On 2/12/2012 10:41 AM, Brian Franklin wrote:
Unknown makes a good point. The options should be set globally for all users of
the Tor Bundle to avoid any profiling. Those who have a need for further
configuration do so at their own risk.
Good point. Originally, at least part of the Tor
On 2/12/2012 3:00 PM, Patrick Mézard wrote:
For me, a more basic question is whether installing extensions from a
fresh Tor installed is (sufficiently) safe. I do not know the details
of the process but it probably involves some HTTPS connections to
addons.mozilla.org. If the exit node can
On 2/12/2012 6:53 PM, Ted Smith wrote:
The problem I see in Tor adopting AdBlock as a default-installed
plugin is that it allows the controller of that list to censor
websites without oversight. I think if AdBlock is installed by default
in the Tor Browser Bundle, the list configured should be
On 2/12/2012 7:39 PM, AK wrote:
I think Ghostery + Adblock Plus + No Script is overkill. Choose one. They
all pretty much do the same thing. Block nasty javascript. No Script seems
appropriate for the Tor Browser due to it's default aggressive stance on
any javascript.
But just curious, which
On 2/21/2012 9:41 AM, Mr Dash Four wrote:
Would be interesting to find out which particular aspect of your
configuration
is leading to that error message.
That is not the issue - the fact that startpage is snooping to see
whether I use privacy-oriented browser extension should be
On 2/21/2012 4:58 PM, Greg Kalitnikoff wrote:
Check this out
http://privatelee.com/
Thanks. Will have a look.
Tor-talk list administrators: Though this isn't church or a bible
study, there's really no reason for a list subscriber to berate other
subscribers basically spam the list by
On 2/25/2012 3:23 PM, Chris Wheeler wrote:
Joe, I don't think that the order that the packet are sent
and received from the exit relay really changes the ease of correlation,
since they will arrive to the other end of the network in the same order.
1st, thanks for reply. You misunderstood (I
On 3/9/2012 9:17 AM, Tor User wrote:
Hi,
I was always wondering why I get the following pop-up message when
downloading a file. And it does not happen all the time. Why it says that
an external app is needed when only opening the download window?
*An external application is needed to
On 3/19/2012 1:11 PM, clarissabryant wrote:
On Mon, 19 Mar 2012 14:51:17 -, m...@tormail.net wrote:
Wow, Anonymous! Wow, what an amazing, bug.
Drama. Clearly exposing your own browsing on your own file system on
your own computer is a conspiracy of epic proportions. If the
existence of
Do others find that Aurora (no longer says Aurora) has almost the same
orange color as Firefox for main menu button, to be confusing, when have
TBB Firefox both open (I believe the UI element name is
appmenu-button.)?
I'm unable to correctly edit the userChrome.css file in TBB profile, to
On 3/22/2012 11:28 AM, Joe Btfsplk wrote:
Do others find that Aurora (no longer says Aurora) has almost the same
orange color as Firefox for main menu button, to be confusing, when
have TBB Firefox both open (I believe the UI element name is
appmenu-button.)?
I'm unable to correctly edit
On 3/25/2012 6:16 PM, Andrew Lewman wrote:
On Sun, 25 Mar 2012 19:14:54 +
James Brownjbrownfi...@gmail.com wrote:
How cat that nice video
https://media.torproject.org/video/2009-install-and-use-tor-browser-bundle.ogv
play in TBB when my plagin Shockware Flash is disable?
We use ogg
On 3/25/2012 10:56 PM, Andrew Lewman wrote:
On Sun, 25 Mar 2012 20:37:55 -0500
Joe Btfsplkjoebtfs...@gmx.com wrote:
Don't you have to opt in to the html5 videos (or technology), thus
meaning creating an acct on (youtube)? Or has that changed?
No, you do not have to login to youtube, nor even
On 3/26/2012 12:10 PM, Seth David Schoen wrote:
TBB deletes cookies when you quit it... It's true that Google can use
cookies to track a particular Tor user within a TBB session, including
from one Google site to another.
