Re: [tor-talk] [OT] Secure laptop advice

[Flipchan]

Libreboot check it out

On March 21, 2019 6:47:41 AM GMT+01:00, muc4dol...@secmail.pro wrote:
>Hi. I want to shop for laptop I can trust and ask for your opinions. I
>see
>grarpamp often state #openfab and things like that. But in today
>reality I
>think we still buy AMD or Intel parts and things I dont understand with
>new UEFI BIOS.
>
>puri.sm looks like quality laptops and good intentions company ethos
>but
>still using Intel so whats the difference to simply buy $400 laptop and
>use linux? Hardware switch for wifi is the only functional difference I
>see. What do other people think? What are other manufacturers I can
>consider?
>
>Thank u
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Smtp,starttls and imap over TOR

[Flipchan]

Hey all,

Im going to write  a tutorial on how to setup and host your own email server 
for beginners and while im doing it i also want to add support for sending 
email throw hiddenservices , can anyone point me in the right direction on 
where i can find good documentation about this ?:)


Take care
Sincerely
Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Why do you use Tor?

[Flipchan]

Hey, 

On behalf of Firo Solutions LTD we can say that we use to for UXdevelopment if 
we hire a freelancer its alot better to give them a .onion address and write2 
lines in a conf file rather then give them vpn access to a UI that is only 
gonna be used a couple of hours by some random person 

, Tor is great for temporary .onion sites

On December 11, 2018 8:17:13 AM GMT+02:00, "Damon (TheDcoder)" 
 wrote:
>I began using Tor as a way to circumvent censorship... so anonymity or
>privacy were not my primary goals. Some of you may know that I made a
>program called ProxAllium which keeps Tor running in the background so
>that I can use the SOCKS proxy in my browser to circumvent censorship.
>
>These days it is different though, as I have switched to Linux as my
>main operating system and therefore could not use my own program. I
>also
>have a VPN and use Mozilla-Cloudflare's DoH DNS to circumvent DNS-based
>censorship from my ISP...
>
>Regards, TheDcoder.
>
>
>On 10/12/18 10:35 PM, Nathaniel Suchy wrote:
>> Hi,
>>
>> I'm curious to learn the reasons that various people on the lists,
>for those who are comfortable sharing, why they use Tor. I'm also
>curious as to whether users on this list only use Tor or if there are
>times they use a normal browser (if so what tasks).
>>
>> I use Tor mainly as an incognito browser probably once or twice a day
>depending on my needs. Often there's things I don't want to leave in a
>browser history or my home ISP to know about. It's also nice if I want
>to watch a specific video or resource on a website and don't want it in
>my recommendations later on. That said there are some things I just
>look at in Safari (please don't judge me for using a WebKit Browser :P
>   )
>>
>> What about people on this list? Look forward to hearing from you all
>:)
>> Cordially,
>> Nathaniel Suchy
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor on the International Space Station?

[flipchan]

That would be epic!
A Tor node in space would be amazing 

On September 28, 2018 2:01:43 PM UTC, Nathaniel Suchy  wrote:
>Hi everyone,
>
>Do we know if anyone has ever connected to the Tor Network from the
>International Space Station? This would be a really interesting data
>point
>to have / know about. Does NASA use their own ASN for the station or
>something else? I know people there can use Twitter so Tor would
>probably
>work?
>
>Cordially,
>Nathaniel Suchy
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] torjail - run programs in tor network namespace

[flipchan]

I agree! We love colors 
Great project BTW I will give it a try

On July 24, 2018 8:12:24 AM UTC, bic  wrote:
>> 2) I enjoy the print output when it's configuring the namespaces, but
>> there's no need for so much yelling :) (s/TOR/Tor/) [1]
>> 
>> > print G " * Resolving via TOR"
>> > print G " * Traffic via TOR..."
>> > print G " * Creating the TOR configuration file..."
>> > print G " * Executing TOR..."
>> 
>
>We like colors and pedantic verbosity!
>
>> 4) Please be aware of the problem with using "tor" in the project's
>> name [2].
>
>Thanks we didn't know about this policy, we'll look for a solution.
>
>> Have you looked at bubblewrap? It's a nice and simple namespacing
>> utility, too.
>> 
>
>Our main requirement is to have a simple bash script without
>dependencies.
>
>Thanks for your useful feedbacks!
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Post Quantum Tor

[flipchan]

I think someone wanted to implement supersingular isogeny(misspelled i guess ?) 
diffie hellman but then someone pointed out that it had some flads, i guess 
what we could do is update to curve 448 , i think dont think  they can break 
all kinds of ec doe , and ofc Curve25519 got a big target on its head. I would 
wait for the crypto ppl to wake up and answer this.

On May 26, 2018 5:39:41 AM UTC, Kevin Burress <speakeasy...@gmail.com> wrote:
>Hi,
>
>I was just wondering since the NSA has quantum computers that can break
>ECDSA (As they have stated they could break bitcoin in an interview,
>and
>telecomix unlocked Cameron's hard drive.) When is Tor going to be
>upgraded
>to post quantum?
>
>Can we at least hack together an interleaving of RSA and ECDSA with
>some
>secure number of rounds in the interim?
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy and ports < 1024

[flipchan]

Forward with socat

On March 11, 2018 8:49:26 AM UTC, Udo van den Heuvel <udo...@xs4all.nl> wrote:
>Hello,
>
>On a new x86_64 firewall I notice that a freshly built obfs4proxy does
>not want to bind to a port below 1024 and becomes defunct.
>A port > 1024 works OK.
>How do I make things work for ports below 1024?
>(this works OK on the 32-bit old firewall)
>
>Kind regards,
>Udo
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] can't access any web sites through tor network

[flipchan]

Have tried to switch so u get a new Tor relay ip? 

On October 17, 2017 7:41:18 PM GMT+02:00, Franps <fra...@protonmail.com> wrote:
>Hi, My name is Fran
>Some web sites refuse access through tor network. For example, there is
>a site www.edx.org which I use to visit (using tor browser) to learning
>training courses, but a few days ago, this site refuse the access
>through Tor Network. I can't log in.
>Could you advice to me if there is a way to avoid this problem? Thank
>you very much.
>
>Sent with [ProtonMail](https://protonmail.com) Secure Email.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor in Russia, blocked from Nov 1st?

[flipchan]

I would guess that they download a list of tornodes and block em and block port 
9050 , I guess we need more info

On October 16, 2017 10:16:45 PM GMT+02:00, xxx <torli...@yandex.ru> wrote:
>Greetings!
>
>Seems that TOR will be blocked from Nov 1st in Russia. Any info on
>this? 
>In such a case, will it be possible to use Tor through "bridges"?
>
>Thank you!
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor in Russia, blocked from Nov 1st?

[flipchan]

In sweden when they blocked the piratebay they have just a dns block 

On October 16, 2017 10:16:45 PM GMT+02:00, xxx <torli...@yandex.ru> wrote:
>Greetings!
>
>Seems that TOR will be blocked from Nov 1st in Russia. Any info on
>this? 
>In such a case, will it be possible to use Tor through "bridges"?
>
>Thank you!
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] obfs4proxy for the BSDs

[flipchan]

I just compile it manually

On October 4, 2017 3:45:00 PM GMT+02:00, George <geo...@queair.net> wrote:
>obfs4proxy arrived in NetBSD and OpenBSD (-current) ports with the
>relevant dependencies. It's in the queue for FreeBSD, and will be in
>the
>OpenBSD -stable 6.2 release coming on November 1.
>
>https://torbsd.github.io/blog.html#obfs4-everywhere
>
>In an upcoming release, the OpenBSD Tor Browser should have built-in
>support for obfs4proxy as a client, although it's easy enough to do
>manually now with the port installed.
>
>g
>
>-- 
>
>
>
>5F77 765E 40D6 5340 A0F5 3401 4997 FF11 A86F 44E2

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] HS v3 Onion Vanity Generator ed25519 prop224

[flipchan]

Nice!

On October 2, 2017 11:58:38 PM GMT+02:00, grarpamp <grarp...@gmail.com> wrote:
>https://github.com/cathugger/mkp224o
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Obfsproxy question

[flipchan]

eived 652 bytes.
>2017-09-26 19:54:54,297 [DEBUG] Attempting to extract the remote
>machine's UniformDH public key out of 652 bytes of data.
>2017-09-26 19:54:54,297 [DEBUG] Could not find the mark just yet.
>2017-09-26 19:54:54,297 [DEBUG] Unable to finish UniformDH handshake
>just yet.
>2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Connection was
>lost (Connection was closed cleanly.).
>2017-09-26 19:54:54,298 [DEBUG] socks_up_0x7fc0781eab90: Closing
>connection.
>2017-09-26 19:54:54,299 [DEBUG] circ_0x7fc077f845a8: Tearing down
>circuit.
>2017-09-26 19:54:54,299 [DEBUG] socks_down_0x7fc0781d9710: Closing
>connection.
>
>
>Is this problem somehow connected with warning about
>session_ticket.yaml?
>
>Directory /tmp/scramblesuit-client/scramblesuit/ on a client exists,
>but
>is empty.
>
>Any help will be much appreciated.
>
>Regards,
>M.
>-- 
>PGP Fingerprint: 1918 8C72 E5D6 B523 86E1  AC24 C82A C043 3D92 568D
>PGP Key:
>https://keyserver.ubuntu.com/pks/lookup?op=get=0xC82AC0433D92568D
>Personal blog: https://telefoncek.si
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Research presentation at the CCC

[flipchan]

Well would be cool if u opensourced all ur findings and research

Take care 
~flipchan

On September 25, 2017 6:52:35 PM GMT+02:00, COLLIER Ben <s1263...@sms.ed.ac.uk> 
wrote:
>Hello all,
>
>
>I hope that this finds all of you well - as some of you may know, I'm a
>researcher at the University of Edinburgh and I've been conducting some
>sociological research with members of the Tor community over the last
>nine months or so. This has been going well - everyone I've spoken to
>has been extremely generous with their time and I really appreciate all
>the contributions I've had. I've conducted around 20 anonymous
>interviews so far with relay operators, developers and other members of
>the community and the Tor Project.
>
>
>In the interests of feeding back some of my findings I had thought that
>I might submit a "work-in-progress" talk to this year's CCC on the
>research I've carried out so far. I thought that this might be a good
>opportunity to give something back to the community, to open some of my
>findings and research up to scrutiny and to invite discussion (while
>obviously strictly preserving the anonymity of respondents). I would of
>course make it clear that this research isn't affiliated with or
>carried out by the Tor Project.
>
>
>The CCC is obviously a very meaningful event for the Tor Project and
>the Tor community more broadly and I wanted to signal my intentions
>here on the Tor-talk mailing list to get a sense of whether this would
>pose any difficulties for the community, make anyone uncomfortable, or
>just generally be felt to be inappropriate. If anyone has any
>objections or concerns about me submitting a talk about my research to
>one of the CCC streams for this year then I'd be very grateful if you
>could let me know before the call for papers ends on the 15th October
>and I can take it into consideration and discuss how best, or whether,
>to proceed.
>
>
>Additionally, if anyone is interested in taking part in the research,
>doing an interview or generally has concerns or questions about the
>research then please feel free to get in touch.
>
>
>Thank you again to everyone I've spoken to so far, and to the community
>in general for your patience with my emails!
>
>
>Very best,
>
>
>Ben Collier
>
>
>
>Twitter: @JohnnyHistone
><http://www.sccjr.ac.uk/about-us/people/ben-collier/>
>Edinburgh University PhD Researcher Profile:
>http://www.law.ed.ac.uk/research/students/viewstudent?ref=339
><http://www.law.ed.ac.uk/research/students/viewstudent?ref=339>PhD
>Blog: https://bencollierblog.wordpress.com/
>
><https://bencollierblog.wordpress.com/>SCCJR Profile:
>http://www.sccjr.ac.uk/about-us/people/ben-collier/

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Please tell me the ways of donating any file to tor & talk to other tor users

[flipchan]

Wtf , just tell us what u want

On September 25, 2017 7:24:11 AM GMT+02:00, Anindya Mondal 
<anindyamon...@yahoo.com> wrote:
>
>--
>Sent from Mail.Ru app for Android
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] $1,000,000 for tor zerodays

[flipchan]

Where does the cash come from?

On September 13, 2017 5:41:52 PM GMT+02:00, I <beatthebasta...@inbox.com> wrote:
>https://zerodium.com/tor.html
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Comments?

[flipchan]

Seems like the usual stuff when I was working on my obfusication 
project(layerprox) I added dummy traffic generation to avoid correlation 
attacks. But what's wrong is that people will download the entire lists of ips 
of all nodes and blacklist them /add them in snort/bluecoat-squidproxy conf.

On August 4, 2017 1:38:49 AM GMT+02:00, Jacki M <jackiam2...@yahoo.com> wrote:
>Comments on Paul Syverson Proposed attack?
>Paul Syverson - Oft Target: Tor adversary models that don't miss the
>mark
>https://www.youtube.com/watch?v=dGXncihWzfw
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] My ISP, university, etc. just sent me a DMCA notice. What should I do?

[flipchan]

Bloody seo spammers I get them due to the fact that my email is in public whois 
records, just block the email and obfusication ur email on the contact page(or 
where ever ur email is) : hello(at)site[dot]com

To avoid bots n spam

On July 21, 2017 7:51:56 AM GMT+02:00, Roger Dingledine <a...@mit.edu> wrote:
>On Thu, Jul 20, 2017 at 11:19:06PM +, Paul Templeton wrote:
>> I got a cold caller email for the TOR mirror I have... 
>> 
>> >> Hi Paul,
>> 
>> >>I appreciate you're busy but I just wanted to follow up on the
>email I sent you the other day. I've included a copy below for
>reference.
>
>It's a standard seo spammer, trying to get you to link to their thing
>to boost its pagerank. Nothing to worry about.
>
>--Roger
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Anecdotical experience of SSH MITM

[flipchan]

Could you post more log data?

On July 15, 2017 1:33:52 PM GMT+02:00, carlo von lynX 
<l...@time.to.get.psyced.org> wrote:
>Hi, I report an experience I seem to have made.
>In recent weeks I was occasionally prompted with
>a wrong SSH key for my server, like this:
>
>RSA key fingerprint is
>SHA256:DcXN8UTcDaCz7N1BoUXc9H8yUAs4gxiy37Y1+BDIhUU.
>
>Today I was fast enough to look up the stream
>list, using remotor:
>
>2602 SUCCEEDED 1183 [destination-host-scrapped]:
>
>Yes, the intervention happened on a non-standard
>ssh port. I looked up the circuit in the circuit
>status list (the "1183"):
>
>1183 BUILT [entry-guard-scrapped],jaures3,coriandolino c
>
>To ensure the circuit hadn't changed while I looked it
>up, I tried connecting again, resulting in the same false
>certificate prompt.
>
>Next I hit 'new identity' and was able to log in without
>disruptions over some other friendly exit node.
>
>Thank you for your attention in the matter.
>Make your own deductions.
>
>
>-- 
>  E-mail is public! Talk to me in private using encryption:
> http://loupsycedyglgamf.onion/LynX/
>  irc://loupsycedyglgamf.onion:67/lynX
> https://psyced.org:34443/LynX/
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor's Source Code

[flipchan]

https://dist.torproject.org/

On June 13, 2017 9:07:05 AM GMT+02:00, Suhaib Mbarak <suhaib.om...@gmail.com> 
wrote:
>Dear All,
>
>Regarding the Tor's source code I have many questions:
>
>1- how can I download the latest stable release. I found the link for
>source code bust I couldn't figure out which is the latest and how to
>download the latest release.
>
>2- Is there any detailed documentation for Tor's source code in order
>to
>understand it and be able to maintain it.
>
>3- Is the Tor plug-in used with Shadow simulator updated and
>implementing
>all processes done by Tor.
>
>Thanks,
>Suhaib Mbarak
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Fwd: Shadow with Tor anonymity proofing

[flipchan]

Hey , you should tell why it's so great to run a hiddenservice rather then to 
run a website on the regular ipv4/6 . Also you should talk about the DHT and 
how to is being used a fun thing could be the dpi bypassing that it does and 
how the portable transports work FTE etc ..

On June 6, 2017 10:02:15 AM GMT+02:00, Suhaib Mbarak <suhaib.om...@gmail.com> 
wrote:
>-- Forwarded message --
>From: Suhaib Mbarak <suhaib.om...@gmail.com>
>Date: 6 June 2017 at 02:51
>Subject: Fwd: Shadow with Tor anonymity proofing
>To: tor-talk@lists.torproject.org
>
>
>
>-- Forwarded message --
>From: Suhaib Mbarak <suhaib.om...@gmail.com>
>Date: 6 June 2017 at 02:43
>Subject: Fwd: Shadow with Tor anonymity proofing
>To: tor-talk@lists.torproject.org
>
>
>
>-- Forwarded message --
>From: Suhaib Mbarak <suhaib.om...@gmail.com>
>Date: 4 June 2017 at 05:54
>Subject: Shadow with Tor anonymity proofing
>To: shadow-supp...@cs.umn.edu
>
>
>Dear All;
>
>I'm a master student in computer science and I have a task from my
>professor to know more about Tor networks and how it works to 
>anonymise the
>traffic. I've read a lot about Tor and I got a very good idea about it.
>My
>task goal is to show how Tor works and to proof that it relay anonymise
>user
>traffic. In other word, I need to make something deliverable (e.g lab
>experiment) to the student if they follow my steps then I can confess
>them
>with :
>
>1- That Tor route from client to server can't be traced.
>
>2- How that each relay in tor circuit can only know the predecessor and
>successor (e.g to print the packets info to show the the source and
>destination IPs are something other than the client and server   
>IPs).
>
>3-  to see if the Tor routes can be traced (we need to find a way to
>trace
>it), how the packets are processed at each node along the routes. This
>will
>help us and learners figure out how the Tor uses the"onion"
>concepts to hide the route info.
>
>I've installed Shadow + Tor plugin to my ubuntu 16.04 and I run the tor
>minimal tor example. I got the results . Is it possible to show the
>above
>things from the result I got from shadow and your used plug-in??
>
>Notes: My mother tongue is not English , so apologize if I did any
>mistake
>in my email.
>   I did my best before sending this Email, but since I have a dead
>line and the due date is getting soon and soon Im asking for your help.
>
>
>Your cooperation and help will be extremely appreciated.
>
>Thanks and Best Regards,
>Suhaib Mbarak
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Take Care Sincerely flipchan layerprox dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] The Onion Dress, a Tor inspired dress

[flipchan]

Cool stuff 

On April 20, 2017 3:40:48 PM GMT+02:00, "Arturo Filastò"  
wrote:
>Somebody made a dress inspired by hacker culture and Tor specifically.
>
>It's called the "Onion Dress" and it's made by fashion designer
>Gabriela
>Belisario, you can see it here:
>
>https://www.instagram.com/p/BSI7K62g1nV/
>
>~ Arturo
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] BeagleBone Relay on OpenBSD -current

[Flipchan]

Nice we need More OpenBSD in Tor :)

George <geo...@queair.net> skrev: (3 april 2017 21:26:00 CEST)
>Greetings.
>
>The Tor BSD Diversity Project continues its low-intensity war to inject
>more *BSD into the Tor ecosystem.
>
>Our TB for OpenBSD hit the -current ports in November, and 6.5 should
>in
>the -stable ports and packages with the release of 6.1 in the next
>month
>or so. The ports tree closed for 6.1 just after we submitted 6.5.1, but
>it looks like it won't make it in unfortunately.
>
>A notable recent happening is getting a -current BeagleBone Black Tor
>relay up and running.
>
>https://atlas.torproject.org/#details/577B81CD1FCE5B3E7C1BD286774758608E50AEEB
>
>It's managed to quickly hit 1.39MB/s traffic at the most recent check.
>
>We have some recent blog post about it which addresses a number of
>questions including running OpenBSD -current versus -stable for relays,
>basic OpenBSD tweaking for a relay, etc.
>
>https://torbsd.github.io/blog.html
>
>Thanks.
>
>George
>-- 
>
>
>
>5F77 765E 40D6 5340 A0F5 3401 4997 FF11 A86F 44E2

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Building a new censorship circumvention tool: what do we need to know?

[Flipchan]

Hi ! I have coded My own obfusication proxy(github.com/flipchan/layerprox) i 
would also recommend checking out scamblesuit, fte and obfs4

Ivan Vilata-i-Balaguer <i...@equalit.ie> skrev: (20 februari 2017 10:57:41 CET)
>Dear Tor fellows,
>
>At eQualit.ie we're beginning a project to develop a new Free/Open
>Source censorship circumvention system based around the idea of our
>original [CeNo project](https://github.com/equalitie/ceno), a system
>which uses the Freenet P2P platform to retrieve web content and make it
>safely available under censorship conditions.  We're keen to evaluate
>existing options, projects, technologies and approaches so we're
>conducting something of a literature review.
>
>With this purpose, we're reaching out to people involved in similar or
>related projects.  We'd love to hear what you think is the current
>state
>of the art in this area, and particularly about technologies you'd
>describe as trustworthy, reliable and established.  In particular,
>we're
>looking for tools that have one or more of the following properties:
>
>  1. Content is available under censorship conditions, ideally even
> after connection to the Internet has been completely cut for a
> whole region.
>  2. Censored content is made available within a reasonable time.
>  3. Access to censored dynamic content (i.e. web apps) is possible.
> 4. The system benefits from the user's participation, and is resistant
>to participants dropping off and to rogue nodes in the hands of the
> censor.
>  5. Users of the system are anonymous to someone observing their
> traffic, even if that someone is a participant in the system.
>  6. Users' devices don't reveal the content that they or other users
> have accessed.
> 7. The system is amenable to privacy-preserving analytics to check its
> impact.
>
>We know that we'll probably need a combination of several tools to
>achieve these properties, so we're not looking for a silver bullet but
>rather some advice and suggestions from you that may help us move in
>the
>right direction.  We will be dedicating at least 2 years solid
>development to a chosen infrastructure design and hope to contribute to
>existing models, as part of our (likely hybrid) appraoch to the
>eventuating infrastructure.
>
>By the way, part of the team will be at the upcoming
>[Internet Freedom Festival](https://internetfreedomfestival.org/) in
>Valencia (6-10 March).  If you plan to be there we'd love to chat with
>you face to face.`:)`
>
>Thank you very much for your help!
>
>CENO team <https://lists.equalit.ie/mailman/listinfo/ceno>
>
>-- 
>Ivan Vilata i Balaguer
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] BOOM! New OONI Mobile App Released!

[Flipchan]

Just tried it works great

Maria Xynou <ma...@openobservatory.org> skrev: (9 februari 2017 13:22:05 CET)
>Hi Tor community,
>
>Today the Open Observatory of Network Interference (OONI) is thrilled
>to
>announce the release of *ooniprobe mobile app* on *Google Play* and
>*iOS* app stores!
>
>*Google Play:*
>https://play.google.com/store/apps/details?id=org.openobservatory.ooniprobe
>
>*iOS:* https://itunes.apple.com/US/app/id1199566366
>
>OONI's new mobile app is easy to use and allows you to monitor:
>
>*- **Blocking of websites;**
>**- Presence of systems ("middle boxes") that could be responsible for
>censorship and/or surveillance;**
>**- Speed and performance of your network.*
>
>Since OONI started monitoring global censorship events five years ago,
>we have seen that many cases of internet censorship around the world
>are
>politically motivated, aimed at stifling communications and access to
>information during protests, elections, and other political events.
>While we may all be familiar with such events, what we often lacked was
>*evidence *required to hold those responsible to account. What we also
>lacked was real-time understanding of how internet censorship was
>implemented, and therefore how it could be circumvented.
>
>Now anyone who owns an Android or iOS smartphone can play an active
>role
>in uncovering information controls around the world.
>
>OONI's new mobile app not only allows you to see which websites are
>blocked, how, where, when, and by whom, but it also provides tips on
>how
>to circumvent the detected censorship. It also allows you to measure
>the
>speed and performance of your network, which can be useful in
>uncovering
>more covert forms of censorship, such as throttling (a censorship
>technique we have increasingly seen in Turkey and elsewhere around the
>world).
>
>All network measurement data collected through OONI's mobile app is
>*published on OONI Explorer
>*(https://explorer.ooni.torproject.org/world/) and on *OONI's
>measurement interface* (https://measurements.ooni.torproject.org/) --
>unless you opt out. Open data allows third parties to conduct
>independent studies, to verify OONI findings, and to answer other
>research questions. It also allows us all to have a more accurate
>understanding of information controls around the world. With each test
>you run via OONI's mobile app, you are playing an active role in
>increasing transparency of internet censorship.
>
>ooniprobe is an investigatory tool and may therefore pose some risks
>(https://ooni.torproject.org/about/risks/). When you first install the
>app, we require you to answer a quiz correctly, demonstrating your
>understanding of potential risks.
>
>We believe that access to information is a fundamental human right and
>therefore everyone should have the right and ability to examine their
>digital world and the restrictions that may be imposed on it. Moses
>Karanja, a Kenyan researcher on the politics of information controls at
>Strathmore University's CIPIT said in a statement:
>
>/"What Signal did for end-to-end encryption, OONI did for unmasking
>censorship. Most Africans rely on mobile phones as their primary means
>of accessing the internet and OONI's mobile app allows for
>decentralized
>efforts in unmasking the nature of censorship and internet performance.
>The possibilities are exciting for researchers, business and the human
>rights community around the world. We look forward to interesting days
>ahead."/
>
>Learn more about OONI's mobile app here:
>https://ooni.torproject.org/post/ooni-mobile-app/
>
>Please contact the OONI team with any questions you may have at
>*cont...@openobservatory.org*.
>
>All the best,
>
>The OONI Team.
>
>-- 
>Maria Xynou
>Research and Partnerships Coordinator
>Open Observatory of Network Interference (OONI)
>https://ooni.torproject.org/
>PGP Key Fingerprint: 2DC8 AFB6 CA11 B552 1081 FBDE 2131 B3BE 70CA 417E

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Teaching people to use Tor

[Flipchan]

't seem to be easy. Tor Browser comes without many
>required configurations, has a straightforward UI design, but this is
>not the case for I2P, Tahoe-LAFS and RetroShare. There is still many
>work to make anonymity software more accessible to computer beginners,
>which requires not only developers' effort but also public awareness
>and support.
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] tor phone: Nexus 5X remains black after reboot

[Flipchan]

I would out Copperhead on My phone But i got regular Nexus 5 so i think it 
needs to support More hardware

Eugen Leitl <eu...@leitl.org> skrev: (25 december 2016 15:12:01 CET)
>On Sun, Dec 25, 2016 at 12:32:33AM +0100, torphone 5x wrote:
>> Hi, 
>> 
>> copperheados user here.
>
>While speaking about CopperheadOS. The last supported tablet is Nexus
>9.
>Except, it's no longer supported by Google after October this year. 
>So actually not supported by anybody, really.
>
>Pixel C could have been supported, but there was insufficient interest
>at the time.
>
>Perhaps we Tor users here should show interest for the next suitable
>piece of hardware (almost certainly from Google) to come along, and
>perhaps
>see how we can raise money or developer manpower to help to make this
>happen.
> 
>> (https://github.com/mikeperry-tor/mission-improbable suggests to join
>#copperhead but that seems to be impossible via tor so I try go get
>help here via email)
>> 
>> I was running copperhead os on my Nexus 5X so I wanted to give the
>tor phone prototype a try.
>> 
>> I did run 
>> ./run_all.sh bullhead-nmf26q
>> 
>> and everything runs through until the point where it says:
>> 
>> "Please reboot phone into system. If you installed gapps, it will
>keep crashing until you give Google Play Services the location and
>storage permissions. ..."
>> 
>> (at the end of flash-signed.sh)
>> 
>> It takes a while to boot (the usual Copperhead OS splash screen) and
>then the screen remains black.
>> 
>> When I hold the power button I get to see the usual options:
>> 
>> Power off
>> Restart
>> 
>> and at the bottom of the screen the 3 soft buttons 
>> [back] [home] [ ]
>> but the rest remains black.
>> 
>> used version:
>> bullhead-factory-2016.12.17.07.29.30.tar.xz
>> (this version did run fine when used without the tor phone scripts)
>> 
>> Is this a known problem? Is there a workaround?
>> 
>> thanks for creating the tor phone prototype, looking forward to use
>it!
>> -- 
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Massive Bandwidth Onion Services

[Flipchan]

This sounds like A really cool Project :)))
I have worked out a hs loadbalancer But only in My mind i havent actually coded 
it, i Guess i would setup server A as frontend nginx and THE rest as upstream 
backends to nginx A

Alec Muffett <alec.muff...@gmail.com> skrev: (19 december 2016 11:30:16 CET)
>I would post this to the tor-onions list, but it might be more
>generally
>interesting to folk, so I'm posting here and will shift it if it gets
>too
>technical.
>
>
>I'm working on load-balanced, high-availability Tor deployment
>architectures, and on that basis I am running 72 tor daemons on a
>cluster
>of 6 quad-core Debian boxes.
>
>I am then - using Donncha's "OnionBalance" to:
>
>* scrape the descriptors of those 72 daemons
>
>* selects random(ish) 60 of the introduction points from those daemons,
>and
>
>* rebundle those 60 introduction points into 6 distinct descriptors of
>10
>introduction points apiece, then
>
>* signing those distinct descriptors with a "service" onion address and
>emplacing them onto the HSDir ring.
>
>
>This means that, at any one time, the daemon will be able to have 60x
>the
>CPU and network-bus bandwidth, above/beyond what is available to a
>typical
>single-daemon instance.
>
>Why "72"? Because it's a number >60 and I'm seeking to stress-test
>things a
>little.
>
>Specifically: one eventual goal of this project is to adjust the
>timings a
>little, so that the HSDir cache acts a little like "Round-Robin DNS
>Load
>Balancing" - people accessing the "service" onion address at lunchtime
>will
>receive/cache different descriptors from those who access it some hours
>later, and the descriptors persist, so thereby the whole 72 daemons get
>used/averaged-out over an entire day.
>
>In my attempts to go fast-and-wide, however, I appear to have run into
>a
>hardcoded limit:
>
>Dec 19 09:24:43.365 [warn] HiddenServiceNumIntroductionPoints should be
>between 3 and 10, not 1
>
>There's little point in publishing >2, and perhaps* not >1 introduction
>point for each of the 72 daemons; also it makes scraping and reassembly
>slower/more expensive.
>
>So I am writing to ask whether it is possible (and whether it is wise?)
>to
>have a mode that will bypass this (otherwise very sensible) control?
>
>-alec
>
>
>
>* it would be rude to an IP to have only a single-IP-per-daemon that
>was
>invariant over a long period, but I believe that IPs migrate over time
>anyway... ?
>
>-- 
>http://dropsafe.crypticide.com/aboutalecm
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] privacy of hidden services

