy Client: unable to connect to 109.105.109.165:10527 ("general SOCKS server failure") 10/08/2017 18:50:10.900 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 10/08/2017 18:51:17.900 [WARN] Proxy Client: unable to connect to 154.35.22.11:16488 ("general SOCKS server failure") 10/08/2017 18:51:17.900 [WARN] Proxy Client: unable to connect to 154.35.22.10:15937 ("general SOCKS server failure") 10/08/2017 19:02:00.700 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 10/08/2017 19:02:00.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 19:02:00.700 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 I'm using "obfs4". Any idea? Thank you. On Monday, October 9, 2017, 8:38:57 AM PDT, Jason Long <hack3r...@yahoo.com> wrote: Hello.I'm using Debian 8.9 x64 and when I open Tor browser then it can't work. Tor Logs are: 10/08/2017 18:49:03.900 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] Opening Socks listener on 127.0.0.1:9150 10/08/2017 18:49:10.700 [NOTICE] Bootstrapped 5%: Connecting to directory server 10/08/2017 18:49:10.700 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 10/08/2017 18:49:10.700 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure") 10/08/2017 18:49:10.900 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure") 10/08/2017 18:49:48.300 [WARN] Proxy Client: unable
[tor-talk] Why Tor can't load on my Linux?
Hello.I'm using Debian 8.9 x64 and when I open Tor browser then it can't work. Tor Logs are: 10/08/2017 18:49:03.900 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 18:49:09.300 [NOTICE] Opening Socks listener on 127.0.0.1:9150 10/08/2017 18:49:10.700 [NOTICE] Bootstrapped 5%: Connecting to directory server 10/08/2017 18:49:10.700 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 10/08/2017 18:49:10.700 [WARN] Proxy Client: unable to connect to 2001:470:b381:bfff:216:3eff:fe23:d6c3:443 ("general SOCKS server failure") 10/08/2017 18:49:10.900 [WARN] Proxy Client: unable to connect to 192.99.11.54:443 ("general SOCKS server failure") 10/08/2017 18:49:48.300 [WARN] Proxy Client: unable to connect to 85.17.30.79:443 ("general SOCKS server failure") 10/08/2017 18:49:52.900 [WARN] Proxy Client: unable to connect to 83.212.101.3:50002 ("general SOCKS server failure") 10/08/2017 18:50:04.900 [WARN] Proxy Client: unable to connect to 109.105.109.147:13764 ("general SOCKS server failure") 10/08/2017 18:50:09.200 [WARN] Proxy Client: unable to connect to 154.35.22.13:16815 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 154.35.22.12:80 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 38.229.1.78:80 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 85.31.186.98:443 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 154.35.22.9:443 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 38.229.33.83:80 ("general SOCKS server failure") 10/08/2017 18:50:10.700 [WARN] Proxy Client: unable to connect to 85.31.186.26:443 ("general SOCKS server failure") 10/08/2017 18:50:10.800 [WARN] Proxy Client: unable to connect to 37.218.245.14:38224 ("general SOCKS server failure") 10/08/2017 18:50:10.800 [WARN] Proxy Client: unable to connect to 109.105.109.165:10527 ("general SOCKS server failure") 10/08/2017 18:50:10.900 [WARN] Proxy Client: unable to connect to 37.218.240.34:40035 ("general SOCKS server failure") 10/08/2017 18:51:17.900 [WARN] Proxy Client: unable to connect to 154.35.22.11:16488 ("general SOCKS server failure") 10/08/2017 18:51:17.900 [WARN] Proxy Client: unable to connect to 154.35.22.10:15937 ("general SOCKS server failure") 10/08/2017 19:02:00.700 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 10/08/2017 19:02:00.700 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 10/08/2017 19:02:00.700 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 I'm using "obfs4". Any idea? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to find trust nodes?
Excuse me if I say it, but your answers make me confuse more!!! I guess there is no guarantee about Tor nodes. Governments and bad people can launch a Tor node and sniff Tor users traffic and... On Thu, 9/28/17, Seth David Schoenwrote: Subject: Re: [tor-talk] How to find trust nodes? To: tor-talk@lists.torproject.org Date: Thursday, September 28, 2017, 1:41 AM George writes: > But ultimately, Tor's topography mitigates against one of the three > nodes in your circuit being compromised. If the first hop is > compromised, then they only know who you are, but not where your > destination is. If the last hop is compromised, they only know where > you're going, but not who you are (unless your providing clear text of > personally identifying information). A challenge is that there are threat models in which a considerable number of Tor users may be exposed, at least for some of their circuits. * If a single adversary runs several fast nodes that are popular and whose relationship to each other is undisclosed, a pretty high amount of traffic may select that adversary's nodes as entry and exit nodes for the same circuit. The guard node design gives a relatively low probability of this happening to any individual user with respect to any individual adversary in any specific time period, but doesn't guarantee that it would be a particularly rare event for Tor users as a whole. * If adversaries cooperate, they can get benefits equivalent to running many nodes even though each one only runs a few. * If an adversary can monitor network activity and see both entry and exit points, for a given circuit, it can perform correlations even though it doesn't operate any nodes. Or, an adversary that can monitor some networks can increase its chance of getting visibility of both ends of a connection by also operating some nodes, since some users whose entry or exit activity the adversary otherwise wouldn't have been able to monitor from network surveillance alone may sometimes randomly choose to use that adversary's nodes in one of these positions. * An adversary that can monitor some kind of public or private online activity can perform coarse-grained timing correlation attacks between its own entry nodes (or parts of the Internet where it can see Tor node entry) and the online activity that it can see. For example, if a user regularly uses Tor to participate in some kind of public forum, public chat, etc., the adversary could gather data about how entry traffic that it can see does or doesn't correlate with that participation. Or if an adversary can obtain logs about the use of a particular online service, even though those logs aren't available to the general public, it can also correlate that statistically with entry data that it has available for some other reason. The "good news" is that a given Tor user is probably not very likely to be vulnerable to many of these attacks from many adversaries when using Tor infrequently or for brief periods. Yet many of these attacks would work at least some of the time against a pretty considerable amount of Tor traffic. I agree with your point that just having more random people run nodes helps decrease the probability of success of several of these attacks. -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -Inline Attachment Follows- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] How to find trust nodes?
How can I find a good node that configured strongly? On Wed, 9/27/17, George <geo...@queair.net> wrote: Subject: Re: [tor-talk] How to find trust nodes? To: tor-talk@lists.torproject.org Date: Wednesday, September 27, 2017, 11:18 PM Jason Long: > Hello. > How can I sure a Tor node that I connected to it is secure and is not a NSA or CIA node? You can't ensure that none of the Tor nodes in a particular three-node circuit aren't run by some three-letter government agency. There are regular checks about expired versions of Tor, poorly configured Tor policies on nodes, or other explicit bad things, but those only catch the most obvious insecurities. You can run your own relay or bridge, which could at least ensure one hop isn't compromised, not to mention the benefit for the many other Tor users. But ultimately, Tor's topography mitigates against one of the three nodes in your circuit being compromised. If the first hop is compromised, then they only know who you are, but not where your destination is. If the last hop is compromised, they only know where you're going, but not who you are (unless your providing clear text of personally identifying information). This happens to be why that quiet individual who runs one bridge or relay is so vital to the integrity of the network. g -- 5F77 765E 40D6 5340 A0F5 3401 4997 FF11 A86F 44E2 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor with static IP.
You can use Tor as VPN on your cell phone and not TorBrowser needed. On Thu, 8/17/17, krishna e bera <k...@cyblings.on.ca> wrote: Subject: Re: [tor-talk] Tor with static IP. To: tor-talk@lists.torproject.org Date: Thursday, August 17, 2017, 12:57 AM On 12/08/17 07:08 AM, Jason Long wrote: > Hello.Can I use Tor with static IP? I don't like my IP changed. Your own IP address is not changed by the Tor network. What the Tor network changes periodically is route taken to wesites you visit in Torbrowser. Each route will use 2 or 3 different IP addresses (the entry guard plus a middle node plus an exit node). The websites you visit do not know (and cannot find out) what your own IP address is, they can only see the exit node's IP address. If you want to visit websites and have them see your own IP address each time, use the normal browser that comes with your operating system. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor with static IP.
When you register at origin.com then you can't use it with a new IP. On Wed, 8/16/17, Petrusko <petru...@riseup.net> wrote: Subject: Re: [tor-talk] Tor with static IP. To: tor-talk@lists.torproject.org Date: Wednesday, August 16, 2017, 9:37 PM I think it's against the Tor rule ? Tor is here to help you about privacy, and changing circuits/IP will be the start to achieve this goal ;) Jason Long : > Hello.Can I use Tor with static IP? I don't like my IP changed. > Thank you. -- Petrusko C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -Inline Attachment Follows- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor with static IP.
Hello.Can I use Tor with static IP? I don't like my IP changed. Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Why Tor can't connect?
