On 7 November 2014 05:39, Juan wrote:
> On Thu, 6 Nov 2014 15:51:15 -0500
> "Jim Smith" wrote:
>
>> Usually you won't go through the trouble of using Tor unless your
>> privacy is being attacked. Once you start using Tor it's easier to
>> justify surveillance because of Tor's reputation. Now afte
On 7 November 2014 20:13, Juan wrote:
> On Fri, 7 Nov 2014 13:04:38 +0200
> Jon Tullett wrote:
>
>> On 7 November 2014 05:39, Juan wrote:
>> > So why would people be tracked in the first place? Are
>> > you saying that the US
On 10 December 2014 at 01:22, wrote:
> Anything that google touches or promotes is very suspicious.
Anything that any corporation touches is suspicious by the same
measures, if you want to be sufficiently paranoid about it. You think
there's no Chinese spyware in Huawei phones, or that Apple is
On 11 December 2014 at 09:02, Yuri wrote:
> On 12/10/2014 22:54, Jon Tullett wrote:
>>
>> Yes. Get a forked device, like an Amazon Kindle Fire - such vendors
>> replace much of the Google software, often including the default app
>> store, with their own. But if you
On 20 March 2015 at 05:45, Rishab Nithyanand wrote:
> Hey all,
>
> I just thought I'd share and get feedback about some recent work from our
> team at Stony Brook University.
Interesting, thanks!
I do question one of the early assumptions, though: "Many games also
include the notion of private g
Hi Rishab
On 26 March 2015 at 14:37, Rishab Nithyanand wrote:
>
> Please correct me if I'm misunderstanding you. I think you don't buy some
> subset of the following implicit (I believe to be reasonable) assumptions
> that we make:
No, you're entirely correct about that :)
> (1) There is no c
On 27 March 2015 at 09:30, Mirimir wrote:
> On 03/27/2015 01:13 AM, Jon Tullett wrote:
>
>
>
>> And again, I don't think the paper is useless or uninteresting - I'm
>> not completely down on it :) I just don't think it's as effective as
>&
On 27 Mar 2015 15:05, "Rishab Nithyanand" wrote:
>
> Hey Jon.
>
> I think you do raise some very good points and this is a good debate to
> have.
I agree. And that, I think, is the point I'm trying to make - the fact that
these points are debatable suggests they shouldn't be taken as assumptions
Hi all
This was interesting - not sure if I've missed discussion of it here,
but I didn't find anything with a quick search.
https://chloe.re/2015/06/20/a-month-with-badonions/
Tl:dr; the author set up a very basic honeypot to detect potentially
abusive guard and exit nodes, and found some. (Que
Hi all
I have a couple of questions related to the Freedom Hosting saga.
Disclosure: I'm a journalist and I'm writing about this, but I won't
quote anyone without prior permission.
So:
My understanding is that NoScript shipped disabled in the TBB because
that would reduce the likelihood of the b
On 6 August 2013 16:31, Lunar wrote:
> Hi Jon,
>
> A few of your assumptions look incorrect. Here's some of my
> understandings.
Thanks Lunar, appreciate the input. You raise good points.
>
> Jon Tullett:
>> My understanding is that NoScript shipped disabled in t
On 7 August 2013 09:46, Roger Dingledine wrote:
> On Wed, Aug 07, 2013 at 09:28:17AM +0200, Jon Tullett wrote:
>> is there scope for better communicating to a user
>> (such as in the Tor browser homepage) that JS is enabled to improve
>> their browsing experience and enhanc
On Aug 12, 2013 6:16 PM, "Roger Dingledine" wrote:
>
> Hi folks,
>
> I rewrote our two FAQ entries on JavaScript-in-TBB, and merged them
> into one:
>
> https://www.torproject.org/docs/faq#TBBJavaScriptEnabled
>
I think it reads very well. Only change I would suggest would be to change
'cookie' t
On 29 June 2014 20:30, Mark McCarron wrote:
> Mick,
>
> Congratulations, so you found someone with a similar name what are the odds
> of that.
Probably fairly good odds, I guess - it can't be that unusual a name.
But just so we're clear: are you definitely not the same Mark McCarron
who designed
On 29 June 2014 21:45, Michael Wolf wrote:
>
> How do Snowden and the NSA slides titled "Tor Stinks" fit into your
> little conspiracy theory?
Conspiracy theory aside, I'm curious about these. I mean, p12: "How
does TOR handle DNS requests?...still investigating".
That seems remarkably clueless
Looks interesting. Has anyone reviewed it?
http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf
http://anongalactic.com/new-attack-on-tor-can-deanonymize-hidden-services-with-surprising-accuracy/
-J
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other se
On 3 August 2015 at 08:52, Roger Dingledine wrote:
> On Mon, Aug 03, 2015 at 08:50:54AM +0200, Jon Tullett wrote:
>> Looks interesting. Has anyone reviewed it?
>>
>> http://people.csail.mit.edu/devadas/pubs/circuit_finger.pdf
>> http://anongalactic.com/new-attack-on
On 14 July 2016 at 01:51, Nick Levinson wrote:
> The FBI reportedly cracked Tor's security to crack a child porn case with
> over 100 arrests of Tor users.
I think what you'll find in such cases is that the FBI generally crack
the servers hosting the illicit material, not Tor itself.
In other w
On 14 July 2016 at 08:37, Mirimir wrote:
> On 07/14/2016 12:23 AM, Jon Tullett wrote:
>> Having pwned the server, a malware component is then injected to
>> visiting computers. Ie: when the criminal visits the infected
>> site, his PC is infected (over that encrypted, secur
On 14 July 2016 at 12:52, wrote:
> On 14.07.16 09:23, Jon Tullett wrote:
>>
>> On 14 July 2016 at 01:51, Nick Levinson wrote:
>>>
>>> The FBI reportedly cracked Tor's security to crack a child porn case with
>>> over 100 arrests of Tor users.
>&
On 14 July 2016 at 21:17, Joe Btfsplk wrote:
> On 7/14/2016 1:23 AM, Jon Tullett wrote:
>>
>>
>> I think what you'll find in such cases is that the FBI generally crack
>> the servers hosting the illicit material, not Tor itself.
>>
> 1. Wasn't th
On 15 July 2016 at 00:07, krishna e bera wrote:
>> Should add that users with NoScript enabled would not have been
>> vulnerable - I get the "noscript decreases privacy" argument, but I'd
>> still kinda like it to be on by default to protect users. Maybe with a
>> big red "Turn on Javascript becau
On 15 July 2016 at 01:23, Joe Btfsplk wrote:
> On 7/14/2016 2:34 PM, Jon Tullett wrote:
>>>
>>> 2. Aren't statements (from anyone) like, "... generally crack the
>>> servers
>>> hosting the illicit material, not Tor itself," sort of a ma
On 15 July 2016 at 05:36, Mirimir wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/14/2016 01:34 PM, Jon Tullett wrote:
>> If a law enforcement agency cracked Tor, it would be a very
>> significant development indeed. The same agency using browser
>
On 14 July 2016 at 10:41, Mirimir wrote:
> There is an aspect of visiting hostile onion sites that's especially
> problematic: forcing direct clearnet connections that reveal users'
> ISP-assigned IP addresses. It's irresponsible to continue recommending
> only vulnerable setups, especially Tor b
On 16 July 2016 at 01:46, Joe Btfsplk wrote:
> On 7/15/2016 12:34 AM, Jon Tullett wrote:
>>
>> On 15 July 2016 at 01:23, Joe Btfsplk wrote:
>>>
>>> You're not really suggesting that users under hostile dictatorships or
>>> ones
>>> trying
On 17 July 2016 at 05:11, Mirimir wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/16/2016 08:21 PM, Jonathan Wilkes wrote:
>>> I'm hardly asking for perfection. Just a little heads up for the
>>> sheep.
>> You're unwilling to even describe non-technical users as human
>> beings,
On 18 July 2016 at 14:57, Mirimir wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 06:11 AM, Jon Tullett wrote:
>
>> Haroon Meer, who I greatly respect in the security space, describes
>> UX complexity in terms of his mum. As in, "coul
On 18 July 2016 at 16:17, Mirimir wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 07:33 AM, Jon Tullett wrote:
>> On 18 July 2016 at 14:57, Mirimir wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>>
>>&
On 18 July 2016 at 18:15, Spencer wrote:
> Hi,
>
>>
>> Jon Tullett:
>> you just asked a user to conduct a risk analysis.
>>
>
> Who else should do it, someone less contextualized to their context?
Context matters. Mirimir was asking for what amounts to a very
On 19 July 2016 at 08:31, Mirimir wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/18/2016 07:08 PM, Jon Tullett wrote:
>> On 18 July 2016 at 16:17, Mirimir wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>> A few years ago, I wro
On 19 July 2016 at 12:01, Mirimir wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 07/19/2016 03:50 AM, Jon Tullett wrote:
>> On 19 July 2016 at 08:31, Mirimir wrote:
>>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1
>>>
>>> On 07/18
On 12 August 2016 at 14:18, wrote:
> Question: why does Spamhaus in particular target exit nodes?
Knowing Spamhaus, I'd guess that they don't target exit nodes per se,
but rather that Tor has been used by spammers which has resulted in
the block listings. Getting them delisted will be exception
On 15 August 2016 at 11:29, shirish शिरीष wrote:
> Hi all,
>
> Most sites more or less use https:// by default nowadays. However, it
> has been suggested by quite a few people that you do not use the same
> usernames when using tor.
>
> While for new sites it certainly makes sense, for sites which
ecially not the
big public operators like Gmail, Yahoo, and Hotmail. But there's
nothing stopping a community of mail server operators setting up a
network of email hosts using older standards. Well, apart from the
inevitable spam and other abuse they'll have to deal with...
-J
On 26 August 2016 at 06:53, eliaz wrote:
> kl:
>> On 8/21/2016 3:59:42 PM, laurelai bailey (laurelaist...@gmail.com) wrote:
>>> But when tor.exe got integrated into the Tor browser, windows users (at
>>> least me) have not been able to set up relays.
>>
>> From what I understand it is better if To
On 25 September 2016 at 20:14, Alec Muffett wrote:
> An organisation's response to scraping seems typically the product of:
>
> 1) the technical resources at its disposal
> 2) its ability to distinguish scraping from non-scraping traffic
> 3) the benefit to the organisation of sieving-out and han
On 7 October 2016 at 13:21, Mirimir wrote:
> Reddit, in contrast, is a total free-for-all
It really varies. Some subreddits are VERY heavily moderated, some are
completely open, most are somewhere in between. Your experience of
reddit is probably quite personal and likely to be different from any
On 7 October 2016 at 19:59, Mirimir wrote:
> On 10/07/2016 05:50 AM, Jon Tullett wrote:
>> I find tracking that historical change to be useful because it reminds
>> me that our expectations in the future will be different too. Our
>> notions of privacy and security, for
On 18 October 2016 at 03:18, Mirimir wrote:
> On 10/17/2016 06:50 PM, I wrote:
>>
>>>
>>> Running Tor on Windows makes little sense,
>>
>> Didn't Roger ask for more operating system diversity and mention Windows?
>
> Maybe he did. Cite?
>
> But nevertheless, in my opinion, Windows is too snoopy.
On 20 October 2016 at 20:24, Jason Long wrote:
> Hello.
> Tor developed for android but why not BlackBerry? BlackBerry devices based on
> security and why tor not developed for them?
>
Have you tried running the Tor Android apps on BlackBerry? Doesn't BB
support many Android apps via emulation?
On 30 October 2016 at 10:57, wrote:
> Take a look what is happening these days, please. A toaster was hacked within
> one hour since connected to the internet:
>
> https://www.theatlantic.com/technology/archive/2016/10/we-built-a-fake-web-toaster-and-it-was-hacked-in-an-hour/505571/
Not that I
On 22 November 2016 at 10:55, Ben Tasker wrote:
> The problem with blocking the camera in software is that it can then be
> unblocked in software (and still potentially without your permission).
And not just
cameras...https://www.wired.com/2016/11/great-now-even-headphones-can-spy/
Software con
On 24 November 2016 at 09:51, Dave Warren wrote:
> On Wed, Nov 23, 2016, at 22:41, Jon Tullett wrote:
>> On 22 November 2016 at 10:55, Ben Tasker wrote:
>> > The problem with blocking the camera in software is that it can then be
>> > unblocked in software (and sti
On 26 November 2016 at 12:08, Jason Long wrote:
> Hello.
> I found a version of Tor in "http://torbrowser.sourceforge.net/";, But what is
> the different between it and official TorBrowser? Is it a trust version?
Apart from just looking dodgy as heck, it appears to have been last
updated in 2013
On 30 November 2016 at 12:20, Jason Long wrote:
> It just a question.
...
> > Hello.
> > If you browse a Cpanel via Tor for deface
> > a website then can
> > provider or Website
> > admin find your real IP with some
> > tricks? Any experiences?
OK: yes.
Step back a little. Rephrase it as "
On 28 February 2017 at 06:07, scar wrote:
> I believe we should encourage
> sinkhole/honeypot operators to just block/ignore Tor exit IPs that connect
> to their traps. what do you all think?
Wouldn't that risk giving away the fact that it's a honeypot?
-J
--
tor-talk mailing list - tor-talk@l
On 7 March 2017 at 00:56, scar wrote:
> Jon Tullett wrote on 03/03/2017 10:47 AM:
>>
>> On 28 February 2017 at 06:07, scar wrote:
>>>
>>> I believe we should encourage
>>> sinkhole/honeypot operators to just block/ignore Tor exit IPs that
>>>
On 22 April 2017 at 00:35, Alec Muffett wrote:
> So it turns out that Shodan - a kind of multi-protocol Google-alike search
> engine for metadata and protocol headers - has indexed a bunch of Onion
> sites which were configured to leak their (onion) hostnames into protocol
> headers.
Interesting.
On 24 April 2017 at 10:33, Alec Muffett wrote:
> On 24 April 2017 at 09:03, Jon Tullett wrote:
>
>>
>> Interesting. What can you do with that? Can you tie them to specific
>> hidden services?
>>
>
> Sometimes. See sample results in my Twitter thread:
>
&
Very interesting, not just from the Tor connection issues. I get the
impression the Tor devs are already in the loop on the specific issues
raised.
http://www.hackerfactor.com/blog/index.php?/archives/762-Attacked-Over-Tor.html
-J
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsub
On 4 August 2017 at 02:05, Paul Syverson wrote:
> On Thu, Aug 03, 2017 at 04:38:49PM -0700, Jacki M wrote:
>> Comments on Paul Syverson Proposed attack?
>> Paul Syverson - Oft Target: Tor adversary models that don't miss the mark
>> https://www.youtube.com/watch?v=dGXncihWzfw
>>
> More seriously.
On 8 August 2017 at 19:18, Paul Syverson wrote:
> On Mon, Aug 07, 2017 at 09:32:20AM +0200, Jon Tullett wrote:
>> On 4 August 2017 at 02:05, Paul Syverson wrote:
>> Curious to know - at a practical level, have you actually tried any of
>> it in practice, or had any contac
On 12 August 2017 at 13:59, eric gisse wrote:
> Please don't use OpenDNS. They insert ads into lookups.
Do you mean the OpenDNS search page? That used to serve ads when you
tried to resolve a non-existent domain, but it was expired some time
ago. https://umbrella.cisco.com/blog/2014/05/29/no-more
On 13 August 2017 at 02:50, eric gisse wrote:
> Oh, have they finally stopped putting ads into NXDOMAIN results after
> years of ignoring requests to do so?
Three years ago, apparently.
-J
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
htt
Blog post refers:
http://www.hackerfactor.com/blog/index.php?/archives/773-Tor-and-the-Perfect-Storm.html
Leaving aside the accusations of bias in the first part, what is the
view of the proposal to force hidden services to rotate addresses?
It appears to be philosophically anathema to Tor, and p
On 30 August 2017 at 12:13, I wrote:
>> Separately, I'm personally curious about Tor's reputation. Sure, some
>> people paint it as a wretched hive of scum and villainy, but how
>> widespread is that view, and is it a concern to anyone involved with
>> the project? Has it been studied/researched a
On 30 August 2017 at 13:15, Alec Muffett wrote:
> On 30 August 2017 at 10:51, Jon Tullett wrote:
>
>> Blog post refers:
>> http://www.hackerfactor.com/blog/index.php?/archives/773-
>> Tor-and-the-Perfect-Storm.html
>>
>> Leaving aside the accusations of
On 30 August 2017 at 15:04, Alec Muffett wrote:
> Hi Jon!
>
> On 30 August 2017 at 13:41, Jon Tullett wrote:
>
> First is that the technical advantages of Tor are not in question, and
>> raising technical arguments in what quickly becomes an ethical debate
>> tends to
On 30 August 2017 at 15:02, Andreas Krey wrote:
> On Wed, 30 Aug 2017 14:41:52 +0000, Jon Tullett wrote:
> ...
>> And yet Facebook itself actively engages in censorship,
>
> Facebook is a house. Tor is a street.
Ah, a motoring analogy. Now we're back in my comfo
On 30 August 2017 at 16:35, Andreas Krey wrote:
> On Wed, 30 Aug 2017 15:55:36 +0000, Jon Tullett wrote:
>> On 30 August 2017 at 15:02, Andreas Krey wrote:
> ...
>> > Facebook is a house. Tor is a street.
>>
>> Ah, a motoring analogy.
>
> Not at all. You
On 30 August 2017 at 19:18, Roger Dingledine wrote:
> On Wed, Aug 30, 2017 at 03:07:37PM +0100, Ben Tasker wrote:
>> So his suggestion is portrayed as not sacrificing much, but actually
>> sacrifices quite a lot.
>
> This is a really important point. Thinking of onion space right now as
> the sum
On 4 September 2017 at 13:40, Aymeric Vitte wrote:
>
> I think that you are mostly right except that it's not uninteresting at
> all for normal people to evade the banks dictatorship, delays and fees
> (what are you buying with this? what for? wiretransfer will take one
> week + absurd taxes not e
On 5 September 2017 at 08:25, carlo von lynX
wrote:
> On Mon, Sep 04, 2017 at 08:35:17PM +0500, Roman Mamedov wrote:
>> BTC wouldn't require "same timeframe" of 36 hours to transfer, it can be done
>> within less than an hour. And with the recent developments in the BTC world,
>> both transaction
On 7 September 2017 at 11:43, carlo von lynX
wrote:
> On Tue, Sep 05, 2017 at 08:50:20AM +0200, Jon Tullett wrote:
>> > This is still an alpha release
>> > * Exchange implements the full Taler protocol, but does not integrate with
>> > traditional banking systems
&g
On 31 October 2017 at 07:07, x9p wrote:
> On 2017-10-30 23:47, krishna e bera wrote:
>>
>> I tried to donate by Paypal via TBB (medium security setting) and got an
>> error page when it was almost done:
>> "
>> Method not allowed
>> Method not allowed. Must be one of: POST
>> "
>
>
> Paypal (or xy
On 1 February 2018 at 10:21, Jason S. Evans wrote:
> The Tor Project sent out an email yesterday, "Activists & News Orgs:
> Onionize Your Sites Against Censorship". While I think it's a good
> start. Is there a project in place to encourage legitimate websites to
> Onionize?
Alec Muffett's a good
67 matches
Mail list logo