Re: [tor-talk] Javascript vs privacy?

On 6 August 2013 16:31, Lunar lu...@torproject.org wrote: Hi Jon, A few of your assumptions look incorrect. Here's some of my understandings. Thanks Lunar, appreciate the input. You raise good points. Jon Tullett: My understanding is that NoScript shipped disabled in the TBB NoScript

Re: [tor-talk] Javascript vs privacy?

On 7 August 2013 09:46, Roger Dingledine a...@mit.edu wrote: On Wed, Aug 07, 2013 at 09:28:17AM +0200, Jon Tullett wrote: is there scope for better communicating to a user (such as in the Tor browser homepage) that JS is enabled to improve their browsing experience and enhance privacy

Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity

On 29 June 2014 20:30, Mark McCarron mark.mccar...@live.co.uk wrote: Mick, Congratulations, so you found someone with a similar name what are the odds of that. Probably fairly good odds, I guess - it can't be that unusual a name. But just so we're clear: are you definitely not the same Mark

Re: [tor-talk] Illegal Activity As A Metric of Tor Security and Anonymity

On 29 June 2014 21:45, Michael Wolf mikew...@riseup.net wrote: How do Snowden and the NSA slides titled Tor Stinks fit into your little conspiracy theory? Conspiracy theory aside, I'm curious about these. I mean, p12: How does TOR handle DNS requests?...still investigating. That seems

Re: [tor-talk] Operation Onymous against hidden services, most DarkNet markets are down

On 7 November 2014 05:39, Juan juan@gmail.com wrote: On Thu, 6 Nov 2014 15:51:15 -0500 Jim Smith jimsmi...@safe-mail.net wrote: Usually you won't go through the trouble of using Tor unless your privacy is being attacked. Once you start using Tor it's easier to justify surveillance

Re: [tor-talk] Operation Onymous against hidden services, most DarkNet markets are down

On 7 November 2014 20:13, Juan juan@gmail.com wrote: On Fri, 7 Nov 2014 13:04:38 +0200 Jon Tullett jon.tull...@gmail.com wrote: On 7 November 2014 05:39, Juan juan@gmail.com wrote: So why would people be tracked in the first place? Are you saying that the US

Re: [tor-talk] Off topic- Android is suspect spyware?

On 10 December 2014 at 01:22, andr...@fastmail.fm wrote: Anything that google touches or promotes is very suspicious. Anything that any corporation touches is suspicious by the same measures, if you want to be sufficiently paranoid about it. You think there's no Chinese spyware in Huawei

Re: [tor-talk] Games Without Frontiers: Investigating Video Games as a Covert Channel

On 27 Mar 2015 15:05, Rishab Nithyanand rishabn@gmail.com wrote: Hey Jon. I think you do raise some very good points and this is a good debate to have. I agree. And that, I think, is the point I'm trying to make - the fact that these points are debatable suggests they shouldn't be taken

Re: [tor-talk] Games Without Frontiers: Investigating Video Games as a Covert Channel

On 20 March 2015 at 05:45, Rishab Nithyanand rishabn@gmail.com wrote: Hey all, I just thought I'd share and get feedback about some recent work from our team at Stony Brook University. Interesting, thanks! I do question one of the early assumptions, though: Many games also include the

[tor-talk] A month with BADONIONS

Hi all This was interesting - not sure if I've missed discussion of it here, but I didn't find anything with a quick search. https://chloe.re/2015/06/20/a-month-with-badonions/ Tl:dr; the author set up a very basic honeypot to detect potentially abusive guard and exit nodes, and found some.

