[tor-talk] TLS-SNI

Now that "Let's Encrypt" has highlighted the issue of TLS-SNI, I'm wondering how Tor handles it now and will change to accommodate? Reference: https://tools.ietf.org/html/draft-ietf-tls-sni-encryption-03 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other

Re: [tor-talk] tor-talk Digest, Vol 88, Issue 13

> Message: 1 > Date: Mon, 14 May 2018 19:01:32 -0800 > From: I > To: tor-talk@lists.torproject.org > Subject: [tor-talk] PGP fiddly-diddly - action required > Message-ID: <9cd1ba536d3.0641beatthebasta...@inbox.com> > Content-Type: text/plain; charset=US-ASCII > >

Re: [tor-talk] Getting de-anonymized with SSH (J. S. Evans)

It can be complicated. Tor itself provides a multi-hop anonymizing TCP connection, however what your application may or may not do outside of Tor is uncontrolled, this is why the Tor Browser is recommended for use instead of simply proxying your regular browser through Tor, TBB is designed to

Re: [tor-talk] New Document: Building a "Proof of Concept" Onion Site

Offtopic. As I understand, Onion websites are for website owners who wish to be anonymous. If an owner of an Onion website published a similar HTTP website, that owner pretty deanonymized himself/herself via the IP address, the domain name, etc, of the HTTP website. The same applies if you

Re: [tor-talk] Anonymous SSH Hack.

Sorry for going off-topic. Do you provide a formal definition of a hack? On 12.09.16 15:29, Andrzej Wysocki wrote: hello, i am an amateur hacker, but i wish to work in the Cyber Security in the EU NATO Structure, probably in a small Company or a Corporation soon. i've written an article

Re: [tor-talk] New relays and bridges.

myself and encouraging others to do the same across various platforms. Good luck. the Tor Browser is a very user friendly *client* interface. But when tor.exe got integrated into the Tor browser, windows users (at least me) have not been able to set up relays. I would like to use a TBB version

Re: [tor-talk] New Pluggable Transports

"Firefox can't establish a connection to the server at sensorbib.nymity.ch." On 19.08.16 05:28, Justin wrote: Hi, I think Dpi boxes are fingerprinting OBFS4 because of it’s randomness. A paper was published a wile ago that talked about the same type of attack. It’s on

Re: [tor-talk] Starting up new tor bridge

Great news! Beware that when a bridge's address becomes known to many people, it becomes known to censors. So it's better to give the address only to trusted people. On 19.08.16 20:00, Marina Brown wrote: Sorry i can't start up a full relay right now but i have started a bridge. Maybe later

Re: [tor-talk] Am I successfully using Torsocks, SSH, and a VPS? Please advise, thanks!

On 08.08.16 13:55, blo...@openmailbox.org wrote: I, like many other uses of Tor, have become increasingly frustrated with sites like Craigslist which discriminate against Tor. It makes these sites hard to use. I therefore decided to discover if it is possible to use Tor but end up with a

Re: [tor-talk] Cloudflare reCAPTCHA De-anonymizes Tor Users

On 19.07.16 12:42, grarpamp wrote: The only non-public prerequisite for the de-anonymizing entity is the ability to monitor traffic between ISPs and Tor entry nodes, and traffic entering Cloudflare servers (no decryption required in either case). How is this different from the correlation

Re: [tor-talk] webmail send while using TOR is tagged as spamends up in spam

Hello. On 19.07.16 08:13, Friet Pan wrote: i use yahoo to mail with mailinglists but i use TOR to connect to yahoo. tuns out that all my posts now end up in everyones spam folders. Is this because the tor exitnodes are used by spammers? or is every mail that was send from a TOR user falsely

Re: [tor-talk] FBI cracked Tor security

crack the servers hosting the illicit material, not Tor itself. It's still unclear to me whether there is a vulnerability in Firefox, in Tor Browser, or in Tor. There are frequently vulnerabilities in hosting services - content platforms, web forums, third-party Javascript libraries, file u

Re: [tor-talk] What prevents China from manually requesting bridges and than blocking them?

