On 01/07/2014 05:08 PM, Bobby Brewster wrote:
Note that the number of unique visitors more than tripled betwen June and July.
Was there perhaps some newsworthy event that happened around this period maybe?
On Tue, 1/7/14, Jon wrote:
Subject: Re:
On 1/8/14 1:44 AM, TheMindwareGroup wrote:
https://wiki.thc.org/ssl
Thank you for linking that resource. It explains the issue really well.
I don't think the issue they are describing matches your doom scenario
though.
Yes, the CA system sucks horribly. It is best to assume that many of the
TheMindwareGroup writes:
> I don't know the exact details of how SSL/certificates work and I
> don't know about anyone else's opinion on this subject, this is mine
> and it doesnt look good. If this document is true, it means that due
> to a (massive) weakness in the way central certificate author
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi im Shadowman, I havent posted on here before, I found this document
and thought it rather important for everyone to read it.
https://wiki.thc.org/ssl
I don't know the exact details of how SSL/certificates work and I
don't know about anyone else'
>As TBB is a standard product, its fingerprint should be the same for
everyone.
Tell that to the guy that got arrested on campus, because he was one of
a few people using it.
People talk a good game in an armchair quarterback sort of way - "if
he'd only..." Unless they're seasoned veterans at
Bobby Brewster:
> I was experimenting using Tor and Thunderbird by entering 127.0.0.1: 9150 in
> the TB Preferences.
>
> I used my Gmail account and hence Gmail's SMTP server.
>
> I checked the headers of the message I sent to Gmail and the IP was a Tor
> exit node.
>
> However, I am wondering
On Tue, 2014-01-07 at 12:48 +0100, Gerardus Hendricks wrote:
> > TBB enables JavaScript by default, presumably because many websites need
> > JavaScript. NoScript can be used to selectively allow JavaScript from
> > certain domains, but doing so could make it possible to fingerprint your
> > Tor u
Note that the number of unique visitors more than tripled betwen June and July.
Was there perhaps some newsworthy event that happened around this period maybe?
On Tue, 1/7/14, Jon wrote:
Subject: Re: [tor-talk] some stats year 2013 for my Tor Netwo
I was experimenting using Tor and Thunderbird by entering 127.0.0.1: 9150 in
the TB Preferences.
I used my Gmail account and hence Gmail's SMTP server.
I checked the headers of the message I sent to Gmail and the IP was a Tor exit
node.
However, I am wondering whether using Tor and an e-mail c
On 1/7/14 9:49 PM, Mark McCarron wrote:
That will be the end for Tor.
Then I salute you sir!
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> However, IIRC, the amount of additional latency required
> to make timing attacks non-trivial is far more than would be
acceptable
> to the typical user.
I'd personally be happy to have more delays and slowdowns, if it was a
feature that was making Tor's anonymity protection features more
> Point by point.
>
> > Javascript, by itself, is not an issue and poses no more of a security
> > threat than any other type of data transferred online. Coding errors in
> > image handling, html parsing, ftp, etc., can all be used to inject code.
>
> Note that (potential) privilege escalatio
On 01/07/2014 09:12 AM, t...@bitmessage.ch wrote:
> But I still hope that we can try to do better helping the users we do want
> to support--even the people who might not be "smart enough" right now.
Well, starting Tor in a terminal, one sees:
"This is experimental software. Do not rely on it
Since I installed TBB 3.5, I've been unable to use AOL mail. A search
of the Tor Project Web site (perhaps too cursory) failed to yield clues
that might lead to a solution. Any thoughts on what to do or where to
look for more information?
--
tor-talk mailing list - tor-talk@lists.torproject.org
On Tuesday, January 7, 2014 at 8:29 AM, Christian wrote:
> On 07.01.2014 13:44, Karsten Loesing wrote:
> > On 1/7/14 1:32 PM, Christian wrote:
> > > Hi,
> > > sorry for the late answer.
> > >
> > > On 30.12.2013 16:53, Arlo Breault wrote:
> > > > I wrote a little proof of concept rendering globe s
Point by point.
Javascript, by itself, is not an issue and poses no more of a security threat
than any other type of data transferred online. Coding errors in image
handling, html parsing, ftp, etc., can all be used to inject code.
Note that (potential) privilege escalation bugs are found w
On 1/7/2014 11:09 AM, Mark McCarron wrote:
> We're not discussing censorship, but the removal of potential exploitable
> data. Its not a keyword system, it removes cookies, web bugs, adds jitter to
> timings, etc. It can be disabled with a click.
>
> Regards,
>
> Mark McCarron
>
Tor exit
> t...@bitmessage.ch:
>> I appreciate your perspective but still think the community may still be
>> better off--including those who take the time to RTFM--by taking a harm
>> reduction approach to the RTFM-related problems you've mentioned.
>
> the fundamental problem here is that this is not a te
We're not discussing censorship, but the removal of potential exploitable data.
Its not a keyword system, it removes cookies, web bugs, adds jitter to
timings, etc. It can be disabled with a click.
Regards,
Mark McCarron
> Date: Tue, 7 Jan 2014 09:56:41 -0500
> From: and...@paolucci.ca
> T
You have to keep in mind it's a slippery slop of censoring the content
of users that use the Tor network. If we were to add an option for
filtering out Javascript what would stop a exit-node operator to decide
he wants to filter out any webpages that have keywords in them that he
finds "distasteful
The idea of edge filtering ensures that clients are not exposed to exploits.
It is a defense-in-depth strategy. It does not replace any client-side
measure, it adds to it.
When a stream leave an exist node to request a clearweb, non-encrypted page,
there is an opportunity to strip potentially
On Tue, Jan 7, 2014 at 5:24 AM, Olaf Selke wrote:
> fyi
>
> http://torstatus.blutmagie.de/monthlyhistory2013.png
> http://torstatus.blutmagie.de/countrylist2013.pdf
>
> kind regards Olaf
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
>
On Tue, 07 Jan 2014 12:58:49 +, Mark McCarron wrote:
...
> The fact that TBB disables javascript is a testimony to how bad the
> javascript coders of Firefox are.
Ex falso sequitur quodlibet.
> I think there is a solid argument for adding filters to the exit nodes that
> strip anything that
Original Message
From: Nathan of Guardian
Sent: Tue Jan 07 07:10:37 EST 2014
To: Guardian Dev
Subject: [guardian-dev] Orbot v13 RC1 is out
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Orbot v13 release candidate 1 is available for direct download:
APK: https://guardianpr
On 07.01.2014 13:44, Karsten Loesing wrote:
> On 1/7/14 1:32 PM, Christian wrote:
>> Hi,
>> sorry for the late answer.
>>
>> On 30.12.2013 16:53, Arlo Breault wrote:
>>> I wrote a little proof of concept rendering globe server-side with
>>> phantom.js
>>> https://github.com/makepanic/globe/pull/42
Javascript, by itself, is not an issue and poses no more of a security threat
than any other type of data transferred online. Coding errors in image
handling, html parsing, ftp, etc., can all be used to inject code. The idea
that you are gaining some security or increased anonymity by disablin
On 1/7/14 1:32 PM, Christian wrote:
> Hi,
> sorry for the late answer.
>
> On 30.12.2013 16:53, Arlo Breault wrote:
>> I wrote a little proof of concept rendering globe server-side with phantom.js
>> https://github.com/makepanic/globe/pull/42
>>
>>
>> On Sunday, December 29, 2013 at 1:42 AM, Karst
Hi,
sorry for the late answer.
On 30.12.2013 16:53, Arlo Breault wrote:
> I wrote a little proof of concept rendering globe server-side with phantom.js
> https://github.com/makepanic/globe/pull/42
>
>
> On Sunday, December 29, 2013 at 1:42 AM, Karsten Loesing wrote:
>
I like this idea but don'
fyi
http://torstatus.blutmagie.de/monthlyhistory2013.png
http://torstatus.blutmagie.de/countrylist2013.pdf
kind regards Olaf
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
TBB enables JavaScript by default, presumably because many websites need
JavaScript. NoScript can be used to selectively allow JavaScript from
certain domains, but doing so could make it possible to fingerprint your
Tor use.
Let us try to define what "fingerprinting Tor use" means exactly. It
cl
Hi,
Yasemin Acur:
> but just because I'm curious: Firefox is accessible out of the box. What
> was the cause for this bug?
we are cross-compiling Tor Browser for Windows on Linux with mingw-w64.
It turned out that the accessibility related code in Firefox 17 ESR did
not like that, so we had to di
On 1/6/2014 12:39 PM, dhanlin wrote:
> TBB enables JavaScript by default, presumably because many websites need
> JavaScript. NoScript can be used to selectively allow JavaScript from
> certain domains, but doing so could make it possible to fingerprint your
> Tor use.
>
> By my judgment, you are
> the youtube-dl python script often works (with Tor and an http-proxy)
> but we lose all the benefits of TBB. it also often didnt work as well
> as videodownloadhelper last time i used either of them.
youtube-dl is useful.
test its proxy carefully though, attempting to authenticate to a site
may
33 matches
Mail list logo
