[tor-talk] "recently-used.xbel" file in TBB directory, stores data on accessed, downloaded files

This involves *at least* Linux (Mint 18.1) Tor Browser 7.04 and 7.05, over at least a couple months. This seems like a huge privacy / anonymity issue. Why is there a *"recently-used.xbel"*, file in my Tor Browser installation directory - in path shown and  labeled as file TYPE: "XBEL

[tor-talk] verify Thunderbird download .asc file?

Does Mozilla not provide signature .asc files for any of the Thunderbird downloads - full installer or partial.mar downloads? They used to provide them on their ftp download site, but I think stopped around Tbird v20-something? Why are they concerned enough to sign & provide signature files

[tor-talk] torproject package repository

Looking at https://www.torproject.org/docs/debian.html.en, it mentions the repository deb http://deb.torproject.org/torproject.org main. Where distribution is the code name of the distro. Is the only package from this repo Tor itself and not Tor Browser? If it does host Tor Browser, would the

[tor-talk] should minimizing Tor Browser reset screen size?

In Linux, it's very easy to grab TBB's drag screen bar when reaching for scroll bar. I've done it several times now. If you only move it a few px, it's hard to tell if it changed, unless go to a browser check site. Appears that minimizing TBB to the panel / task bar & restoring it doesn't

Re: [tor-talk] "Some Tor Relays, you might want to avoid."

On 05/09/2017 07:02 AM, nusenu wrote: I wrote a blog post about relay groups in end-to-end position: https://medium.com/@nusenu/some-tor-relays-you-might-want-to-avoid-5901597ad821 Yes, you did. Thank you. I'm not sure it'll get much notice on this list. Elvis has left the building.

Re: [tor-talk] TBB uses orange Firefox icon in Linux panel

On 04/24/2017 08:47 PM, goody2shoes wrote: On 04/24/2017 05:43 PM, Joe Btfsplk wrote: In Mint 18.1, TBB 6.5.1 was installed to /home/user/torbrowser/. Now updated to 6.5.2 - still same issue. I only have one TBB launcher (icon) - on the desktop (nowhere else) & it uses the correct green

[tor-talk] TBB uses orange Firefox icon in Linux panel

In Mint 18.1, TBB 6.5.1 was installed to /home/user/torbrowser/. Now updated to 6.5.2 - still same issue. I only have one TBB launcher (icon) - on the desktop (nowhere else) & it uses the correct green TBB globe icon. When TBB is running, the app icon on Mint's panel is the orange / blue Fx

Re: [tor-talk] (Correction) Tor Browser crash

I don't think this is really related to this crash. I think it's not the problem of the Medium page, but it might be something wrong with NoScript's UI, but anyway it is shown in the recording. Blocked Objects - .(A) Temporarily allow FONT@https://medium.com .- - - - - - - - - - .

Re: [tor-talk] (Correction) Tor Browser crash

On 04/16/2017 02:40 PM, m.aj...@tuta.io wrote: Hello! I couldn't reproduce the crash in a virtual machine with Ubuntu 16.04 64-bit installed. I make a correction here: I just reproduced the crash in a virtual machine, but it took a few attempts to reproduce. Virtual machine OS: Ubuntu

Re: [tor-talk] Tor Browser crash

On 04/14/2017 10:03 PM, m.aj...@tuta.io wrote: the 'blocked object' menu within NoScript didn't appear until the page fully loaded and clicking the menu items in it did not crash the browser. Hello! The crash is not consistent, but when it happens, it appears to be a really strange crash.

Re: [tor-talk] Tor Browser Linux_don't extract to root

On 04/14/2017 11:46 AM, Jonathan Marquardt wrote: Look, if you have malicous software running on the system with normal user priviliges, you are in big trouble anyway. There's so many things that malicous software could do even if TBB was installed at a non-writable location. Just as a simple

Re: [tor-talk] Tor Browser Linux_don't extract to root

On 04/11/2017 03:47 AM, Jonathan Marquardt wrote: On Mon, Apr 10, 2017 at 07:11:48PM -0500, Joe Btfsplk wrote: What is the reason(s) the TBB instructions say do not install (extract) TBB to root? Is it so the TBB files will be in a location where the user has write permissions, so that TBB

[tor-talk] Tor Browser Linux_don't extract to root

What is the reason(s) the TBB instructions say do not install (extract) TBB to root? Is it so the TBB files will be in a location where the user has write permissions, so that TBB updates can automatically D/L and install? Other than that, does installing TBB to a location where anyone /

Re: [tor-talk] installing Tor browser to alternate path in Linux

Thanks. Every once in a while, I catch a break. I was overdue. On 03/30/2017 04:29 PM, m.aj...@tuta.io wrote: Hello, Joe! I understand that some modified versions of Firefox (such as Canonical Firefox and firefox.com.cn Firefox) are annoying, suspicious and hard to tune, but Tor Browser

[tor-talk] installing Tor browser to alternate path in Linux

Will TBB for Linux be able to D/L & install updates OK, it's installed (extracted) to a different directory -like /opt? So far in Mint 18.1, for Firefox - downloaded version - installed to /opt, there's no automatic update possible - AFAIK. Also been told the same - right or wrong. When Fx

Re: [tor-talk] TBB 6.5 screen resize not working

Koppen wrote: Joe Btfsplk: With default settings, TBB 6.5 (Win) doesn't round screen sizes at all. Browserspy.dk shows 993 x 695. I see the pref "extensions.torbutton.resize_windows" is still set false by default. Toggling it to true gives different reported screen size, but not increme

[tor-talk] TBB 6.5 screen resize not working

With default settings, TBB 6.5 (Win) doesn't round screen sizes at all. Browserspy.dk shows 993 x 695. I see the pref "extensions.torbutton.resize_windows" is still set false by default. Toggling it to true gives different reported screen size, but not increments of 100 or 200. The pref

[tor-talk] Tor segregation

Went to a site (won't list the URL because it's health related) & the short notice appeared: "Not Implemented Tor IP not allowed." They BWT'd me - browsing with Tor. However, got a new circuit & page loaded immediately. Obviously, the exit relay's IPa was blocked. The message was technically

[tor-talk] Will enabling extensions.torbutton.resize_windows; true have a downside?

In TBB 6.08, there's a torbutton pref in about:config - "extensions.torbutton.resize_windows" = false, by default. I understand it's enabled in TBB 6.5a (maybe not). The resizing of my screen height in 6.08 is sketchy. But if I enable the pref above, seems to make height resizing consistent

Re: [tor-talk] Browserspy knows my computer time

On 1/10/2017 3:42 AM, Andreas Krey wrote: It doesn't like tor much: Access denied. Your IP address is blacklisted. If you feel this is in error please contact your hosting provider's abuse department. You're correct. Browserspy.dk has a lot more Tor exits blacklisted than it used to. A

[tor-talk] TBB initial default UI size overlaps Win task bar

Key words are "initial default UI size." Like many, I've had problems with TBB spoofing the correct screen sizes to sites like browserspy.dk & panopticlick.eff.org. The https://trac.torproject.org/projects/tor/ticket/9268 - about TBB screen sizing (rounding, spoofing) says it's closed. Mike

Re: [tor-talk] Self-deleting scripts in http connections

On 12/8/2016 7:10 AM, Jonathan Marquardt wrote: Such an attacker could insert some JS or cookies etc. to track a user around the web or more dangerous attacks like stealing user data. The possibilities of JS are far-reaching. In the worst case scenario, JS can be used to exploit a user's

Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes

On 12/19/2016 5:05 PM, Roman Mamedov wrote: On Mon, 19 Dec 2016 18:20:41 - "podmo" wrote: I could ...turn AMT off entirely. Unfortunately that's only what it wants you to believe. With the capabilities it has, and with its code being entirely closed source and

Re: [tor-talk] NoScript problems after TBB 6.08 update

On 12/19/2016 12:41 PM, podmo wrote: On December 18, 2016 10:07 PM, Joe Btfsplk wrote: Never mind. The last NoScript 2.9.5.2 update included in TBB 6.08 over rode some of my settings. It changed the option "Allow HTTPS scripts globally on https documents" from unchecked to check

Re: [tor-talk] NoScript problems after TBB 6.08 update

n to man. Even ones with bad reps, if they're on an HTTPS site - with or w/o a site's permission or knowledge. (sites never get hacked) On 12/18/2016 1:54 PM, Joe Btfsplk wrote: After 6.08 TBB (Win) update, anyone had problems w/ NoScript not showing any detected domains in the status icon li

[tor-talk] NoScript problems after TBB 6.08 update

After 6.08 TBB (Win) update, anyone had problems w/ NoScript not showing any detected domains in the status icon list ? It doesn't show the current site's or *most* 3rd party domains in the status list. It does show the current site's domain under "Untrusted" selection in the list (as "mark

Re: [tor-talk] Intel ME / AMT + NSL vs Tor Nodes

On 12/17/2016 4:08 PM, Roman Mamedov wrote: On Sat, 17 Dec 2016 21:48:51 - "podmo" wrote: It cannot be used to access all your data remotely. That only works if you have all AMT features enabled, and you have a special device called a BMC card plugged into your computer

Re: [tor-talk] Another issue "never remember history" at Tor browser setting didn't last for actualisation

On 11/29/2016 1:00 PM, tort...@arcor.de wrote: It doesn't show "Clear history when TBB closes," because there is no history saved after a session in private browsing. Yes, but sometimes you want to clear the cache and cookies during a session without closing the Tor Browser. Just as if you

Re: [tor-talk] Another issue "never remember history" at Tor browser setting didn't last for actualisation

On 11/27/2016 8:04 PM, tort...@arcor.de wrote: You can check that from default "Use custom settings for history" to "Never remember history". But it is not saved. Probably because when you switch to Never remember history, that's the same as Always use private browsing. It switches to that

Re: [tor-talk] Research - Tor and the shaping of resistance technologies

On 11/8/2016 2:45 PM, COLLIER Ben wrote: Hello all, Greetings from (currently freezing cold) Scotland. I'm a researcher at the University of Edinburgh studying antisurveillance technologies, software development and how these are shaped at different levels by ideas about crime and

Re: [tor-talk] What is required in order to view YouTube HTML5 in TorBrowser?

On 11/3/2016 12:56 AM, maddonkeyk...@safe-mail.net wrote: What is required in order to view YouTube HTML5 in TorBrowser? You don't have to allow all scripts on YT's site. To view in TBB - directly off youtube, you'll have to allow youtube.com, ytimg.com & googlevideo.com. The latter

Re: [tor-talk] Tor and forward email to Spam folder.

On 10/24/2016 7:46 AM, Jason Long wrote: Thus google store my IP address? How can I see "X-Originating-Header"? Google will store *any* data it can get its grubby paws on. Often, if you add the email address to your contacts list (in the providers web mail settings), it won't mark messages

Re: [tor-talk] tor and BlackBerry

On 10/21/2016 2:01 AM, Petrusko wrote: That's why a smartphone with Firefox OS (or Boot 2 Gecko now, by community) was my 1st choice... But sadly no way to use TBrowser as I wrote on another thread :( Wait - TBB won't run on FxOS? So a modified Firefox won't run under Firefox OS? I've never

Re: [tor-talk] tor and BlackBerry

On 10/20/2016 1:24 PM, Jason Long wrote: Hello. Tor developed for android but why not BlackBerry? BlackBerry devices based on security and why tor not developed for them? I don't know the answer. Maybe they developed for Android because there are so many phones? That reason alone doesn't

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 10/5/2016 11:23 AM, Mirimir wrote: Yes, it's partly that residential IPs are (or have been, anyway) dynamic. I guess that depends on the provider and exact type of service. AT "digital" (Uverse) residential internet hasn't had dynamic IPa's for several yrs. In many places, they

Re: [tor-talk] problem reinstalling NoScript

On 10/4/2016 11:50 PM, krishna e bera wrote: On 04/10/16 10:03 PM, Joe Btfsplk wrote: In TBB 6.0.5 (Win), NoScript 2.9.0.14 it seemed to be misbehaving. It wasn't showing many trackers in the icon drop list, on sites where there would be plenty. I UNchecked "Allow Scripts Globally

[tor-talk] problem reinstalling NoScript

In TBB 6.0.5 (Win), NoScript 2.9.0.14 it seemed to be misbehaving. It wasn't showing many trackers in the icon drop list, on sites where there would be plenty. I UNchecked "Allow Scripts Globally." I uninstalled it - closed TBB. Removed NoScript entries in pref.js & restarted TBB, then

Re: [tor-talk] How to (Was: Tor and Google error / CAPTCHAs.)

