> ## Circumvention Settings Map
Do we ever see FallbackDirs censored but relays not? Not sure if that's useful.
It seems like this entire data structure could be condensed into a
very small format (2 bytes per country; maybe even 1 byte if you
dropped a few things). 2 bytes per country-name; 4 co
On Thu, 10 Oct 2019 at 10:37, George Kadianakis wrote:
> So are you suggesting that we can still do SOCKS error codes? But as
> David said, some of the errors we care about are after the descriptor
> fetch, so how would we do those?
Only 'X'F3' Onion Service Rendezvous Failed' - right?
I think D
On Mon, 5 Aug 2019 at 18:33, Tom Ritter wrote:
>
> On Tue, 2 Jul 2019 at 09:23, Tom Ritter wrote:
> > Or... something else? Very interested in what David/asn think since
> > they worked on #30382 ...
>
> I never updated this thread after discussing with people on irc.
&
4, Daniel Micay wrote:
>
> On Sat, Aug 17, 2019 at 09:17:40PM +, Tom Ritter wrote:
> > On Sat, 17 Aug 2019 at 15:06, procmem at riseup.net
> > wrote:
> > > Question for the Tor Browser experts. Do you know if it is possible to
> > > remotely fingerpr
> The only way to guarantee catching early allocator use is to switch
> the system's allocator (ie, libc itself) to the new one. Otherwise,
> the application will end up with two allocator implementations being
> used: the application's custom one and the system's, included and used
> within libc (
Okay I'm going to try and clear up a lot of misconceptions and stuff
here. I don't own Firefox's memory allocator but I have worked in it,
recently, and am one of the people who are working on hardening it.
Firefox's memory allocator is not jemalloc. It's probably better
referred to as mozjemallo
On Sat, 17 Aug 2019 at 15:06, proc...@riseup.net wrote:
> Question for the Tor Browser experts. Do you know if it is possible to
> remotely fingerprint the browser based on the memory allocator it is
> using? (via JS or content rendering)
Fingerprint what aspect of the browser/machine?
> We are
On Tue, 2 Jul 2019 at 09:23, Tom Ritter wrote:
> Or... something else? Very interested in what David/asn think since
> they worked on #30382 ...
I never updated this thread after discussing with people on irc.
So the implementation of
SOCKS-error-code-for-an-Onion-Service-need
On Tue, 2 Jul 2019 at 13:42, Mark Smith wrote:
>
> On 6/21/19 8:50 PM, Tom Ritter wrote:
> > The attached is a draft proposal for allowing tor to lie to an
> > application about the SOCKS connection enabling it to send data
> > optimistically.
> >
> > It'
-tom
On Sat, 22 Jun 2019 at 00:50, Tom Ritter wrote:
>
> The attached is a draft proposal for allowing tor to lie to an
> application about the SOCKS connection enabling it to send data
> optimistically.
>
> It's going to need some fleshing out in ways I am not familiar
best path forward for bringing back Tor Browser's
optimistic SOCKS behavior.
-tom
Filename: xxx-optimistic-socks-in-tor.txt
Title: Optimistic SOCKS Data
Author: Tom Ritter
Created: 21-June-2019
Status: Draft
Ticket: #5915
0. Abstract
We propose that tor should have a SocksPort option t
On Thu, 16 May 2019 at 11:20, George Kadianakis wrote:
> 3) Duration of Activity ("DoA")
>
> The USENIX paper uses the period of time during which circuits send and
> receive cells to distinguish circuit types. For example, client-side
> introduction circuits are really short
New development:
https://webkit.org/blog/8613/intelligent-tracking-prevention-2-1/
In particular:
-
WebKit implemented partitioned caches more than five years ago. A
partitioned cache means cache entries for third-party resources are
double-keyed to their origin and the first-party eTLD+1
On Fri, 18 Jan 2019 at 21:00, Richard Pospesel wrote:
> The Double-Keyed Redirect Cookies + 'Domain Promotion' tries to fix this
> multiple/hidden session problem by promoting the cookies of double-keyed
> websites to first-party status in the case where the originating domain is
> positively iden
I spent some time reading through the Mix and Match proposal. I'm not
sure I understand it.
In particular, I am confused about:
The proposal seems to focus heavily on what we do with state we
receive as part of the redirect. Do we promote it, do we leave it
double keyed. It doesn't seem to explai
On Tue, Oct 23, 2018, 12:15 PM Alec Muffett wrote:
>
> The world has changed since Tor was first invented; perhaps it's time that
> we stopped trying to hide the fact that we are using Tor? Certainly we
> should attempt to retain the uniformity across all tor users - everybody
> using Firefox on
On Wed, 26 Sep 2018 at 06:51, wrote:
> ...
I want to compare your proposal with the simple situation of "If the
server gets a connection from a Tor exit node, return Location:
blah.onion." (This would also separate the cookie space)
If I understand your proposal correctly, the differences are:
On Mon, Sep 24, 2018, 12:46 PM Nathaniel Suchy wrote:
> Hi everyone,
>
> Cloudflare has added support to TLS 1.3 for encrypted server name
> indication (SNI). This mailing list post is a high level overview of how
> meek could take advantage of this in relation to Cloudflare who until just
> now
> with the exact same
> restrictions and semantics as the Location HTTP header
Maybe that should be 'syntax'? Semantics would mean that the header
behaves the same way right? But it doesn't. Location is a prompt-less
redirect, O-L is a prompted redirect. Additionally, O-L has an
additional rest
On 29 August 2018 at 16:11, Mike Perry wrote:
> Ideally, I would like us to perform A/B experiments to ensure that our
> performance metrics do not degrade in terms of average *or* quartile
> range/performance variance. (Ie: alternate torflow results for a week vs
> sbws for a week, and repeat for
tor is in OSS-Fuzz, and I recently found this very slick dashboard
that shows you just what coverage tor is getting out of it:
https://storage.googleapis.com/oss-fuzz-coverage/tor/reports/20180829/linux/report.html
Thought I'd share in case others hadn't seen it (I think it's fairly new.)
-tom
__
I'm happy and prepared to run sbws and torflow side by side. I'm a
little less swamped than I was a month ago. I don't need a debian
package; I'd rather run it from a git clone.
I think the only things I can't do are
a) give you access to the box directly (but I can make whatever
files/logs/raw r
On 7 July 2018 at 13:07, Iain Learmonth wrote:
> Hi,
>
> I've had a go at implementing this for my personal blog. Here are some
> things:
Good feedback!
> My personal website is a static site (mostly). In my implementation, I
> took a list of all possible HTML URLs (excluding images, stylesheets
I'm happy to run a sbws alongside my torflow. It will let us compare bw
numbers apples to apples too. My only difficulty is being unable to spend
significant time to diagnose why it doesn't work, if it doesn't work.
If it's at the point I should give it a shot, point me at some instructions
:)
-
d the flag. This is particularly useful for !ReachableIPv6
On 9 March 2018 at 13:55, teor wrote:
>
>
>> On 9 Mar 2018, at 20:28, Tom Ritter wrote:
>>
>> I have tested it on Tor Browser and High Security Slider, seems to
>> work for me, but I want feedback on the UX an
After #1 is decided, we can convert past bwauth data, can't we? If
it's helpful I can (at some point) compare your data against
historical (converted) data as I've been doing:
https://tomrittervg.github.io/bwauth-tools/
-tom
On 18 March 2018 at 20:22, Matt Traudt wrote:
> I've made some good pr
r consensus when you click the <- button;
but I have to give some more thought to how I want to display that.
(And it's more complicated in general.)
-tom
On 7 March 2018 at 15:43, nusenu wrote:
>
>
> Tom Ritter:
>> teor suggested the other day that it'd be really us
teor suggested the other day that it'd be really useful to be able to
see the vote data for a single relay; since the _entire_ detailed page
is huge and unwieldy.
I've been pondering how I could support this without complicating the
server, which results in a few constraints:
a) I really don't wan
On 17 February 2018 at 00:31, isis agora lovecruft
wrote:
> 1. Tuesdays @ 18:00 UTC (10:00 PST/13:00 EST/20:00 CET/05:00+1 AEDT)
This time works for me.
