Re: [tor-talk] You Can Now Watch YouTube Videos with Onion Hidden Services
Im not the operator of the service but here are the advantages: - Youtube is made by a dick company to humanity called Google, which is funding their services by stealing/collecting users data. So the JS which is closed source in case of YB prevent you from watching the videos unless you allow the JS. in case of invidous the JS used already licensed and the source code you can find it here: https://invidio.us/licenses Plus you can watch the videos without the need to allow any JS. - Connecting to Youtube directly , then you are putting your security on the SSL/TLS encryption. Whereas using in invidous hidden services your security is through the Onion hidden services design more you can watch Roger Dingledine speech at defcon: http://kgg2m7yk5aybusll.onion/watch?v=Di7qAVidy1Y or just normal youtube link if you like https://www.youtube.com/watch?v=Di7qAVidy1Y - Its free software and the code is available for install/checkup. You are referring to FB which is completely the opposite of anything mentioned here. Hope that clarify the differences. Seth David Schoen: > bo0od writes: > >> This is another front end to YouTube: > > Hi bo0od, > > Thanks for the links. > > This seems to be in a category of "third-party onion proxy for clearnet > service" which is distinct from the situation where a site operator > provides its own official onion service (like Facebook's facebookcorewwwi, > which the company has repeatedly noted it runs itself on its own > infrastructure). > > Could you explain how this kind of design improves users' privacy or > security compared to using a Tor exit node to access the public version > of YouTube? In this case the proxy will need to act as one side of > users' TLS sessions with YouTube, so it's in a position to directly > record what (anonymous) people are watching, uploading, or writing -- > unlike an ordinary exit node which can at most try to infer these > things from traffic analysis. Meanwhile, it doesn't prevent YouTube > from gathering that same information about the anonymous users, meaning > that this information about users' activity on YouTube can potentially > tbe gathered by wo entities rather than just one. > > The proxy could also block or falsely claim the nonexistence of selected > videos, which a regular exit node couldn't do, and if its operator knew > a vulnerability in some clients' video codecs, it could also serve a > maliciously modified video to attack them -- which YouTube could do, but > a regular exit node couldn't. > > Are there tradeoffs that make these risks worth it for some set of > users? Maybe teaching people more about how onion services work, or > showing YouTube that there's a significant level of demand for an > official onion service? > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] You Can Now Watch YouTube Videos with Onion Hidden Services
I agree with Seth, this particular YouTube frontend/proxy seems to be more focused on offering an alternative viewing experience rather than privacy. One interesting thing I have noted which may improve privacy (but still does not outweigh the risk involved) is that this site provides video playback without requiring JavaScript, so it maybe suitable for general purpose use for users who do not wish to have JavaScript enabled. On 06/12/18 11:17 AM, Seth David Schoen wrote: > Seth David Schoen writes: > >> if its operator knew a vulnerability in some clients' video codecs, > (or in some other part of Tor Browser, since the proxy can also serve > arbitrary HTTP headers, HTML, CSS, Javascript, JSON, and media files of > various types) > >> it could also serve a maliciously modified video to attack them -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] You Can Now Watch YouTube Videos with Onion Hidden Services
Seth David Schoen writes: > if its operator knew a vulnerability in some clients' video codecs, (or in some other part of Tor Browser, since the proxy can also serve arbitrary HTTP headers, HTML, CSS, Javascript, JSON, and media files of various types) > it could also serve a maliciously modified video to attack them -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] You Can Now Watch YouTube Videos with Onion Hidden Services
bo0od writes: > This is another front end to YouTube: Hi bo0od, Thanks for the links. This seems to be in a category of "third-party onion proxy for clearnet service" which is distinct from the situation where a site operator provides its own official onion service (like Facebook's facebookcorewwwi, which the company has repeatedly noted it runs itself on its own infrastructure). Could you explain how this kind of design improves users' privacy or security compared to using a Tor exit node to access the public version of YouTube? In this case the proxy will need to act as one side of users' TLS sessions with YouTube, so it's in a position to directly record what (anonymous) people are watching, uploading, or writing -- unlike an ordinary exit node which can at most try to infer these things from traffic analysis. Meanwhile, it doesn't prevent YouTube from gathering that same information about the anonymous users, meaning that this information about users' activity on YouTube can potentially tbe gathered by wo entities rather than just one. The proxy could also block or falsely claim the nonexistence of selected videos, which a regular exit node couldn't do, and if its operator knew a vulnerability in some clients' video codecs, it could also serve a maliciously modified video to attack them -- which YouTube could do, but a regular exit node couldn't. Are there tradeoffs that make these risks worth it for some set of users? Maybe teaching people more about how onion services work, or showing YouTube that there's a significant level of demand for an official onion service? -- Seth Schoen Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] You Can Now Watch YouTube Videos with Onion Hidden Services
This is another front end to YouTube: Clearnet: https://invidio.us Onion V2 Mirror: http://kgg2m7yk5aybusll.onion/ Onion V3 Mirror: http://axqzx4s6s54s32yentfqojs3x5i7faxza6xo3ehd4bzzsg2ii4fv2iid.onion Special Thanks to Omar Roth for making this happen. Source Code: https://github.com/omarroth/invidious -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Next Tor Browser release?
On Wed, 05 Dec 2018, Nathaniel Suchy wrote: > When do we expect the next stable Tor Browser to be released? Tor Browser is released on the same day as Firefox: https://wiki.mozilla.org/Release_Management/Calendar So the next one will be on 2018-12-11. Nicolas -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] What keys does Tor use in client mode
The keys changing is to avoid a guard from knowing you’re the same user from a new IP. The keys help encrypt communication between you and the Tor Network. I’m not sure about the technical specifics, maybe someone else is but that’s a high level overview :) Cordially, Nathaniel Suchy Dec 4, 2018, 7:28 PM by s...@sky-ip.org: > Hello, > > According to > > /tor/src/core/mainloop/connection.c > > Lines 4700 - 4710: > > /* The interface changed. We're a client, so we need to regenerate our > * keys. First, reset the state. */ > log_notice(LD_NET, "Our IP address has changed. Rotating keys..."); > tor_addr_copy(*last_interface_ip_ptr, _addr); > SMARTLIST_FOREACH(outgoing_addrs, tor_addr_t*, a_ptr, tor_free(a_ptr)); > smartlist_clear(outgoing_addrs); > smartlist_add(outgoing_addrs, tor_memdup(_addr, > sizeof(tor_addr_t))); > /* We'll need to resolve ourselves again. */ > reset_last_resolved_addr(); > /* Okay, now change our keys. */ > ip_address_changed(1); > > What kind of keys does Tor use in client mode, and why are they rotating > when an interface changes, or the IP address of an interface? How are > they related to the interface or IP address? > > Asking if there is something more I should know here, wrt this. I was > unaware of any keys used in client mode. > > Thanks. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Next Tor Browser release?
When do we expect the next stable Tor Browser to be released? Cordially, Nathaniel Suchy -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk