On Wed, Aug 7, 2013 at 6:09 PM, LEE wrote:
> I found that there is a blacklist in Tor system
>
> I guess blacklist is like prison of onion routers. in other world, if
> Tor system detect some onion router runs
>
> abnormally, Tor system put that router in blacklist and never use again.
>
> Is this
On Wed, Aug 7, 2013 at 9:09 PM, LEE wrote:
> I found that there is a blacklist in Tor system
>
> I guess blacklist is like prison of onion routers. in other world, if
> Tor system detect some onion router runs
>
> abnormally, Tor system put that router in blacklist and never use again.
>
> Is this
I found that there is a blacklist in Tor system
I guess blacklist is like prison of onion routers. in other world, if
Tor system detect some onion router runs
abnormally, Tor system put that router in blacklist and never use again.
Is this true?
who manages the blacklist?
Once some onion rout
On 08/07/2013 08:05 PM, Ralf-Philipp Weinmann wrote:
>
> On Aug 7, 2013, at 9:06 PM, Ivan Zaigralin wrote:
>
>>> Using Tor protects you against a common form of Internet
>>> surveillance known as "traffic analysis."
>>
>> It doesn't, since Microsoft can survey all outgoing and incoming
>> traff
On Wed, Aug 7, 2013 at 6:39 PM, Noel David Torres Taño wrote:
> What encryption does the onion routing use? I cannot seem to find the
> answer to this anywhere.
>
Use the Spec Luke!
https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt
>
> Thanks in advance
> ---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Running Tor on Trisquel Linux 6.0, with Vidalia Version 0.2.21 (which I
assume is the latest one) running, from the Tor Bundle, my Torbutton in
the Tor Bowser is shown with a red X on it. I assume this means that
Torbutton is disabled, while the green
On Wed, 7 Aug 2013, Ivan Zaigralin wrote:
What I am talking about is a trivial attack, technically trivial. The feds
(at least in US and in Russia) have a complete list of unpatched Windows
vulnerabilities. They also have crackers on staff.
They don't have "a complete list", but they have many
What encryption does the onion routing use? I cannot seem to find the
answer to this anywhere.
Thanks in advance
A: Because it breaks the logical flow of discussion.
Q: Why is top posting bad?
signature.asc
Description: This is a digitally signed message part.
--
tor-ta
Have you heard of this?
http://www.zdnet.com/nsa-spying-trust-the-pki-or-its-anarchy-on-the-internet-718946/
Cheers
Damian
On 07/08/13 23:18, Ivan Zaigralin wrote:
I don't need to cite references, and I don't need to provide proof.
I am not judging Microsoft here, but pointing out a secur
On the contrary, Microsoft has the capability to survey all Windows-powered TOR
nodes and make a complete table of who is hosting what.
As Tor's usability increases, it will attract more users, which will increase
the possible sources and destinations of each communication, thus increasing
sec
I don't need to cite references, and I don't need to provide proof.
I am not judging Microsoft here, but pointing out a security risk factor.
TOR Projects spent so much time analyzing detected and imagined
attack patterns and defending against them, DNS resolution being a great
example. And all thi
On 07.08.2013 21:06, Ivan Zaigralin wrote:
It doesn't, since Microsoft can survey all outgoing and incoming
traffic in plain text.
References please.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mai
You want evidence? Are you serious? You are telling me you fully trust
Microsoft by default, until you are given evidence to their concrete
wrongdoing?
A built-in backdoor is quite likely, since no one believes they will
be prosecuted after the SONY rootkit fallout. But we don't have to
wage on th
On Wed, Aug 7, 2013, at 06:21 PM, Ivan Zaigralin wrote:
>Both MS Windows and OS X can be safely assumed to
> spy on
> all actions taken by users,
Evidence?
--
http://www.fastmail.fm - The professional email service
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or c
On Aug 7, 2013, at 9:06 PM, Ivan Zaigralin wrote:
>> Using Tor protects you against a common form of Internet surveillance known
>> as "traffic analysis."
>
> It doesn't, since Microsoft can survey all outgoing and incoming
> traffic in plain text.
>
>> Tor also makes it possible for users to h
Since I couldn't find an official list of design goals for TOR, I
assumed that it is primarily intended to do whatever the project
claims it can do. If you can point me in the direction of an existing
list, I'll gladly analyze it as well.
I will use MS Windows as an example, but it goes for any no
Ivan Zaigralin:
> I think that TOR developers are making a grave mistake by providing the TOR
> bundle for platforms which are not only insecure by design, but are outright
> hostile to the user. Both MS Windows and OS X can be safely assumed to spy on
> all actions taken by users, and so TOR proje
About this topic, there are a lot of documentation that I just find
with a lot a new stuff. I found the solution in this URL:
http://hintdesk.com/tor-how-to-install-for-specific-country-and-reset-identity-with-c/
using C# I solve my problem.
On Wed, Aug 7, 2013 at 8:54 AM, Carlos Manuel Trepeu Pu
A recent discussion on Slashdot compelled me to make a suggestion for the
TOR community. Please forgive me if I come across sounding too harsh: this
is only because I am attempting to critique a very large part of what the
project is doing. At any rate, I have no personal stake in the way TOR is
de
On Wed, 07 Aug 2013 13:38:31 +
adrelanos allegedly wrote:
>
> Generally a good idea... Once concern.
>
> What about the claim, if The Tor Project had an auto updater, they
> could get gag ordered to ship a backdoor (to specific users). Is
> there any legal base for that or is that only specu
On Wed, Aug 07, 2013 at 02:32:47PM +0200, Frithjof wrote:
> Neither sha1 sums, nor PGP signatures depend on the file
> name of the file to be verified. This allows some kind of replay
> attack: If I can get a user to download from my side, I could choose
> an old version of the TBB with some known
Response is below, in-between.
Received from scarp, on 2013-08-07 4:44 AM:
> Bry8 Star:
>> In my opinion,
>
>> After installing TBB (Tor Browser Bundle), users should disable JS
>> (JavaScript) by default, and enable JS, ONLY when visiting a
>> website and if the user must have to, to view a ver
On Wed, 07 Aug 2013 13:38:31 +, adrelanos wrote:
> scarp:
> > It is inappropriate for a web browser to not be automatically updated.
>
> Generally a good idea... Once concern.
>
> What about the claim, if The Tor Project had an auto updater, they could
> get gag ordered to ship a backdoor (to
scarp:
> It is inappropriate for a web browser to not be automatically updated.
Generally a good idea... Once concern.
What about the claim, if The Tor Project had an auto updater, they could
get gag ordered to ship a backdoor (to specific users). Is there any
legal base for that or is that only
Hi ! I read all the documentation I found and I can't find anything
about to obtain new ID (IP). I see how vidalia can get new ID
everytime they want, I guess the software are sending some signal to
the TOR.exe. Can you help me guys to know what command o what I need
to do that ?
Thanks, best reg
A short note about verifying PGP signatures when upgrading Tor
packages; I hope this is the right place for this. This is probably
well known, but I didn't find any mention on the documentation.
Neither sha1 sums, nor PGP signatures depend on the file
name of the file to be verified. This allows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Bry8 Star:
> In my opinion,
>
> After installing TBB (Tor Browser Bundle), users should disable JS
> (JavaScript) by default, and enable JS, ONLY when visiting a
> website and if the user must have to, to view a very specific
> portion.
>
> TBB by
On Wed, Aug 07, 2013 at 09:28:17AM +0200, Jon Tullett wrote:
> On 6 August 2013 16:31, Lunar wrote:
[snip]
> >
> > Jon Tullett:
> >> My understanding is that NoScript shipped disabled in the TBB
> >
[snip]
>
> Sometimes it's a pain, as you say, but that's a compromise I make
> knowingly and willi
In my opinion,
After installing TBB (Tor Browser Bundle), users should disable JS
(JavaScript) by default, and enable JS, ONLY when visiting a website
and if the user must have to, to view a very specific portion.
TBB by default keeps "Script Globally Allowed" option ENABLED or
selected, inside "
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I understand that JavaScript was enabled globally in the Tor Browser
Bundle for usability reasons as well as to prevent browser
fingerprinting. I believe this is the correct decision.
If the torproject were to disable it by default, that would not e
On 7 August 2013 09:46, Roger Dingledine wrote:
> On Wed, Aug 07, 2013 at 09:28:17AM +0200, Jon Tullett wrote:
>> is there scope for better communicating to a user
>> (such as in the Tor browser homepage) that JS is enabled to improve
>> their browsing experience and enhance privacy, but it may o
On Wed, Aug 07, 2013 at 09:28:17AM +0200, Jon Tullett wrote:
> is there scope for better communicating to a user
> (such as in the Tor browser homepage) that JS is enabled to improve
> their browsing experience and enhance privacy, but it may open them to
> (another) attack and here's how it can b
On 6 August 2013 16:31, Lunar wrote:
> Hi Jon,
>
> A few of your assumptions look incorrect. Here's some of my
> understandings.
Thanks Lunar, appreciate the input. You raise good points.
>
> Jon Tullett:
>> My understanding is that NoScript shipped disabled in the TBB
>
> NoScript itself is ena
33 matches
Mail list logo