Thanks for the input. My point exactly. Most users aren't going to
On 4/12/2012 1:15 PM, BlueStar88 wrote:
Am Thu, 12 Apr 2012 12:24:10 -0400
schrieb David H. Lipmandlip...@verizon.net:
From: punkle jonespunkle.jo...@gmail.com
No offence, but you may better pull the plug...
Just because you're paranoid doesn't mean they're not watching you.
Paranoia is
On 4/14/2012 2:29 PM, hepta tor wrote:
Hi
the IP anonymity test at http://ip-check.info/ suggests that
browser.cache.memory.enable should be set to 'false'. in TBB from
about:config I set it to false but on every restart it is set again to
'true' (however this is not the case for
On 4/16/2012 12:58 PM, AK wrote:
I think this should work:
1) Remove the lines:
BrowserDirectory=.
BrowserExecutable=firefox
from Data/Vidalia/vidalia.conf
2) Add the line
SocksPort 9050
to Data/Tor/torrc
3)./App/Firefox/firefox -P no-remote
and create and run a new profile with
Make sure it's not getting filtered as spam by your ISP. That happened
to me. I just added Tor-talk to my address book.
On 4/21/2012 2:55 PM, eliaz wrote:
This is just a test; please ignore it. Since I changed my tormail
address from .net to .org resubscribed to tor-talk from the new
On 4/23/2012 2:38 AM, Roger Dingledine wrote:
Tor 0.2.3.14-alpha fixes yet more bugs to get us closer to a release
candidate. It also dramatically speeds up AES: fast relays should
consider switching to the newer OpenSSL library.
https://www.torproject.org/download/download
Where is
Many other list subscribers I hounded on dropping Google as default
search engine in Tor Browser. Some didn't get why, were opposed or had
no opinion. Mike Perry announced in the Trac change request that now
StartPage will be the default search engine. Some won't agree w/
dropping Google as
On 5/3/2012 12:52 PM, crowman99 wrote:
please UN-subscribe me to your mailing list thank you
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Follow the link unsubscribe yourself. Very easy.
___
tor-talk mailing list
On 5/9/2012 6:56 PM, Elena Johnson wrote:
I have a feeling other newbies might benefit. 3 questions below (if tor-talk is
not appropriate for these questions, PLEASE let me know what the appropriate
contact is) .
I have read the FAQ's, much documentation, and searched the broader web but
On 5/10/2012 3:45 PM, Andrew Lewman wrote:
On Wed, 9 May 2012 17:56:34 -0600
Elena Johnsonmmai...@hotmail.com wrote:
1) Can I ANONYMOUSLY allow scripts for hotmail, gmail and yahoo mail
using Tor browser?
The answer is here,
https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled
On 5/11/2012 7:21 AM, Maxim Kammerer wrote:
On Fri, May 11, 2012 at 2:36 AM, Joe Btfsplkjoebtfs...@gmx.com wrote:
Isn't this approach very much a double edged sword? From the link:
However, we recommend that even users who know how to use NoScript leave
JavaScript enabled if possible,
On 5/13/2012 11:57 AM, Aaron Whiteman wrote:
Hi,
Further to yesterday's e-mail, here are some detailed logs which explain my
problem.
Is the problem circuit_build_times_set_timeout_worker(): and, if so, how to
deal with it.
The logs below should a non-VPN connection (connection via a VPN
Is there any anonymity / fingerprinting issue(s) w/ extension shipped w/
TBB auto updating during a Tor session?
Default setting in TBB in Addons Extension under drop box, Update
Add-ons Automatically is checked.
Do No Script, HTTPS Everywhere, TorButton automatically update when the
On 5/14/2012 3:52 PM, Mike Perry wrote:
Let's continue speculating instead of reading any documentation.
That's totally a productive use of everyone's time.
https://www.torproject.org/projects/torbrowser/design/#new-identity
On 5/16/2012 1:37 AM, Roger Dingledine wrote:
On Tue, May 15, 2012 at 11:31:22PM -0700, Jaime wrote:
I do not wish to continue receiving emails from you thank you
___
tor-talk mailing list
tor-talk@lists.torproject.org
On 5/16/2012 1:20 PM, Aaron Whiteman wrote:
I can no longer connect to the Tor Network. I used to be able to use it
perfectly well.
I would be very grateful for any help. I've spent several hours trying to deal
with this issue!
My ISP has either irrationally started to block Tor or there
Socks listener listening on port 50364
Is this correct? Shouldn't it be Socks listening on port 9050; control
listener on port 9051 - or does that matter?
It appears that the SOCKS port is now random for the Tor Browser Bundle.
Starting when? I'm using 2.2.35-11 the only thing in my unedited
On 5/19/2012 5:51 PM, Mike Perry wrote:
Admittedly, we're in a similar position with Mozilla (which is one of
the reasons I prefer them over Google for a fork base).
You're not serious, that anyone would ever consider Chrome for one
second, to adapt for any project that had privacy (or
On 5/19/2012 5:00 PM, Mike Perry wrote:
If you prevent the associated identifier transmission and
fingerprinting issues, web beacons do not link your activity on one
url to another. If we prevent identifier transmission and
fingerpritning, web beacons will see both visits, but they do not know
On 5/19/2012 9:17 PM, Mike Perry wrote:
I'm confused. What vectors do you belief remain that we have not
covered a few dozen times in this thread and others? You smell a lot
like a timewasting troll... I'm trying to help you understand what
we're doing because I think it's important for
Has anyone successfully created a GMX email acct using Tor? It won't
work for me - just get Sorry, cannot process registration at this time.
At lst, it wouldn't let me copy / paste PW twice - 2nd box showed diff #
of asterisks gave PWs don't match error. That session timed out on me.
I set
On 7/31/2012 7:26 PM, jed c wrote:
This is a wacky idea. No harm in trying though. How about trying something like
hidemyass through tor? I know it doesnt really provide anonymity, but maybe it
will mask your location long enough to open an account. If you can open the
account then reset your
On 8/1/2012 1:56 PM, adrelanos wrote:
If you connect to Tor first, then visit hidemyass or similar and then
register, if you do that only once, I see no problem with that as long
you only use it for registration and not entering identifying data.
Note that hidemyass or similar will know the
On 8/1/2012 3:04 PM, Jerzy Łogiewa wrote:
I have 1 idea for this
Why cannot tor be used in such a way: as a home user, i am willing to let tor
users use my connection for a few sites. gmail gmx and other mail sites for
example.
Can we have some option that lets home tor users share their
On 8/1/2012 4:45 PM, adrelanos wrote:
Got it. Good point. There has been very few research done on that
subject. Always makes sense to use a trustworthy mail provider as an
activist instant of a non-trustworthy. Even if you use GPG. They can
still try a targeted attack on your browser of tell
On 8/2/2012 11:07 AM, anu nivas wrote:
Hello,
I would like to know how IP addresses are generated by Tor. If I use Tor ,
is there a chance that my IP address would be assigned as proxy address of
another Tor client?
If you mean, a chance that your REAL ISP - assigned address; assigned to
your
On 8/1/2012 9:17 PM, grarpamp wrote:
Riseup has been recommend by (imho) trustworthy and honest people.
RiseUp is that place that makes you fill out *why* you want
one of their free accounts, your activism. What do you guys put in there?
Can you just leave it blank? Or say 'not applicable',
no
On 8/2/2012 6:04 PM, Douglas Lucas wrote:
I use riseup. My current storage quota -- which I believe would be
yours, were you to sign up -- is 92 MB. Riseup says the storage
quota fluctuates a bit and might go up in the future. I think you
can also request a higher quota if you have good reasons.
:
On Thu, Aug 2, 2012, at 23:19, Joe Btfsplk wrote:
So, big surprise, lots of people are using Tor addresses then doing
crap to give it (certain addresses, anyway) a bad name get blacklisted.
I guess that is an example of taking things out of context. A lot of
people give ISPs a bad name. A lot
On 8/3/2012 1:08 PM, antispa...@sent.at wrote:
Good to know, but how? How'd you create Gmail acct w/ Tor not give mobile #?
How did you get GMX to accept a Tor address (got lucky?).
Hahaha
Haha??? :(
how long / how much effort did it take; what techniques were used? Did some
just get
I guess GMX just has no interest in helping honest, hard-working whistle
blowers out. Their loss. They may just block many Tor exit nodes,
cause I'm pretty sure everything in Tor was perfect Even turned off
NoScript.
Another popular provider was happy to sign me up via Tor, anxious to get
On 8/4/2012 5:11 AM, dumbnewbie wrote:
The only way I've been able to create a Gmail account recently was through an Android
tablet. I installed Orbot and Orweb APKs so all traffic was through Tor at the time, then
created the account through Settings Acounts Sync Add Account. I was
On 8/4/2012 2:00 PM, Juan Garofalo wrote:
For what it's worth, I created a gmail account last week from my home,
ordinary internet connection, argentina, and the phone # was not
needed. But maybe that was because my IP was 'legitimate'?
That's a very interesting question / comment. Also
1st, this isn't a GMX thing, although their (canned, I believe)
replies to support questions, got me to wondering in a much broader way
- what are overall effects of any exit node IP address being on even 3
or 4 blacklists out of ~ 75 blacklist sites?
On 8/5/2012 4:56 PM, Joe Btfsplk wrote:
1st, this isn't a GMX thing, although their (canned, I believe)
replies to support questions, got me to wondering in a much broader
way - what are overall effects of any exit node IP address being on
even 3 or 4 blacklists out of ~ 75 blacklist sites
On 10/11/2012 3:07 PM, Kamtarin Sorood wrote:
*
Hello
I don't know what is the reason for your insistence on using FireFox
bundled into Tor browser package
while privacy and maximum security is not the case.
After lunching bundled FireFox and showing welcome screen you can minimize
that
and
Most everyone's read the advice about not using extra addons / plugins
in TBB, due to possible anonymity leaks. I understand.
TBB is already slow, which is understandable. Using stock TBB that
allows ads possibly other items increasing bandwidth is far slower on
many sites - even news sites
On 11/2/2012 10:29 PM, k e bera wrote:
I'm not sure why there would be leaks with ABP. Afaik it doesnt send
information. However it does update its blocklists which might be
language-specific, which splits the anonymity set (if i understand the
concept). Regarding use of ABP itself among
Using Win TBB 2.2.39-5. Noticed a popup from Tor, saying a particular
port was being used by an application that could leak info. Besides
that SAME port #, that many pop ups repeatedly mentioned, noticed many
similar warnings in the Tor log.
Investigated several warning addresses in my FW /
On 11/3/2012 6:15 PM, Joe Btfsplk wrote:
Follow up. Noticed that almost every address listed as a WARNING in
Tor log, as _possibly leaking my destination_, was the address of a
relay that was in process of or had just been closed - best I could tell.
For the last relay in the network map
On 11/4/2012 9:40 AM, House Nigga wrote:
Hi. Why does the Firefox browser in the torbundle constantly reset the home
page to the tor test page?
Why does Noscript 2.5.8 in options-advanced tab-do not filter objects coming
from these sites, not let you remove .hulu.com and .youtube.com?
Aren't
On 11/4/2012 5:45 AM, and...@torproject.is wrote:
On Fri, Nov 02, 2012 at 01:06:50PM -0500, joebtfs...@gmx.com wrote 1.3K bytes
in 26 lines about:
: TBB is already slow, which is understandable. Using stock TBB
: that allows ads possibly other items increasing bandwidth is far
: slower on
On 11/6/2012 4:44 PM, Mike Perry wrote:
I am deeply opposed to shipping an always-on universal adblocker with
the default TBB. I think it would be political suicide in terms of
accomplishing our goals with acceptance of Tor users by sites, lobbying
for private browsing origin changes, and
On 11/7/2012 10:27 AM, Julian Yon wrote:
On Wed, 07 Nov 2012 16:14:25 +
adrelanos adrela...@riseup.net wrote:
Aside from my thoughts on advertising as an adversary, I do think that
the load on the network and associated slowdown is a problem. I only
run a relay on and off but I do wonder
On 11/7/2012 11:09 PM, Julian Yon wrote:
It's not specific to AdBlock. If everybody used exactly the same fixed
list it wouldn't be an issue. But not there are a zillion ad networks
out there and incredible as it is some people actually click the damn
things. After all, if they didn't the
On 11/8/2012 2:53 PM, grarpamp wrote:
What forum[s], or categories of forums, feel they are so in tune with
their userbase as to be able to deny access to the untold millions of
legitimate (and exclusive) users of free email services (gmail, yahoo,
etc)?
