Re: [tor-talk] Upcoming releases next week to fix denial-of-service bugs in Tor

Thanks Nick, btw when I recently verified the sig on the Tor source download, it said your key had expired. GD On Mon, Mar 8, 2021, at 3:55 PM, Nick Mathewson wrote: > On Mon, Mar 8, 2021 at 10:54 AM Nick Mathewson wrote: > > > To the best of our knowledge these vulnerabilities are not being >

[tor-talk] 'Clock jump'

Hello list, tor client 0.3.5.8 on Darwin Oct 13 23:50:51.000 [notice] Your system clock just jumped 300 seconds forward; assuming established circuits no longer work. Oct 13 23:55:51.000 [notice] Your system clock just jumped 300 seconds forward; assuming established circuits no longer work.

Re: [tor-talk] Ongoing client problem

On Sun, Oct 29, 2017, at 06:59 PM, Roger Dingledine wrote: > On Sun, Oct 29, 2017 at 06:48:00PM +, George wrote: > > The route to determining the issue probably comes down to this > > error:> > > > Oct 29 12:50:06.000 [info] onion_skin_ntor_client_handshake(): > > Invalid> > result from

Re: [tor-talk] Ongoing client problem

Sadly not available for my OS. On Sun, Oct 29, 2017, at 06:39 PM, Jacki M wrote: > Just use the TorBrowser Bundle and see if that fixes your issue. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to

[tor-talk] Ongoing client problem

Hello all, my current experience of Tor is very frustrating in that it generally won't work for any length of time without changing identity, sending a SIGHUP or completely restarting. Since I've tried various versions (built from source), I assume the problem is with some other OS component or

Re: [tor-talk] Does the Tor DNS transparent proxy code use clients nameservers?

On Wed, Oct 25, 2017, at 10:01 PM, Rob van der Hoeven wrote: > On Wed, 2017-10-25 at 16:50 -0400, Allen wrote: > > and what happens if you use dig alone to talk directly to tor? > > something like "dig -p torport hostname +tcp" (see man dig) > > > > A good idea, but the Tor daemon expects that

Re: [tor-talk] What is preventing Bridge Enumeration?

On Wed, Feb 15, 2017, at 01:45 PM, Geoff Down wrote: > > > On Wed, Feb 15, 2017, at 01:32 PM, BVpTuvb AVMV wrote: > > What is preventing an attacker to start up a few mid-nodes and > > enumerating all IPs and substracting those from the list of publicly > > know

Re: [tor-talk] What is preventing Bridge Enumeration?

On Wed, Feb 15, 2017, at 01:32 PM, BVpTuvb AVMV wrote: > What is preventing an attacker to start up a few mid-nodes and > enumerating all IPs and substracting those from the list of publicly > known entry-nodes to get a list of (all) unlisted bridges? > > Seems a lot cheaper than dpi and except

Re: [tor-talk] Published bridge?

On Mon, Feb 6, 2017, at 10:48 AM, Maxxer wrote: > On 5 February 2017 at 20:38, Roger Dingledine wrote: > > > You can search for your nickname or identity fingerprint on > > https://atlas.torproject.org/ > > > FWIR bridges are not published into public database. That would make

Re: [tor-talk] ExcludeExitNodes doesn't take effect at all.

On Mon, Oct 17, 2016, at 02:49 AM, Hongyi Zhao wrote: > The command for obtaining the ExcludeExitNodes list is as follows: > > $ curl -s https://collector.torproject.org/recent/exit-lists/ | grep > -E -m1 'href=\"[0-9-]+\"' | tr '"' '\n' | grep -E '^[0-9-]+' | xargs > -r -I{} curl -s

Re: [tor-talk] Resource to check if an exit node is considered spammy?

On Sat, Feb 6, 2016, at 09:35 PM, blo...@openmailbox.org wrote: > Is there a resource that can tell me whether e-mails from the IP of a > particular exit node are likely to be flagged by the recipient mail > server as spammy. > > I've noticed that sometimes mail gets sent to the spam folder.

