Hi tor-talk,
I'm working as a consultant to a criminal defense lawyer who's
representing a defendant in a case involving Tor and an investigation
by U.S. law enforcement and foreign law enforcement.
In 2019 a foreign law enforcement agency claimed to identify the clearnet
IP addresses of a large
te
Very odd naming convention. It's kind of like
(random.choice(words) + " " + random.choice(words)).replace("a",
"").title().replace(" ", "")
... why no letter a?
--
Seth Schoen
Senior Staff Technologist https://ww
I know the dark web can be a terrible place, with content not suitable for
anyone, basically. Like illegal drug cartel, fake passports/IDs,creepy
websites, and generally all around messed up stuff. If you feel comfortable
talking about your experiences. Then, please reply to this Message.
--
ice congress -- which doesn't imply much about police agencies' or
legislators' agreement with this idea. We've heard similar language in
many countries and it hasn't necessarily led to prohibitions on privacy
tools.
--
Seth Schoen
Senior Staff Technologist https://www.eff.org
Seth David Schoen writes:
> if its operator knew a vulnerability in some clients' video codecs,
(or in some other part of Tor Browser, since the proxy can also serve
arbitrary HTTP headers, HTML, CSS, Javascript, JSON, and media files of
various types)
> it could also serve a malic
ore about how onion services work, or
showing YouTube that there's a significant level of demand for an
official onion service?
--
Seth Schoen
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Edd
I would like to know if you could, would you run a Tor node? If so, what
level?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Thank you for your response but, does it work with Duckduckgo too? Because
it works just fine when I use it and the Tor app has it on their page.
Thank You Nathan F., Seth
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https
I want to know how I can get orbot to send me an SMS or Email if something
isn't configured correctly or a bug occurs etc. P.S. I am somewhat new to
Tor being that I only have had it for less than a month so, please don't
make your response too complicated.
--
tor-talk mailing list -
n't realize they were running over Tor
would continue to send cookies from non-Tor sessions, and they would
continue to be highly fingerprintable.
--
Seth Schoen
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org
who are privacy conscious should already have done so
following several years of academic, journalistic, and commercial work
on this subject! :-(
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation
a lot of people
using the old TorButton setup definitely ran into this kind of problem.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA
duce the anonymity set a bit by
partitioning users into those who have the extension and those who don't
have the extension, as well those who currently have tokens remaining
and those who are currently out of tokens.)
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist
the Forum's membership thinks of the idea!
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--
tor-talk m
ay. But there's also a probability that someone else
starts interacting with you.
Some of these things will probably have to be studied in some depth in
order to have a hope of fooling really sophisticated adversaries with
synthesized online activity.
--
Seth Schoen <sch...@eff.org>
Senior S
for brief periods. Yet many of these attacks would
work at least some of the time against a pretty considerable amount of
Tor traffic.
I agree with your point that just having more random people run nodes
helps decrease the probability of success of several of these attacks.
--
Seth Schoen <sch...@eff
ere with OONI in some way --
especially since it's already led to published reports about specific
censorship events and practices in specific countries.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Founda
mething, which perhaps then suggests that non-bot
Tor users are up about 10% this month.
This still wouldn't reveal whether 60% or 95% of the non-solvers are
bots.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Found
be happy to ask CloudFlare if they'd be willing to share this data
(maybe in relative rather than absolute numeric terms, like "the number
of people successfully completing a CAPTCHA per day from a Tor exit
node on September 1, 2017 is x% of what it was on January 1, 2016").
--
Seth Schoen <
el free to access the .onion version of this site
while also believing that it's run by the same organization as the TLD"?
Presumably such an OID could be added by a CA without a new CA/B Forum
ballot because it's just asserting an additional check and not reducing
the CA's verification
spins up a Tor client by default to let users
> reach your webserver using whichever level of security they prefer.
Well, I'm still working on being able to write to the CA/B Forum about
this issue... hopefully we'll find out soon what that community is
thinking.
--
Seth Schoen <
be necessary to have
any form of this argument.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x10
?)
(2) What reasons do people have for wanting certificates that cover
onion names? I think I know of at least three or four reasons, but I'm
interested in creating a list that's as thorough as possible.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist
Suhaib Mbarak writes:
> Dear Seth Schoen:
>
> Thank you very much for your extremely appreciated answer:
>
> It seems that you were the most person who got what I'm looking for.
> To be honest I'm doing my best to find away to figure out how to achieve my
> goal to show
ypt it using
the keys that were logged by the modified client, showing exactly what
information can be seen by someone in possession of each secret key, and
conversely which keys are necessary in order to learn which information.
--
Seth Schoen <sch...@eff.org>
Senior
ep secrets.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--
tor-talk mailing
ide of a
useful contribution.
The Tor Project has actually thought about this issue a lot, if you're
very interested in it... there are probably other resources and
presentations that you could look at that further examine the issue.