I don't know. I just know the
On 11/9/2012 8:19 AM, Nam Su wrote:
I saw some Internet pages. In there, they can know my ip with JavaScript in
spite of using Tor.
I can't believe this but I am worried about this.
Is it true?
Short answer is no, if you don't change a bunch of default settings in
TBB, or don't use addons /
On 11/9/2012 9:49 AM, The Doctor wrote:
Did something go pear-shaped with check.torproject.org? I've not been
able to get it to respond (through the TBB or otherwise) for the past
day or so.
It's down for me too. You could use another What's my IP lookup site,
that gives name / location of
I hope that Alessandro will be reminded / warned about commercial
advertising on the Tor-talk list - Re: Tor help
Though no fees are mentioned, if there a many agents waiting 24 hrs /
day, they'd have to charge fees. That is, unless the whole thing /
phone number is a scam.
I forgot - did someone say they keep cash extra phone in a safe
deposit box (pre paid or contract? Contract phone is no use in a police
crack down)?
If a deposit box, judge could freeze that too, so better hide it in
someone else's house. And what are they gonna say about that? I need
to
On 12/1/2012 10:10 AM, Jean-Francois Mezei wrote:
If Tor servers are just glorified routers then they could be considered
more as transit providers and not responsible for content transiting
through them.
However, if a transit service goes out of its way to hide the identity
of the sender of a
On 12/1/2012 1:28 PM, Anne P. Mitchell, Esq. wrote:
Please also keep in mind, if it's relevant, that *no warrant* is required for
data that is stored by a third-party. Data on a server, TOR or otherwise,
would by definition be data that is stored by a third party. Which means that
if there
On 12/1/2012 4:22 PM, Julian Yon wrote:
On Fri, 30 Nov 2012 20:42:45 -0600
Joe Btfsplk joebtfs...@gmx.com wrote:
How much is 10,000 EU anyway - $100 USD?
I knew I shouldn't have written that - too many people don't get satire
/ comedic sarcasm
His subj. said java script, but in the message he said Java. Not many,
if any web mails REQUIRE java. But many sites, incl. many web mails
need js - at least to login. You might be able to get around w/o js,
once logged in.
There's no way around not using js, on some sites, if you want it to
On 2/11/2013 6:47 PM, bvvq wrote:
Hi tor-talk,
I'm not sure where else to ask this question so I give my apologies if
this is off-topic. Please feel free to suggest a better
list/forum/website.
I've had a personal email account with GMail since it was invite-only,
but lately I've read a
On 2/11/2013 9:51 PM, Griffin Boyce wrote:
There are some good ones out there, but if you're using Tor to create the
account and login, you should know that many have started blocking Tor
users (or deactivating their accounts in the case of Yahoo). Size could
also be an issue, but if you're
On 2/11/2013 10:04 PM, grarpamp wrote:
* Privacy-conscious (don't parse my emails to target advertisements to
Anonymous-/encryption-type services offered by HushMail or Safe-Mail
That rules out gmail, yahoo, hotmail/live.
Few services will state they don't, and statements are no guarantee.
On 2/12/2013 8:41 AM, Ted Smith wrote:
I use riseup.net -- I trust their promise not to store any logs, I
know they'll never block Tor, and they don't have any ads in their web
interface. That said, if you're financially stable in a first-world
country, you should probably throw some bitcoins
On 2/12/2013 12:47 PM, Moritz Bartl wrote:
On 12.02.2013 17:09, Jan Reister wrote:
Il 12/02/2013 10:42, Roman Mamedov ha scritto:
In the past I used http://www.autistici.org/en/services/mail.html
I recommend autistici.org if you are in Europe, it's based in Italy.
Reliable service with
On 2/13/2013 3:58 AM, bvvq wrote:
On 12/02/2013 3:15 PM, Joe Btfsplk wrote:
Here's an article someone pointed out on email providers privacy; if
allow signing up w/ Tor, etc.: the_simple_computer
http://www.thesimplecomputer.info/articles/email-for-privacy.html
They all have + -, depending
On 2/13/2013 2:14 PM, the_simple_computer wrote:
Hi guys girls,
I'm the person behind /the_simple_computer/, nice to see the site making
the rounds here. ...
...
If anyone spots any errors in the email article or something that
doesn't align with their observations (grammar nazis also
On 2/13/2013 3:47 PM, Joe Btfsplk wrote:
On 2/13/2013 3:58 AM, bvvq wrote:
On 12/02/2013 3:15 PM, Joe Btfsplk wrote:
Here's an article someone pointed out on email providers privacy; if
allow signing up w/ Tor, etc.: the_simple_computer
http://www.thesimplecomputer.info/articles/email
On 2/14/2013 4:42 AM, adrelanos wrote:
Moritz Bartl:
On 13.02.2013 22:47, Joe Btfsplk wrote:
I suppose even providers offering encryption of files while on their
server (like Lavabit), could read the mail just before it was encrypted
/ decrypted, since they are doing the encrypting.
Even
On 2/16/2013 6:44 AM, Nick Sheppard wrote:
On 04/02/13 12:33, Hendrik Neumann wrote:
I've been running an exit node from my home network for ca. a year or
so. Now I've receviced mail from 21st Century Fox's lawyers in Germany
accusing me of torrenting a movie. Since all I offer via Torrent
On 2/17/2013 9:38 AM, Nick Sheppard wrote:
On 04/02/13 12:33, Hendrik Neumann wrote:
I've been running an exit node from my home network for ca. a year or
so. Now I've receviced mail from 21st Century Fox's lawyers in Germany
accusing me of torrenting a movie. Since all I offer via Torrent
On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's super-duper
easy for a person's user names and passwords to get hacked when accessing
e-mail over Tor. I also noticed that someone has been reading my gmails (since
they were marked
On 2/19/2013 2:11 AM, adrelanos wrote:
scarp:
On 2/18/2013 9:01 PM, Mysterious Flyer wrote:
Um. I am the REAL mysteriousfl...@yahoo.com. I guess it's
super-duper easy for a person's user names and passwords to get
hacked when accessing e-mail over Tor. I also noticed that
someone has
On 2/19/2013 7:07 PM, Mysterious Flyer wrote:
OK, more information on the circumstances:
1. The whole reason I started up with all this privacy and anonymous stuff
was because someone had hacked my gmail account, and was trying to ruin my life. I happen to know
from their IP address that
On 2/20/2013 10:47 AM, JerryR wrote:
Hi,
I'm new to this list, thank you all for your work and efforts; I've
been using the TorBrowser for a while now, yesterday I tried to update
it (tor-browser-2.3.25-2_en-US.exe), but, the There is a security
update keeps showing up, I already
On 2/11/2013 9:51 PM, Griffin Boyce wrote:
There are some good ones out there, but if you're using Tor to create the
account and login, you should know that many have started blocking Tor
users (or deactivating their accounts in the case of Yahoo). Size could
also be an issue, but if you're
On 2/17/2013 11:40 AM, Joe Btfsplk wrote:
On 04/02/13 12:33, Hendrik Neumann wrote:
I've been running an exit node from my home network for ca. a year or
so. Now I've receviced mail from 21st Century Fox's lawyers in Germany
accusing me of torrenting a movie. Since all I offer via Torrent
On 2/21/2013 4:58 PM, survivd wrote:
Seems like there's a bit of confusion regarding what a bad exit node can
and can't do here.
For many sites, you can trivially strip the SSL connection request as
the exit node, downgrading it to vulnerable plaintext just by using
ssl-strip. There'd be no
On 3/16/2013 10:24 AM, Tom Ritter wrote:
On 15 March 2013 18:34, Joe Btfsplk joebtfs...@gmx.com wrote:
Don't know if this will always work, for all providers, but I have set torrc
to use only exit nodes in my country
I don't think this should be a recommended practice, because (while
you
On 3/28/2013 7:08 PM, Mike Perry wrote:
As far as I can tell, the email address convention was created for
usability reasons, not as a protocol requirement.
What does this mean?:
https://developer.mozilla.org/en-US/docs/Persona
_4. Best of all, there's *no lock-in*. Developers get a verified
On 4/29/2013 12:32 PM, Chris Patti wrote:
Tor has a rather severe reputation problem at the moment. Given the recent
revelations around malware on the network, and the pervasiveness of
pedophilia, I think we should consider a course of action to help boost the
network's PR.
For one - while
On 5/4/2013 4:04 AM, Simon Brereton wrote:
If you search the list archives you will find a substantial report on the
issues Google faces,
Poor Google.
___
tor-talk mailing list
tor-talk@lists.torproject.org
Question of playing Flash vids comes up constantly explanation given
of why it can compromise anonymity in Tor Browser.
Anyone done real investigation if using some media players, that handle
playing Flash content directly from a URL, are any better at protecting
anonymity than Flash Player?
TBB may have NoScript settings to not have checked Forbid Flash
because it doesn't contain Flash Player.
What about WebGL being blocked by default in NoScript? I thought this
was supposed to be a much safer (not a threat to Tor) than Flash?
___
On 5/7/2013 5:27 PM, Moritz Bartl wrote:
https://www.torproject.org/projects/torbrowser/design/
WebGL can reveal information about the video card in use, and high
precision timing information can be used to fingerprint the CPU and
interpreter speed.
[...]
The adversary simply renders WebGL,
On 5/7/2013 7:05 PM, Andrew F wrote:
I am coming in late on this topic and know very little about it,
But I have to ask, would it be possible to send fake information?
I know that they use many variables to create a mosaic to identify people.
So why not change several variables. Create some
On 5/7/2013 10:56 PM, David Vorick wrote:
Are we sure this is a bug? Even when a page is in the cache doesn't it have
to communicate with the server to verify that the cache hasn't expired?
Perhaps this is what you are experiencing.
Good question. What do YOU see, when hitting the back
On 5/8/2013 1:57 AM, Lunar wrote:
Joe Btfsplk:
OK, thanks for detailed reply. Now that the adversary has a
fingerprint of my machine (therein lies the problem - the data being
given out), unless they're the gubment I'm a bad guy (or living in
a represses society), what are they going to do w
On 5/7/2013 8:46 PM, Tom Ritter wrote:
VLC has a lot of stuff going on inside of it. I would not be
surprised if there were proxy leaks that might be able to be forced by
someone doing something tricky. Say you enter a url to a flash video
and the content is intercepted and replaced with an
On 5/8/2013 3:01 PM, lu...@rankexploits.com wrote:
Here's a likely example of what Lunar is talking about. If you visit this
link you will be presented a survey form.
http://survey.gci.uq.edu.au/survey.php?c=1R9YT8YMZTWF
The javascript for that page creates a string listing:
1) every plugin
On 5/7/2013 10:56 PM, David Vorick wrote:
Are we sure this is a bug? Even when a page is in the cache doesn't it have
to communicate with the server to verify that the cache hasn't expired?
Perhaps this is what you are experiencing.
On Tue, May 7, 2013 at 9:41 PM, Tom Ritter t...@ritter.vg
On 5/8/2013 3:01 PM, lu...@rankexploits.com wrote:
Date: Wed, 8 May 2013 08:57:48 +0200
From: Lunar lu...@torproject.org
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?
Message-ID: 20130508065748.GA975@loar
Content-Type: text/plain;
I wonder if _instead_ of using addons for certain things in TBB, if the
same effect can be achieved by using code in *userChrome.css file*,
would that in any way allow pages to gather info on the UI changes, to
use for fingerprinting? I know a lot can be detected, but I don't know
that a tab
101 - 200 of 531 matches
Mail list logo
