Re: [tor-talk] tor forum hosted as a hidden service

At 08:50 AM 5/8/2013 +0400, you wrote: >Seems like you'd just end up with a kind of chicken and egg problem. Hehe. Yes, you're right in a way. But consider this : downloading the browser bundle and visiting an onion site is something almost anybody can do. But configuring

Re: [tor-talk] tor forum hosted as a hidden service

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Seems like you'd just end up with a kind of chicken and egg problem. On Tue, May 07, 2013 at 09:59:55PM -0300, Juan Garofalo wrote: > > Is there such a thing? A place to ask technical questions about tor, inside > the .onion network? > > __

Re: [tor-talk] memory cached pages should reload instantly-but DON'T

Are we sure this is a bug? Even when a page is in the cache doesn't it have to communicate with the server to verify that the cache hasn't expired? Perhaps this is what you are experiencing. On Tue, May 7, 2013 at 9:41 PM, Tom Ritter wrote: > Hm, that's an tough question. TBB doesn't modify th

Re: [tor-talk] memory cached pages should reload instantly-but DON'T

Haven't investigated but if the page didn't have an Expires or Cache-Control: max-age then the browser may be using If-Modified-Since to avoid downloading the page unnecessarily but that would still require a round trip to the server. On 5/7/2013 13:02, Joe Btfsplk wrote: > If I understand, TBB di

Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?

On 5/7/2013 7:05 PM, Andrew F wrote: I am coming in late on this topic and know very little about it, But I have to ask, would it be possible to send fake information? I know that they use many variables to create a mosaic to identify people. So why not change several variables. Create some ran

Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?

What is tor doing about finger printing? Is there a project to deal with that? On Wed, May 8, 2013 at 12:13 AM, Joe Btfsplk wrote: > > On 5/7/2013 5:27 PM, Moritz Bartl wrote: > >> >> https://www.torproject.org/**projects/torbrowser/design/

Re: [tor-talk] Is using player like VLC safe alternative to Flash?

VLC has a lot of stuff going on inside of it. I would not be surprised if there were proxy leaks that might be able to be forced by someone doing something tricky. Say you enter a url to a flash video and the content is intercepted and replaced with an RTSP stream that VLC somehow interprets, and

Re: [tor-talk] memory cached pages should reload instantly-but DON'T

Hm, that's an tough question. TBB doesn't modify the FF code very much at all, and the patches are pretty lightweight - they're all listed here: https://gitweb.torproject.org/torbrowser.git/tree/HEAD:/src/current-patches/firefox although some of them do deal with caching. The about:config settin

[tor-talk] tor forum hosted as a hidden service

Is there such a thing? A place to ask technical questions about tor, inside the .onion network? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?

On 5/7/2013 5:27 PM, Moritz Bartl wrote: https://www.torproject.org/projects/torbrowser/design/ "WebGL can reveal information about the video card in use, and high precision timing information can be used to fingerprint the CPU and interpreter speed." [...] The adversary simply renders WebGL,

Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?

I am coming in late on this topic and know very little about it, But I have to ask, would it be possible to send fake information? I know that they use many variables to create a mosaic to identify people. So why not change several variables. Create some randomness and change several variables on

Re: [tor-talk] WebGL forbidden in NoScript but Flash is not?

On 07.05.2013 20:38, Joe Btfsplk wrote: > TBB may have NoScript settings to not have checked "Forbid Flash" > because it doesn't contain Flash Player. > > What about WebGL being blocked by default in NoScript? I thought this > was supposed to be a much safer (not a threat to Tor) than Flash? htt

[tor-talk] memory cached pages should reload instantly-but DON'T

If I understand, TBB disables disk cache & has memory cache enabled. This is the way I do it w/ Fx, because I've got lots of RAM & it's much faster than disk. Normally, going back to a page already visited in Fx is almost instantaneous. Definitely NOT the case in latest stable TBB - or ever.

[tor-talk] WebGL forbidden in NoScript but Flash is not?

TBB may have NoScript settings to not have checked "Forbid Flash" because it doesn't contain Flash Player. What about WebGL being blocked by default in NoScript? I thought this was supposed to be a much safer (not a threat to Tor) than Flash? ___ to

[tor-talk] Is using player like VLC safe alternative to Flash?

Question of playing Flash vids comes up constantly & explanation given of why it can compromise anonymity in Tor Browser. Anyone done real investigation if using some media players, that handle playing Flash content directly from a URL, are any better at protecting anonymity than Flash Player?

Re: [tor-talk] Run pyobfsproxy standalone

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 What type of server?Systems details needed. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) iQEcBAEBAgAGBQJRiTQDAAoJEHJ6fv5JwWqhTBAH/3mwGm0NQFlO5W8o8cFR9NKO L/U1knFMUWgP1fRXx6bEYUkv9ZAMbcH0skzdWk+nr9ojij7oAY1rsUf33b/dUBmK K1dNtSAQKWzr1G

[tor-talk] Run pyobfsproxy standalone

I want to run pyobfsproxy standalone on my server to obfuscate ssh traffic. It works without --ext-cookie-file, but it'll also be visible to the supervisor. So I want --ext-cookie-file to be enabled, it works on the server side, but how to config it on the client side? In my opinion, ext-cookie-f