[tor-talk] All I Want For X-mas: TorPhone
Arxaios, Thanks for the passionate response, but it seems like you are reconfirming the need for TorPhone. It seems that only by choice this rule is followed. Unless it is the nature of an open programming language to write what you want, malicious or not, which I think it is, I certainly do not understand the backdoor you are referring to [classification and experience are not requirements to understanding concepts if they are explained clearly]. It seems obvious that if someone can make it, someone can break it. But that doesn't mean we should not pursue better security and freedom than we already have with our mobile devices. Happy New Year to you, too. Awesome, SpencerOne Arxaios haris at arxaios.net wrote: The first rule , is not my rule at all, is never never been broken for a lot of years now because this rule gives hackers the freedom to test things. So if you are a programmer you would understand what I am talking about. Everything is made with this rule ...protocols , programs electronic devices and so on..!!! Is not a science fiction nor Orwell .! It is the truth believe it or not. The INTERNET what matter you do you rely on already build-ed foundations. Do the math... i am not going to argue on this because it is pointless. No system on earth is secure enough by individual needs. Even if you have the actual code then it is running on a pre-build Operating System which is already compromised. If that is not enough . the hardware you are using has hardware in-printed commands which you do not know what they do ...!! My point is : NOTHING IS SECURE. Happy New year. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
Dear Sir , The first rule , is not my rule at all, is never never been broken for a lot of years now because this rule gives hackers the freedom to test things. So if you are a programmer you would understand what I am talking about. Everything is made with this rule ...protocols , programs electronic devices and so on..!!! Is not a science fiction nor Orwell .! It is the truth believe it or not. The INTERNET what matter you do you rely on already build-ed foundations. Do the math... i am not going to argue on this because it is pointless. No system on earth is secure enough by individual needs. Even if you have the actual code then it is running on a pre-build Operating System which is already compromised. If that is not enough . the hardware you are using has hardware in-printed commands which you do not know what they do ...!! My point is : NOTHING IS SECURE. Happy New year. Arxaios. Στις 2014-12-31 16:31, spencer...@openmailbox.org έγραψε: Arxaios, I think you may be confusing cannot with should not. Though, regarding TorPhone, it is established that WiFi and cellular antenna connections as a means of communication are by nature able to track people, as that seems to be how they work. However, I do not think that implies that we should give up. Though they would still share your location, encrypted or not, we could put hardware switches on TorPhone, allowing people to physically disable their WiFi and cellular antennas as easily as adjusting the audio volume. This could also apply to other things, like non-removable batteries, as a way of ensuring that no connections can be made. Even just a network filter would assist people in limiting, or cutting off completely, network connections, especially those which share location data. And, regarding your first rule of back doors and open systems as a safety, rules are meant to be broken :) Nathan, thanks! I am familiar with Orwall, though configuring applications to route traffic through Orbot isn't a walk in the park for most people, since their is a warning about using non-tor configured applications on the site. Many people don't even understand what root access is, let alone be able to achieve it. Tomy sounds cool. Though, from what I can read, it has a ways to go. Also, there is the limitation for many people of not understanding having a second partition/OS on their device. If it came pre-installed and could be switched over to at will with a gesture or two, then that could be super cool and easy to manage. Giovanni, Janus sounds great, but very esoteric and a lot to learn, at least for most people. We'll see what the new year brings. Awesome, SpencerOne -- Arxaios haris at arxaios.net said: I know this because I am a Greek , but you cannot mix Greek Letters which obviously you do not have a clue what they mean, with English words. Ether you write full words in Greek or in English , and do not mix BECAUSE THEY DO NOT MIX TOGETHER. The Greek language is the most encrypted language in the word with millions of combinations and meanings .! Not my words only , but a lot of programmers + developers in various computer companies. Anyway ..about tor phone now... Do YOU really believe that there is an anonymity in the tor network?? because if you think so , then you are mistaken badly. Everything and I mean EVERYTHING are monitored by the people behind the scenes as I call them. All the phone calls , emails and every information is monitored by the SYSTEM and of course they file you , knowing everything about you. They will never let anything like tor-phone unattached no matter what encryption it will use. If you do not believe the above , then ask yourself this simple question : The people who will design the encrypted protocols will also leave some back doors open as a safety. The first rule is not to build something closed because if something goes wrong you will not have access to it to fix it. Simple as that. So the big question is : how safe do you think you are?? Arxaios. -- Nathan Freitas nathan at freitas.net said: Orwall is an attempt to automate the firewall configuration Mike covered in his blog, and to improve open (and replace) Orbot's transparent proxying features: https://github.com/EthACKdotOrg/orWall [1] There is also someone else (I can't find the link right now), working on automating all of the core system changes in the post through a flashable updater on top of AOSP or Cyanogen. This is an effort that I will be focusing on supporting more in 2015. Built on that is our longer term concept of a TAILS-like mobile system called Tomy, that can utilize bootable USB drives with Android phones and tablets: https://dev.guardianproject.info/projects/libro/wiki/Tomy_Detachable_Secure_Mobile_System [2] -- Giovanni Pellerano giovanni.pellerano at evilaliv3.org said:
[tor-talk] All I Want For X-mas: TorPhone
Arxaios, I think you may be confusing cannot with should not. Though, regarding TorPhone, it is established that WiFi and cellular antenna connections as a means of communication are by nature able to track people, as that seems to be how they work. However, I do not think that implies that we should give up. Though they would still share your location, encrypted or not, we could put hardware switches on TorPhone, allowing people to physically disable their WiFi and cellular antennas as easily as adjusting the audio volume. This could also apply to other things, like non-removable batteries, as a way of ensuring that no connections can be made. Even just a network filter would assist people in limiting, or cutting off completely, network connections, especially those which share location data. And, regarding your first rule of back doors and open systems as a safety, rules are meant to be broken :) Nathan, thanks! I am familiar with Orwall, though configuring applications to route traffic through Orbot isn't a walk in the park for most people, since their is a warning about using non-tor configured applications on the site. Many people don't even understand what root access is, let alone be able to achieve it. Tomy sounds cool. Though, from what I can read, it has a ways to go. Also, there is the limitation for many people of not understanding having a second partition/OS on their device. If it came pre-installed and could be switched over to at will with a gesture or two, then that could be super cool and easy to manage. Giovanni, Janus sounds great, but very esoteric and a lot to learn, at least for most people. We'll see what the new year brings. Awesome, SpencerOne -- Arxaios haris at arxaios.net said: I know this because I am a Greek , but you cannot mix Greek Letters which obviously you do not have a clue what they mean, with English words. Ether you write full words in Greek or in English , and do not mix BECAUSE THEY DO NOT MIX TOGETHER. The Greek language is the most encrypted language in the word with millions of combinations and meanings .! Not my words only , but a lot of programmers + developers in various computer companies. Anyway ..about tor phone now... Do YOU really believe that there is an anonymity in the tor network?? because if you think so , then you are mistaken badly. Everything and I mean EVERYTHING are monitored by the people behind the scenes as I call them. All the phone calls , emails and every information is monitored by the SYSTEM and of course they file you , knowing everything about you. They will never let anything like