On 6 August 2013 16:31, Lunar lu...@torproject.org wrote:
Hi Jon,
A few of your assumptions look incorrect. Here's some of my
understandings.
Thanks Lunar, appreciate the input. You raise good points.
Jon Tullett:
My understanding is that NoScript shipped disabled in the TBB
NoScript
On 7 August 2013 09:46, Roger Dingledine a...@mit.edu wrote:
On Wed, Aug 07, 2013 at 09:28:17AM +0200, Jon Tullett wrote:
is there scope for better communicating to a user
(such as in the Tor browser homepage) that JS is enabled to improve
their browsing experience and enhance privacy
On 29 June 2014 20:30, Mark McCarron mark.mccar...@live.co.uk wrote:
Mick,
Congratulations, so you found someone with a similar name what are the odds
of that.
Probably fairly good odds, I guess - it can't be that unusual a name.
But just so we're clear: are you definitely not the same Mark
On 29 June 2014 21:45, Michael Wolf mikew...@riseup.net wrote:
How do Snowden and the NSA slides titled Tor Stinks fit into your
little conspiracy theory?
Conspiracy theory aside, I'm curious about these. I mean, p12: How
does TOR handle DNS requests?...still investigating.
That seems
On 7 November 2014 05:39, Juan juan@gmail.com wrote:
On Thu, 6 Nov 2014 15:51:15 -0500
Jim Smith jimsmi...@safe-mail.net wrote:
Usually you won't go through the trouble of using Tor unless your
privacy is being attacked. Once you start using Tor it's easier to
justify surveillance
On 7 November 2014 20:13, Juan juan@gmail.com wrote:
On Fri, 7 Nov 2014 13:04:38 +0200
Jon Tullett jon.tull...@gmail.com wrote:
On 7 November 2014 05:39, Juan juan@gmail.com wrote:
So why would people be tracked in the first place? Are
you saying that the US
On 10 December 2014 at 01:22, andr...@fastmail.fm wrote:
Anything that google touches or promotes is very suspicious.
Anything that any corporation touches is suspicious by the same
measures, if you want to be sufficiently paranoid about it. You think
there's no Chinese spyware in Huawei
On 27 Mar 2015 15:05, Rishab Nithyanand rishabn@gmail.com wrote:
Hey Jon.
I think you do raise some very good points and this is a good debate to
have.
I agree. And that, I think, is the point I'm trying to make - the fact that
these points are debatable suggests they shouldn't be taken
On 20 March 2015 at 05:45, Rishab Nithyanand rishabn@gmail.com wrote:
Hey all,
I just thought I'd share and get feedback about some recent work from our
team at Stony Brook University.
Interesting, thanks!
I do question one of the early assumptions, though: Many games also
include the
Hi all
This was interesting - not sure if I've missed discussion of it here,
but I didn't find anything with a quick search.
https://chloe.re/2015/06/20/a-month-with-badonions/
Tl:dr; the author set up a very basic honeypot to detect potentially
abusive guard and exit nodes, and found some.
Looks interesting. Has anyone reviewed it?
http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf
http://anongalactic.com/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/
-J
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other
On 3 August 2015 at 08:52, Roger Dingledine a...@mit.edu wrote:
On Mon, Aug 03, 2015 at 08:50:54AM +0200, Jon Tullett wrote:
Looks interesting. Has anyone reviewed it?
http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf
http://anongalactic.com/new-attack-on-tor-can-deanonymize-hidden
On 14 July 2016 at 21:17, Joe Btfsplk <joebtfs...@gmx.com> wrote:
> On 7/14/2016 1:23 AM, Jon Tullett wrote:
>>
>>
>> I think what you'll find in such cases is that the FBI generally crack
>> the servers hosting the illicit material, not Tor itself.
>>
On 14 July 2016 at 12:52, <m...@beroal.in.ua> wrote:
> On 14.07.16 09:23, Jon Tullett wrote:
>>
>> On 14 July 2016 at 01:51, Nick Levinson <nick_levin...@yahoo.com> wrote:
>>>
>>> The FBI reportedly cracked Tor's security to crack a child porn case wi
On 15 August 2016 at 11:29, shirish शिरीष wrote:
> Hi all,
>
> Most sites more or less use https:// by default nowadays. However, it
> has been suggested by quite a few people that you do not use the same
> usernames when using tor.
>
> While for new sites it certainly
On 12 August 2016 at 14:18, wrote:
> Question: why does Spamhaus in particular target exit nodes?
