Libertas:
> Has anyone looked into this? I talked to the maintainer of the OpenBSD
> Firefox port, but he wasn't very interested and pointed out the
> difficulty caused by the deterministic build system.
>
> I can verify that it doesn't work out of the box, but haven't had time
> to play with it m
Dave Huseby:
> I'm a Bitrig [0] user and have been slowly patching up gitian-builder
> so that it knows how to create build VM's other than ubuntu [1]. I
> haven't pushed all of my patches yet, but I have a version of
> gitian-builder where make-base-vm understands "--os bitrig --iso
> cd10.iso" a
Prateek Mittal:
> Mashael, Ian -- this looks awesome, congrats!
>
> A couple of very minor comments come to mind (mainly from looking at Figure
> 5):
> a) For AS-level adversaries, the following could be useful inclusions:
> http://dl.acm.org/citation.cfm?id=1029199
> http://moria.freehaven.net/an
Yawning Angel:
[snip]
> My question is, what causes Tor Browser to set the SOCKS username to
> "--unknown--" and what the behavior should be in that case if:
Ideally, "--unknown--" would only be used for requests originating from
privileged browser code and not belonging to a website/resource a
t55w...@cs.uwaterloo.ca:
> I'd like to introduce two new works on website fingerprinting I've
> written with my supervisor, Ian Goldberg.
Thanks! I am looking forward to study your new work and hope we can
include it into Tor Browser.
> The first is titled ``On Realistically Attacking Tor with We
Yawning Angel:
> As much as all of these are important issues, if we search for a
> solution that works for absolutely everyone, then we will never
> implement anything, because IMO no such thing exists.
>
> I sort of have mixed feelings about this in general, but since enough
> people seem to thi
tordev...@safe-mail.net:
> Is there some documentation, how the tor-browser git repository is set up?
Not sure what you mean but it is a repository that contains Firefox ESR
code and on top of that our patches we need to apply. The branch names
encode the ESR version and the Tor Browser version: e
Hi,
at the recent dev meeting we decided to slightly change the applications
team meeting procedure in order to focus more on cross-application
issues. Instead of a scrum-style meeting we also think it should be
agenda-driven. The current plan is to meet once a month (on the
first Tuesday) given t
Hi,
just a reminder that the applications team is starting the monthly
meetings next week on Tuesday, November 3 at 19:00 UTC[0] in
#tor-project on irc.oftc.net.
The proposed topic is still talking about UX/internationalization
issues. If there are other things worth discussing we can easily amen
Nima Fatemi:
> Lunar:
>> Tor Browser folks have been tagging tickets with tbb-usability:
>> https://trac.torproject.org/projects/tor/tags/tbb-usability
>>
>> Do you want an extra tag for those?
>
> This is a good question. I'm aware of tbb-usability tag and have already
> added it to my filters; b
Hi,
just a reminder that the applications team is having its monthly meeting
next week on Tuesday, December 1 at 19:00 UTC in
#tor-project on irc.oftc.net.
There is no proposed topic for this meeting yet. Please come up with
suggestions if you feel there is something we should discuss.
See you t
George Kadianakis:
> Hello,
>
> as you might know, the IETF recently decided to formally recognize .onion
> names
> as special-use domain names [0].
>
> This means that normal browsers like Chrome and Firefox can now handle onion
> domains in a special manner since they know that they only corre
Nathan Freitas:
> - Overall improved configuration / settings UI to make tuning Orbot a
> better, simpler experience... this is an expansion of the new exit
> country selector in Orbot v15.1, but also includes managing things like
> network usage and so on.
Could you explain that point a bit more,
Nathan Freitas:
> On Tue, Jan 12, 2016, at 10:48 AM, Georg Koppen wrote:
>> Nathan Freitas:
>>> - Overall improved configuration / settings UI to make tuning Orbot a
>>> better, simpler experience... this is an expansion of the new exit
>>> country select
Hi,
Ivan Ristic:
> Dear Tor developers,
>
> My SSL Labs server test has a feature where it checks for preloaded HSTS
> in Chrome, IE, Firefox, and Tor.
>
> You can see it near the bottom of this report, for example (under "HSTS
> Preloading"):
>
> https://www.ssllabs.com/ssltest/analyze.html?d=
Hi,
- -:
> Hello!
>
> My name is Akito Ono. I'm a computer science student in Japan and very
> intrested in participating in GSoC this year.
> I read docs about projects and I was particularly intrested in Panopticlick
> project.
> And I have some questions about Panopticlick.
>
>
> Is this pro
Akito Ono:
> Hi,
>
> Thanks for quick answer.
>
>> For the tests themselves there will probably mainly JavaScript used + some
> CSS/HTML.
>
> So if I understand correctly, students have a choice about sever-side
> language?
> I have developed Web application, so I'm concerned about whether I can
Griffin Boyce:
> Hey all,
>
> There have been quite a few bug reports that discuss incompatibility with
> various Firefox extensions and with websites. In most cases, I can't
> replicate
> these bugs -- either because the extension in question has been patched,
> the
> website reported no longer e
Hi Pierre,
thanks for this proposal. Gunes has already raised some good points and
I won't repeat them here. This is part one of my feedback as I need a
bit more time to think about the code example section.
Pierre Laperdrix:
> Hi Tor Community,
>
> My name is Pierre and I'm really interested in
Pierre Laperdrix:
[snip]
>>> Technical choices
>>> In my opinion, the website must be accessible and modular. It should
>>> have the ability to cope with an important number of connections/data.
>>> With this in mind and the experience gained from developing AmIUnique, I
>>> plan on using the Pla
Hi,
here comes feedback to the remaining part of the proposal.
Pierre Laperdrix:
[snip]
> Code sample
> In 2014, I developed the entire AmIUnique.org website from scratch. Its
> aim is to collect fingerprints to study the current diversity of
> fingerprints on the Internet while providing full
Hi Akito,
Akito Ono:
> Hello!
>
> I'm writing a proposal for the Panopticlick project.
> Would you advise me about this proposal?
> https://gist.github.com/ak1t0/1bf1b6bd4e3fc99e2097
Thanks for this proposal. Looking over it and your PoC I have two
questions so far:
1) What does "Improve a peri
Akito Ono:
> Hi Georg,
>
> Thank you for your advice, always!
>
>> 1) What does "Improve a peripheral test suite and design" mean? Where
>> does this peripheral one come from?
>
> It meant measuring fingerprint's uniqueness and I rewrote it.
>
>> 2) Looking at the screenshot of your panopticlic
Tuuranton:
> The SHA-256 checksum of the downloaded file
> https://www.torproject.org/dist/torbrowser/6.0/TorBrowser-6.0-osx64_en-US.dmg
> is on my computer
> 0f4f6ca01028c2956c811dd94d67a76feb507cad176c031f32e6f95873003b4c
>
> But according to the text file
> https://dist.torproject.org/torbrowse
Hi!
Pierre Laperdrix:
> Hi everyone,
>
> Here is my second status report for my GSOC project.
> A little reminder that the repo is located on GitHub:
> https://github.com/plaperdr/fp-central
>
> 1 - I have progressed faster than I expected in the last two weeks. Here
> is everything that I have
Pierre Laperdrix:
> Hello everyone,
>
> I know the next status report is not due until next week but I wanted to
> get some feedback on how I use cookies and localStorage on FP Central.
>
> Right now, due the very short lifespan of cookies in the Tor browser, I
> don't use cookies as an identific
Hi all!
So, Karsten, Nicolas and I were sitting together for a while and were
looking at past data for figuring out how many users downloaded and
updated their Tor Browser over time.
We actually got more questions than we were able to answer but I guess
that's fine for a start.
Here are the grap
David Fifield:
> On Mon, Sep 12, 2016 at 11:12:15AM -0400, Mark Smith wrote:
>> On 9/11/16 3:45 PM, David Fifield wrote:
* We don't know what (8) or (9) is but it seems to us we are losing
users over time and are only getting them back slowly if at all. A
weekday/weekend pattern is v
Philipp Winter:
[snip]
> 2. Design
>
> 2.1 Overview
>
>A simple analogy helps in explaining the concept behind exit relay
>pinning: HTTP Public Key Pinning (HPKP) allows web servers to express
>that browsers should pin certificates for a given time interval.
>Similarly, exit rel
Tom Ritter:
> The info I gave you was for Tor Browser, the the latter (about session
> ID) is actually wrong. TBB disables both.
>
> https://trac.torproject.org/projects/tor/ticket/20447#ticket
> https://gitweb.torproject.org/tor-browser.git/tree/security/manager/ssl/nsNSSComponent.cpp?h=tor-brows
Roger Dingledine:
> On Sat, Dec 10, 2016 at 08:52:47PM +, Yawning Angel wrote:
>> I tagged sandboxed-tor-browser 0.0.2 (0.0.1 is also tagged, but it has
>> a few issues), so this is the obligatory release announcement.
>>
>> Official binaries should be available sometime next week, so I strongl
Tom Ritter:
> Hi Nur-Magomed,
>
> Great to have you interested in this!
>
> So we would want to use the Crash Reporter that's built into Mozilla
> Firefox (which is called Breakpad, and is adapted from Chromium). At
> a high level, I would break down the project into the following
> sections:
T
>> Check out firegloves. It's outdated, and I'd love to see it getting
>> some love, but it's a great POC for anti-fingerprinting in Firefox.
Firegloves is broken last time I checked. All the hooks are not applied
if you are sending your payload via FTP as the extension is doing the
hooking via a
Erinn Clark:
> I am at this point in favor of signing OSX packages with their codesigning but
How is this supposed to work with Gitian?
Georg
signature.asc
Description: OpenPGP digital signature
___
tor-dev mailing list
tor-dev@lists.torproject.org
Hi Nicolas,
some remarks are below.
Nicolas Vigier:
> In order to help me doing that, I'm very interested to receive from
> developers of any tor components :
>
> - a description or ticket number of bugs that you wish could have been
> detected earlier with automated tests
https://trac.torpro
Nicolas Vigier:
> In addition to this, an other thing that we could do automatically is
> rebasing the tor-browser patches onto the unreleased next mozilla esr
> from http://hg.mozilla.org/releases/mozilla-esr24/ in the default branch.
> This allows to see in advance if rebasing the patches on the
tor-admin:
> On Friday 13 December 2013 14:21:10 David Fifield wrote:
>> Do you have the same symptoms we experienced? That is, during the build
>> of tor for lucid-i386, you have a qemu process running with image
>> target-precise-amd64.qcow2? And if you ssh into the VM with
>> ssh -oNoHostAu
tor-admin:
> On Saturday 14 December 2013 19:26:41 Georg Koppen wrote:
>>
>> FWIW, this is probably https://trac.torproject.org/projects/tor/ticket/10153
>>
>> Georg
>
> I am seeing the following error for the Mac bundle:
>
> ** Starting TorBrows
Hi,
Steve Snyder:
> Attempting to build tbb-3.5.1-build1, and failing. See below for failure.
>
> I am building on a fully-updated Ubuntu v12.04LTS/x86_64 system. I am using
> the USE_LXC method because KVM won't work in this VMware VM.
>
> On my first attempt I did a "make all". That didn't
Hi,
Nicolas Vigier:
> Hello,
>
> You can find at this URL a proposal to refactor the tor browser bundle
> build process, using an other tool to replace gitian:
> https://people.torproject.org/~boklm/automation/tor-automation-proposals.html#build-tool
> (also added as attached file to this email)
Hi,
Nick Mathewson:
> Here's a new proposal for a thing that Mike wants for TBB. Please review!
[snip]
> 2. Proposal
>
>We introduce a new line for inclusion in votes and consensuses.
>Its format is:
>
> "package" SP PACKAGENAME SP VERSION SP URL SP DIGESTS NL
>
> PACKAGEN
Georg Koppen:
> Hmm... What happens in cases like the following:
>
> 4 authorities include a PACKAGENAME/VERSION pair with URL1 and DIGEST1
> and 4 other authorities include the same PACKAGENAME/VERSION pair with
> URL2 and DIGEST2 and, say, 1 authority includes no such
> PACKAG
Hi,
Gunes Acar:
> Dear All,
>
> My name is Gunes Acar, a 2nd year PhD student at Computer Security and
> Industrial Cryptography (COSIC) group of University of Leuven.
>
> I work with Prof. Claudia Diaz and study online tracking and browser
> fingerprinting. I'd like to work on "Panopticlick"
>
Gunes Acar:
> Thanks for all the feedback Mike,
> I'll be in touch with you and Georg on the Tor side.
>
> For the other discussion: I don't think open-sourcing Panopticlick is
> critical for this work.
Sure, we can always write new code. That said, if you want to do that (I
am still not sure abo
Georg Koppen:
> code could somehow be shared with tests needed for QA. Maybe the feature
> extraction part could be modularized in a way that both can share, say,
> the feature extraction part.
That should have been
"Maybe the tests could be modularized in a way that both can s
Gunes Acar:
> Sorry everyone for the long pause.
>
> I wrote down a proposal (and some code) to address issues raised by
> Mike and George:
> https://securehomes.esat.kuleuven.be/~gacar/summer_2014.pdf
>
> Looking for your comments and critics...
I am happy with getting 1), 2) and 3) done in tha
Gunes Acar:
> On 04/22/2014 10:35 AM, Georg Koppen wrote:
>> I am happy with getting 1), 2) and 3) done in that order but am a
>> bit wondering why that does not match your suggestion in the
>> timeline. There you plan doing something like 2) (+ maybe the
>> "Implem
Hi,
Maciej Soltysiak:
> Hi,
>
> It's my first post in tor ml, hope it's the right place to write this.
>
> I am using the latest TBB. The default setting for the maximum version
> of TLS (comming from Firefox) is TLS 1.0 (security.tls.version.max =
> 1)
>
> ssllabs.com tests would confirm the r
Amogh Pradeep:
> Status Report 4
> July 18th, 2014.
>
> Things I am working on:
>
> 1)Setting up repos and building:
> After having built fennec, we have now started to try to get it built
> on the jenkins server. Hopefully we will be successful and will be
> able to push out a version of the bro
Hi,
faether:
> Can a TBB developer please push these very simple but important anti-
> fingerprinting prefs through:
>
> pref("full-screen-api.enabled", false);
> pref("browser.link.open_newwindow.restriction", 0);
> pref("dom.disable_window_move_resize", true);
>
> Fixing:
>
> https://trac.tor
David Fifield:
> On Sun, Mar 26, 2017 at 02:28:00PM +, anonym wrote:
>> Tails uses the Tor Launcher shipped in Tor Browser, but it's run as a
>> stand-alone XUL application (`firefox --app ...`), so the *web*
>> browser isn't started as part of it.
>
> Sorry to change the subject, but should w
Nick Mathewson:
> With proposal 227 in 0.2.6.3-alpha, we added a way for authorities to
> vote on e.g. the latest versions of the torbrowser package.
>
> It appears we aren't actually using that, though. Are we planning to
> use it in the future?
It might be a candidate for update hardening, e.g
Karsten Loesing:
> Hello everyone,
>
> we, the Tor Metrics Team, have finished writing our roadmap for the 12
> months between October 2017 and September 2018:
>
> https://trac.torproject.org/projects/tor/raw-attachment/wiki/org/teams/MetricsTeam/metrics-team-roadmap-2017-11-17.pdf
>
> https://t
Karsten Loesing:
> On 2017-11-17 21:29, Georg Koppen wrote:
>> Karsten Loesing:
>>> Hello everyone,
>>>
>>> we, the Tor Metrics Team, have finished writing our roadmap for the 12
>>> months between October 2017 and September 2018:
>>>
>&
ban...@openmailbox.org:
> Hi. Are there any plans to include Privacy Pass addon in Tor Browser by
> default? Privacy Pass is the result of some great work by Ian and his team at
> University of Waterloo to spare Tor users the torture of solving infinite
> captchas from Cloudflare.[0][1]
That's
George Kadianakis:
> As discussed in this mailing list and in IRC, I'm posting a subsequent
> version of this proposal. Basic improvements:
> - Uses a new custom HTTP header, instead of Alt-Svc or Location.
> - Does not do auto-redirect; it instead suggests the onion based on
> antonella's mockup
nusenu:
> Hi,
>
> since Mozilla did tests [0] on DOH [1] in Firefox I was wondering
> if Torbrowser developers have put any thought into that as well?
Actually, the study did not get done yet. The start date is scheduled
for June 4th, see: https://bugzilla.mozilla.org/show_bug.cgi?id=1446404
We'
nusenu:
> Hi,
>
>
> https://www.torproject.org/projects/torbrowser/design/#identifier-linkability
> writes:
>
>> While the vast majority of web requests adheres to the circuit and
>> connection unlinkability requirement there are still corner cases we
>> need to treat separately or that lack a
Jonathan Marquardt:
> On Wed, Jul 04, 2018 at 05:46:48AM -0700, Keifer Bly wrote:
>>> I admit, a separate button that says “Configure” there could really be
>>> beneficial to void confusion. I agree, I think that future tor browser s
>>> having a dedicated “configure” button is a good idea for th
nusenu:
>
>
> nusenu:
>> It would be nice if every subsection (i.e. "SPDY and HTTP/2" would have an
>> anchor
>> so we can easily link to it)
>
> in what trac component would I file this request?
>
> "Webpages/Website"?
Sounds good to me, thanks.
Georg
signature.asc
Description: OpenPGP
David Fifield:
> On Fri, Jul 20, 2018 at 04:12:21PM -0400, John Helmsen wrote:
>> We are in the process of writing the documentation for Marionette, but the
>> documentation on the web page should be sufficient for at least getting a
>> full
>> evaluation started. We'd like to have the evaluation
teor:
> Hi,
>
> Is anyone still using these trac components?
[snip]
> Obfuscation/FTE
Let's leave that one right now. We still ship FTE on some platforms in
Tor Browser. We'll probably reevalute that soon and then can deal with
the trac component in case we think it's not worth keeping it.
Geo
George Kadianakis:
> Georg Koppen writes:
>
>> [ text/plain ]
>> George Kadianakis:
>>> As discussed in this mailing list and in IRC, I'm posting a subsequent
>>> version of this proposal. Basic improvements:
>>> - Uses a new custom HTTP header,
Rusty Bird:
> Georg Koppen:
>> FYI: the proposal is now the first Tor Browser proposal:
>> https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/100-onion-location-header.txt
>
> Sounds great. One nit:
>
> | Website operators should be aware that tools l
scootergrisen:
> I tried testing Tor Browser in macOS (VirtualBox) and at the bottom of
> the Help menu i see a empty menu item.
>
> If i remember correct nothing happened if i clicked it.
Yeah, that's https://trac.torproject.org/projects/tor/ticket/22942.
Thanks,
Georg
signature.asc
Descript
Richard Pospesel:
> And here's a link that actually works:
> https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL
Thanks for collecting and sharing all the possibly ideas here. Some
comments come to mind after thinking a bit about it.
1) We probably won't get that featu
Richard Pospesel:
> And here's a link that actually works:
> https://storm.torproject.org/shared/Kw99Ow0ExZFFC6FKD5CeryfVFAoAL9Z_iEVlflI0fiL
Thanks for collecting and sharing all the possible ideas here. Some
comments come to mind after thinking a bit about it.
1) We probably won't get that featu
Iain Learmonth:
> Hi,
>
> On 13/02/2019 16:56, n...@neelc.org wrote:
>> I don't think this is the right mailing list.
>
> This is entirely the correct mailing list as it is discussing a
> technical policy of the network team.
I am not sure whether that's actually the intention of the original
qu
Cecylia Bocovich:
> Hi,
>
> I just had a really great conversation with some of the developers at
> Briar about the recent work they've done in integrating some pluggable
> transports into their messaging application. I thought I would summarize
> some key points from the conversation here. In par
Torsten Grote:
> On 2/26/19 11:19 AM, Georg Koppen wrote:
>> I think we should be able to provide that with our Tor Browser builds
>> once we have all the PT pieces sorted out (which is rather soon).
>
> That would be nice!
>
>> So, probably the easiest way
Nathan Freitas:
>
> On 2/27/19 4:54 AM, Georg Koppen wrote:
>> Torsten Grote:
>>> On 2/26/19 11:19 AM, Georg Koppen wrote:
>>>> I think we should be able to provide that with our Tor Browser builds
>>>> once we have all the PT pieces sorted out (
Hi!
Kevin Gallagher:
> Hello tor-dev!
>
> My name is Kevin and I'm a PhD student at NYU. Recently I've been
> working on creating a "Tor Friendliness Scanner" (TFS), or a scanner
> that will measure what features of a given website are broken
> (non-functional) when accessed on the Tor Browser (T
Watson Ladd:
> On Tue, Jun 18, 2019 at 6:29 PM Chelsea Holland Komlo
> wrote:
>>
>> There are a couple approaches to consider.
>>
>> POW via hashing goes for a relatively simple to implement approach.
>> However, this incurs a high cost for all clients, and also environmental
>> damage, per previo
Hans-Christoph Steiner:
>
> Hey all,
>
> I'm currently working on tor for Android as part of a Guardian Project
> project. One key goal is making a shareable, reproducible build process
> for the tor daemon for Android. Then this would be published to
> MavenCentral as an Android AAR package to
Hans-Christoph Steiner:
> Georg Koppen:
>> Hans-Christoph Steiner:
>>>
>>> Hey all,
>>>
>>> I'm currently working on tor for Android as part of a Guardian Project
>>> project. One key goal is making a shareable, reproducible build proc
Nathan Freitas:
> A new Orbot is out, with a bug fix related to obfs4proxy installation,
> and a new tor!
Good stuff! Is it intended that I only see an x86_64, x86, and arm64-v8a
version but no armv7 one available? It seems suddenly Orbot is not
compatible anymore with my device (and I suspect a b
Roger Dingledine:
> On Mon, Jun 15, 2020 at 12:34:17PM -0400, David Goulet wrote:
>> 1) September 15th, 2020
>> 0.4.4.x: Tor will start warning onion service operators and clients that
>> v2 is deprecated and will be obsolete in version 0.4.6
>
> Thanks David. "Late 2020" is a
Barkin Simsek:
> Hi everyone,
>
> I created a wiki page [1] for "describing" the graphs that will be
> used to visualize the CAPTCHA Monitor dataset [2]. There are already a
> few graphs on the dashboard [3] and they will be replaced with the new
> ones described on the wiki page.
Thanks for that
Gaba:
> El 8/31/20 a las 9:22 AM, Barkin Simsek escribió:
>> Hi everyone,
>>
>> The end of the Google Summer of Code period has arrived, and you can
>> find my GSoC final report for the CAPTCHA Monitoring project here [1].
>> This was my first time working with an active open source community
>> an
Ian Laurie:
> Regular Firefox became briefly non-functional on Fedora Rawhide due to
> the following (now resolved) bug:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1891234
>
> The issue was that all tabs immediately crashed making the browser
> unusable. I believe Tor is now suffering from
Mike Perry:
>
>
> On 3/2/21 6:01 PM, George Kadianakis wrote:
>>
>> David Goulet writes:
>>
>>> Greetings,
>>>
>>> Attached is a proposal from Mike Perry and I. Merge requsest is here:
>>>
>>> https://gitlab.torproject.org/tpo/core/torspec/-/merge_requests/22
>>>
>>
>> Hello all,
>>
>> while wor
George Kadianakis:
> Hello all,
>
> after lots of investigation on anonymous credentials, we are glad to
> present you with a draft of the onion services anti-DoS proposal using
> tokens.
Thanks! I finally managed to read through and think about the proposal
(but note: I've not read proposal 327
Roger Dingledine:
[snip]
> That is, I think these extra restrictions (avoiding the relays) would be
> a slight improvement to security in theory, but I see that as outweighed
> by the loss of robustness and by the other security angle (avoiding
> letting people probe our internal network knowledg
David Goulet:
> On 14 Sep (11:31:02), Neel Chauhan wrote:
>> Hi Roger,
>
> Hi Neel!
>
> Thanks for your proposal!!
>
>>
>> On 2021-09-12 20:48, Roger Dingledine wrote:
>>> On Sun, Sep 12, 2021 at 12:17:37PM -0700, Neel Chauhan wrote:
If a relay has the MiddleOnly flag, we do not allow it t
nusenu:
Hi,
below is a partial proposal draft for human readable relay operator IDs
that are authenticated
by directory authorities. If there is any interest in implementing
something like this I'll complete the draft and submit
it via gitlab.
I think I am confused a bit. So, how does that r
Hello everyone!
As many of you know we have been working on a simple bandwidth scanner
(sbws) over the last years to deal with the old and unmaintained Torflow
code on our bandwidth authorities. We learned a lot during that process,
especially after we started to replace Torflow with the new s
ValdikSS via tor-dev:
Hello everyone.
I'm experimenting with Tor network and wanted to build a circuit via
unpublished relay (PublishServerDescriptor 0). To do so, I set up a
relay, got its authority descriptor, imported it with +POSTDESCRIPTOR in
the client using control port and tried to bu
Hefee:
Hey,
nodens(nod...@debian.org) and me are currently packaging the new version of
onionshare for Debian and stumbled over the dependency cepa[1], what is a fork
of stem. After digging deeper into it, I found out, that the main reason why
they do so is the support for Client Auth v3 onions[
Hefee:
Hey,
That is tricky as stem is not maintained anymore and therefore
deprecated.
That is a pitty. It would be nice if you can actually make this obvious on the
git repo like "currently stem is unmaintained and therefore deprecated" and
maybe search for people in the community to take ov
Hefee:
Hi hefee,
we've released stem 1.8.1 [1] including v3 onion services patches [2].
There'd be a pypi package soon (in aprox. 1 day) and stem's website update.
Please, let us know whether that works for you,
Thanks a lot. It looks fine for our use case. And good that you now communicate
Hello everyone!
The Network Health team is best known for its work in the bad-relays
area and being concerned with providing metrics + keeping an eye on the
health of the Tor network. While that involves doing analyses to answer
our own questions it was not clear so far what we should do with
eff_03675...@posteo.se:
Hi,
On the following URL :
http://hctxrvjzfpvmzh2jllqhgvvkoepxb4kfzdjm6h7egcwlumggtktiftid.onion/
stats.html
the quote:
*All per-graph statistics files are available for download via an URL of
the form:*
*https://metrics.torproject.org/identifier.csv*
Remains am
After reading Mike's blog post and the material contained in it (via
links) I thought it would be helpful to start a discussion about it.
First of all thanks for explaining the idea of improving the private
browsing mode. That aim seems worthwile but I want to focus more on the
needs for high anony
> If you maintain two long sessions within the same Tor Browser Bundle
> instance, you're screwed -- not because the exit nodes might be
> watching you, but because the web sites' logs can be correlated, and
> the *sequence* of exit nodes that your Tor client chose is very likely
> to be unique.
A
> Additionally, we expect that fingerprinting resistance will be an
> ongoing battle: as new browser features are added, new fingerprinting
> defenses will be needed. Furthermore, we'll likely be inclined to
> deploy unproven but better-than-nothing fingerprinting defenses (so
> long as they don't
> However, when performed by the exits, this linkability is a real
> concern. Let's think about that. That sounds more like our
> responsibility than the browser makers. Now I think I see what Georg
> was getting at. We didn't mention this because the blog post was
> directed towards the browser ma
>> Hmmm... If that is the answer to my questions then there is nothing like
>> avoiding getting tracked by exit mixes in the concept offered in the
>> blog post. Okay.
>
> That is not entirely true. Because identifiers would be linked to
> top-level urlbar domain, gone are the days where exits cou
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===2411481729548231614==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="enigC109D701B963D257C02E88A3"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===7169121415546917615==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="enig3F72C2734FABE1CB4A827A42"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===2411481729548231614==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
boundary="enigC109D701B963D257C02E88A3"
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
1 - 100 of 105 matches
Mail list logo
