On Thu, Jan 13, 2022 at 11:58:22PM -0700, David Fifield wrote:
> On Fri, Jan 14, 2022 at 05:38:14AM +0200, Markus Ottela via tor-talk wrote:
> > The creation of the Onion Service uses tempfile to create a temporary
> > directory each time a new Onion Service is spin up, but
ber of streams, number of
circuits, or anything like that, as far as I know.
> *In hindsight this I should've only done the GET requests inside the loop.
>
> Here's the script I was running:
> https://gist.github.com/maqp/0e5dcf542ebb97baf98d198115e931ea
>
> Markus
>
&
On Tue, Jan 11, 2022 at 08:06:00PM +0200, Nurmi, Juha wrote:
> In addition, there is a spike in non-direct bridge users from Finland as
> well.
>
> https://metrics.torproject.org/userstats-bridge-country.html?start=2021-10-13&end=2022-01-11&country=fi
>
> All this is happening only in Finland and
On Thu, Jan 13, 2022 at 06:09:24PM +0200, Markus Ottela via tor-talk wrote:
> I've been experiencing weird behavior with Tor + Stem + Flask Onion Services
> dying randomly once every 1..5 days. I wrote a script that's making
> connections to a test an Onion Service to see when exactly the servers
>
On Mon, Jun 14, 2021 at 02:43:32PM +, torrio888 wrote:
> Does Snowflake bridge knows the IP address of the Snowflake client or it only
> knows the IP address of the Snowflake proxy?
The bridge knows the IP address of the Snowflake client. The Snowflake
client's IP address is forwarded to the
On Mon, Sep 14, 2020 at 05:37:53PM +, molter...@airmail.cc wrote:
> Why are all Snowflake proxies connecting to a single bridge (flakey) instead
> of connecting to a normal relay of client`s choice, multiple bridges or even
> connecting directly to the middle relay so that it serves as a first
The point nusenu is making is not that these relays should have contact
info; it's that they all have similar properties (among which is a lack
of contact info) that indicate that they are being run by the same
person.
On Fri, Aug 21, 2020 at 02:11:27PM +, bo0od wrote:
> Its stupid anyway to p
may take several minutes to
connect (or reconnect, when a proxy disappears).
On Wed, Feb 26, 2020 at 11:02:10PM -0700, David Fifield wrote:
> The anti-censorship team is looking for people to try Tor Browser
> packages built from an experimental branch of Snowflake that is supposed
> to make
On Thu, Mar 19, 2020 at 06:08:27PM -0600, David Fifield wrote:
> On Wed, Feb 26, 2020 at 11:02:10PM -0700, David Fifield wrote:
> > The anti-censorship team is looking for people to try Tor Browser
> > packages built from an experimental branch of Snowflake that is supposed
> &
This is a merge candidate for the experimental Snowflake packages that
make Snowflake more reliable by allowing a session to span multiple
temporary proxies. They are based on the current 9.5a11.
https://people.torproject.org/~dcf/pt-bundle/tor-browser-snowflake-turbotunnel-9.5a11-20200410/
To en
On Wed, Feb 26, 2020 at 11:02:10PM -0700, David Fifield wrote:
> The anti-censorship team is looking for people to try Tor Browser
> packages built from an experimental branch of Snowflake that is supposed
> to make Snowflake more reliable. There are two versions; you can try
> either
On Tue, Mar 03, 2020 at 10:38:06AM +0100, john doe wrote:
> What range of UDP port do I need to open for snowflake to work properly
> alternatively how can I restrict the UDP port used by snowflake?
You will need to open at least UDP port 19302 for communication with the
STUN server, but even afte
On Sat, Feb 29, 2020 at 09:24:19AM +0100, john doe wrote:
> On 2/28/2020 3:32 AM, David Fifield wrote:
> > On Thu, Feb 27, 2020 at 08:06:35PM +0100, john doe wrote:
> >> I get stuck at 50% while trying to connect.
> >> Is there specific ports that are required to be
On Wed, Feb 26, 2020 at 11:02:10PM -0700, David Fifield wrote:
> These special packages are made not to auto-update until 2020-04-23.
> After that, they will update and become a normal Tor Browser alpha.
The prefs I tried setting to disable automatic updates didn't work. If
you were u
On Thu, Feb 27, 2020 at 08:06:35PM +0100, john doe wrote:
> I get stuck at 50% while trying to connect.
> Is there specific ports that are required to be opened?
