Re: [tor-talk] FBI cracked Tor security

[Spencer]

Hi,



Mirimir:
Why do trusting users get blamed?



Victim blaming XD

Wordlife,
Spencer



--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/25/2016 07:31 PM, Tempest wrote:
> Jonathan Wilkes:
>> And here we have a respondent who does a complete 180 on the 
>> constraints. Claiming that "mum" just needs to "invest the time"
>> is to do exactly the opposite of what Haroon was implying.  Now
>> it's not the software that should change, but "mum's"
>> priorities!
> 
> it's neither. it's the reality of the current situation. operating
> an automobile is a simple example. one can drive based on what's
> there. or one can learn best practices first. saying "it should be
> easier" doesn't change the fact that i isn't, nor the fact that one
> can learn to do it well.

Continuing this example, consider how Tor Project promotes Tor
browser. Look at the front page. Imagine if Tesla were promoting
Autopilot as irresponsibly, without clear warnings about limitations.
There would be outrage, no? Why not about Tor? Why do trusting users
get blamed?

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXlxZ1AAoJEGINZVEXwuQ+AX0H/2Toia/O4ySfPLyqE3EaBha4
zPqKELlW5cWrllTZD5YifdtdPcb94ypmGcgbQ5rSnirgG5fKiXCHZrmQCFHUza6R
SMlAUx5lBgQv8OXOBO1vICwHPO64s1x0/uaM/uoItJvXe5YKe6aQGoHRs1sK9vLf
k8sU2OOParodKJR6dR1HdlhhUc74JG4qAG9Wu/CPo3939Fc8Mb1hiKlF81y2uraK
ZRiuZyRg+x4YZofWSl1GV8UVSOI++zNwYeX3t8IkMGC3hFUHk8C7u7FOragb8/ez
nqkQOoQCyeCUED6H2Zc1x2nAXWwZpW1Pn65mP7X2TFqvGGdqVz9fhGm8wlkAAuI=
=wK2R
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Tempest]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Jonathan Wilkes:
> And here we have a respondent who does a complete 180 on the
> constraints. Claiming that "mum" just needs to "invest the time" is
> to do exactly the opposite of what Haroon was implying.  Now it's
> not the software that should change, but "mum's" priorities!

it's neither. it's the reality of the current situation. operating an
automobile is a simple example. one can drive based on what's there.
or one can learn best practices first. saying "it should be easier"
doesn't change the fact that i isn't, nor the fact that one can learn
to do it well.

- -- 
gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJXlr2DXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2M0M0RTEwNkFDNkE1RjJGRERCMjM4NDAy
QTQ5NTc4QTcyOTFCQjM0AAoJECpJV4pykbs0NSEP/icPXT3yWhY72L5CDi3Obo12
gtuoKqMXMt3wUU7oL8w1S5isqzmKGnaJy1hk+1Ve6jcb6o2nNvUxj12aP8QQpynh
mPwFdv0qMRJUZGiAhaa3E7r8xTryoVbdW7bv3wGLmQIH8Z44pQhle0sAt4R3qndl
oiIwO7BNeqV1mermc0sAz2CXAy4gPQ9TJQx93JNNusMtsrA1ZTfX/K/PYPGkOFUe
rCJ4czqp/+vWvqNzDBtGRnfiOohMJEzXKPR0ZfOCH6G6q8R9Wq9CVmxF1Jkr2l8j
GwliVR1RkFdE5sc3rCO1vq25qPgxScDeJdlftXNyq1jo4VI7aC4/3u4XBjcEJg7W
jtrxnnQCrYyBtge6CfvCx6/4/rdpRdU0r5j3I17Z6MtFohxkN6uIVlhsCOE8c4fL
S2D61bUJRlf59oNuN3ldYw67iHpbxTO1lnwCtjCwoVttnfe80OuM7ilGilUajCUD
UqomGH+GrT3Cau1FScno+qIPHQkGD3cuTKIA/r2q9SOADU1yo7Ejuw/Fcr8b+q2B
oe/GMougz8AvpwS0BzIcwlHR6NsBU5hjc9vSCCUbUA/uTqMCTXqKXtWjUJ8D0qAm
+WZBxrOK801Ypz2aq21r1UVsVHkmW4K21OK8gPfqApgyAg68EFQ5hTq33j759lOK
3k8QJMhIKT7/SpWQdGq5
=5QcS
-END PGP SIGNATURE-

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Flipchan]

Hello , i have exposed some pedofiles (i helped friends trace em) and in my 
experience pedofiles doesnt have much security, in 4/5cases i got them to go in 
to a website i owned and they did that and i loged ip hostname etc and only one 
use a vpn, anyhow like alot of ppl is saying the server must been hacked by them

Jonathan Wilkes  skrev: (22 juli 2016 17:35:50 CEST)
>> However, if one's mum is willing to invest the time, they'll more
>than
>likely install the system successfully.
>
>
>Jon,If Haroon's simplification were to make sense to an audience of
>people who 
>aren't UX experts, it would be trivial to understand the constraints. 
>For 
>example, if I say, "explain like I'm five" and my audience uses simple
>sentence 
>structure and/or pithy metaphors, then I was understood.  If instead
>they talk in a 
>condescending tone and try to persuade me not to throw a tantrum, I
>wasn't 
>understood.
>
>At the very least, the question, "can my mum use this software?" has
>the 
>constraint that "mum" is immutable-- her skills are what they are, 
>and her time is limited.  The upshot is that the software, on the other
>hand, 
>is mutable.  We love "mum" and want her to use our software.  If we
>imagine 
>she isn't able to use it then it's the software that should change to
>correct that.  
>
>And here we have a respondent who does a complete 180 on the
>constraints.  
>Claiming that "mum" just needs to "invest the time" is to do exactly 
>the opposite of what Haroon was implying.  Now it's not the software
>that 
>should change, but "mum's" priorities!
>So please show this thread to Haroon as a hopefully final nail in the
>coffin 
>of the
>"design-for-that-poor-little-older-or-younger-lady-that-you-love" 
>trope.  The intended audience clearly _not_ understand it. 
>But unlike everyone else who keeps repeating that trope, I have
>complete 
>faith that a UX expert will know what to do when faced with this data.
>Best,Jonathan
>  
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jonathan Wilkes]

> However, if one's mum is willing to invest the time, they'll more than
likely install the system successfully.


Jon,If Haroon's simplification were to make sense to an audience of people who 
aren't UX experts, it would be trivial to understand the constraints.  For 
example, if I say, "explain like I'm five" and my audience uses simple sentence 
structure and/or pithy metaphors, then I was understood.  If instead they talk 
in a 
condescending tone and try to persuade me not to throw a tantrum, I wasn't 
understood.

At the very least, the question, "can my mum use this software?" has the 
constraint that "mum" is immutable-- her skills are what they are, 
and her time is limited.  The upshot is that the software, on the other hand, 
is mutable.  We love "mum" and want her to use our software.  If we imagine 
she isn't able to use it then it's the software that should change to correct 
that.  

And here we have a respondent who does a complete 180 on the constraints.  
Claiming that "mum" just needs to "invest the time" is to do exactly 
the opposite of what Haroon was implying.  Now it's not the software that 
should change, but "mum's" priorities!
So please show this thread to Haroon as a hopefully final nail in the coffin 
of the "design-for-that-poor-little-older-or-younger-lady-that-you-love" 
trope.  The intended audience clearly _not_ understand it. 
But unlike everyone else who keeps repeating that trope, I have complete 
faith that a UX expert will know what to do when faced with this data.
Best,Jonathan
  
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[grarpamp]

On 7/19/16, Mirimir  wrote:
> I doubt that they hire anons :(

US IRS rules prevent that to such degree that any btc anons get
beyond trivial limits will not be coming from the audited corporate
wallet. While tor may be hodling legacy btc, donations are currently
going via bitpay probably set to convert it all straight to usd with
no holdback. Nor does tor corp have any real need for anons. And
even if the board welcomed anons philosophically, lawyers would
probably block it citing risk, liability, and other scary stuff.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Tempest]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Jon Tullett:
> It is, you know. More complex, and probably not suitable.
> 
> Haroon Meer, who I greatly respect in the security space, describes
> UX complexity in terms of his mum. As in, "could my mum do this?"
> and if the answer is no, it's too complex for the average user. I
> like that.

while i'm entirely sympathetic to the "ease of use argument, i'd also
like to see setups like whonix mentioned. perhaps i'll give it a try
myself. for basic threat scenarios, it should be able to do a
comparison table on a web pageof what tor based tools are out there
and may be more desirable than just the browser (tails, whonix,
qubes+whonix, etc.).

as for the point about the mum, there is a long guide up at
http://yuxv6qujajqvmypv.onion that walks more novice/unexperienced
users towards a process of installing debian and whonix. it is
certainly not a "fast" process and is more complex than tbb alone.
However, if one's mum is willing to invest the time, they'll more than
likely install the system successfully.

> Because of that, I don't think it's possible, much less desirable,
> to describe the entire spectrum of use-cases. And even less
> possible to actually document the toolset appropriate for every
> point.

it doesn't have to be "all of them." but a few more details based on
experiences common enough to have been regularly covered by the media
certainly would not hurt.

> The key question to you, as someone advocating that specific
> toolset, would be: for what type of user is VirtualBox+Whonix the
> optimum solution, and how would Joe Random identify if he is that
> sort of user?

fairly simple actually. it's for anonymity focussed users who want to
add extra layers of protection against ip leaks while moderately
shrinking the attack surface for a persistent malware infection (if
configured correctly).  if one is simply using the browser to get
around a firewall and doesn't need the anonymity, probably not needed.

- -- 
gpg key - 0x2A49578A7291BB34
fingerprint - 63C4 E106 AC6A 5F2F DDB2 3840 2A49 578A 7291 BB34
-BEGIN PGP SIGNATURE-

iQJ8BAEBCgBmBQJXjin7XxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2M0M0RTEwNkFDNkE1RjJGRERCMjM4NDAy
QTQ5NTc4QTcyOTFCQjM0AAoJECpJV4pykbs0l8UP/j3hVqE8QJNQ9SVd8wy0A2tn
t9901tKBxQU9UMqpiNYvLILxCAKNWXFK7qOLayGjrAWshUtkmgRSItqf5wXqV00O
vNzj60M9d08wOfXidbc68tXFU6HRYxNcqKU8ihRQeJQPsQKur/GtnB1NmeLJQ/iS
dy31u+IMtKxx5P/O5Jd8ImAWRXX4HPB+Zf0LQYp2TIOxs43DtrTE/FIpU9W3/SnT
bLKfwurT4cbQKdnbDqPzWEiZsPhf8S+3/5Oje4SAKs3ijpnAq5U3ndoES1cDReoP
Xy1YfUY//tpWncdyY/q1hmG6Yt+FOgAiVAsXI12HcMclKekdMJO8WwEraWKzm+Kt
YCI9SgcLy/8nFkKZSL2vAhwX3aoZ7sy2sgvE+v+8+QGMafG9AZBma3+lkv+oRhSh
3xEQWuqO4mqo86SCRGxEgov8JbUsgluE6ZBAaHY1XihzO/eBtDCL+1hdJspdWite
7qHua6CqfbI+sWmlvX04Pm1li3Xlfe7q7oewHWGnU5d0DK9srhXIXHXjkAXSNzwe
VOiosp0PZWAOAyKZF7rjC6XEnqhy0LuDO41MQWznOFw8ZZBl4TNiNni92qvVmqmp
KGwDZFZ3DbqDE+EBh2qSJTKV1/RF4Al/h1dZU5dFytc5HOUBfFRGzRYf0yITB8kg
RtpQ7/Fn5fV3N3/xYd2y
=BmJ7
-END PGP SIGNATURE-

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/19/2016 04:18 AM, Jon Tullett wrote:
> On 19 July 2016 at 12:01, Mirimir  wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>> 
>> On 07/19/2016 03:50 AM, Jon Tullett wrote:
>>> On 19 July 2016 at 08:31, Mirimir  wrote:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
 
 On 07/18/2016 07:08 PM, Jon Tullett wrote:
> On 18 July 2016 at 16:17, Mirimir 
> wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>> 
>> A few years ago, I wrote 
>> .
>
>
>> 
Have you updated it to account for subverted VPN providers?
> Advising people to use VPNs which may have been subject to 
> national security letters is arguably bad.
 
 Which VPNs have received NSLs?
>>> 
>>> I take it that's a no, then?
>> 
>> I account for it by distributing trust, just as Tor does.
> 
> But your guide does not. It doesn't even mention them. Why are you 
> concealing the truth from users?!?11

This gets at the trust issue:

| Using VPN services obscures online activity from local observers,
| and it also obscures location and identity from remote observers
| on the Internet. However, users are entirely vulnerable to
| betrayal by the VPN provider. With a second VPN service tunneled
| through the first, trust has been distributed, in that compromise
| would require collusion between the two providers.

That comes pretty close, I think. NSLs are really irrelevant in risk
assessment. Because NSL or not, you have no way to know who you can
trust. So you can't trust anyone.

> The point I'm trying to make is that you can't cover every base.
> Too often, attempts to do so just end up with unusable rambling
> essays on security which no one will read and which still fail to
> cover a lot of ground. You're accusing Tor of something that you
> yourself can't avoid. That's not a criticism - just a reflection of
> reality.

Say what you will, this is misleading:

| Tor prevents people from learning your location or browsing habits.



-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXjgMTAAoJEGINZVEXwuQ+P4UH/3zyjj3FmgZTjH0Qe7pijN5s
ETxHDAK5gZoGA/8VVeYIEG3SNg2rnNSc6cvD9aW5pdebdZfirtvuwY++vVrFw3P/
y5zqt+MQAdfcPlsFmpty5qkzKAAuO37/4m6yAEAxuTkJvfCpY/ThWVFy8xXk+OeV
p2naoo5GFboRP3r4+N1nxY7DsgzwRfhkxVZQSxmPjJhEFxTvNiq2crAnvUHLrBJe
46QiWn+agldN54LxkPVasAUgd7RWirl4O+H9UhZumA2ZrBHNa4I5YYoOw28zc4Am
/G2+Kdgst3Ua8em3D6LvNmQnMAUXi7NS5tAazl5IYpQsuj1G/jfkDnUtYeTJN1s=
=+aIe
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 19 July 2016 at 12:01, Mirimir  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/19/2016 03:50 AM, Jon Tullett wrote:
>> On 19 July 2016 at 08:31, Mirimir  wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>>
>>> On 07/18/2016 07:08 PM, Jon Tullett wrote:
 On 18 July 2016 at 16:17, Mirimir  wrote:
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>
> A few years ago, I wrote
> .

 Have you updated it to account for subverted VPN providers?
 Advising people to use VPNs which may have been subject to
 national security letters is arguably bad.
>>>
>>> Which VPNs have received NSLs?
>>
>> I take it that's a no, then?
>
> I account for it by distributing trust, just as Tor does.

But your guide does not. It doesn't even mention them. Why are you
concealing the truth from users?!?11

The point I'm trying to make is that you can't cover every base. Too
often, attempts to do so just end up with unusable rambling essays on
security which no one will read and which still fail to cover a lot of
ground. You're accusing Tor of something that you yourself can't
avoid. That's not a criticism - just a reflection of reality.


>> Point being, not only do we now know which operators have received
>> letters, we _can't_ know. The first rule of NSL club is you don't
>> talk about NSL club. I have yet to see much evidence that warrant
>> canaries help. And that's not the only risk; operators can be
>> coerced, hacked, suborned, or otherwise compromised. Belgacom, for
>> example.
>
> What Tor relays have received NSLs?

Which part of "we can't know" wasn't clear? We don't know - can't know
- which relays are compromised, but we have to assume that at least
some are (MIT et al). Ditto for exit nodes. Again, don't fixate on
NSLs. That's one form of compromise but there are many more. The only
safe assumption is that the environment is hostile - just how hostile
and what is a reasonable response will vary from one user to the next.


>> We mitigate that by layering services, but that's back to the
>> question of how complex an environment suits your risk profile. Not
>> everyone has the same nut; not everyone needs the same size
>> hammer.
>
> The NSA is a pretty big nutcracker ;)

The threat of the NSA is not evenly spread, and does not warrant
identical countermeasures. Some people aren't concerned at all. Some
are concerned about privacy in a theoretical way and use Tor because
they have a vague sense that it's messing with The Man. Some are
active targets and know they need to substantially strengthen their
opsec, and will use Tor as part of a much broader toolset. Different
strokes for different folks, and the advice I'd give them would be
very different in each case.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/19/2016 03:50 AM, Jon Tullett wrote:
> On 19 July 2016 at 08:31, Mirimir  wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>> 
>> On 07/18/2016 07:08 PM, Jon Tullett wrote:
>>> On 18 July 2016 at 16:17, Mirimir  wrote:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
> 
 A few years ago, I wrote 
 .
>>> 
>>> Have you updated it to account for subverted VPN providers? 
>>> Advising people to use VPNs which may have been subject to
>>> national security letters is arguably bad.
>> 
>> Which VPNs have received NSLs?
> 
> I take it that's a no, then?

I account for it by distributing trust, just as Tor does.

> Point being, not only do we now know which operators have received 
> letters, we _can't_ know. The first rule of NSL club is you don't
> talk about NSL club. I have yet to see much evidence that warrant
> canaries help. And that's not the only risk; operators can be
> coerced, hacked, suborned, or otherwise compromised. Belgacom, for
> example.

What Tor relays have received NSLs?

> We mitigate that by layering services, but that's back to the
> question of how complex an environment suits your risk profile. Not
> everyone has the same nut; not everyone needs the same size
> hammer.

The NSA is a pretty big nutcracker ;)

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXjfqHAAoJEGINZVEXwuQ+jfsH/j2m+GIEfHEG/Ye1mKviqiYB
2NpeeI5W/r6Zq/Bv/xoqnid+qhwtP/4BwkukXeJ2LhXHBinDKJuKJluOzqiSOqMI
7ThceELgk0ec2eiPSDNJAfH784ShDMpwZEJIJ4I6MmuPXBJ6CJFdzau0rf/M0vGT
tm2m5SfPKh66ZvtGzvoHGsyUV0p1Hu5I3H3ID+EiBbP2uqSi/mL1OXaezT5tGamu
OxczvVFo5cl3uGCJechHXq/jlTyiNrRf6YAUocitFXwXejMHpUQrvU/TlDnZqN5u
rA9Ezxg2YFZ3NltC1Owob8oEgA8/VfWhUZ5v+w9poWG8c6WgOfB4pti5Jq6TAfo=
=W8Yj
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 19 July 2016 at 08:31, Mirimir  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 07:08 PM, Jon Tullett wrote:
>> On 18 July 2016 at 16:17, Mirimir  wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1

>>> A few years ago, I wrote
>>> .
>>
>> Have you updated it to account for subverted VPN providers?
>> Advising people to use VPNs which may have been subject to national
>> security letters is arguably bad.
>
> Which VPNs have received NSLs?

I take it that's a no, then?

Point being, not only do we now know which operators have received
letters, we _can't_ know. The first rule of NSL club is you don't talk
about NSL club. I have yet to see much evidence that warrant canaries
help. And that's not the only risk; operators can be coerced, hacked,
suborned, or otherwise compromised. Belgacom, for example.

We mitigate that by layering services, but that's back to the question
of how complex an environment suits your risk profile. Not everyone
has the same nut; not everyone needs the same size hammer.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[grarpamp]

On 7/19/16, Mirimir  wrote:
> Well, given what we know of TLA capabilities, what Tor Project says at
>  is tantamount to false advertising:
>
> | Anonymity Online
> |
> | Protect your privacy. Defend yourself against network surveillance
> | and traffic analysis.
...
> | Tor prevents people from learning your location or browsing habits.

I never liked those statements. I don't expect the user to know
why I or we don't, that takes an investment. But at least give
them a damn link right there alongside them that says
"Learn about the limitations of Tor" or something similar,
out to a nice open wiki page on the subject so they can start.
Not just "Learn more about Tor" out to an overview containing
a tiny "staying anonymous" section with no links, docs or
text to further support itself.
Even in there "fast enough for web browsing" is a bad qualifier.

Creating concise correct current text that holds up to parsing
is work, and there are degrees involved. But in a leading "privacy"
and "anonymity" app with certain remarked use cases beyond
surfing example.com all day, not doing so as an integrated
project component is kinda unexcusable.

> Cynical folk note that so far, the US and its allies are
> the only known global adversary. And claim that this is self-serving
> bullshit.
...
> it's becoming harder to escape the conclusion that Tor Project either
> doesn't want to mitigate this risk, or doesn't have the contractual
> freedom to do so.

Interesting to note that because former reasonably well
known and accepted decades of humanitarian investment
by some of these states has been reinvested into decades
of things like drone strikes... it makes it harder for projects
like Tor to freely make the case that their project existance
and use case is even valid for human rights and so on when
states are trending bashing those rights and their validity.

Right of anonymity and privacy, let alone legal and technical
extant versions of same, seems a very tenuous thing. And the
latter especially, is not something you can just brush on a
frontpage and say it exists.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/19/2016 12:02 AM, grarpamp wrote:
> On 7/18/16, Mirimir  wrote:
>> Anyway, what does Tor Project gain by not mentioning Whonix?
> 
> That's a bit sideways, but in the interest of sideways eventually 
> moving forward...

I'd say "meta" rather than "sideways", but hey ;)

> 1) Funding of sorts, which spreads around, to develop TBB, a
> sizable prioject, to do decent things a browser should do,
> hopefully feeding back to Mozilla. Were certain elements of
> security left uninvestigated and just punted to Whonix+FF, well
> that's a incomplete partial approach too. If you want funds, you
> might not want to publish other partial solutions.

Well, Whonix uses stock Tor browser, with a tweak to keep it from
launching its own local tor process. It also enforces stream
separation for other apps. But the key thing here is that it prevents
proxy bypass.

> Securing the browser and browser meta is a fine project. And as has
> been said, it's still needed to pair the app with defense in depth
> and a known line around application land. Just remember TBB and Tor
> are not and cannot be that line.

Yes, they are for sure not that line. So why not acknowledge that?

Maybe key funders have said no to that.

> 2) Captured audience dependency. As with publishing, this is
> corporate 101. Giving someone an app is well... welcome to apps,
> and a torbox to run them on. Like iTunes on iPhone.

Right. For most, Tor browser on Windows. Pwnage waiting to happen.

But why does Tor Project care about captured audience dependency?
People using Whonix, like people using Tails, are still using Tor. And
still using stock Tor browser.

Maybe goals of key funders are driving this. Deliver lots of Tor
relays and users to hide our agents. But make sure that users can't
hide from our TLAs. That's what language in Graham's appropriations
bill says. Maybe that's been the backroom deal for years, and Tor
Project has been pushing back. One does get that sense from the leaked
IRC logs.

> Giving someone unix is like airdropping a great big box of freedom
> their way. Here, have some free beer...
> 
> https://www.freebsd.org/ https://www.openbsd.org/ 
> https://torbsd.github.io/
> 
> Or whatever it is penquins drink... https://www.whonix.org/ 
> https://www.whonix.org/wiki/Qubes https://www.qubes-os.org/
> 
> Or a fine Javanese app... https://geti2p.net/
> 
> 3) Like I said, the real reason is probably a bit more mundane... 
> nobody signed on to update the content. Tor has money, go hire
> yourself.

I doubt that they hire anons :(

But damn, I'd do it for free, if they let me :)

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXjdcZAAoJEGINZVEXwuQ+G24IAKZTOZVxidiX2qEnOokfKh1T
pg8BsXRgyMx7395mMc3WDFx16zc1Ylbh14z+YUq+1TOenO2wURjtTT9OCjCAjnOI
IL1GRXjM23QLTI0qkRCwiEB04HZsu5t1jq1sJ7F23BUX/UjSBuK1osmtK3Ve3ucb
qMTgZVIgmnWwdFkEM1l5fcDltnIYzOxF5VR0jHo5KTQ63l7E/xcNaWD/Y92yUu5C
ZLeCYgVc+KdngHhVPDzhphCeWXwrVdpwRO0zqqLiR8ijn/dW0fFA7gOfZzTI1YTw
VmVymrDWBfr6RjZ0FVeSIrvhewVRPjHIepTHwOuQQsAde5UGhtNv9lnXt+P7Rq4=
=w5Ab
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/18/2016 07:14 PM, Jon Tullett wrote:
> On 18 July 2016 at 18:15, Spencer 
> wrote:
>> Hi,
>> 
>>> 
>>> Jon Tullett: you just asked a user to conduct a risk analysis.
>>> 
>> 
>> Who else should do it, someone less contextualized to their
>> context?
> 
> Context matters. Mirimir was asking for what amounts to a very
> complex assessment measuring risk in monetary terms. Anyone who can
> do that reliably can get a very high paid job doing so. It's really
> not trivial.

I used money because it makes it real. Most people simply can't afford
to defend themselves. May I should find some examples.

> Absolutely individuals should conduct their own risk assessments.
> But not in those terms. For most consumers, security is not about
> money. Going to jail is about freedom and personal safety, not
> cash.

Ask someone who's been arrested ;)

> Even losing data is a balance between losing work (money) and
> personal items (sentimental value, not money).

How did losing data get into this? Maybe having computer gear
impounded? Or neglecting backups?

> Understanding your risk profile, for most people, actually has 
> relatively little to do with money

You can measure it however you like. The point is that, unless
prompted, people tend to discount risk.

> (though "losing all my money to phishing" is absolutely a risk to
> be considered).

Phishing is arguably no worse a risk for Tor users.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXjcxQAAoJEGINZVEXwuQ+oksH/2T4O3fU0ggM4si8V7m3RJxU
84aWEnHB4qgml+MLA4zsmNbRbogJgFkDSkARS67RoT0st2naCMMI8Be/4p2Pnvfd
AEQq4w0SKYk//c9NMfZ16SUzGSi4LzgWOzhRTygNqo2B2mBQqcpOVRwTVeDLJcMu
nVlCBdySCvlcIxlp89HYeN9xGRrclV3ZiaxSYtJzDNwtFJhbD0iV5d4Yk9T4MljV
KF6lHt48+sI+FKCwM53f3o4WmFQFbOeIelhxJ6RUSMq51s9RNdAvY8uh5dvMDGPw
msvVUF6u0axfIfuP52cKaXDFKc2q8lRhUSFkklnKbnathqkdLtMDQ6K/Tbb+G8E=
=OQ72
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/18/2016 07:08 PM, Jon Tullett wrote:
> On 18 July 2016 at 16:17, Mirimir  wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>> 
>> On 07/18/2016 07:33 AM, Jon Tullett wrote:
>>> On 18 July 2016 at 14:57, Mirimir  wrote:
 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
 
 On 07/18/2016 06:11 AM, Jon Tullett wrote:
 
> Haroon Meer, who I greatly respect in the security space, 
> describes UX complexity in terms of his mum. As in, "could
> my mum do this?" and if the answer is no, it's too complex
> for the average user. I like that.
 
 His mum probably shouldn't be using Tor.
>>> 
>>> Why not? Are you able to say with certainty that they are not
>>> at risk and shouldn't be using Tor? Sounds like a risky
>>> assumption. Not that it's applicable here, but activists'
>>> families are not uncommonly at high risk. I'd caution against
>>> assuming you know someone's risk profile better than they do.
>>> And that, in a nutshell, is why I don't think Tor should be
>>> making such an assumption in its recommendations to users in
>>> general.
>> 
>> Giving clueless folk an illusion of safety is arguably bad.
> 
> Now you're back to "sheep". Don't assume that "technically 
> inexperienced" equates to "clueless".

Well, say "technically inexperienced" if you like. In my world, we
call that "clueless". I'm more or less clueless in many areas, and am
not ashamed to admit it.

> Security theatre is generally not positive, but again, security is 
> never absolute and you will always be able to find an argument for 
> doing more, and someone who will argue that failing to do so is,
> yes, arguably bad. Everyone has to draw the line somewhere. Tor has
> done so.

Well, given what we know of TLA capabilities, what Tor Project says at
 is tantamount to false advertising:

| Anonymity Online
|
| Protect your privacy. Defend yourself against network surveillance
| and traffic analysis.

Maybe so against local adversaries. But clearly not against global
adversaries. Cynical folk note that so far, the US and its allies are
the only known global adversary. And claim that this is self-serving
bullshit.

| Tor prevents people from learning your location or browsing habits.

It for sure hasn't stopped FBI, with their honeypots that drop
malware. And I doubt that it stops NSA/GCHQ. But Tor Project just
postures about "bad FBI". They don't give naive users, who may be at
risk, even a brief heads up about proxy leakage, and how to prevent it.

Two or three years ago, even after the Freedom Hosting debacle, I was
willing to cut Tor Project some slack. But after the PlayPen attack,
it's becoming harder to escape the conclusion that Tor Project either
doesn't want to mitigate this risk, or doesn't have the contractual
freedom to do so.

> We're going in circles on this now, so this will be my last
> repetition of that particular argument. As I've said, I think we
> agree there's room for better education, but just differ on
> details.

Fair enough :)

> It's probably far more meaningful to help users understand 
> that spectrum, self-assess where they fall on it and what
> their risk profile may look like as a result, and pointers
> to resources which would align with that.
 
 That sounds good to me. Except that there's nothing on the
 Tor Project site about Whonix, and virtually nothing about 
 proxy-bypass leaks.
>>> 
>>> Why should there be mention of Whonix? It's an independent 
>>> project.
>> 
>> What about
>> ?
> 
> That's a list of projects Tor is involved with. It's interesting
> but there's no context - someone who knows they need the tool is
> already most of the way there. Helping people identify that the
> need the tool at all is the part I'm interesting in.

It's my general impression that Whonix project has been actively
rebuffed. But I have no inside knowledge.

> (snip)
>> Tails is on
>>  but not
>> Whonix. Why is that?
> 
> At a guess, it's because Tor is more actively involved in Tails
> than in Whonix. But that is just a guess. Have you asked the
> maintainers?

Yes, that does seem to be the case. But asking hasn't gotten me
anywhere. Maybe some fly on the wall will dump some evidence ;)

>>> Proxy bypass, maybe, but that's in there with all the other 
>>> potential risks, and again, Tor can't document all of them.
>> 
>> Tor Project has made a huge deal over the PlayPen pwnage.
>> Demanding that the FBI release information about its NIT. But
>> they can't be bothered to actually explain how users could have
>> been protected?
> 
> Very different issues, I think. I'm sure you disagree; I'm not
> going to debate it.

I don't disagree that they're different issues. My point is that
warning users about proxy bypass takes 

Re: [tor-talk] FBI cracked Tor security

[grarpamp]

On 7/18/16, Mirimir  wrote:
> Anyway, what does Tor Project gain by not mentioning Whonix?

That's a bit sideways, but in the interest of sideways eventually
moving forward...

1) Funding of sorts, which spreads around, to develop TBB, a sizable
prioject, to do decent things a browser should do, hopefully feeding
back to Mozilla. Were certain elements of security left uninvestigated
and just punted to Whonix+FF, well that's a incomplete partial approach
too. If you want funds, you might not want to publish other partial solutions.

Securing the browser and browser meta is a fine project.
And as has been said, it's still needed to pair the app with
defense in depth and a known line around application land.
Just remember TBB and Tor are not and cannot be that line.

2) Captured audience dependency. As with publishing,
this is corporate 101. Giving someone an app is well...
welcome to apps, and a torbox to run them on. Like
iTunes on iPhone.

Giving someone unix is like airdropping a great big box
of freedom their way. Here, have some free beer...

https://www.freebsd.org/
https://www.openbsd.org/
https://torbsd.github.io/

Or whatever it is penquins drink...
https://www.whonix.org/
https://www.whonix.org/wiki/Qubes
https://www.qubes-os.org/

Or a fine Javanese app...
https://geti2p.net/

3) Like I said, the real reason is probably a bit more mundane...
nobody signed on to update the content. Tor has money, go
hire yourself.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 18 July 2016 at 18:15, Spencer  wrote:
> Hi,
>
>>
>> Jon Tullett:
>> you just asked a user to conduct a risk analysis.
>>
>
> Who else should do it, someone less contextualized to their context?

Context matters. Mirimir was asking for what amounts to a very complex
assessment measuring risk in monetary terms. Anyone who can do that
reliably can get a very high paid job doing so. It's really not
trivial.

Absolutely individuals should conduct their own risk assessments. But
not in those terms. For most consumers, security is not about money.
Going to jail is about freedom and personal safety, not cash. Even
losing data is a balance between losing work (money) and personal
items (sentimental value, not money). Understanding your risk profile,
for most people, actually has relatively little to do with money
(though "losing all my money to phishing" is absolutely a risk to be
considered).

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 18 July 2016 at 16:17, Mirimir  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 07:33 AM, Jon Tullett wrote:
>> On 18 July 2016 at 14:57, Mirimir  wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>>
>>> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>>>
 Haroon Meer, who I greatly respect in the security space,
 describes UX complexity in terms of his mum. As in, "could my
 mum do this?" and if the answer is no, it's too complex for the
 average user. I like that.
>>>
>>> His mum probably shouldn't be using Tor.
>>
>> Why not? Are you able to say with certainty that they are not at
>> risk and shouldn't be using Tor? Sounds like a risky assumption.
>> Not that it's applicable here, but activists' families are not
>> uncommonly at high risk. I'd caution against assuming you know
>> someone's risk profile better than they do. And that, in a
>> nutshell, is why I don't think Tor should be making such an
>> assumption in its recommendations to users in general.
>
> Giving clueless folk an illusion of safety is arguably bad.

Now you're back to "sheep". Don't assume that "technically
inexperienced" equates to "clueless".

Security theatre is generally not positive, but again, security is
never absolute and you will always be able to find an argument for
doing more, and someone who will argue that failing to do so is, yes,
arguably bad. Everyone has to draw the line somewhere. Tor has done
so.

We're going in circles on this now, so this will be my last repetition
of that particular argument. As I've said, I think we agree there's
room for better education, but just differ on details.


 It's probably far more meaningful to help users understand
 that spectrum, self-assess where they fall on it and what their
 risk profile may look like as a result, and pointers to
 resources which would align with that.
>>>
>>> That sounds good to me. Except that there's nothing on the Tor
>>> Project site about Whonix, and virtually nothing about
>>> proxy-bypass leaks.
>>
>> Why should there be mention of Whonix? It's an independent
>> project.
>
> What about ?

That's a list of projects Tor is involved with. It's interesting but
there's no context - someone who knows they need the tool is already
most of the way there. Helping people identify that the need the tool
at all is the part I'm interesting in.


(snip)
> Tails is on  but
> not Whonix. Why is that?

At a guess, it's because Tor is more actively involved in Tails than
in Whonix. But that is just a guess. Have you asked the maintainers?



>> Proxy bypass, maybe, but that's in there with all the other
>> potential risks, and again, Tor can't document all of them.
>
> Tor Project has made a huge deal over the PlayPen pwnage. Demanding
> that the FBI release information about its NIT. But they can't be
> bothered to actually explain how users could have been protected?

Very different issues, I think. I'm sure you disagree; I'm not going
to debate it.


>> That's a rhetorical question - I'm sure there are pros and cons
>> either way and it could be argued at length without conclusion. I'm
>> not convinced Tor should be promoting either; same way I'm not
>> convinced Tor should be promoting any specific tools. There will
>> always be others, and they may be better suited to users depending
>> on their circumstances.
>
> Sure. Except that proxy bypass has been a major fail. Do you disagree?

Yes, I do. Systems get attacked, and are updated to thwart attacks.
Tor does this - that is not a fail, that's the normal security dev
process. Don't assume that nothing is happening - it's not like Tor is
not actively researched and developed.


> A few years ago, I wrote
> .

Have you updated it to account for subverted VPN providers? Advising
people to use VPNs which may have been subject to national security
letters is arguably bad.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Spencer]

Hi,



Jon Tullett:
you just asked a user to conduct a risk analysis.



Who else should do it, someone less contextualized to their context?



CIOs can't do an accurate risk assessment



Sux 4 them XD

Wordlife,
Spencer



--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/18/2016 07:33 AM, Jon Tullett wrote:
> On 18 July 2016 at 14:57, Mirimir  wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>> 
>> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>> 
>>> Haroon Meer, who I greatly respect in the security space,
>>> describes UX complexity in terms of his mum. As in, "could my
>>> mum do this?" and if the answer is no, it's too complex for the
>>> average user. I like that.
>> 
>> His mum probably shouldn't be using Tor.
> 
> Why not? Are you able to say with certainty that they are not at
> risk and shouldn't be using Tor? Sounds like a risky assumption.
> Not that it's applicable here, but activists' families are not
> uncommonly at high risk. I'd caution against assuming you know
> someone's risk profile better than they do. And that, in a
> nutshell, is why I don't think Tor should be making such an
> assumption in its recommendations to users in general.

Giving clueless folk an illusion of safety is arguably bad.

>>> It's probably far more meaningful to help users understand
>>> that spectrum, self-assess where they fall on it and what their
>>> risk profile may look like as a result, and pointers to
>>> resources which would align with that.
>> 
>> That sounds good to me. Except that there's nothing on the Tor
>> Project site about Whonix, and virtually nothing about
>> proxy-bypass leaks.
> 
> Why should there be mention of Whonix? It's an independent
> project.

What about ?

> Proxy bypass, maybe, but that's in there with all the other
> potential risks, and again, Tor can't document all of them.

Tor Project has made a huge deal over the PlayPen pwnage. Demanding
that the FBI release information about its NIT. But they can't be
bothered to actually explain how users could have been protected?

> I think we agree that we'd like to see more documentation, we just 
> aren't agreeing on how much more. Me, I'd like to see them
> document threats a bit more with links to discussion and solutions.
> You'd like them to be a great more specific in one particular
> direction. Ultimately, as I've said before, that balance is one the
> Tor maintainers decide, and presumably they don't do so
> arbitrarily.

It's not just "one particular direction". It's the vulnerability
that's arguably compromised the most people. Or maybe second only to
the relay early exploit, which they did patch eventually.

>>> "Just use VirtualBox and Whonix" is not meaningful advice. It's
>>> a great fit for a very specific subset of users, but many (I
>>> would guess "most") users are not in that subset, and for
>>> everyone else it'd just be some combination of confusing,
>>> overwhelming, unnecessary, or insufficient.
>> 
>> I'm not arguing that all Tor users should use Whonix. I'm arguing
>> that the Tor Project ought to mention that as an option.
> 
> Why Whonix and not Tails? Why not any other tools?

Tails is on  but
not Whonix. Why is that?

> That's a rhetorical question - I'm sure there are pros and cons
> either way and it could be argued at length without conclusion. I'm
> not convinced Tor should be promoting either; same way I'm not
> convinced Tor should be promoting any specific tools. There will
> always be others, and they may be better suited to users depending
> on their circumstances.

Sure. Except that proxy bypass has been a major fail. Do you disagree?

>>> The key question to you, as someone advocating that specific 
>>> toolset, would be: for what type of user is VirtualBox+Whonix
>>> the optimum solution, and how would Joe Random identify if he
>>> is that sort of user?
>> 
>> 1) Specify how much ones time is worth: X USD/hr.
> 
> Why is money relevant? Where do you live, that freedom and torture
> is measured in $/hr? :)

Because I'm a anarchocapitalist ;)

Make it qualitative, if you like.

>> 2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y
>> USD.
> 
> Again, why is cost the metric? It's relevant for a narrow subset
> of users in a Tor context, and a broader subset in a general
> security context, but I don't see the relevance here.
> 
> Even if it were relevant, you've just asked a potentially 
> technically-incompetent user to conduct a very complex risk
> analysis. A lot of CIOs can't do an accurate risk assessment, but
> you want Haroon's mum to do it?

It's not complex.

If there are no substantive risks, use Tor browser. If being pwned
will be a life-changing event, at least use Whonix.

>> 3) Divide Y by X to get time investment justified to avoid
>> pwnage.
> 
> 3.1. Is that a meaningful number to anyone? What does it mean? What
> is the ratio above which Whonix is the remedy for all my ills? What
> do I do if I'm below it? Does it know about exchange rates and cost
> of living? What about...you get the idea. Meaningless calculations
> give meaningless conclusions.

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 18 July 2016 at 14:57, Mirimir  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>
>> Haroon Meer, who I greatly respect in the security space, describes
>> UX complexity in terms of his mum. As in, "could my mum do this?"
>> and if the answer is no, it's too complex for the average user. I
>> like that.
>
> His mum probably shouldn't be using Tor.

Why not? Are you able to say with certainty that they are not at risk
and shouldn't be using Tor? Sounds like a risky assumption. Not that
it's applicable here, but activists' families are not uncommonly at
high risk. I'd caution against assuming you know someone's risk
profile better than they do. And that, in a nutshell, is why I don't
think Tor should be making such an assumption in its recommendations
to users in general.


>> It's probably far more meaningful to help users understand that
>> spectrum, self-assess where they fall on it and what their risk
>> profile may look like as a result, and pointers to resources which
>> would align with that.
>
> That sounds good to me. Except that there's nothing on the Tor Project
> site about Whonix, and virtually nothing about proxy-bypass leaks.

Why should there be mention of Whonix? It's an independent project.

Proxy bypass, maybe, but that's in there with all the other potential
risks, and again, Tor can't document all of them.

I think we agree that we'd like to see more documentation, we just
aren't agreeing on how much more. Me, I'd like to see them document
threats a bit more with links to discussion and solutions. You'd like
them to be a great more specific in one particular direction.
Ultimately, as I've said before, that balance is one the  Tor
maintainers decide, and presumably they don't do so arbitrarily.


>> "Just use VirtualBox and Whonix" is not meaningful advice. It's a
>> great fit for a very specific subset of users, but many (I would
>> guess "most") users are not in that subset, and for everyone else
>> it'd just be some combination of confusing, overwhelming,
>> unnecessary, or insufficient.
>
> I'm not arguing that all Tor users should use Whonix. I'm arguing that
> the Tor Project ought to mention that as an option.

Why Whonix and not Tails? Why not any other tools?

That's a rhetorical question - I'm sure there are pros and cons either
way and it could be argued at length without conclusion. I'm not
convinced Tor should be promoting either; same way I'm not convinced
Tor should be promoting any specific tools. There will always be
others, and they may be better suited to users depending on their
circumstances.


>> The key question to you, as someone advocating that specific
>> toolset, would be: for what type of user is VirtualBox+Whonix the
>> optimum solution, and how would Joe Random identify if he is that
>> sort of user?
>
> 1) Specify how much ones time is worth: X USD/hr.

Why is money relevant? Where do you live, that freedom and torture is
measured in $/hr? :)


> 2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y USD.

Again, why is cost the metric? It's relevant for a narrow subset of
users in a Tor context, and a broader subset in a general security
context, but I don't see the relevance here.

Even if it were relevant, you've just asked a potentially
technically-incompetent user to conduct a very complex risk analysis.
A lot of CIOs can't do an accurate risk assessment, but you want
Haroon's mum to do it?


> 3) Divide Y by X to get time investment justified to avoid pwnage.

3.1. Is that a meaningful number to anyone? What does it mean? What is
the ratio above which Whonix is the remedy for all my ills? What do I
do if I'm below it? Does it know about exchange rates and cost of
living? What about...you get the idea. Meaningless calculations give
meaningless conclusions.

There must be lots of better ways. For eg, I would guess that a risk
flowchart would be pretty effective. A short series of "Are you
concerned about X?" questions would easily infer a risk profile, which
would map to suggested tools and behaviours. For example: "Law
enforcement authorities are known to attack [link to explanation] Tor
users by compromising servers on the Tor network. Are you concerned
about this type of attack?"

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/18/2016 06:11 AM, Jon Tullett wrote:
> On 17 July 2016 at 05:11, Mirimir  wrote:
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>> 
>> On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
 I'm hardly asking for perfection. Just a little heads up for
 the sheep.
>>> You're unwilling to even describe non-technical users as human 
>>> beings, yet you want Tor to suggest a vastly more complex 
>>> alternative for them?
>> 
>> OK, they're naive and trusting. For which "sheep" is common
>> metaphor.
>> 
>> Running VirtualBox and Whonix is hardly "vastly more complex".
> 
> It is, you know. More complex, and probably not suitable.

More complex? Sure. But vastly so? That's debatable.

> Haroon Meer, who I greatly respect in the security space, describes
> UX complexity in terms of his mum. As in, "could my mum do this?"
> and if the answer is no, it's too complex for the average user. I
> like that.

His mum probably shouldn't be using Tor.

> Fact is, security is a spectrum. "No security consideration at all"
> is at one end of that spectrum. Tor, the TBB and the associated 
> documentation, is someway further along the spectrum, Whonix is 
> somewhat further still, but there's a lot more room beyond that.
> Even that's a gross oversimplification - "no browser security
> except NoScript" is more secure but less private than TBB in its
> default configuration.

I agree.

> Because of that, I don't think it's possible, much less desirable,
> to describe the entire spectrum of use-cases. And even less
> possible to actually document the toolset appropriate for every
> point.

I'm not calling for that.

> It's probably far more meaningful to help users understand that 
> spectrum, self-assess where they fall on it and what their risk 
> profile may look like as a result, and pointers to resources which 
> would align with that.

That sounds good to me. Except that there's nothing on the Tor Project
site about Whonix, and virtually nothing about proxy-bypass leaks.

> "Just use VirtualBox and Whonix" is not meaningful advice. It's a 
> great fit for a very specific subset of users, but many (I would
> guess "most") users are not in that subset, and for everyone else
> it'd just be some combination of confusing, overwhelming,
> unnecessary, or insufficient.

I'm not arguing that all Tor users should use Whonix. I'm arguing that
the Tor Project ought to mention that as an option.

> The key question to you, as someone advocating that specific
> toolset, would be: for what type of user is VirtualBox+Whonix the
> optimum solution, and how would Joe Random identify if he is that
> sort of user?

1) Specify how much ones time is worth: X USD/hr.
2) Estimate pwnage cost (lost income, legal fees, prison, etc): Y USD.
3) Divide Y by X to get time investment justified to avoid pwnage.

Anyway, what does Tor Project gain by not mentioning Whonix?

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXjNJMAAoJEGINZVEXwuQ+9vsIALLJepTnQQoCqFCglOZPokIm
sWPFkvUJBPRwjOR+L5l9KpjPMZDf+qfRqIJURIjd5Gn/3BXADDbNB0wYDe+HNJNI
lTHf5cO4RnMMGxADvhfmjMNxAhG6rJytkNXwa8OC3pvbw69+yHPuLc16pDzBvquY
a/QeHuAV4kjtCA/rYoTuy6ibU8UMrn1fnk4RyyWQRF3au20/XTlAOPNwtOMO0jKR
tB/i16Phey28UL+I61aCMB0wjokXvG4LAYMYQku891QTJePesLExhnFsoT7qxJHL
MYeaGh1LVwz4ozh3kZPldWryrqSoNl0SsfqM6QnT05jAR5d+YWRGSgbBHKr4A3k=
=Tnck
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 17 July 2016 at 05:11, Mirimir  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
>>> I'm hardly asking for perfection. Just a little heads up for the
>>> sheep.
>> You're unwilling to even describe non-technical users as human
>> beings, yet you want Tor to suggest a vastly more complex
>> alternative for them?
>
> OK, they're naive and trusting. For which "sheep" is common metaphor.
>
> Running VirtualBox and Whonix is hardly "vastly more complex".

It is, you know. More complex, and probably not suitable.

Haroon Meer, who I greatly respect in the security space, describes UX
complexity in terms of his mum. As in, "could my mum do this?" and if
the answer is no, it's too complex for the average user. I like that.

Fact is, security is a spectrum. "No security consideration at all" is
at one end of that spectrum. Tor, the TBB and the associated
documentation, is someway further along the spectrum, Whonix is
somewhat further still, but there's a lot more room beyond that. Even
that's a gross oversimplification - "no browser security except
NoScript" is more secure but less private than TBB in its default
configuration.

Because of that, I don't think it's possible, much less desirable, to
describe the entire spectrum of use-cases. And even less possible to
actually document the toolset appropriate for every point. It's
probably far more meaningful to help users understand that spectrum,
self-assess where they fall on it and what their risk profile may look
like as a result, and pointers to resources which would align with
that.

"Just use VirtualBox and Whonix" is not meaningful advice. It's a
great fit for a very specific subset of users, but many (I would guess
"most") users are not in that subset, and for everyone else it'd just
be some combination of confusing, overwhelming, unnecessary, or
insufficient.

The key question to you, as someone advocating that specific toolset,
would be: for what type of user is VirtualBox+Whonix the optimum
solution, and how would Joe Random identify if he is that sort of
user?

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/17/2016 09:58 AM, Jonathan Wilkes wrote:
>> OK, they're naive and trusting. For which "sheep" is common
>> metaphor.
> 
> Meaning that, for TBB, they're going to click the big "Download"
> button that probably is automatically linked to the binary for the
> OS detected by js on the Tor download page. So:1. Click the big
> "Download" button to download a 47.3 megabyte file 2. Click the
> icon to Install3. Run TBB
> 
>> Running VirtualBox and Whonix is hardly "vastly more complex".
> So:1. Click the big "Download" button on Whonix' frontpage.2. Click
> "Download" or "Virtualbox" in the row marked for Windows3. Download
> a 1.7 gigabyte file4. Download a 2.0 gigabyte file5. Realize that
> they don't have virtual box installed.6. Download 115 megabyte
> virtualbox installer for Windows.7. Install Virtualbox8. Run
> Virtualbox9. Navigate to the Whonix page that tells you what to do
> with the two big files they downloaded earlier10. Start
> virtualbox11. Import appliance12. Navigate and select Whonix
> Gateway image13. Click import, then Agree, then wait...14. Import
> applicance again 15. Select Whonix Workstation16. Start Whonix
> Gateway and Whonix Workstation17. Wait while the startup scripts
> initialize everything, then open the browser in the workstation. 
> That's two orders of magnitude more data to download, a virtual 
> machine running two OSes, and three more windows open on the
> desktop (counting TBB window itself which is nested in the
> workstation window). -Jonathan

Well, pick one of those dudes in jail, and ask whether he would have
appreciated the pointer to Whonix ;)

> On Saturday, July 16, 2016 11:11 PM, Mirimir 
> wrote:
> 
> 
> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
> 
> On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
>>> I'm hardly asking for perfection. Just a little heads up for
>>> the sheep.
>> You're unwilling to even describe non-technical users as human 
>> beings, yet you want Tor to suggest a vastly more complex 
>> alternative for them?
> 
> OK, they're naive and trusting. For which "sheep" is common
> metaphor.
> 
> Running VirtualBox and Whonix is hardly "vastly more complex".
> 
> -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux)
> 
> iQEcBAEBAgAGBQJXivdtAAoJEGINZVEXwuQ+lRUH/R/sHjOUZWZ6hcA92K8G+1A9 
> vU5xmgFaOQUczERi1NCnBWdD57EMS+ci0VTYwRsORq+R/iLROfI7GkqDLIJAjBCE 
> BEcb4wmg6CyKeqQj52EVtTURJJfrcnwW8CS7tiuqwnE1xP9olB2DlqMdOhCWdH3W 
> yP9KwDe6MprRPTuqJywRiwfSPEKcD4p/n3k/stcWa73lrVHdYSKOfwT/PropD9ED 
> myQaxrRBBuRvmNWlAH+XhsQkFRxCTagc+F1DDJPaqRPGlAYFd5qMZIZ6g+XbXjO5 
> mkUUqC6kzM+/CKwsTj3msL6IH90kWqXnKocypVChOS78NB1JkF44VXMKpjrtguc= 
> =ArE5 -END PGP SIGNATURE-
> 

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXi8GrAAoJEGINZVEXwuQ+7SQH/A4hLbDGNiyNMWc50ELd+7Gy
5u6AUt0K/A45wNPXgnjYh8t+n9yPm0Yo2zzUo7fOCHO/Wy3xrF3sBOg+IHrU7NUk
qZlkHTCUTD1x7Wx+dfqZVcN8JFeByqCvKjpMUa/nPcRgvymw9T5vKTVfqv0JGQa7
/hiWoBMBxkAjExMq4ySaxyGZGPR3qMV/6F6h5XhNT1N1kUINR0zDhmHZ7tZppJPA
UQ1tIXC7EwYU4YOxYqTDvfxDf2AfftDpjDoQBJ0t06VBL54bzdwcY9ImRXrpFYR7
1qNfD3LvrF6RLUtCqnZwYyEqaZVFJ8+gGW3DY2fXTPnNCFldypIfRlxqugNH5a4=
=2egF
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jonathan Wilkes]

> OK, they're naive and trusting. For which "sheep" is common metaphor.

Meaning that, for TBB, they're going to click the big "Download" button that 
probably is automatically linked to the binary for the OS detected by js on 
the Tor download page.
So:1. Click the big "Download" button to download a 47.3 megabyte file
2. Click the icon to Install3. Run TBB

> Running VirtualBox and Whonix is hardly "vastly more complex".
So:1. Click the big "Download" button on Whonix' frontpage.2. Click "Download" 
or "Virtualbox" in the row marked for Windows3. Download a 1.7 gigabyte file4. 
Download a 2.0 gigabyte file5. Realize that they don't have virtual box 
installed.6. Download 115 megabyte virtualbox installer for Windows.7. Install 
Virtualbox8. Run Virtualbox9. Navigate to the Whonix page that tells you what 
to do with the two big files they downloaded earlier10. Start virtualbox11. 
Import appliance12. Navigate and select Whonix Gateway image13. Click import, 
then Agree, then wait...14. Import applicance again
15. Select Whonix Workstation16. Start Whonix Gateway and Whonix Workstation17. 
Wait while the startup scripts initialize everything, then open the browser in 
the workstation.
That's two orders of magnitude more data to download, a virtual 
machine running two OSes, and three more windows open on the desktop 
(counting TBB window itself which is nested in the workstation window).
-Jonathan


On Saturday, July 16, 2016 11:11 PM, Mirimir  wrote:
 

 -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
>> I'm hardly asking for perfection. Just a little heads up for the
>> sheep.
> You're unwilling to even describe non-technical users as human
> beings, yet you want Tor to suggest a vastly more complex
> alternative for them?

OK, they're naive and trusting. For which "sheep" is common metaphor.

Running VirtualBox and Whonix is hardly "vastly more complex".

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXivdtAAoJEGINZVEXwuQ+lRUH/R/sHjOUZWZ6hcA92K8G+1A9
vU5xmgFaOQUczERi1NCnBWdD57EMS+ci0VTYwRsORq+R/iLROfI7GkqDLIJAjBCE
BEcb4wmg6CyKeqQj52EVtTURJJfrcnwW8CS7tiuqwnE1xP9olB2DlqMdOhCWdH3W
yP9KwDe6MprRPTuqJywRiwfSPEKcD4p/n3k/stcWa73lrVHdYSKOfwT/PropD9ED
myQaxrRBBuRvmNWlAH+XhsQkFRxCTagc+F1DDJPaqRPGlAYFd5qMZIZ6g+XbXjO5
mkUUqC6kzM+/CKwsTj3msL6IH90kWqXnKocypVChOS78NB1JkF44VXMKpjrtguc=
=ArE5
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


   
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
>> I'm hardly asking for perfection. Just a little heads up for the
>> sheep.
> You're unwilling to even describe non-technical users as human
> beings, yet you want Tor to suggest a vastly more complex
> alternative for them?

OK, they're naive and trusting. For which "sheep" is common metaphor.

Running VirtualBox and Whonix is hardly "vastly more complex".

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXivdtAAoJEGINZVEXwuQ+lRUH/R/sHjOUZWZ6hcA92K8G+1A9
vU5xmgFaOQUczERi1NCnBWdD57EMS+ci0VTYwRsORq+R/iLROfI7GkqDLIJAjBCE
BEcb4wmg6CyKeqQj52EVtTURJJfrcnwW8CS7tiuqwnE1xP9olB2DlqMdOhCWdH3W
yP9KwDe6MprRPTuqJywRiwfSPEKcD4p/n3k/stcWa73lrVHdYSKOfwT/PropD9ED
myQaxrRBBuRvmNWlAH+XhsQkFRxCTagc+F1DDJPaqRPGlAYFd5qMZIZ6g+XbXjO5
mkUUqC6kzM+/CKwsTj3msL6IH90kWqXnKocypVChOS78NB1JkF44VXMKpjrtguc=
=ArE5
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jonathan Wilkes]

> I'm hardly asking for perfection. Just a little heads up for the sheep.
You're unwilling to even describe non-technical users as human beings, 
yet you want Tor to suggest a vastly more complex alternative for them?

   
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/16/2016 06:00 AM, Jon Tullett wrote:
> On 14 July 2016 at 10:41, Mirimir  wrote:
> 
>> There is an aspect of visiting hostile onion sites that's 
>> especially problematic: forcing direct clearnet connections that 
>> reveal users' ISP-assigned IP addresses. It's irresponsible to 
>> continue recommending only vulnerable setups, especially Tor 
>> browser in Windows.
> 
> I think we differ there.

Indeed.

> I don't think it's irresponsible, and I don't think the 
> configuration is designed to be vulnerable.

I never said that Tor browser was designed to be vulnerable. But it
is, and Whonix isn't. And yet, years after Freedom Hosting, there's
very little on the Tor Project site about how to prevent leaks, and
nothing about Whonix.

> I do agree there's room for better awareness, but there's no 
> perfect solution.

I'm hardly asking for perfection. Just a little heads up for the sheep.

> At some point people have to take responsibility for their own 
> safety, and the fact that they're downloading Tor in the first 
> place suggests they are able to do so.

Maybe so. But from what I've seen, you're being far too optimistic.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXii21AAoJEGINZVEXwuQ+hTwH/jN7siN9OBnZCrnYHi5cwmes
/2shZ64d6j6HipJGNHF6g8LGb55Yax79Ty/7PcKeTpVdyGuZ53iolKn1vuzSNcm2
x/Ff5UpmNvi8yJzjcxnDUPhF9ug9xOHb/x4w64Lw+jCAB1O2mUnytXaS+MkdfdLG
X/nXZ/PdiVMQ9vjHF+eqdTw3amMS3PZar49+sTyUC+TxXsGZjGKwL6f8A6pMy/Oa
3RxJABBw4qTUDFNTpcxZVIYz479wyOQP0FqIDZWq5O3rLOesjrqA0ZteHtyoC+iD
4JQ4EKEzEAy19LzO8AgO+4/X9pHNtcj3keNQ9/kx48pgxhUJYcQCuhhH2wEeEi8=
=dUCu
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 16 July 2016 at 01:46, Joe Btfsplk  wrote:
> On 7/15/2016 12:34 AM, Jon Tullett wrote:
>>
>> On 15 July 2016 at 01:23, Joe Btfsplk  wrote:
>>>

>>> You're not really suggesting that users under hostile dictatorships or
>>> ones
>>> trying to expose democratic government unconstitutional actions,  take
>>> full
>>> responsibility for the ongoing modifying, patching & constant reading
>>> about
>>> weaknesses of Tor Browser "for their own security?"
>>
>> Yeah, I kinda am. Users in such hostile environments absolutely need
>> to take more care to keep themselves secure, and not just online. If
>> you are relying on any product to keep you alive, you definitely
>> should be constantly reading about it.
>
> Respectfully, you're dreaming if you think whistle blowers, political
> activists or citizens under brutal regimes are *necessarily,* or even mostly
> computer geeks. :)

Sure. Nor are they physical security experts, but some have to learn
pretty quickly how to evade pursuit, right? It's not Tor's job to
cover that, either.

Tor is a very specific tool, remember. You can use it for lots of
things, but I'm not sure it's appropriate for the organisers to take
responsibility for education people about every possible use-case,
risk, and adversary. You know your situation best - you need to take
responsibility for understanding your risk profile and taking
appropriate countermeasures, only one of which will be using Tor.

That said, I do think that where attacks are commonplace, or
frequently misunderstood, it makes sense to draw users' attention to
that, not least because there's a very good central facility to
achieve that - the Tor browser's start page and update mechanism. But
there's a balance, and while we may disagree on where the balance
lies, ultimately it's up to the project team to decide.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 14 July 2016 at 10:41, Mirimir  wrote:

> There is an aspect of visiting hostile onion sites that's especially
> problematic: forcing direct clearnet connections that reveal users'
> ISP-assigned IP addresses. It's irresponsible to continue recommending
> only vulnerable setups, especially Tor browser in Windows.

I think we differ there. I don't think it's irresponsible, and I don't
think the configuration is designed to be vulnerable. I do agree
there's room for better awareness, but there's no perfect solution. At
some point people have to take responsibility for their own safety,
and the fact that they're downloading Tor in the first place suggests
they are able to do so.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/15/2016 05:46 PM, Joe Btfsplk wrote:



> Many of things mentioned in "what else you need to remain
> anonymous" type articles - don't use Flash, plugins, file sharing,
> etc., are easy. It's all the other things that can go, or are,
> wrong that most people wouldn't understand.  For years, Tor devs
> weren't even sure how to report TBB screen size & many other
> unresolved issues.  I filed various bugs on many things, but had no
> idea how to fix them.   How can even advanced users be expected to
> fix these & more problems when it sometimes takes extremely
> talented Tor devs years to find solutions? Again, a pipe dream.

Such as, some TLA drops malware that phones home, and there's nothing
to stop it.

Just use Whonix :)



-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXianAAAoJEGINZVEXwuQ+hJEH/0KznKtJwbE6GOxvQ8eVJbfi
5MI8NtW9y5SG+hY/yeHBA7hpo0yj4FT59caYWDMgUlghg8JJPMt4x6kvmhKLMa6r
euUtTd4FlMRyJLPlis8V8Itw0OfK3ch1Ipkj4qbcenNUD6/0PKxMx7gLVESHyHyA
vR2+oB84NB3gYGI76H5tI5NZM5I4gb1YmEeOEinunEN8ALXLdZ/JnRc2B95MoSYs
wCJifYpjs2rBiLCX5fDM8JKbeTKFJkf7yb7vSvw5CY7vXcG0pux+7b32H1/Z9ScI
wOS9Vyz+NOTW087cNSu8O4/Pket5m6JyOSCDaxgKO7QgOwoUKwrEzUqgZiPkInQ=
=NVXB
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Joe Btfsplk]

On 7/15/2016 12:34 AM, Jon Tullett wrote:

On 15 July 2016 at 01:23, Joe Btfsplk  wrote:

On 7/14/2016 2:34 PM, Jon Tullett wrote:

Thanks Jon.  I agree w/ most that you said.  Again, semantics. Whether they
cracked Tor or Tor Browser won't change if the brutal dictator has you shot
in the front or back of the head. :)

Again, remember that this conversation was in the context of Freedom Hosting.

Absolutely agree that the same style of investigation could (and
probably does) happen in a more brutal political regime. Users there,
being at greater risk, have a greater need to take further steps to
protect themselves.



Unless one is using Tor w/ their own internet browsing application, an
exploited weakness in Tor Browser - modified Firefox - has the same effect
on users.  They're a package deal.

Well, no. Tor does make it clear you need to do more than just
downloading TBB to be anonymous and secure. If you think TBB is a
single-solution prepackaged silver bullet, you are at risk.

I don't think there's any debate whether Tor should try to be such a
silver bullet - clearly it can't and shouldn't - the question seems to
be around whether Tor should give more clear guidance/warnings. I'm
always in favour of that.



You're not really suggesting that users under hostile dictatorships or ones
trying to expose democratic government unconstitutional actions,  take full
responsibility for the ongoing modifying, patching & constant reading about
weaknesses of Tor Browser "for their own security?"

Yeah, I kinda am. Users in such hostile environments absolutely need
to take more care to keep themselves secure, and not just online. If
you are relying on any product to keep you alive, you definitely
should be constantly reading about it.
Respectfully, you're dreaming if you think whistle blowers, political 
activists or citizens under brutal regimes are *necessarily,* or even 
mostly computer geeks. :)
You may be correct that only very advanced geeks or (sane) persons w/ 
unlimited access to one, _should_ use TBB in dangerous situations, if 
they don't understand every detail about what can go wrong & how to fix 
it themselves.


Very few people meet those criteria.  I don't  & I've been studying Tor 
& TBB for yrs.   People that might have interests in whistle blowing or 
activism, *also* having the knowledge & ability to troubleshoot, modify 
or patch TBB on an ongoing basis are almost nil.  Except for those w/ no 
concept of the extreme risk they're taking, that leaves very few people 
to do any blowin' or activatin'.   People under brutal regimes don't 
need to be activists to have a real need for reliable anonymity (no 
unpatched browser bugs).  They just need to safely access info besides 
governmental propaganda or to pass info to similar minded persons.  Do 
we think they're all going to be coders that can patch browsers?  That's 
a dream.  :)


If the only people (in dangerous situations) that should use Tor / Tor 
Browser are geeks, it doesn't have a very wide audience. Regardless of 
whose job it is to make something like TBB "as secure as possible," 
there just aren't many people like E. Snowden w/ extreme computer talent 
- to do what you're suggesting -  & desire (possibly stupidity) to go 
after top officials or their government.


Many of things mentioned in "what else you need to remain anonymous" 
type articles - don't use Flash, plugins, file sharing, etc., are easy.  
It's all the other things that can go, or are, wrong that most people 
wouldn't understand.  For years, Tor devs weren't even sure how to 
report TBB screen size & many other unresolved issues.  I filed various 
bugs on many things, but had no idea how to fix them.   How can even 
advanced users be expected to fix these & more problems when it 
sometimes takes extremely talented Tor devs years to find solutions?  
Again, a pipe dream.


The sage advice under "List of Warnings:"  "Ultimately the best 
protection is a social approach: the more Tor users there are near you 
and the more diverse  
their interests, the less dangerous it will be that you are one of 
them."  L I'll B.  Unless sites you're visiting  or your exact ISP 
server are known to have 100's of TBB users - at once, that doesn't help 
much.


I'm not too sure about trusting one's life to a system based in part on 
pure guesstimating how many entry & exit relays are enemy controlled.  
Calculating statistical odds of being identified, based on unknown of 
numbers of enemy controlled nodes; the number of times & frequency entry 
guards change, number of sites visited, etc. :D








That Tor Project is saying Tor is relatively anonymous; as for Tor Browser,
everyone's on their own.

It's saying that the Tor network will help you stay anonymous, and the
browser bundle will help facilitate that, but you also need to take
further steps to stay anonymous and secure. I think that's realistic
and 

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 15 July 2016 at 05:36, Mirimir  wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/14/2016 01:34 PM, Jon Tullett wrote:

>> If a law enforcement agency cracked Tor, it would be a very
>> significant development indeed. The same agency using browser
>> exploits doesn't move the security needle at all; we already know
>> they do that.
>
> Sure, browser exploits are common. And yes, Freedom Hosting and
> PlayPen users got pwned through Firefox bugs. However, the FBI malware
> that deanonymized them exploited a trivial vulnerability in all
> default Tor installs:

That's right. It was a very small piece of malware - all it did was
phone home on the clearweb. Very clearly targeted at Tor users, and a
clever demonstration of reality: you don't need to crack crypto to
attack an encrypted network.

>> The issue of who should be responsible for alerting a user to
>> possible risks is debatable.

> Making Tor browser available without warning about leaks is just plain
> irresponsible.

> Is it too much to ask for a warning? Maybe a link to Whonix?

No, I wouldn't think so. I'd quite like to see a very plain-language
use-case breakdown either in the TBB homepage or linked off it - if
you are using TBB for , then you should do . If you are
using it in  environment, then you should read . For a
more complicated list of how agencies may attack you despite your use
of Tor, read . I'd volunteer to write such guides, if there was
demand for it.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 15 July 2016 at 01:23, Joe Btfsplk  wrote:
> On 7/14/2016 2:34 PM, Jon Tullett wrote:
>>>
>>> 2.  Aren't statements (from anyone) like, "... generally crack the
>>> servers
>>> hosting the illicit material, not Tor itself," sort of a matter of
>>> semantics?
>>
>> Depends on the context, I guess. To the user, maybe, but in the
>> context of this (Tor) community, the distinction matters. Browser
>> vulns and server exploits are common. Tor's crypto is not, AFAIK,
>> known to be compromised.
>
> Thanks Jon.  I agree w/ most that you said.  Again, semantics. Whether they
> cracked Tor or Tor Browser won't change if the brutal dictator has you shot
> in the front or back of the head. :)

Again, remember that this conversation was in the context of Freedom Hosting.

Absolutely agree that the same style of investigation could (and
probably does) happen in a more brutal political regime. Users there,
being at greater risk, have a greater need to take further steps to
protect themselves.


> Unless one is using Tor w/ their own internet browsing application, an
> exploited weakness in Tor Browser - modified Firefox - has the same effect
> on users.  They're a package deal.

Well, no. Tor does make it clear you need to do more than just
downloading TBB to be anonymous and secure. If you think TBB is a
single-solution prepackaged silver bullet, you are at risk.

I don't think there's any debate whether Tor should try to be such a
silver bullet - clearly it can't and shouldn't - the question seems to
be around whether Tor should give more clear guidance/warnings. I'm
always in favour of that.


> You're not really suggesting that users under hostile dictatorships or ones
> trying to expose democratic government unconstitutional actions,  take full
> responsibility for the ongoing modifying, patching & constant reading about
> weaknesses of Tor Browser "for their own security?"

Yeah, I kinda am. Users in such hostile environments absolutely need
to take more care to keep themselves secure, and not just online. If
you are relying on any product to keep you alive, you definitely
should be constantly reading about it.


> That Tor Project is saying Tor is relatively anonymous; as for Tor Browser,
> everyone's on their own.

It's saying that the Tor network will help you stay anonymous, and the
browser bundle will help facilitate that, but you also need to take
further steps to stay anonymous and secure. I think that's realistic
and reasonable.

Also, remember there is no such thing as 100% security, and the
incremental usability/security tradeoffs become more severe the
further you go. Everyone has to decide for themselves where to draw
the line - how secure they want to be and how much compromise they can
accept. All a third party like Tor (or you and I) can do is educate.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 15 July 2016 at 00:07, krishna e bera  wrote:
>> Should add that users with NoScript enabled would not have been
>> vulnerable - I get the "noscript decreases privacy" argument, but I'd
>> still kinda like it to be on by default to protect users. Maybe with a
>> big red "Turn on Javascript because I'm happy to get pwned by
>> malicious ads, FBI malware, and miscellaneous trackers" button :)
>
 There are frequently vulnerabilities in hosting services - content
 platforms, web forums, third-party Javascript libraries, file uploads,
 management interfaces...many sites, darkweb or not, have much broader
 attack surfaces than their owners understand.
>
>
> What do you think about these recommendations for onion sites:

Well, it doesn't really matter what I think :) There have been
discussions, and as I understand it in most cases there are two
issues: privacy tradeoffs in blocking third party content (doing so
makes your browser more identifiable), and breaking the web enough
that users will just downgrade their settings thereby making
themselves insecure and again degrading their privacy in the same
way..

Me, I block scripts in TBB because I weigh security a bit higher than
privacy, and it's nice that it's relatively easy to do so, but I would
like it to be signposted or explained a bit more clearly.


> Client-side:
> For months i have been suggesting to friends and clients, who are
> regular (non-Tor) users, to install Ublock Origin.

Very good choice, though possibly  too complicated for average users
(but then, so is maintaining a NoScript whitelist).

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/14/2016 01:34 PM, Jon Tullett wrote:
> On 14 July 2016 at 21:17, Joe Btfsplk  wrote:
>> On 7/14/2016 1:23 AM, Jon Tullett wrote:



>> 2.  Aren't statements (from anyone) like, "... generally crack
>> the servers hosting the illicit material, not Tor itself," sort
>> of a matter of semantics?
> 
> Depends on the context, I guess. To the user, maybe, but in the 
> context of this (Tor) community, the distinction matters. Browser 
> vulns and server exploits are common. Tor's crypto is not, AFAIK, 
> known to be compromised.

The CMU team did exploit the relay early bug. But there haven't been
many tor bugs as serious as that.

> If a law enforcement agency cracked Tor, it would be a very
> significant development indeed. The same agency using browser
> exploits doesn't move the security needle at all; we already know
> they do that.

Sure, browser exploits are common. And yes, Freedom Hosting and
PlayPen users got pwned through Firefox bugs. However, the FBI malware
that deanonymized them exploited a trivial vulnerability in all
default Tor installs: there is no management of Internet traffic that
bypasses the Tor network.

> The issue of who should be responsible for alerting a user to
> possible risks is debatable. Tor's job, after all, is not to keep
> users secure; it's to keep them anonymous. I don't speak for the
> Tor project, but I expect the assumption is that users should take
> responsibility for their own security, just as they should take
> responsibility for antivirus, patching, and brushing their teeth
> :)

Making Tor browser available without warning about leaks is just plain
irresponsible. About five years ago, Metasploit hosted the NIT used in
the Freedom Hosting attack, as a test for proxy leaks. It was easy to
pass, using firewall rules and/or VM compartmentalization.

One could argue that anyone using Tor for critical stuff should know
that. But obviously, many of them don't. We hear about the ones that
the FBI takes down. But what about the ones who just get killed?

Is it too much to ask for a warning? Maybe a link to Whonix?

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXiFo5AAoJEGINZVEXwuQ+RpwH/icXiSs2TyI5M1MwwExxTZby
PlPECRM+/zAcoA/RA/mYS04wVbIOkJWYxnNGzLm8ITpvXINyzTrF/+MGoKDoEQfY
QOcihEgDaI76oIamxHNCVX70FXYoPqsK19lZ0v/5fMROjEq+ytvBMsr+xmv/zdmk
ODQot4Tow1OtqzwuhVf+KpA3c7YwwebFQ24HMe3O6xeIKsZov5z1tr1C6KHheubx
tkPWTCSXwM+xma0lykIHiFbwl21BaNVwGBpeuIyDKkzqKnkprU3nx60LL4Fv82/o
2IAI/P+hCMz7CNQKt7N+hfS5PqNc8wv+BiewFGzTYKDkkWlq9wMXwkTg1OBlFtc=
=3+xd
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Nick Levinson]

Law enforcement agencies exaggerate and lie publicly in order to mislead 
people, such as unidentified suspects or to weed out claimants to notorious 
crimes who didn't really do it (there are quite a few), but the recent news 
report appeared, as I recall, to be based on a court or other official document 
about the FBI's work, not a news interview. It was vague, but probably not 
exaggerated or false.

If it was an attack through a website that then led to an attack on Tor, that's 
still an attack on Tor, and thus serious.

We should not assume attack methods won't be shared. An agency may share with 
other government agencies that have equal or higher levels of secrecy and with 
international allies.

I assume a website can know what browser I'm using and that if Tor allowed me 
to change its ID string a deeper method for identifying my browser is available 
and unpreventable. Already, some websites deny some functionality (like 
payments) or block access altogether (they might deny it but when entering 
captchas 15 times fails with Tor but, I think, never more than twice with 
non-Tor then they're probably blocking).

On whether to tell users about security methods:
--- I read the warning on viewport size and therefore I don't adjust my 
viewport; otherwise, I would be.
--- Fairly advanced security advice should be offered by considering two major 
groups of users: Those who are doing legitimate work requiring anonymity and 
who are working with or for someone who needs them to stay anonymous. Those who 
are doing acceptable work and mainly are providing cover for the first group. 
The first group will likely be told to read this information, and it should be 
in the browser, so bandwidth need not be used to read it and set up 
accordingly. We don't want someone watching how a main-legitimate user 
interacts with a security website. The cover-providing users have less security 
concerns and, hopefully, are using Tor to hide their music preferences from 
their kid sisters/brothers, and they won't be deterred from use because of a 
link being somewhere. The Mars intelligence agency will learn about something 
called "country-and-western" music but the Martians probably won't blow their 
cover.
--- More general security discussions should not be posted in Tor, but should 
be posted on websites. The Tor Project can decide which websites it trusts and 
list them on the Project's website, which can be or is linked to from inside 
the Tor browser. It's easier to update a website than to update Tor itself, and 
websites may have to be updated quickly and often.

Users and developers of Tor are likely more security-conscious on average than 
average users/devs of Firefox or, especially, whatever Microsoft calls their 
browser these days. Tor users will tolerate more info on the subject, as long 
as those who are relatively careless are not much slowed from jumping ahead 
without reading, if they wish.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Joe Btfsplk]

On 7/14/2016 2:34 PM, Jon Tullett wrote:

2.  Aren't statements (from anyone) like, "... generally crack the servers
hosting the illicit material, not Tor itself," sort of a matter of
semantics?

Depends on the context, I guess. To the user, maybe, but in the
context of this (Tor) community, the distinction matters. Browser
vulns and server exploits are common. Tor's crypto is not, AFAIK,
known to be compromised.
Thanks Jon.  I agree w/ most that you said.  Again, semantics. Whether 
they cracked Tor or Tor Browser won't change if the brutal dictator has 
you shot in the front or back of the head. :)


Unless one is using Tor w/ their own internet browsing application, an 
exploited weakness in Tor Browser - modified Firefox - has the same 
effect on users.  They're a package deal.
If claiming, there are no known cases of authorities "cracking Tor" or 
using its weaknesses to deanonymize users, that may be correct, AFAWK.  
But, it's been shown time & again, "we" don't know very far regarding 
what  gov'ts & their agencies can / can't do, or have / haven't done.  
An unfortunate fact for citizens everywhere. "Absence of evidence is not 
evidence of absence," as to their capabilities.  If any government 
cracks Tor, it'll be of the highest security classification.  Most 
advanced governments aren't as bungling & clueless as many think they are.


True - if someone cracked Tor, this show is over - for a while.  To 
Prisoner Number Six, it makes no difference if the chink was in Tor 
proper, or in the browser.  It matters to Tor Project for ego & bragging 
rights & it matters regarding whether only a few unlucky freedom 
fighters got caught, or if Tor needs a complete overhaul.




The issue of who should be responsible for alerting a user to possible
risks is debatable. Tor's job, after all, is not to keep users secure;
it's to keep them anonymous. I don't speak for the Tor project, but I
expect the assumption is that users should take responsibility for
their own security, just as they should take responsibility for
antivirus, patching, and brushing their teeth :)

-J
You're not really suggesting that users under hostile dictatorships or 
ones trying to expose democratic government unconstitutional actions,  
take full responsibility for the ongoing modifying, patching & constant 
reading about weaknesses of Tor Browser "for their own security?"
That Tor Project is saying Tor is relatively anonymous; as for Tor 
Browser, everyone's on their own.


If one is in the right (or wrong) situation, anonymity = security. Lack 
of anonymity may = jail or death.  Not for me & presumably not Tor 
developers, but for some users that Tor was designed for.


Six out.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[krishna e bera]

> Should add that users with NoScript enabled would not have been
> vulnerable - I get the "noscript decreases privacy" argument, but I'd
> still kinda like it to be on by default to protect users. Maybe with a
> big red "Turn on Javascript because I'm happy to get pwned by
> malicious ads, FBI malware, and miscellaneous trackers" button :)

>>> There are frequently vulnerabilities in hosting services - content
>>> platforms, web forums, third-party Javascript libraries, file uploads,
>>> management interfaces...many sites, darkweb or not, have much broader
>>> attack surfaces than their owners understand.


What do you think about these recommendations for onion sites:

1) Ensure javascript is not needed to use the site, and tell users so.

2) Ensure there are no offsite images dynamically included, and no
dependencies on other domains (e.g. wordpress, google fonts).

3) good quality SSL certs from e.g. Lets Encrypt, with instructions how
users can verify.

It might look more "primitive" but the content is what users come for.

Client-side:
For months i have been suggesting to friends and clients, who are
regular (non-Tor) users, to install Ublock Origin.
Once enough people get used to rejecting 3rd party ads and snooping,
TorBrowser can safely make that the default behaviour.  Firefox "reader
mode" already seems to do something like it, but not for privacy purposes.



-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 14 July 2016 at 21:17, Joe Btfsplk  wrote:
> On 7/14/2016 1:23 AM, Jon Tullett wrote:
>>
>>
>> I think what you'll find in such cases is that the FBI generally crack
>> the servers hosting the illicit material, not Tor itself.
>>
> 1.  Wasn't this discussed back when it occurred?  As to how they did (or
> likely did) identify the Tor / Tor Browser users for the porn arrests?
> Or am I thinking of bringing down Silk Road & some other sites?

Yes indeed. I linked to such an article in another email in this thread.


> 2.  Aren't statements (from anyone) like, "... generally crack the servers
> hosting the illicit material, not Tor itself," sort of a matter of
> semantics?

Depends on the context, I guess. To the user, maybe, but in the
context of this (Tor) community, the distinction matters. Browser
vulns and server exploits are common. Tor's crypto is not, AFAIK,
known to be compromised. If a law enforcement agency cracked Tor, it
would be a very significant development indeed. The same agency using
browser exploits doesn't move the security needle at all; we already
know they do that.

The issue of who should be responsible for alerting a user to possible
risks is debatable. Tor's job, after all, is not to keep users secure;
it's to keep them anonymous. I don't speak for the Tor project, but I
expect the assumption is that users should take responsibility for
their own security, just as they should take responsibility for
antivirus, patching, and brushing their teeth :)

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Joe Btfsplk]

On 7/14/2016 1:23 AM, Jon Tullett wrote:


I think what you'll find in such cases is that the FBI generally crack
the servers hosting the illicit material, not Tor itself.

1.  Wasn't this discussed back when it occurred?  As to how they did (or 
likely did) identify the Tor / Tor Browser users for the porn arrests?

Or am I thinking of bringing down Silk Road & some other sites?

2.  Aren't statements (from anyone) like, "... generally crack the 
servers hosting the illicit material, not Tor itself," sort of a matter 
of semantics?
e.g., on clear net, a plain Firefox user browses to a trusted site 
that's been hacked (& might be detectable, if anyone was checking).  The 
browser has no defense against the specific attack, though addons (say, 
NoScript) are aware of the possibility.


So the site / server was attacked 1st, but that's not the goal.  Due to 
weakness in (any) browser, isn't it as much an attack against the 
browser as the site?  And just as much the browser devs' faults for not 
fixing the weakness - if possible, and / or not repeatedly, very visibly 
warning users in unmistakable language  - if they don't do so.  In many 
cases, the discussion becomes, "Was it Firefox's fault or Tor Browser's, 
for not fixing the Firefox weakness?"


Not many realistic people I know would expect the producer or 
distributor of a product to *continually* point out the shortcomings, if 
they expected to retain or increase users.  (They might like for this to 
happen, but don't realistically expect it to).  Especially when the 
producer & distributor won't be legally liable for anything, if they 
don't constantly warn users. There's no penalty for software devs - esp. 
not freeware.   There usually are certain warnings or known issue 
comments from software devs, but often fairly obscure to average users.  
If Tor Project - or any other developer - repeatedly splashes weaknesses 
on page 1, it could seriously decrease users.


With software, lose-weight-while-you-sleep pills or OTC drugs, not all 
users necessarily understand the warnings, even if they hear / read 
them.  Often because they're ambiguous or don't give enough details or 
aren't worded so that average people understand.  And / or some users 
have a "it'll never happen to me" mentality.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 14 July 2016 at 12:52,   wrote:
> On 14.07.16 09:23, Jon Tullett wrote:
>>
>> On 14 July 2016 at 01:51, Nick Levinson  wrote:
>>>
>>> The FBI reportedly cracked Tor's security to crack a child porn case with
>>> over 100 arrests of Tor users.
>>
>> I think what you'll find in such cases is that the FBI generally crack
>> the servers hosting the illicit material, not Tor itself.
>
> It's still unclear to me whether there is a vulnerability in Firefox, in Tor
> Browser, or in Tor.

These are separate issues with separate ramifications. Breaking
Firefox is comparatively trivial. Breaking Tor would be extremely
untrivial, both in effort and implication.

Take one scenario; the FBI deploys malware on a server to identify its
users. That doesn't require (or even benefit from) attacking the Tor
network directly. It's about exploiting vulnerabilities in the hosting
software for delivery, then about vulnerabilities in the users'
browsers for infection. That may be browser vulnerabilities or Flash
vulns or whatever, but again, nothing to do with Tor.

Also worth separating Tor and TBB. Vulnerabilities in TBB would likely
be flaws in Firefox or a bundled addon. Exploiting that is certainly
plausible, but doesn't count as "cracking Tor" in the context of
compromising the network or encryption.

In the case of Freedom Hosting, it was reportedly a combination of
both; the FBI cracked the server, then planted malware which exploited
a vuln in Firefox (and therefore TBB) users. They didn't, it is
believed, compromise Tor crypto in the process.
https://www.wired.com/2013/09/freedom-hosting-fbi/

Should add that users with NoScript enabled would not have been
vulnerable - I get the "noscript decreases privacy" argument, but I'd
still kinda like it to be on by default to protect users. Maybe with a
big red "Turn on Javascript because I'm happy to get pwned by
malicious ads, FBI malware, and miscellaneous trackers" button :)

Lastly, I should acknowledge that none of this is proof that Tor has
NOT been compromised. Just that in the incident in question, it was
probably not.


>> There are frequently vulnerabilities in hosting services - content
>> platforms, web forums, third-party Javascript libraries, file uploads,
>> management interfaces...many sites, darkweb or not, have much broader
>> attack surfaces than their owners understand.
>
> Exactly. Bugs in software. Or, as Dijkstra put it, incorrect software. Users
> demand more features instead of more correctness because buggy software is
> "good enough" and a rare glitch is no problem. Then they discover that they
> lost control of their computers.

Unfortunately, security is rarely a top priority for either developers
or users.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[me]

On 14.07.16 09:23, Jon Tullett wrote:

On 14 July 2016 at 01:51, Nick Levinson  wrote:

The FBI reportedly cracked Tor's security to crack a child porn case with over 
100 arrests of Tor users.

I think what you'll find in such cases is that the FBI generally crack
the servers hosting the illicit material, not Tor itself.
It's still unclear to me whether there is a vulnerability in Firefox, in 
Tor Browser, or in Tor.



There are frequently vulnerabilities in hosting services - content
platforms, web forums, third-party Javascript libraries, file uploads,
management interfaces...many sites, darkweb or not, have much broader
attack surfaces than their owners understand.
Exactly. Bugs in software. Or, as Dijkstra put it, incorrect software. 
Users demand more features instead of more correctness because buggy 
software is "good enough" and a rare glitch is no problem. Then they 
discover that they lost control of their computers.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/14/2016 01:38 AM, Jon Tullett wrote:
> On 14 July 2016 at 08:37, Mirimir  wrote:
> 
>> On 07/14/2016 12:23 AM, Jon Tullett wrote:
> 
>>> Having pwned the server, a malware component is then injected
>>> to visiting computers. Ie: when the criminal visits the
>>> infected site, his PC is infected (over that encrypted, secure,
>>> etc) connection. Now infected, his PC will be under the control
>>> of the FBI, and the investigation will proceed from there. As
>>> soon as it's connected to the regular internet, that connection
>>> will be traced, but that connection is not necessary - data on
>>> the PC can be exfiltrated by the feds over Tor and used to
>>> identify the user.
>> 
>> Tor Project ought to inform users about this risk, and recommend 
>> countermeasures. It's not like this is new. I see nothing at 
>> .
> 
> I agree - a warning of the dangers of visiting infected onion
> sites could be useful (even though the problem is not specifically
> a Tor one). There's the risk of feature creep - security is a big
> space and it isn't really Tor's job to educate people on every risk
> online. Perhaps a clarification that just as TBB is not all you
> need to maintain privacy, it's also not all you need to stay
> secure, with a pointer to some external tips?

There is an aspect of visiting hostile onion sites that's especially
problematic: forcing direct clearnet connections that reveal users'
ISP-assigned IP addresses. It's irresponsible to continue recommending
only vulnerable setups, especially Tor browser in Windows.



-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXh1AuAAoJEGINZVEXwuQ+JxsIAK7NCDwsjp3LuP25p2V0CHpZ
ceXd7yN7BFzFfsxgbErT68dWLYWSIGxm6ZBg4ZQBb3BzvPOoRU50LldmyXjf5+FS
KC34TcqYnewyLTLe9g2vtcrttPoxbgcBoHuywe7Do5+hlPM/+I7Y4xjm8scIpNEf
X7vOGh5BfzbWQ4umMXP7YKEDNaktnN5xTITcqDrDZF15ugyUNslmaZRqfBeOv+GA
sfEhqa/puowXfJ0cOjuoPPGp/QApGKevYqL67/8XP8xhWbj3GK+ICk0i28dZK/ks
f+KOVouFXa50gJvSlvRzZouUbkvc5o5mAwoC25WZ3/30C2eiTYHRMXSk+8H6MnE=
=P3OR
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 14 July 2016 at 08:37, Mirimir  wrote:

> On 07/14/2016 12:23 AM, Jon Tullett wrote:

>> Having pwned the server, a malware component is then injected to
>> visiting computers. Ie: when the criminal visits the infected
>> site, his PC is infected (over that encrypted, secure, etc)
>> connection. Now infected, his PC will be under the control of the
>> FBI, and the investigation will proceed from there. As soon as it's
>> connected to the regular internet, that connection will be traced,
>> but that connection is not necessary - data on the PC can be
>> exfiltrated by the feds over Tor and used to identify the user.
>
> Tor Project ought to inform users about this risk, and recommend
> countermeasures. It's not like this is new. I see nothing at
> .

I agree - a warning of the dangers of visiting infected onion sites
could be useful (even though the problem is not specifically a Tor
one). There's the risk of feature creep - security is a big space and
it isn't really Tor's job to educate people on every risk online.
Perhaps a clarification that just as TBB is not all you need to
maintain privacy, it's also not all you need to stay secure, with a
pointer to some external tips?

For onion site operators, there's this:
https://www.torproject.org/docs/tor-hidden-service.html.en

Which does include this: 'Hidden services operators need to practice
proper operational security and system administration to maintain
security. For some security suggestions please make sure you read over
Riseup's "Tor hidden services best practices" document.'

Which in turn links here:
https://help.riseup.net/en/security/network-security/tor/onionservices-best-practices

That's more specifically about Tor config though - it could usefully
include pointers on basic webserver opsec too, though again it may be
out of scope to say much more than "bad people may attack your web
server, onion or not. Educate yourself on keeping it secure".

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/14/2016 12:23 AM, Jon Tullett wrote:
> On 14 July 2016 at 01:51, Nick Levinson 
> wrote:
>> The FBI reportedly cracked Tor's security to crack a child porn
>> case with over 100 arrests of Tor users.
> 
> I think what you'll find in such cases is that the FBI generally
> crack the servers hosting the illicit material, not Tor itself.
> 
> In other words, the feds locate onion sites hosting illegal
> material, using standard intelligence gathering techniques. They
> establish (encrypted, secure, private, and presumably uncracked)
> Tor connections to those servers, and then attack them over those
> connections. There are frequently vulnerabilities in hosting
> services - content platforms, web forums, third-party Javascript
> libraries, file uploads, management interfaces...many sites,
> darkweb or not, have much broader attack surfaces than their owners
> understand.

Truth.

> Having pwned the server, a malware component is then injected to 
> visiting computers. Ie: when the criminal visits the infected
> site, his PC is infected (over that encrypted, secure, etc)
> connection. Now infected, his PC will be under the control of the
> FBI, and the investigation will proceed from there. As soon as it's
> connected to the regular internet, that connection will be traced,
> but that connection is not necessary - data on the PC can be
> exfiltrated by the feds over Tor and used to identify the user.

Tor Project ought to inform users about this risk, and recommend
countermeasures. It's not like this is new. I see nothing at
.

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXhzMrAAoJEGINZVEXwuQ+aNcH/RuVar64z8teBVyE+lW6ttkj
1WAQUzoPwzowHgQqlzrGLg2U48DRFXAkvYDREnKJ1kyXHvva39vwuRxLOFclslWR
52jszspAlcQvDaM53NIvgusNMw6B1l6yvhvuf6aKb74W2BA5dWcfJxSd2QmVZYF7
b63uVPFRBBlvBwNcFvfwAgpOVXUklErp44QvWoQ2RpTIygVNFw6bKufX/ECt+uu/
7vgkKxRySabeIPlDDA8q08Wi5Prze1Ge1fZ8lt7tAHJgOW5FXaFbyWDnGipFggwG
2LNE0LQk1BkUV/o6IUlciY5QFZpoB+MSY1g7TDysKokLrrkOHZ9wYqBshI8HTwI=
=v9+h
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Jon Tullett]

On 14 July 2016 at 01:51, Nick Levinson  wrote:
> The FBI reportedly cracked Tor's security to crack a child porn case with 
> over 100 arrests of Tor users.

I think what you'll find in such cases is that the FBI generally crack
the servers hosting the illicit material, not Tor itself.

In other words, the feds locate onion sites hosting illegal material,
using standard intelligence gathering techniques. They establish
(encrypted, secure, private, and presumably uncracked) Tor connections
to those servers, and then attack them over those connections. There
are frequently vulnerabilities in hosting services - content
platforms, web forums, third-party Javascript libraries, file uploads,
management interfaces...many sites, darkweb or not, have much broader
attack surfaces than their owners understand.

Having pwned the server, a malware component is then injected to
visiting computers. Ie: when the criminal visits the infected site,
his PC is infected (over that encrypted, secure, etc) connection. Now
infected, his PC will be under the control of the FBI, and the
investigation will proceed from there. As soon as it's connected to
the regular internet, that connection will be traced, but that
connection is not necessary - data on the PC can be exfiltrated by the
feds over Tor and used to identify the user.

-J
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Mirimir]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 07/13/2016 06:28 PM, Karsten N. wrote:
> 
> 
> Am 14.07.2016 um 02:02 schrieb Sci Fith:
>> Sources? Links? Otherwise why conjecture & possibilities?
> 
> 2013 FBI and Freedom Hosting: 
> http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
> 
> 2015 FBI operation "Playpen" 
> https://motherboard.vice.com/read/the-fbis-unprecedented- 
> hacking-campaign-targeted-over-a-thousand-computers
> 
> In both cases, the FBI took over the Tor onion sites platform and
> deployed a network investigative technique on the Tor hidden 
> service sites - the agency's term for a hacking tool. That tool 
> used a vulnerability to circumvent the protections of the Tor 
> Browser Bundle, and then installed a trojan, which grabbed the 
> suspect's IP address and system information.

So this has been happening for at least three years. It's very likely
that Whonix isn't vulnerable, because browser and tor process are
isolated in separate VMs. And I've seen nothing about Whonix users
being pwned.

Why hasn't Tor Project recommended Whonix for those who need better
security than Tor browser can offer?



-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBAgAGBQJXhwcrAAoJEGINZVEXwuQ+o3YIAKABmzgjwcXF9/NUHJhChc5Q
GOKvD/m8X2qQQg5dPScA4+iPOkt+X66m8wqbRpVsoKLnKCgbEZ/HjOrcmXV3Swpm
EtmEgnWamIGf/odOnLKK0og88Fz+JYS1CvvNJLZcNsy9KHg1tEqDBF0wHYi4q0qW
0CsGHDCvzQAonIBzn1GSU+1F4zGIJNYuBARyD0kideoVqHRK6lniV9WJXU2b3xIf
LbwWwG5qTYd7RluND7j+TezgRlC9tVNo14+mP26KA8jbA13BOD0ZMEkTYyc+RQTq
9I0lmQggadXTGbelL/LbikM9JdFX+1YoaUS1xSFrw1C40zoLCQ7gLd0/f+LAp1c=
=V/5q
-END PGP SIGNATURE-
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Karsten N.]

Am 14.07.2016 um 02:02 schrieb Sci Fith:
> Sources? Links? Otherwise why conjecture & possibilities?

2013 FBI and Freedom Hosting:
http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/

2015 FBI operation "Playpen"
https://motherboard.vice.com/read/the-fbis-unprecedented-hacking-campaign-targeted-over-a-thousand-computers

In both cases, the FBI took over the Tor onion sites platform and
deployed a network investigative technique on the Tor hidden service
sites - the agency's term for a hacking tool. That tool used a
vulnerability to circumvent the protections of the Tor Browser Bundle,
and then installed a trojan, which grabbed the suspect's IP address and
system information.


>> But one clue might be that the FBI can read Bugzilla posts for whichever 
>> browser Tor uses (Firefox now) 

For operation "Playpen" an own new 0-day exploit was used by FBI.
Mozilla and TorProject tried to get informations about the bug,

https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/

But the bug was classified by FBI because of "National Security".

https://motherboard.vice.com/read/the-fbi-is-classifying-its-tor-browser-exploit

Best regards
Karsten N.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] FBI cracked Tor security

[Sci Fith]

Sources? Links? Otherwise why conjecture & possibilities?

> On Jul 13, 2016, at 7:51 PM, Nick Levinson  wrote:
> 
> The FBI reportedly cracked Tor's security to crack a child porn case with 
> over 100 arrests of Tor users. I don't know how the FBI did it, and that's a 
> good type of case for which to do it, but, considering that legitimate users 
> need to evade high-end intelligence agencies that may be as skilled as the 
> FBI and less friendly, it's worth discussing how the FBI might have done it. 
> The news story didn't say what specific exploit it used. I forgot the news 
> citation.
> 
> But one clue might be that the FBI can read Bugzilla posts for whichever 
> browser Tor uses (Firefox now) to catalogue security flaws various people 
> have discovered and reported. Some reports and responses are confidential but 
> hacking those Bugzillas may be a priority for a hundred or more foreign 
> intelligence agencies, most of whom are probably more skilled at cracking 
> than Mozilla (or whomever) is at defending. It's also possible that a 
> security flaw for another browser might be something to test for whether 
> Firefox has a similar flaw.
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] FBI cracked Tor security

[Nick Levinson]

The FBI reportedly cracked Tor's security to crack a child porn case with over 
100 arrests of Tor users. I don't know how the FBI did it, and that's a good 
type of case for which to do it, but, considering that legitimate users need to 
evade high-end intelligence agencies that may be as skilled as the FBI and less 
friendly, it's worth discussing how the FBI might have done it. The news story 
didn't say what specific exploit it used. I forgot the news citation.

But one clue might be that the FBI can read Bugzilla posts for whichever 
browser Tor uses (Firefox now) to catalogue security flaws various people have 
discovered and reported. Some reports and responses are confidential but 
hacking those Bugzillas may be a priority for a hundred or more foreign 
intelligence agencies, most of whom are probably more skilled at cracking than 
Mozilla (or whomever) is at defending. It's also possible that a security flaw 
for another browser might be something to test for whether Firefox has a 
similar flaw.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk