Hi I wanted to bring your attention to this recent Tor attack paper
published at the CCS conference:
https://arxiv.org/pdf/1808.07285.pdf
> We show that with moderate learning, DeepCorr can correlate Tor
> connections (and therefore break its anonymity) with accuracies significantly
> high
> with the exact same
> restrictions and semantics as the Location HTTP header
Maybe that should be 'syntax'? Semantics would mean that the header
behaves the same way right? But it doesn't. Location is a prompt-less
redirect, O-L is a prompted redirect. Additionally, O-L has an
additional rest
Georg Koppen:
> FYI: the proposal is now the first Tor Browser proposal:
> https://gitweb.torproject.org/tor-browser-spec.git/tree/proposals/100-onion-location-header.txt
Sounds great. One nit:
| Website operators should be aware that tools like tordnsel have
| false positive potential (they migh
Hi,
On 20/09/18 17:03, Ian Goldberg wrote:
> To be clear, the place this is used in otr is exactly to build the
> released *source tarball* from git, so that even the source tarball is
> reproducible. The binary package builders then build (reproducible)
> binaries from the reproducible source ta
George Kadianakis:
> Georg Koppen writes:
>
>> [ text/plain ]
>> George Kadianakis:
>>> As discussed in this mailing list and in IRC, I'm posting a subsequent
>>> version of this proposal. Basic improvements:
>>> - Uses a new custom HTTP header, instead of Alt-Svc or Location.
>>> - Does not do a