50% is the point where Tor needs to download the consensus, which can
take a few minutes the first time you run the browser. (Because it
The anti-censorship team is looking for people to try Tor Browser
packages built from an experimental branch of Snowflake that is supposed
to make Snowflake more reliable. There are two versions; you can try
either one or both of them. If you have feedback, tell us whether you
are using the "kcp" o
I just learned of the Cisco Umbrella domain popularity list, which is
based on counting DNS queries.
https://umbrella.cisco.com/blog/blog/2016/12/14/cisco-umbrella-1-million/
https://s3-us-west-1.amazonaws.com/umbrella-static/index.html
https://s3-us-west-1.amazonaws.com/umbrella-static/top-1m-201
On Fri, May 19, 2017 at 03:12:34PM -0400, Lolint wrote:
> Nice find! To mention other events, something strange is happening in Taiwan,
>
> https://metrics.torproject.org/userstats-relay-country.html?graph=userstats-relay-country&country=tw&events=on
>
> And it looks like Egypt is starting to cen
On Thu, Nov 17, 2016 at 11:53:39AM -0600, Yphone wrote:
> Cyberoam calls it Tor. Not sure about iboss but I would guess it calls it Tor
> as well
I just learned that Cyberoam has an online demo.
https://demo.cyberoam.com/ (username: guest, password: guest)
In the Application Filter config, ther
On Thu, Nov 17, 2016 at 05:16:49AM -0600, Justin wrote:
> OBFS4 is blocked behind both filters. Cyberoam is doing some sort of
> timing attack, but I’m not sure what. When a bridge is used by lots of
> people, then it doesn’t work. Even enabling Iat mode=1 or 2 doesn’t
> fix the issue.
When you sa
Recently, we had reports of Cyberoam firewalls blocking meek by TLS
signature:
https://lists.torproject.org/pipermail/tor-talk/2016-May/040923.html
I got a similar report, this time for a FortiGuard firewall.
The story is basically the same as last time: the firewall looks for TLS
that has the sig
On Wed, Jun 01, 2016 at 06:32:27PM -0700, David Fifield wrote:
> meek-google has not been working since May 13, 2016. It is not because
> censors figured out how to block it, but because Google Cloud Platform
> suspended the reflector web application (https://meek-reflect.appspot.com/).
meek-google has not been working since May 13, 2016. It is not because
censors figured out how to block it, but because Google Cloud Platform
suspended the reflector web application (https://meek-reflect.appspot.com/).
The reason given is:
Your project is being suspended for committing a g
On Wed, May 11, 2016 at 07:40:17PM -0700, David Fifield wrote:
> On Sun, May 08, 2016 at 01:37:47PM -0700, David Fifield wrote:
> > With the meek blocking, it might be that they are doing some kind of
> > timing analysis, or it might be that we screwed up something simple l
On Thu, May 12, 2016 at 12:19:29AM -0400, Roger Dingledine wrote:
> Do we know anything about how they decided to detect obfs4 (and what
> collateral damage they decided was acceptable there)?
No, we didn't find out how they were blocking obfs4. Justin suspects
it's not an IP blacklist because nei
On Wed, May 11, 2016 at 11:16:28PM -0400, Blake Hadley wrote:
> On 5/11/16 10:40 PM, David Fifield wrote:
>
> > Another solution is to change the front domain to something else, for
> > exmaple using google.com instead of www.google.com.
> Would it be feasible for a future
On Sun, May 08, 2016 at 01:37:47PM -0700, David Fifield wrote:
> With the meek blocking, it might be that they are doing some kind of
> timing analysis, or it might be that we screwed up something simple like
> the TLS signature. Could you try it in these configurations?
> Tor B
On Fri, May 06, 2016 at 06:47:10PM -0500, Justin wrote:
> Hi,
> I have a DPI box that I use to test pluggable transports with. I also
> test other circumvention tools against it just to see how good it is.
> Manufacturer is Cyberoam. About 6 or 8 weeks ago, Cyberoam released a
> DPI engine update
On Mon, Feb 08, 2016 at 08:21:47PM -0500, Nathan Freitas wrote:
> On Mon, Feb 8, 2016, at 06:02 PM, David Fifield wrote:
> > For about four days (January 29 to February 1, 2016), meek-azure was
> > blocked in China. The blocking may not have been intended for
> > meek-azure,
For about four days (January 29 to February 1, 2016), meek-azure was
blocked in China. The blocking may not have been intended for
meek-azure, and may not have been deliberate blocking, but it had the
effect of blocking the service. It is unblocked again since February 2.
The nature of the event s
Dear support, has anyone asked for help with flash proxy since it was
removed as an option in Tor Browser 5.5a4 (November 4, 2015)? We are
about to remove the flash proxy software from the browser and it would
be good to know if we ruined anyone's setup when we disabled the bridge
lines as a first
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
The meek-amazon bridge has changed its fingerprint. The old fingerprint
was:
4EE0CC769EB4B15A872F742EDE27D298A59DCADE
The new fingerprint is:
B9E7141C594AF25699E0079C1F0146F409495296
A side effect of the fingerprint change is that cu
On Thu, Oct 08, 2015 at 07:09:05PM -0700, David Fifield wrote:
> The meek-amazon transport has been not working since September 30. The
> cause is an expired HTTPS certificate on the bridge that we are working
> on fixing now.
It is fixed now.
--
tor-talk mailing list -
The meek-amazon transport has been not working since September 30. The
cause is an expired HTTPS certificate on the bridge that we are working
on fixing now.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/
On Sat, Oct 03, 2015 at 11:08:36AM +0200, Dominik Ungar wrote:
> So meek-azure was faster than the others? how fast was it?
It was getting about 2–4 MB/s reading and the same writing. Since
yesterday you can see it crashing down to 1.1 MB/s as a result of the
rate limiting.
https://globe.torproje
Today I rate-limited the bridge behind meek-azure to 1.1 MB/s. Our free
grant is expired and now it will start costing money. This is the same
rate that meek-google and meek-amazon are set to.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
ht
On Sun, Jul 19, 2015 at 09:08:42PM -0700, David Fifield wrote:
> A few hours ago the meek-azure CDN endpoint stopped working and is now
> serving an error code 403. The outage is caused by an error in account
> management and I think it will be temporary. I am talking with support
>
On Tue, Jul 21, 2015 at 09:40:35PM -0700, David Fifield wrote:
> I'm still working on getting the old CDN settings moved to the new
> account :(
>
> But I set up a new endpoint under the new account, and it seems to be
> working. You just have to configure it manually.
>
On Sun, Jul 19, 2015 at 09:08:42PM -0700, David Fifield wrote:
> A few hours ago the meek-azure CDN endpoint stopped working and is now
> serving an error code 403. The outage is caused by an error in account
> management and I think it will be temporary. I am talking with support
>
A few hours ago the meek-azure CDN endpoint stopped working and is now
serving an error code 403. The outage is caused by an error in account
management and I think it will be temporary. I am talking with support
about it now.
What happened is Microsoft transitioned users from one kind of sponsore
On Fri, Jul 03, 2015 at 11:25:26PM +0200, Jacek Wielemborek wrote:
> W dniu 03.07.2015 o 22:01, grarpamp pisze:
> >> One of the features that my modifications enable is performing port
> >> scanning behind proxies. I only scanned it using SOCKS4 server built
> >> into Tor
> >>
> >> ./nmap -sT --pro
On Tue, Jan 06, 2015 at 10:23:38PM +, Geoff Down wrote:
> On Tue, Jan 6, 2015, at 09:56 PM, David Fifield wrote:
> > It's important to understand that even if you change the front domain,
> > you're not sticking some random person with a bandwidth bill. It's th
S. Let's say its URL is
https://mysite.example.com/index.php. Then you would enter this into Tor
Browser:
meek 0.0.2.0:4 url=https://mysite.example.com/index.php
In this case you don't use a front because you're relying on the domain
itself being hard to block, either because it's too obscure or because
it hosts other useful data. You should still definitely use HTTPS, not
plain HTTP.
David Fifield
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
ge-country&start=2014-06-01&end=2014-10-31&country=ir
https://trac.torproject.org/projects/tor/ticket/12727
David Fifield
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
t; proxy?
Unless I'm mistaken, both obfsproxy and fte should work with an HTTPS
proxy in the 3.6.2 bundles. You should be able to set the proxy in the
network settings window.
https://blog.torproject.org/blog/tor-browser-362-released
https://trac.torproject.org/projects/tor/ticket/11
On Tue, Jun 17, 2014 at 06:21:09PM -0700, David Fifield wrote:
> More importantly, we're going to extend the meek protocol so that
> requests and responses don't have to be strictly serialized. How it
> works now, is that if you have two pieces of data to send, you can'
ces of data to send, you can't
send the second one until the first one has been sent, and a response
received. It causes a delay that increases the farther away you are from
App Engine, even if you have fast bandwidth. It will be better when the
protocol allows you to send more than one piec
On Wed, Jun 11, 2014 at 07:57:07PM -0700, David Fifield wrote:
> I picked a good day to announce this :) Google App Engine's URLFetch
> service, which is the link between Google and meek's Tor bridge, has
> been not working for about the last hour (since 18:30 PDT).
>
>
On Wed, Jun 11, 2014 at 08:41:22AM -0700, David Fifield wrote:
> We have been working on a new pluggable transport called "meek." Here
> are bundles, based on 3.6.2, that have support for meek. Please try them
> and report your experience. You need to answer Yes to the qu
ac.torproject.org/projects/tor/wiki/doc/meek#Webservices if
you can help.
I'm going to ask for meek to be merged into the mainline bundles if
nothing major goes wrong after this announcement.
David Fifield
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscr
#x27;s trust store is not even an issue. Aside from the fact
that it breaks the "visit this web page to become a proxy" idea, acking
people to install new certificates in their browser is bad for their
security.