laziness ;-) On 08.07.16 18:49, gdfg dfgf wrote: They could employ a bunch of people whose job would be to go to https://bridges.torproject.org/ request bridges, solve captchas and add bridges to the block list and request bridges over gmail. I asked this question before and the answer

Re: [tor-talk] tor with vpn

"This connection mode works *ONLY* with AirVPN Client." Thus this is sensible only if you trust the source code of AirVPN Client. On 05.07.16 08:37, Solokov wrote: If you're using AirVPN, check it out: https://airvpn.org/tor/ message: Readers, Can someone please explain if it is possible

Re: [tor-talk] tor with vpn

On 04.07.16 11:48, message wrote: Readers, Can someone please explain if it is possible to use tor with a vpn? The reason is to overcome tor nodes being banned by certain service providers (in this example a blog host). You can connect through Tor and (HTTP or SOCKS proxy, but not VPN) by

Re: [tor-talk] Recent news stories regarding Tor

It's pretty sly, though, not to include Appelbaum's name in the topic. Mail filters will not work, for example. On 29.06.16 12:49, Allen wrote: Can we please stop with this topic? Done. Fini. Banned. Banished. Barred. Excluded. No more. Thank you. On Tue, Jun 28, 2016 at 11:12 PM,

Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

On 24.06.16 16:08, I wrote: Is this list for all Tor people or just USA? Subject: Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer You can post news about your country. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change

Re: [tor-talk] Reminder to stay on-topic

On 24.06.16 06:37, Griffin Boyce wrote: I've been fairly surprised that the response has been almost entirely positive. The 45-post thread on cypherpunks where Zenaan Harkness called me a "fake man" (classy) notwithstanding. And is Zenaan banned? No. Is grarpamp or most of

Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

On 24.06.16 09:19, grarpamp wrote: The EFF reports that a federal court in Virginia today ruled that a criminal defendant has no "reasonable expectation of privacy" in his personal computer (PDF), located inside his home. The court says the federal government does not need a warrant to hack into

Re: [tor-talk] 2 hop mode for people that only want to use Tor for censorship circumvention to conserve bandwidth and decrease latency?

On 13.06.16 00:26, Ivan Markin wrote: Roman Mamedov: You don't even need 2 hops in this case. Why not propose 1-hop? I guess you do. A censor can just block all the exit nodes (the Tor network has hardly 1000 exits). It is not going to help you. It's worth to separate bridges and exits so you

Re: [tor-talk] Please filter "Appelbaum"!!!!!

On 11.06.16 13:10, Zenaan Harkness wrote: On Sat, Jun 11, 2016 at 12:47:34PM +0300, 4torlist2 wrote: Tired of reading bullsh*t about Appelbaum! If he did what it is said, should In my mail program I setup a filter on the word "Appelbaum", messages with it are automatically trashed. But that

[tor-talk] Can we have less of Jacob Appelbaum here, please?

Hello, people. Sincerely, I'm tired of this flood of threads. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Mute a particular thread

In Thunderbird, I switch to "Display message threads", collapse a thread, and "Context Menu/Mark/As Read". On 02.06.16 08:02, Blake Hadley wrote: Is there a way to mute or unsubscribe from a particular thread without unsubscribing from the entire mailing list? Sorry, I'm not very experienced

Re: [tor-talk] Browserprint fingerprinting website

that the tests have problems. I zoom and change window size often, and they are reset when the browser starts. I think they rather prevent tracking me. But your site tells that my fingerprint is unique because of them. Maybe, exclude those parameters? On 07.06.16 07:04, cube wrote: Yes, the TBB

Re: [tor-talk] The Aqua design

On 08.06.16 00:02, Philipp Winter wrote: On Sun, Jun 05, 2016 at 02:34:22PM -0400, grarpamp wrote: You need fulltime regulated fill traffic, within which, your traffic resides. However, Aqua cannot protect against long-term intersection attacks and the authors haven't really thought about

Re: [tor-talk] Browserprint fingerprinting website

I zoom and change window size often, and they are reset when the browser starts. I think they rather prevent tracking me. But your site tells that my fingerprint is unique because of them. Maybe, exclude those parameters? On 07.06.16 07:04, cube wrote: Yes, the TBB and IceCat handle screen

Re: [tor-talk] Browserprint fingerprinting website

Hi. I pushed the "fingerprint me" button. Browser Characteristic | Number of occurrences | one in x browsers have this value | value Screen Size and Colour Depth | 1 | 217 | 583x467x24 It seems that this parameter depends on the zoom, as well as "Character Sizes".