Re: [tor-talk] Iovation insinuates Tor Users are bad

On Thu, Oct 15, 2015, at 10:51 PM, grarpamp wrote: > https://www.iovation.com/ > -- What Iovation actually *says* is that fraudsters like to conceal their whereabouts with a variety of technologies. Nothing controversial there. GD -- http://www.fastmail.com - Same, same, but different... --

Re: [tor-talk] Potential uses for the Tor network

On Sun, Oct 4, 2015, at 08:53 PM, Roman Mamedov wrote: > On Sun, 4 Oct 2015 15:39:13 -0400 > Bryan Gwin wrote: > > > My name s Bryan Gwin (I have my masters in computer science) and I have a > > quick question. Is it possible for someone to design some software that

Re: [tor-talk] Warning: 255 fake and booby trapped onion sites

On Mon, Jun 29, 2015, at 11:38 PM, grarpamp wrote: Rather than detectable (when alone), I meant differentiable (when compared). I've also seen exits [1] rewriting onion addresses found on clearnet. [1] Like the retard behind this piece of shit is doing to that pastebin url... Arag0n

Re: [tor-talk] (no subject)

If you are the victim of ransomware, you have my sympathy. Note however that Tor is not connected to the malware that has encrypted your files, nor to the criminals. It's just software for browsing the private web. There is a small chance that this blog post may help you:

Re: [tor-talk] [RELEASE] Torsocks 2.1.0

On Thu, May 28, 2015, at 02:27 PM, David Goulet wrote: On 28 May (02:38:04), Geoff Down wrote: Which keyserver has your GPG key please? GD Found it at x-hkp://pool.sks-keyservers.net the same as the other Torproject keys - but there's no fingerprint on the website

Re: [tor-talk] [RELEASE] Torsocks 2.1.0

On Thu, May 28, 2015, at 02:29 AM, Geoff Down wrote: On Wed, May 27, 2015, at 08:19 PM, David Goulet wrote: Tarball: https://people.torproject.org/~dgoulet/torsocks/torsocks-2.1.0.tar.bz2 (sig: https://people.torproject.org/~dgoulet/torsocks/torsocks-2.1.0.tar.bz2.asc) Which

Re: [tor-talk] [RELEASE] Torsocks 2.1.0

On Wed, May 27, 2015, at 08:19 PM, David Goulet wrote: Tarball: https://people.torproject.org/~dgoulet/torsocks/torsocks-2.1.0.tar.bz2 (sig: https://people.torproject.org/~dgoulet/torsocks/torsocks-2.1.0.tar.bz2.asc) Which keyserver has your GPG key please? GD --

Re: [tor-talk] Problems? Verifying signatures in Tor 4.0.4

On Mon, Mar 2, 2015, at 12:51 PM, andr...@fastmail.fm wrote: Here's the output from terminal; $ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc tor-browser-linux32-4.0.4_en-US.tar.xz gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID F65C2036 gpg: BAD signature

Re: [tor-talk] Tor - VPN Clarification

On Fri, Jan 30, 2015, at 12:27 PM, Squeak wrote: Hi Guys, Thanks for the prompt replies, they are really helpful. The image you posted Bill Berry was especially illuminating, thanks! So VPN - Tor is what I'm currently doing with Tunnelblick and TBB, but could somebody detail how and

Re: [tor-talk] What to do if meek gets blocked

On Tue, Jan 6, 2015, at 09:56 PM, David Fifield wrote: It's important to understand that even if you change the front domain, you're not sticking some random person with a bandwidth bill. It's the owner of the url= that gets charged, not the owner of the front=, and the url= has to be

Re: [tor-talk] Hiden service and session integrity

And is it possible (and how ? ) to run end to end encrypted (ssl) web traffic via tor network ? By enterin https://someurl in the tor browser. I'm sure there is a pretty picture somewhere but I don't know it. Andreas https://www.eff.org/pages/tor-and-https --

Re: [tor-talk] Tor Browser Bundle 3.6.3: bad start

Same problem on Win7 with 3.6.5 - browser sometimes fails to open. On Sun, Sep 7, 2014, at 08:51 AM, Hartmut Haase wrote: Hi, sometimes when I try to start Tor, firefox will also be started, but there is no Tor Browser-window. I have to start several times until it works. That's not really

Re: [tor-talk] [OT] deleting publicly posted content

On Fri, Aug 8, 2014, at 01:07 PM, krishna e bera wrote: On 14-08-08 04:01 AM, grarpamp wrote: [Rant aside, people have a right to be forgotten, and those, like CL, who willfully disregard that right, without verbosely or obviously saying so in context (ie: mailing lists obviously have

Re: [tor-talk] (no subject)

On Fri, Jul 4, 2014, at 11:42 PM, ideas buenas wrote: Do a Whois lookup of the addreses I gave u before and check that all of this resolve to markmonitor. s3-us-west-2-w.amazonaws.com amazonaws.com is registered with Markmonitor, yes: The 'registrar' is MarkMonitor, Inc and the

Re: [tor-talk] (no subject)

is chatbeat. How many inindetifed servers do u have? On Thu, Jul 3, 2014 at 11:19 PM, Geoff Down geoffd...@fastmail.net wrote: See https://chartbeat.com/faq/what-is-ping-chartbeat-net for what I think you are seeing - website analytics. On Thu, Jul 3, 2014, at 11:56 PM, ideas buenas

Re: [tor-talk] (no subject)

On Fri, Jul 4, 2014, at 04:51 PM, ideas buenas wrote: Visiting the same website with Tor or normal Firefox its gave me the same So this is nothing to do with Tor. Remote Address: s3-us-west-2-w.amazonaws.com ec2-174-129-247-121.compute-1.amazonaws.com edge-star-shv-04-gru1.facebook.com

Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court

On Thu, Jul 3, 2014 at 5:53 AM, Moritz Bartl mor...@torservers.net wrote: On 07/02/2014 11:00 PM, Anders Andersson wrote: Unfortunately he doesn't seem to want to take this further, so the ruling will stand. It's his choice, but it could be a very bad deterrent to other potential exit

Re: [tor-talk] Fw: confirm [whatever]

On Tue, Jul 1, 2014, at 10:16 PM, Joe Btfsplk wrote: On 7/1/2014 3:41 PM, Bobby Brewster wrote: /What does this mean? Excessive bounces?/ No point replying - he's on Yahoo and they are bouncing list emails, as previously reported, and he doesn't give an alternative... --

Re: [tor-talk] torbirdy default settings

On Mon, Jun 30, 2014, at 12:55 PM, fari...@arcor.de wrote: Spam 06: Are you sure you want that? Unsecured is worse than not at all in this particular case. Unless you care for a poor man's proxy. Possibly, i don't know (?). But there's no ppc version on the tor server ... Do you have

Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

On Mon, Jun 30, 2014, at 10:15 PM, Bobby Brewster wrote: But how can the person's computer be identified since all that is seen is the connection between the exit node and the destination target_website.com The point, surely, is that real time code injection should not be possible

Re: [tor-talk] Bruce Schneier's Guardian Article about N_S_A and Tor.

On Sat, Jun 28, 2014, at 10:38 PM, williamwin...@openmailbox.org wrote: I recently read a Guardian article from last October (www.theguardian.com/world/2013/oct/04/tor-attacks-cnsa-users-online-anonymity) by Bruce Schneier about the N_S_A and Tor. His story was based on the Tor Stinks

Re: [tor-talk] Non-free country law preventing Tor from getting donations

On Sun, Jun 15, 2014, at 10:17 PM, Joe Btfsplk wrote: But if some sayings were ever true, it's, Perception is reality, err, no it isn't. Maybe on the quantum level. GD -- http://www.fastmail.fm - A fast, anti-spam email service. -- tor-talk mailing list - tor-talk@lists.torproject.org To

Re: [tor-talk] Tor and Openssl on old OSX [was Tor and Openssl bug CVE-2014-0160]

On Tue, Apr 8, 2014, at 11:37 PM, Andreas Krey wrote: On Tue, 08 Apr 2014 22:06:31 +, Geoff Down wrote: ... /library/tor/bin/tor: /opt/local/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.5) /opt/local/lib/libevent-2.0.5.dylib

Re: [tor-talk] Does Tor need to be recompiled *after* the opensslupdate?

Apropo this, Tor has a helpful message when restarting after updating Openssl via Macports: [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled with 107f: OpenSSL 1.0.0g 18 Jan 2012; running with 1000107f:

Re: [tor-talk] Does Tor need to be recompiled *after* the opensslupdate?

On Sun, Apr 13, 2014, at 07:29 PM, Geoff Down wrote: Apropo this, Tor has a helpful message when restarting after updating Openssl via Macports: [warn] OpenSSL version from headers does not match the version we're running with. If you get weird crashes, that might be why. (Compiled

Re: [tor-talk] Tor and Openssl bug CVE-2014-0160

On Tue, Apr 8, 2014, at 02:57 AM, kendrick eastes wrote: from https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 : [edit] So this is the openssl *binary*, the version of which is found by typing openssl version not some library used when compiling Tor? If the latter, how do

Re: [tor-talk] Tor and Openssl bug CVE-2014-0160

On Tue, Apr 8, 2014, at 12:17 AM, Roger Dingledine wrote: A new OpenSSL vulnerability on 1.0.1 through 1.0.1f is out today, which can be used to reveal up to 64kB of memory to a connected client or server. https://blog.torproject.org/blog/openssl-bug-cve-2014-0160 The short version is:

Re: [tor-talk] Windows firewall [citation]

I call spambot On Tue, Jan 21, 2014, at 07:15 PM, Julie Chartier wrote: Hi. Please let me know whwn c connected is the bug tracker ? my apartment is she boat. Can thermal imaging be done through my camera?I am not leaving my house without evidence of the abusive powers that be they have been

[tor-talk] Socks port question

Hi all, I've been experimenting with Tor's SOCKS port using a little PHP script to connect to an IP and send an HTTP request and print out the response, closing the connection. I've notice that if I send one request immediately after another (so I'm terminating the script before rerunning it

Re: [tor-talk] Tor 0.2.4.19 is released

On Thu, Dec 12, 2013, at 05:47 AM, Roger Dingledine wrote: Packages coming soon, at which point I'll announce this new stable tree on the tor-announce list too. (Tor 0.2.4.19 has no real changes since 0.2.4.18-rc if you want to get a head start.) Thanks Roger, so if we're already running

Re: [tor-talk] StrictExitNodes deprecated?

On Mon, Nov 25, 2013, at 01:14 PM, Leo Unglaub wrote: Hey On 2013-11-23 22:04, Joe Btfsplk wrote: What about when using TBB is desired, but sites (say web mail) won't accept addresses from countries other than used to sign up? the solution is simple. DONT USE THOSE FUCKED UP SERVICES.

Re: [tor-talk] Gmail account without phone number

On Tue, Nov 19, 2013, at 09:39 PM, Yo Mamma wrote: Hi, I have been reading on this mailing list that it is not possible to create a Gmail account without a phone number. I have just created such an account (this one). I was curious if this is a change on Gmail's part or if the conditions

Re: [tor-talk] Tor for ChromeBook

On Fri, Sep 13, 2013, at 08:20 PM, Griffin Boyce wrote: Of course, this is probably a bit into the reeds. Fishing metaphor? GD -- http://www.fastmail.fm - mmm... Fastmail... -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to

Re: [tor-talk] How to test leaks on OSX?

On Sun, Sep 1, 2013, at 05:53 AM, Bry8 Star wrote: Firewall log should show various outbound inbound attempts that are related to local network interface(s), and when various software are (trying to go or) going through it (LAN/WiFi interface). And, also try Wireshark. Which can show,

Re: [tor-talk] Tor 0.2.4.15-rc is out -- please test!

Same thing happened with Tor 0.2.4.16-rc , no errors in the log at all this time, same solution. I wasn't running alphas before 0.2.4.15-rc, just the previous stable. - Original message - From: Geoff Down geoffd...@fastmail.net To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Tor

Re: [tor-talk] Newbie question regarding exit policy

Hi Stephan, thanks for running a relay. That's a good idea, but you can also verify what exit policy your relay is announcing to the world (which is what clients use to decide whether to use your relay as an exit) by visiting a torstatus server such as torstatus.blutmagie.de:

Re: [tor-talk] TOR bundle on hostile platforms: why?

On Wed, Aug 7, 2013, at 06:21 PM, Ivan Zaigralin wrote: Both MS Windows and OS X can be safely assumed to spy on all actions taken by users, Evidence? -- http://www.fastmail.fm - The professional email service -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or

Re: [tor-talk] Tor 0.2.4.15-rc is out -- please test!

On Sat, Jul 13, 2013, at 09:19 PM, Roger Dingledine wrote: On Wed, Jul 03, 2013 at 02:05:14PM -0400, Roger Dingledine wrote: Tor 0.2.4.15-rc is the first release candidate for the Tor 0.2.4.x series. It fixes a few smaller bugs, but generally appears stable. Please test it and let us know

Re: [tor-talk] Tor 0.2.4.15-rc is out

On Fri, Jul 5, 2013, at 02:44 PM, Nick Mathewson wrote: On Wed, Jul 3, 2013 at 10:11 PM, Geoff Down geoffd...@fastmail.net wrote: On Wed, Jul 3, 2013, at 07:05 PM, Roger Dingledine wrote: Tor 0.2.4.15-rc is the first release candidate for the Tor 0.2.4.x series. It fixes a few

Re: [tor-talk] Tor 0.2.4.15-rc is out

On Wed, Jul 3, 2013, at 07:05 PM, Roger Dingledine wrote: Tor 0.2.4.15-rc is the first release candidate for the Tor 0.2.4.x series. It fixes a few smaller bugs, but generally appears stable. Please test it and let us know whether it is! I see the compilation process proceed differently

Re: [tor-talk] Identify requests made by the same user

On Fri, Jun 21, 2013, at 10:05 AM, NoWhereMan wrote: Il 21.06.2013 09:37 grarpamp ha scritto: At the level of the resultant TCP tunnel (at the application layer, through an exit or to an onion) all real IP's are effectively anonymized. Tor uses a mix of PKI, DH, EC, etc in

Re: [tor-talk] please suggest a new project name for Anonymous Operating System

Pimpernel (as in Scarlet..) . 'We seek him here, we seek him there...' GD -- http://www.fastmail.fm - The professional email service ___ tor-talk mailing list tor-talk@lists.torproject.org

Re: [tor-talk] Tor 0.2.3.20-rc is out

This version of Tor (0.2.3.20-rc) is newer than any recommended version, according to the directory authorities. On Tue, Aug 7, 2012, at 10:51 PM, Roger Dingledine wrote: Tor 0.2.3.20-rc is the third release candidate for the Tor 0.2.3.x series. It fixes a pair of code security bugs and a

Re: [tor-talk] Tor and the National lottery in the UK

On Wed, Jul 18, 2012, at 04:14 PM, Nick Brooks wrote: Hi All This is my first post here so 'Hello' I have recently discovered that The National Lottery in the UK is preventing me from accessing their website (despite the fact that my account has funds in it) because I run a Tor node

Re: [tor-talk] Question about Circuit Building

On Thu, Jun 14, 2012, at 03:12 PM, Patrick B wrote: Hi, I was logging some traffic from the Orweb browser on Android (to check for DNS leaks) and noticed that 5 different Tor relay IP addresses were being contacted. I was curious if this represents 5 different possible circuits with some

Re: [tor-talk] wget - secure?

On Thu, Apr 19, 2012, at 02:47 AM, Martin Hubbard wrote: I just checked wget in Tails 0.10.2 and see no UDP from the machine. Could someone please verify that? ___ tor-talk mailing list tor-talk@lists.torproject.org

[tor-talk] Trusted source?

http://anonymous-os.tumblr.com/about Would you use Tor supplied by these people? GD -- http://www.fastmail.fm - Access your email from home and the web ___ tor-talk mailing list tor-talk@lists.torproject.org

Re: [tor-talk] new obfs proxy

On Sat, Feb 11, 2012, at 11:56 PM, garulf wrote: Thanks. So the link here[0] points to the wrong list. [0]https://lists.torproject.org/pipermail/tor-talk/2012-February/023070.html No, it points to an posting which tells you to send bridge addresses via email to tor-assistants at

Re: [tor-talk] Aurora only build

On Thu, Jan 26, 2012, at 12:26 PM, cgp 3cg wrote: Hi list,  is it possible to build just the Aurora/Torbutton part of  TorBrowserBundle? If so, is it likely to be remotely possible on OSX 10.4? Not sure about OSX, but under Linux you can edit the 'start-tor-browser' script and change

Re: [tor-talk] Aurora only build

On Thu, Jan 26, 2012, at 03:54 PM, Marco Bonetti wrote: - Original Message - TBB isn't available for OSX PPC, so I'd have to build it - a mammoth task, but since I already have the latest Tor running and a working Vidalia, building Aurora would be a sensible step if possible,

[tor-talk] Aurora only build

Hi list, is it possible to build just the Aurora/Torbutton part of TorBrowserBundle? If so, is it likely to be remotely possible on OSX 10.4? TIA GD -- http://www.fastmail.fm - Send your email first class ___ tor-talk mailing list

Re: [tor-talk] tor out of date

On Thu, Jan 19, 2012, at 03:53 PM, Robert Ransom wrote: On 2012-01-19, Praedor prae...@yahoo.com wrote: I KNEW this would happen as people suggested it. I do NOT want the tor browser bundle, I want to run a tor relay. I installed my linux distro's tor package and, just as I knew it

Re: [tor-talk] tor out of date

On Thu, Jan 19, 2012, at 08:25 PM, Maxim Kammerer wrote: On Thu, Jan 19, 2012 at 19:07, Geoff Down geoffd...@fastmail.net wrote: You can build from source if you have the expertise (and obsolete developer tools) to build from source. What obsolete developer tools? -- Maxim

[tor-talk] Hoax?

Let's try that again... http://pastebin.com/jBPFsUSg We did crack Tor's encryption to reveal 190 IP addresses of individuals using Tor for Child Pornography -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again

[tor-talk] Hoax?

-- http://www.fastmail.fm - mmm... Fastmail... ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] exit atlgonyovLi

Will the owner of exit atlgonyovLi please turn off OpenDNS site blocking. -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again ___ tor-talk mailing list tor-talk@lists.torproject.org

Re: [tor-talk] Connection / socket issues with Tor on Mac OS

On Sat, 06 Aug 2011 20:17 +0200, Robin Kipp mli...@robin-kipp.net wrote: Hi all, so, I'd like to use Tor on my Mac, and access the web through its network of servers. So far so good, but as I'm familiar with Linux and the shell, I don't want to bring up Tor using the Vidalia GUI, but rather

Re: [tor-talk] EFF Tor Challenge

On Thu, 02 Jun 2011 06:36 -0700, cac...@quantum-sci.com wrote: On Wednesday 1 June, 2011 18:41:47 Marsh Ray wrote: - VirtualBox VM bridged to LAN still must share the LAN class C, and could potentially monitor internal traffic. (And please don't quibble with me calling it a class

Re: [tor-talk] Coffee shop testing - was TB for Win

On Wed, 13 Apr 2011 08:19 -0500, David Carlson carlson...@sbcglobal.net wrote: On 4/12/2011 8:38 AM, Erinn Clark wrote: * Mike Perry mikepe...@fscked.org [2011:04:12 05:49 -0700]: Right now, the thing is called Minefield, at least on Linux, because that was most expedient. We probably

Re: [tor-talk] Why the US Government funds circumvention projects (Like Tor)

On Tue, 29 Mar 2011 11:32 -0700, Christopher A. Lindsey clind...@garudallc.com wrote: Hi, I light of the recent discussions regarding governments funding projects like Tor, I thought this article might be of interest. From the article: From: Chris Lindsey ch...@christopherlindsey.com