s Torbutton's protection against long-term cache
identifiers.
Robert Ransom
signature.asc
Description: PGP signature
ck I rebooted
> twice just now and "ps -A | grep -w tor" each time gave me different UID
> for tor.
That's a process ID, not a user ID.
Robert Ransom
signature.asc
Description: PGP signature
ool, and as I
understand it, those reserved bridges are distributed periodically to
groups who will make use of them.
Other than that, well said.
Robert Ransom
signature.asc
Description: PGP signature
in this regard?
Only if the configuration option network.proxy.socks_remote_dns (only
accessible in about:config) is set to true.
Torbutton will ensure that this option is set properly.
Robert Ransom
signature.asc
Description: PGP signature
wade through. How can I (temporarily) tell
> Tor not to scrub the hidden services?
Add:
SafeLogging 0
to your torrc.
Robert Ransom
signature.asc
Description: PGP signature
in the Torbutton Preferences dialog would be
easier and much safer.
Robert Ransom
signature.asc
Description: PGP signature
report for Polipo itself, report it to the polipo-users mailing list
(see <https://lists.sourceforge.net/lists/listinfo/polipo-users>).
Robert Ransom
signature.asc
Description: PGP signature
n.
>
> Tor takes all the data (header and content), encrypts it three times on the
> client (me), and then at each node one layer is unencrypted OR is it all of
> it unencrypted at the exit node?
Each relay removes one layer of encryption.
Tor does *not* encrypt and send packet
ldnt these nodes be excluded by default?
They will be now.
The exit scanner detects such nodes, and Mike Perry has just made it
easier to mark nodes with suspicious policies with the BadExit flag in
the future:
https://gitweb.torproject.org/torflow.git/commitdiff/2320961a05e3277534887c7f76036c826
lished your IP address. It is quite easy for
your government to use your IP address to identify you and punish you,
and no one on this list can use your IP address to help you.
Robert Ransom
signature.asc
Description: PGP signature
safe to use over Tor.
This thread is about using Google gadgets embedded in a web page with
Firefox (and Torbutton).
Robert Ransom
signature.asc
Description: PGP signature
On Wed, 12 Jan 2011 10:49:25 -0500
Praedor Atrebates wrote:
> OK, great. I hadn't run into this issue until very recently so had no reason
> to follow anything having to do with it. Now the question is...where does
> one go to change this hidden setting? Where is the hidden setting hidden?
iously afraid of some node named "IL", or he is
trying to protect his users from those $DEROGATORY_ADJECTIVE Jews and
didn't put in the curly braces needed to exclude all nodes in a
country. (And didn't realize that Mossad can rent servers in other
countries.)
Robert Ransom
signature.asc
Description: PGP signature
ending your IP address to the server,
you need to use an FTP client that supports 'passive mode', at the very
least. Setting 'passive mode' may or may not be enough; if you want to
make sure the FTP client you want to use won't leak information, audit
its source code.
Robert Ransom
signature.asc
Description: PGP signature
ng any bridges.
The safest thing to do is to use only Bridge lines containing
fingerprints, and turn off UpdateBridgesFromAuthority. This way, Tor
will not contact the bridge authority, but will check the fingerprints
of the bridges it connects to so that it can detect man-in-the-middle
attacks. Unfortunately, Vidalia will not allow you to configure Tor
that way.
Robert Ransom
signature.asc
Description: PGP signature
tem/location as information acquired from a tor session?
Maybe, but it would be better to set the time zone to US Eastern Time
(America/Detroit on at least glibc-based Linux distributions), so that
you'll blend in with English-speaking T(A)ILS users.
Robert Ransom
signature.asc
Description: PGP signature
nto Tor's DNSPort, and
* drop all other outbound packets.
But the only way I know of to test whether your computer is leaking DNS
packets without disturbing your firewall configuration is to use a
packet sniffer.
Robert Ransom
signature.asc
Description: PGP signature
e other way around the
> problem?
See <https://gitweb.torproject.org/torbrowser.git> for the build
scripts, but we would prefer to fix this bug.
Robert Ransom
signature.asc
Description: PGP signature
ruct names that truly blended in with the Tor namescape - such
> as,"MrSpudRelays, QueenAnnesRevenge, SteveKenpIsMyHero, and so forth."
The Adversary would like to thank you for providing those names. They
will be *very* useful.
Robert Ransom
signature.asc
Description: PGP signature
On Thu, 25 Nov 2010 11:35:17 +0800
Jimmy Richardson wrote:
> I suspect torserversNet_* belongs to http://www.torservers.net/, not
> sure about PPrivCom though.
There have been previous posts to or-talk about a German organization
called perfect-privacy.com .
Robert Ransom
signatu
ot;
>
> Do I need to get a new .torrc version? I have had a look online and cannot
> find a template. I am using the latest version (0.2.1.26) so see no reason
> to install from scratch.
>
> Any suggestions? Thanks.
You only need a new torrc if your current one causes Tor t
scription
of how Tor connects to hidden services.
Current versions of Tor retrieve only v2 hidden service descriptors.
Each v2 hidden service descriptor is stored on 6 relays chosen
pseudo-randomly from those assigned the HSDir flag in the current
consensus.
Robert Ransom
signature.asc
Desc
nts to
specify a hostname instead of an IP address, and Polipo does so. Other
clients, including Firefox with the (well-hidden) socks_remote_dns
option turned off, may not specify a hostname to a SOCKS 5 server.
Robert Ransom
signature.asc
Description: PGP signature
Are they of use for
> someone since no debug symbols were installed when the core dumps were
> created?
If you have installed the debug symbol package corresponding to the
version of Tor, yes, they are useful. Use GDB or one of its frontends
to print a traceback from the core. The traceback should be safe to
disclose.
Robert Ransom
signature.asc
Description: PGP signature
ut two of them.
Robert Ransom
signature.asc
Description: PGP signature
s operated behind a NAT,
even with the ORPort forwarded to the internal IP address on which the
bridge or relay is listening.
Robert Ransom
signature.asc
Description: PGP signature
hutting-down-vidalia-geoip-mapping-server>
and upgrade to Vidalia 0.2.10 .
Robert Ransom
signature.asc
Description: PGP signature
rthy but I do
> not feel specially comfortable using the software.
What is 3proxy?
Robert Ransom
signature.asc
Description: PGP signature
On Thu, 28 Oct 2010 21:13:34 -0700
Robert Ransom wrote:
> On Thu, 28 Oct 2010 22:06:03 -0400
> grarpamp wrote:
> > >>is the server (hidden service)
> > >> privacy threatened by using https too in any way?
> > >
&
users to use
HTTPS, is far harder than merely using another layer of cryptography,
and provides no real benefit.
> And PKI, even amongst the anon, can be very useful thing. Communuties
> will be built, PKI will help. It's no different than the internet.
We have a PKI for hidden services already, designed into the protocol.
I do not expect piling HTTPS on top of that PKI to add any security at
this time.
Robert Ransom
signature.asc
Description: PGP signature
d to non-transmittable data that is merely
> cached such as images, etc.
The cache can be used to store pieces of HTML, CSS, and JavaScript
containing unique identifiers, which can then be transmitted back to a
server in various ways (even without JavaScript).
Robert Ransom
signature.asc
Description: PGP signature
is causing some confusion.
Yes, that is a bad sentence.
I think it's time to nuke that FAQ entry. (Probably long past time to
nuke it.)
Robert Ransom
signature.asc
Description: PGP signature
ing.
Please check that Torbutton is installed by trying to add Torbutton to
your Firefox toolbar. (The instructions are in the last paragraph of
https://www.torproject.org/torbutton/ .)
Robert Ransom
signature.asc
Description: PGP signature
re some attacks that can be
performed there, but an attacker who can modify a Tor node's kernel
would be able to do more damage by reconfiguring or modifying Tor
itself.
Robert Ransom
signature.asc
Description: PGP signature
Tor relays, and most relays
serve copies of the consensus to their clients.
Robert Ransom
signature.asc
Description: PGP signature
anks.
No -- put them on the Hidden Wiki.
Finding *that* is left as an exercise for the reader.
Robert Ransom
signature.asc
Description: PGP signature
t side-channel attacks. It only blocks
access to a description of your hardware.
> Then I heard that attackers can actually break out of VM's if they get root
> access on it due to a successful attack.
It depends on the VM software you are using.
Robert Ransom
signature.asc
Description: PGP signature
other thoughts and comments about this.
Read <https://www.torproject.org/faq-abuse.html.en>.
Robert Ransom
signature.asc
Description: PGP signature
On Sat, 02 Oct 2010 14:59:42 -0500
David Bennett wrote:
> I haven't tried the new version yet, is there a descriptive popup that
> explains what's happening when a user clicks a tor:// or tors:// ?
Yes.
Robert Ransom
signature.asc
Description: PGP signature
d since an HTTP proxy can't filter
evil content out of HTTPS responses, Privoxy's filtering was not very
useful.
Robert Ransom
signature.asc
Description: PGP signature
arby Wifi MACs...
>
> The Java trick to get the interface IP does not require special privs,
> so a randomized MAC would in fact help this scenario, if it were
> somehow possible.
I don't know whether browser plugins can be used to read a MAC address,
but if *they* c
On Mon, 20 Sep 2010 11:00:41 -0400
Gregory Maxwell wrote:
> On Fri, Sep 17, 2010 at 10:41 PM, Robert Ransom
> wrote:
> > If your hidden service really needs to be annoying to find, run it:
> >
> > * using only well-written, secure software,
> > * in a VM with
On Fri, 24 Sep 2010 17:34:05 -0400
hi...@safe-mail.net wrote:
> Robert Ransom:
>
> > Also, if you haven't bothered to change your MAC address, an attacker
> > with any UID can read it using ifconfig; your hardware manufacturers
> > may have kept records of wher
On Mon, 20 Sep 2010 09:58:14 -0400
hi...@safe-mail.net wrote:
> Robert Ransom:
>
> > If your web server and all of the interpreters and programs it runs are
> > competently written, there is no way for an attacker to get root
> > access, or even run a shell command.
On Sun, 19 Sep 2010 07:11:21 -0400
hi...@safe-mail.net wrote:
> Robert Ransom:
>
> > The VM is optional *if* and *only if* an attacker cannot possibly get
> > root on your hidden service.
>
> How do external attackers get root access on a Linux system, and how do they
On Fri, 17 Sep 2010 16:36:16 -0400
hi...@safe-mail.net wrote:
> Robert Ransom:
>
> > Only if you trust the hardware firewall/router. I wouldn't.
>
> Okay so there aren't that many safe options to run a hidden service really,
> if any at all?
If your hidden serv
s between them.
>
> Could this be safer?
Only if you trust the hardware firewall/router. I wouldn't.
> (I'm not sure if this message came within the thread, since I'm not yet sure
> about how to reply like that.)
It did.
Robert Ransom
signature.asc
Description: PGP signature
er. (The ‘host-only
network’ option in VirtualBox should be safe enough, for example.) I
don't see a big reason to run Tor in a VM, unless you need to set up
transparent proxying and don't want to mess up your main OS
installation.
Robert Ransom
signature.asc
Description: PGP signature
On Mon, 13 Sep 2010 00:26:02 -0400
Gregory Maxwell wrote:
> On Mon, Sep 13, 2010 at 12:11 AM, Robert Ransom
> wrote:
> >> There we go—
> >> Perhaps the signature could be shipped only to the directory
> >> authorities but left out of the published descriptors
On Sun, 12 Sep 2010 23:36:30 -0400
Gregory Maxwell wrote:
> On Sun, Sep 12, 2010 at 9:40 PM, Robert Ransom wrote:
> > That's the wrong approach. The config file should contain a random
> > secret key shared among all relays in a family, and the relays should
> > publ
ward-compatible with existing clients, but it
avoids the current quadratic blowup in both the config files and the
total descriptor size.
Robert Ransom
signature.asc
Description: PGP signature
y running Tor as root? It seems to me that those
instructions should be changed to have Tor run with DNSPort 9053 in a
Tor-only user account, and have iptables redirect DNS requests to port
9053.
Robert Ransom
signature.asc
Description: PGP signature
so many users easy access to their site.
If Tor exit nodes were allowed to bypass Google's CAPTCHA, someone
could put up a low-bandwidth Tor exit node and then send their own
automated queries directly to Google from their Tor exit's IP.
Robert Ransom
signature.asc
Description: PGP signature
:(
>
> tested using..
> https://anonymous-proxy-servers.net/en/anontest
As I understand it, Polipo can't scrub the headers of an HTTPS request,
even if you use it as an HTTPS proxy.
Robert Ransom
signature.asc
Description: PGP signature
On Tue, 17 Aug 2010 12:09:29 -0700
Robert Ransom wrote:
> Also, remember that Tor's opponents would put much more effort into
> blocking Tor if it were heavily promoted in the Western media. (China
> and Iran are not Tor's only opponents -- here in the US, misguided
&g
> software I can work on myself as part of my upcoming thesis term at school
> ...
What are you studying? Perhaps we can help you find a way to work on
Tor.
Robert Ransom
signature.asc
Description: PGP signature
> and privacy. I don't know it.
<https://duckduckgo.com/privacy.html>
> But why was this ad posted to the tor mailinglist?
I don't know why Gabriel Weinberg didn't post a link to his blog post
to the list himself. Advertisement or not, it is certainly an
appropriate news item for this list.
Robert Ransom
signature.asc
Description: PGP signature
om or whatever.
> >
> Really? Duckduckgo.com is on AS19262 Verizon, but when I accessed it, it
> was via an exit node on AS30058 ACTIVO-SYSTEMS.
I don't remember where I read this, but at the moment, exit enclaving
only works if your Tor client has already downloaded and cached t
court, they'll close it and start two new
ones running the same software the next day. The threat of being sent
to prison for the next 2000 years might make those scum turn off their
spambots and go ooze back to wherever they came from.
Robert Ransom
signature.asc
Description: PGP signature
these ports to cause much trouble for the Tor exit node
(except possibly the IRC ports). Port 1080 can be used to reach
BitTorrent or other rude services, but that's a little trickier for the
client to set up than Tor alone, and it is less likely to result in
DMCA complaints sent to the Tor exit operator (although the SOCKS
server operator may complain).
Robert Ransom
signature.asc
Description: PGP signature
acker we're
considering (a passive eavesdropper on the user's link to the Tor
network).
* If possible, introduce delays into outgoing non-RELAY_SENDME cells to
mask keystroke timing.
* To pad your connection, download a large, useful file through Tor in
the background.
A h
61 matches
Mail list logo