I don't think this idea works, because anyone wanting to go
like https://www.whatismyip.com/.
Here is the program man page:
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/doc/flashproxy-reg-url.1.txt
Here is the ticket about the creation of the program:
https://trac.torproject.org/projects/tor/ticket/7559
David Fifield
__
ir Skype stops working--they blame the
censor for it and somehow the censor has to deal with that. This is what
we call "collateral damage" in the paper, and different censors probably
have different levels of damage they can tolerate.
David Fifield
___
for any lack of love.
David Fifield
- Forwarded message -
Date: Wed, 20 Feb 2013 09:59:12 -0800 (PST)
Subject: [EE CS Colloq] JavaScript anticensorship proxies * 4:15PM, Wed
February 20, 2013 in Skilling Auditorium
Stanford EE Computer Systems Colloquium
On Wed, Feb 06, 2013 at 03:37:09PM -0500, Griffin Boyce wrote:
> Just wanted to send a quick update on Cupcake - it's available in the
> Chrome web store and has 88 users. =) As always, special thanks to David
> Fifield for his insight and making the flash proxy in the first place
nt is small. Don't be discouraged if you don't see a
light blue badge, because it happens rarely. We claimed in the paper
that having lots of legitimate, but unused, proxies helps defend against
some attacks on the facilitator by malicious proxies. You are still
helping, even
f
you attend in person, just find me afterward and tell me you're from
tor-talk and we can talk.
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
://people.torproject.org/~dcf/flashproxy/tor-flashproxy-pyobfsproxy-browser-gnu-linux-x86_64-2.4.7-alpha-1-dev-en-US.tar.gz.asc
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On Sun, Jan 13, 2013 at 07:53:12PM +0100, Andreas Krey wrote:
> > Maybe you could run flashproxy.js with the Rhino JavaScript interpreter
> > (we already use Rhino for some of our tests). You would need to make
> > some changes to flashproxy.js to remvoe some of the browser assumptions.
>
> After
On Fri, Jan 11, 2013 at 10:06:32AM +0100, Andreas Krey wrote:
> On Thu, 10 Jan 2013 14:33:15 +0000, David Fifield wrote:
> > On Thu, Jan 10, 2013 at 06:21:23PM +0100, Alexandre Guillioud wrote:
> > > Can deploy on 200 randomly changing ip adress. How can i help ?
> >
>
ell as
> Windows 7. I believe there are 32bit builds for Windows 8.
>
> Many people won't be able to use it.
This was only a snafu with the package building process. Alexandre is
working on making corresponding 32-bit packages. Thank you for letting
us know th
roxyUsability.
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
https://trac.torproject.org/projects/tor/ticket/7824
Alexandre Allaire, George Kadianakis, and I worked together to build
these bundles.
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
y requests to them ^_^;
At this point, it will help if you can keep it pointing to the same
embed page. As we are on the verge of deployment, we may need to make
changes to the proxy program quickly.
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
On Tue, Dec 18, 2012 at 08:43:02PM -0800, David Fifield wrote:
> On Sat, Dec 15, 2012 at 08:11:08PM +0100, Sebastian G. wrote:
> > For Flashproxy could there be a metric how many flash proxies
> > (JavaScript Web socket proxies running on volunteer machines) have been
> >
a new command like COUNT.
https://gitweb.torproject.org/flashproxy.git/blob/HEAD:/facilitator/facilitator
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
er that the client transport plugin doesn't actually "connect" to
anything; it only receives connections from outside (from flash
proxies), and doesn't control where those connections come from. You
give an address in the Bridge line only because the protocol requires
it. It is
On Sun, Oct 14, 2012 at 02:50:21PM +0100, Matt Joyce wrote:
> On 13/10/12 10:18, David Fifield wrote:
> >Unfortunately, though TLS-wrapped WebSocket is standard, we can't easily
> >use it because the clients that the flash proxy connects to do not have
> >CA-issued certs
to block WebSockets)
I don't really know the range of things WebSocket is used for. One cool
application I've seen is this: https://github.com/kanaka/noVNC which is
a VNC client that uses WebSocket and HTML canvas.
David Fifield
___
tor-
u are a Tor
relay. For example, if I were to somehow run a browser from
tor1.bamsoftware.com, we wouldn't expect it to be reachable, because we
would expect the censor to already have blocked that bridge.
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
arameters are easier to handle from a code point of view. The
way it works now is cookierequired=false. With cookierequired=true,
clicking on the badge will bring up a yes/no dialog, and set a cookie if
yes. I think it's reasonable for the cookie to grant permission across
all web sites.
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
e itself when
running in TBB but does not, because I don't know how to detect that;
see ticket https://trac.torproject.org/projects/tor/ticket/6293.
Nice questions, please keep them coming.
David Fifield
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
72 matches
Mail list logo
