unMessage is an anonymous messenger that uses Tor to hide metadata of
participants. Its still in early development, however a major new
feature such as Tor-to-Tor audio chat (the first such implementation we
are aware of) has been included. Major additions like file-sharing
support, video
On 10/16/2016 7:11:03 PM, mirimir at riseup.net wrote:
In Thunderbird+Enigmail, do three things:
1) create a local folder "Drafts", and configure Thunderbird to use it;
Yes good tip. Also Torbirdy configures this.
2) in "Thunderbird/Account Settings/OpenPGP Security", check "Encrypt
draft
Enigmail
https://security-tracker.debian.org/tracker/CVE-2014-5369
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Did Hackers got hacked with "tor nodes for MitM Jabber servers" ?
No. It seems they had very shitty opsec.
* re-connecting to an anonymous account directly over clearnet.
* using their voice over the phone to social engineer.
* dox themselves to some reporter.
--
tor-talk mailing list -
Found answer for my own question:
sed 's/^/> /' original > reply
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
For security its recommended to compose messages outside the e-mail
client. There were at least two incidents where plaintext was leaked
(claws mail saving drafts unencrypted and Enigmail sending unencrypted
messages).
Does anyone know how to add quoted line prefixes [1] to messages
composed
The logic of blocking everything completely *all the time* (like Google
does) is already a big problem with the IPv4 address space becoming over
saturated. Its not a Tor only thing. Sometimes an entire country is
behind a single NAT access point.
Researching ways that don't infringe on user's
Pretty basic opsec fail but I wonder if mapping out tags was a good
idea. Imagine tagging a city that has a handful of Tor users. They
should have consulted the Tor Research Ethics process.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
Never mind that it took three years (!) to be published, the parent
article from TheIntercept is lacking on the technical side.
https://assets.documentcloud.org/documents/3031639/07-Introduction-to-BADDECISION-Redacted.pdf
Are they already a part of the LAN whose computers they are exploiting?
Hello. We at the Whonix Project are looking for volunteers with a
knowledge of Python to help us out with some tasks.
If you like what we do or like to help out Free Software projects in
general, please take a look at the task list [1] and introduce yourself.
[1]
Does anyone know about any good username generator programs?
I've been thinking about some of the ways users can deanonymize
themselves when posting on a forum.
Besides password re-use from non-anonymous accounts (which password
managers deal with), writing style (Anonymouth is supposed to
Thanks Ethan for your research. We've been discussing which mitigation
technique to use. In a virtualized context disabling c-states is only
possible from the host. Thats ok since all it means is we need to
package it for users to install it there.
We prefer the idea of not using the kernel
Hi. Whonix collaborator here. We've given a lot of thought to many types
of clock based attacks including the one you are researching so we are
interested to know more about how this applies to our platform.
To run Whonix in KVM please see the relevant steps here [0]. Let me know
if you have
AFAIK for trademark reasons TPO recommends that distros built around Tor
Browser show a custom intro page upon Tor Browser start up to users
(which we do in Whonix).
Is this custom page detectable by websites a user visits (with a
malicious JS script for example)?
If successful this attack
Hi David. Thanks for chiming in. Please add a feature for pinning at the
key level as IMO it provides the best protection.
Will the logs provide users/site owners with a way to independently
check if coercion has happened?
Would systems like Cothority help Lets Encrypt users notice cert
How secure is Lets Encrypt compared to a pinned self signed cert? Can
Lets Encrypt be subverted by NSLs?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On 2016-02-06 23:14, intrigeri wrote:
Hi,
[can you please decide what mailing-list this discussion should happen
on, and then we can stop cross-posting over 4 mailing-list?]
[snip]
I'm not sure I understand the problem you mean to raise, though.
Can you please elaborate what problem you see
The OFTC servers have been blocking Tor users for weeks and the #tor is
no longer a viable support channel for anonymous users. We are looking
for other Tor friendly options at the moment and it would be great if
you consider moving your channels too.
Options we are considering for Whonix are
Great stuff! Do you plan on bringing back your Onion site? Will there be
a eepsite address for ahmia?
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Fantastic talks by Jacob as always, he hammers home many major system
hardening ideas. I summarized the points in the talks and will build on
them with more ideas and information.
I encourage everyone to see the DebConf talks by all means:
I am trying to use TorBrowser with I2P using these instructions
https://geti2p.net/en/about/browser-config
They used to work before but they don't anymore. Can anyone figure out
whats broken?
When connecting to I2P's HTTP proxy I get an error complaining that
TorBrowser is speaking something that
I wanted to let readers know that there is a KVM version of Whonix for
Linux users that has been around for quite some time at this point. It
just crossed my mind that I hadn't mentioned here until now.
I am making this announcement so those who don't follow our project but
may be interested,
Hi. As you may already know, NTP doesn't work over Tor and even if it
did its untrusted and unauthenticated design leaves systems open to
clock skew attacks that could unmask hidden services. What are your
thoughts on having an anonymity distro, that Torrifies all traffic,
depend on Hidden
23 matches
Mail list logo