Knowing Spamhaus, I'd guess that they don't target exit nodes per se,
but rather that Tor has been used by spammers which has resulted in
the block listings. Getting them
On 14 July 2016 at 01:51, Nick Levinson wrote:
> The FBI reportedly cracked Tor's security to crack a child porn case with
> over 100 arrests of Tor users.
I think what you'll find in such cases is that the FBI generally crack
the servers hosting the illicit material,
On 14 July 2016 at 08:37, Mirimir <miri...@riseup.net> wrote:
> On 07/14/2016 12:23 AM, Jon Tullett wrote:
>> Having pwned the server, a malware component is then injected to
>> visiting computers. Ie: when the criminal visits the infected
>> site, his PC is infected (
On 17 July 2016 at 05:11, Mirimir wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
>>> I'm hardly asking for perfection. Just a little heads up for the
>>> sheep.
>> You're unwilling to even describe non-technical
On 18 July 2016 at 14:57, Mirimir <miri...@riseup.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>
>> Haroon Meer, who I greatly respect in the security space, describes
>> UX complexity in terms of
On 18 July 2016 at 18:15, Spencer <spencer...@openmailbox.org> wrote:
> Hi,
>
>>
>> Jon Tullett:
>> you just asked a user to conduct a risk analysis.
>>
>
> Who else should do it, someone less contextualized to their context?
Context matters. Mirimir was
On 18 July 2016 at 16:17, Mirimir <miri...@riseup.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 07:33 AM, Jon Tullett wrote:
>> On 18 July 2016 at 14:57, Mirimir <miri...@riseup.net> wrote:
>>> -BEGIN PGP SIGNED MESSAGE--
On 19 July 2016 at 08:31, Mirimir <miri...@riseup.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 07:08 PM, Jon Tullett wrote:
>> On 18 July 2016 at 16:17, Mirimir <miri...@riseup.net> wrote:
>>> -BEGIN PGP SIGNED MESSAGE-
On 19 July 2016 at 12:01, Mirimir <miri...@riseup.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/19/2016 03:50 AM, Jon Tullett wrote:
>> On 19 July 2016 at 08:31, Mirimir <miri...@riseup.net> wrote:
>>> -BEGIN PGP SIGNED MESSAGE--
On 16 July 2016 at 01:46, Joe Btfsplk <joebtfs...@gmx.com> wrote:
> On 7/15/2016 12:34 AM, Jon Tullett wrote:
>>
>> On 15 July 2016 at 01:23, Joe Btfsplk <joebtfs...@gmx.com> wrote:
>>>
>>> You're not really suggesting that users under hostile d
On 14 July 2016 at 10:41, Mirimir wrote:
> There is an aspect of visiting hostile onion sites that's especially
> problematic: forcing direct clearnet connections that reveal users'
> ISP-assigned IP addresses. It's irresponsible to continue recommending
> only vulnerable
On 15 July 2016 at 01:23, Joe Btfsplk <joebtfs...@gmx.com> wrote:
> On 7/14/2016 2:34 PM, Jon Tullett wrote:
>>>
>>> 2. Aren't statements (from anyone) like, "... generally crack the
>>> servers
>>> hosting the illicit material, not Tor itself,
On 15 July 2016 at 00:07, krishna e bera wrote:
>> Should add that users with NoScript enabled would not have been
>> vulnerable - I get the "noscript decreases privacy" argument, but I'd
>> still kinda like it to be on by default to protect users. Maybe with a
>> big red
On 15 July 2016 at 05:36, Mirimir <miri...@riseup.net> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/14/2016 01:34 PM, Jon Tullett wrote:
>> If a law enforcement agency cracked Tor, it would be a very
>> significant development indeed.
there's
nothing stopping a community of mail server operators setting up a
network of email hosts using older standards. Well, apart from the
inevitable spam and other abuse they'll have to deal with...
-J
>
> --------
> On Sat, 8/13/16, Jon Tul
On 25 September 2016 at 20:14, Alec Muffett wrote:
> An organisation's response to scraping seems typically the product of:
>
> 1) the technical resources at its disposal
> 2) its ability to distinguish scraping from non-scraping traffic
> 3) the benefit to the
On 7 October 2016 at 19:59, Mirimir <miri...@riseup.net> wrote:
> On 10/07/2016 05:50 AM, Jon Tullett wrote:
>> I find tracking that historical change to be useful because it reminds
>> me that our expectations in the future will be different too. Our
>> noti
On 7 October 2016 at 13:21, Mirimir wrote:
> Reddit, in contrast, is a total free-for-all
It really varies. Some subreddits are VERY heavily moderated, some are
completely open, most are somewhere in between. Your experience of
reddit is probably quite personal and likely to
On 26 August 2016 at 06:53, eliaz wrote:
> kl:
>> On 8/21/2016 3:59:42 PM, laurelai bailey (laurelaist...@gmail.com) wrote:
>>> But when tor.exe got integrated into the Tor browser, windows users (at
>>> least me) have not been able to set up relays.
>>
>> From what I understand
On 18 October 2016 at 03:18, Mirimir wrote:
> On 10/17/2016 06:50 PM, I wrote:
>>
>>>
>>> Running Tor on Windows makes little sense,
>>
>> Didn't Roger ask for more operating system diversity and mention Windows?
>
> Maybe he did. Cite?
>
> But nevertheless, in my opinion,
On 20 October 2016 at 20:24, Jason Long wrote:
> Hello.
> Tor developed for android but why not BlackBerry? BlackBerry devices based on
> security and why tor not developed for them?
>
Have you tried running the Tor Android apps on BlackBerry? Doesn't BB
support many
On 22 November 2016 at 10:55, Ben Tasker wrote:
> The problem with blocking the camera in software is that it can then be
> unblocked in software (and still potentially without your permission).
And not just
On 26 November 2016 at 12:08, Jason Long wrote:
> Hello.
> I found a version of Tor in "http://torbrowser.sourceforge.net/;, But what is
> the different between it and official TorBrowser? Is it a trust version?
Apart from just looking dodgy as heck, it appears to have been
On 24 November 2016 at 09:51, Dave Warren <da...@hireahit.com> wrote:
> On Wed, Nov 23, 2016, at 22:41, Jon Tullett wrote:
>> On 22 November 2016 at 10:55, Ben Tasker <b...@bentasker.co.uk> wrote:
>> > The problem with blocking the camera in software is that
On 30 October 2016 at 10:57, wrote:
> Take a look what is happening these days, please. A toaster was hacked within
> one hour since connected to the internet:
>
>
On 30 November 2016 at 12:20, Jason Long wrote:
> It just a question.
...
> > Hello.
> > If you browse a Cpanel via Tor for deface
> > a website then can
> > provider or Website
> > admin find your real IP with some
> > tricks? Any experiences?
OK: yes.
Step back a
On 7 March 2017 at 00:56, scar <s...@drigon.com> wrote:
> Jon Tullett wrote on 03/03/2017 10:47 AM:
>>
>> On 28 February 2017 at 06:07, scar <s...@drigon.com> wrote:
>>>
>>> I believe we should encourage
>>> sinkhole/honeypot operat
On 28 February 2017 at 06:07, scar wrote:
> I believe we should encourage
> sinkhole/honeypot operators to just block/ignore Tor exit IPs that connect
> to their traps. what do you all think?
Wouldn't that risk giving away the fact that it's a honeypot?
-J
--
tor-talk mailing
On 13 August 2017 at 02:50, eric gisse wrote:
> Oh, have they finally stopped putting ads into NXDOMAIN results after
> years of ignoring requests to do so?
Three years ago, apparently.
-J
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change
On 12 August 2017 at 13:59, eric gisse wrote:
> Please don't use OpenDNS. They insert ads into lookups.
Do you mean the OpenDNS search page? That used to serve ads when you
tried to resolve a non-existent domain, but it was expired some time
ago.
On 22 April 2017 at 00:35, Alec Muffett wrote:
> So it turns out that Shodan - a kind of multi-protocol Google-alike search
> engine for metadata and protocol headers - has indexed a bunch of Onion
> sites which were configured to leak their (onion) hostnames into protocol
On 24 April 2017 at 10:33, Alec Muffett <alec.muff...@gmail.com> wrote:
> On 24 April 2017 at 09:03, Jon Tullett <jon.tull...@gmail.com> wrote:
>
>>
>> Interesting. What can you do with that? Can you tie them to specific
>> hidden services?
>>
>
&
On 8 August 2017 at 19:18, Paul Syverson <paul.syver...@nrl.navy.mil> wrote:
> On Mon, Aug 07, 2017 at 09:32:20AM +0200, Jon Tullett wrote:
>> On 4 August 2017 at 02:05, Paul Syverson <paul.syver...@nrl.navy.mil> wrote:
>> Curious to know - at a practical level,
On 4 August 2017 at 02:05, Paul Syverson wrote:
> On Thu, Aug 03, 2017 at 04:38:49PM -0700, Jacki M wrote:
>> Comments on Paul Syverson Proposed attack?
>> Paul Syverson - Oft Target: Tor adversary models that don't miss the mark
>>
Very interesting, not just from the Tor connection issues. I get the
impression the Tor devs are already in the loop on the specific issues
raised.
http://www.hackerfactor.com/blog/index.php?/archives/762-Attacked-Over-Tor.html
-J
--
tor-talk mailing list - tor-talk@lists.torproject.org
To
On 7 September 2017 at 11:43, carlo von lynX
<l...@time.to.get.psyced.org> wrote:
> On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote:
>> > This is still an alpha release
>> > * Exchange implements the full Taler protocol, but does not integrate with
>&
On 30 August 2017 at 19:18, Roger Dingledine wrote:
> On Wed, Aug 30, 2017 at 03:07:37PM +0100, Ben Tasker wrote:
>> So his suggestion is portrayed as not sacrificing much, but actually
>> sacrifices quite a lot.
>
> This is a really important point. Thinking of onion space right
Blog post refers:
http://www.hackerfactor.com/blog/index.php?/archives/773-Tor-and-the-Perfect-Storm.html
Leaving aside the accusations of bias in the first part, what is the
view of the proposal to force hidden services to rotate addresses?
It appears to be philosophically anathema to Tor, and
On 30 August 2017 at 12:13, I wrote:
>> Separately, I'm personally curious about Tor's reputation. Sure, some
>> people paint it as a wretched hive of scum and villainy, but how
>> widespread is that view, and is it a concern to anyone involved with
>> the project? Has
On 30 August 2017 at 16:35, Andreas Krey <a.k...@gmx.de> wrote:
> On Wed, 30 Aug 2017 15:55:36 +0000, Jon Tullett wrote:
>> On 30 August 2017 at 15:02, Andreas Krey <a.k...@gmx.de> wrote:
> ...
>> > Facebook is a house. Tor is a street.
>>
>> Ah, a
On 5 September 2017 at 08:25, carlo von lynX
wrote:
> On Mon, Sep 04, 2017 at 08:35:17PM +0500, Roman Mamedov wrote:
>> BTC wouldn't require "same timeframe" of 36 hours to transfer, it can be done
>> within less than an hour. And with the recent developments in the
On 4 September 2017 at 13:40, Aymeric Vitte wrote:
>
> I think that you are mostly right except that it's not uninteresting at
> all for normal people to evade the banks dictatorship, delays and fees
> (what are you buying with this? what for? wiretransfer will take one
>
On 30 August 2017 at 15:04, Alec Muffett <alec.muff...@gmail.com> wrote:
> Hi Jon!
>
> On 30 August 2017 at 13:41, Jon Tullett <jon.tull...@gmail.com> wrote:
>
> First is that the technical advantages of Tor are not in question, and
>> raising technical arguments i
On 30 August 2017 at 15:02, Andreas Krey <a.k...@gmx.de> wrote:
> On Wed, 30 Aug 2017 14:41:52 +0000, Jon Tullett wrote:
> ...
>> And yet Facebook itself actively engages in censorship,
>
> Facebook is a house. Tor is a street.
Ah, a motoring analogy. Now we're back in
On 30 August 2017 at 13:15, Alec Muffett <alec.muff...@gmail.com> wrote:
> On 30 August 2017 at 10:51, Jon Tullett <jon.tull...@gmail.com> wrote:
>
>> Blog post refers:
>> http://www.hackerfactor.com/blog/index.php?/archives/773-
>> Tor-and-the-Pe
On 31 October 2017 at 07:07, x9p wrote:
> On 2017-10-30 23:47, krishna e bera wrote:
>>
>> I tried to donate by Paypal via TBB (medium security setting) and got an
>> error page when it was almost done:
>> "
>> Method not allowed
>> Method not allowed. Must be one of: POST
>> "
>
>
On 1 February 2018 at 10:21, Jason S. Evans wrote:
> The Tor Project sent out an email yesterday, "Activists & News Orgs:
> Onionize Your Sites Against Censorship". While I think it's a good
> start. Is there a project in place to encourage legitimate websites to
>
62 matches
Mail list logo