I am using the Debian Tor repo on quite a few Debian machines and since a few
days now, none of these machines are able to use the repo.
"apt update" gives me:
Err:6 tor+http://sdscoq7snqtznauu.onion/torproject.org buster InRelease
The following signatures were invalid: EXPKEYSIG
I get that Tor Browser by default is supposed to be friendly for the average
user and it does this on Android and on a PC with the default settings quite
well.
However, people who know what they're doing can really tweak TBB on a desktop
to their specific needs, like using a system-wide Core
On Sun, Jul 26, 2020 at 01:00:38AM +0200, Troy Airheart wrote:
> Getting to the Logs Settings in TBB is also annoying. I have to click about
> 4 times and scroll down to get to the logs button results. I would
> appreciate it of you could make it an icon which can be added to the Menu
> Bar.
On Thu, Nov 07, 2019 at 07:50:45AM +, Toptin wrote:
> I've been having the same issue, but with a shorter message. Anyway, in
> my case I simply close/start TBB. It worked for me because I work with
> different FF profiles, hence I do not lose my work.
Do yourself a favor and just press Ctrl
On Sun, Nov 03, 2019 at 01:10:39PM +, Jason Long wrote:
> Hello,I installed Tor on Debian 10.1 x86_64 and I want to configure
> "/etc/tor/torrc" for use built-in bridge obfs4.An idea?
Run (as root):
# apt install obfs4proxy
Add the following lines to torrc:
UseBridges 1
I am a big fan of Lenovo (and formerly IBM) ThinkPads. You can buy them online
refurbished extremely cheap.
I personally have a Lenovo X200 with Libreboot installed. Having a FOSS and
controllable BIOS replacement can really be quite a security benefit.
For example, with Libreboot it's
On Sun, Jan 06, 2019 at 05:22:56AM +0100, Nathaniel Suchy wrote:
> I'm using the Tor Browser Bundle (v 8.0.4) on macOS to access the Tor
> Network. I am able to access Onion v2 Services without an issue. I am unable
> to access v3 Services at all. If it helps I requested bridges with the built
I use Tor for almost all of my web browsing. There's pretty much no reason not
to use Tor ever. If there's a website which I can't access via Tor, then I
probably shouldn't be using that website anyways as they are interested in
violating my privacy. So even just my everyday web searching, news
On Sat, Nov 10, 2018 at 01:22:00PM +, anan wrote:
> How come I have now the same IP address on every tab?
Circuit isolation is not per tab, but per site.
For example, open two tabs, one with https://ipchicken.com/ and one with
https://wtfismyip.com/. The circuits should differ.
> How come
On Mon, Oct 15, 2018 at 09:35:12PM -, bobby...@danwin1210.me wrote:
> Has anyone successfully created an account using the .onion address?
I have succesfully created fake accounts using the .onion address before,
however the last time was already a few months ago. Maybe they changed
On Thu, Oct 04, 2018 at 06:23:32AM +, ithor wrote:
> Ok, correct me if I'm wrong. Is this what happens in a meek request :
> 1. unencrypted http request with the hostname I want to connect to in
> cleartext.
> 2. encrypted https connection to the hostname.
> 3. encrypted (http?) relay
On Wed, Oct 03, 2018 at 12:25:52PM +, ithor wrote:
> So a meek request is sent in clear-text. What exact information is given ?
> The exact ip address of the Azure server, its geolocation ?
The IP address of the Azure server you're connecting to. In the case of
meek-azure the firewall would
On Wed, Oct 03, 2018 at 08:30:53AM -0400, James Bunnell wrote:
> I'm a little curious why some people don't take G Suite into consideration :)
Google clearly doesn't like seeing it's services used for censorship
circumvention.
On Wed, Oct 03, 2018 at 08:38:52AM +, ithor wrote:
> ever since TBB 8, there's the new moat way to obtain private obfs4 bridges
> through a CAPTCHA. In the following webpage it's stated meek is used in
> order to communicate with the Tor bridges database. Now, my question is :
> which ones
On Wed, May 02, 2018 at 02:44:40PM +0200, Marco Gruß wrote:
> according to https://signal.org/blog/looking-back-on-the-front/,
> Amazon has explicitly denied usage of one of their domains for
> "domain fronting".
>
> As far as I understand it, establishing a TLS connection to
> host A, but
On Fri, Nov 10, 2017 at 11:16:18PM -0500, grarpamp wrote:
> And just now google threw up a captcha for Youtube.
When using YouTube through Tor, I usually don't get a captcha, but
occasionally I do. I'm using it right now as well. I can see no difference.
It has always been like this. Maybe the
On Mon, Oct 16, 2017 at 11:16:45PM +0300, xxx wrote:
> Seems that TOR will be blocked from Nov 1st in Russia. Any info on this? In
> such a case, will it be possible to use Tor through "bridges"?
It is likely that at the very least meek would work in such a scenario. obfs4
bridges probably work
On Fri, Sep 15, 2017 at 05:54:50PM +0200, Fabian Keil wrote:
> Could you please quote the part of the article or source documents that
> lead you to the conclusion that "[a]ll three agencies run their own
> exit nodes"?
> Unless I missed it, however, there's no claim that the BND itself
> is
https://netzpolitik.org/2017/geheime-dokumente-der-bnd-hat-das-anonymisierungs-netzwerk-tor-angegriffen-und-warnt-vor-dessen-nutzung/
(German link)
Netzpolitik.org (a german news blog focused on politics surrounding the
digital world) today released a leak of internal emails and documents of the
On Mon, Jun 19, 2017 at 12:31:29AM +, Mark Reese wrote:
> 2) is there a way to get tor browser to save form history & passwords the way
> firefox does?
Go to about:preferences#privacy
Do the following settings:
Tor Browser will: Use custom settings for history
Uncheck "Always use private
On Thu, Jun 01, 2017 at 05:58:40PM -0500, Joe Btfsplk wrote:
> In Linux, it's very easy to grab TBB's drag screen bar when reaching for
> scroll bar. I've done it several times now.
> If you only move it a few px, it's hard to tell if it changed, unless go to
> a browser check site.
>
> Appears
By the way: Please don't cross-post across multiple mailing lists. Because I
didn't notice it, you just made me spam these lists when replying to you.
Sending to tor-talk would have been enough.
--
4096R/1224DBD299A4F5F3
47BC 7DE8 3D46 2E8B ED18 AA86 1224 DBD2 99A4 F5F3
signature.asc
On Mon, Apr 24, 2017 at 12:16:23PM +0200, unpublished wrote:
> 1. Many web pages display information that I do not support "TOR
> connections"?
Not sure, what you mean here. Perhaps THEY don't support (i.e. block)
connections from Tor users, because they are afraid of spam or other stupid
Look, if you have malicous software running on the system with normal user
priviliges, you are in big trouble anyway. There's so many things that
malicous software could do even if TBB was installed at a non-writable
location. Just as a simple example, malware could just change the location in
On Tue, Apr 11, 2017 at 02:18:38PM -0500, Joe Btfsplk wrote:
> I'm not "doing" anything with /home permissions - it's Linux defaults.
> AFAIK, once a user logs into their 'nix acct, anything that writes to (most)
> files in /home can do so - w/o any prompting.
I think the confusion comes from the
On Mon, Apr 10, 2017 at 07:11:48PM -0500, Joe Btfsplk wrote:
> What is the reason(s) the TBB instructions say do not install (extract) TBB
> to root?
> Is it so the TBB files will be in a location where the user has write
> permissions, so that TBB updates can automatically D/L and install?
Yes,
On Wed, Mar 15, 2017 at 03:43:10PM -0400, Roger Dingledine wrote:
> Jonathan responded with:
> > You want to hide the fact that you are using an anonymization network
> > by using an anonymization network. This idea seems pretty stupid to me.
>
> But I think that's taking a very narrow view of
On Wed, Mar 15, 2017 at 06:20:53AM -0400, Lolint wrote:
> Hi,
>
> Could it be possible to implement a pluggable transport using i2p? The way
> this could work
> is that a server would function as a bridge node, and will also have the i2p
> router installed,
> and the client will connect to this
On Sun, Mar 12, 2017 at 01:50:09PM -0400, Lolint wrote:
> Hi,
>
> I just thought about a possible (partial) solution to solve the "UX disaster"
> of next-gen onion services, namely the very long addresses. Tor Browser
> already ships with HTTPS
> Everywhere, and one can easily write rules that
So, when meek-google was suspended, one of the recommendations for people was
to set up their own apps in AppEngine as meek servers.
https://lists.torproject.org/pipermail/tor-talk/2016-June/041699.html
Wouldn't it be a good idea to encourage people to do so, but in a way that
everyone and not
Apparently attachments don't work here. So I uploaded it do my webserver:
https://www.parckwart.de/files/nuclear_waste/transproxy.sh.txt
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
Hello!
I made my own iptables bash script for redirection of local traffic through
Tor. I built upon the examples from
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy while
adding in some extra functionality that I'd like. This being:
- Disable redirection for every user in
The problem with this of course is that you need to trust a third party: The
Internet Archive. Unless you have some checksums of binaries or - much better
of course - the Tor developer's PGP keys. If you have some way of verifying
what you download, this circumvention method might be a good
On Mon, Dec 12, 2016 at 10:48:46AM -0500, Tor-talk wrote:
> Reading through this:
> https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification
>
> Trying to do this on Mac OS X.
>
> `shasum -a 256 .dmg` clearly gives me a checksum that
> doesn't match the one in the
On Mon, Dec 12, 2016 at 01:52:22AM -0700, Mirimir wrote:
> Sorry about missing the typo in my initial reply. It _was_ an invalid
> rule. But accepting lo is necessary with default deny, right?
Yes, sorry, you're right. My bad.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To
On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote:
> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock
> down Tor using Tor browser?
Well, given the way OP phrased his question, I just assumed he wanted to
prevent any unwanted input to his system, which is why I gave
On Sun, Dec 11, 2016 at 11:33:23PM -0700, Mirimir wrote:
> On 12/10/2016 07:16 AM, Jason Long wrote:
> > Hello.
> > I like to close all INPUT connections via iptables but I like to use
> > TorBrowser, Then Which port(s) must be open?
> >
> > -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT
> >
>
On Sun, Dec 11, 2016 at 12:26:47PM +, Jason Long wrote:
> Excuse me, I must allow input to my system? It is so bad :(, I don't like to
> allow everyone.
This has nothing to do with Tor. It's just the general way how the IP protocol
works. Without allowing stateful input, you couldn't do any
You always need to allow some input as well in order for the Tor guard node to
talk to your computer. Stateful Inspection is used for this. Here's a complete
ruleset to accomplish what you asked for. All output is allowed, but no input,
except it belongs to some output your computer previously
> Dec 09 11:59:12 localhost Tor[4096]: Couldn't open "/var/lib/tor/lock" for
> locking: Permission denied
> Dec 09 11:59:12 localhost Tor[4096]: set_options(): Bug: Acting on config
> options left us in a broken state. Dying. (on Tor 0.2.8.9 )
> Dec 09 11:59:12 localhost systemd[1]: tor.service:
> This sequence of events got me thinking; the exit node queries servers on
> the behalf of the Tor Browser. Some sites simply cannot be connected to via
> HTTPS. Thus, the exit node must query the site requested in HTTP, which can
> be modified in transit. If done, what form of protections could
On Fri, Dec 02, 2016 at 08:47:11PM -0800, Rythyrix wrote:
> Greetings, all.
>
> Recently, as I was browsing over to coppersurfer dot tk , I on a whim opened
> up Firefox's Element Inspector (right click -> Inspect Element (Q)) .
> Imagine my surprise when I find a script before the title tag.
Yes, luckily that's not happening yet. At least not on a large scale.
In order for that technique to really work out, all ISPs in all countries your
Tor connection goes through would need to work together. The more
geographically and politically diverse the countries your Tor circuit goes
On Tue, Nov 15, 2016 at 10:33:53AM +0530, krihsna wrote:
> orbot version: 15.2.0-rc7
> os: android asop 5.1
>
> recently i have downloaded & installed orbot on my device.
>
> i have a few questions about the app:
>
> [q] is it absolutely necessary to enable bridges or apps VPN mode ?
>
Bridges
On Thu, Nov 10, 2016 at 05:24:42PM +, blo...@openmailbox.org wrote:
> Using the latest version of Torsocks with: torsocks ssh root@111.222.222.111
> gives:
>
> PERROR torsocks[13225]: socks5 libc connect: Connection refused (in
> socks5_connect() at socks5.c:202)
> ssh: connect to host
g wrote:
> How can I find a good list of secure Bridge?
>
> On Tuesday, November 8, 2016 1:38 PM, Jonathan Marquardt
> <m...@parckwart.de> wrote:
>
>
> One thing should be clear:
>
> If one is not using a bridge, it is trivial for any network observer
One thing should be clear:
If one is not using a bridge, it is trivial for any network observer
(University firewall admin, Iran ISP) to see if one is using Tor. However,
with the right bridge setup such a detection can ultimately be prevented. I
guess meek is the best candidate for an
Tor Browser does not use the Tor process installed on our system. In fact, if
you only want to use Tor Browser you don’t even need any Tor package.
In your Tor Browser directory, navigate to Tor Browser -> Data -> Tor. In
there you’ll find Tor Browser’s torrc file.
On Mon, Nov 07, 2016 at
Look at the exact URLs of the pages that are indexed. They are Tor2Web sites
(onion.to, onion.link etc.), right? Those have always been indexed, nothing
special.
On Sat, Oct 01, 2016 at 11:20:51AM -0400, Kevin wrote:
> Has anybody else noticed that onion sites are starting to come up on Google
49 matches
Mail list logo