Hello.I use Debian 8.6 amd64 and the last version of TorBrowser.When I run my TorBrowser and like to use "obsf4" or others it show me below error: 01/02/2017 19:54:02.500 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 01/02/2017 19:54:02.500 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 01/02/2017 19:54:02.500 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 01/02/2017 19:54:02.500 [NOTICE] Opening Socks listener on 127.0.0.1:9150 01/02/2017 19:54:02.500 [NOTICE] Renaming old configuration file to "/home/jason/Desktop/Tors/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.orig.1" 01/02/2017 19:54:05.600 [NOTICE] Bootstrapped 5%: Connecting to directory server 01/02/2017 19:54:05.600 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 01/02/2017 19:54:06.600 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection 01/02/2017 19:54:07.100 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus 01/02/2017 19:54:07.700 [NOTICE] new bridge descriptor 'wisctorbridge03' (fresh): $A17A40775FBD2CA1184BF80BFC330A77ECF9D0E9~wisctorbridge03 at 128.105.214.163 01/02/2017 19:54:07.700 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 01/02/2017 19:54:08.400 [NOTICE] new bridge descriptor 'wisctorbridge02' (fresh): $FC562097E1951DCC41B7D7F324D88157119BB56D~wisctorbridge02 at 128.105.214.162 01/02/2017 19:54:08.400 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 01/02/2017 19:54:09.600 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus 01/02/2017 19:54:16.200 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 01/02/2017 19:54:16.500 [NOTICE] Bootstrapped 40%: Loading authority key certs 01/02/2017 19:54:16.700 [WARN] Our clock is 11 hours, 5 minutes behind the time published in the consensus network status document (2017-01-03 15:00:00 UTC). Tor needs an accurate clock to work correctly. Please check your time and date settings! 01/02/2017 19:54:16.700 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus. 01/02/2017 19:54:35.600 [WARN] Proxy Client: unable to connect to 131.252.210.150:8080 ("TTL expired") 01/02/2017 19:55:36.900 [WARN] Our clock is 12 hours, 4 minutes behind the time published in the consensus network status document (2017-01-03 16:00:00 UTC). Tor needs an accurate clock to work correctly. Please check your time and date settings! 01/02/2017 19:55:36.900 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no recent usable consensus. 01/02/2017 19:56:26.300 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 01/02/2017 19:56:26.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 01/02/2017 19:56:26.300 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 01/02/2017 19:56:26.600 [NOTICE] Delaying directory fetches: DisableNetwork is set. Why? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Mirai Botnet Relocates To Onions
How we can protect themselves? On Sun, 12/18/16, Flipchanwrote: Subject: Re: [tor-talk] Mirai Botnet Relocates To Onions To: tor-talk@lists.torproject.org Date: Sunday, December 18, 2016, 9:24 AM There is alot of botnets that run over Tor , there is alot of assholes. But if You can identify THE malware You can pretty easy find the source code and then THE default cred to shut it down. grarpamp skrev: (18 december 2016 06:11:17 CET) >https://www.bleepingcomputer.com/news/security/security-firms-almost-brought-down-massive-mirai-botnet/ > >"Following a failed takedown attempt, changes made to the Mirai >malware variant responsible for building one of today's biggest >botnets of IoT devices will make it incredibly harder for authorities >and security firms to shut it down," reports Bleeping Computer. >Level3 and others" have been very close to taking down one of the >biggest Mirai botnets around, the same one that attempted to knock the >Internet offline in Liberia, and also hijacked 900,000 routers from >German ISP Deutsche Telekom.The botnet narrowly escaped due to the >fact that its maintainer, a hacker known as BestBuy, had implemented a >domain-generation algorithm to generate random domain names where he >hosted his servers. >Currently, to avoid further takedown attempts from similar security >firms, BestBuy has started moving the botnet's command and control >servers to Tor. "It's all good now. We don't need to pay thousands to >ISPs and hosting. All we need is one strong server," the hacker said. >"Try to shut down .onion 'domains' over Tor," he boasted, knowing that >nobody can. >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and iptables.
Did you see my iptables rules? What is my problem? On Sun, 12/11/16, Jonathan Marquardt <m...@parckwart.de> wrote: Subject: Re: [tor-talk] Tor and iptables. To: tor-talk@lists.torproject.org Date: Sunday, December 11, 2016, 7:24 AM On Sun, Dec 11, 2016 at 12:26:47PM +, Jason Long wrote: > Excuse me, I must allow input to my system? It is so bad :(, I don't like to allow everyone. This has nothing to do with Tor. It's just the general way how the IP protocol works. Without allowing stateful input, you couldn't do any useful traffic. You always need to make sure that there's a way to the destination (output) and a way for the target server to reply to you (input). But using stateful inspection, only input that is a reply to your output is allowed. There should't be any security risk because of this. It's what your home router is doing as well to allow the servers you want to talk to to reply. See also: https://en.wikipedia.org/wiki/Stateful_firewall -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and iptables.
Did you see my iptables rules? What is my problem? On Sun, 12/11/16, Jonathan Marquardt <m...@parckwart.de> wrote: Subject: Re: [tor-talk] Tor and iptables. To: tor-talk@lists.torproject.org Date: Sunday, December 11, 2016, 7:24 AM On Sun, Dec 11, 2016 at 12:26:47PM +, Jason Long wrote: > Excuse me, I must allow input to my system? It is so bad :(, I don't like to allow everyone. This has nothing to do with Tor. It's just the general way how the IP protocol works. Without allowing stateful input, you couldn't do any useful traffic. You always need to make sure that there's a way to the destination (output) and a way for the target server to reply to you (input). But using stateful inspection, only input that is a reply to your output is allowed. There should't be any security risk because of this. It's what your home router is doing as well to allow the servers you want to talk to to reply. See also: https://en.wikipedia.org/wiki/Stateful_firewall -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and iptables.
can anyone edit my rules and tell me what is my problem? On Monday, December 12, 2016 1:23 AM, Jonathan Marquardtwrote: On Mon, Dec 12, 2016 at 01:52:22AM -0700, Mirimir wrote: > Sorry about missing the typo in my initial reply. It _was_ an invalid > rule. But accepting lo is necessary with default deny, right? Yes, sorry, you're right. My bad. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and iptables.
My iptables rules are : *filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -j ACCEPT -m state --state RELATED,ESTABLISHED-A INPUT -i lo -j ACCEPT#-A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --mask 255.255.255.255 --rsource-A INPUT -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 180 --hitcount 4 --name DEFAULT --mask 255.255.255.255 --rsource -j DROP-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7-A INPUT -m recent --rcheck --seconds 86400 --name portscan --mask 255.255.255.255 --rsource -j DROP-A INPUT -m recent --remove --name portscan --mask 255.255.255.255 --rsource-A INPUT -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j LOG --log-prefix "portscan:"-A INPUT -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j DROP-A INPUT -j REJECT --reject-with icmp-port-unreachable-A INPUT -i lo -j ACCEPT-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -s 10.0.0.0/8 -j DROP-A INPUT -s 169.254.0.0/16 -j DROP-A INPUT -s 172.16.0.0/12 -j DROP-A INPUT -s 127.0.0.0/8 -j DROP-A INPUT -s 192.168.0.0/24 -j DROP-A INPUT -s 224.0.0.0/4 -j DROP-A INPUT -d 224.0.0.0/4 -j DROP-A INPUT -s 240.0.0.0/5 -j DROP-A INPUT -d 240.0.0.0/5 -j DROP-A INPUT -s 0.0.0.0/8 -j DROP-A INPUT -d 0.0.0.0/8 -j DROP-A INPUT -d 239.255.255.0/24 -j DROP-A INPUT -d 255.255.255.255/32 -j DROP-A INPUT -p icmp -m icmp --icmp-type 17 -j DROP-A INPUT -p icmp -m icmp --icmp-type 13 -j DROP-A INPUT -p icmp -m icmp --icmp-type 13 -m limit --limit 1/sec -j ACCEPT-A INPUT -m state --state INVALID -j DROP-A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/sec --limit-burst 2 -j ACCEPT-A INPUT -m recent --rcheck --seconds 86400 --name portscan --mask 255.255.255.255 --rsource -j DROP-A INPUT -m recent --remove --name portscan --mask 255.255.255.255 --rsource-A INPUT -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j LOG --log-prefix "portscan:"-A INPUT -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j DROP-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-port-unreachable-A FORWARD -j REJECT --reject-with icmp-port-unreachable-A FORWARD -m recent --rcheck --seconds 86400 --name portscan --mask 255.255.255.255 --rsource -j DROP-A FORWARD -m recent --remove --name portscan --mask 255.255.255.255 --rsource-A FORWARD -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j LOG --log-prefix "portscan:"-A FORWARD -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j DROP-A FORWARD -m state --state INVALID -j DROP-A FORWARD -m recent --rcheck --seconds 86400 --name portscan --mask 255.255.255.255 --rsource -j DROP-A FORWARD -m recent --remove --name portscan --mask 255.255.255.255 --rsource-A FORWARD -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j LOG --log-prefix "portscan:"-A FORWARD -p tcp -m tcp --dport 139 -m recent --set --name portscan --mask 255.255.255.255 --rsource -j DROP-A FORWARD -j REJECT --reject-with icmp-port-unreachable-A OUTPUT -j ACCEPT-A OUTPUT -m state --state INVALID -j DROP-A OUTPUT -o lo -j ACCEPT-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT-A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT-A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT-A OUTPUT -j REJECT --reject-with icmp-port-unreachable-A OUTPUT -j ACCEPT -m state --state RELATED,ESTABLISHEDCOMMIT What is my problem? Why I can't use "obfs4" ? On Sunday, December 11, 2016 10:33 PM, Mirimir <miri...@riseup.net> wrote: On 12/10/2016 07:16 AM, Jason Long wrote: > Hello. > I like to close all INPUT connections via iptables but I like to use > TorBrowser, Then Which port(s) must be open? > > -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT > > > Is it enough? How about "INPUT"? Must I open any input port too? > > Thank you. You only need to allow input and output for the tor process. And input for SSH, if you need that. Plus related/established, of course. In Debian, run "id -u debian-tor".
Re: [tor-talk] Tor and iptables.
Excuse me, I must allow input to my system? It is so bad :(, I don't like to allow everyone. On Sunday, December 11, 2016 2:44 AM, Jonathan Marquardtwrote: You always need to allow some input as well in order for the Tor guard node to talk to your computer. Stateful Inspection is used for this. Here's a complete ruleset to accomplish what you asked for. All output is allowed, but no input, except it belongs to some output your computer previously did. # Stateful inspection for input and output iptables -A INPUT -j ACCEPT -m state --state RELATED,ESTABLISHED iptables -A OUTPUT -j ACCEPT -m state --state RELATED,ESTABLISHED # Allow loopback traffic iptables -A INPUT -i lo -j ACCEPT # Reject any other input iptables -A INPUT -j REJECT # Accept all output iptables -A OUTPUT -j ACCEPT Note that you also want to accout for IPv6 using ip6tables. It depends on your network though. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor and iptables.
Hello. I like to close all INPUT connections via iptables but I like to use TorBrowser, Then Which port(s) must be open? -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT Is it enough? How about "INPUT"? Must I open any input port too? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and iptables.
Tor can't connect and show me below error: 12/09/2016 17:41:40.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/09/2016 17:41:40.300 [NOTICE] Opening Socks listener on 127.0.0.1:9150 12/09/2016 17:41:42.100 [NOTICE] Bootstrapped 5%: Connecting to directory server 12/09/2016 17:41:42.100 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 12/09/2016 17:42:16.500 [WARN] Proxy Client: unable to connect to 192.95.36.142:443 ("general SOCKS server failure") 12/09/2016 17:42:23.600 [WARN] Proxy Client: unable to connect to 154.35.22.11:80 ("general SOCKS server failure") 12/09/2016 17:42:24.100 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 12/09/2016 17:42:24.100 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/09/2016 17:42:24.100 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 12/09/2016 17:42:32.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/09/2016 17:42:32.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/09/2016 17:42:32.300 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/09/2016 17:42:32.300 [NOTICE] Opening Socks listener on 127.0.0.1:9150 12/09/2016 17:45:58.400 [NOTICE] Closing no-longer-configured Socks listener on 127.0.0.1:9150 12/09/2016 17:45:58.400 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 12/09/2016 17:45:58.400 [NOTICE] Closing old Socks listener on 127.0.0.1:9150 12/09/2016 17:45:59.100 [NOTICE] Delaying directory fetches: DisableNetwork is set. On Saturday, December 10, 2016 6:16 AM, Jason Long <hack3r...@yahoo.com> wrote: Hello. I like to close all INPUT connections via iptables but I like to use TorBrowser, Then Which port(s) must be open? -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT Is it enough? How about "INPUT"? Must I open any input port too? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hacker and Tor
You said hidemyass work for government then why I must use it? On Fri, 12/2/16, Flipchanwrote: Subject: Re: [tor-talk] Hacker and Tor To: tor-talk@lists.torproject.org Date: Friday, December 2, 2016, 10:28 AM Hidemyass did deanonymize and gave out information to the goverment about One if their own users. If dns is your problem run dns throw Tor. Use dnscrypt throw Tor . A cpanel is often just some php script sure it might record ur ip and useragent But that is mostly the Web server that does that. If You have a fake usr agent and are running Tor You can do like a online browser leakage test. I would not(and this is my opinion use hidemyass). techl...@123mail.org skrev: (2 december 2016 19:21:55 CET) >> > Hello. >> > If you browse a Cpanel via Tor for deface >> > a website then can >> > provider or Website >> > admin find your real IP with some >> > tricks? Any experiences? > > >cPanel security system has been set up to grab the DNS of Tor proxies >used to log in, they will find out your real IP looking at the logs and >you will end up in jail. > >But Hide My Ass, a high security proxy, protects you from DNS caching >security system in cPanel: > >https://www.hidemyass.com/ >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hacker and Tor.
It just a question. On Tue, 11/29/16, Flipchan <flipc...@riseup.net> wrote: Subject: Re: [tor-talk] Hacker and Tor. To: tor-talk@lists.torproject.org Date: Tuesday, November 29, 2016, 1:38 PM May i remind You that this is Tor talk mailing list, Tor is made to protect the privacy of people globaly and missuseing Tor is not helping make the Internet safer. Might i suggest that You hack on some vm's instead? Try vulnhub.com Jason Long <hack3r...@yahoo.com> skrev: (29 november 2016 19:55:18 CET) >Any idea? > >On Sun, 11/27/16, Jason Long <hack3r...@yahoo.com> wrote: > > Subject: Hacker and Tor. > To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org> > Date: Sunday, November 27, 2016, 12:56 AM > > Hello. > If you browse a Cpanel via Tor for deface a website then can > provider or Website admin find your real IP with some > tricks? Any experiences? > > Thank you. > >-- >tor-talk mailing list - tor-talk@lists.torproject.org >To unsubscribe or change other settings go to >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Sincerly flipchan - LayerProx dev -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Hacker and Tor.
Any idea? On Sun, 11/27/16, Jason Long <hack3r...@yahoo.com> wrote: Subject: Hacker and Tor. To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org> Date: Sunday, November 27, 2016, 12:56 AM Hello. If you browse a Cpanel via Tor for deface a website then can provider or Website admin find your real IP with some tricks? Any experiences? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] OBFS4 Blocking (Cyberoam demo)
Can it mean that they found how Tor working? On Sun, 11/27/16, David Fifieldwrote: Subject: Re: [tor-talk] OBFS4 Blocking (Cyberoam demo) To: "Yphone" Cc: tor-talk@lists.torproject.org Date: Sunday, November 27, 2016, 3:14 PM On Thu, Nov 17, 2016 at 11:53:39AM -0600, Yphone wrote: > Cyberoam calls it Tor. Not sure about iboss but I would guess it calls it Tor as well I just learned that Cyberoam has an online demo. https://demo.cyberoam.com/ (username: guest, password: guest) In the Application Filter config, there's a "TOR Proxy" entry. http://ngdemo.cyberoam.com/corporate/webpages/index.jsp#79830 Name: TOR Proxy Category: Proxy and Tunnel Risk: 5 - Very High Characteristics: Tunnels other apps,Vulnerabilities,... Technology: Client Server -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] OBFS4 Blocking (Cyberoam demo)
Can it mean that they found how Tor working? On Sun, 11/27/16, David Fifieldwrote: Subject: Re: [tor-talk] OBFS4 Blocking (Cyberoam demo) To: "Yphone" Cc: tor-talk@lists.torproject.org Date: Sunday, November 27, 2016, 3:14 PM On Thu, Nov 17, 2016 at 11:53:39AM -0600, Yphone wrote: > Cyberoam calls it Tor. Not sure about iboss but I would guess it calls it Tor as well I just learned that Cyberoam has an online demo. https://demo.cyberoam.com/ (username: guest, password: guest) In the Application Filter config, there's a "TOR Proxy" entry. http://ngdemo.cyberoam.com/corporate/webpages/index.jsp#79830 Name: TOR Proxy Category: Proxy and Tunnel Risk: 5 - Very High Characteristics: Tunnels other apps,Vulnerabilities,... Technology: Client Server -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Hacker and Tor.
Hello. If you browse a Cpanel via Tor for deface a website then can provider or Website admin find your real IP with some tricks? Any experiences? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] What is the different between Official TorBrowser and Browser4Tor?
Hello. I found a version of Tor in "http://torbrowser.sourceforge.net/;, But what is the different between it and official TorBrowser? Is it a trust version? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Find Real IP via ISP.
Are you kidding? Iranian relays are good in this scenario? Why? On Wed, 11/23/16, Jonathan Marquardt <m...@parckwart.de> wrote: Subject: Re: [tor-talk] Find Real IP via ISP. To: tor-talk@lists.torproject.org Date: Wednesday, November 23, 2016, 7:16 AM Yes, luckily that's not happening yet. At least not on a large scale. In order for that technique to really work out, all ISPs in all countries your Tor connection goes through would need to work together. The more geographically and politically diverse the countries your Tor circuit goes through get, the harder the tracking gets. Depending on how much of an orwellian world you want to imagine, it might be that some day all countries in Europe collaborate, for example. So it's good to have some Tor relays outside of that continent. In fact, the iranian relays you recently were worried about, Jason, might be very helpful in such a scenario. On Tue, Nov 22, 2016 at 12:23:15PM +, Jason Long wrote: > Oh, You mean is that all ISPs contribute to each other? > > > > On Tuesday, November 22, 2016 3:41 PM, juanjo <jua...@avanix.es> wrote: > No, your ISP can't see your Tor exit IP. > > Of course, if all ISP form all the world started to log all connections > they could follow the path and find your original IP. This is something > UK is starting to do now... and many goverments want. > > > El 22/11/2016 a las 13:02, Jason Long escribió: > > Thus, ISP can't see my Tor IP? > > > > > > > > On Tuesday, November 22, 2016 3:27 PM, juanjo <jua...@avanix.es> wrote: > > ISP can't see that the user "changed" his IP adress on Tor. What you > > said could work on single-hop proxies or VPN, but not on Tor, remember > > on Tor you have not one but three hops. ISP can only see you are > > connecting to the first hop, not the remaining two (middle and exit, > > exit is the IP that the website will see). > > > > > > > > El 22/11/2016 a las 12:48, Jason Long escribió: > >> Hello. > >> As "Seth David Schoen" said, Governments can see that users using tor but can't see what they are doing. My questions is that if an ISP see that an IP address, For example, 100.100.100.1 connected to the Tor network and user IP address changed to 200.200.200.1 then if the user visit a website with Tor then if the websites owners show 200.200.200.1 to the ISP then can ISP give 100.100.100.1 to the website owner? > >> > >> Thank you. > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Find Real IP via ISP.
Are you kidding? Iranian relays are good in this scenario? Why? On Wed, 11/23/16, Jonathan Marquardt <m...@parckwart.de> wrote: Subject: Re: [tor-talk] Find Real IP via ISP. To: tor-talk@lists.torproject.org Date: Wednesday, November 23, 2016, 7:16 AM Yes, luckily that's not happening yet. At least not on a large scale. In order for that technique to really work out, all ISPs in all countries your Tor connection goes through would need to work together. The more geographically and politically diverse the countries your Tor circuit goes through get, the harder the tracking gets. Depending on how much of an orwellian world you want to imagine, it might be that some day all countries in Europe collaborate, for example. So it's good to have some Tor relays outside of that continent. In fact, the iranian relays you recently were worried about, Jason, might be very helpful in such a scenario. On Tue, Nov 22, 2016 at 12:23:15PM +, Jason Long wrote: > Oh, You mean is that all ISPs contribute to each other? > > > > On Tuesday, November 22, 2016 3:41 PM, juanjo <jua...@avanix.es> wrote: > No, your ISP can't see your Tor exit IP. > > Of course, if all ISP form all the world started to log all connections > they could follow the path and find your original IP. This is something > UK is starting to do now... and many goverments want. > > > El 22/11/2016 a las 13:02, Jason Long escribió: > > Thus, ISP can't see my Tor IP? > > > > > > > > On Tuesday, November 22, 2016 3:27 PM, juanjo <jua...@avanix.es> wrote: > > ISP can't see that the user "changed" his IP adress on Tor. What you > > said could work on single-hop proxies or VPN, but not on Tor, remember > > on Tor you have not one but three hops. ISP can only see you are > > connecting to the first hop, not the remaining two (middle and exit, > > exit is the IP that the website will see). > > > > > > > > El 22/11/2016 a las 12:48, Jason Long escribió: > >> Hello. > >> As "Seth David Schoen" said, Governments can see that users using tor but can't see what they are doing. My questions is that if an ISP see that an IP address, For example, 100.100.100.1 connected to the Tor network and user IP address changed to 200.200.200.1 then if the user visit a website with Tor then if the websites owners show 200.200.200.1 to the ISP then can ISP give 100.100.100.1 to the website owner? > >> > >> Thank you. > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Find Real IP via ISP.
Thus we must not Visit a site with and without Tor in a same time? On Tuesday, November 22, 2016 5:25 PM, Mirimir <miri...@riseup.net> wrote: On 11/22/2016 04:48 AM, Jason Long wrote: > Hello. > As "Seth David Schoen" said, Governments can see that users using > tor but can't see what they are doing. My questions is that if an > ISP see that an IP address, For example, 100.100.100.1 connected > to the Tor network and user IP address changed to 200.200.200.1 > then if the user visit a website with Tor then if the websites > owners show 200.200.200.1 to the ISP then can ISP give > 100.100.100.1 to the website owner? > > Thank you. As others have pointed out, ISPs don't know Tor exit IP addresses. Websites, of course, know Tor exit IP addresses. Because they see them when users connect. But knowing them doesn't allow them, or even help them, find users' ISP-assigned IP addresses. However, let's say that you've used a website without Tor. And let's say that you have an account. If you subsequently login to that account using Tor, the website operator could contact your ISP (which it knows from your prior use without Tor) and ask what you were doing at the time you logged in. And they would learn that you were using Tor. Even without an account, cookies could mark you just as well. Even so, ISPs generally won't provide that sort of information without a court order. So you would need to attract major attention from the website, or interested third parties, before you'd be at risk. There's also the possibility of website fingerprinting. So if you had used a website without Tor, your ISP could have collected data that allows them to identify connections to that website. Consider <http://hubblesite.org/gallery/wallpaper/>. There are many images, and they tend to load in a particular order. So the network traffic pattern is relatively unique. Many porn sites, for example, also have distinct fingerprints. But generally, if a website has never seen you without Tor, they have no chance of even tracking you back to your ISP. Let alone getting your identity from the ISP. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Find Real IP via ISP.
Oh, You mean is that all ISPs contribute to each other? On Tuesday, November 22, 2016 3:41 PM, juanjo <jua...@avanix.es> wrote: No, your ISP can't see your Tor exit IP. Of course, if all ISP form all the world started to log all connections they could follow the path and find your original IP. This is something UK is starting to do now... and many goverments want. El 22/11/2016 a las 13:02, Jason Long escribió: > Thus, ISP can't see my Tor IP? > > > > On Tuesday, November 22, 2016 3:27 PM, juanjo <jua...@avanix.es> wrote: > ISP can't see that the user "changed" his IP adress on Tor. What you > said could work on single-hop proxies or VPN, but not on Tor, remember > on Tor you have not one but three hops. ISP can only see you are > connecting to the first hop, not the remaining two (middle and exit, > exit is the IP that the website will see). > > > > El 22/11/2016 a las 12:48, Jason Long escribió: >> Hello. >> As "Seth David Schoen" said, Governments can see that users using tor but >> can't see what they are doing. My questions is that if an ISP see that an IP >> address, For example, 100.100.100.1 connected to the Tor network and user IP >> address changed to 200.200.200.1 then if the user visit a website with Tor >> then if the websites owners show 200.200.200.1 to the ISP then can ISP give >> 100.100.100.1 to the website owner? >> >> Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Find Real IP via ISP.
Thus, ISP can't see my Tor IP? On Tuesday, November 22, 2016 3:27 PM, juanjo <jua...@avanix.es> wrote: ISP can't see that the user "changed" his IP adress on Tor. What you said could work on single-hop proxies or VPN, but not on Tor, remember on Tor you have not one but three hops. ISP can only see you are connecting to the first hop, not the remaining two (middle and exit, exit is the IP that the website will see). El 22/11/2016 a las 12:48, Jason Long escribió: > Hello. > As "Seth David Schoen" said, Governments can see that users using tor but > can't see what they are doing. My questions is that if an ISP see that an IP > address, For example, 100.100.100.1 connected to the Tor network and user IP > address changed to 200.200.200.1 then if the user visit a website with Tor > then if the websites owners show 200.200.200.1 to the ISP then can ISP give > 100.100.100.1 to the website owner? > > Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Find Real IP via ISP.