[tor-talk] Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services

Looks interesting. Has anyone reviewed it? http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf http://anongalactic.com/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/ -J -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other

Re: [tor-talk] Circuit Fingerprinting Attacks: Passive Deanonymization of Tor Hidden Services

On 3 August 2015 at 08:52, Roger Dingledine a...@mit.edu wrote: On Mon, Aug 03, 2015 at 08:50:54AM +0200, Jon Tullett wrote: Looks interesting. Has anyone reviewed it? http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf http://anongalactic.com/new-attack-on-tor-can-deanonymize-hidden

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 21:17, Joe Btfsplk <joebtfs...@gmx.com> wrote: > On 7/14/2016 1:23 AM, Jon Tullett wrote: >> >> >> I think what you'll find in such cases is that the FBI generally crack >> the servers hosting the illicit material, not Tor itself. >>

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 12:52, <m...@beroal.in.ua> wrote: > On 14.07.16 09:23, Jon Tullett wrote: >> >> On 14 July 2016 at 01:51, Nick Levinson <nick_levin...@yahoo.com> wrote: >>> >>> The FBI reportedly cracked Tor's security to crack a child porn case wi

Re: [tor-talk] using same usernames on same websites under tor and privacy -

On 15 August 2016 at 11:29, shirish शिरीष wrote: > Hi all, > > Most sites more or less use https:// by default nowadays. However, it > has been suggested by quite a few people that you do not use the same > usernames when using tor. > > While for new sites it certainly

Re: [tor-talk] Tor and Spamhaus.

On 12 August 2016 at 14:18, wrote: > Question: why does Spamhaus in particular target exit nodes? Knowing Spamhaus, I'd guess that they don't target exit nodes per se, but rather that Tor has been used by spammers which has resulted in the block listings. Getting them

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 01:51, Nick Levinson wrote: > The FBI reportedly cracked Tor's security to crack a child porn case with > over 100 arrests of Tor users. I think what you'll find in such cases is that the FBI generally crack the servers hosting the illicit material,

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 08:37, Mirimir <miri...@riseup.net> wrote: > On 07/14/2016 12:23 AM, Jon Tullett wrote: >> Having pwned the server, a malware component is then injected to >> visiting computers. Ie: when the criminal visits the infected >> site, his PC is infected (

Re: [tor-talk] FBI cracked Tor security

On 17 July 2016 at 05:11, Mirimir wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/16/2016 08:21 PM, Jonathan Wilkes wrote: >>> I'm hardly asking for perfection. Just a little heads up for the >>> sheep. >> You're unwilling to even describe non-technical

Re: [tor-talk] FBI cracked Tor security

On 18 July 2016 at 14:57, Mirimir <miri...@riseup.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/18/2016 06:11 AM, Jon Tullett wrote: > >> Haroon Meer, who I greatly respect in the security space, describes >> UX complexity in terms of

Re: [tor-talk] FBI cracked Tor security

On 18 July 2016 at 18:15, Spencer <spencer...@openmailbox.org> wrote: > Hi, > >> >> Jon Tullett: >> you just asked a user to conduct a risk analysis. >> > > Who else should do it, someone less contextualized to their context? Context matters. Mirimir was

Re: [tor-talk] FBI cracked Tor security

On 18 July 2016 at 16:17, Mirimir <miri...@riseup.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/18/2016 07:33 AM, Jon Tullett wrote: >> On 18 July 2016 at 14:57, Mirimir <miri...@riseup.net> wrote: >>> -BEGIN PGP SIGNED MESSAGE--

Re: [tor-talk] FBI cracked Tor security

On 19 July 2016 at 08:31, Mirimir <miri...@riseup.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/18/2016 07:08 PM, Jon Tullett wrote: >> On 18 July 2016 at 16:17, Mirimir <miri...@riseup.net> wrote: >>> -BEGIN PGP SIGNED MESSAGE-

Re: [tor-talk] FBI cracked Tor security

On 19 July 2016 at 12:01, Mirimir <miri...@riseup.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/19/2016 03:50 AM, Jon Tullett wrote: >> On 19 July 2016 at 08:31, Mirimir <miri...@riseup.net> wrote: >>> -BEGIN PGP SIGNED MESSAGE--

Re: [tor-talk] FBI cracked Tor security

On 16 July 2016 at 01:46, Joe Btfsplk <joebtfs...@gmx.com> wrote: > On 7/15/2016 12:34 AM, Jon Tullett wrote: >> >> On 15 July 2016 at 01:23, Joe Btfsplk <joebtfs...@gmx.com> wrote: >>> >>> You're not really suggesting that users under hostile d

Re: [tor-talk] FBI cracked Tor security

On 14 July 2016 at 10:41, Mirimir wrote: > There is an aspect of visiting hostile onion sites that's especially > problematic: forcing direct clearnet connections that reveal users' > ISP-assigned IP addresses. It's irresponsible to continue recommending > only vulnerable

Re: [tor-talk] FBI cracked Tor security

On 15 July 2016 at 01:23, Joe Btfsplk <joebtfs...@gmx.com> wrote: > On 7/14/2016 2:34 PM, Jon Tullett wrote: >>> >>> 2. Aren't statements (from anyone) like, "... generally crack the >>> servers >>> hosting the illicit material, not Tor itself,

Re: [tor-talk] FBI cracked Tor security

On 15 July 2016 at 00:07, krishna e bera wrote: >> Should add that users with NoScript enabled would not have been >> vulnerable - I get the "noscript decreases privacy" argument, but I'd >> still kinda like it to be on by default to protect users. Maybe with a >> big red

Re: [tor-talk] FBI cracked Tor security

On 15 July 2016 at 05:36, Mirimir <miri...@riseup.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 07/14/2016 01:34 PM, Jon Tullett wrote: >> If a law enforcement agency cracked Tor, it would be a very >> significant development indeed.

Re: [tor-talk] Tor and Spamhaus.

there's nothing stopping a community of mail server operators setting up a network of email hosts using older standards. Well, apart from the inevitable spam and other abuse they'll have to deal with... -J > > -------- > On Sat, 8/13/16, Jon Tul

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 25 September 2016 at 20:14, Alec Muffett wrote: > An organisation's response to scraping seems typically the product of: > > 1) the technical resources at its disposal > 2) its ability to distinguish scraping from non-scraping traffic > 3) the benefit to the

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 7 October 2016 at 19:59, Mirimir <miri...@riseup.net> wrote: > On 10/07/2016 05:50 AM, Jon Tullett wrote: >> I find tracking that historical change to be useful because it reminds >> me that our expectations in the future will be different too. Our >> noti

Re: [tor-talk] Tor and Google error / CAPTCHAs.

On 7 October 2016 at 13:21, Mirimir wrote: > Reddit, in contrast, is a total free-for-all It really varies. Some subreddits are VERY heavily moderated, some are completely open, most are somewhere in between. Your experience of reddit is probably quite personal and likely to

Re: [tor-talk] New relays and bridges.

On 26 August 2016 at 06:53, eliaz wrote: > kl: >> On 8/21/2016 3:59:42 PM, laurelai bailey (laurelaist...@gmail.com) wrote: >>> But when tor.exe got integrated into the Tor browser, windows users (at >>> least me) have not been able to set up relays. >> >> From what I understand

Re: [tor-talk] Hardened Tor Browser for Windows

On 18 October 2016 at 03:18, Mirimir wrote: > On 10/17/2016 06:50 PM, I wrote: >> >>> >>> Running Tor on Windows makes little sense, >> >> Didn't Roger ask for more operating system diversity and mention Windows? > > Maybe he did. Cite? > > But nevertheless, in my opinion,

Re: [tor-talk] tor and BlackBerry

On 20 October 2016 at 20:24, Jason Long wrote: > Hello. > Tor developed for android but why not BlackBerry? BlackBerry devices based on > security and why tor not developed for them? > Have you tried running the Tor Android apps on BlackBerry? Doesn't BB support many

Re: [tor-talk] Cameras

On 22 November 2016 at 10:55, Ben Tasker wrote: > The problem with blocking the camera in software is that it can then be > unblocked in software (and still potentially without your permission). And not just

Re: [tor-talk] What is the different between Official TorBrowser and Browser4Tor?

On 26 November 2016 at 12:08, Jason Long wrote: > Hello. > I found a version of Tor in "http://torbrowser.sourceforge.net/;, But what is > the different between it and official TorBrowser? Is it a trust version? Apart from just looking dodgy as heck, it appears to have been

Re: [tor-talk] Cameras

On 24 November 2016 at 09:51, Dave Warren <da...@hireahit.com> wrote: > On Wed, Nov 23, 2016, at 22:41, Jon Tullett wrote: >> On 22 November 2016 at 10:55, Ben Tasker <b...@bentasker.co.uk> wrote: >> > The problem with blocking the camera in software is that

Re: [tor-talk] IoT Scanner - feedback for Tor (Exit) Nodes configuration

On 30 October 2016 at 10:57, wrote: > Take a look what is happening these days, please. A toaster was hacked within > one hour since connected to the internet: > >

Re: [tor-talk] Hacker and Tor.

On 30 November 2016 at 12:20, Jason Long wrote: > It just a question. ... > > Hello. > > If you browse a Cpanel via Tor for deface > > a website then can > > provider or Website > > admin find your real IP with some > > tricks? Any experiences? OK: yes. Step back a

Re: [tor-talk] blocking sinkholes and honeypots

On 7 March 2017 at 00:56, scar <s...@drigon.com> wrote: > Jon Tullett wrote on 03/03/2017 10:47 AM: >> >> On 28 February 2017 at 06:07, scar <s...@drigon.com> wrote: >>> >>> I believe we should encourage >>> sinkhole/honeypot operat

Re: [tor-talk] blocking sinkholes and honeypots

On 28 February 2017 at 06:07, scar wrote: > I believe we should encourage > sinkhole/honeypot operators to just block/ignore Tor exit IPs that connect > to their traps. what do you all think? Wouldn't that risk giving away the fact that it's a honeypot? -J -- tor-talk mailing

Re: [tor-talk] Tor, DNS leaks, and BrowserLeaks.com

On 13 August 2017 at 02:50, eric gisse wrote: > Oh, have they finally stopped putting ads into NXDOMAIN results after > years of ignoring requests to do so? Three years ago, apparently. -J -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change

Re: [tor-talk] Tor, DNS leaks, and BrowserLeaks.com

On 12 August 2017 at 13:59, eric gisse wrote: > Please don't use OpenDNS. They insert ads into lookups. Do you mean the OpenDNS search page? That used to serve ads when you tried to resolve a non-existent domain, but it was expired some time ago.

Re: [tor-talk] Shodan & Hidden Services

On 22 April 2017 at 00:35, Alec Muffett wrote: > So it turns out that Shodan - a kind of multi-protocol Google-alike search > engine for metadata and protocol headers - has indexed a bunch of Onion > sites which were configured to leak their (onion) hostnames into protocol

Re: [tor-talk] Shodan & Hidden Services

On 24 April 2017 at 10:33, Alec Muffett <alec.muff...@gmail.com> wrote: > On 24 April 2017 at 09:03, Jon Tullett <jon.tull...@gmail.com> wrote: > >> >> Interesting. What can you do with that? Can you tie them to specific >> hidden services? >> > &

Re: [tor-talk] Comments?

On 8 August 2017 at 19:18, Paul Syverson <paul.syver...@nrl.navy.mil> wrote: > On Mon, Aug 07, 2017 at 09:32:20AM +0200, Jon Tullett wrote: >> On 4 August 2017 at 02:05, Paul Syverson <paul.syver...@nrl.navy.mil> wrote: >> Curious to know - at a practical level,

Re: [tor-talk] Comments?

On 4 August 2017 at 02:05, Paul Syverson wrote: > On Thu, Aug 03, 2017 at 04:38:49PM -0700, Jacki M wrote: >> Comments on Paul Syverson Proposed attack? >> Paul Syverson - Oft Target: Tor adversary models that don't miss the mark >>

[tor-talk] Analysis of Tor bot behaviour

Very interesting, not just from the Tor connection issues. I get the impression the Tor devs are already in the loop on the specific issues raised. http://www.hackerfactor.com/blog/index.php?/archives/762-Attacked-Over-Tor.html -J -- tor-talk mailing list - tor-talk@lists.torproject.org To

Re: [tor-talk] Is there any societal use in Bitcoin?

On 7 September 2017 at 11:43, carlo von lynX <l...@time.to.get.psyced.org> wrote: > On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote: >> > This is still an alpha release >> > * Exchange implements the full Taler protocol, but does not integrate with >&

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

On 30 August 2017 at 19:18, Roger Dingledine wrote: > On Wed, Aug 30, 2017 at 03:07:37PM +0100, Ben Tasker wrote: >> So his suggestion is portrayed as not sacrificing much, but actually >> sacrifices quite a lot. > > This is a really important point. Thinking of onion space right

[tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

Blog post refers: http://www.hackerfactor.com/blog/index.php?/archives/773-Tor-and-the-Perfect-Storm.html Leaving aside the accusations of bias in the first part, what is the view of the proposal to force hidden services to rotate addresses? It appears to be philosophically anathema to Tor, and

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

On 30 August 2017 at 12:13, I wrote: >> Separately, I'm personally curious about Tor's reputation. Sure, some >> people paint it as a wretched hive of scum and villainy, but how >> widespread is that view, and is it a concern to anyone involved with >> the project? Has

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

On 30 August 2017 at 16:35, Andreas Krey <a.k...@gmx.de> wrote: > On Wed, 30 Aug 2017 15:55:36 +0000, Jon Tullett wrote: >> On 30 August 2017 at 15:02, Andreas Krey <a.k...@gmx.de> wrote: > ... >> > Facebook is a house. Tor is a street. >> >> Ah, a

Re: [tor-talk] Is there any societal use in Bitcoin?

On 5 September 2017 at 08:25, carlo von lynX wrote: > On Mon, Sep 04, 2017 at 08:35:17PM +0500, Roman Mamedov wrote: >> BTC wouldn't require "same timeframe" of 36 hours to transfer, it can be done >> within less than an hour. And with the recent developments in the

Re: [tor-talk] Is there any societal use in Bitcoin?

On 4 September 2017 at 13:40, Aymeric Vitte wrote: > > I think that you are mostly right except that it's not uninteresting at > all for normal people to evade the banks dictatorship, delays and fees > (what are you buying with this? what for? wiretransfer will take one >

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

On 30 August 2017 at 15:04, Alec Muffett <alec.muff...@gmail.com> wrote: > Hi Jon! > > On 30 August 2017 at 13:41, Jon Tullett <jon.tull...@gmail.com> wrote: > > First is that the technical advantages of Tor are not in question, and >> raising technical arguments i

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

On 30 August 2017 at 15:02, Andreas Krey <a.k...@gmx.de> wrote: > On Wed, 30 Aug 2017 14:41:52 +0000, Jon Tullett wrote: > ... >> And yet Facebook itself actively engages in censorship, > > Facebook is a house. Tor is a street. Ah, a motoring analogy. Now we're back in

Re: [tor-talk] Neal Krawetz's abcission proposal, and Tor's reputation

On 30 August 2017 at 13:15, Alec Muffett <alec.muff...@gmail.com> wrote: > On 30 August 2017 at 10:51, Jon Tullett <jon.tull...@gmail.com> wrote: > >> Blog post refers: >> http://www.hackerfactor.com/blog/index.php?/archives/773- >> Tor-and-the-Pe

Re: [tor-talk] donation via tbb

On 31 October 2017 at 07:07, x9p wrote: > On 2017-10-30 23:47, krishna e bera wrote: >> >> I tried to donate by Paypal via TBB (medium security setting) and got an >> error page when it was almost done: >> " >> Method not allowed >> Method not allowed. Must be one of: POST >> " > >

Re: [tor-talk] Finding "Good" neigbors

On 1 February 2018 at 10:21, Jason S. Evans wrote: > The Tor Project sent out an email yesterday, "Activists & News Orgs: > Onionize Your Sites Against Censorship". While I think it's a good > start. Is there a project in place to encourage legitimate websites to >