Re: [tor-talk] Security Analysis of Instant Messenger TorChat

"TorChat processes contact requests and updates the contact list without asking the user's consent." "An attacker can exploit this to add arbitrary contacts to the victim's contact list. . ." OMG, does any IM client allow this? On 11.05.16 17:00, Arnis wrote: FYI:

Re: [tor-talk] 'Refresh tor browser' - and then it wasn't one anymore.

I have a similar question. Is it possible to turn off updates which TBB does by itself? I would rather update from the Linux repository. On 04.05.16 08:00, Andreas Krey wrote: Hi all, I just had the TBB ask me something to the lines of 'refresh tor browser?', and I sleepily said yes, and now

Re: [tor-talk] 1 Million People use Facebook over Tor

few more grants from the pentagon. My little story. Facebook banned me after a month of use. I never logged in via Tor. I was not told the reason for the ban. I guess it's because I didn't use my real name. Anyhow, thank you for providing us your Onion website! :-) Then suddenly Iran

Re: [tor-talk] Crowd Sourced Protest Of Cloudflare

On 29.03.16 20:14, Joe Btfsplk wrote: On 3/29/2016 6:01 AM, m...@beroal.in.ua wrote: On 29.03.16 07:23, CANNON NATHANIEL CIOTA wrote: https://www.reddit.com/r/TOR/comments/4cdx30/crowd_sourced_protest_of_cloudflare/ I simply don't visit a website if Cloudflare gets in the way. Agree -

Re: [tor-talk] Crowd Sourced Protest Of Cloudflare

On 29.03.16 07:23, CANNON NATHANIEL CIOTA wrote: https://www.reddit.com/r/TOR/comments/4cdx30/crowd_sourced_protest_of_cloudflare/ I simply don't visit a website if Cloudflare gets in the way. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go

Re: [tor-talk] How to get informed about syntax errors in "torrc"? Logfile?

On 17.03.16 09:09, Ben Stover wrote: Assume I wrote some instructions into "torrc" file with wrong syntax. How do I get informed about this mistake? Is there a logilfe? Can I enable a warning prompt? Or are such invalid instructions simply silently ignored? Ben If you are using

Re: [tor-talk] Time for p2p, content addressed, pre-emptively cached web pages - Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic

On 28.02.16 15:40, Александр wrote: m...@beroal.in.ua You mean instead of an expected webpage you see a CAPTCHA? Yes i do. Moreover, it is an endless captcha (you hit the right combination, but you get a new one) OR a series of captchas that you just can't read. Of course, one can play with

Re: [tor-talk] Time for p2p, content addressed, pre-emptively cached web pages - Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic

On 28.02.16 01:25, Zenaan Harkness wrote: Perhaps someone can design something to counteract the CIA and NSA's Cloudflare tool? Evidently we need a better way to read our news and blogs. Cloudflare is getting to pervasive.

Re: [tor-talk] Time for p2p, content addressed, pre-emptively cached web pages - Tor Project Accuses CloudFlare of Mass Surveillance, Sabotaging Traffic

On 28.02.16 06:42, Александр wrote: oh, cloudfare... i HATE it. It sabotages my surf on Tor almost every time (with some specific internet addresses). Their aim is to cover most of the internet -> you just can't use Tor for peaceful surfing. You mean instead of an expected webpage you see a

Re: [tor-talk] Tor for everyone; introducing Eccentric Authentication

On 25.02.16 01:26, Guido Witmond wrote: On 02/24/16 23:26, juan wrote: On Wed, 24 Feb 2016 23:04:39 +0100 Guido Witmond wrote: My drive is to make key exchange happen as a natural part of normal interactions between people. So teach people how to exchange keys.

Re: [tor-talk] Tor for everyone; introducing Eccentric Authentication

On 23.02.16 20:31, Guido Witmond wrote: The answer is to let strangers - who never met before - exchange public keys in a verifiable way. This very statement makes no sense to me. Verifying strangers? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other

Re: [tor-talk] Tor for everyone; introducing Eccentric Authentication

Hi. I still don't understand what is the use of this contrived scheme. On 22.02.16 23:03, Guido Witmond wrote: Dear Tor community, I came across this message[1] about Shari Steele wanting to bring Tor to the mainstream. I humbly believe I have something that might assist her in this quest. I

Re: [tor-talk] Concerns about the Quora Community regarding Tor

On 18.02.16 15:11, Nathaniel Suchy wrote: There are 650 questions even regarding Tor. I am working on writing answers with technical information however it takes time. Hello. 650 questions --- I think you should be paid for this. :-) -- tor-talk mailing list - tor-talk@lists.torproject.org To

Re: [tor-talk] How to make the Tor service to stop faster?

On 15.02.16 20:48, Ken Cline wrote: Killing tor can leave them in that FIN_WAIT_2 state in which they cannot be killed It's rather an OS flaw. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to

Re: [tor-talk] Does Tor support ControlSocket?

On 15.02.16 14:07, nusenu wrote: m...@beroal.in.ua: Hi. Some old discussions on "stem" and "vidalia" suggest that Tor may be controlled via a Unix domain socket. This seems like a good way to control Tor on Unix; I just need to add a user who will control Tor to the "tor" group. But I can't

Re: [tor-talk] Does Tor support ControlSocket?

Thank you for your answer. I looked into "torrc"; I though it describes all options. On 15.02.16 14:07, nusenu wrote: m...@beroal.in.ua: Hi. Some old discussions on "stem" and "vidalia" suggest that Tor may be controlled via a Unix domain socket. This seems like a good way to control Tor on

[tor-talk] Does Tor support ControlSocket?

Hi. Some old discussions on "stem" and "vidalia" suggest that Tor may be controlled via a Unix domain socket. This seems like a good way to control Tor on Unix; I just need to add a user who will control Tor to the "tor" group. But I can't find anything like a documentation. -- tor-talk

Re: [tor-talk] Hidden Service and exit circuit questions?

My primary question is about the established exit circuits. If the exit circuits are established, as they are by default, can an exit node initiate contact with my HS without ever going through a rendezvous or even knowing the onion address by simply using the pre-established circuit? --

Re: [tor-talk] Hidden Service and exit circuit questions?

can an exit node initiate contact with my HS without ever going through a rendezvous No, there is a handshake process needed to establish a Tor connection between the two machines, and that handshake only works through the rendezvous point. See

Re: [tor-talk] Hidden Service and exit circuit questions?

Anyone? Thanks! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Hidden Service and exit circuit questions?

. This leads me to a couple of questions: #1 Is excluding all exits a reasonable or good thing to do? #2 Given that exit circuits are normally pre-established, is it theoretically possible for an exit node to use its pre-established circuit with my HS to establish a connect without having the HS encryption

Re: [tor-talk] Hidden Services Questions (mostly) Please?

Thank you! -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Hidden Services Questions (mostly) Please?

Bare with me as I ramble my way toward hidden services. First a plain server connect: Assuming a simple web client using Tor to contact a normal web page, NOT HTTPS for simplicity. Client = Node A = Node B = Node C - HTTP Server Node C (exit) sees unencrypted traffic to the server and can

[tor-talk] In response to the many posts about Startpage and Duckduckgo not working in the Tor Browser Bundle,

I seriously doubt they are blocking or limiting Tor Traffic as I have Orbot and Orweb running on my Android phone right now and it loaded Ixquick in seconds, it then loaded Startpage in seconds, and finally DuckDuckGo loaded in mere seconds. I seriously doubt they are blocking Tor and you

[tor-talk] RTT measuring tool

I am looking for an RTT measuring tool between any two internet hosts mainly between some Tor relays(of my choice), just wondering if there are any you can refer me to ? thanks in advance. -- A.C ___ tor-talk mailing list tor-talk