On 10/1/2016 12:36 AM, Alec Muffett wrote: …which leads the the sort of posting that Joe posts above, essentially that some evil gods named Google and Cloudflare have, do and are, arranging for the websites of the internet to be hostile to people who need or want use Tor, by throwing

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 10/3/2016 2:09 AM, Alec Muffett wrote: On 3 October 2016 at 01:40, wrote: While outreach and cooperation with some companies may work, do you not consider that a sizable number of sites will always block anonymous traffic simply because they can not monetize it with

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 9/27/2016 9:02 PM, Mirimir wrote: On 09/27/2016 06:50 PM, Joe Btfsplk wrote: Sometimes, they start renewing pictures in the [CAPTCHA] array that I've already checked, before I get to the end & submit. I tried doing it faster - they replaced them faster. Obvious they didn't want Tor u

Re: [tor-talk] is it me or did tor talk get really quiet?

agency. That's no secret to Tor Project. Just a thought. On 9/28/2016 11:46 PM, Moritz Bartl wrote: Hi Joe, I agree with what you wrote. The topic comes up at every dev meeting, but we have not found a way to address that problem, or, phrased differently, it is unclear what path to take. On 09/28/

Re: [tor-talk] is it me or did tor talk get really quiet?

Thanks Moritz. Yes, the reply was helpful. Comments / follow-up inserted below. On 9/28/2016 3:01 AM, Moritz Bartl wrote: Is tor-project list not for fairly advanced users, or bug filers, or those giving more to the community than just asking questions (but never contribute useful input)?

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 9/27/2016 9:57 AM, blo...@openmailbox.org wrote: This is exactly my issue. If I login to my Gmail or FB account then invariably Gmail or FB thinks I am a suspicious person hence "Something seems a bit different about the way you're trying to sign in. Complete the step below to let us know

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 9/26/2016 11:57 PM, Jeremy Rand wrote: If it matters, I usually have Tor Browser in Medium-High security level, so Javascript is enabled for HTTPS sites (including Google Translate). Cheers, -Jeremy Yep, mine can be in Med or Med High security, and a lot of captcha's & other features don't

Re: [tor-talk] is it me or did tor talk get really quiet?

On 9/26/2016 7:07 PM, Moritz Bartl wrote: On 09/26/2016 09:02 PM, Joe Btfsplk wrote: Some may say they still get several tor-talk emails / day and I do, too. But several current, relevant technical questions I've asked about Tor issues get no comments. Questions I'm pretty sure a lot

Re: [tor-talk] is it me or did tor talk get really quiet?

Some may say they still get several tor-talk emails / day and I do, too. But several current, relevant technical questions I've asked about Tor issues get no comments. Questions I'm pretty sure a lot of people would be interested in. And that at least some advanced users would have partial

Re: [tor-talk] Tor-friendly email provider

On 9/24/2016 8:26 AM, Mirimir wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/24/2016 06:53 AM, Oskar Wendel wrote: Joe Btfsplk: What is it about Riseup that you don't like? Just curious. I've not used it, but most people seem to like it. Riseup silently drops email with certain

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 9/25/2016 12:15 AM, Jeremy Rand wrote: hi...@safe-mail.net: You can't use Google Translate at all with most Tor exit nodes, while there are no sane reaons why they would block Tor users from just translating text. Interesting. I don't use Google Translate very often (maybe 2-3 times per

Re: [tor-talk] Tor-friendly email provider

On 9/22/2016 1:00 PM, Oskar Wendel wrote: gmx.com doesn't want me to register: "Your registration could not be processed at the moment. Please try again later." gmx.net seems to blacklist Tor, too: Registrierung leider nicht moglich! Sie haben versucht, sich mit der IP-Adresse

Re: [tor-talk] Image EXIF data used to geolocate

On 9/22/2016 9:46 AM, ban...@openmailbox.org wrote: Pretty basic opsec fail but I wonder if mapping out tags was a good idea. Imagine tagging a city that has a handful of Tor users. They should have consulted the Tor Research Ethics process. When it's important not to reveal location or other