[Flipchan]

As soon as You "publish" the site it Will be added to the directory and someone 
will know

Allen <allen...@gmail.com> skrev: (21 december 2016 21:19:52 CET)
>Hi Flipchan, I'm not concerned with limiting access--I'm concerned
>with who if anyone is able to detect the existence and activity of the
>HS, and more specifically at this point, who is able to detect the
>existence and activity of a HS that uses stealth auth when the onion
>address is only distributed to authorized users.
>
>On Wed, Dec 21, 2016 at 3:06 PM, Flipchan <flipc...@riseup.net> wrote:
>> Limit access for unwanted registerd like he says have A page and use
>/jdjenwlsishdjshdysoalwjdbebs instead of /login
>>
>> Allen <allen...@gmail.com> skrev: (21 december 2016 20:57:47 CET)
>>>> So yes, ideally encrypt your Introduction Points (basic) and
>>>obfuscate
>>>> identity keys (stealth) [this also encrypts sets of IPs].
>>>Non-ideally,
>>>> use random slugs in URLs as OnionShare does (if you're doing web).
>>>
>>>ok, I'm not sure I completely understand.  If my HS uses stealth
>auth,
>>>what data remains in the clear?  Is the HS descriptor on the HS dirs
>>>stored using a persistent identifier, or does the identifier change
>>>every 24 hours?  Are there any persistent identifiers that can be
>>>observed on the network to track usage of the HS?  Thanks much.
>>>--
>>>tor-talk mailing list - tor-talk@lists.torproject.org
>>>To unsubscribe or change other settings go to
>>>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>> --
>> Sincerly flipchan - LayerProx dev
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] privacy of hidden services

[Flipchan]

Limit access for unwanted registerd like he says have A page and use 
/jdjenwlsishdjshdysoalwjdbebs instead of /login 

Allen <allen...@gmail.com> skrev: (21 december 2016 20:57:47 CET)
>> So yes, ideally encrypt your Introduction Points (basic) and
>obfuscate
>> identity keys (stealth) [this also encrypts sets of IPs].
>Non-ideally,
>> use random slugs in URLs as OnionShare does (if you're doing web).
>
>ok, I'm not sure I completely understand.  If my HS uses stealth auth,
>what data remains in the clear?  Is the HS descriptor on the HS dirs
>stored using a persistent identifier, or does the identifier change
>every 24 hours?  Are there any persistent identifiers that can be
>observed on the network to track usage of the HS?  Thanks much.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] privacy of hidden services

[Flipchan]

There are researchers who monitor the HSDir to keep some stats on what goes Up 
and what goes down, general server security is A Good start. You can password 
protect alot. And restrict alot, then dissallow usr agents and so on

Allen <allen...@gmail.com> skrev: (21 december 2016 18:59:59 CET)
>I have a question about the privacy of hidden services.  Let's say I
>create a tor hidden service and privately send the onion address to
>only two other people.  Would anyone outside of myself and those two
>people be able to determine the onion address or monitor activity
>related to the hidden service such as HS descriptor uploads and
>downloads from directory servers, or connection attempts via
>introduction or rendezvous points?  Would it make a difference if the
>hidden service used basic or stealth authorization?  I wasn't able to
>figure out the answers to these questions from reading the rend-spec.
>Thanks much!
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Mirai Botnet Relocates To Onions

[Flipchan]

There is alot of botnets that run over Tor , there is alot of assholes. 

But if You can identify THE malware You can pretty easy find the source code 
and then THE default cred to shut it down. 

grarpamp <grarp...@gmail.com> skrev: (18 december 2016 06:11:17 CET)
>https://www.bleepingcomputer.com/news/security/security-firms-almost-brought-down-massive-mirai-botnet/
>
>"Following a failed takedown attempt, changes made to the Mirai
>malware variant responsible for building one of today's biggest
>botnets of IoT devices will make it incredibly harder for authorities
>and security firms to shut it down," reports Bleeping Computer.
>Level3 and others" have been very close to taking down one of the
>biggest Mirai botnets around, the same one that attempted to knock the
>Internet offline in Liberia, and also hijacked 900,000 routers from
>German ISP Deutsche Telekom.The botnet narrowly escaped due to the
>fact that its maintainer, a hacker known as BestBuy, had implemented a
>domain-generation algorithm to generate random domain names where he
>hosted his servers.
>Currently, to avoid further takedown attempts from similar security
>firms, BestBuy has started moving the botnet's command and control
>servers to Tor. "It's all good now. We don't need to pay thousands to
>ISPs and hosting. All we need is one strong server," the hacker said.
>"Try to shut down .onion 'domains' over Tor," he boasted, knowing that
>nobody can.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Ahmia search engine works normally again

[Flipchan]

Yeah thats true . How about some kind of load balancer? I suggest nginx :) then 
You can run multiple backends to speed up the process

Juha Nurmi <juha.nu...@ahmia.fi> skrev: (9 december 2016 15:07:47 CET)
>On 09.12.2016 15:56, Flipchan wrote:
>> So all the user agent where just "randomly" generated strings? Cant
>You But A White list so only allow A certain useragents?
>It's possible although not very practical. Also whoever is flooding can
>change their useragent to some standard browser useragent string.
>
>-Juha
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Ahmia search engine works normally again

[Flipchan]

So all the user agent where just "randomly" generated strings? Cant You But A 
White list so only allow A certain useragents?

"Nurmi, Juha" <juha.nu...@ahmia.fi> skrev: (7 december 2016 16:40:58 CET)
>Hi,
>
>Ahmia.fi and msydqstlz2kzerdg.onion went offline for a short while.
>Someone
>flooded the onion site with multiple requests per second: with randomly
>selected user agent strings someone was generating GET
>msydqstlz2kzerdg.onion/address/ requests.
>
>Constant flood was similar to this:
>[07/Dec/2016:04:11:04 +0100] "GET /address/... HTTP/1.1" "OS"
>[07/Dec/2016:04:11:04 +0100] "GET /address/... HTTP/1.1" "like"
>[07/Dec/2016:04:11:04 +0100] "GET /address/... HTTP/1.1" "NT"
>
>As a results, Ahmia tried to load the page /address/ over and over
>again
>and this exhausted CPU of my front-end server.
>
>How I fixed this:
>
>1) I separated ahmia.fi and msydqstlz2kzerdg.onion to run
>independently with their own processes
>2) I disabled msydqstlz2kzerdg.onion/address/ completely,
>https://ahmia.fi/address is still available
>3) I adjusted several performance settings and cache
>4) I added one more CPU core to the front-end server
>
>Ahmia search engine works normally again. Still, I hope that this flood
>stops.
>
>Peace,
>Juha
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hacker and Tor

[Flipchan]

darkreading.com/risk-management/lulzsec-suspect-learns-even-hidemyasscom-has-limits/d/d-id/1100389



krishna e bera <k...@cyblings.on.ca> skrev: (3 december 2016 04:24:37 CET)
>On 02/12/16 01:28 PM, Flipchan wrote:
>> Hidemyass did deanonymize and gave out information to the goverment
>> about One if their own users. If dns is your problem run dns throw
>> Tor. Use dnscrypt throw Tor . A cpanel is often just some php script
>> sure it might record ur ip and useragent But that is mostly the Web
>> server that does that. If You have a fake usr agent and are running
>> Tor You can do like a online browser leakage test. I would not(and
>> this is my opinion use hidemyass).
>
>By "throw" i think you mean "through".
>
>HMA is based on OpenVPN code. Their logging policy says they keep a
>couple months data:
>https://www.hidemyass.com/legal/logging
>however notice that they are subject to English law, which is currently
>among the worst in the world if you intend to keep your internet 
>activity private from the government.
>
>
>
>> techl...@123mail.org skrev: (2 december 2016 19:21:55 CET)
>>>>> Hello. If you browse a Cpanel via Tor for deface a website
>>>>> then can provider or Website admin find your real IP with some
>>>>>  tricks? Any experiences?
>>>
>>>
>>> cPanel security system has been set up to grab the DNS of Tor
>>> proxies used to log in, they will find out your real IP looking at
>>> the logs and you will end up in jail.
>>>
>>> But Hide My Ass, a high security proxy, protects you from DNS
>>> caching security system in cPanel:
>>>
>>> https://www.hidemyass.com/
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hacker and Tor.

[Flipchan]

May i remind You that this is Tor talk mailing list, Tor is made to protect the 
privacy of people globaly and missuseing Tor is not helping make the Internet 
safer. Might i suggest that You hack on some vm's instead? Try vulnhub.com

Jason Long <hack3r...@yahoo.com> skrev: (29 november 2016 19:55:18 CET)
>Any idea?
>
>On Sun, 11/27/16, Jason Long <hack3r...@yahoo.com> wrote:
>
> Subject: Hacker and Tor.
> To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
> Date: Sunday, November 27, 2016, 12:56 AM
> 
> Hello.
> If you browse a Cpanel via Tor for deface a website then can
> provider or Website admin find your real IP with some
> tricks? Any experiences?
> 
> Thank you.
> 
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Will Quantum computing be the end of Tor and all Privacy?

[Flipchan]

I dont think so, quantum 4times at fast so we just need to generate 4times as 
strong keys the entropy will just be bigger, But as Long as we are not useing 
like 56 bit des keys its okey

hi...@safe-mail.net skrev: (27 november 2016 18:54:05 CET)
>Will Quantum computing be the end of Tor and all Privacy?
>
>It's just a matter of time before quantum computers become a reality.
>And 
>who will have the privilege of owning these beasts? Well, first and
>foremost 
>the governments! And considering the insane power of these quantum 
>computers, even strong encryption, by today's standard on regular
>computers, 
>will be effortlessly broken within reasonable time.
>
>So, where does this put Tor, encryption and general privacy? Shouldn't
>we 
>start preparing ourselves for the inevitable privacy apocalypse?
>
>- Hikki
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Cameras

[Flipchan]

Cool, thanks :)

Ben Tasker <b...@bentasker.co.uk> skrev: (22 november 2016 09:55:03 CET)
>The problem with blocking the camera in software is that it can then be
>unblocked in software (and still potentially without your permission).
>
>There have been examples in the past where others have been able to
>change
>behaviour so that the camera's light doesn't come on to warn the user
>that
>it's recording.
>
>In the absence of being able to disconnect the camera, the only way to
>be
>certain is to physically obstruct the lens, hence the stickers.
>
>But, if you want to find out which process is using the camera
>(assuming
>it's using v4l), you can do something along the lines of
>
>fuser /dev/video0
>
>Which should give you the pid of whatever process is using it.
>
>
>On Mon, Nov 21, 2016 at 7:05 PM, Flipchan <flipc...@riseup.net> wrote:
>
>> I have been searching around and cant seem to find any code for
>blocking
>> access to the Camera on a computer.
>> I think this is weird because i can find alot of people that sell
>stickers
>> that You put in front of ur laptop Camera. I think a logical way
>would be
>> to chmod the Camera to only be able to run by root or some user or
>> something simular, does anyone know if there is any program or code
>that
>> blocks the Camera or tells which process is useing it.
>>
>> Take Care //Flipchan
>> --
>> Sincerly flipchan - LayerProx dev
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>
>
>
>-- 
>Ben Tasker
>https://www.bentasker.co.uk
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Cameras

[Flipchan]

I have been searching around and cant seem to find any code for blocking access 
to the Camera on a computer. 
I think this is weird because i can find alot of people that sell stickers that 
You put in front of ur laptop Camera. I think a logical way would be to chmod 
the Camera to only be able to run by root or some user or something simular, 
does anyone know if there is any program or code that blocks the Camera or 
tells which process is useing it.  

Take Care //Flipchan
-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] OBFS4 Blocking

[Flipchan]

Did u only try to connect to a bridge and proxy data throw it?

Justin <davisjustin...@gmail.com> skrev: (17 november 2016 12:16:49 CET)
>Hi everyone,
>I’ve been doing research to see how some of the pluggable transports
>are getting blocked with DPI. I used a Cyberoam filter under my control
>for testing, and an iBoss filter at a different location.
>OBFS4 is blocked behind both filters. Cyberoam is doing some sort of
>timing attack, but I’m not sure what. When a bridge is used by lots of
>people, then it doesn’t work. Even enabling Iat mode=1 or 2 doesn’t fix
>the issue. When I tried a bridge with not many users, it worked no
>matter what Iat mode was set at. Behind iBoss, they are fingerprinting
>Packet Interarrival times. Iat mode 1 and 2 worked no matter how much
>load the bridges had on them.
>Hopefully this information can help people understand a little more
>about how these transports are filtered.
>Thanks,
>Justin.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] TorChat for Android

[Flipchan]

This sounds cool! Im down :)

arrase <arr...@gmail.com> skrev: (13 november 2016 12:41:15 CET)
>I am interested in writing an application like Ricochet for android, if
>someone else is interested you can contact me.
>
>I know about the Guardian project, I find it interesting, I'll get in
>touch
>with them, thank you
>
>2016-11-13 3:33 GMT+01:00 Roger Dingledine <a...@mit.edu>:
>
>> On Sun, Nov 13, 2016 at 02:57:15AM +0100, arrase wrote:
>> > Is there an app like TorChat for Android? The idea of ??TorChat
>is
>> > interesting but the current implementation is very basic for normal
>use
>>
>> Careful! You should be aware that "TorChat" is not made or endorsed
>> or anything by the Tor people, despite its confusing name. :( I would
>> suggest staying away from it on all platforms.
>>
>> A better choice, for the platforms where it's available, would be
>> Ricochet.
>>
>> But you're right that there isn't a good one on Android, to my
>knowledge.
>> And I think it would be hard to get Ricochet going on Android, since
>> it's tied to the Qt library.
>>
>> A worthwhile next step would be asking the Guardian folks if they
>know
>> of anything good on the horizon.
>>
>> --Roger
>>
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Timing attacks and fingerprinting users based of timestamps

[Flipchan]

So i was thinking about timing attacks and simular attacks where time is a Big 
factor when deanonymizing users . 
and created a Little script that will generate a ipv4 address and send a get 
request to that address 
https://github.com/flipchan/Nohidy/blob/master/traffic_gen.py then delay x 
amount of seconds and do it again. This will probelly make it harder for the 
attacker to fingerprint the users output data due to the increased data flow 
coming out from the server. 

So to protect against traffic timing attacks and simular would be to generate 
More data.

Has anyone else got any other solution for these kinds of attacks?

