Re: [tor-dev] Request for feedback/victims: cfc

On Wed, Mar 23, 2016 at 2:15 AM, Yawning Angel <yawn...@schwanenlied.me> wrote: > My "proof of concept" tech demo is what I consider good enough for > use by brave people that aren't me, so I have put up an XPI package > at: https://people.torproject.org/~yawning/volatile

Re: [tor-dev] [GSoC] CONIKS implementation for Tor Messenger

Hi Arlo, > It may be prudent to consider a memory-managed language (I'll suggest golang > here as popular choice) for the server component. It is good to know that I can use golang to develop the server component. I am going to rewrite this part. > Wherever possible, we'd like to avoid modals

[tor-dev] (no subject)

Hi Arlo, > It may be prudent to consider a memory-managed language (I'll suggest golang > here as popular choice) for the server component. It is good to know that I can use golang to develop the server component. I am going to rewrite this part. > Wherever possible, we'd like to avoid modals

Re: [tor-dev] Query regarding GSOC '16 - txtorcon

Akash Mishra writes: > Also, I submitted a minor PR for the same branch. But the travis build > failed for it. Upon checking on the details, I saw that it used > python 2.7. However, that shouldn't have made any difference to the > tests since the PR was for compatibility on

Re: [tor-dev] Query regarding GSOC '16 - txtorcon

On Monday 21 March 2016 08:31 AM, meejah wrote: Hmm, it looks like I haven't actually merged the "python3" branch into master which is why a bunch of this looks like I changed it already I guess ;) So, see the branch "python3" for fixes to several of the issues you pointed to. However, there

Re: [tor-dev] Request for feedback/victims: cfc

On Wed, Mar 23, 2016 at 12:33:15PM -0400, Adam Shostack wrote: > Nice! > > Random thought: rather than "unreachable from Tor", "unreachable when > using the internet safely." This is really about people wanting > security, and these companies not wanting to grapple with what their > customers

Re: [tor-dev] Request for feedback/victims: cfc

Yawning Angel wrote: Inspired by https://trac.torproject.org/projects/tor/ticket/18361 I've been working on way to improve the situation. Neat. In the thread someone mentions that it's possible to derive the answer for the old-style street number captchas using tesseract [1].

Re: [tor-dev] Request for feedback/victims: cfc

During the OONI survey to find instances of server-side Tor blocking, we found a few variations on CloudFlare captcha pages. They don't all say "Attention Required!". Apparently there is an option to customize the page, but few sites make use of it. Here are the regexes we used (excerpted from

Re: [tor-dev] tor-dev Digest, Vol 62, Issue 38

Hi, Hats off to Yawning Angel for doing work to address this "CAPTCHA" challenge. The idea of using archive.somewhere to fetch cached versions of walled garden internet zones seems sensible. More points to YA with the ALL CAPS warning about "big nasty adversary in you threat model dont go

Re: [tor-dev] Request for feedback/victims: cfc

e.torproject.org/~yawning/volatile/cfc-20160323/ I noticed some dumb bugs and UI issues in the version I pushed so I changed a lot of things and uploaded a new version that should be better behaved. In particular: * It is now Content Script based, and does IPC so it may survive the transition

[tor-dev] Request for feedback/victims: cfc

roject.org/~yawning/volatile/cfc-20160323/ The source: https://git.schwanenlied.me/yawning/cfc (Requires the Firefox SDK aka Jetpack to package). By default the addon will: * Rewrite the CloudFlare captcha error page with messages that reflect my perception of reality[0]. * Rewrite imgur &qu