On Fri, 12 Oct 2012 13:12:53 +
adrelanos adrela...@riseup.net wrote:
Raviji:
On Fri, 12 Oct 2012 11:38:34 +
adrelanos adrela...@riseup.net wrote:
Outlaw:
Hi! Let`s say main linux user A is cut off from Internet with iptables,
user B starts Tor. If I run TorBrowser by user A,
HI,
I capture packets on the tor client using tcpdump and I want to decrypt
the captured packets for analysis. I think there are two steps
1 obtain the session keys
2 use some tools to decrypt the packets
Are there any ways, tools, methodology to decrypt the packets?
thanks!
On Tue, 16 Oct 2012 01:36:28 -
fakef...@tormail.org wrote:
Just want to use it... I don't plan to abuse something. I am willing
to solve 1000 captcha or 1000 pictures with cats and dogs. Just give
me the freaking account. Did google finally turn evil and wants to
forbid any anonymous
Although it's not an ideal situation, a few days ago a Google employee
posted regarding access via Tor:
https://lists.torproject.org/pipermail/tor-talk/2012-October/025923.html
Hi, I'm that employee.
That post is specifically about login to existing accounts that were
created outside of Tor.
On Tue, 16 Oct 2012 14:36:43 +0200
Mike Hearn he...@google.com wrote:
So I'm afraid we don't have a good solution for people who want to
sign up to Google anonymously today beyond buying accounts and getting
unlinkability that way, but as I said, that's against our terms of
service and can
On Tue, 16 Oct 2012 14:34:34 +
Abel Luck a...@guardianproject.info wrote:
Regarding deletion of the VM: I was under the impression secure
deletion was not possible on modern SSDs.
A simple method is to create a disk image (loopback) encrypted with a
random key (held only in RAM) for
We have a policy of phone verifying every signup via anonymizing
proxies.
I've read through the help pages but can't find the answer...
How many accounts can we have per phone number?
___
tor-talk mailing list
tor-talk@lists.torproject.org
fakef...@tormail.org:
I wanted to register for youtube. For comments, voting... Youtube wants a
gmail account...
Failed to make a gmail account. Gave them alternate mail, correct
captcha... First thing after registration they want is sms or phone
verification... I have no such thing as
We blacklist SMS/voice forwarding services when we find them and
re-suspend the accounts that used them. We haven't focused on it much
so there are certainly services we haven't blacklisted yet.
Generally, using these services is dangerous. If spammers have used
the same numbers you get allocated
On Tue, 16 Oct 2012 14:36:43 +0200
Mike Hearn he...@google.com wrote:
We have a policy of phone verifying every signup via anonymizing
proxies. If you signed up via Tor and didn't get asked to phone verify
it means the list of exit nodes we're using isn't up to date, or there
was a sync issue.
I'm not sure what using a phone gets you for more verification.
It's not a form of ID verification. We don't really care who owns the
number (or indeed, who you are at all).
It's just a throttle. It's harder to get 1000 phone numbers that don't
cluster and automate them, than it is to buy 1000
On Tue, 16 Oct 2012 18:36:35 +0200
Mike Hearn he...@google.com wrote:
I don't see the distinction between pay somebody to create an account
for you and buy an account. Both types of activity are likely to
hit various tripwires that will result in forced phone verification of
the account later
On Tue, 16 Oct 2012 18:36:35 +0200
Mike Hearn he...@google.com wrote:
Right now I don't believe there is any safe way to use Google accounts
via Tor if you aren't willing to provide a phone number, nor do I
believe it's safe for any other large web service. Handling abuse
whilst allowing
On Tue, 16 Oct 2012 10:51:37 +, k e bera wrote:
...
Why are anonymous signups assumed guilty of abuse before anything happens?
How about limiting usage initially,
Because per-account limits don't help when you can easily create as many
accounts as you want.
Andreas
--
Totally
Mike Hearn:
We blacklist SMS/voice forwarding services when we find them and
re-suspend the accounts that used them. We haven't focused on it much
so there are certainly services we haven't blacklisted yet.
Generally, using these services is dangerous. If spammers have used
the same numbers
Abel Luck:
adrelanos:
Hi,
Is it Amnesic or can it be made Amnesic?
Or in other words Can you be sure, that after deleting (or wiping)
the torified AppVM no activity can not be reconstructed with local disk
forensics? Could the torified AppVM be securely wiped without any
leftovers?
Hi,
I did a Tor usability study recently, though admittedly with
participants who were English speakers (though a large chunk were not US
citizens and did not speak English as a first language). We termed a
failure to DL the TBB as download clarity, and found it was the one of
the least cited
Future Work Integrate Vidalia
About Vidalia again... I was quickly reading my dev ticket again (
https://trac.torproject.org/projects/tor/wiki/doc/TorBOX/Dev#SHELLSCRIPTSVidaliabydefaultGraphicalGatewayWAITINGFORVIDALIA0.3.x
), why it's not yet integrated into Whonix.
Summary:
One drawback
Andrew Lewman:
Hmm, the large purple and orange 'Download tor' button on the index page
was missed?
No, but average user need to click on it, then choose language (btw
the list is barely seen) and then click Download again.
We have this already. When you click the big download button on the
On Tue, 16 Oct 2012 14:55:02 -0400
Greg Norcie g...@norcie.com wrote:
1.) Include small windows, apple, and tux logos on the download link
on the main tor page... these could serve as a symbolic cue that it
is a download link.
We had these in the past and people didn't recognize their own OS
Hi,
system time is a sophisticated issue:
Please read:
- https://tails.boum.org/contribute/design/Time_syncing/
-
http://sourceforge.net/p/whonix/wiki/Security/#whonixs-secure-and-distributed-time-synchronization-mechanism
Suggestion:
Time in torifed VMs (and perhaps TorVM) should differ from
On Tue, 16 Oct 2012 21:12:43 +0200 (CEST)
Outlaw out...@omail.pro wrote:
I was talking about descriptions outside torproject.org for
non-english-speaking people. Imagine blog post that describes benefits
of Tor and a link to page that starts downloading right away (or after
few seconds). And
Right now I don't believe there is any safe way to use Google accounts
via Tor if you aren't willing to provide a phone number, nor do I
believe it's safe for any other large web service. Handling abuse
whilst allowing discardable identities is a fundamental research
problem the Tor team need to
On Tue, Oct 16, 2012 at 8:35 PM, Mike Hearn he...@google.com wrote:
If you would like to see the effect our signup security efforts have
had for yourself, visit buyaccs.com and compare the price of gmail.com
vs hotmail.com accounts.
SMS-verified GMail accounts: $100 per 1k. Non-SMS-verified
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/10/2012 08:59 PM, adrelanos wrote:
Alternative startup scripts for the Tor Browser Bundle. For
starting up Tor Browser without Tor and Vidalia.
There's an easier way to go about it:
https://github.com/virtadpt/Experiments/blob/master/tbb.sh
The Doctor:
On 10/10/2012 08:59 PM, adrelanos wrote:
Alternative startup scripts for the Tor Browser Bundle. For
starting up Tor Browser without Tor and Vidalia.
There's an easier way to go about it:
https://github.com/virtadpt/Experiments/blob/master/tbb.sh
It's nice, you could even
On Tue, Oct 16, 2012 at 6:36 PM, Mike Hearn he...@google.com wrote:
Handling abuse
whilst allowing discardable identities is a fundamental research
problem the Tor team need to solve if they don't want Tor to be
restricted to a read only internet (to use Greg Maxwells phrasing).
It's not
please take me off the mailing list or at least tell me how I can do that
tykman...@aol.com
-Original Message-
From: The Doctor dr...@virtadpt.net
To: tor-talk tor-talk@lists.torproject.org
Sent: Tue, Oct 16, 2012 4:12 pm
Subject: Re: [tor-talk] Tor Browser script pack 0.3:
Raviji:
On Fri, 12 Oct 2012 13:12:53 +
adrelanos adrela...@riseup.net wrote:
Raviji:
On Fri, 12 Oct 2012 11:38:34 +
adrelanos adrela...@riseup.net wrote:
Outlaw:
Hi! Let`s say main linux user A is cut off from Internet with iptables,
user B starts Tor. If I run TorBrowser by
On 10/16/12 3:29 PM, Andrew Lewman wrote:
On Tue, 16 Oct 2012 14:55:02 -0400
Greg Norcie g...@norcie.com wrote:
1.) Include small windows, apple, and tux logos on the download link
on the main tor page... these could serve as a symbolic cue that it
is a download link.
We had these in the
I too am looking for an answer to this. Using the vanilla Tor browser
your identity changes (based on IP) automatically. While that enforced
anonymity is good in many cases, sometimes it makes a site impossible to
use. Personally for my Tor use I would like it ONLY to switch exit
nodes when
It's not Tor's problem to solve. Both common sense and actual research
[1] suggest otherwise. Tor only needs to steadily increase its
popularity and teach users not to link their real identities to online
activities. Service providers will then need to adapt their business
models or lose
32 matches
Mail list logo