--
Seth Schoen <sch...@eff.org>
Seni
a
circuit is operated by the same operator)
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--
t
s-are-reading-my-blog-they-arent/
(His article says that, while it's plausible that these attacks were
sponsored by the Russian government, the IP addresses involved don't
tend to prove that because many of them -- being Tor exit nodes --
could have been used by any attacker.)
--
Seth Schoen &l
Seth David Schoen writes:
> Notably, Google has even experimentally deployed a PQ ciphersuite
> in Chrome (that uses elliptic-curve cryptography in parallel with
> Alkim et al.'s "new hope" algorithm).
>
> https://security.googleblog.com/2016/07/experimenti
10-c1.pdf
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--
tor-talk mailing
ell and research continues to support this approach,
it should be standardized as a ciphersuite in TLS.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, Sa
the old design of the Tor Project web site (and
using "torbrowser" in the URL).
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francis
Jason Long writes:
> Are you kidding? Iranian relays are good in this scenario? Why?
Because they might be less likely to cooperate with ISPs in other
countries to track Tor traffic.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://ww
nk about and a good reminder that the Tor technology
isn't perfect. But I wouldn't agree with the idea that there's no point
in using Tor. Lots of people are getting an anonymity benefit from
using it all of the time.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist
or users use this or understand how to use it. Maybe it
could be made clearer and more convenient and integrated with the Tor
Browser interface in some way.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation
to know what the state of the
art is in padding attacks and defenses.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415
e users are who are using that particular bridge.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
but which are
effectively North Korean for surveillance purposes.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 4
some data that didn't seem significant at
the moment.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x1
ted in them.
So it's at least not a strategy that can scale very well.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +
e extra latency and
possible occasional reachability problems associated with the hidden
service connection.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San
ut it's
a nice tool that can handle a variety of use cases -- and should be
fully compatible with Tor Browser already.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
Fkqqrr writes:
> Oskar Wendel <o.wen...@wp.pl> writes:
>
> BTW, Does facebook has a onion version?
Probably one of the most famous onions, https://facebookcorewwwi.onion/.
See
https://lists.torproject.org/pipermail/tor-talk/2014-October/035421.html
--
Seth Schoen <sch.
difficult to find that nobody knows a single example!
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436
o have the same private key!
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--
tor-talk mailing lis
mpelled assistance? This
> project has the advantage of letting Tor clients spot anomalies in
> the Tor consensus documents should any of the DirAuths be
> compromised and it can be used for CAs too:
>
> https://github.com/dedis/cothority
I'll be happy to take a look at that.
--
Set
ncrypt, though we don't have the tools in
place for this yet.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 4
p-circumvention benefit of bridges, ideally,
comes in because censors don't know that their traffic is related to Tor.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
or Browser currently doesn't, or if the Disconnect developers
can think of one, it might be constructive to bring it up with the Tor
Browser developers, because they might be willing to consider adding it
as a standard feature for all users.
--
Seth Schoen <sch...@eff
Seth David Schoen writes:
> People also don't necessarily check it in practice. Someone made fake
> keys for all of the attendees of a particular keysigning party in
> 2010 (including me); I've gotten unreadable encrypted messages from
> over a dozen PGP users as a result, because t
Cain Ungothep writes:
> This is not just the "traditional" answer, it's the only proper answer.
There are other ideas out there too, like CONIKS.
https://eprint.iacr.org/2014/1004.pdf
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist
key
was real or because software auto-downloaded it for them without
checking the signatures.
If you did try to check the signatures but didn't already have some
genuine key as a point of reference, there's also this problem:
https://evil32.com/
--
Seth Schoen <sch...@eff.org>
Senior
APK file
there will cause it to be installed (if you've already set your settings
to allow non-Play Store app installs).
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.ef
Yes, or from DuckDuckGo's regular site.
https://duck.co/help/privacy/no-tracking
* The Bitcoin network is doing quite a bit more computation, in total,
than this per year, so it's actually conceivable that someone with a
very large amount of money to spend on custom hardware could do this.
So
ng to get people to believe that
> *they* are actually the duckduckgo .onion site?
Indeed, Juha Nurmi described earlier today that people are doing exactly
that right now, probably with some success.
https://lists.torproject.org/pipermail/tor-talk/2016-January/040038.html
--
Seth Schoen <sch...@e
Lucas Teixeira writes:
> Are there references for "real life" usage of traffic confirmation?
I've mentioned the Jeremy Hammond and Eldo Kim cases, which can be seen
as "good enough" coarse-grained correlation. I think there are others
if we look for them.
--
Seth
Oskar Wendel writes:
> Seth David Schoen <sch...@eff.org>:
>
> > As I said in my previous message, I don't think this is the case because
> > the correlation just requires seeing the two endpoints of the connection,
> > even without knowing the complete path.
he standard case, when compromised exit node have access to
> all the user data if HTTPS is not used.
That's definitely an improvement, although there's an issue in the long
run that the crypto in HTTPS is getting better faster than the crypto
in Tor's hidden services implementation.
See also
https://blog.torproject.org/blog/hidden-services-need-some-love
There might be some more hope in the future from high-latency services
(based on examples like Pond), or, based on what some crypto folks have
been telling me, from software obfuscation (!!).
--
Seth Schoen <sch...@eff.org&g
to get a certificate
for their sites because of these restrictions. (I'm grateful to Digicert
for their work on this -- the restrictions aren't their fault!)
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundatio
ich poses different
challenges from deanonymizing regular users. Attacks against hidden
services can be quite serious, but they only represent a small fraction
of the overall use of the Tor system.
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist http
be analogous to
DV, based on proof of possession of a cryptographic key from which the
name is derived).
--
Seth Schoen <sch...@eff.org>
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy S
outside of Europe),
while if you have several non-European nodes as guard nodes, you'll
tend to choose other nodes as exits (relatively more likely within
Europe, especially since that's where the fastest exits are).
--
Seth Schoen sch...@eff.org
Senior Staff Technologist
On Mon, 24 Aug 2015 09:26:58 -0700, Apple Apple
djjdjdjdjdjdj...@gmail.com wrote:
It's not a Debian specific problem. Even Security Conscious distros
like
Fedora only build a dozen or so key packages with pic and ssp because of
performance concerns. Address sanatizor is obviously out of the
to
help people use TLS on hidden services.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--
tor-talk
which
mechanisms to use, how can they know that the interpretation they give
to the names will be the same as end-users' interpretation?
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https
Alec Muffett writes:
Pardon me replying to two at once...
Thanks for all the helpful clarifications, Alec.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy
Flipchan writes:
Im wondering , have anyone got letsencrypt to work with a .onion site? Or is
it jus clearnet
For the reasons described elsewhere in this thread, it's definitely
just clearnet for the foreseeable future.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist
Qaz writes:
Hi there,
Yeah the title pretty much says it. How do I go about this?
tor-announce isn't a discussion list and the public isn't allowed to
send messages to it. The place where you can have public discussions
is tor-talk -- this list right here.
--
Seth Schoen sch...@eff.org
serious work and resources would have to go into pinpointing and
breaking said encryption?
I think it's reasonable to guess that cryptographic attacks would
be extremely expensive, so most prospective attackers today wouldn't
try them.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist
an attacker from simply claiming the same
identifier in Namecoin before the actual hidden service operator does?
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street
certificates can
be issued, which cost money, take time, and sacrifice anonymity of the
hidden service operator.
The best-known example of a hidden service that managed to navigate the
process successfully is
https://facebookcorewwwi.onion/
--
Seth Schoen sch...@eff.org
Senior Staff Technologist
On Thu, 30 Jul 2015 16:36:15 -0700, flapflap flapf...@riseup.net wrote:
http://arstechnica.com/security/2015/07/how-the-way-you-type-can-shatter-anonymity-even-on-tor/
says that apparently it's possible to deanonymise Tor users by analysing
their keystrokes in input fields of websites.
Is it
, but I don't know why.
Most users don't use GPG to verify their downloads -- probably much
fewer than 1%. If the download succeeds without interference, it isn't
technically necessary to verify it before using it. It's a security
precaution.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist
it?
Or is the replay problem a problem of wasting network resources rather
than fooling the peer into thinking a communication was repeated?
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org
for the use of network-layer features that aren't
present in today's Internet, so it might be hard to get a practical
deployment up and running at the moment.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation
the anecdote (which
I've seen in a few places) that Tibetan Buddhists who've received a lot
of malware are now practicing a new non-attachment principle.
https://www.yahoo.com/tech/hit-by-cyberattacks-tibetan-monks-learn-to-be-wary-of-102361885314.html
--
Seth Schoen sch...@eff.org
Senior Staff
Seth David Schoen writes:
If you read the original Tor design paper from 2004, censorship
circumvention was actually not an intended application at that time:
https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf
(Tor does not try to conceal who is connected to the network
understand exactly what HTTPS is and how
it protects them, and just see that Tor Browser stops being able to use
some sites that Internet Explorer can work with.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation
On Sat, 20 Jun 2015 06:43:37 -0700, Juan Miguel Navarro MartÃnez
juanmi.3...@gmail.com wrote:
El 20/06/2015 a las 10:18, Mirimir escribió:
Is Javascript always needed to get the number photo CAPTCHAs?
At least for me, it does 100% of the time:
No JS: Infinite unreadable CAPTCHA.
JS:
On Sun, 17 May 2015 04:26:41 -0700, Ben b...@gerbil.it wrote:
Minor Tweaks might be needed
-
There are some base assumptions that have already been made within the
site - Javascript has been used sparingly if at all, but setting up a HS
brings a few
controlled or monitored by the same entity.
Some more technical details are in
https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters
and probably other places.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic
?
Thank you for your insight.
Are they detecting non-public bridge traffic, or only normal entry
guards?
Detection and obfuscation is kind of a big topic that's been around for
some years, so there are a lot of possibilities.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist
from
that in the default Tor Browser.
People are _very_ interested in knowing about compromised CAs. So I
encourage people not to just assume that they're numerous and not bother
to use tools to detect them. :-)
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https
On Wed, 08 Apr 2015 01:07:26 -0700, gary02121...@openmailbox.org wrote:
How do I anonymize my phone? Yeah I have heard that phones are tracking
devices. I have to use my phone right now. If I have the money to buy a
replicant compatible phone, I will. I'm running on Android OS and I as
much as
On Sun, 22 Mar 2015 23:42:55 -0700, davidx drhard...@gmail.com wrote:
There were no specific download instructions for BSD on the Tor download
page that I noticed. The header is for Linux and BSD there. I would
gladly
write them up if I can get this to work.
Forgot to add that the source
On Sun, 22 Mar 2015 23:42:55 -0700, davidx drhard...@gmail.com wrote:
There were no specific download instructions for BSD on the Tor download
page that I noticed. The header is for Linux and BSD there. I would
gladly
write them up if I can get this to work.
I can see your point. For a
On Sun, 22 Mar 2015 06:38:40 -0700, D. R. Hardy drhard...@gmail.com
wrote:
Greetings,
I've been trying for several days to install Tor on OpenBSD 5.6 with
hopes
of setting up a relay.
OpenBSD uses the Korn Shell.
When I try to tar the downloaded Tor browser file I get:
(*tar xvJf
On Wed, 11 Mar 2015 20:58:05 -0700, Libertas liber...@mykolab.com wrote:
The FreeBSD forums and (IIRC) download servers do the same thing, just
dropping packets from Tor exits. Very annoying. I haven't got around to
emailing them about it yet.
I emailed the FreeBSD forum admin about this issue
that Tor developers don't necessarily support philosophically and that
would be challenging to sustain over time.)
Fourth, there are some other technical problems with having everyone be
a relay.
https://www.torproject.org/docs/faq.html.en#EverybodyARelay
--
Seth Schoen sch...@eff.org
Senior Staff
in their own
right, just as they were a lot of work on the Firefox side.
You can read about some of the customizations in the Tor Browser design
document at
https://www.torproject.org/projects/torbrowser/design/
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https
On Wed, 11 Feb 2015 23:35:03 -0800, grarpamp grarp...@gmail.com wrote:
We're not talking about books and soapboxing today, class. We're talking
about papers please being required for everything you do. Including,
among other things, your internet access at home, mobile, in the library,
coffee
On Tue, 10 Feb 2015 03:33:27 -0800, Lara lara@emails.veryspeedy.net
wrote:
grarpamp:
The NRA is 3.5M - 5.0M members strong. They turn $250M/yr from that
base (manufacturers too). They have little difference of opinion
in their ranks. They are good at crafting and pitching political
On Tue, 03 Feb 2015 21:28:42 -0800, Andrew Roffey and...@roffey.org
wrote:
I don't suppose one could purchase a dummy domain with Namecheap and
then ask them to sign a certificate for the real domain (with another
provider)? I suspect not, but please correct me if I'm wrong.
That's a damn
certificate verification.
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation https://www.eff.org/join
815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107
--
tor-talk mailing list - tor
On Tue, 03 Feb 2015 20:01:36 -0800, Andrew Roffey and...@roffey.org
wrote:
- there is a cost of obtaining HTTPS signatures.
Not certain if the deal is still being offered, but for quite a while you
could get a free TLS/SSL certificate good for one year when registering or
transferring a
_why_ the users didn't verify
the signatures -- there are tons of possible reasons. But it's clear
that most didn't, because the .asc file is so rarely downloaded.)
--
Seth Schoen sch...@eff.org
Senior Staff Technologist https://www.eff.org/
Electronic Frontier Foundation
On Mon, 02 Feb 2015 13:37:58 -0800, Paul Syverson
paul.syver...@nrl.navy.mil wrote:
The point was that there was a bunch of stuff we started doing at NRL
in 1995 we called onion routing including what we eventually called
Tor. Some people not at NRL designed, and in some cases built, other
On Fri, 30 Jan 2015 18:25:38 -0800, Mirimir miri...@riseup.net wrote:
How is that any worse than adversaries correlating traffic between your
ISP and entry guards with traffic between exit nodes and destinations?
He addresses VPNs and Tor about 45 min into the talk:
1 - 100 of 180 matches
Mail list logo