tor-phone unattached no matter what encryption it will use. If you do not believe the above , then ask yourself this simple question : The people who will design the encrypted protocols will also leave some back doors open as a safety. The first rule is not to build something closed because if something goes wrong you will not have access to it to fix it. Simple as that. So the big question is : how safe do you think you are?? Arxaios. -- Nathan Freitas nathan at freitas.net said: Orwall is an attempt to automate the firewall configuration Mike covered in his blog, and to improve open (and replace) Orbot's transparent proxying features: https://github.com/EthACKdotOrg/orWall There is also someone else (I can't find the link right now), working on automating all of the core system changes in the post through a flashable updater on top of AOSP or Cyanogen. This is an effort that I will be focusing on supporting more in 2015. Built on that is our longer term concept of a TAILS-like mobile system called Tomy, that can utilize bootable USB drives with Android phones and tablets: https://dev.guardianproject.info/projects/libro/wiki/Tomy_Detachable_Secure_Mobile_System -- Giovanni Pellerano giovanni.pellerano at evilaliv3.org said: yep, eventually it could be implemented a trick that vecna used in SniffJoke and i reimplemented some years ago in Janus: https://github.com/evilaliv3/janus this way nathan things can be done really more in a transparent way. fqrouter used it on android phones with success in past reimplementing janus concepy in python: https://gist.github.com/fqrouter/5083321 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
I know this because I am a Greek , but you cannot mix Greek Letters which obviously you do not have a clue what they mean, with English words. Ether you write full words in Greek or in English , and do not mix BECAUSE THEY DO NOT MIX TOGETHER. The Greek language is the most encrypted language in the word with millions of combinations and meanings .! Not my words only , but a lot of programmers + developers in various computer companies. Anyway ..about tor phone now... Do YOU really believe that there is an anonymity in the tor network?? because if you think so , then you are mistaken badly. Everything and I mean EVERYTHING are monitored by the people behind the scenes as I call them. All the phone calls , emails and every information is monitored by the SYSTEM and of course they file you , knowing everything about you. They will never let anything like tor-phone unattached no matter what encryption it will use. If you do not believe the above , then ask yourself this simple question : The people who will design the encrypted protocols will also leave some back doors open as a safety. The first rule is not to build something closed because if something goes wrong you will not have access to it to fix it. Simple as that. So the big question is : how safe do you think you are?? Arxaios. Στις 2014-12-26 09:19, Virgil Griffith έγραψε: The X in Xmas derives from the Greek letter Chi, which stands for Christ. This usage dates back at least to the Middle Ages. -V On Friday, December 26, 2014, m mgw...@gmail.com wrote: It's CHRISTmas you jerk, not xmas stop that insulting nonsense already -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk [1] -- -BEGIN PGP PUBLIC KEY BLOCK- Version: Encryption Desktop 10.3.0 (Build 8741) mQINBFSVwooBEAD2skb23pDtV7k/M8uQxowwMwIvYc07I4jjpVdc1wLxsOYfqB3z K4+tlrSnSgyUF9Q6UgyOs43wN2UZFGhBvasgVoIAUv2Nuo6SVt+Wl8/EUBUwYrn+ hUNEl39BFzs90WeQt9zoSX0u/kseKSZlqfFGroBkH7zHcMVTo2YePHpCMtLCyGAT +HVzpsEJl1DjueIccZXKCdEoiZqttlii/Sy491O7cOTop72ABallmN4fdQEhqbod kEsom0eCpCxcB8rHhv9zQEvexUD2ShqKhTGMHLmYimPqlBWL+k1BbrLJbHN1hJK4 YFaN33p8a+oRapPJFIlebNZfd4FWCtPtAz7YbaWgYWWE3hSvQh4ysmAb7VFFC+1p 1gWbk6pPZCUsRM6SzlSN3AmGC288wzh1m4eI6PvXgTY5gV5ZFVjgKIraXY2h/cDf K9CxdzlQRnYqT6vT3UulDmqhkywpb3OOvzXMXEQjOKy62xsgYt/16vfqbWKPOSP1 B0J0IsTj65QSpw07lOUlLfMty7qIcHWURP7oNRkYDhtRZppZOcfzkxz9mak2PXNS 0Grcc4qBxF+GTpMU7LkoiSNy57UeYPoi2CeDVhacvxEiDJ3z7j+lSZNC684CEhIT EVgSjuIRrZFvx4qNPn/tQSzkxeWOc6o79+JCU6shkjN1XXluDSEQKSBdMQARAQAB tBthcnhhaW9zIDxoYXJpc0BhcnhhaW9zLm5ldD6JAowEEAECAHYFAlSVwpgwFIAA IAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1lCAsJ CAcDAgEKAhkBGRhsZGFwOi8va2V5c2VydmVyLnBncC5jb20FGwMFFgADAgEF HgEGFQoICQMCAAoJECUgNYAhtkJTwGwP/AmRVefaanfsA9x4bLpRgJySkkCr qTQ4MNA+ZQMc/grwaei9ZeCy1N0YvosGTWo1PnLtgN+nvSPl92VywSUxYk++Raxn gi83iwiJANe8mfuLXxmJ0b5v+eh8OR/ew+A0fWGsfeYj/EqdwJh8XmiKsZEWW6C9 q13MO4PexAyDtUt67XYA/a6iagTmdi8qKqw1lo5w18mwJVUfx/32AfAj5BYWppgz AMCIt1aTK6O5728M635UnLloTNmyuJW0hxNXsgd1wmX+cXdgvJeeklBjOr1f+2Z3 Sty+8KHKozvQWRdC278PKw74BHsgTzCDlqnWur4pX/l49C1rfVHeZzVhE2EWs3ab EL41XPiNy7SLbDjvTWgz5/rjZIya/jLI7zvA09MIxBp0LEhVTJ+Fz7puBUzUiO7n s0sFyNK+is8jwoGMg21xmDzjpGJR7DSa8UM1NzCUXwPV11AU1Rh5CktAVdRJpF7w koiaHNYHQn7T4N7FMSg06VhTavUka8IYIX34zQsbE6T59eEUSk63bQPTxXtkHinR icRtsnt/RHF9/frlm9UZ1HLuZCl0TjGyeL5U1X8QzWgxCWy+TKPYN3mZUAczDhnp DF1gvmkIigEze5y1YPLgOEV5815LDiEUt8donXe0sT6JPQxSxqCRtiRNyLLpeQp1 ySkB4o7ynubw6muvuQINBFSVwosBEACrkuPgnDMtS8rgHkKQBnmO0J9hB+gEwWG1 Gx2z+RiY3E1CBoA1wd8J5eG7NSk43YxN8eTanLMSclylEkvMNsXqyfZLEZluc8MQ G01Zf//1a3edQjbUodN0gqc+FqD0A5zlddWk3Bmd9DbJAbvf8EoUXVPo/w2hCLbk 8zPiRyc+F6FSNy/zPU2PRLwtSVyjcgw/PjxFGXEBrVMY4UnymwrHrwt/RG45pLg0 toDzuWo7IQU2Yi8prNAZOwACn1eQ5/5mg8+BXT7/6N1l6U2LTl0cXTo7+dI6sfaE x1hsIYElZr0Cvt9yvYvNyFs2YPbw72QbBFz2Plm66afvgLxDB2t1Bcm2Dpy/3HXN IoeTAHmaY99FHSbg2DRDrLYfbNgwqq1DzKH/Y6oRDrv1XsLvePUPH07ANmLHMzBi Fdds1SF38eLBbiIZPMya/yUlD4OLr9YI7pcgnkuPWD2doaJSHYstW9kYxMdKitm1 kuG9w+Lsmc/w/lBOmfTPdKHVk18WJ+YOpUnBAiRtZx6G5+w3fZoWBuTcDTApTc2e 1Ft3NzTo3L0YTa7nwfoyMb4Fb5UC64yqsOwsdBEZ+xQP30LpgXiI6rtP4s8rjgl2 AFWkk/7ZAGNTkmqzz1raLTsGsYkoAnb45Cd6i6ybBO6fNgBmSIcErqBKZ0LrS/JG GP+TZVz6CQARAQABiQRBBBgBAgIrBQJUlcKMBRsMwV0gBBkBCAAGBQJUlcKL AAoJEOGlq33byCc5m94P+QFKjaH5zCaqxX11iFkNoKllokXf+1183TcLwuRFdCDY wgiyIbinPzUa2azqrU96qBG2+ouepGWpWuQnTGiurE9rnIXbEbubI/qTaWixaXbv in4yJa71WN6Daq+pZQuK933twEEb7YBlWFdPglBSOg/osvGXGqQxBcAPJ6vYRh6c o8gozEOopJgNkgYx1CPOJB6GI7+nxXXKv8Djek1Mxl5nmpqz89mG/I7ZDhXlg688 AHgVi0ro8qqtFF9c5DHGL0Ihda97me7aPkxmBt6J6HvYHc/RnCbzqZDpIfgylmEb 3sJ/wX8FVLbt5XxnB2RVwXFVguW7VAmPH/lSkNmY73uUFPWvXtuH+Q6TWaBgkgMU eCBC6AXiep8I6U9BKhJW1aZXUNA7mlb5jrYUf/nLB/lsadOfAHTXMiVg4X0FtlJA Z2Tsm/40AQLa8mzwrTzXIY5a4piYAVK1WNz3beBRdhBETSick9+rrp6nVeK7p2p7 cNK2lhVGx4uJ885Lr/5hH/3fvefnZUFCCYRcV/6yUzdrh4X4dKsFMCdg4OTD0RB5 kvcaCtjCahyLBJcw9sWC9o5XEO5ONz38ASMF3G3Fpcbj4/YL5WfYDG6iW2Dqlruz
Re: [tor-talk] All I Want For X-mas: TorPhone
yep, eventually it could be implemented a trick that vecna used in SniffJoke and i reimplemented some years ago in Janus: https://github.com/evilaliv3/janus this way nathan things can be done really more in a transparent way. fqrouter used it on android phones with success in past reimplementing janus concepy in python: https://gist.github.com/fqrouter/5083321 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
It's CHRISTmas you jerk, not xmas stop that insulting nonsense already -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
The X in Xmas derives from the Greek letter Chi, which stands for Christ. This usage dates back at least to the Middle Ages. -V On Friday, December 26, 2014, m mgw...@gmail.com wrote: It's CHRISTmas you jerk, not xmas stop that insulting nonsense already -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
I'd hope so, in which case I'd retract the admonishment. but, who speaks greek these days, and why would you, when it's only 5 more letters... On 12/26/2014 03:19 AM, Virgil Griffith wrote: The X in Xmas derives from the Greek letter Chi, which stands for Christ. This usage dates back at least to the Middle Ages. -V On Friday, December 26, 2014, m mgw...@gmail.com wrote: It's CHRISTmas you jerk, not xmas stop that insulting nonsense already -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
http://en.wikipedia.org/wiki/Xmas http://en.m.wikipedia.org/wiki/Xmas# -V On Friday, December 26, 2014, m mgw...@gmail.com wrote: I'd hope so, in which case I'd retract the admonishment. but, who speaks greek these days, and why would you, when it's only 5 more letters... On 12/26/2014 03:19 AM, Virgil Griffith wrote: The X in Xmas derives from the Greek letter Chi, which stands for Christ. This usage dates back at least to the Middle Ages. -V On Friday, December 26, 2014, m mgw...@gmail.com wrote: It's CHRISTmas you jerk, not xmas stop that insulting nonsense already -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
Early use of Xmas includes Bernard Ward's /History of St. Edmund's college, Old Hall/ adopt an anti-Christ Jews' traditional reference to Christmas? no, bad idea. just spell it correctly, or don't use it at all, if you don't mind. On 12/26/2014 03:32 AM, Virgil Griffith wrote: http://en.wikipedia.org/wiki/Xmas http://en.m.wikipedia.org/wiki/Xmas# -V On Friday, December 26, 2014, m mgw...@gmail.com wrote: I'd hope so, in which case I'd retract the admonishment. but, who speaks greek these days, and why would you, when it's only 5 more letters... On 12/26/2014 03:19 AM, Virgil Griffith wrote: The X in Xmas derives from the Greek letter Chi, which stands for Christ. This usage dates back at least to the Middle Ages. -V On Friday, December 26, 2014, m mgw...@gmail.com wrote: It's CHRISTmas you jerk, not xmas stop that insulting nonsense already -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
Early use of Xmas includes Bernard Ward's /History of St. Edmund's college, Old Hall/ adopt an anti-Christ Jews' traditional reference to Christmas? no, bad idea. First of all: You write like a fag and your shits all retarded[1] Secondly: I prefer just to see Tor-related information when I open the mailing list folder, please stay on topic. As an atheist I find religious debates as stupid as I see _all_ religions. [1] https://www.youtube.com/watch?v=rRQijskAMp4 signature.asc Description: PGP signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] All I Want For X-mas: TorPhone
Awesome! Though a tablet could work, I am more for a more pocket-sized mobile device. Also, Seth, thanks for the more in-depth concern regarding the WiFi MAC address and guard nodes, however, though I am all for people knowing how their devices work and why, the details of that kind of stuff is a bit over my head, even if I know what they are. The Blackphone and the Jolla are definitely not all they are cracked up to be, but I was unaware of the Open Handset Alliance terms. It doesn't, from my perspective, break the ecosystem of Android applications, just Google's, which are broken by design; no loss there. But if the API is tied to Google applications and not to Android applications, I can see the issue. Ubuntu is also broken, in that you need to be a developer/engineer to do much of anything, at least that has been my experience, as well as the experience of other [Mac] users, with 13.x. Though ditching the Oracle stuff seems like a plus. But do people have absolute control, or is it mitigated by providers/manufacturers? Replicant, though still Android, could be an option since some devices are now supporting WiFi, though they are mostly Samsung and Google :( Though there is still that huge laborious learning curve. Where does this fit into the OHA terms? I know Cyanogen is all Googled up. Thanks, Alexis, for the insight. Definitely a need for TorPhone. ***Side note: Sorry if my title caused some issues. Awesome, SpencerOne -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
spencer...@openmailbox.org said: With all of the great development happening around the Tor network this holiday season, it seems fitting to ask for something that would help me out tremendously: TorPhone. I propose, and please point me in the correct direction if I am overlooking something that already exists, a bare-bones WiFi-only mobile device. Did you see the Tor Blog post Mission Impossible: Hardening Android for Security and Privacy? https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy Perhaps Mike Perry, or others who have tried it, can let us know how the project is progressing? The last comment was posted back in August and the updated blog doesn't show when it was last updated. It would be nice if the changelog showed some dates. And a related question, how does one tunnel UDP through TCP or Tor? And all I wanted for Xmas was a Tor Tshirt... My relay node has made the 500KBs avg for two months and I was hoping I would have heard something about the Tshirt being on it's way... 423.44 kB/s avg for three months and by my simple calculation 333 kBs (500x3/2) should have averaged 500 kBs for two months, or am I being too numerate? https://globe.torproject.org/#/relay/1FAFE871D920CA043DCD761E8DF434BD818688B1 Happy New Year! Chuck -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
spencer...@openmailbox.org writes: Awesome! Though a tablet could work, I am more for a more pocket-sized mobile device. Also, Seth, thanks for the more in-depth concern regarding the WiFi MAC address and guard nodes, however, though I am all for people knowing how their devices work and why, the details of that kind of stuff is a bit over my head, even if I know what they are. Hi Spencer, The MAC address, at least, is a very important issue if you actually want users to have location privacy with the device. One of the most important ways that governments and companies track physical locations today is by recognizing individual devices as they connect to networks (or, with some versions of some technologies, when the devices announce themselves while searching for networks). If the device itself has a recognizable physical address that a network operator or just someone listening with an antenna can notice, that is a tracking mechanism -- and not a theoretical tracking mechanism but one that's been reduced to practice by advertisers, hotspot operators, and governments. Depending on what kind of privacy you're looking for, using Tor in this scenario might not help much, because other people can still tell where you are (at least a particular device!), and, depending on the scope of the trackers' view of things, may be able to go on to make a connection between your device using Tor today over here and your device using Tor next week over there. In that case, the users of such devices don't get the level of blending-into-a-crowd they might expect. One privacy property you might want as a user of such a device is that when you get online from a particular network, other people on that network don't know it's you, but just see that some non-specific user of the TorPhone is now on the network. Without solving the MAC address issue, and possibly some other related issues, you won't get that property, even if the device is totally great in other ways. The guard nodes historically may have constituted a similar problem (oh, it's the Tor user who likes to go through nodes x, y, and z, not the other Tor user who likes to go through w, x, and y, or the other other Tor user who likes to go through p, q, and x). A more general point is that someone who's trying to track you may use _any_ available observable thing about you, your devices, your behavior, and so on. That's why really making users less distinguishable calls for a lot of careful thinking and a lot of hard work, like in https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability If you're talking about making a whole device like a phone, a lot of that process has to be repeated, over and over again, to have a hope of getting really strong privacy properties. (Some people trying to make Tor-centric operating systems like Whonix and Tails have definitely been thinking about these problems at the operating system level, but they're currently targeting laptops rather than phones. And yes, they do worry about the wifi MAC address!) -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
random MAC, Device Name, Serial # and IMEI ? 2014-12-27 8:09 GMT+08:00 Seth David Schoen sch...@eff.org: spencer...@openmailbox.org writes: Awesome! Though a tablet could work, I am more for a more pocket-sized mobile device. Also, Seth, thanks for the more in-depth concern regarding the WiFi MAC address and guard nodes, however, though I am all for people knowing how their devices work and why, the details of that kind of stuff is a bit over my head, even if I know what they are. Hi Spencer, The MAC address, at least, is a very important issue if you actually want users to have location privacy with the device. One of the most important ways that governments and companies track physical locations today is by recognizing individual devices as they connect to networks (or, with some versions of some technologies, when the devices announce themselves while searching for networks). If the device itself has a recognizable physical address that a network operator or just someone listening with an antenna can notice, that is a tracking mechanism -- and not a theoretical tracking mechanism but one that's been reduced to practice by advertisers, hotspot operators, and governments. Depending on what kind of privacy you're looking for, using Tor in this scenario might not help much, because other people can still tell where you are (at least a particular device!), and, depending on the scope of the trackers' view of things, may be able to go on to make a connection between your device using Tor today over here and your device using Tor next week over there. In that case, the users of such devices don't get the level of blending-into-a-crowd they might expect. One privacy property you might want as a user of such a device is that when you get online from a particular network, other people on that network don't know it's you, but just see that some non-specific user of the TorPhone is now on the network. Without solving the MAC address issue, and possibly some other related issues, you won't get that property, even if the device is totally great in other ways. The guard nodes historically may have constituted a similar problem (oh, it's the Tor user who likes to go through nodes x, y, and z, not the other Tor user who likes to go through w, x, and y, or the other other Tor user who likes to go through p, q, and x). A more general point is that someone who's trying to track you may use _any_ available observable thing about you, your devices, your behavior, and so on. That's why really making users less distinguishable calls for a lot of careful thinking and a lot of hard work, like in https://www.torproject.org/projects/torbrowser/design/#fingerprinting-linkability If you're talking about making a whole device like a phone, a lot of that process has to be repeated, over and over again, to have a hope of getting really strong privacy properties. (Some people trying to make Tor-centric operating systems like Whonix and Tails have definitely been thinking about these problems at the operating system level, but they're currently targeting laptops rather than phones. And yes, they do worry about the wifi MAC address!) -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] All I Want For X-mas: TorPhone
Awesome, Thanks for the link, Chuck! Unfortunately, at least for me, that approach isn't sufficient, as it requires one of the most broken devices ever regarding basic functionality and still allows Google services, even if disabled. Not to mention the learning curve. Not that I am against learning or working for my goal but I have tried similar things in the past and, in comparison, having no device is just so much better. Though I hope you get a TShirt :) I have been working on a few, though none are good enough to share, yet. Seth, thanks a bunch for the super duper in-depth insight. I feel you on the MAC address IDing, as I have always hated my ISP being able to see every device on my private home and business networks. I have been wishing for a TorBlock device that would allow my ISP to see my modem, or modem/router combo, only, while giving a big ol' Fuck You to any request to see other connected devices, unless, that is, I choose to allow specific device access for troubleshooting. Whether it is a separate, and very small, box that middlemans between the modem and the WiFi router, or is ware firmed into the modem/router combo. But are you saying that even though my IP is obfuscated my device WiFi ID is still visible? Maybe other people is unclear. Or, maybe I thought I understood something I actually do not, which is seeming to be the case. Maybe, in addition to the awesomeness that is Atlas, at least what's in the TorButton in TorBrowser-4.5-Alpha-2, we have a greater visualization of things. More specifically, exactly what each node, and maybe the final destination, sees. This could help, in addition to addressing the guard node issues in some way, assist TorBrowser users in changing their habits, or at least know what habits could lead to certain levels of fingerprinting. I wasn't aware of Whonix, so thanks, but TAILS seems to have a mobile device option if you throw it on an SD card, though it appears to require plugging into a laptop, but I might be mistaken. Tough challenges for sure. Awesome, SpencerOne -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] All I Want For X-mas: TorPhone
Hello everybody, With all of the great development happening around the Tor network this holiday season, it seems fitting to ask for something that would help me out tremendously: TorPhone. We have a great back-end network, a sweet browser for most platforms [f/iOS WP], and a kick-ass portable OS, just to name a few. However, these do not necessarily meet my needs, and I presume the needs of many others, when on the road, which I am always on. I propose, and please point me in the correct direction if I am overlooking something that already exists, a bare-bones WiFi-only mobile device. Ideally it would run an open OS tied to an open organization and come with nothing installed on it except for a mobile version of TorBrowser. The best example I can think of now is a forked version of Android with Orweb/bot installed. Other applications could be installed at the discretion of the human, like F-Droid and whatnot, presuming they meet the security ethics of the network. I could take most any Android device and only use WiFi but most offerings are through a cellular service provider on a WiFi-only SIM. I could also just avoid using a cellular SIM altogether but the devices still come preloaded with all kinds of stuff that do things I don't want them to, like tracking and reporting, most of which can only be disabled, not uninstalled, at least not by me. I could also throw an Android alternative on it but in most cases that requires entering into a contract with the manufacturer regarding the now unlocked bootloader, let alone the learning curve of actually doing so. And I could get a device that comes without a locked bootloader like a Jolla running Sailfish or a OnePlus running CyanogenMod, though they are also quite tied to either a manufacturer or a provider, or both. If Android isn't the best option, what is? Knowing very little about compiling or securing software, like most people, this out of the box experience seems quite valuable. If this is a reasonable request, and if this is the right place to make such a request, I am all aboard with assisting development in anyway that I can; form development, mechanical engineering, interface, experience, packaging, whatever...I just want to see a truly usable mobile device in my hand, and the hands of others. Any thoughts? Happy Holidays! Awesome, SpencerOne -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
spencer...@openmailbox.org writes: Ideally it would run an open OS tied to an open organization and come with nothing installed on it except for a mobile version of TorBrowser. The best example I can think of now is a forked version of Android with Orweb/bot installed. Other applications could be installed at the discretion of the human, like F-Droid and whatnot, presuming they meet the security ethics of the network. There might already be a tablet out there somewhere that's suitable for conversion to meet some of these suggestions (since there have been plenty of them with no GSM interface at all). One thing to investigate is whether the wifi MAC address can be changed and how persistent the changes are. I'm also wondering if some of the Tor developers could give an update on the issue about identifying people from their guard node selection as they roam from one network to another. Was that a motivation for the decision to reduce the number of guard nodes, and has that change happened yet? Does someone have an estimate of the anonymity set size if you notice that a mobile Tor user is using a particular guard node? -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] All I Want For X-mas: TorPhone
Petition the blackphone people for this. If they are willing to fund it certainly possible to get it done. -V On Thu, Dec 25, 2014 at 2:47 AM, spencer...@openmailbox.org wrote: Hello everybody, With all of the great development happening around the Tor network this holiday season, it seems fitting to ask for something that would help me out tremendously: TorPhone. We have a great back-end network, a sweet browser for most platforms [f/iOS WP], and a kick-ass portable OS, just to name a few. However, these do not necessarily meet my needs, and I presume the needs of many others, when on the road, which I am always on. I propose, and please point me in the correct direction if I am overlooking something that already exists, a bare-bones WiFi-only mobile device. Ideally it would run an open OS tied to an open organization and come with nothing installed on it except for a mobile version of TorBrowser. The best example I can think of now is a forked version of Android with Orweb/bot installed. Other applications could be installed at the discretion of the human, like F-Droid and whatnot, presuming they meet the security ethics of the network. I could take most any Android device and only use WiFi but most offerings are through a cellular service provider on a WiFi-only SIM. I could also just avoid using a cellular SIM altogether but the devices still come preloaded with all kinds of stuff that do things I don't want them to, like tracking and reporting, most of which can only be disabled, not uninstalled, at least not by me. I could also throw an Android alternative on it but in most cases that requires entering into a contract with the manufacturer regarding the now unlocked bootloader, let alone the learning curve of actually doing so. And I could get a device that comes without a locked bootloader like a Jolla running Sailfish or a OnePlus running CyanogenMod, though they are also quite tied to either a manufacturer or a provider, or both. If Android isn't the best option, what is? Knowing very little about compiling or securing software, like most people, this out of the box experience seems quite valuable. If this is a reasonable request, and if this is the right place to make such a request, I am all aboard with assisting development in anyway that I can; form development, mechanical engineering, interface, experience, packaging, whatever...I just want to see a truly usable mobile device in my hand, and the hands of others. Any thoughts? Happy Holidays! Awesome, SpencerOne -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk