Re: [tor-talk] A multi-layer proof of work system to solve the Tor/CloudFlare problem?

On Mon, Jan 25, 2016 at 09:09:37PM +0100, Cain Ungothep wrote: That way a normal web client, normally browsing a website, would not be impacted from end-user experience, but any automated system (the ones causing problems to Cloudflare) Why can't people separate Tor from Tor Browser in their

[tor-talk] Warning: 37 new booby trapped onion sites

Hello Tor community, In June I warned Tor users about the presence of hundreds of fake and booby trapped .onion websites [1]. Someone runs a fake site on a similar address to the original one and tries to fool people with that. The sites look like the original ones. These sites are actually

Re: [tor-talk] Warning: 37 new booby trapped onion sites

Hi, > If somebody hosts a dark website, that doesn't have a verifiable external way > to lookup their URL, then the only way you can verify them is to talk with a > bunch of other people, web-of-trust style. Which also has a bunch of ways it > can be undermined. > That's true. You have to

[tor-talk] crashsafari.com

Hi Tor Talkers, are you aware of it already: http://www.wired.com/2016/01/hack-brief-dont-be-trolled-by-this-iphone-crashing-link-meme/ "Crashsafari appears to run javascript code that overloads the victim’s address bar with an infinite series of numbers." It's not only Safari who is about to

Re: [tor-talk] Onion service discovery

Joshua Hull: > I've been thinking about how to get onion services transparently > selected over non-onion services in order to drive adoption. It seems > to me that a simple strawman proposal would be that before attempting > to connect to a domain name, do a lookup for a specific type of TXT >

[tor-talk] onion routing MITM

I'm new to tor, trying to understand some stuff. I understand the .onion TLD is not an officially recognized TLD, so it's not resolved by normal DNS servers. The FAQ seems to say that tor itself resolves these, not to an IP address, but to a hidden site somehow. When I look at

Re: [tor-talk] onion routing MITM

A CA will not validate a '.onion' address since it's not an official TLD approved by ICANN. The numbers aren't random. From Wikipedia: "16-character alpha-semi-numeric hashes which are automatically generated based on a public key when a hidden service

Re: [tor-talk] onion routing MITM

This is false. First of all '.onion' is an officially recognized reserved top level domain according to IETF RFC 7686. Second, a CA _will_ validate a .onion address, but only to provide an EV (extended validation) Cert. EV Certs are typically only had by big companies etc. Typical browsers

Re: [tor-talk] onion routing MITM

populationsteam...@tutanota.com writes: > I'm new to tor, trying to understand some stuff. > > I understand the .onion TLD is not an officially recognized TLD, so it's not > resolved by normal DNS servers. The FAQ seems to say that tor itself resolves > these, not to an IP address, but to a

Re: [tor-talk] onion routing MITM

> What prevents a person from registering a new .onion site, such as > http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to > http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that > *they* are actually the duckduckgo .onion site? Nothing. > When you see a link

Re: [tor-talk] onion routing MITM

26. Jan 2016 18:37 by a55de...@opayq.com: > A CA will not validate a '.onion' address since it's not an official TLD > approved by ICANN. > I understand that. > The numbers aren't random. From Wikipedia:  > "16-character alpha-semi-numeric hashes which are automatically generated >

Re: [tor-talk] onion routing MITM

populationsteam...@tutanota.com writes: > The question is: From a user perspective, http://3g2upl4pq6kufc4m.onion just > looks like random characters. (And in fact, if it's a hash of a public key, > which was originally randomly generated, then indeed these *are* random > characters). You

Re: [tor-talk] Warning: 37 new booby trapped onion sites

Juha, thank you for identifying the real and fake sites. This re-raises the question, when you get a URL from somewhere, how do you know it's the real one? Which upon further thought requires definition of "the real one." If two guys on the internet both claim to be John Doe, how is it

Re: [tor-talk] Using VPN less safe?

On Mon, 25 Jan 2016 10:25:20 -0500 Paul Syverson wrote: > "20,000 In League Under the Sea: Anonymous Communication, Trust, > MLATs, and Undersea Cables" available at >

Re: [tor-talk] onion routing MITM

On Tue, 26 Jan 2016 18:31:50 + (UTC) wrote: > When I look at thehiddenwiki.org, I see a bunch of .onion sites, with > random looking names. Why is this? What if someone at > thehiddenwiki.org registered a new .onion site (for example >

Re: [tor-talk] onion routing MITM

Try to put up a server n run it throw tor and the generate a key with scallion for example https://github.com/lachesis/scallion , or ur favorite programming lang a55de...@opayq.com skrev: (26 januari 2016 19:37:24 CET) >A CA will not validate a '.onion' address since it's not an official >TLD

[tor-talk] Network Analysis of Overlay Networks, Capabilities, Fill Traffic [was: VPN less safe?]

On Tue, Jan 26, 2016 at 3:09 PM, juan wrote: > On Mon, 25 Jan 2016 10:25:20 -0500 > Paul Syverson wrote: > > >> "20,000 In League Under the Sea: Anonymous Communication, Trust, >> MLATs, and Undersea Cables" available at >>

[tor-talk] Darknets: Full of onions, and eeps, and other wondrous things

> Email to tor-talk@ [0] made me wonder if (some of) these > are run by the same people that have been trying to hijack > Bitcoin transactions. In the first step, they could enumerate > services by crawling them That would be useful to get an early start in the spamming / seeding publication

Re: [tor-talk] Network Analysis of Overlay Networks, Capabilities, Fill Traffic [was: VPN less safe?]

> It would be harder for that analysis to succeed against networks > that filled between all the nodes with fill traffic when unused and > not needed for user traffic. (And in the sense of Tor, between clients > and some number of guards). But that's hard to design so that it > is functional. And

Re: [tor-talk] Warning: 37 new booby trapped onion sites

Thank you very much for being so vigilant and proactive. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk