Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 12/21/2016 04:38 AM, hi...@safe-mail.net wrote: > I just think that this new single-hop system should have been reserved for a > different Tor source/installation, dedicated only to non-anonymous hidden > services, not merge it with the regular

Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

On 21 December 2016 at 09:40, Cannon wrote: > Good point. > I believe the new single-hop is a great option for some situation such as > if a website does not need to be anonymous but yet would still like to have > a .onion address so users can still remain anonymous or

Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

Alex, that is inappropriate language and behavior for a public discussion list. You have demeaned yourself greatly with that outburst, and only succeeding in damaging the Tor project. Please stop. Second, as someone who firmly believes in Murphy's Law, I share the concerns that have been

Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

On 21 December 2016 at 14:01, Allen wrote: > Alex, Typo. > that is inappropriate language and behavior for a public > discussion list. You have demeaned yourself greatly with that > outburst, and only succeeding in damaging the Tor project. Please > stop. > For

Re: [tor-talk] privacy of hidden services

Allen: > I have a question about the privacy of hidden services. Let's say I > create a tor hidden service and privately send the onion address to > only two other people. Would anyone outside of myself and those two > people be able to determine the onion address or monitor activity > related

Re: [tor-talk] privacy of hidden services

There are researchers who monitor the HSDir to keep some stats on what goes Up and what goes down, general server security is A Good start. You can password protect alot. And restrict alot, then dissallow usr agents and so on Allen skrev: (21 december 2016 18:59:59 CET) >I

Re: [tor-talk] privacy of hidden services

> Would anyone outside of myself and those two > people be able to determine the onion address Yes. Your onion address is published on a DHT, hosted accross all nodes with HSDir flag. Some bad behaviouring relays try to enumerate all onion addresses by massive HSDir node creation to fetch

[tor-talk] privacy of hidden services

I have a question about the privacy of hidden services. Let's say I create a tor hidden service and privately send the onion address to only two other people. Would anyone outside of myself and those two people be able to determine the onion address or monitor activity related to the hidden

Re: [tor-talk] privacy of hidden services

On 21 Dec (19:37:13), Aeris wrote: > > Would anyone outside of myself and those two > > people be able to determine the onion address > > Yes. Your onion address is published on a DHT, hosted accross all nodes with > HSDir flag. Some bad behaviouring relays try to enumerate all onion addresses

Re: [tor-talk] Self-deleting scripts in http connections

On 12/8/2016 7:10 AM, Jonathan Marquardt wrote: Such an attacker could insert some JS or cookies etc. to track a user around the web or more dangerous attacks like stealing user data. The possibilities of JS are far-reaching. In the worst case scenario, JS can be used to exploit a user's

Re: [tor-talk] privacy of hidden services

> So yes, ideally encrypt your Introduction Points (basic) and obfuscate > identity keys (stealth) [this also encrypts sets of IPs]. Non-ideally, > use random slugs in URLs as OnionShare does (if you're doing web). ok, I'm not sure I completely understand. If my HS uses stealth auth, what data

Re: [tor-talk] privacy of hidden services

Limit access for unwanted registerd like he says have A page and use /jdjenwlsishdjshdysoalwjdbebs instead of /login Allen skrev: (21 december 2016 20:57:47 CET) >> So yes, ideally encrypt your Introduction Points (basic) and >obfuscate >> identity keys (stealth) [this also

Re: [tor-talk] privacy of hidden services

Hi Flipchan, I'm not concerned with limiting access--I'm concerned with who if anyone is able to detect the existence and activity of the HS, and more specifically at this point, who is able to detect the existence and activity of a HS that uses stealth auth when the onion address is only

Re: [tor-talk] Self-deleting scripts in http connections

http://www.digitaltrends.com/computing/firefox-tor-vulnerability/ On Wed, Dec 21, 2016 at 3:09 PM, Joe Btfsplk wrote: > > > On 12/8/2016 7:10 AM, Jonathan Marquardt wrote: >> >> >> Such an attacker could insert some JS or cookies etc. to track a user >> around >> the web or

Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

Alec Muffett wrote: Otherwise, go work out how to ban "rm -rf /" - first. That has actually been addressed in a number of places. Reference: https://en.wikipedia.org/wiki/Rm_(Unix) Sun Microsystems introduced "rm -rf /" protection in Solaris 10, first released in 2005. Upon

Re: [tor-talk] privacy of hidden services

As soon as You "publish" the site it Will be added to the directory and someone will know Allen skrev: (21 december 2016 21:19:52 CET) >Hi Flipchan, I'm not concerned with limiting access--I'm concerned >with who if anyone is able to detect the existence and activity of the

Re: [tor-talk] privacy of hidden services

From the discussion and studying the specs, my understanding is that: The HS directory servers receive the HS public key aka onion address. The information leakages are: (1) through various HSdir enumeration techniques, the world at large can discover the HS public key and onion address; (2) the

Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

On 12/21/2016 07:57 AM, David Goulet wrote: > On 20 Dec (23:38:43), hi...@safe-mail.net wrote: >> I just think that this new single-hop system should have been reserved for a >> different Tor source/installation, dedicated only to non-anonymous hidden >> services, not merge it with the regular

Re: [tor-talk] privacy of hidden services

Sent from Fu's iPhone > On Dec 21, 2016, at 12:59 PM, Allen wrote: > > I have a question about the privacy of hidden services. Let's say I > create a tor hidden service and privately send the onion address to > only two other people. Would anyone outside of myself and

Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

On 22 December 2016 at 05:50, Jim wrote: > Alec Muffett wrote: > > Otherwise, go work out how to ban "rm -rf /" - first. >> > > That has actually been addressed in a number of places. > > Reference: https://en.wikipedia.org/wiki/Rm_(Unix) > > Sun Microsystems introduced

Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

On 20 Dec (23:38:43), hi...@safe-mail.net wrote: > I just think that this new single-hop system should have been reserved for a > different Tor source/installation, dedicated only to non-anonymous hidden > services, not merge it with the regular Tor software. And this for security. > > I once

Re: [tor-talk] Not comfortable with the new single-hop system merged into Tor

On Tue, 20 Dec 2016 23:38:43 -0500 hi...@safe-mail.net wrote: > I just think that this new single-hop system should have been reserved for a > different Tor source/installation, dedicated only to non-anonymous hidden > services, not merge it with the regular Tor software. And this for security.