Take care
-- 
Sincerly flipchan 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

[Flipchan]

I have been running dnssec over tor a month now and i am very happy havent had 
any problems

Michael <strangerthanbl...@gmail.com> skrev: (3 november 2016 08:20:18 CET)
>There are many ways for your browser and other network traffic
> to betray your activities; it is not just DNS leaks ya got to be 
> worried about, checkout the browser cache attacks that where 
> shown at the BlackHat convention about two months ago.
>
>Title: I Know Where You've Been: Geo-Inference Attacks...
>Link: https://www.youtube.com/watch?v=lGb0AACAk1A
>
>Also be aware that DNS records are not the only way of linking
> specific users (or groups behind the same NAT) of a web
> server or multiple servers over time.
>
>Title : DEF CON 18 - Peter Eckersley - How Unique Is Your Browser?
>Link: https://www.youtube.com/watch?v=OwxhAjtgFo8
>
>Stay safe y'all.
>
>On November 2, 2016 10:13:00 AM PDT, sajolida <sajol...@pimienta.org>
>wrote:
>>Alec Muffett:
>>> On 14 Oct 2016 1:29 pm, "Justin" <davisjustin...@gmail.com> wrote:
>>>> Not too long ago, a paper was published that talks about how Tor
>>users
>>>> can be deanonymized through their DNS lookups. Is this something I
>>should
>>>> be concerned about?
>>> 
>>> That is an excellent question! What are you doing, and who are you
>>afraid
>>> of?  :-P
>>
>>I bet Justin was referring to [1] which has been announced by its
>>authors on tor-dev [2] but I couldn't find an analysis of it by the
>Tor
>>community (and I don't have the skills to do it myself).
>>
>>[1]: https://nymity.ch/tor-dns/tor-dns.pdf
>>[2]:
>>https://lists.torproject.org/pipermail/tor-dev/2016-September/011472.html
>>-- 
>>tor-talk mailing list - tor-talk@lists.torproject.org
>>To unsubscribe or change other settings go to
>>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan - LayerProx dev
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration

[Flipchan]

Things like mirai run a bruteforce attack on telnet auth , so maybe add a 
simple telnet scanner?

tort...@arcor.de skrev: (30 oktober 2016 09:57:04 CET)
>Hello Torusers,
>
>
>Flipchan wrote:
>> This only scans for openports right?
>
>Not only. Otherwise you can't tell if there is a power plant on that
>port, a fridge or a toaster...or a Tor Node/User.
>
>http://iotscanner.bullguard.com/
>
>There is link on the site referring to
>
>http://www.shodan.io/
>"Websites are just one part of the Internet. There are power plants,
>Smart TVs, refrigerators and much more that can be found with Shodan!"
>
>Take a look what is happening these days, please. A toaster was hacked
>within one hour since connected to the internet:
>
>https://www.theatlantic.com/technology/archive/2016/10/we-built-a-fake-web-toaster-and-it-was-hacked-in-an-hour/505571/
>"We built a fake web toaster, and it was compromised in an hour."
>
>And you could get a slightly bigger picture with that article:
>
>http://arstechnica.com/security/2016/10/nuclear-plants-leak-critical-alerts-in-unencrypted-pager-messages/
>"Earlier this year, researchers from security firm Trend Micro
>collected more than 54 million pages over a four-month span using
>low-cost hardware. In some cases, the messages alerted recipients to
>unsafe conditions affecting mission-critical infrastructure as they
>were detected. A heating, venting, and air-conditioning system, for
>instance, used an e-mail-to-pager gateway to alert..."
>
>
>Imagine, when a company shuts its doors after selling IoTs, these
>products (Satellites, EDPCs, bulbs, toaster, USB, akku, cars,
>drones...) will not get a (licenced) update to be protected from
>hacking or prohibited from sending alert msgs and assimilated by a
>borgnet. And as you can guess with 54 million alert pages companies
>reduce their employees and forget that some chaperoned IoTs alerts.
>Sometimes it is just easier/cheaper/faster to plug new things to the
>net than to repair the old.
>
>I could not tell which is more worse to deanonymize a Tor user or to
>find such anonymous IoTs to switch on for someones own use.
>
>Aloha,
>Toruser
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Censorship / dpi's in the Netherlands

[Flipchan]

So i have been running a vps in the Netherlands for around 2years now and 
lately i have been seeing some kind of dpi system/censor ship being build , 
with other words they are starting to block sites so i cant curl them. I havent 
been able to find any online research or some article about censorship in the 
Netherlands, have anyone looked at deep package inspection systems or simular 
in the Netherlands?


It might just be the isp who has started to block some sites. But this has 
never happend to Me before when i use a vps in the Netherlands. 

If anyone got some paper about censorship in the Netherlands let Me know:)

Take Care
-- 
Sincerly flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration

[Flipchan]

This only scans for openports right?

tort...@arcor.de skrev: (30 oktober 2016 00:57:04 CEST)
>Hello Torusers,
>
>source:
>
>https://twitter.com/th3j35t3r/status/792438597152481280
>"JSTR  CTUAL³³º¹ @th3j35t3r 
>It's an 'Internet of Things' scanner -
>http://iotscanner.bullguard.com/search "
>
>It is. 
>
>Aloha,
>Toruser
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor and IPv6.

[Flipchan]

Are You running a relay? In that Case doesnt You manually configure that in the 
torrc file, also i think alot of sites You curl have only ipv4 support, that 
was my Case when i had 2ipv4 and One ipv6

blo...@openmailbox.org skrev: (23 oktober 2016 18:58:38 CEST)
>How does Tor deal with IPv6? I ask because I recently signed up with a 
>VPS which automatically allocates both IPv4 and IPv6 addresses. I 
>checked my IP with a variety of online IP checkers and noticed that one
>
>checker - http://whatismyipaddress.com/ - showed my IPv6 address rather
>
>than my IPv4 address.
>
>How would IPv6 work with Tor?
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Is it secure to use Tor with HTTP Proxies?

[Flipchan]

I have read alot of bad guys putting up http proxies so i would not recommend 
useing a public one, here is some cool research 
https://www.youtube.com/shared?ci=RlSbpVz3RsM

Laura Sharpe <laurasha...@mailbox.org> skrev: (14 oktober 2016 14:20:00 CEST)
>Is it secure to use Tor with HTTP proxies? Like this:
>
>
>Use proxychains and in /etc/proxychains.conf use:
>
>
>[ProxyList]
>
># defaults set to "tor"
>
>socks5 127.0.0.1 9050
>
>
>In "standard" Firefox (not the TBB) set Manual Proxy Configuration to a
>HTTP proxy and use the same proxy for all protocols. Make sure Remote
>DNS is ticked.
>
>
>Assume that the HTTP proxy is legitimate.
>
>
>From the command line run:
>
>
>proxychains firefoxhttp://www.example_site.com/
>
>
>Traffic will be routed by proxychains through Tor then is transferred
>through the HTTP proxy.
>
>
>You may say that this is a bad idea since HTTP works at the application
>layer and hence traffic can be intercepted by the provider of the HTTP
>proxy (unlike SOCKS proxies which work at the transport layer (I
>think)). But if the traffic from the user is always to a HTTPS site,
>then why should there be a problem even if the content was intercepted?
>
>
>I know that you can also use proxychains with SOCKS proxies but my
>questions is specifically about using proxychains with HTTP proxies.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor DNS Deanonymization

[Flipchan]

I have asked around and ppl tell Me that dns over tls is the best , anyhow this 
is how i solved it https://github.com/flipchan/Nohidy/blob/master/dns

Justin <davisjustin...@gmail.com> skrev: (14 oktober 2016 14:29:17 CEST)
>Hi,
>Not too long ago, a paper was published that talks about how Tor users
>can be deanonymized through their DNS lookups. Is this something I
>should be concerned about?
>Thanks,
>Justin.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor honeypot

[Flipchan]

I was thinking about creating a Tor clone and see the traffic goin to it, 
something that simulates a Tor relay with a virtual file system

Cannon <can...@cannon-ciota.info> skrev: (11 oktober 2016 19:48:19 CEST)
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>On 10/11/2016 04:17 PM, Flipchan wrote:
>>  is ofc not connected to the Tor Network.
>
>What is "ofc" ?
>What would be advantages of having it disconnected from Tor network?
>Having the honeypot not listed in the Tor directory servers would only
>detect scanners or adversaries that identify targets based on port
>number. If I was an adversary I would just refer to the directory
>server for listings of Tor routers instead of doing internet wide scans
>which could take up to a day. 
>If concerned about "normal Tor traffic" acting as a cover for malicious
>traffic, then perhaps sort log data through a filter omitting traffic
>based on following criteria:
>
>1. OMIT traffic to/from known Tor Nodes and their listed ports, WHICH
>ALSO INCLUDES traffic pattern matching normal Tor traffic.
>
>So what this filter would do is omit traffic between your honeypot node
>and other Tor nodes, while bringing to attention traffic that is
>connecting to/from non Tor routers or non Tor related ports or traffic
>that may be connecting to other Tor routers/ports but with non standard
>Tor traffic.
>
>So even if an adversary is mass hacking Tor from a Tor router as cover,
>this would likely pick up traffic that is not matching that of standard
>Tor traffic. 
>-BEGIN PGP SIGNATURE-
>
>iQIcBAEBCgAGBQJX/SVIAAoJEAYDai9lH2mwnhUP/0RVjI7a7Ysc9iDh5bicQWDa
>dV6/fL/enXy0UiryHwA+7tO3is0gctgVmbbFSQNSqSOiDReuRV7KyKW437LsyJoq
>YQE5RtiPga9ZdDxCiw3uHGXRYahH/VfZe7D0I+IkZOQdMbFBqo5kPQjAFYhix58l
>Q9HFazbmuntXhdTuFgpJlctM1j5objyGi9EFg5+cRfKwIkllGvF2y/42M01yeB0H
>9hNpO6KPFm6gHgNQBxJ0VZkP/wXSuYc2n0ae9r+P86Xox6N/xTqJ4ABiwDHGap5u
>A4dotNEoW88f+gJx5/1S5i6PpFzll3/MbfH9gnLgRklrDljWS3GWLYhamhRoVbZx
>XMPO/5wDwPWnm73EDBQJPbdDyVlFziMrf0d+Tjk3UAtCWODURXx4TTi90WRjZCF0
>rVBYqTP9Qn+0/Y5/wE8tPMjjLQqMaVdSPc5PvrZ+m+Hat7q17T4ZpKAedm7IbqME
>G+F51lgqfOLleIabcP76xyEaxoM8jFNcI4oCSCzDLATe+romlE/PNLLlqHGa8VIL
>AYhEhkMwgcHsy6eO+e7jcZx/7qC1jOvrxTYuT81cbgjc5VgPwdI9utyYQ85Qz9sO
>G4az6M2FTHLnY8scGU4NbIsoZfN4RwNu++DLB0mPOr+iHWmSJZSNNOmz5fyhbLQi
>sTWzCCofvLXLyK60RLc9
>=eadK
>-END PGP SIGNATURE-
>
>
>-- 
>
>Cannon
>PGP Fingerprint: 2BB5 15CD 66E7 4E28 45DC 6494 A5A2 2879 3F06 E832 
>Email: can...@cannon-ciota.info
>Bitmessage Address: BM-2cVaTbC8fJ5UDDaBBs4jPQoFNp1PfNhxqU 
>Ricochet-IM: ricochet:hfddt2csxnsb2mdq 
>
>NOTICE: ALL EMAIL CORRESPONDENCE NOT SIGNED/ENCRYPTED WITH PGP SHOULD
>BE CONSIDERED POTENTIALLY FORGED, AND NOT PRIVATE.
>If this matters to you, use PGP or bitmessage.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Tor honeypot

[Flipchan]

Hi *:)
I have been playing around with some telnet and ssh honeypots lately and caught 
some malware to learn More about reverse Engineering. And i thought it would be 
cool to run a Tor honeypot , something that listens on port 9001 and is ofc not 
connected to the Tor Network.
 So something that listens on port 9001 and logs all incoming request just to 
see if there is anything scanning for Tor ports and trying to hack them, has 
this been done? Would be cool to look at the data from that if anyone got a 
link. I cant be able to find something like this online:/


Take care
-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor-friendly email provider

[Flipchan]

Well what i look for in a email service is:
Support pgp/gnupg
No logging(Tor friendly etc..)
Some email spam scanner like Spamassain or clamav
Imaps
Non-usa based isp



"Karsten N." <karste...@mailbox.org> skrev: (25 september 2016 13:48:45 CEST)
>Hello,
>
>> Oskar Wendel:
>>> Do you have any recommendations?
>> 
>> https://trac.torproject.org/projects/tor/wiki/doc/EmailProvider
>
>I don't understand the recommendation of this list for mail.ru
>
>> BAD will lock your account later when using tor, no anon recovery
>> possible
>
>mail.ru will look my account if I was using Tor and this is recommended
>by TorProject.org for Tor user? Hmmm - 
>
>Any comments about this recommendation? Did I misunderstood something?
>
>Greetings
>Karsten N.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Wily repository

[Flipchan]

The deb files doesnt work on ubuntu

128Ko <12...@protonmail.com> skrev: (21 september 2016 11:21:10 CEST)
>Hello every one !
>
>I'm new around here and i don't know if i'm on the right list for
>posting my question.
>
>Some month ago, i have installed tor on Ubuntu Wily with the methode
>described here :
>https://www.torproject.org/docs/debian.html.en
>
>It's works fine but since a few weeks, every update attempt on the
>repository return a 404. And indeed, if i check the repository i only
>find Xenial repository
>
>So, i'm wondering if it's normal or not, cause i tried to search some
>news about this, but i didn't find anything
>
>Thanks
>
>Thank you
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] is it me or did tor talk get really quiet?

[Flipchan]

We gotta kick it online/make it More active then, we fight fire with fire , if 
someone wants censorship we defeat them with crypto, code and other Nice stuff

grarpamp <grarp...@gmail.com> skrev: (18 september 2016 05:30:07 CEST)
>On Sat, Sep 17, 2016 at 10:47 PM, Andrew F
><andrewfriedman...@gmail.com> wrote:
>> I ued to get several post a day.  Now I get less then a couple a
>week?
>
>No it's not just you. Ever since Jakegate / Torgate Tor Project
>Incorporated has seemingly enforced lockdown, censorship, and
>comms hardening, beginning with their own silence and that of those
>they control. A chilling effect. Not helped at all by simple requests
>for transparency gone completely ignored by corporate principals in
>position to answer...
>https://trac.torproject.org/projects/tor/ticket/19794
>Further complicated by Tor being shown to be not exactly strong
>against GPA's, certain other classes of attack, financing, etc.
>So the whole thing perhaps backfired over a few months to where
>people now feel they can't post freely to peers and/or just don't
>care to post anymore.
>At least that's one theory I've heard to explain the quiet.
>Feel free to suggest or show others.
>Don't get me wrong, tor and the project are really awesome
>in particular areas and totally worth following [1], just that some
>talk I've seen seems feeling the blanket pass to all areas has come
>and gone. Is that true and good or bad? I don't know. You'd
>probably have to look at the history of opensource projects,
>reasonably in the public interest, to determine that. And then
>talk about it to see further.
>
>[1] For example, multiplatform, great at hiding traffic content
>and sources from casual intermediate observers, exits
>all over the first world, fast, reproducible, pushing some legal
>boundaries, publishing research for review, etc.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] New Document: Building a "Proof of Concept" Onion Site

[Flipchan]

I just have the hidden service listen on the same port as http/https

Alec Muffett <alec.muff...@gmail.com> skrev: (17 september 2016 22:50:17 CEST)
>One of the questions I get asked lots is "How [do I] set up a Onion
>site to
>be an Onion equivalent to my [normal WWW website]?"
>
>Some people call these "onion mirrors" or "onion copies" of [a website]
>-
>but I feel that those are narrow, perjorative and incorrect
>descriptions.
>
>Some websites you access over HTTP, some over HTTPS, and nowadays some
>of
>them you will access over Onions.
>
>So, for me these are "Websites accessed over Onions" - or simply "Onion
>Sites" because I am old enough to remember "$PROTOCOL sites" for values
>of
>$PROTOCOL including: https, http, gopher, ftp...
>
>But how do you set them up?  It's pretty simple and I am documenting
>and
>testing a process.
>
>The first of (probably several) documents has been posted at:
>
>
>https://github.com/alecmuffett/the-onion-diaries/blob/master/building-proof-of-concept.md
>
>...and has been written for people who are comfy setting up a simple
>Ubuntu
>Server instance in a virtualised environment or on (say) AWS.
>
>The goal of the document is to build an educational,
>non-production-quality
>"playpen" onion site which uses "man in the middle"
>request-and-response
>rewriting to make a normal website available as an onion site; this is
>not
>a technique that I would typically recommend for production use* - but
>it's
>great for messing around, learning, and starting to see how Onions are
>set
>up.
>
>If you like the document and would like to see some prior discussion
>and
>diagrams, read also:
>
>https://storify.com/AlecMuffett/tor-tips
>
>My next document will probably drill into the matter of how subdomains
>work
>with onion sites, and how to modify the process from the first document
>to
>experiment with supporting multiple subdomains.
>
>- alec
>
>
>* although last time I checked I think, Ubuntu and perhaps ProPublica
>were
>doing this, but rather more professionally than I describe here.
>
>-- 
>http://dropsafe.crypticide.com/aboutalecm
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Connect Tor to socks4a proxy

[Flipchan]

Hello everyone:) 
I am currently working on a proxy Project (github.com/flipchan/LayerProx) and i 
connect to my proxy with a socks4a, anyhow i am trying to connect first to Tor 
then to the socks4a proxy like a dynamic_chain proxychain, 
Does anyone know how to connect to a socks4a proxy with Tor(without 
proxychains) i have played around with socat But havent rly got it to work and 
havent rly found any good python libs, does anyone know how to connect to a 
socks4a proxy using Tor?  Or is like proxychains the only way

Have great day and Take care
-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Makeing irc look like http PoC

[Flipchan]

Hi i created a Little PoC on how to use my latest Project LayerProx to make irc 
data look like http data 
https://m.youtube.com/watch?feature=youtu.be=BeJjUFe-0Vg

Take Care and have a Nice day

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] New relays and bridges.

[Flipchan]

Good idea! I will try myself

laurelai bailey <laurelaist...@gmail.com> skrev: (21 augusti 2016 21:59:42 CEST)
>Since some folks have declined to offer their services in this
>department i
>thought it might be a good idea to start outreach to get more bridges
>and
>relays setup. Ill be setting one up myself and encouraging others to do
>the
>same across various platforms.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] sadly have to shut down my tor relay after less then 24 hours

[Flipchan]

Dont forget port 993 for imaps(imap with ssl) so You can use ssl with imap

Anthony Papillion <anth...@cajuntechie.org> skrev: (21 augusti 2016 01:39:01 
CEST)
>It's actually pretty easy and you definitely don't have to be a coder:
>
>1. Find your torrc file and open it in a text editor
>2. Search for 'ExitPolicy' (all one word) to find the right section
>3. Enter a list of the ports you want to allow. Example:
>
>   ExitPolicy accept *:80
>   ExitPolicy accept *:443
>   ExitPolicy accept *:110
>   ExitPolicy accept *:143
>   ExitPolicy accept *:465
>   ExitPolicy accept *:587
>   ExitPolicy reject *:*
>
>Make sure all of the other ExitPolicy statements are either deleted or
>commended out. The exit policy above allows ports 80 and 443 (for web
>access), and ports 110, 143, 465, 587 for email access. It rejects
>anything else.
>
>This should stop your copyright infringement problem or at least reduce
>it to almost nothing since the users would be restricted to stuff they
>can get on regular websites (no torrents, USENET groups, etc).
>
>Hope this helps!
>
>Anthony
>
>On 8/20/2016 6:29 PM, Sarah Alawami wrote:
>> Well I'm no coder. How do I then do this? I'm going to start over
>from scratch, maybe. I dont' know much about the exit policies as I'm
>quite new to this tor thing lol! I wonder what is trigering this to
>happen on our vps's, at least o my vps. Lol!
>>> On Aug 20, 2016, at 4:23 PM, pa011 <pa...@web.de> wrote:
>>>
>>> Made the same experience this week within 24 hours as well on Bit
>Torrent
>>> Changed my Exit-policy - never had that before...
>>>
>>> Go on...
>>>
>>> All the best 
>>>
>>> Paul
>>>
>>> Am 21.08.2016 um 00:49 schrieb Anthony Papillion:
>>>> On 8/20/2016 5:47 PM, Sarah Alawami wrote:
>>>>> Hello to all. Sadly I have to shut down my tor relay after less
>>>>> then 24 hours, as I received a copyright violation and I don't
>want
>>>>> any network restrictions  placed on me as I want the 150mbps
>>>>> speed.
>>>>
>>>>> Sorry to all who were using it, but yeah there it is.
>>>>
>>>>> Blessings.
>>>>
>>>> That sucks! Sorry to hear about your experience. Might it be
>possible
>>>> to run your exit with a greatly reduced exit policy? Maybe just
>>>> HTTP/HTTPS and mail?
>>>>
>>>> Anthony
>>>>
>>>>
>>>>
>>>>
>>> -- 
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> 
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] proxy servers compatible with tor and proxychains

[Flipchan]

I use this freeproxylists.net/
But its very hard to trust proxies

message <let...@openmailbox.org> skrev: (18 augusti 2016 19:55:30 CEST)
>Readers,
>
>After searching for free proxies, it has been difficult to find servers
>
>to add to the proxychains configuration file, to use with tor. Nearly 
>all ip addresses deny access.
>
>Is there a list of free proxy servers that are friendly to tor?
>
>https://diasp.eu/posts/4538347
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A community concern that needs to be addressed,

[Flipchan]

I thought the same thing regarding hope 
Plus

There was 2-3 tor talks at hope i really enjoyed the tor isp talk

Griffin Boyce <grif...@cryptolab.net> skrev: (19 augusti 2016 03:17:48 CEST)
>myz...@openmailbox.org wrote:
>> Their post seems to be somewhat political and based on recent events.
>> The user's concern on the lack of technical posts makes a lot of
>> sense. I feel like Tor has become increasingly user-friendly and the
>> Tor Browser Bundle is by far less 'intimidating' to perform first
>time
>> configuration than it was a few years ago. The lack of technical
>posts
>> might concern some people. What are your thoughts on addressing the
>> issue?
>
>When I was at HOPE in July, men and women were saying (to me at least) 
>that they were happy that Tor is progressing, that they think we're 
>growing as a community, and they look forward to volunteering.  
>Honestly, that makes me really fucking happy.  That's not really an 
>`identity politics` thing.  I would say that none of the people that I 
>spoke to who plan to volunteer had any past negative experiences with 
>any Tor peeps.  It's more a matter of seeing a terrible situation
>happen 
>(from afar) and then seeing it handled in a serious way.  It's been a 
>real rough patch for the community, but most everyone seems to be 
>handling it with grace and professionalism.  Things like that can 
>inspire confidence in a project's team, as weird as that probably 
>sounds.
>
> So: I'm happy that people aren't scared away, hope that people of all 
>genders will keep volunteering, and that everyone will eventually move 
>beyond this (perhaps to more technical topics).  People can always post
>
>about a Tor-related project on this list and it may well make it to the
>
>blog or twitter.  I mean, if someone posts a cool project here I'm 
>pretty likely to post it to my twitter stream =)
>
>~Griffin
>
>-- 
>Accept what you cannot change, and change what you cannot accept.
>PGP: 0x03cf4a0ab3c79a63
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Username Generator programs

[Flipchan]

Python got a random word lib maybe take a that generate a word and some extra 
chars, maybe i could script up something

Marina Brown <catskillmar...@gmail.com> skrev: (6 augusti 2016 17:36:57 CEST)
>On 08/05/2016 02:29 PM, ban...@openmailbox.org wrote:
>> Does anyone know about any good username generator programs?
>> 
>> I've been thinking about some of the ways users can deanonymize
>> themselves when posting on a forum.
>> 
>> Besides password re-use from non-anonymous accounts (which password
>> managers deal with), writing style (Anonymouth is supposed to deal
>with
>> that - openjdk support in progress), Re-using a non-anonymous
>username
>> by mistake is a remaining problem.
>
>I use pwgen as a username generator as well as a password generator.
>Here is some of it's output.
>
>joaS7wai ieyie3Hu eixub4Lu ouChu8oh ned7Eeva eeYaef6w ik9Queib ahviJie6
>laesa2Ee huZ8eeLe feS2eeme een6aeNa ieGh8eBi roop5uCa xoo6ozaD zukaij8Y
>uaTheo2a fah4bieY bai0eiFe zoHoi6ee mah4Bah7 sha0Zaes Iefui6ph widiM6xo
>Eeda5ooH nao7oeG6 Ook0aila OhTh4po5 Phijee6E Kuk9hi3i fa2meiMi Aengaiv7
>Queigh6e aib7Tuxu Peubae4o ooNgo7ua yahSh2an quum6Ri5 quahYai7 oojo5moS
>Aeb7thoo heivu9aS Dahng1ch ohghahX4 Ae1Yujei aeG9hab1 ao3ieSho eD0Puo7i
>Elai0ugo Eic6aa1t athai1aP Chiequ9e aCh7leax iquaiD5r aBeng4Ph ic5Aeshi
>wi8beeSh oyoh1oiX DaxooFa5 eipaB8ie ohch2Chi iiShu2Qu nooF8joo Cah8eipa
>PaevooD9 coo7ieH3 ie9eeThi oot7aeFo thoo3Quu ceeF3iel thoub2Ao theeC6pi
>Yoh6joob wohb2Eef UPah6lah Li0thohk eiS9AuMo am8Oothu teek2Aeg AxueZ8AM
>uKah8EeS pohy0doW mioShei6 Paphah4z iduiph7L echu1zuX Zoh8bieV ahthaJ6o
>iaD1queK Fo3Rurah aiThaek5 zue7uPie geD6Aeto Usai9pho aaqu3Weu Yee9Nu5I
>ahj1uT4i uc0Raew9 sauV8aes Eithien5 aibooLe7 nah0Eeph APiSead8 kuWa3Aer
>Quieno6e aec5oaKo Toiph4oh Odakuz9p pah6aeDi eeth2Fou Gae4Aeph aiy0Shae
>tiefee7J Xi5ooduH Jae7EiJ3 Ofohch6i en3Och7O Ieke0quo Wee3pahn aCh1ash4
>Aingoo6n Yaif8ta2 EephiQu1 wie6ohKu aphur0Ai Phie9Fee Ieshoh4e ua8Yah9u
>
>
>--- Marina Brown
>
>
>
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Username Generator programs

[Flipchan]

http://nsanamegenerator.com/

The Doctor <dr...@virtadpt.net> skrev: (11 augusti 2016 21:24:49 CEST)
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>On Fri, 05 Aug 2016 20:29:38 +0200
>ban...@openmailbox.org wrote:
>
>> Besides password re-use from non-anonymous accounts (which password 
>> managers deal with), writing style (Anonymouth is supposed to deal
>with 
>> that - openjdk support in progress), Re-using a non-anonymous
>username 
>> by mistake is a remaining problem.
>
>Do they need to be 'real' usernames?  What about the output of pwgen in
>default mode (eight alphanumeric characters)?
>
>oYahb1ee Abai4su7 ahsh7eiB uGahPie5 Sae0zaej too5Phag Aitie4oo eiP3mief
>
>Unique as a username; pseudnonymous.  Not memorable, though, because
>they
>look like 1200 bps line noise.
>
>- -- 
>The Doctor [412/724/301/703/415]
>
>PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F  DD89 3BD8 FF2B 807B 17C1
>WWW: https://drwho.virtadpt.net/
>
>"Keep the lasagna flying." --Robert A. Wilson, final blog post
>
>-BEGIN PGP SIGNATURE-
>
>iQIcBAEBCgAGBQJXrNEBAAoJED1np1pUQ8RkGuoQAI3N0k/tdQNAf97ehl9qT/S6
>dwIy2zqJP4NObLIz5vDhN/PNfYdwJiz9Dm8VaGqfAgibMIsF1+e3b4BQ8WSWJkD/
>QaUXR/GEb/VxnKGXOdnZgV5qQHpU9+Iqfp+fWz7s9blZdEVGIc69VQuSW3T749sa
>VFfOpV4AMZXiMNtmOeQfcRf03kyYeXU8MbO4ola0muqcjAriEuV0GLvC5PWcaf7B
>pyW3uG8y7WdQrTIIxArVwxrPB4ckHzHxHxUScssq1T5De4wEdqR0N3uaab00jf8S
>6OXOdK17Nr0M48iRIpKFfdX9Nlei6AYFLxp92lYGSXelAkRfsHI9hNN3kPdlsvjE
>kAwyhOKKqc7uhEXcCG19FT2CDJJ+jf9IMBiRMzDMXTHl8YTEal7Rqf4i8uqZsUc3
>gWmdcQAApD/XuefzqSx8aNIeT3kLhP6bZQ/KMt/TMLUzJRsgF9oum0vjMoe5s86M
>sZ7DB7xS2AUF1bvZsjpQV7ZDQolHBvN1yb0Pj2ubIGYXNrwwJUQoclvsi+TFXX3G
>JRRHTZtaIJPbzO4DIS/Fb/cgeLtUxN41lPbbxoYGiUDigJDy9aBruS/sSRUk4fcd
>qpNrWVwHqehuJoF8LA4Fd7NIl7qvPbAyMxezqwDh5UvS9Afonp6q+rBw/MF0n5HQ
>iISsQldHtzXXFTL4e6tw
>=8HON
>-END PGP SIGNATURE-
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor and macOS Sierra

[Flipchan]

Maybe u are runnin something else on that port? Run netstat?

tort...@nym.hush.com skrev: (2 augusti 2016 00:28:17 CEST)
>Hey all,
>
>I am trying to report an issue with Tor Browser and, after consulting
>the Tor Stack Exchange forum, this seems like the best place to do so.
>
>I am but an irregular user of Tor but I like to have it at hand and
>use it  from time to time. Up until recently, I would update
>frequently and it  all worked smoothly. However, today is the first
>time I try launching it  after upgrading to macOS Sierra and I am
>bumping into an error for the  first time.
>
>Instead of connecting like it used to, the "Tor Status" window stays 
>in place for a while and eventually delivers an error message saying 
>"Tor Launcher. Could not connect to Tor control port".
>
>I upgraded to the most recent version of Tor Browser (the stable 6.0.2
>and then experimental 6.5a1), created  an exception in my Firewall and
>even deactivated said firewall for a bit,  but all to no avail. Is
>this something someone else has bumped into?  Could it be connectivity
>issues with Sierra itself? Some other functionality  that blocks
>ports?
>
>I hope this helps.
>
>Best,
>
>L.
> 
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] EU Intel Property Office Report Hates on Tor, Bitcoin, Bittorrent, Goods Pirates and Models

[Flipchan]

I think its great that u can download it, and if u like it u will/can buy it :)

Conrad Rockenhaus <conrad.rockenh...@riseup.net> skrev: (26 juli 2016 22:47:43 
CEST)
>Just a short answer to your rant  - you are correct about the embrace
>of 
>mp3.  Had they done it sooner, they would of banked in quite a bit of 
>money.
>
>Regards,
>
>Conrad Rockenhaus
>
>On 2016-07-25 09:44, Friet Pan wrote:
>> Sounds a bit like the war on drugs.
>> 
>> They refuse to look at the cause of the problem, but jump around the
>> effect like their pants are on fire.
>> 
>>  the effect is so scary, but refuse to see that THEY are
>> the ones who caused it.
>> 
>> In case of the music industry, they ignored MP3, then they ignored,
>> napster and co. then they sued napster when the damage was done and
>> out of control.
>> 
>> 
>> If they had embraced MP3 in the very beginning, and had ran their own
>> donwload sites at fair prices, then there would not have been a need
>> for pirates, it wouldn't even make sense.
>> 
>> But the music industry is greedy, and always wants MORE profit, so
>> they make stuff artificially expensive and then moan that people give
>> copies to their friends. I have an insane record collection, and when
>> i download a track that i already own on Vinyl, on CD, or on BOTH,
>> then they still want MORE money, i already paid the damn thing TWICE,
>> so why is it a problem to download it?. Is it illegal? NO. Then why
>> moan about it?
>> And if there is no money in making music, then why do studio's still
>> record music?, Why do record labels still produce music? If there was
>> no profit then there would be no product. They still make music, and
>> still make a living.  And now people try before they buy, they
>> download, and find new music that the industry does not promote on
>the
>> radio. And more artist make a chance to make money, all over the
>> world, not in a small region.
>> 
>> So that part is one big lie. Torrents do more music promotion then
>> what radio ever accomplished.
>> 
>> 
>> But thats off topic i guess...  I had to say something about it. It's
>> just silly.
>> 
>> 
>> If you want fame in the 21th century, then make sure you have a
>> torrent available. And you can make yourself more popular then
>> 21thcentury fox can do for you with all the money in the world.
>> 
>> And for TAX it doesn't matter, Servers make TAX, advertisment makes
>> TAX, Concerts make TAX, more then ever before.
>> 
>> I'm not promoting piracy, i'm only saying that the music industy is
>> barking up the wrong tree, torrents SELL MUSIC and without the need
>of
>> bribing corrupt radio hosts.. It's cheaper then radio.
>> 
>> The other topic have similar answers, movie industry is a bit
>> different, buy they could have used torrent as a distribution
>> mechanism, and made money without expensive servers and datapipes.
>> 
>> It's their own mistake, and now they need someone to blame. So if TOR
>> can protect people who are human and share their cooking recipes then
>> that's all good. Without sharing data the human race would be more
>> like a bunch of chimps fighting over a branch. If the music industry
>> manages to put us in a zoo where we need to pay to look outside, then
>> we are like chimps in a boring zoo without any visitors.
>> 
>> thats not human
>> 
>> Damn, i got pissed My apologies for my ranting... i'll buy some
>> music next week...
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> - Original Message -
>> 
>> 
>> A new report published by the European Union Intellectual Property
>> Office 
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Flipchan]

Hello , i have exposed some pedofiles (i helped friends trace em) and in my 
experience pedofiles doesnt have much security, in 4/5cases i got them to go in 
to a website i owned and they did that and i loged ip hostname etc and only one 
use a vpn, anyhow like alot of ppl is saying the server must been hacked by them

Jonathan Wilkes <jancs...@yahoo.com> skrev: (22 juli 2016 17:35:50 CEST)
>> However, if one's mum is willing to invest the time, they'll more
>than
>likely install the system successfully.
>
>
>Jon,If Haroon's simplification were to make sense to an audience of
>people who 
>aren't UX experts, it would be trivial to understand the constraints. 
>For 
>example, if I say, "explain like I'm five" and my audience uses simple
>sentence 
>structure and/or pithy metaphors, then I was understood.  If instead
>they talk in a 
>condescending tone and try to persuade me not to throw a tantrum, I
>wasn't 
>understood.
>
>At the very least, the question, "can my mum use this software?" has
>the 
>constraint that "mum" is immutable-- her skills are what they are, 
>and her time is limited.  The upshot is that the software, on the other
>hand, 
>is mutable.  We love "mum" and want her to use our software.  If we
>imagine 
>she isn't able to use it then it's the software that should change to
>correct that.  
>
>And here we have a respondent who does a complete 180 on the
>constraints.  
>Claiming that "mum" just needs to "invest the time" is to do exactly 
>the opposite of what Haroon was implying.  Now it's not the software
>that 
>should change, but "mum's" priorities!
>So please show this thread to Haroon as a hopefully final nail in the
>coffin 
>of the
>"design-for-that-poor-little-older-or-younger-lady-that-you-love" 
>trope.  The intended audience clearly _not_ understand it. 
>But unlike everyone else who keeps repeating that trope, I have
>complete 
>faith that a UX expert will know what to do when faced with this data.
>Best,Jonathan
>  
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] webmail send while using TOR is tagged as spamends up in spam

[Flipchan]

I can say that i get all emails in my main inbox :)

Friet Pan <friet...@ymail.com> skrev: (25 juli 2016 16:03:10 CEST)
>Yes i also have a riseup account that i use on other mailing lists now,
>but i signed up here with the yahoo account for this reason, to see how
>serious it is, and to raise some awareness if needed
>
>
>I wonder how many people on the TOR mailing list receive my post in the
>spam box. or a percentage
>
>I try to post all messages o this subject without going trough tor.
>From Yahoo, with an account that sometimes uses TOR.
>
>And from the looks of it many people on this list get my original post
>in the spambox. and maybe this post as well.
>
>
>I'm pissed, i try to stay focussed and to stay to the point. that not
>easy... i can snap before i know it.
>
>But i try my best to avoid a F*CH_SH*T_STACK on this list.
>https://vimeo.com/13897452oops slip o't'tongue
>
>
>
>
>
>- Original Message -
>From: Flipchan <flipc...@riseup.net>
>To: tor-talk@lists.torproject.org
>Sent: Monday, July 25, 2016 2:44 PM
>Subject: Re: [tor-talk] webmail send while using TOR is tagged as
>spamends   up in spam
>
>Have u tried switching email provider? I had alot of problem with gmail
>but i switched
>
>Friet Pan <friet...@ymail.com> skrev: (25 juli 2016 14:37:00 CEST)
>>
>>
>>
>>
>>- Original Message -
>>From: "m...@beroal.in.ua" <m...@beroal.in.ua>
>>To: tor-talk@lists.torproject.org
>>Sent: Tuesday, July 19, 2016 11:42 AM
>>Subject: Re: [tor-talk] webmail send while using TOR is tagged as
>>spamends up in spam
>>
>>Hello.
>>
>>On 19.07.16 08:13, Friet Pan wrote:
>>> i use yahoo to mail with mailinglists but i use TOR to connect to
>>yahoo.
>>>
>>> tuns out that all my posts now end up in everyones spam folders.
>>>
>>> Is this because the tor exitnodes are used by spammers?
>>>
>>> or is every mail that was send from a TOR user falsely marked as
>>spam?
>>>
>>> also the subscription confirmation email i received from this list
>>ended up in yahoo's spam.
>>I see that roughly 10% of messages from tor-talk@lists.torproject.org 
>>from different people go into Gmail's spam folder. If you send a
>>message 
>>via Yahoo's webmail, the message is sent from Yahoo's server, not from
>
>>Tor. So it's not likely that using Tor is relevant in your case.
>>
>>
>>
>>
>>
>>
>>Yahoo detects that i come from a tor exit node (known tor exit node,
>or
>>known exit node that once was used to send spam perhaps??)
>>
>>
>>Anyway Yahoo then rates me as 'unauthenticated user' and adds a
>>metatag? ot someting that google recognizes as 'unauthenticated'
>>whatever that means...
>>
>>And then in googles terms my mail is 'spam' in googles eyes.
>>
>>That's WRONG. Since i send a normal mail to a normal mailing list. 
>>
>>Now i cannot sue Google.. But Torproject is harmed by google, and
>>yahoo, AOL, and the rest of the cartel. And all TOR users are
>affected.
>> the cartel damages our privacy.
>>
>>If the torproject cab sue the crap out of them and then use the money
>>that comes out of that to improve TOR and our privacy. Then PLEASE
>DO!!
>>
>>
>>
>>
>>
>>> So now i also wonder how many people on this list are not receiving
>>THIS message.
>>This message has not gone into the spam folder.
>>
>>
>>
>>Since i did NOT sent THIS message trough TOR to make sure that it had
>a
>>chance to come tough (at the expense of MY privacy)
>>
>>
>>
>>
>>
>>> Can i sue yahoo for falsely tagging my mails as spam?  or better can
>>TOR sue Yahoo? :-D and win and get a lot of money to put into
>>development?
>>>
>>> please have a look at dmarc.org it tries to explain in lawyer-ish
>>speak how the yahoo, gmail, facebook aol, paypal, ebay, amazon cartel
>>teamed together to force people to 'autenticate'
>>>
>>> authenticate as in ...get a code that they can use to invade our
>>privacy. (or is this my brain going into paranoia mode?)
>>No spam filter is perfect. My advice: do something useful, dude,
>>instead 
>>of suing people providing you a service for free.
>>
>>
>>
>>I know a way to block spam that is nearly perfect, though i'm not a
>>developer, and don't have the skills to DIY it.  I want to share this
>>idea, and discuss the details. But first i need to see that someone
>>grasps

Re: [tor-talk] webmail send while using TOR is tagged as spamends up in spam

[Flipchan]

But isnt there anyway to unblacklist the emails? Like whitelist them in some 
setting?

Friet Pan <friet...@ymail.com> skrev: (25 juli 2016 15:25:45 CEST)
>Thanks.
>
>and this was send by me without giung trough TOR, go figure...  it
>remembers me having used the tor network, and keeps rating my posts as
>spam
>
>THIS ALSO HAPPENS with mails that come from hactivism websites.
>
>And mails from GNU.org
>FSF.org
>
>what about amnesty international, greenpeace etc.  can we check this?
>can we ask all the humanitarian organisations to send their mail trough
>tor and see what percentage is burned in the spambox?
>
>how many petition emails are never recieved?
>
>... ad more questions of the like here:
>
>
>.
>.
>.
>
>
>
>
>
>
>- Original Message -
>From: David Balažic <xerc...@gmail.com>
>To: tor-talk@lists.torproject.org
>Sent: Tuesday, July 19, 2016 1:59 PM
>Subject: Re: [tor-talk] webmail send while using TOR is tagged as
>spamends up in spam
>
>On 19 July 2016 at 07:13, Friet Pan <friet...@ymail.com> wrote:
>
>>
>> So now i also wonder how many people on this list are not receiving
>THIS message.
>
>For me gmail put your message (but not the replies) into Spam. Forgot
>to check the reason it gave, sorry.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] webmail send while using TOR is tagged as spamends up in spam

[Flipchan]

o, or will the same stuff happen
>when using another email provider?
>At least, a mail service of a paid web hoster allows you to turn off 
>
>spam filtering.
>
>
>
>But then it still allows spammers to send you spam on that address. :-)
>
>
>
>catch  and a half.  I'm looking for a real solution that solves
>the CAUSE of the problem instead of 'pharmaceutical' medicating the
>effect, and keeping the cause where it is. (only to sell more crap to
>pamper the effect, and give you cancer on top of it that needs even
>more pharma shit)
>
>
>Is that a good way to describe it?
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Which Dns?

[Flipchan]

Hi all ! Im configuring a new debian server 
Can anyone recommend a good dns server? 


i Dont want to use my isp default one, i found one that sounded good when i 
read about it uncensoreddns.Org. 
if anyone know of a better one let me know :)

Take care
-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Anyone got the sourcecode for "CensorSpoofer"

[Flipchan]

Hi im writing a whitepaper atm , and im working on a proxy/code for that 
whitepaper and it would help/be good to look at the source code for the 
CensorSpoofer if anyone got it,i cant seem to find it anywhere 

https://people.cs.umass.edu/~amir/papers/censorspoofer.pdf

I would be very greatful if anyone had it/knows where it is. 

Take Care 
-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor-Friendly Two-Factor Authentication?

[Flipchan]

Let me awnser this for u:) use pgp , if c alot of ppl that use Googles stuff 
but all gets send back to Google so i wouldnt want them to get my data, 
github.com/flipchan/blogger i created 2factor so if the usr got a pgp 
fingerprint it will be redirected to 2factor.html after login ,then u generate 
a code(string of chars) and encrypt it with X users fingerprint and give it 
2min to decrypt ,thats pgp :) 

Scott Arciszewski <sc...@paragonie.com> skrev: (11 juni 2016 03:58:16 CEST)
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA256
>
>Hi,
>
>I'm developing a CMS platform called Airship and I'd like to make it
>as Tor-friendly as possible.
>
>Someone from the community suggested Two-Factor Authentication, but as
>far as I'm aware there aren't many good options:
>
>* SMS-based authentication requires a phone number, which is
>identifying information
>* Google Authenticator requires a Google Account, which now-a-days
>requires surrendering your phone number to Google
>* FIDO U2F requires users to purchase separate hardware devices which,
>while cheap, aren't already in the arsenal of most netizens
>
>I was curious if anyone in/around Tor was aware of any
>privacy-preserving 2FA initiatives.
>
>Thanks a lot,
>
>Scott Arciszewski
>Chief Development Officer
>Paragon Initiative Enterprises
>-BEGIN PGP SIGNATURE-
>Version: Mailvelope v1.4.0
>Comment: https://www.mailvelope.com
>
>wsBcBAEBCAAQBQJXW3AsCRBrl6HCgmQE2gAA06YIAIx89seJ/M1Z+8V6+4sP
>VRMCOcH2tPBbBl7KW17RRDuO2aoDsWNiaLNgY7ssHcm2xBte0T04uNTxfYxu
>8/pzzgUrU6L7WHcUnGdUfqHtdBr6DY6xSrSavu6VwEATm0f5qDl3AouHyd9X
>9aZs1nNX0/QQc/hMOE+hfkGl0rUDKKiwXCxLqXTxdxHiNqixQjb2GpfbiUen
>ph4BLFAIFsUZ/STGRJOY31SVB/Lk9MOG2VOPlhXa27R+8IV7rcq41sQtEdUL
>AdDOOCazmNISpUz1/I6/0wW16fGqrHk3jbtWMklzl4LI5aFg1w3CmV/MLEZE
>i2HHPGvMiO3osSmyNBM2lL0=
>=a2E8
>-END PGP SIGNATURE-
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Can we have less of Jacob Appelbaum here, please?

[Flipchan]

^^ :)

I <beatthebasta...@inbox.com> skrev: (10 juni 2016 17:23:00 CEST)
>> 
>> Hello, people. Sincerely, I'm tired of this flood of threads
>
>..and let's send some t-shirts to me.
>.
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Graffiti "rapist lives here" at Jacob Appelbaum's house

[Flipchan]

That is so much to far

carlos...@sigaint.org skrev: (10 juni 2016 20:32:39 CEST)
>
>
>https://i.imgur.com/N0yv8DU.png
>
>https://twitter.com/Shidash
>
>https://pbs.twimg.com/media/Ckl7yTEWEAA6ko8.jpg
>
>https://pbs.twimg.com/media/Ckm-FkAWgAAJzEc.jpg
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Bittorrent starting to move entirely within anonymous overlay nets

[Flipchan]

Well like he says u cant proxy bittorrent traffic through tor cuz its udp

grarpamp <grarp...@gmail.com> skrev: (9 juni 2016 06:52:35 CEST)
>First come the clearnet indexes...
>
># kickass torrents
>http://lsuzvpko6w6hzpnn.onion/
># the pirate bay
>http://uj3wazyk5u4hnvtk.onion/
># rutor
>http://rutorc6mqdinc4cz.onion/
># btdigg
>http://btdigg63cdjmmmqj.onion/
># torrents md
>http://tmdwwwebwyuuqepd.onion/
># demonoid
>http://demonhkzoijsvvui.onion/
>
># Putting the "Tor" back in Torrent
>https://gist.github.com/obvio171/addb26214a8c159f84a8
>https://news.ycombinator.com/item?id=8022341
>
># For DHT, PEX, UDP
>https://www.onioncat.org/
>
>Just a teaser of what's already out there...
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Can we have less of Jacob Appelbaum here, please?