Hello. As "Seth David Schoen" said, Governments can see that users using tor but can't see what they are doing. My questions is that if an ISP see that an IP address, For example, 100.100.100.1 connected to the Tor network and user IP address changed to 200.200.200.1 then if the user visit a website with Tor then if the websites owners show 200.200.200.1 to the ISP then can ISP give 100.100.100.1 to the website owner? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
I worked with email later and I want to know the bridge that Tor provide is trusted and secure? On Tue, 11/8/16, podmo <po...@sigaint.org> wrote: Subject: Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries. To: tor-talk@lists.torproject.org Date: Tuesday, November 8, 2016, 2:28 PM Jason Long writes: > How can I find a good list of secure Bridge? Go here for more information. https://www.torproject.org/docs/bridges#FindingMore Sounds like meek might work best for your scenario, so in that case you'd want to "Send an email to brid...@bridges.torproject.org with "get transport meek" by itself in the body of the email" from your Yahoo account. If you can VPN outside your country without it being blocked, you might also think about doing that and then running Tor through the VPN. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
How can I find a good list of secure Bridge? On Tuesday, November 8, 2016 1:38 PM, Jonathan Marquardt <m...@parckwart.de> wrote: One thing should be clear: If one is not using a bridge, it is trivial for any network observer (University firewall admin, Iran ISP) to see if one is using Tor. However, with the right bridge setup such a detection can ultimately be prevented. I guess meek is the best candidate for an undetectable bridge. On Mon, Nov 07, 2016 at 09:56:01AM -0800, Seth David Schoen wrote: > Jason Long writes: > > > To be honest, I guess that I must stop using Tor It is not secure.I can > > remember that in torproject.org the Tor speaking about some peole that use > > Tor. For example, reporters, Military soldiers and...But I guess all of > > them are ads. Consider a soldier in a country that want send a secret > > letter to his government and he want to use Tor but the country that he is > > in there can sniff his traffic :( > > That soldier has a potential problem if the government is aggressively > monitoring Internet traffic, because they can look at the time that the > message was received and ask "who was using Tor in our country at that > time?". This happened in 2013 when someone sent a bomb threat using > Tor on his university campus. Apparently he was the only person using > Tor on campus at the time the threat was sent. > > http://www.dailydot.com/crime/tor-harvard-bomb-suspect/ > > The ability to do this doesn't require the government to operate any of > the nodes and doesn't require them to be operated in the same country. > For instance, Harvard University was able to identify this person even > though he was using only Tor nodes that were outside of the university's > network. (It might have been much harder if he had been using a bridge > that the university didn't know about, or if he had sent the threat > from somewhere outside of the campus network.) > > If there are ways of sending the letter that introduce a delay, then it > might be harder for the government to identify the soldier because then > there is some amount of Tor use at a time that's not obviously related > to the sending of the letter. There might still be a concern that the > amount of data that the soldier transmitted over the Tor network is > very similar to the size of the letter, which may be a unique profile. > (That's a concern for systems like SecureDrop because people upload > large documents with a unique size; the number of people who transmitted > that exact amount of information on a Tor connection in a particular > time frame will be very small.) > > There's lots to think about and a good reminder that the Tor technology > isn't perfect. But I wouldn't agree with the idea that there's no point > in using Tor. Lots of people are getting an anonymity benefit from > using it all of the time. > > -- > Seth Schoen <sch...@eff.org> > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
To be honest, I guess that I must stop using Tor It is not secure.I can remember that in torproject.org the Tor speaking about some peole that use Tor. For example, reporters, Military soldiers and...But I guess all of them are ads. Consider a soldier in a country that want send a secret letter to his government and he want to use Tor but the country that he is in there can sniff his traffic :( On Monday, November 7, 2016 10:34 AM, Seth David Schoen <sch...@eff.org> wrote: Jason Long writes: > Not from ISP!! It is so bad because ISPs are under > governments control. If an ISP can see I use Tor then it is a good evidence > in censorship countries.You said " If a government is running the bridge, it > will know where the users are who are using that particular bridge.", In your > idea it is not silly? I mean was it and Tor must ban it. My point is that people in other countries could still benefit from these services, especially if they don't mind as much that the government of a country where they don't live knows something about their Tor traffic. For example, if I live in Germany, maybe I am more comfortable with my Tor circuits going through Iran, compared to someone who lives in Iran who is unhappy about that. Both people might agree that the Iranian government probably spies on the Tor network in a way they disagree with, but the person who lives in Iran may see this as a very practical important thing to worry about, while the perhaps who lives in Germany may think it's not as practically important. Or maybe someone living in Argentina is trying to hide their location from a particular person, but not from the government, and doesn't really mind if their data goes through Tor nodes in their own country. If you're using bridges to hide the fact that you use Tor at all, you need some way to know if the particular bridges and technologies you use can accomplish that goal. That might include knowing the person or organization who runs the bridge that you use. If you use bridges that are run by unknown people, you get a much greater risk that those bridges are maliciously tracking your use of Tor, regardless of what country they're physically located in. I totally agree that surveillance by ISPs and governments is very serious and very disturbing. Tor's design is partly about letting people use resources that are "somewhere else" so that perhaps they're not under surveillance by the user's own government or ISP, or aren't all under surveillance by the same people. This will probably work less well overall if the Tor developers try to single out particular countries as extra-bad so that they can't participate in Tor at all. That would mean fewer countries overall participating in Tor, and an easier time for people trying to do surveillance in the somewhat-less-bad countries. And it would mean fewer choices for users about where to send their traffic. One thing that might be useful would be a way for Tor users to actively pick what jurisdictions (or fiber optic cables or Internet exchange points) they do or don't want their data to pass through, and have the Tor client respect those preferences. This is helpful both because individual Tor users believe different things and because they have different threat models. I believe there's an old mechanism in the torrc configuration file to avoid using nodes in particular countries, but very few Tor users use this or understand how to use it. Maybe it could be made clearer and more convenient and integrated with the Tor Browser interface in some way. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
Not from ISP!! It is so bad because ISPs are under governments control. If an ISP can see I use Tor then it is a good evidence in censorship countries.You said " If a government is running the bridge, it will know where the users are who are using that particular bridge.", In your idea it is not silly? I mean was it and Tor must ban it. On Monday, November 7, 2016 12:08 AM, Seth David Schoen <sch...@eff.org> wrote: Jason Long writes: > You said the governments can see a user bandwidth usage and it is so bad > because they can understand a user use Tor for regular web surfing or use it > for upload files and... > You said governments can see users usages but not contents but how they can > find specific users if Tor hide my IP?!! Tor hides your IP address from the sites you're communicating with, but not from your own ISP (for example), or from the Tor bridge or guard node that you use. In the original design of Tor there was absolutely no attempt to hide who is using Tor, only what they are doing with it. One idea was that lots of people should use Tor for lots of things, so that it will be hard to guess why a particular person uses Tor. In the case of bridges for anticensorship, there is also some attempt to hide who is using Tor (especially because of the idea that using Tor can be forbidden or blocked in certain countries). If a particular bridge technology is unblocked, maybe the government doesn't know how to detect it yet, so maybe they don't know who the Tor users who use that technology are. If a government is running the bridge, it will know where the users are who are using that particular bridge. -- Seth Schoen <sch...@eff.org> Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
You said the governments can see a user bandwidth usage and it is so bad because they can understand a user use Tor for regular web surfing or use it for upload files and... You said governments can see users usages but not contents but how they can find specific users if Tor hide my IP?!! On Sat, 11/5/16, Seth David Schoen <sch...@eff.org> wrote: Subject: Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries. To: tor-talk@lists.torproject.org Date: Saturday, November 5, 2016, 11:36 PM Jason Long writes: > Hello Tor Developers and administrator.The Tor goal is provide Secure web surfing as free and Freedom but unfortunately some countries like Iran, China, North Korea and... Launch Tor bridges for spying on users and sniff their traffics and it is so bad and decrease Tor users and security. If Tor Project goal is Freedom and Anti Censorship then it must ban all bridges and Servers from those countries. Please consider it and do a serious job. Tor's approach to this issue is generally to look for ever-greater geographic diversity of servers. The Tor design assumes that there could be monitoring of servers in a particular network, but hopes that this won't be a big problem because most organizations monitoring Tor nodes can only see a part of the overall network. In that case, they can hopefully only see a part of the path that a particular user's traffic takes, so they may not know where the user is and also whom the user is communicating with (though they might know one or the other). In this model, it's not necessarily bad to have nodes on networks that are hostile -- because the people doing the monitoring get incomplete information. At the same time, having nodes in many places can decrease how complete a picture any one network operator or government can get. For example, suppose that the U.S. government, the Chinese government, and the Iranian government are all trying to spy on Tor users whose traffic passes through their territory, but the governments don't directly cooperate with each other. In that case, having a user use nodes in all 3 jurisdictions is probably great for anonymity because each jurisdiction to some extent protects facts about the user's activity from the other jurisdictions, and it's hard for anyone to put the whole picture together. If people want to hide the fact that they're using Tor at all, and are using bridges for that reason, they probably should not use bridges inside their own country. But those bridges could be useful to people in other countries who aren't trying to hide from the same adversary. If an exit node is unable to reach a lot of network resources because of censorship on the network where it's located, it should be possible to detect this through scanning and flag it as a BadExit so that clients will avoid using it in that role. There's still a problem when network operators pool their information or when governments can monitor networks outside of their own territory. This is a practical problem for path selection and also for assessing how much privacy Tor can actually provide against a particular adversary. For instance, if the U.K. government taps enough of the world's Internet links, or trades data about Tor users with other governments, it might be able to learn a lot about a high fraction of Tor users even if they don't use nodes that are in the U.K. That could be hard to fix without adopting a different anonymity design or finding a way to prevent these taps and exchanges of data. People have been thinking about that kind of issue quite a bit, like in https://www.nrl.navy.mil/itd/chacs/biblio/users-get-routed-traffic-correlation-tor-realistic-adversaries and other research projects, and to my mind the news isn't necessarily that good. But the key point is that having nodes on an unfriendly network isn't necessarily bad in itself unless that network actually sees interesting data as a result (or actively disrupts traffic in a way that doesn't get blacklisted from clients' path selection). And that can sometimes happen, but doesn't always have to happen, and people on other networks can still get a potential privacy or anticensorship benefit in the meantime. Notice that this argument doesn't depend on saying that what governments are doing is OK, or that they don't have ill will toward the Tor network or particular Tor users. It also doesn't prove that governments will fail to monitor the network; there's a lot of uncertainty about how effective governments' capabilities in this area are. Finally, there's an issue about identifying which nodes are secretly run by the same organizations (or secretly monitored by the same organizations!) which fail to admit it. This is a form of Sybil attack, where o
Re: [tor-talk] Please Remove Tor bridge and... from Censorship countries.