Re: [tor-talk] Running a relay for some months

On 9/17/2016 2:46 PM, Tor Dev wrote: I see now. My apologies! I pressed the button indeed multiple times, but the window with the mail didn’t close after pressing the button. Even disabling GPG signatures made no difference. After a few minutes I force quitted my mail client and went to

Re: [tor-talk] Running a relay for some months

On 9/17/2016 11:23 AM, Tor Dev wrote: So the bandwidth is probably not sufficient of your relay. @ Tor Dev Just curious. I received 14 copies of your above reply with identical body text. Did you somehow send that many? Do you possibly have a virus or sticking "Send" button? :) Several

[tor-talk] Question - NoScript ClearClick bug

#14985 new defect NoScript Clickjacking warning when clicking on embedded content This obviously hasn't

Re: [tor-talk] bug

On 9/12/2016 9:41 AM, xuzixa...@polyfaust.com wrote: https://www.browserleaks.com/firefox it can be used for both fingerprinting (different users use different OS setups or different Tor versions) and exploiting software vulnerabilities because when attacker don’t know your OS or browser

Re: [tor-talk] Metrics in Iran and other countries

On 9/7/2016 9:40 PM, Mirimir wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/07/2016 11:05 AM, Joe Btfsplk wrote: #4 The Tor Project is pretty clear that Tor Browser by itself is probably not enough to provide reasonably reliable anonymity. Tor Project doesn't make that clear

Re: [tor-talk] Metrics in Iran and other countries

I don't know the complete answers, depending on which question, or if they even exist. Assuming the metric data are being handled correctly & graphs are displaying correctly, if we look at a graph for all users from Jan. 2013 till now, the trend is still the same. A huge increase - probably

Re: [tor-talk] Medium removed the captchas for Tor users!

On 8/8/2016 8:53 PM, Sadiq Saif wrote: On 08-Aug-16 21:42, Joe Btfsplk wrote: I still don't know what those statements were about. I've seen no change in Cloudfront captchas working better for Tor. Meaning, they don't work at all. Even major news outlets using CloudFlare, where I'd like

Re: [tor-talk] Medium removed the captchas for Tor users!

On 7/14/2016 4:49 PM, Griffin Boyce wrote: That is really awesome! :-) Thanks for the update. On Thu, Jul 14, 2016 at 5:42 PM, Kate Krauss < k...@torproject.org [k...@torproject.org] > wrote: I don't say much on Tor-Talk, but I will say this: Thanks, Medium, for removing all those CloudFlare

Re: [tor-talk] Medium removed the captchas for Tor users!

On 7/14/2016 4:49 PM, Griffin Boyce wrote: That is really awesome! :-) Thanks for the update. On Thu, Jul 14, 2016 at 5:42 PM, Kate Krauss < k...@torproject.org [k...@torproject.org] > wrote: I don't say much on Tor-Talk, but I will say this: Thanks, Medium, for removing all those CloudFlare

Re: [tor-talk] FBI cracked Tor security

On 7/15/2016 12:34 AM, Jon Tullett wrote: On 15 July 2016 at 01:23, Joe Btfsplk <joebtfs...@gmx.com> wrote: On 7/14/2016 2:34 PM, Jon Tullett wrote: Thanks Jon. I agree w/ most that you said. Again, semantics. Whether they cracked Tor or Tor Browser won't change if the brutal dictat

Re: [tor-talk] FBI cracked Tor security

On 7/14/2016 2:34 PM, Jon Tullett wrote: 2. Aren't statements (from anyone) like, "... generally crack the servers hosting the illicit material, not Tor itself," sort of a matter of semantics? Depends on the context, I guess. To the user, maybe, but in the context of this (Tor) community, the

Re: [tor-talk] FBI cracked Tor security

On 7/14/2016 1:23 AM, Jon Tullett wrote: I think what you'll find in such cases is that the FBI generally crack the servers hosting the illicit material, not Tor itself. 1. Wasn't this discussed back when it occurred? As to how they did (or likely did) identify the Tor / Tor Browser users

Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

On 6/24/2016 8:39 AM, Allen wrote: On Fri, Jun 24, 2016 at 2:19 AM, grarpamp wrote: https://www.eff.org/files/2016/06/23/matish_suppression_edva.pdf

Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

On 6/24/2016 4:26 PM, I wrote: " foreign law" QED Yes - most lands & their laws, other than the one a person grew up in or resides in are "foreign" to them. It's not a slur. :D -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to

Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

On 6/24/2016 8:08 AM, I wrote: Is this list for all Tor people or just USA? Subject: Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer Is that a serious or satirical question? It's always been for people of all countries, as far as I remember. If

Re: [tor-talk] US Federal Court: The Fourth Amendment Does Not Protect Your Home Computer

Seems that saying "the decision is bad news for privacy" is an historical understatement. It's more like burning the Constitution & shooting the ashes out of the solar system. "We don't need no stinking warrant." I have doubts that sending scolding emails or petitions will in any way change

[tor-talk] good ole cloudflarb

Tor Weekly news from April 4, 2016 mentioned Cloudflare's blog comment on Tor. A cookie exception IS set ( but "accept cookies from sites" is not checked & "accept 3rd party cookies" = never) - which allows other sites to set session cookie, if an exception is entered. That setup allows

Re: [tor-talk] Day of Action: Is the FBI targeting YOU??

On 6/21/2016 11:58 AM, Kate Krauss wrote: Greetings, Tor Talkers! The US Department of Justice is trying to institute new rules that would let the FBI hack computers that use Tor and other privacy-protecting technologies--all over the world. EFF and Tor are asking you to sign a petition or (if

Re: [tor-talk] Question for those who say "Tor is pwned"

On 6/20/2016 7:10 PM, Roger Dingledine wrote: If you want to read a lot more on this topic -- including how Tor's design changed in response and how it still needs to change -- check out the blog post here: https://blog.torproject.org/blog/improving-tors-anonymity-changing-guard-parameters

Re: [tor-talk] Reminder to stay on-topic

Not taking sides - at all, but when a (some?) female Tor Project employees were being harassed, there was massive, ongoing outpouring of support & long, repetitious posts. Which is fine, but it definitely wasn't on topic. I agree w/ you in general about staying on topic, but when has that ever

Re: [tor-talk] Which reputable webmail providers function well with Tor?

On 5/25/2016 2:55 PM, blo...@openmailbox.org wrote: Can anyone suggest a reputable webmail provider that is not totally anti-Tor. Cock.li and Sigaint and Unseen.is and Mail2Tor are out as the names look weird to "normal" people. Unseen.is - is "weird" to people? What's so weird? I've used it

Re: [tor-talk] 2 hop mode for people that only want to use Tor for censorship circumvention to conserve bandwidth and decrease latency?

On 6/13/2016 2:08 AM, Ben Tasker wrote: And how (many, not all) people tend to believe the worst about most accused persons, regardless of the lack of or thinness of evidence, much less waiting for any legal process? An interesting but not necessarily admirable human trait. If the accused is

Re: [tor-talk] 2 hop mode for people that only want to use Tor for censorship circumvention to conserve bandwidth and decrease latency?

On 6/12/2016 4:32 PM, T F wrote: Create an Exit Node on your Own IP Adresse. Now any Traffic that is produced on your IP could be done from anyone else. So this could be the best case for you. You surf over the IP of an Tor Exit no latency no Traffic lost! Am 12.06.2016 9:56 nachm. schrieb "gdfg

Re: [tor-talk] fwd: FBI Is Pushing Back Against Judge's Order to Reveal Tor Browser Exploit

On 5/19/2016 1:31 AM, Zenaan Harkness wrote: On 5/19/16, krishna e bera <k...@cyblings.on.ca> wrote: On 05/18/2016 11:40 AM, Joe Btfsplk wrote: I'm surprised there are no discussions or questions on tor-talk about this issue . Since any exploits - whether due to "flaws" i

Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare

On 4/23/2016 2:54 PM, Rob van der Hoeven wrote: On Sat, 2016-04-23 at 14:03 -0500, Joe Btfsplk wrote: On 4/23/2016 8:15 AM, Rob van der Hoeven wrote: Hi, Today I got an idea of how to measure "The CloudFlare problem". It turns out that every time you visit a website that's behind

Re: [tor-talk] 12.7 percent of the domains I visit are intercepted by CloudFlare

On 4/23/2016 8:15 AM, Rob van der Hoeven wrote: Hi, Today I got an idea of how to measure "The CloudFlare problem". It turns out that every time you visit a website that's behind CloudFlare a cookie is set with the name __cfduid If you use Firefox these cookies end up in a SQLite database

Re: [tor-talk] Tor Friendly Emial Services.

On 2/16/2016 10:14 AM, blo...@openmailbox.org wrote: Hello, Here are some Tor friendly e-mail providers. None of these want SMS validation. Some have onion links but please check yourself for the correct URL. Do you know of any we can add to this list? Any onion only sites? Any comments on

Re: [tor-talk] web browser add-on extensions vulnerabilities

On 4/10/2016 5:36 AM, jb wrote: Tor Browser users: NoScript and other popular Firefox add-ons open millions to new attack http://arstechnica.com/security/2016/04/noscript-and-other-popular-firefox-add-ons-open-millions-to-new-attack/ TB supplies default extensions, from which two are TB

[tor-talk] Start Page & Ixquick - same now

"On March 29, Ixquick merged with our hugely popular StartPage search engine." https://ixquick.com/eng/ixquick-merged-with-startpage.html?lmv=1 This is apparently for the US. Best I could tell, in the - US -, Ixquick.com & Startpage give same results - querying Google. Seems ? the _USA

Re: [tor-talk] CloudFlare blog post

On 4/1/2016 1:56 PM, The Doctor wrote: If I run into the CAPTCHA wall on a site, I generally have to solve it three or four times before I can get through. I generally just chew it back because that seems to be the toll that has to be paid these days. I generally don't have the same problem

Re: [tor-talk] CloudFlare blog post - Addendum

On 3/31/2016 11:23 PM, Joe Btfsplk wrote: On 3/31/2016 7:34 PM, tor_t...@arcor.de wrote: Hi Tor Talkers, there is someone who wants to make us believe that the FBI is seeking a backdoor in Tor via CF like the PR we read with Apple and he posted his thoughts to pastebin at #OPTor: http

Re: [tor-talk] CloudFlare blog post - Addendum

On 3/31/2016 7:34 PM, tor_t...@arcor.de wrote: Hi Tor Talkers, there is someone who wants to make us believe that the FBI is seeking a backdoor in Tor via CF like the PR we read with Apple and he posted his thoughts to pastebin at #OPTor: http://pastebin.com/mucmvJCN ~1.200 hits and trendy

Re: [tor-talk] CloudFlare blog post

On 3/31/2016 1:04 PM, Andreas Krey wrote: On Thu, 31 Mar 2016 11:27:24 +, Joe Btfsplk wrote: ... They said that automatically providing cloudflared sites with onion addresses would make it easier to detect nonmalicious tor use, but I wonder why they expect that the bad guys don't

Re: [tor-talk] CloudFlare blog post

On 3/31/2016 12:25 AM, Andreas Krey wrote: On Wed, 30 Mar 2016 15:19:09 +, Joe Btfsplk wrote: ... At times, Cloudflare or some sites may say, "Gee, whiz - we're not blocking TBB intentionally. We're working on a solution." But I don't buy that 100%. It's possibly just a p

Re: [tor-talk] CloudFlare blog post

On 3/30/2016 10:01 AM, Philipp Winter wrote: I also wonder how effective your CAPTCHAs really are. Deep learning techniques suggest that bots are about to become just as good, or even better, at solving CAPTCHAs than people. Therefore, I wonder if a long term solution should also center around

Re: [tor-talk] Why my tor-assigned IP address differs from that of exit node ?

On 3/19/2016 4:48 PM, grarpamp wrote: On 3/19/16, Joe Btfsplk <joebtfs...@gmx.com> wrote: In TBB 5.5.4, why does part of the URL that's copied / pasted, look so pale gray after loading, it's almost unreadable? Go to about:config search url / urlbar. Thank you. The pref

Re: [tor-talk] Question about Circuit Separation

On 3/10/2016 6:00 AM, CANNON NATHANIEL CIOTA wrote: This is a question about Tor Browser in specific. I've found a number of websites [0] [1] [2] that explicitly warn of visiting your personal website over tor. The explanation is always that if you "access other sites in the same session", an

Re: [tor-talk] Why my tor-assigned IP address differs from that of exit node ?

On 3/16/2016 11:13 AM, Roger Dingledine wrote: It's nothing to worry about, and also not a bug. You might enjoy this stackexchange article which explains the topic: http://tor.stackexchange.com/questions/190/why-does-check-torproject-org-sometimes-tell-me-im-not-using-tor-when-i-am In TBB

Re: [tor-talk] What is "cookie protections"?

On 1/8/2016 3:17 PM, Yury Bulka wrote: I've disabled the "Don't record browsing history or website data" check box in the Privacy and Security Settings dialog. There's only one potential danger I see here - cookies. In Windows TBB, there's a selection "Use custom settings for history." The

[tor-talk] youtube required scripts_now

Is there a specific set of scripts now required to play youtube vids in TBB - & the other aren't needed? Not long ago, the only scripts required on youtube for TBB or Firefox seemed to be youtube.com & s.ytimg.com. I get mixed results by trying to test which ones are now required or not.

Re: [tor-talk] Tor Browser does not recommend the default window size anymore?

On 9/17/2015 12:12 AM, Dave Warren wrote: You're not wrong, but at the same time, annoying experienced users who understand (and don't care about) the consequences isn't necessarily useful either. I don't have the answer. Just thinking out loud. e.g., when less experienced users don't

Re: [tor-talk] Tor Browser does not recommend the default window size anymore?

On 9/14/2015 2:56 AM, Georg Koppen wrote: Qaz: Hi, I noticed that I don't get the `we recommend you leave your window size with the default` prompt when I fullscreen my window. Has it been fixed or something? The alpha version does not have it anymore and you should only see it three times

Re: [tor-talk] Tor browser won't become the standard one...

Pardon me if I missed some comments I'm rehashing. I'm not too familiar w/ how W10 has changed doing some things. But, sounds like you have 2 (really separate) issues / needs: 1) setting * some * browser as default in Windows 2) setting which application will auto open specific types of files,

Re: [tor-talk] do Cloudfare captchas ever work?

On 6/23/2015 4:04 AM, kleft wrote: mansour moufid wrote: Sometimes I wonder if it's really Cloudflare, or some bad exit node running a CAPTCHA solving business. Mansour, to what end would they run a captcha solving business? If they were, I don't understand how they'd benefit. It's useful

Re: [tor-talk] do Cloudfare captchas ever work?

button https://www.torproject.org/projects/torbrowser/design/#new-identity On 6/23/2015 3:41 PM, Çağıl P. Şesto wrote: On Mon, Jun 22, 2015 at 07:15:24PM -0500, Joe Btfsplk wrote: Is that actually true? (they can track you over various exits) Is that what the design document says? Tor can't

Re: [tor-talk] do Cloudfare captchas ever work?

Thanks for the helpful replies. On 6/22/2015 9:36 AM, Çağıl P. Şesto wrote: A cdn like clouldflare can track you very easy over various exits, tor currently has 1115 relays that are exits, its possible to mark all of them malicious on a blacklist-providers sensor in 15-30 minutes. Is that

Re: [tor-talk] do Cloudfare captchas ever work?

On 06/20/2015 12:31 AM, Andreas Krey wrote: The last weeks I was usually getting the number photo captchas, and they work. Last week there were more of the hard two word captchas, but even these usually work - sometimes I just reload the page and then I often get a number captcha. Thanks. Yes,

Re: [tor-talk] do Cloudfare captchas ever work?

, or) that Cloudfare requires to be allowed, before they'll allow the captcha to work. On 6/20/2015 6:35 AM, Lars Luthman wrote: On Fri, 2015-06-19 at 22:38 -0500, Joe Btfsplk wrote: Does anyone have any meaningful success rate with Cloudfare captchas in Tor Browser? Using default browser installation

[tor-talk] do Cloudfare captchas ever work?

Does anyone have any meaningful success rate with Cloudfare captchas in Tor Browser? Using default browser installation settings? I so rarely have success, that I immediately close tabs for sites presenting Cloudfare. Even when the puzzle is clearly legible (rarely), it still doesn't work.

Re: [tor-talk] (no subject)

On 6/19/2015 4:17 AM, Andy Iwanski wrote: Can someone please help me. I have lost access to all my files. I do not understand any of this and need to access my stuff. I can be reached at XXX-XXX-. I tried following the directions but it didn't work. Also, it's a bad idea to post

  1   2   3   4   5   6   >