[Flipchan]

I agree

T F <torabu...@gmail.com> skrev: (10 juni 2016 12:17:57 CEST)
>This is Exactly what I am thinking... tiered and too much rumors
>Am 10.06.2016 10:40 vorm. schrieb <m...@beroal.in.ua>:
>
>> Hello, people. Sincerely, I'm tired of this flood of threads.
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] What can u code in 2 days ?

[Flipchan]

I wanted to challenge myself to 100% so i coded a blogging platform in 2 days 
(rushed it after my regular work)  the css and style sucks but i spent most 
time on the sec and simular stuff i ended up with:
https://github.com/flipchan/blogger

2factor pgp auth, btc address gen and ofc anti csrf and password hashing ^^ 

Was fun to work so intense with something due to the short period of time i had 
Building this . Anyhow would recommend to do something simular ofc it will turn 
out with alot of holes but its a fun Project to do, and also a break from all 
the talk about Jacob ,take care and have a nice day
-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Which reputable webmail providers function well with Tor?

[Flipchan]

I am also very happy with the webui its called roundcube n its opensource:)

Crypto <cry...@jpunix.net> skrev: (7 juni 2016 09:44:40 CEST)
>Anthony Papillion:
>> 
>> 
>> On June 6, 2016 7:47:16 PM CDT, Not Friendly <notfrien...@riseup.net>
>wrote:
>>> I'm not sure about registering from Tor but Riseup.net is pretty
>>> friendly with Tor. That being said you must have an invite or
>request
>>> an account. However I will say the interface works great with Tor.
>I've
>>> never had an issue with them.
>> 
>> You can absolutely register from Tor. As far as I can tell, they put
>no restrictions on connecting to the site via Tor at all. Unlike many
>others, they actually respect privacy and don't feel the need to treat
>every new user as a potential spammer. 
>> 
>> Anthony
>> 
>
>RiseUp actually has .onion addresses for all of their various services.
>They list them in their Help->Security section.
>
>-- 
>Crypto
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor doesn't connect over a proxy

[Flipchan]

Why would u go vpn->tor and not tor->vpn? 

Not Friendly <notfrien...@riseup.net> skrev: (6 juni 2016 21:59:07 CEST)
>On 2016-06-06 14:45, katerim...@sigaint.org wrote:
>>> On 2016-06-06 14:15, katerim...@sigaint.org wrote:
>>>> Hello
>>>> I'm trying to connect Tor over a proxy in Qubes. In proxy machine I
>>>> have a
>>>> proxy software (JonDo) while in the AppVM I have installed Tor. In
>>>> torrc I
>>>> have setup as socks5 "ip of proxyVM" and as port "4001" (JonDo
>port)
>>>> but
>>>> Tor bootstrap always stops at 80%, showing this:
>>>> 
>>>> "Problem bootstrapping. Stuck at 80%:Connecting to the Tor network.
>
>>>> (No
>>>>   route to host; NOROUTE; count 3; recommendation warn; host
>>>> A705AD4591E7B4708FA2CAC3D53E81962F3E6F6 at 46.166.170.5:443
>>>> 2 connection have failed
>>>> 2 connection died in state connect()ing with SSL state (No SSL 
>>>> subject)
>>>> The connection to the SOCKS5 proxy server at "ipVM":4001 just
>failed.
>>>> Make
>>>> sure that the proxy server is up and running"
>>>> 
>>>> I tried to setup before in whonix but without result
>>>> 
>>>> Thank you
>>> 
>>> Your setup isn't safe. The proper setup is to have tor running in
>the
>>> "Proxy VM" and then then have the "App VM" tunnel all traffic over
>>> through the Proxy VM. I'm not sure why you are using JonDo. Since
>they
>>> first charge for their services and because of it have billing
>records
>>> and they are also proven to keep logs on the amount of bandwidth you
>>> use.
>>> 
>>> Keep in mind they state:
>>> "Only the following non-individual-related information sent by your
>>> browser is stored:
>>> 
>>> the visited webpage (URL)
>>> browser type / browser version
>>> operating system
>>> referrer URL (the site visited before)
>>> time of the server request"
>>> 
>>> in their privacy policy.
>>> 
>>> You are by no means anonymous while using JonDo nor safe as since
>they
>>> store the information they could be forced to hand it over. It puts 
>>> you
>>> at risk. Just setup a traditional who-nix setup.
>>> --
>>> Not Friendly
>>> --
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>> 
>> Hello
>> Thank you for your reply
>> I want setup jondo before Tor
>> Vpn-->JonDo-->sys-whonix-->anonwhonix (vpn and Jondo in the same 
>> proxyVM)
>> I use tor to navigate but I would use JonDo for a more long chain (in
>
>> this
>> case JonDo see only tor traffic)
>Well I can say one thing about this. With the long chain you are going 
>to have serious latency issues. Using Tor alone is sufficient. 
>Increasing the chain length doesn't add to your anonymity nor security 
>but it does slow down the connection a lot further.
>-- 
>Not Friendly
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] A possible solution to traffic correlation attacks,

[Flipchan]

Got any beta code on this? Maybe add/c ode it as a daemon ?;)

Not Friendly <notfrien...@riseup.net> skrev: (5 juni 2016 16:40:52 CEST)
>After about an hour of brain storming I may of found a way to stop
>traffic correlation attacks. The idea is to add an artificial delay of
>a few randomized ms (two separate delays, one to the tor exit and
>another deal on traffic exiting the network) and add an extra chunk of
>randomized data (just a small random amount of KB that never exits the
>network). It would make traffic harder to correlate. What are your
>thoughts on this?
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Which reputable webmail providers function well with Tor?

[Flipchan]

Autistici got lots of domain names to Choice thats cool

ng0 <n...@n0.is> skrev: (27 maj 2016 14:21:35 CEST)
>On 2016-05-26(04:42:20-0400), Griffin Boyce wrote:
>> blo...@openmailbox.org wrote:
>> > Can anyone suggest a reputable webmail provider that is not totally
>> > anti-Tor.
>>
>>I've had a good experience with Autistici/Inventati -- which is a
>> small Italian co-op similar to RiseUp.  MayFirst/PeopleLink and
>Electric
>> Embers are also great co-ops that are fine with Tor users, but aren't
>> free.  A/I isn't "free" per se either -- they run on donations -- but
>> there's currently no payment required to use their services.  They
>have
>> a dozen or so domains that you can choose from.
>>
>> https://www.autistici.org/services/
>> http://new.mayfirst.org/en/why-join/
>> http://electricembers.coop/services/
>>
>> *lights a candle for Lavabit*
>
>I have been using A/I for almost 10 years now, but when I wanted to
>recommend it
>to someone who previously had no email account it did not work as they
>require
>an existing email account for verification. There might've been also
>some
>Javascript involved and although they have a .onion address for
>www,smtp,pop,imap
>and other protocols, you can not register through this .onion
>
>This year they changed to lets encrypt and faded out their own CA, so
>you
>have to trust LE as well.
>
>--
>♥Ⓐ ng0 | http://www.n0.is/n
>4096R/13212A27975AF07677A29F7002A296150C201823
>
>
>----
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Audio fingerprinting

[Flipchan]

Isnt it block java? As simple as that

"mrnob...@mail-on.us" <mrnob...@mail-on.us> skrev: (26 maj 2016 08:23:34 CEST)
>http://techcrunch.com/2016/05/19/audio-fingerprinting-being-used-to-track-web-users-study-finds/
>
>A wide-scale study of online trackers carried out by researchers at
>Princeton University has identified a new technique being used to try
>to
>strip web users of their privacy, as well as quantifying the ongoing
>usage of some better-known tracking techniques.
>
>The new technique unearthed by the study is based on fingerprinting a
>machine’s audio stack via the AudioContext API. So it’s not collecting
>sound played or recorded on a machine but rather harvesting the audio
>signature of the individual machine and using that as an identifier to
>track a web user.
>
>I understand that these methods are not possible without javascript,
>are
>they?
>The example provided in the webpage:
>https://audiofingerprint.openwpm.com/
>uses fingerprintjs2 library.
>
>Any thoughts?
>
>
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor (and other nets) probably screwed by Traffic Analysis by now

[Flipchan]

That sounds rly good , Dont u mean more like a random time or date ,sure u 
could pic a random number what if the number is to high? Or to low,anyhow cool 
idea

Allen <allen...@gmail.com> skrev: (2 juni 2016 17:39:32 CEST)
>>
>> There's nothing you can do about it but
>> - start researching and using networks that use fill traffic
>>
>
>Another alternative would be to re-architect the services of interest
>to
>use a message or packet store-and-forward protocol with a random delay
>to
>thwart traffic analysis.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Please suggest domain registrats that are Tor (and bitcoin) friendly.

[Flipchan]

domains4bitcoin is pretty good

CitizenZ <citiz...@riseup.net> skrev: (27 maj 2016 16:59:37 CEST)
>Blobby,
>I have used Namecheap and paid with bitcoin in the past with no
>trouble.
>But It's been nearly a year. It's possible that the problem is not
>specifically Namecheap but the bitcoin payment processor that they use
>(e.g Bitpay). Especially if the processor uses Cloudflare. Some of
>these
>processors block payment requests over Tor. For example some will block
>the ability to scan a QR code with the payment details but will accept
>the bitcoin fine if you enter in the address and amount manually.
>
>I recommend Gandi, I have since moved all of my domains to Gandi and
>never looked back. They also accept bitcoin and I haven't had any
>trouble making payments over tor, since they are their own payment
>processor.
>
>Good luck.
>On 05/27/2016 04:41 AM, blo...@openmailbox.org wrote:
>> Earlier this week I attempted to buy a domain with Namecheap since
>> they accept bitcoin and, helpfully, have WHOISguard free for the
>first
>> year.
>>
>> Sadly Namecheap do not like proxies which includes Tor and will
>> prevent you from purchasing.
>>
>> Can anyone suggest a reputable (i.e. one that works) domain registrar
>> that accepts bitcoin and has no problem with Tor. I say "reputable"
>> because, in the past, I've found that a number of Tor and bitcoin
>> friendly registrars have a tendency to time out or hang for some
>> reason mid-way through the registration process.
>>
>> Many thanks.
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Sharing my OpenWrt Tor configuration

[Flipchan]

I have been wanting to play with openwrt for a while now :) great write up!

Rob van der Hoeven <robvanderhoe...@ziggo.nl> skrev: (21 april 2016 19:27:59 
CEST)
>Hi folks,
>
>Two months ago I wrote an article named: Thoughts on Tor router
>hardware. 
>
>https://hoevenstein.nl/thoughts-on-tor-router-hardware
>
>In the article I described an ideal Tor router configuration and argued
>that having Tor on the router benefits both security and usability.
>
>Since the article I have been playing a lot with my OpenWrt router, and
>I think I now have a very nice configuration. I documented my
>configuration in a new article:
>
>https://hoevenstein.nl/my-openwrt-tor-configuration
>
>The OpenWrt configuration improves my network security and . made
>me
>remove Tor from all my computers. Yep, Tor on the router is the way to
>go for me.
>
>Enjoy the article,
>Rob
>https://hoevenstein.nl
> 
>
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Operation Onymous Technical Explanation?

[Flipchan]

What i have heard was that it was alot of bad opsec and also some pma-exploits 

CANNON NATHANIEL CIOTA <can...@cannon-ciota.info> skrev: (26 mars 2016 12:32:21 
CET)
>Seeking technical information on how hidden services were de anonymized
>
>and what updates to HS protocol was applied as a mitigation.
>Thanks,
>-- 
>Cannon N. Ciota
>Digital Identity (namecoin): id/cannon
>Website: www.cannon-ciota.info
>Email: can...@cannon-ciota.info
>PGP Fingerprint: E7FB 0605 1BD4 8B88 B7BC 91A4 7DF7 76C7 25A6 AEE2
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Extend auto-IP-switching-time in TorBrowser (and depending from time of inactivity)

[Flipchan]

I think roundcube(an email client) works with easy session and switchin your IP 
shoulnd effect that session

Ben Stover <bxsto...@yahoo.co.uk> skrev: (25 mars 2016 12:12:07 CET)
>Hello Paul (and others),
>
>the problem is for example when I login into a remote mailbox through
>TorBrowser then the mail box provider
>see my IP (=IP of ExitNode).
>
>Since I often stay longer than 10 minutes in my remote mailbox an IP
>switch happens during my mailbox login session.
>Unfortunately a lot of mailbox provider setup smart "security session
>procedures".
>As soon as they detect an IP switch they force the user to re-login
>again (at minimum).
>
>Even worse: Some mail providers consider an account and password break
>and force the user to "verify" that
>they are really to owner of the account with a long-winded confirmation
>procedure.
>This could happen when only changing the country as well.
>Very annoying.
>
>So the easiest way to prevent these situation would be to keep the
>current Tor circuit (or at least the ExitNode).
>
>From what I read so far a "keep-circuit-instruction" is currently not
>possible.
>
>Why not offering the user such a (torrc) option? So its up to him if he
>wants an extended circuit-session-time or not.
>
>Ben
>
>>I'm confused. What is the situation you are concerned about?  A new
>>stream would go over a new circuit whether the previous stream is kept
>>alive or not. Is that not so? And I'm not sure what keeping the idle
>>stream open has to do with this. I understand the UX issues of
>>switching circuits, and I get the threat if not allowing a stream to
>>close causes attaching indefinitely to new circuits.  But I don't
>>understand why it is bad to have a new stream open on a new circuit
>>after another stream closes that was artificially kept open for a
>>while vs. having the new stream open after an initial stream closed
>>normally.
>
>>aloha,
>>Paul
>
>
>
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] cisco blacklist

[Flipchan]

Is it one IP per line?

Lee <ler...@gmail.com> skrev: (11 mars 2016 00:23:22 CET)
>Anyone know why Cisco has so many tor nodes blacklisted?
>
>Get the Cisco IP blacklist from
>  http://www.talosintel.com/feeds/ip-filter.blf
>Get the TOR node list from
>  https://www.dan.me.uk/torlist/
>
>$ sort ip-filter.blf > cisco-blacklist
>$ join -j 1 cisco-blacklist torlist | wc -l
>893
>
>$ wc -l torlist
>7007 torlist
>
>$ wc -l cisco-blacklist
>31516 cisco-blacklist
>
>
>Thanks,
>Lee
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] .onion name gen

[Flipchan]

IF i generate a .onion domain , isnt there a risk that someone can generate the 
same domain? I mean anyone can generate .onion domains and IF i got an easy 
.onion address then some could easily generate that rsa key right? 
-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Cloudflare: option available to whitelist the Tor "country" (T1)

[Flipchan]

Thats awesome!

nusenu <nus...@openmailbox.org> skrev: (3 mars 2016 21:45:44 CET)
>Tor friendly cloudflare customers can now configure their sites to no
>longer require captchas for tor users:
>
>
>https://support.cloudflare.com/hc/en-us/articles/203306930
>
>
>
>
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Bad exit/bad relay list

[Flipchan]

Great! Thnks

Roger Dingledine <a...@mit.edu> skrev: (18 februari 2016 00:45:32 CET)
>On Thu, Feb 18, 2016 at 12:36:53AM +0100, Flipchan wrote:
>> Does anyone have or know where i can find a list with bad
>exits/relays
>
>There aren't great resources for this I think.
>
>The simple answer is that you can look at your cached consensus file,
>and the ones labelled BadExit are the bad exits, and the ones that are
>missing (ha) are the bad relays.
>
>If you want a way to visualize the consensus plus the votes that went
>into it, check out
>https://consensus-health.torproject.org/consensus-health.html
>(warning, it's a huge page)
>
>For a while it looks like somebody was maintaining
>https://trac.torproject.org/projects/tor/wiki/doc/badRelays
>
>But ultimately this is a really crummy arms race to play, and while I'm
>a fan of transparency for most development, it ends up making things
>too asymmetric in the wrong direction in this case:
>https://lists.torproject.org/pipermail/tor-talk/2014-July/034219.html
>
>As for reporting bad relays, see
>https://trac.torproject.org/projects/tor/wiki/doc/ReportingBadRelays
>
>Hope this helps,
>--Roger
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Bad exit/bad relay list

[Flipchan]

Does anyone have or know where i can find a list with bad exits/relays
-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] orplug, an Android firewall with per-app Tor circuit isolation

[flipchan]

Thats cool:) who needs a gui, not me ;)

On 2016-02-12 14:31, Rusty Bird wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

Maybe someone else will find this useful?
https://github.com/rustybird/orplug

Rusty



orplug, an Android firewall with per-app Tor circuit isolation

Not affiliated with the Tor Project.


Short intro

- - No GUI, please write one ;)
- - Default deny pretty much everything. Combinable access policies for
  individual apps, whole Android user accounts, etc.: transparent
  torification (circuit-isolated per app), fenced off access to Socks/
  Polipo, LAN access, clearnet access
- - Multi user account support
- - Doesn't leak IPv6 traffic
- - Clean DNS, but requires ANDROID_DNS_MODE=local ROM patch
- - Logs blocked DNS queries and blocked other packets
- - Input firewall allows sshd by default
- - Should work with enforcing SELinux
- - Includes the "--state INVALID" transproxy leak fix[1]
- - Tested on CyanogenMod 13 (Android 6.0.1 Marshmallow)


Longer intro

Really no GUI, unfortunately I don't have any talent for that. There's 
a

simple plain text configuration format[2] though, and the command line
"orplug-reconf" script could work as a backend to a graphical app. (It
accepts stdin as well as files for configuration.)

Unconfigured processes may only communicate with localhost and the
loopback interface. You can configure an individual app, a Unix user/
group, or an Android account:

  - to be transparently torified, with circuit isolation per rule
  - to be allowed access to local TCP ports 9050/8118 for native Orbot
support
  - to be allowed LAN access (except DNS)
  - to be allowed full clearnet access

All of the above can be combined: Transparently torify a VoIP app as
far as possible, but allow clearnet access for the remainder (UDP voice
packets). Or, for a home media streaming app: transparent torification
with LAN access.

Rules can apply to the primary Android device user account or to other
accounts.

For incoming traffic, every port is blocked to the outside by default.
But a hook loads files with raw ip(6)tables-restore rulesets, and one
such ruleset allows TCP port 22 (sshd).

The init script uses "su -c", which seems to set up everything properly
SELinux-wise on CM13. I'm not really sure because I don't have a device
that's able to run in enforcing mode.


The DNS mess

Android 4.3+ mixes DNS requests of all apps together by default[3]; 
when
a request finally appears in Netfilter, it's unknown where it came 
from.
orplug takes a strict approach and blocks this sludge, so it needs a 
ROM

patched[4] to export the environment variable ANDROID_DNS_MODE=local
during early boot.

Unfortunately, ANDROID_DNS_MODE=local makes Android send DNS requests 
to

127.0.0.1, instead of the value of the net.dns1 property. Until this is
somehow fixed, a rule has been added to redirect allowed clearnet IPv4
DNS traffic to $ClearnetDNS (defaults to Google's 8.8.8.8).

orplug blocks disallowed DNS requests by sending them to a local 
dnsmasq

instance that only logs queries (logcat | grep dnsmasq), but doesn't
forward them. This is how I noticed that CM13 with "everything 
disabled"

nevertheless attempts to connect to the hosts stats.cyanogenmod.org,
account.cyngn.com, and shopvac.cyngn.com. (Via UID 1000, in this case
the Settings package.)


Captive portals

Enable clearnet access for either UID 1000 (beware of the random stuff
apparently floating around there), or for a dedicated browser (and run
"settings put global captive_portal_detection_enabled 0" as root).


Installation

0. Set up some independent way to check for leaks, e.g. corridor[5].
   You've been warned...
1. Copy the orplug subdirectory to /data/local/ on your Android device.
   "chmod 755" 00-orplug, orplug-start, and orplug-reconf (all in
   /data/local/orplug/bin/).
2. Add the line ". /data/local/orplug/bin/00-orplug" (note the dot) to
   /data/local/userinit.sh and run "chmod 755 userinit.sh".
3. Copy the contents of /data/local/orplug/torrc-custom-config.txt into
   the clipboard, e.g. using File Manager. This file contains 
directives

   for tor to open 99 different TransPort and DNSPort ports.
4. In Orbot's settings, paste the clipboard contents into "Torrc Custom
   Config", disable "Transparent Proxying", disable "Request Root
   Access", and choose "Proxy None" in "Select Apps" (that last one 
only

   applies to current prereleases of Orbot).
5. Reboot your device.
6. Check that orplug has brought the firewall up: The output of
   "getprop orplug.up" is supposed to say "true". Log files are in
   /data/local/orplug/debug/ in case it didn't work.
7. Configure your apps by creating one ore more .conf file(s) in
   /data/local/orplug/conf/ (there's a commented user.conf.example[2]).
8. Run "su -c /data/local/orplug/bin/orplug-reconf". The output is
   supposed to say "orplug-reconf: populated". This will happen
   automatically if you reboot.


Footnotes

1. "--state 

Re: [tor-talk] Which webmail providers are Tor friendly.

[Flipchan]

Dont forget to encrypt all ur emails with pgp, i have looked at milter filter 
for email thats auto encrypts all incoming emails which is cool

blo...@openmailbox.org skrev: (5 februari 2016 13:09:40 CET)
>Hello!
>
>I am looking for Tor friendly webmail operators. By this, I mean ones 
>that do not insist on SMS verification and do not block Tor.
>
>I used to be happy with openmailbox.org but they now block new sign-ups
>
>that use Tor.
>
>I like ruggedinbox.com which is very Tor friendly but they are often 
>down (DDOS perhaps).
>
>Any other suggestions. I would prefer a basic service. I don't mind 
>paying a little if I can use crypto-currency. Although free or a 
>donation model is preferred.
>
>Thank you.
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] TB 5.5 for OpenBSD

[flipchan]

Great! i will check it out

On 2016-02-05 21:38, George wrote:

The Tor BSD Diversity Project just released Tor Browser version 5.5 for
OpenBSD/amd64. For those interested in running it, you need a very
recent -current (snapshot) of OpenBSD/amd64.

Here's the official announce:

TDP Announce for Tor Browser 5.5 for OpenBSD
20160205
The Tor BSD Diversity Project
https://torbsd.github.io/

The Tor BSD Diversity Project (TDP) is proud to announce the release of
Tor Browser (TB) version 5.5 for OpenBSD. Please note that this version
of TB remains in development mode, and is not meant to ensure strong
privacy, anonymity or security.

TDP (https://torbsd.github.io) is an effort to extend the use of the 
BSD

Unixes into the Tor ecosystem, from the desktop to the network.

The 5.5 version is the eighth Tor Browser release from TDP.

To install TB for OpenBSD, please see
http://mirrors.nycbug.org/pub/snapshots/packages/amd64/README-55.txt

TDP is focused on diversifying the Tor network, with TB being the
flagship project. Additional efforts are made to increase the number of
*BSD relays on the Tor network among other sub-projects.

TDP's source code repository resides at http://github.com/torbsd/

TDP is seeking funding to continue and extend its efforts. Please
contact us if interested in assisting TDP, allowing us to dedicate more
time to the project.


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[Flipchan]

Try to put up a server n run it throw tor and the generate a key with scallion 
for example https://github.com/lachesis/scallion , or ur favorite programming 
lang

a55de...@opayq.com skrev: (26 januari 2016 19:37:24 CET)
>A CA will not validate a '.onion' address since it's not an official
>TLD
>approved by ICANN. The numbers aren't random. From Wikipedia:
>
>"16-character alpha-semi-numeric hashes which are automatically
>generated
>based on a public key  when a
>hidden
>service
>
>is
>configured. These 16-character hashes can be made up of any letter of
>the
>alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
>number in base32 . It is possible
>to
>set up a human-readable .onion URL (e.g. starting with an organization
>name) by generating massive numbers of key pairs
> (a
>computational
>process that can be parallelized
>) until a sufficiently
>desirable URL is found."[2]
>[3]
>"
>
>Cheers,
>yodablue
>
>On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]

Re: [tor-talk] Using VPN less safe?

[Flipchan]

Well i never liked vpn , like for example in the US the police can force the 
vpn provider to give out info without the vpn provider telling the 
client/customer about it, so u need to put alot of trust in these vpn 
providers, i am acctually developing a better solution but its only in beta and 
i havent got it to work 100% , but IF u want a vpn think like this , is this 
person who is hosting my vpn ready to go to jail for me? Some vpn providers 
provide logless vpn which is the best ofc , but yeah u need a non US provider 
and some u trust 

Oskar Wendel <o.wen...@wp.pl> skrev: (24 januari 2016 12:48:57 CET)
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>Flipchan <flipc...@riseup.net>:
>
>> Do u mean a vpn to tor? Or first tor then a vpn?
>
>Tor over VPN. So we first purchase a VPN and then make Tor use it to 
>connect to the first hop.
>
>- -- 
>Oskar Wendel, o.wen...@wp.pl.remove.this
>Pubkey: https://pgp.mit.edu/pks/lookup?search=0x6690CC52318DB84C
>Fingerprint: C8C4 B75C BB72 36FB 94B4 925C 6690 CC52 318D B84C
>-BEGIN PGP SIGNATURE-
>
>iQEcBAEBAgAGBQJWpLooAAoJEGaQzFIxjbhM7eYH/2a9eKOo4csFUpky4r0DZMGb
>FNiUqo14JHXneyu3OV3whQH3UYSJD7Tat3t5e9GY+7ydxyvw1SEcBVhWGZj2VI+M
>RylCKStyu0CLIAXAYoTlHLWtRIkr4Dg9MNxIcTrHaqIjULasoixI5us/T5VtcWba
>YQzxh5xJ1kMybBEhfBt9g8UCTRUfSCUxDq0tT+nq9nD7W4dv5o4HRYDsbhAnd5yc
>pAO9vhwQeAYRRyyyW+qi1vtLcX543S5heC8muNQNd9w+hLJucxVKOSE9XmtFSXAK
>7G3JuDoeEthCnnix4N5fJb9B1nrZzqjny/bgtTsxIlMAphdO9HBY1UyaxKBmQtA=
>=ouRR
>-END PGP SIGNATURE-
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Using VPN less safe?

[Flipchan]

Instead of goin vpn->tor You could go i2p->tor

nobody <tsiolkovs...@riseup.net> skrev: (24 januari 2016 21:25:38 CET)
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA512
>
>
>
>On 01/24/2016 03:22 PM, aka wrote:
>> Oskar Wendel:
>>> Today I thought about something...
>>> 
>>> Let's assume that attacker (government) seizes the hidden service
>>> and wants to run it and deanonymize its users with traffic
>>> correlation.
>>> 
>>> Attacker could easily tap into major VPN providers traffic and
>>> try to correlate their traffic with hidden service traffic. And
>>> there are fewer VPN providers than Tor entry guards (and much
>>> less than home connections around the globe).
>>> 
>>> Does it mean that routing Tor through a commercial VPN could
>>> actually lower the security, compared to routing Tor directly
>>> through a home connection? It's in contrast with what many say,
>>> that you should use a commercial VPN for extra security.
>>> 
>>> 
>> 
>> Why not Tor over Tor? Using a Tor exit to connect to the first
>> hop. Would require traffic correlating twice.
>> 
>
>Quoting https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO:
>
>" When using a transparent proxy, it is possible to start a Tor
>session from the client as well as from the transparent proxy,
>creating a "Tor over Tor" scenario. Doing so produces undefined and
>potentially unsafe behavior. In theory, however, you can get six hops
>instead of three, but it is not guaranteed that you'll get three
>different hops - you could end up with the same hops, maybe in reverse
>or mixed order. It is not clear if this is safe. It has never been
>discussed.
>
>You can ​choose an entry/exit point, but you get the best security
>that Tor can provide when you leave the route selection to Tor;
>overriding the entry / exit nodes can mess up your anonymity in ways
>we don't understand. Therefore Tor over Tor usage is highly
>discouraged.
> "
>-BEGIN PGP SIGNATURE-
>Version: GnuPG v2
>
>iQIcBAEBCgAGBQJWpTM5AAoJECVOC2Tp0QhT/AIQAJIo6EgeBWWplZ8bU9tx/YHR
>umkS8tRy03WX89a6P9MXfnvV3ZTWmHhxWol7ekBhLbU1vZLN9yblEgUDsqX1I2t3
>OVHopy+4WzE48u1KRogCVvcmKvhwNAM5TblET8Euq9Op6tXKLZDVJFqDJ9Z64efO
>iJ/G86+d5nc9rz8a0krz2E1GvYV7fJrXn9LivNaf/IYHZsvObgQM+OWyxf8MP7F2
>PWI1cRTHZFMNInZ2KemiANaUGVSqbUmauygosBSUFygIEiRD8cEOh8v79/BIF3nk
>JGzGLE/oCSPSPb0gJdfu83+SmdN36zkrFwc4uVfCAqDD7IaUHtDvPvy4SYsLeGJi
>wSA1wewYuZ88UrtQ7CYRggAOpINEIQMs2RaskJQ7/PPWHVDA8Lo/IgzS1JV09hP0
>tBr49uZKsXVS6Y3YOxI6PEdIcZprWb75/PzrV0Vq6UpSnyC+JQBVAj4v7i4CfAC1
>/koTsp1Evn1Sul88TjeP7WVY63jdv8C9SFB40VB6u1Hb+s7LxuPk8Z0Ev66Y5Uoy
>QNzozyOS/qvye2MLois99Ge+IetA/I/IgksL6jzXDm/+QXUaE5b9PutIfpWWYbb1
>QXvoBmAJ6iQSLOB/zxTK38Y0avm37ZetuKvT0eheT8jczixeAWB08Walnx3n8j/i
>yqxbBSiyLM98XueLhgzF
>=r1Bz
>-END PGP SIGNATURE-
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] TorChat or other for IRC?

[flipchan]

yeah freenode blocked tor ...

On Wed, Jan 06, 2016 at 04:06:32PM +0100, Flipchan wrote:

I use irssi and proxy it throw tor , usewithtor irssi


Is it possible to connect to freenode? I remember they were
banned TOR network.


--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] TorChat or other for IRC?

[Flipchan]

I use irssi and proxy it throw tor , usewithtor irssi

andr...@fastmail.fm skrev: (6 januari 2016 15:56:42 CET)
>Is TorChat the usual program used for IRC?
>
>Or, there another irc client that's recommended?
>
>Where can it be downloaded from?  There seem to be way too many places
>to download TorChat.
>
>Thanks,
>
>Andre
>
>-- 
>http://www.fastmail.com - Send your email first class
>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk