.3.1.2-alpha.tar.gz
> https://dist.torproject.org/tor-0.3.1.2-alpha.tar.gz.asc
Doesn't matter much. One should check the signatures anyway...
Do we trust the CAs now? ;)
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://l
if your realy (OR)
can exit (ExitPolicy is not set to `reject *:*`) and has no Exit flag
there may be some non-standard actors that can use your relay to exit.
tl;dr ExitPolicy == exit traffic allowed, Exit flag == (confoming) clients
can use your exit.
[1] https://gitweb.torproject.org/tors
ho's doing bad stuff - whether
it's relay or any upstream provider. What relays never should do is
to intrefere with user's traffic in any way (BadExit).
Just educate the users about the threat models and use e2e encryption.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.to
ns (with blockDotOnion = false).
Probably Safari has also got implementation for RFC 7686 but I don't
know whether it's possible to go around it.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
you should use Tor Browser.
> https://www.torproject.org/projects/torbrowser.html
I guess the OP is already aware of all of the downsides of Transparent
Proxying.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torp
lso check whether DNS settings are not overridden in your OS/browser
(e.g. by DHCP).
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
is. `--with-zlib-dir` works only if either
`--enable-static-zlib` or `--enable-static-tor` is set. This options are
meant to be for solely for *static* linking.
For dynamic linking you may want to tune LDFLAGS variable or `--libdir`
option.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.tor
correct time (e.g. via NTP aka "network time"). Consult
your OS documentation on how to do so.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
- Intro point can track HS connection attempts but only relate them to
> ephemeral service key for the duration of the key.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
OT be absolutely certain that it doesn't.
And it has bugs that can be exploited. Remotely. By anyone (there is no
such a thing as NOBUS). If they're exploited then *ALL* your
firewalls/sandboxes/whatever are meaningless. This won't seize to be a
problem if you focus on other problem
l onion service (one per
cluster) for this? (Donncha actually mentioned this in the docs).
It may be fun today but tomorrow it won't work.
[1] Not now since they're not implemented. :)
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
at they're doing and thus install right packages.
Another branch would be messy and hard to catch up with "upstream".
[*] Other species/AI are also welcome.
[1] Most of them.
[2] E.g. RowHammer or plain stupid bitflips of non-ECC RAM.
[3] I'm not just complaining. I'm happy to
oes (if you're doing web).
Many of these problems should be gone after prop224 got implemented.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
have the cert for it to serve over either
DirPort or begindir. But your client still has it (somehow).
> I'm using an old version of Tor (0.2.5.x) for various reasons.
This it really old. I'm curious about what are reasons behind it.
Please don't run relays on that old versions.
-
should
rely on what tor collects.
[1] https://trac.torproject.org/projects/tor/ticket/13988
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
nt out to the paper you've mentioned?
Thanks,
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
aknesses
of obfs4 lead to its detection in real DPI boxes.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Ts. Anyway
we need improvements in both directions.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
sonably well performing
> circuit.
Huh, it's true. I've noticed that Tor performs way better than clearnet
connections over bad/faulty networks (mostly wireless ones). In case of
packet loss, routing failures, DNS outage, bandwidth trottling etc Tor
actually solves these problems magically
oment when the lantency advance doesn't matter
anymore (the difference is negligible). When this will happen there is
no reason to use VPN for general user. We definetely can get there using
faster crypto on faster crypto-accelerated/parallell hardware.
--
Ivan Markin
--
tor-talk mail
n consensus (public) --> no Exit flag --> clients will not be able to
exit through this relay*.
* Without torrc/code modifications.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mai
ki/org/roadmaps/Tor/IPv6
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
2. It's not that hard to separate traffic originating from you and exit
traffic from the Tor network.
3. This setup is not anonymous since all your traffic exits from one IP.
4. Note about secondary liability in your local legal code before
running an exit node.
--
Ivan Markin
--
tor-talk mailin
hop circuits?
IMHO the best long-term solution is to improve overall latency/bandwidth
of the Tor network. So noone should ever concern about circuit length
(and make awful mistakes) and everyone get anonymity by default.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
e.
I'm aware of Belarus and it clearly visible, e.g. on OnionMap.
[1] https://meduza.io/en/news/2015/02/25/belarus-bans-tor
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
e is a beautiful Tor monitor called Nyx (previously arm) [1].
[1] https://www.atagar.com/arm/
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
зде.
Просто под разным соусом. Тут больше проблема философии.
Я сам книгу тоже не читал, но я понимаю ее как исследовательский
текст/статью. Вообще согласен, что ее в России не купить и что это печально.
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change
f this passive attack no attacker "fails".
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
quot;. Or maybe it
was just a test.
It looks like the most obvious way to crack Tor _right now_ and
_forever_ at low price is to perform a country-scale traffic
confirmation attack. Russia already has capability to do so. It's called
SORM. With this contract they possibly want to "do
port.
If TLS is broken via CA cert then it's broken (no matter which).
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
e CA in your computer
already installed?
I recommend to switch now, meek doesn't work in this case as it's
supposed to. But it's all about your threat model and up to you.
--
Ivan Markin
signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-t
r connection. It is
just encapsulated into HTTP (without TLS in your case) and easily
detectable with tools like tcpflow.
Try to use PTs other than meek like obfs4/ScrambleSuit.
--
Ivan Markin
signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-talk@lists.torpr
erminating TLS (meek in this case). And then fire you for using Tor.
--
Ivan Markin
signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
cked (looks too problematically when it comes to the
reasons of this censorship, but possible) try another Pluggable Transport.
--
Ivan Markin
signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings
. For
instance, they can sniff SOCKS5 TBB<->tor connection.
In other case just delete malicious CA certs (if you have these
permissions).
--
Ivan Markin
signature.asc
Description: OpenPGP digital signature
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change
nst ISISv1.
Good luck!
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Tor for that if you don't like your ISP's
throttling and other nasty stuff? (you're already at tor-talk! :) )
--
Ivan Markin
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Перестали работать карты VISA
Do you have some details? Is it true that most of the traffic is routed
though Russia?
Есть какие-нибудь подробности? Действительно ли большинство трафика идет
через Россию?
--
Ivan Markin
signature.asc
Description: OpenPGP digital signature
--
tor-talk maili
s workaround:
3) Near selected message: "Details" dropdown -> "Enigmail Security Info
..." -> copy keyid from an alert window ->
'$ torsocks gpg --recv-key KEYID'.
Also you can specify keyserver via `--keyserver` option.
--
Ivan Markin
--
tor-talk mailing l
39 matches
Mail list logo