-tom
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.org/cgi-bin/mai
I think the doctor notification is the best mechanism.
I'm not opposed to adding more graphs to consensus-health, but I think
I'd want to coordinate with the metrics team. There was talk about
them absorbing consensus health in some capacity, so I'd prefer to
avoid doing a lot of work on graphs if
terface available to it? The response after all is going
> likely always be much larger than the request.
teor suggested compressing and streaming from disk?
-tom
Filename: xxx-expose-bwauth_votes.txt
Title: Have Directory Authorities expose raw bwauth vote documents
Author: Tom Ritter
Created:
Sending two replies, with an updated proposal in the second.
On 11 December 2017 at 18:38, teor wrote:
>> It should make the file available
>> at
>> http:///tor/status-vote/next/bwauth.z
>
> We shouldn't use next/ unless we're willing to cache a copy of the file
> we actually used to vote. If w
On 8 January 2018 at 20:56, teor wrote:
> Add a torrc option and descriptor line to opt-in as a FallbackDir [4]
Setting a config entry is easy and requires no thought. It's easy to
set without understanding the requirements or implications. Getting a
personal email and request for one's relay to
I'm not sure, but I think
https://trac.torproject.org/projects/tor/ticket/21377 needed a
proposal so I tried to write one up.
-tom
Filename: xxx-expose-bwauth_votes.txt
Title: Have Directory Authorities expose raw bwauth vote documents
Author: Tom Ritter
Created: 11-December-2017
Status: Op
On 8 December 2017 at 15:48, teor wrote:
>
> On 9 Dec 2017, at 03:27, Tom Ritter wrote:
>
>>> We introduce a new HTTP header called "Onion-Location" with the exact same
>>> restrictions and semantics as the Location HTTP header.
>>
>> For refer
On 8 December 2017 at 09:06, George Kadianakis wrote:
> As discussed in this mailing list and in IRC, I'm posting a subsequent
> version of this proposal. Basic improvements:
> - Uses a new custom HTTP header, instead of Alt-Svc or Location.
> - Does not do auto-redirect; it instead suggests the o
On 15 November 2017 at 05:35, Alec Muffett wrote:
> Apologies, I am waiting for a train and don't have much bandwidth, so I will
> be brief:
>
> 1) There is no point in issuing to anyone unless
> they are accessing via an exit node.
>
> 2) It's inefficient to issue the header upon every web acce
I am a big proponent of websites advertising .onions in their Alt-Srv.
On 14 November 2017 at 06:51, George Kadianakis wrote:
> 3.1. User education through notifications
>
>To minimize the probability of users freaking out about auto-redirects Tor
>Browser could inform the user that the
On 6 October 2017 at 04:48, Karsten Loesing wrote:
> - tasks we're missing or that we're listing as long-term goals (Q4/2018
> or later) that you think should have higher priority over the tasks we
> picked for the time until Q3/2018,
bwauth related things, such as:
- How much do bwauths agree?
On 16 June 2017 at 13:15, Roger Dingledine wrote:
> On Fri, Jun 16, 2017 at 02:08:53PM -0400, Nick Mathewson wrote:
>> With proposal 227 in 0.2.6.3-alpha, we added a way for authorities to
>> vote on e.g. the latest versions of the torbrowser package.
>>
>> It appears we aren't actually using that
On 20 April 2017 at 10:09, Ian Goldberg wrote:
> On Thu, Apr 20, 2017 at 10:54:21AM -, relayopera...@openmailboxbeta.com
> wrote:
>> Hi Tom!
>> since maatuska's bwscanner is down [1] I see a significant drop of traffic
>> on many of my relays, and I believe this is related.
>> Do you have an
On 6 April 2017 at 07:53, Donncha O'Cearbhaill wrote:
> Tom Ritter:
>> It seems reasonable but my first question is the UI. Do you have a
>> proposal? The password field UI works, in my opinion, because it
>> shows up when the password field is focused on. Assuming one
On 1 April 2017 at 09:22, Nur-Magomed wrote:
> Hi Tom,
> I've updated Proposal[1] according to your recommendations.
>
> 1) https://storm.torproject.org/grain/ECCJ3Taeq93qCvPJoWJkkY/
Looks good to me!
> 2017-03-31 19:46 GMT+03:00 Tom Ritter :
>>
>> On 31 March 2
On 31 March 2017 at 10:27, Nur-Magomed wrote:
>> I think we'd want to enhance this form. IIRC the 'Details' view is
>> small and obtuse and it's not easy to review. I'm not saying we
>> _should_ create these features, but here are a few I brainstormed:
>
> Yes, actually that form only shows "Key:
On 28 March 2017 at 16:22, Nur-Magomed wrote:
> Hi, Georg,
> Thank you!
>
>> We should have a good user interface ready giving the user at least an
>> explanation on what is going on and a way to check what is about to be
>> sent.
>
> I've also thought about that, I suppose we could just put text
It seems reasonable but my first question is the UI. Do you have a
proposal? The password field UI works, in my opinion, because it
shows up when the password field is focused on. Assuming one uses the
mouse to click on it (and doesn't tab to it from the username) - they
see it.
How would you com
Hi Nur-Magomed,
Great to have you interested in this!
So we would want to use the Crash Reporter that's built into Mozilla
Firefox (which is called Breakpad, and is adapted from Chromium). At
a high level, I would break down the project into the following
sections:
1) Get the crash reporter bui
On Fri, Mar 17, 2017 at 2:07 AM, Kartikey singh
wrote:
> Hi I'm interested in Make Tor Browser Faster gsoc project. Please guide me
> for the same.
Hi Kartikey,
For Tor, the best place to discuss this is on the tor-dev mailing
list, which I've included. You should susbcribe and we can talk about
On 29 November 2016 at 13:55, teor wrote:
>
> All of the above seem like a good idea.
>
>> - prop273: Exit relay pinning for web services ?
>
> This got some negative feedback on the mailing list that I tend to agree with,
> the proposal should either be shelved, or heavily modified to address th
On Oct 29, 2016 12:52 PM, "Yawning Angel" wrote:
>
> On Sat, 29 Oct 2016 11:51:03 -0200
> Daniel Simon wrote:
> > > Solution proposed - Static link the Tor Browser Bundle with musl
> > > libc.[1] It is a simple and fast libc implementation that was
> > > especially crafted for static linking. Thi
On May 9, 2016 9:15 AM, "Daniel Simon" wrote:
>
> Hello.
>
> How it's currently done - The Tor Browser Bundle is dynamically linked
> against glibc.
>
> Security problem - The Tor Browser Bundle has the risk of information
> about the host system's library ecosystem leaking out onto the
> network.
The info I gave you was for Tor Browser, the the latter (about session
ID) is actually wrong. TBB disables both.
https://trac.torproject.org/projects/tor/ticket/20447#ticket
https://gitweb.torproject.org/tor-browser.git/tree/security/manager/ssl/nsNSSComponent.cpp?h=tor-browser-45.4.0esr-6.5-1#n72
The minorest of comments.
On 7 October 2016 at 15:06, George Kadianakis wrote:
>For example here is a snippet from a torrc file:
>OnionNamePlugin 0 .hosts /usr/local/bin/local-hosts-file
>OnionNamePlugin 1 .zkey /usr/local/bin/gns-tor-wrapper
>OnionNamePlugi
I think directing users to an onion service would be significantly
simpler and better in several regards. Aside from the 'onion severs
can't get DV SSL certs' problem are there others Yawning or I have not
mentioned?
As far as the proposal goes itself, I agree with Roger that the
problem of user
On 12 September 2016 at 03:37, Rob van der Hoeven
wrote:
> One thing bothers me. The update requests graph never touches zero. It
> should, because that would mean that all Tor browsers have been updated.
> 100.000 seems to be the lowest value.
I'm not surprised by this at all. I think a very com
On 5 July 2016 at 14:34, Damian Johnson wrote:
> Hi Tom, just food for thought but another option would be a cron task
> that pulls the repos and runs that if there's a change. That's what I
> do for stem's website so it reflects the changes I push.
I think that's a good model for webpages-backed
Hi all,
Hoping someone can help me out here... I'd like to add a job to
jenkins that runs the depictor command (`python write_website.py`)
whenever a commit is made to the dev repo master branch[0] OR stem's
master branch. (If I could only have one I'd pick stem's.)
Historically, one of the reaso
Well, the consensus is the ultimate root of trust for the Tor network.
Sample: http://171.25.193.9:443/tor/status-vote/current/consensus
It's a very large ASCII document, and you'd need to hardcode one or
more DirAuth keys. But it has a timestamp in it. You could provide
older consensuses to the s
On 16 June 2016 at 18:45, Amogh Pradeep wrote:
> Hey guys,
>
> This is my second status report for GSoC 2016.
>
> I’ve finally managed to rebase things to ESR 45.2.0 :D [0].
> But unfortunately, I think that what it is build on is unstable, so we don’t
> have an ask ready yet.
> I will continue t
Have you checked the data directory of the Bright Authority? I think
the data is in a file called networkstatus-bridges ?
-tom
On 7 June 2016 at 09:39, Nicholas R. Parker (RIT Student)
wrote:
> I've got a quick question for you all.
> I have a functioning bridge directory authority and a bridge
On 30 April 2016 at 09:56, Nicolas Gailly wrote:
> On 04/29/2016 05:13 PM, Tom Ritter wrote:
>>> The mechanism is similar for
>>> witnesses that went offline. The parent of an offline witness will
>>> set the bit
>>> in the bitmap of the failed witne
On 25 April 2016 at 07:32, Nicolas Gailly wrote:
> They can / should
> probably
> publish logs of the statements they witness or simply make available
> a public
> mirror of everything that its tree roster has been asked to sign.
This mirror can be 'unprotected' in the sense that you just
On 29 March 2016 at 02:29, Sebastian Hahn wrote:
> I've been wondering about the private_nets const in src/or/policies. It
> was added in a96c0affcb4cda1a2e0d83d123993d10efc6e396 but Nick doesn't
> remember why, and I'm hoping someone has an idea (maybe teor, who I've
> CCed here, who documented t
On 15 March 2016 at 10:52, Martin Kepplinger wrote:
> Hi,
>
> I try to configure OpenWRT in a way that it will only allow outgoing
> connections if it is Tor. Basically it is the opposite of "blacklisting
> exit relays on servers": "whitelisting (guard) relays for clients". It
> should *not* run T
On 25 February 2016 at 21:00, SMTP Test wrote:
> Hi all,
>
> I try to set up a Tor private network. I found two tutorials online
> (http://liufengyun.chaos-lab.com/prog/2015/01/09/private-tor-network.html
> and https://ritter.vg/blog-run_your_own_tor_network.html) but seems that
> they both are ou
On 7 December 2015 at 13:51, Philipp Winter wrote:
> I spent some time improving the existing relay uptime visualisation [0].
> Inspired by a research paper [1], the new algorithm uses single-linkage
> clustering with Pearson's correlation coefficient as distance function.
> The idea is that relay
On 18 November 2015 at 16:32, David Fifield wrote:
> There was an unfortunate outage of meek-amazon (not the result of
> censorship, just operations failure). Between 30 September and 9 October
> the bridge had an expired HTTPS certificate.
> [tor-talk] Outage of meek-amazon
>
> h
On 29 October 2015 at 11:25, Nick Mathewson wrote:
>There are two possible ways a new connection to a directory
>authority can be established, directly by a TCP connection to the
>DirPort, or tunneled inside a Tor circuit and initiated with a
>begindir cell. The client can origina
On 5 November 2015 at 16:37, wrote:
> At 11:47 11/5/2015 -0600, Tom Ritter wrote:
>> . . .
>>So them falling between the slices would be my
>>best guess. . .
>
> Immediately comes to mind that dealing
> with the changing consensus while
> scanning migh
because of
the process model
12:29 < mikeperry:#tor-dev> though maybe we could have the
subprocesses continue on for multiple slices
So them falling between the slices would be my best guess. The
tedious way to confirm it would be to look at the consensus at the
times each slice began (in bws-d
' was used to test
> other relays but was not tested
> itself.
>
> Can you look in the database files
> to see if any obvious reason for
> this exists? These relays are
> very fast, Stable-flagged relays
> that rank near the top of the
> Blutmagie list.
>
>
&g
A 10GB network connection is not a requirement, 1GB would be fine,
500MB would also be fine. Mine is 4 core, Intel(R) Xeon(R) CPU E5606
@ 2.13GHz w/ 8GB of RAM.
Everything is in torflow, I'm not aware of any other code.
-tom
On 2 November 2015 at 17:26, wrote:
> I am considering starting up a
What's the fix in the works? There is a specification being developed
to allow sites to opt to remove referers (or opt to let them leak
*more* information.) http://www.w3.org/TR/referrer-policy/
(If you're wondering why one would want to leak more information, it's
basically to promote HTTPS adop
On 10 September 2015 at 02:01, isis wrote:
> 2.a. First, if there aren't any other reasons for self-testing: Is Bridge
> reachability self-testing actually helpful to Bridge operators in
> practice? Don't most Bridge operators just try to connect, as a
> client, to
On 20 August 2015 at 09:24, Jeff Burdges wrote:
>
> I first learned about key poems here :
> https://moderncrypto.org/mail-archive/messaging/2014/000125.html
> If one wanted a more language agnostic system, then one could use a
> sequence of icons, but that's probably larger than doing a handful o
In the event of collector missing data, there are (at least) two backup
instances. One is at bwauth.ritter.vg - no website, just files.
Does that have the same issue?
-tom
___
tor-dev mailing list
tor-dev@lists.torproject.org
https://lists.torproject.or
On 19 July 2015 at 20:11, Serg wrote:
> The basic idea is that users running preconfigured secure server. BOINC
> downloads its as virtual machine image.
> Virtual machine gives secure sandbox to run relay.
I've set up and run BOINC tasks before. Unless something has fairly
significantly changed
On 22 June 2015 at 14:55, l.m wrote:
> Hi,
>
> Last I heard NIST groups are rubbish. You're better off without them for
> security. Am I wrong?
With regards to security, no one[0] who generates curves or implements
ECC (as evidenced by the recent CFRG discussions or ECC Conference)
seriously beli
On 5 May 2015 at 15:30, CJ Ess wrote:
> I think we have differing goals, however your or-ctl-filter is very cool and
> I think I will need to add it to my stack.
Could expand a bit about what function you use ATS for and what the
benefits you get out of it are? I'm familiar with ATS, but I'm jus
On 10 April 2015 at 07:58, George Kadianakis wrote:
> One negative aspect of the above suggestions, is that if hidden
> services only listen for connections, then they lose their
> NAT-punching abilities. But I bet that this is not a problem for some
> use cases that would appreciate the correspon
Does it backronym to anything? Can it? ;)
-tom
On Mar 10, 2015 11:45 AM, "Damian Johnson" wrote:
> Hmmm, thread about something as squishing and infinitely debatable as
> a name. What could go wrong? But before you get excited I've already
> picked one, this is just to sanity check with the comm
On 10 March 2015 at 11:22, John Lee wrote:
> For devs,
>
> 1) Where can I get a previous version of Tor Bundle for Windows? I'm looking
> for the version when it jumped from Firefox 24 ESR (or something below
> Firefox 28.0) to the new Firefox GUI that occurred when going above version
> 28.0
htt
On 7 February 2015 at 06:59, Fabio Pietrosanti (naif) - lists
wrote:
> There's a right way to detect if a user it's on Tor, from a Browser,
> without loading an external network resource?
Is the javascript client loaded from a remote website? If so, what
about embedding the user's remote IP and
On 26 November 2014 at 06:58, Florian Rüchel
wrote:
> Certificates for HS: I find this topic particularly interesting and have
> followed the discussion. The general concept seems like a great thing to
> achieve and it could actually outperform the regular SSL/CA infrastructure
> stuff as it could
certificate with a .onion Subject Alternate Name (SAN).
This document is designed to address some of those questions.
-tom
[0] https://lists.torproject.org/pipermail/tor-dev/2014-November/007786.html
Filename: XXX-recommendations-for-onion-certifiates.txt
Title: Recommendations for CA-signed .o
On 18 November 2014 21:53, grarpamp wrote:
> On Tue, Nov 18, 2014 at 12:55 PM, George Kadianakis
> wrote:
>> plans for any Tor modifications we want to do (for example, trusting
>> self-signed certs signed by the HS identity key seem like a generally
>> good idea).
>
> If the HS pubkey and the on
There's been a spirited debate on irc, so I thought I would try and
capture my thoughts in long form. I think it's important to look at
the long-term goals rather than how to get there, so that's where I'm
going to start, and then at each item maybe talk a little bit about
how to get there. So I t
On 22 October 2014 05:48, Roger Dingledine wrote:
>> What I had to do was make one of my Directory Authorities an exit -
>> this let the other nodes start building circuits through the
>> authorities and upload descriptors.
>
> This part seems surprising to me -- directory authorities always publi
Hi all,
Not content to let you have all the fun, I decided to run my own Tor network!
Kidding ;) But the Directory Authorities, the crappy experiment
leading up to Black Hat, and the promise that one can recreate the Tor
Network in the event of some catastrophe interests me enough that I
decided
On 28 September 2014 07:00, Sebastian Hahn wrote:
> This analysis doesn't make much sense, I'm afraid. We use compression
> on the wire, so repeating flags as human-readable strings has a much
> lower overhead than you estimate, for example. Re-doing your estimates
> with actually compressed conse
On 26 September 2014 22:28, Mike Perry wrote:
> That's basically what I'm arguing: We can increase the capacity of the
> network by reducing directory waste but adding more high capacity relays
> to replace this waste, causing the overall directory to be the same
> size, but with more capacity.
I
On 15 September 2014 21:12, David Fifield wrote:
> Since meek works differently than obfs3, for example, it doesn't help us
> to have hundreds of medium-fast bridges. We need one (or maybe two or
> three) big fat fast relays, because all the traffic that is bounced
> through App Engine or Amazon w
On 13 August 2014 07:47, George Kadianakis wrote:
> The fundamental issue here is that Tor does not have a primitive that
> detects whether the network is up or down, since any such primitive
> stands out to a network attacker [3].
I'm not certain this is true. Windows and Mac OS detect whether
One of my first concerns would be that this would build in a very easy
way for a government (probably the US government) to compel Tor to add
in a line of code that says "If it's this hidden service key, block
access."
After all - it's a stretch to say "You must modify your software to
support blo
On 6 July 2014 18:59, doctor role account
wrote:
> ERROR: Unable to retrieve the consensus from maatuska
> (http://171.25.193.9:443/tor/status-vote/current/consensus): timed out
> ERROR: Unable to retrieve the consensus from tor26
> (http://86.59.21.38:80/tor/status-vote/current/consensus): time
If your goal is to choose an exit specially to minimize risk of it being
run by a malicious actor, it seems choosing exits run by orgs you trust
would be better than choosing based on where someone is hosting a server.
But yes, you can choose exits by country. I'm not saying it's a good idea
or t
Hi Yuhao!
Some of the things Tor does (e.g. public list of nodes) is because
it's relatively easy to attack if you try and not do it that way. For
example:
On 13 March 2014 15:08, Yuhao Dong wrote:
> - No public list of all node addresses; this makes determining
> whether certain tr
AFAIK Optimizations that reduce round trips, including that one, are very
desirable for websites accessed over Tor. The communication with a website
uses TCP, SSL, and HTTP as normal, TCP acks, etc are still needed and
transported over SOCKS. So optimizations there will reduce time to first
byte fo
On 30 September 2013 07:01, Ian Goldberg wrote:
> On Mon, Sep 30, 2013 at 01:03:14AM -0700, Rohit wrote:
>> This should satisfy most goals.
>> - A passive attacker wouldn't be able to distinguish between HTTPS->HTTPS
>> traffic and Tor->Bridge. (Both use TLS)
>
> This seems false to me; it's not
On 4 September 2013 20:09, wrote:
> Now node B does not stream the data to node C, but obfuscates
> it. That means if there are n packages it transforms them into
> m packages in some unpredictable way and each new packages gets
> a small amount of additional random-data.
> (The point is that the
1 - 100 of 115 matches
Mail list logo
