Thanks for the heads up 👍
On December 6, 2018 3:52:43 PM EST, Karsten Loesing
wrote:
>Hi,
>
>if you're not pulling CSV files from the Tor Metrics website in an
>automated fashion, you can stop reading now.
>
>We just scheduled some changes to the Tor Metrics CSV files in the
>Performance and the
ck into use. The way it
shook out, Cupcake users only wound up contributing ~6mb a day at most
because there are many more Cupcake users than people who were using the
flash proxy option on Tor Browser. With Snowflake, the balance might
shift a bit, so it will be interesting to see what happens t
Even on a fairly fast connection, 2.6TB would take quite a
while...
~Griffin
--
On Sun, Apr 03, 2016 at 5:24 PM, Ivan Markin < t...@riseup.net
[t...@riseup.net] > wrote:
Recently someone leaked enormous amount of docs (2.6 TiB) to the
journalists [1]. It's still hard to do such thin
erestingly, there is a version of tesseract in javascript [2]. This
is probably not especially useful for the current "select all boxes that
contain one pixel of street sign" Recaptcha system, but if there were a
way to trigger the old behavior, these techniques could be used
toge
Hey all,
There have been quite a few bug reports that discuss incompatibility with
various Firefox extensions and with websites. In most cases, I can't
replicate
these bugs -- either because the extension in question has been patched,
the
website reported no longer exists, or the issue can't be
am curious why you chose CoffeeScript for the proxy, rather than
JavaScript.
woot,
Griffin
--
“I did then what I knew then, & when I knew better, I did better.”
― Maya Angelou
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.t
sure
that UX-related tickets for the website get seen, making the keywords
more granular but including usability wouldn't be a bad approach.
best,
Griffin
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
That way, we can quickly see both severity and priority when looking
at large lists of bugs that we might want to patch.
best,
Griffin
David Goulet wrote:
> Hello tor-dev!
>
> While 028 bug triaging, we realized that we *really* need priorities to
> not be a banana field depriv
, so why bother' [0].
Ongoing research does a lot of good here, but some people will never be
swayed.
~Griffin
[0] "Is your relay hiding BOLSHEVIKS?"
> Re: socially connected. That's interesting. I'll see what I can do.
> Chat more in Berlin.
>
> -V
> On Thu, 2
ther interesting look into the workings of black markets -- many of
which no longer exist. Curious to see what you all think and what
analyses you'd like to see from this kind of data.
best,
Griffin
[1] http://atechdad.com/Deanonymizing-Darknet-Data/
[2] http://www.gwern.net/Black-market
ke their existing service also an onion service may need to
adjust their configuration manually. Currently, Stormy lives on my
github page [2], though once it passes a security audit, the goal is for
it to live within Tor's git repositories.
best,
Griffin
[1] Cupcake's audit took about
istribution make the
most sense.
best,
Griffin
[1] http://imgur.com/a/EIR80
[2] https://github.com/glamrock/satori
[3] [the Chrome version's been out for more than a year]
--
“Sometimes the questions are complicated and the answers are simple.”
― Dr. Seuss
___
If a few people
did that, the costs might be more manageable. But also the stats might
be a bit harder to aggregate (which might be important if David is
writing a thesis/paper/etc).
Either way, way to go =)
best,
Griffin
--
“Sometimes the questions are
u have been trainers from
Pakistan, and I'd imagine that as you say they are hoping to reach more
users who don't speak English. But I'm not actually sure how to really
measure need based on these individual interactions.
best,
Griffin
--
“Sometimes the questions a
David Fifield wrote:
Griffin Boyce wrote:
Both populations also have a large number of speakers: ~300M for
Hindi
and ~66M for Urdu.
I was really surprised; Hindi is the third-most spoken language in the
world, trailing only Mandarin and English. Of the top 10 languages in
this Wikipedia
not survive until
trial due to mob violence).
The situation in India is a bit different, but their need for online
privacy much the same as like Pakistan they are subject to mass
surveillance.
Both populations also have a large number of speakers: ~300M for Hindi
and ~66M for Urdu.
Wha
So, just to clarify, this would be 10pm EST on Tuesday or Wednesday
night, correct?
~Griffin
On 2015-04-06 16:31, Brandon Wiley wrote:
I can't do 0200 UTC on Wednesdays. I could potentially do 0200 on some
Thursdays.
On Mon, Apr 6, 2015 at 3:06 PM, isis wrote:
Last chance.
roup
them.
~Griffin
--
“Sometimes the questions are complicated and the answers are simple.”
― Dr. Seuss
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Tyrano Sauro wrote:
This is funny
Oh, I agree :D There was an outtake where Karen (development
director) was walking around with a tiny orange tree saying "Orange
Routing! Orange Routing!" It was pretty great ^_^
~Griffin
--
“Sometimes the questions are complicated and the a
rning
to download the new Tor Browser.
best,
Griffin
--
“Sometimes the questions are complicated and the answers are simple.”
― Dr. Seuss
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Hey all,
I was just wondering if it's possible to get a gpg-signed list of
sha256 checksums for the Tor Browser. The website only shows the
current version's list of hashes. Which is really useful, but it would
be great to have them all if possible.
thanks,
Griffin
--
“Som
g new entries there is probably your best bet. However, if
people submit issues or pull requests to my repo, I'll send a bibtex
entry to anonbib.
The readme probably still has some errant formatting errors:
https://github.com/glamrock/anonbib
that was a fun distraction,
Griffin
--
&q
ks for this - I actually did not know about this feature. I have
a long list of trackers that I want added, so this might not be an ideal
long-term solution. Though right now I'm distributing via S3 directly.
~Griffin
--
"The apparent safety of modern life is just a shallow skin atop
an
#x27;t have the
time to keep up with that. January there should be a semi-automated
system in place to release updates as torrents.
~Griffin
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Quite sure ;-) There's a real risk in trying to be everything to
everyone. Not only does everything have to be created and documented,
but maintained long-term. Bash scripts are straightforward for these
tasks, as is ansible, VMs much less so, and GUIs very difficult.
best,
Griffin
dden service?
A: Please don't use this in production until firewall settings are in
place.
Q: Are there firewall settings in place?
A: Not yet - the current setup is entirely for development and should
not be used as-is.
best,
Griffin
--
"I believe that usability is a security concern
Fair. What are your thoughts about possible trade-offs with anonymity when
using a CA-signed cert?
On November 14, 2014 9:38:02 PM EST, Jacob Appelbaum
wrote:
>On 11/15/14, Griffin Boyce wrote:
>> Lee wrote:
>>>> c) Get .onion IANA reserved
>>>
>>> It d
Lee wrote:
c) Get .onion IANA reserved
It doesn't look like that's going to happen.
Yeah. Though the biggest use-case for cert+onion is when trying to
match a clearnet service to a hidden service -- such as Facebook or
Erowid.
perhaps it "used to exist" a long time ago,
or I wrote down an example URL.
best,
Griffin
--
"I believe that usability is a security concern; systems that do
not pay close attention to the human interaction factors involved
risk failing to provide security
ou need/want in terms of documentation.
best,
Griffin
PS: yes I'm aware of the hilarious timing of this trip.
On November 9, 2014 7:50:00 AM EST, George Kadianakis
wrote:
>Hidden Service authorization is a pretty obscure feature of HSes, that
>can be quite useful for small-to-med
ll =) There are some good ways
to discuss hidden services -- even outside of the easier pitches like
whistleblower protection, hidden services are really awesome and need
more positive attention from the outside non-hardcore-nerd world.
best,
Griffin
== Such References ==
[1] https://gith
or me are: how much of a gain is possible? and
what is the right balance between number of relays and speed of those
relays? and I suspect that until something is tried, it may just be
speculation.
best,
Griffin
[2] No one should be running an exit from home, and no one who is asking
me a
.
Better for press organizations to provide potential whistleblowers with
easily-understood documentation and try to be as pervasive an option as
possible.
~Griffin
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
-contest is installed and then asking if the user would like
it to be removed. If y'all have other recommendations, please comment
here or on the ticket.
Ticket: https://trac.torproject.org/projects/tor/ticket/13154
thanks!
Griffin
--
"I believe that usability is a security concern; sy
gouts.[4]
best,
Griffin
[1] https://github.com/ioerror/freenote
[2] Of course, if someone shares the links further, there can be privacy
issues.
[3] Satori: https://github.com/glamrock/Satori
[4] and jitsi never recognizes my fucking microphones =/
On 2014-08-15 21:43, Jordan wrote:
Hi, t
ng
obfs2 bridges to those areas. But on the whole I agree that giving
those out is problematic. Unless they comprise a large portion of
bridges, maybe it's time to phase them out of bridgeDB (not
necessarily TBB).
best,
Griffin
- --
Wherever truth, love and laughter abide, I am there
As an aside, I'm happy that 'huggable transports' [1] is a thing now
:D
best,
Griffin
[1] https://twitter.com/abditum/status/431665969627672576
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
In addition to explicitly forbidding newlines, perhaps it would be a good idea
to either strip them entirely or ignore any value with a newline.
--
Sent from my tracking device. Please excuse brevity and cat photos.___
tor-dev mailing list
tor-dev@lists
ul as just giving an option to select language.
best,
Griffin
[1] https://github.com/glamrock/stormy
[2] There are several good options here that I've used in the past.
With an eye toward avoiding Apache, the current roster includes Ghost,
Crabgrass, MoinMoin, ejabberd, just a basic webserv
ely to confuse/demoralize people.
~Griffin
On 2014-05-16 01:56, David Stainton wrote:
Hi, What is going on with that cute otter hidden service publishing
project?
What do people think about having it use the Tahoe-LAFS Onion Grid and
lafs-rpg instead of telling users to run their own webservers?
iner will allow transports to be
chained together to form more varieties of transports and make them
harder to detect and block. You can read more about it here: [0].
That's *awesome* ^_^ Please keep us all in the loop! Very excited to
see how your project progresses.
best,
Griffi
Hey Naif,
Have you considered making something with STEM? Granted, it probably
isn't *quite* what you're looking for, but might get you closer:
https://stem.torproject.org
best,
Griffin
On 2014-04-21 04:46, Fabio Pietrosanti (naif) wrote:
Hi all,
does anyone know of any work
ticed similar behavior when using flashproxy?
~Griffin
* who is a hacker
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
otorus.git
[branch "master"]
remote = origin
merge = refs/heads/master
You could also clone to new directory, change the origin to tor,
then push each branch. Unless there are just tons of branches, this
should only take a couple of minutes =)
best,
Griffin
On 04/01
Hello all,
Is there a plan to port TBB for chromebooks?
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
thing to `git clone`
as a dev, but makes it possible for a user to visit the page and
download a zip file for their language and the signature to verify it.
Of course, if every project did this, it would change the equation a
bit for censors, but we won't know until we try ;-)
~Griffin
[0]
user downloads are
tracked via mobile phones in the target areas, but my assumption is
100%. Having said that, I'd like to know more -- and it makes absolute
sense for something like Orbot to be distributed friend-to-friend via
BlueTooth or something like BitTorrent Sync.
~Griffin
gpg: 879B DA5
stalling Google Chrome to gain access.[1]
It's not perfect, but at least for the user groups I talk to, they are
realistic solutions to a really tricky problem.
~Griffin
[0] cross-posted upon recommendation of David Fifield
[1] most users can't figure out how to download e
On 2014-02-24 12:59, Roger Dingledine wrote:
I see this was answered on irc, but to answer it here for completeness:
it is my understanding that the Tuesday dev meeting will be held on
Tuesday this week. :)
Is this for little-t tor, or more user-facing projects like TBB?
~Griffin
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
OpenITP & TA3M have had a python dev ask if STEM or txtorcon need
assistance =) For more details, talk to Sandy (sandraordo...@openitp.org).
~Griffin
- Original Message
Subject: [OpenITP Dev] Do u needa Python & Ja
to a known obfsproxy bridge, then they can make
an educated guess that the person is using both Tor and obfsproxy. With
flashproxy, this is of much less concern given address diversity. With
bananaphone, it wouldn't really apply at all as far as I can
tion isn't something that's thought a lot about in the US,
which unfortunately is where a lot of large websites are based.
Unblocking all or portions of [big website] can be extremely helpful to
at-risk groups of people, and that's not always obvious to sysops.
~Griffin
Il 31.12.2013
et to *not* automatically create/save drafts.
Works like a charm. =)
~Griffin
[1] http://i.imgur.com/HWzAiJ3.gif
Il 06.12.2013 05:10 Nima Fatemi ha scritto:
It doesn't have anything to do with TorBirdy. All you really have to
do,
is to have Encryption on by default in Enigmail.
Your
t of inexpensive (and ubiquitous) routers
somewhat trumps having open-hardware torouters available for purchase.
But all work in this area is a true labor of love, and it makes sense
for people to pool their efforts where they feel the greatest impact can
be made.
~Griffin
(unsurprisingly, I spea
e's blessed apps than for
independent solutions. This is either a good thing or a bad thing,
depending on your outlook (broader userbase vs. better-educated users).
abusing his parenthetical privileges,
Griffin
[1] Page 11 of:
https://developer.apple.com/library/mac/documentation/security/conce
am incredibly honored to be using
flashproxy as the basis for this project.
thanks again,
Griffin
- --
Be kind, for everyone you meet is fighting a hard battle.
PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97
OTR: sa...@jabber.ccc.de
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/
Nima Fatemi wrote:
> Griffin Boyce:
>> After chatting with Runa, decided to go ahead and post this to the
>> list. If strings could be updated/finalized by early December, that
>> would help the process a lot. =)
> Planing to post it on Transifex? or link me if yo
o the
list. If strings could be updated/finalized by early December, that
would help the process a lot. =)
best,
Griffin
--
Be kind, for everyone you meet is fighting a hard battle.
PGP: 0xD9D4CADEE3B67E7AB2C05717E331FD29AE792C97
OTR: sa...@jabber.ccc.de
ersion of TBB. This would also free Tor as an organization from having
to sign agreements. (Though this may contravene Apple's terms).
- Actively decide to continue without being blessed by Apple, but
focusing instead on educating Mac users about their application security
option
tly
researching how I managed to be the only person to show up to the Otter
IM meeting. You don't want to be more tardy than me =P
But if there are times that work better for people, let Tom know or
post on the list in some sort of obvious way.
forever tardy,
Griffin
--
Be kind, for every
nds of
daily users, then that might be an acceptable precedent to set :-D
Though I am slightly saddened that I'll never own "notatrap.onion" ;-)
~Griffin
PS: thanks for doing this, Christian!
--
Be kind, for everyone you meet is fighting a hard battle.
PGP: 0xD9D4CADEE3B67E7AB2C
On 10/29/2013 07:30 PM, Tom Lowenthal wrote:
> Any questions or suggestions?
>
> -Tom
Is this a "tor dev" thing, or a "devs who work on tor-related projects
but who are not part of tor" thing?
~Griffin
--
"Cypherpunks write code not flame wars." --Jurre
sed by
the extension (in Chrome at least), so this seems to make some amount of
sense. [2]
Does anyone have any thoughts on this?
~Griffin
[1]
https://chrome.google.com/webstore/detail/cupcake/dajjbehmbnbppjkcnpdkaniapgdppdnc
[2] http://blog.kotowicz.net/2012/02/intro-to-chrome-addons-ha
up with a plan to set
proper defaults.
~Griffin
Mike Perry & Sukhbir Singh wrote:
> - No OTR support yet
> + OTR support tickets:
> https://bugzilla.instantbird.org/show_bug.cgi?id=877
> https://bugzilla.mozilla.org/show_bug.cgi?id=779052
> + For a st
ome amount of protection when downloading random bits
of code.
~Griffin
- --
"Cypherpunks write code not flame wars." --Jurre van Bergen
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
My posts are my own, not my employer's.
-BEGIN PGP SIGNATURE-
Version: GnuPG
I would actually really appreciate the old numbers (from ~2007-8/2013)
being kept online. Estimating growth over time and mapping spikes is
kind of a big deal to me. =)
~Griffin
On 09/16/2013 02:28 PM, Karsten Loesing wrote:
> Hi everyone,
>
> some of you may already know our new ap
I thought we were having it at noon EST tomorrow. If no one else
shows up, maybe we can have a discussion about cats or something. (Or
just show up in #tor-dev and start talking about pluggable transports
until it turns into a meeting ;-) )
~Griffin
Kevin P Dyer wrote:
> Hi all,
>
>
That day and time work well for me -- thanks for setting this up! =)
~Griffin
On 09/06/2013 04:58 AM, Vmon wrote:
> I sent this email quite a while ago and I was surprised that nobody
> was interested/replied. Today I found out that I had sent it to a
> wrong address. But here we ar
I've updated the Cupcake extension already. Thanks for the heads up. :)
~ Griffin
--
Sent from a phone, please excuse fatfingers and grammatical errors.
On Jun 30, 2013 5:55 PM, "David Fifield" wrote:
> On Thu, Apr 25, 2013 at 01:32:08AM -0700, David Fifield wrote:
>
n't really help out with development, but am happy to help test. =)
Is all of this in a git repo somewhere?
best,
Griffin
--
Just another hacker in the City of Spies.
#Foucault / PGP: 0xAE792C97 / OTR: sa...@jabber.ccc.de
My posts, while frequently amusing, are not representative o
al that would be. Of
course, there's really nothing keeping an independent actor from making
this and offering it as a firefox plugin for those who might want to use it.
Thoughts?
~Griffin
--
Technical Program Associate, Open Technology Institute
#Foucault /
Jacob Appelbaum wrote:
> Yes, it is. I'm working on it and so are a number of other people.
>
> All the best,
> Jacob
Good to hear. Is there a tentative date for a beta release?
best,
Griffin
___
tor-dev mailing list
tor-dev@lis
ve project.
>
I only sort-of agree. Installing/updating with opkg is problematic for
the reasons you mention, but I work on an OpenWRT-based project, and we
manually install/update rather than use opkg. (But we're also working with
a model where people may not have realistic inter
Hello all,
So I'm part of a team working on wireless mesh, and Torouter has come up
a few times this week. Is it actively being developed? Given the state of
the roadmap [1], I'd sort of assumed it was inactive or on hiatus, but
others had heard differently.
thanks,
Gri
th points to the same place).
> https://trac.torproject.org/projects/tor/ticket/7160 is the ticket.
>
> David Fifield
I'll push an update to Cupcake [1] that has permissions on the new domain.
~Griffin
[1]
https://chrome.google.com/webstore/detail/cupcake/dajjbehmbnbppjkcnpdkaniapgdp
dialects are
critically important, but tools made in China aren't necessarily trusted.
(Though this is probably owing to the extreme levels of infiltration in
activist communities there). But tools that aren't trusted might be used
more often than non-translated alternatives.
.
b.org
http://3g2upl4pq6kufc4m.onion.to
best,
Griffin
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
tly I was thinking more
pre-configured bundles for common ISP(s).
~Griffin
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
d and then
configured. All of these people so far have had the means to spend $150ish
a month on the required hosting, they just felt that getting it running was
a stumbling block.
Thoughts?
~Griffin
--
"What do you think Indians are supposed to look like?
What's the real differe
h number of bridges per day in
the past would be great, in addition to the graph now. I know
it's likely an estimate, but it would help outsiders like me make
calculations. =)
~Griffin
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://
e of deployment, we may need to make
> changes to the proxy program quickly.
>
> David Fifield
>
Sounds good to me. I don't think it would be too difficult to get a couple
thousand users through the Chrome Web Store.
Best,
Griffin Boyce
_
the Stanford project site's embed page. If there's
much interest in this, I'll switch to a dedicated site since it's maybe not
fair to send that many requests to them ^_^;
Input, ideas, and tomatoes welcome =)
Best,
Griffin Boyce
--
"What do you think Indians are supp
82 matches
Mail list logo