Any idea? On Wednesday, November 2, 2016 7:30 PM, Jason Long <hack3r...@yahoo.com> wrote: Hello Tor Developers and administrator.The Tor goal is provide Secure web surfing as free and Freedom but unfortunately some countries like Iran, China, North Korea and... Launch Tor bridges for spying on users and sniff their traffics and it is so bad and decrease Tor users and security. If Tor Project goal is Freedom and Anti Censorship then it must ban all bridges and Servers from those countries. Please consider it and do a serious job. Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Please Remove Tor bridge and... from Censorship countries.
Hello Tor Developers and administrator.The Tor goal is provide Secure web surfing as free and Freedom but unfortunately some countries like Iran, China, North Korea and... Launch Tor bridges for spying on users and sniff their traffics and it is so bad and decrease Tor users and security. If Tor Project goal is Freedom and Anti Censorship then it must ban all bridges and Servers from those countries. Please consider it and do a serious job. Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and forward email to Spam folder.
It is my problem and if webmail use mail server IP then why my email forwarded to Spam! On Sunday, October 30, 2016 6:19 PM, Ben Taskerwrote: So, it seems there are some differences which decide whether Google will include the client IP when using the web interface. If you're using an "Apps for domain" account, the X-originating-ip header will be added every time, whether you use Webmail or the "Gmail" app on Android. If you're using a @gmail.com address then it's not so consistent. I've not tracked down exactly what the difference are, but it adds it some of the time. Doesn't seem to be purely related to logging in from a new IP, could perhaps be related to the "reputation" of the IP you're connecting from? IPv4 vs IPv6 doesn't make a difference as far as I can see. Presumably they only add it when they consider the connection is possibly a risk, otherwise you'd never add it (or always add it). So the fuller answer, I guess, is "perhaps" On Sun, Oct 30, 2016 at 1:21 PM, Ben Tasker wrote: That's not strictly true. Under various circumstances, when using webmail, google will add an additional header - X-Originating-IP - which contains the IP of the client (i.e. your browser) connected to the webmail interface. Once upon a time, Hotmail used to do it to, though they moved to using a hashed version (and X-EIP as the header IIRC). You won't see the webmail client in "received from" headers though. On Sun, Oct 30, 2016 at 11:57 AM, Aeris wrote: > You wrong!!! > Google can't reveal client IP. It is an email header, Can you tell me the IP > address of sender? It depends how you send your email. If you use their webmail, your client IP is not send, because first sending SMTP machine is a gmail one : Received: from imirhil.fr ([127.0.0.1]) Sun, 30 Oct 2016 11:44:18 + (UTC) Received: from mail-it0-x229.google.com (mail-it0-x229.google.com [IPv6:2607:f8b0:4001:c0b:: 229]) Received: by mail-it0-x229.google.com; Sun, 30 Oct 2016 04:43:55 -0700 (PDT) If you use SMTP, your client IP is send because it’s the first sending SMTP machine : Received: from imirhil.fr ([127.0.0.1]); Sun, 30 Oct 2016 11:45:00 + (UTC) Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com [IPv6:2a00:1450:400c:c09:: 231]); Sun, 30 Oct 2016 11:44:40 + (UTC) Received: by mail-wm0-x231.google.com; Sun, 30 Oct 2016 04:44:40 -0700 (PDT) Received: from aeris.imirhil.fr ([***2001:41d0:fe85:b900::1*** ]); Sun, 30 Oct 2016 04:44:38 -0700 (PDT) This is why on my personal SMTP server, any client informations are dropped or anonymized. /^\s*(Received: from)[^\n]*(.*)/ REPLACE $1 [127.0.0.1] (localhost [127.0.0.1])$2 /^\s*User-Agent:/ IGNORE /^\s*X-Enigmail:/ IGNORE /^\s*X-Mailer:/ IGNORE /^\s*X-Originating-IP:/ IGNORE Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/c gi-bin/mailman/listinfo/tor-ta lk -- Ben Tasker https://www.bentasker.co.uk -- Ben Tasker https://www.bentasker.co.uk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor and forward email to Spam folder.
You wrong!!! Google can't reveal client IP. It is an email header, Can you tell me the IP address of sender? MIME-Version: 1.0 Received: by 10.103.2.209 with HTTP; Wed, 12 Oct 2016 12:02:10 -0700 (PDT) In-Reply-To:References:
Re: [tor-talk] Tor and forward email to Spam folder.
Thus google store my IP address? How can I see "X-Originating-Header"? On Monday, October 24, 2016 3:57 PM, Ben Tasker <b...@bentasker.co.uk> wrote: Gmail tends to add a header containing your client IP - X-Originating-Header I've never looked to see whether any spam filters are set up to use it though. If they were to, they'd see the IP of an exit node so might mark as spam based on that. On Mon, Oct 24, 2016 at 12:56 PM, Jason Long <hack3r...@yahoo.com> wrote: > Hello. > When I open my Gmail via Tor browser and send email them my Emails > forwarded to Spam Folder why? I guess web mails never use clients IPs. Am I > wrong? > > Thank you. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- Ben Tasker https://www.bentasker.co.uk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor and forward email to Spam folder.
Hello. When I open my Gmail via Tor browser and send email them my Emails forwarded to Spam Folder why? I guess web mails never use clients IPs. Am I wrong? Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor and BlackBerry
BB devices made on Security and tor goal it is. On Sunday, October 23, 2016 2:48 AM, Petruskowrote: Yeah I'm agree too, it can be really helpful to have TBrowser available for this OS... But nothing found here... https://marketplace.firefox.com/ Joe Btfsplk : > Wait - TBB won't run on FxOS? So a modified Firefox won't run under > Firefox OS? > I've never checked into this, but assume there's a good reason? > > Is it going to matter if TBB won't run on FxOS? -- Petrusko PubKey EBE23AE5 C0BF 2184 4A77 4A18 90E9 F72C B3CA E665 EBE2 3AE5 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor and BlackBerry
Not android? Then what os? On Thu, 10/20/16, Joe Btfsplk <joebtfs...@gmx.com> wrote: Subject: Re: [tor-talk] tor and BlackBerry To: tor-talk@lists.torproject.org Date: Thursday, October 20, 2016, 7:09 PM On 10/20/2016 1:24 PM, Jason Long wrote: > Hello. > Tor developed for android but why not BlackBerry? BlackBerry devices based on security and why tor not developed for them? > I don't know the answer. Maybe they developed for Android because there are so many phones? That reason alone doesn't mean it's a good idea. But doesn't it seem like using Android and trying to make it anonymous / leakproof is starting with a huge disadvantage? If users really want anonymity, why start with Android (Google)? It seems like the same applies to using Gmail & complaining that it doesn't work well with Tor Browser. Why not use another provider - that *isn't* the world's most notorious, commercial privacy invader? Tor devs don't use Chrome in Tor Browser - for good reason. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor and BlackBerry
Tor can run on firefox os? On Fri, 10/21/16, Petruskowrote: Subject: Re: [tor-talk] tor and BlackBerry To: tor-talk@lists.torproject.org Date: Friday, October 21, 2016, 12:01 AM That's why a smartphone with Firefox OS (or Boot 2 Gecko now, by community) was my 1st choice... But sadly no way to use TBrowser as I wrote on another thread :( -Inline Attachment Follows- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] tor and BlackBerry
Hello. Tor developed for android but why not BlackBerry? BlackBerry devices based on security and why tor not developed for them? Thanks. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] I can't use Tor via "obfs3" or other methods.
Can "OONI" help us about finding a way? On Monday, October 19, 2015 4:18 PM, Cubed <chasint...@emailcontrol.org> wrote: On Mon, 19 Oct 2015 00:05:49 + isis <i...@torproject.org> wrote: Aloha isis, Thanks for your input; you and I had the exact same thoughts on the matter. I agree, it's odd, and I was wrong to assume the problem was a hardware issue, ultimately. Some details that are relevant and were left out of my original response: - Workstations, whether laptop of desktop (predominately laptops though), were all being used as Tails hosts. - The TBB, run in whatever nix flavor, and I even think weird OS's like Windows, was perfectly capable of running OBFS4 bridges. The workstations are not all physically in my reach and I have only recently acquired a laptop that showed the problem. So once I was finally able to control for the above variables, I found that, if anything, it's a Tails-centric issue. The problem was replicatable on a variety of public and private networks. Ultimately, I don't think the ISPs had anything to do with it; it's not a censorship issue as far as I can tell. Based on where it hangs, and the eventual work around I figured out, I think the problem might have something to with building the initial Tor directory. I almost feel like writing that as a question, to communicate that I have not grokked the entire Tor circuit building routine. But, in every case, OBFS3 bridges worked. So eventually I tossed in one OBFS3 bridge along with a few OBFS4. Voila, Tor directory builds off the OBFS3 bridge (as it appears in the logs and through viewing the network map), and OBFS4 bridges are utilized immediately after. Cancel the OBFS3 connection, and nothing changes; so the OBFS3 bridge just needed to be there for the initial circuit building. And, if the Tails drive has persistence enabled with network configuration saved, the problem seems to eventually stop altogether. Personally, I'm surprised practically no one else has reported similar experiences (I follow the tails mailing list as well). It would seem to me that Tails is doing something different than the TBB that results in the bug. Which is plausible; Tails still uses Vidalia, which was deprecated elsewhere a while back. Vidalia, in Tails, is basically a hack that acts as an abstraction layer between the user and her torrc. Also, while OBFS4 sounds like the latest version of OBFS, implying that the two protocols are similar, 3 and 4 are actually quite different. 4 being closer to scramblesuit or something. Anyways, I've contributed the experience, I hope it saves someone an hour or two and helps them gain a pint or three! I gotta get back to figuring out how this baffling Windows registry works... 3 > Cubed transcribed 6.4K bytes: > > On Wed, 30 Sep 2015 18:12:11 + (UTC) > > Jason Long <hack3r...@yahoo.com> wrote: > > > > > > First, sorry for the thread necromancy. Thought it was worth > > responding too, though, since the OP didn't get much of an answer. > > > > Second, hello Jason, I have been experimenting with various > > configurations and OBFS3/4 compatibility. I first noticed problems > > connecting to OBFS4 bridges while using Tails on an older ASUS > > laptop. I thought it was an outlier until I found several other > > laptop models that had similar issues with almost identical logs to > > yours. > > > > I still don't know exactly what inhibits a network interface from > > connecting to a bridge but do have some info that might help push > > the issue forward and give you connectivity. Also, as you probably > > inferred, I believe it has to do with the network device the laptop > > or computer is using to connect. > > > > "iwlwifi" is a driver that has been part of debian stable for a long > > time, AFAIK. This is the driver that a ton of laptops will assign to > > the network interface. But on most newer lenovo's and some other > > models, a different driver is used and with those laptops, OBFS4 and > > sometimes OBFS3 will never connect. > > > > My troubleshooting steps have been as follows: > > - Try connecting to OBFS4 > > - Try connecting to OBFS3 > > - Try both 3/4 but with only <obfs* {ip_address:port} > > {fingerprint}>, and not including the cert, etc. > > - Try using a different interface like a USB wifi device, I've had > > positive results with most ralink chipsets. > > - Try a direct ethernet connection. > > > > I thought that the problem had something to do with how tails clones > > are made but now I'm unconvinced this is a problem. If you connect > > to tor via some other setup, these suggestions should help. > > > > In most of the configs I've worked on, ethernet h
Re: [tor-talk] I can't use Tor via "obfs3" or other methods.
I'm sure my Government blocked Tor.I use a PC and not Laptop. My motherboard model is "Asus B85 Plus". On Sunday, October 18, 2015 1:31 AM, Cubed <chasint...@emailcontrol.org> wrote: On Wed, 30 Sep 2015 18:12:11 +0000 (UTC) Jason Long <hack3r...@yahoo.com> wrote: First, sorry for the thread necromancy. Thought it was worth responding too, though, since the OP didn't get much of an answer. Second, hello Jason, I have been experimenting with various configurations and OBFS3/4 compatibility. I first noticed problems connecting to OBFS4 bridges while using Tails on an older ASUS laptop. I thought it was an outlier until I found several other laptop models that had similar issues with almost identical logs to yours. I still don't know exactly what inhibits a network interface from connecting to a bridge but do have some info that might help push the issue forward and give you connectivity. Also, as you probably inferred, I believe it has to do with the network device the laptop or computer is using to connect. "iwlwifi" is a driver that has been part of debian stable for a long time, AFAIK. This is the driver that a ton of laptops will assign to the network interface. But on most newer lenovo's and some other models, a different driver is used and with those laptops, OBFS4 and sometimes OBFS3 will never connect. My troubleshooting steps have been as follows: - Try connecting to OBFS4 - Try connecting to OBFS3 - Try both 3/4 but with only <obfs* {ip_address:port} {fingerprint}>, and not including the cert, etc. - Try using a different interface like a USB wifi device, I've had positive results with most ralink chipsets. - Try a direct ethernet connection. I thought that the problem had something to do with how tails clones are made but now I'm unconvinced this is a problem. If you connect to tor via some other setup, these suggestions should help. In most of the configs I've worked on, ethernet has provided me at least OBFS3 connectivity. In another case, the user needed to include at least 1 OBFS3 bridge and all the bridges would connect and work, but if she used all OBFS4, tor directory would never download. Hope this helps. three > Any tools exist that can help me for recognize my local network and > help you for solve my problem? > > > > On Wednesday, September 30, 2015 9:05 AM, isis <i...@torproject.org> > wrote: Jason Long transcribed 7.1K bytes: > > Isis Agora Lovecruft wrote: > > > Hello Jason, > > > > > > First, please try not to paste Bridge IP addresses and ports (i.e. > > > "148.251.156.199:443") or Bridge fingerprints (i.e. > > > "3BECEABD174AE41C5CCC17254A40DD24EC5372CD") into public > > > communications channels. It's dangerous for you, because now > > > people know which Bridges you are going to try to connect to when > > > you start up Tor. It's also potentially dangerous for other > > > people, since there may be other people using these Bridges. > > > Lastly, it's bad for the Bridges themselves, since they will > > > likely now be blocked by several censors and will no longer work > > > in those places. > > > > > > To answer your question, it looks like your SSL connections are > > > somehow dying. This could mean many things. It could simply be > > > that the router at your house/office/café/etc. is doing strange > > > things. Or, it might mean that someone somewhere is tampering > > > with your connections. Or it could mean something else entirely. > > > > > > I would recommend that you email BridgeDB at > > > mailto:brid...@torproject.org and request some new bridges. > > > Perhaps try using obfs4 instead, if you can? > > > > Thank you so much and I didn't know this problem about Bridges. I > > just copy Tor Log and nothing else :(. > > No worries; it's not your fault at all. I think we should be logging > sensitive info at those levels anyway (see #17193). [0] > > > I used all methods as I said and all of them have same problem :(. > > "obfs4" , "fte" and... > > > > What is your idea? Can government blocking Tor? > > Governments (and some other parties, like your network admin, your > ISP, etc.) could certainly block Tor, including blocking Bridges. > There are many ways that they could do this, some with various > consequences (for that government/etc.). A simple example would be if > your government only allowed traffic to http://cnn.com:80, and then > block anything that doesn't look like plaintext HTTP of someone > reading CNN articles. Obviously, this would be ridiculous if a > government did this, as pretty much all commerce, banking, online > ed
Re: [tor-talk] I can't use Tor via "obfs3" or other methods.
Any tools exist that can help me for recognize my local network and help you for solve my problem? On Wednesday, September 30, 2015 9:05 AM, isis <i...@torproject.org> wrote: Jason Long transcribed 7.1K bytes: > Isis Agora Lovecruft wrote: > > Hello Jason, > > > > First, please try not to paste Bridge IP addresses and ports (i.e. > > "148.251.156.199:443") or Bridge fingerprints (i.e. > > "3BECEABD174AE41C5CCC17254A40DD24EC5372CD") into public communications > > channels. > > It's dangerous for you, because now people know which Bridges you are going > > to > > try to connect to when you start up Tor. It's also potentially dangerous > > for > > other people, since there may be other people using these Bridges. Lastly, > > it's > > bad for the Bridges themselves, since they will likely now be blocked by > > several > > censors and will no longer work in those places. > > > > To answer your question, it looks like your SSL connections are somehow > > dying. > > This could mean many things. It could simply be that the router at your > > house/office/café/etc. is doing strange things. Or, it might mean that > > someone > > somewhere is tampering with your connections. Or it could mean something > > else > > entirely. > > > > I would recommend that you email BridgeDB at mailto:brid...@torproject.org > > and > > request some new bridges. Perhaps try using obfs4 instead, if you can? > > Thank you so much and I didn't know this problem about Bridges. I just copy > Tor Log and nothing else :(. No worries; it's not your fault at all. I think we should be logging sensitive info at those levels anyway (see #17193). [0] > I used all methods as I said and all of them have same problem :(. "obfs4" , > "fte" and... > > What is your idea? Can government blocking Tor? Governments (and some other parties, like your network admin, your ISP, etc.) could certainly block Tor, including blocking Bridges. There are many ways that they could do this, some with various consequences (for that government/etc.). A simple example would be if your government only allowed traffic to http://cnn.com:80, and then block anything that doesn't look like plaintext HTTP of someone reading CNN articles. Obviously, this would be ridiculous if a government did this, as pretty much all commerce, banking, online education, and a million other things would completely stop. However, without knowing more details about your specific situation, I can't really determine if/how Tor is blocked for you. [0]: https://bugs.torproject.org/17193 -- ♥Ⓐ isis agora lovecruft _ OpenPGP: 4096R/0A6A58A14B5946ABDE18E207A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] I can't use Tor via "obfs3" or other methods.
Any idea? On Tuesday, September 29, 2015 11:17 PM, Jason Long <hack3r...@yahoo.com> wrote: Hello. I can't use Tor via "obfs3" or other methods. I used Bridges too but not matter. What is your idea? my Tor log is : 09/29/2015 10:49:47.200 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 09/29/2015 10:50:02.500 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 09/29/2015 10:50:02.500 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 09/29/2015 10:50:02.500 [NOTICE] DisableNetwork is set. Tor will not make or accept non-control network connections. Shutting down all existing connections. 09/29/2015 10:50:02.500 [NOTICE] Opening Socks listener on 127.0.0.1:9150 09/29/2015 10:50:03.000 [NOTICE] Bootstrapped 5%: Connecting to directory server 09/29/2015 10:50:03.200 [NOTICE] Bootstrapped 10%: Finishing handshake with directory server 09/29/2015 10:55:07.000 [WARN] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (DONE; DONE; count 3; recommendation warn; host 3BECEABD174AE41C5CCC17254A40DD24EC5372CD at 148.251.156.199:443) 09/29/2015 10:55:07.000 [WARN] 3 connections have failed: 09/29/2015 10:55:07.000 [WARN] 2 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN 09/29/2015 10:55:07.000 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object) 09/29/2015 10:55:46.800 [NOTICE] Bootstrapped 15%: Establishing an encrypted directory connection 09/29/2015 10:55:47.000 [NOTICE] Bootstrapped 20%: Asking for networkstatus consensus 09/29/2015 10:55:48.400 [WARN] Problem bootstrapping. Stuck at 20%: Asking for networkstatus consensus. (No route to host; NOROUTE; count 4; recommendation warn; host 6E689CABD837ADE88A7179A4A9FD18EE73A00D2C at 133.236.115.222:100) 09/29/2015 10:55:48.400 [WARN] 3 connections have failed: 09/29/2015 10:55:48.400 [WARN] 2 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN 09/29/2015 10:55:48.400 [WARN] 1 connections died in state connect()ing with SSL state (No SSL object) 09/29/2015 10:55:49.700 [NOTICE] new bridge descriptor 'puerta' (fresh): $3BECEABD174AE41C5CCC17254A40DD24EC5372CD~puerta at 148.251.156.199 09/29/2015 10:55:49.700 [NOTICE] I learned some more directory information, but not enough to build a circuit: We have no usable consensus. 09/29/2015 10:55:49.700 [NOTICE] Bootstrapped 25%: Loading networkstatus consensus 09/29/2015 10:55:58.400 [WARN] Problem bootstrapping. Stuck at 25%: Loading networkstatus consensus. (No route to host; NOROUTE; count 5; recommendation warn; host 6E689CABD837ADE88A7179A4A9FD18EE73A00D2C at 133.236.115.222:100) 09/29/2015 10:55:58.400 [WARN] 4 connections have failed: 09/29/2015 10:55:58.400 [WARN] 2 connections died in state handshaking (Tor, v3 handshake) with SSL state SSL negotiation finished successfully in OPEN 09/29/2015 10:55:58.400 [WARN] 2 connections died in state connect()ing with SSL state (No SSL object) I use Tor on Debian Jessie x64. Thank you. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] I can't use Tor via "obfs3" or other methods.
Thank you so much and I didn't know this problem about Bridges. I just copy Tor Log and nothing else :(. I used all methods as I said and all of them have same problem :(. "obfs4" , "fte" and... What is your idea? Can government blocking Tor? On Wednesday, September 30, 2015 4:03 PM, isis <i...@torproject.org> wrote: Jason Long transcribed 3.4K bytes: > > > Any idea? > > > On Tuesday, September 29, 2015 11:17 PM, Jason Long <hack3r...@yahoo.com> > wrote: > Hello. > I can't use Tor via "obfs3" or other methods. I used Bridges too but not > matter. What is your idea? my Tor log is : > > 09/29/2015 10:49:47.200 [NOTICE] DisableNetwork is set. Tor will not make or > accept non-control network connections. Shutting down all existing > connections. > 09/29/2015 10:50:02.500 [NOTICE] DisableNetwork is set. Tor will not make or > accept non-control network connections. Shutting down all existing > connections. > 09/29/2015 10:50:02.500 [NOTICE] DisableNetwork is set. Tor will not make or > accept non-control network connections. Shutting down all existing > connections. > 09/29/2015 10:50:02.500 [NOTICE] DisableNetwork is set. Tor will not make or > accept non-control network connections. Shutting down all existing > connections. > 09/29/2015 10:50:02.500 [NOTICE] Opening Socks listener on 127.0.0.1:9150 > 09/29/2015 10:50:03.000 [NOTICE] Bootstrapped 5%: Connecting to directory > server > 09/29/2015 10:50:03.200 [NOTICE] Bootstrapped 10%: Finishing handshake with > directory server > 09/29/2015 10:55:07.000 [WARN] Problem bootstrapping. Stuck at 10%: Finishing > handshake with directory server. (DONE; DONE; count 3; recommendation warn; > host 3BECEABD174AE41C5CCC17254A40DD24EC5372CD at 148.251.156.199:443) > 09/29/2015 10:55:07.000 [WARN] 3 connections have failed: > 09/29/2015 10:55:07.000 [WARN] 2 connections died in state handshaking (Tor, > v3 handshake) with SSL state SSL negotiation finished successfully in OPEN > 09/29/2015 10:55:07.000 [WARN] 1 connections died in state connect()ing with > SSL state (No SSL object) > 09/29/2015 10:55:46.800 [NOTICE] Bootstrapped 15%: Establishing an encrypted > directory connection > 09/29/2015 10:55:47.000 [NOTICE] Bootstrapped 20%: Asking for networkstatus > consensus > 09/29/2015 10:55:48.400 [WARN] Problem bootstrapping. Stuck at 20%: Asking > for networkstatus consensus. (No route to host; NOROUTE; count 4; > recommendation warn; host 6E689CABD837ADE88A7179A4A9FD18EE73A00D2C at > 133.236.115.222:100) > 09/29/2015 10:55:48.400 [WARN] 3 connections have failed: > 09/29/2015 10:55:48.400 [WARN] 2 connections died in state handshaking (Tor, > v3 handshake) with SSL state SSL negotiation finished successfully in OPEN > 09/29/2015 10:55:48.400 [WARN] 1 connections died in state connect()ing with > SSL state (No SSL object) > 09/29/2015 10:55:49.700 [NOTICE] new bridge descriptor 'puerta' (fresh): > $3BECEABD174AE41C5CCC17254A40DD24EC5372CD~puerta at 148.251.156.199 > 09/29/2015 10:55:49.700 [NOTICE] I learned some more directory information, > but not enough to build a circuit: We have no usable consensus. > 09/29/2015 10:55:49.700 [NOTICE] Bootstrapped 25%: Loading networkstatus > consensus > 09/29/2015 10:55:58.400 [WARN] Problem bootstrapping. Stuck at 25%: Loading > networkstatus consensus. (No route to host; NOROUTE; count 5; recommendation > warn; host 6E689CABD837ADE88A7179A4A9FD18EE73A00D2C at 133.236.115.222:100) > 09/29/2015 10:55:58.400 [WARN] 4 connections have failed: > 09/29/2015 10:55:58.400 [WARN] 2 connections died in state handshaking (Tor, > v3 handshake) with SSL state SSL negotiation finished successfully in OPEN > 09/29/2015 10:55:58.400 [WARN] 2 connections died in state connect()ing with > SSL state (No SSL object) > > > I use Tor on Debian Jessie x64. > > Thank you. Hello Jason, First, please try not to paste Bridge IP addresses and ports (i.e. "148.251.156.199:443") or Bridge fingerprints (i.e. "3BECEABD174AE41C5CCC17254A40DD24EC5372CD") into public communications channels. It's dangerous for you, because now people know which Bridges you are going to try to connect to when you start up Tor. It's also potentially dangerous for other people, since there may be other people using these Bridges. Lastly, it's bad for the Bridges themselves, since they will likely now be blocked by several censors and will no longer work in those places. To answer your question, it looks like your SSL connections are somehow dying. This could mean many things. It could simply be that the router at your house/office/café/etc. is doing strange things. Or, it might mean that someone som