dn't be used as a blacklist), it would be much appreciated.
> Well-intentioned users around the world are being blocked from various
> forums, retail sites, and government websites, despite never having
> broken any rules.
>
> Thank you for your time.
>
>
> Sincerely,
I haven't seen this mentioned here, but thought it would be of interest
to the list. Perhaps something for TWN?
"NSA and GCHQ agents 'leak Tor bugs', alleges developer"
http://www.bbc.com/news/technology-28886462
> Spies from both countries have been working on finding flaws in Tor, a
> popular
It seems like Onionoo has been down the last couple of days.
Occasionally I can get a response, but it times out more often than not.
Globe and Atlas also seem to be having trouble communicating with
onionoo. Are the keepers aware of the issue?
-- Mike
--
tor-talk mailing list - tor-talk@lists
On 7/2/2014 1:02 PM, Bobby Brewster wrote:
> What are the benefits of running TBB in a VM?
>
> AIUI, there are two advantages.
>
> 1.If malware infects the VM, then just the VM is compromised. If your
> Windows/Mac/Linux system is infected, then your entire system is affected
> (yes, I rea
On 6/29/2014 4:20 PM, Mark McCarron wrote:
> Mike,
>
> Thanks for the input, but this end-to-end traffic analysis is a well
> documented problem by the Tor devs themselves. Although, what is missing
> from the devs statements is more revealing, namely that it can be fixed by
> removing visibil
On 6/29/2014 9:11 AM, Mark McCarron wrote:
> As you mentioned, there are legitimate worries, mainly that Tor and people
> like yourself have a conflict of interest. The main funding appears to come
> from the US military. It appears to many of us, that the software has been
> deliberately kep
On 6/10/2014 6:17 PM, grarpamp wrote:
> "
> http://www.norse-corp.com/darklist.html
>
> The world's first comprehensive blacklist of the Internet's highest risk IPs.
"Why secure your server when you can pay us for a false sense of
security! Guaranteed to piss off potential customers and lowe
On 5/29/2014 9:18 PM, grarpamp wrote:
> Anyone else noticing slashdot, google, and a few
> other big ones i can't recall, now throwing annoying
> popups with 'hey, we're using cookies, click to agree
> to this' ? What new legal groupthink bs is behind this?
It has to do with some law in the EU[1]
On 5/27/2014 4:14 PM, Joe Btfsplk wrote:
> On Tue, May 27, 2014 at 12:04 PM, Michael Wolf wrote:
>>> On 5/27/2014 1:43 PM, John Henry wrote:
>>>> I am not a YouTube user. I was wondering about netflix, or other
>>>> computer
>>>> TV streaming
>&g
On 5/27/2014 2:43 PM, John Henry wrote:
> I am not a YouTube user. I was wondering about netflix, or other computer
> TV streaming
> .
Please don't use Tor for this. Use a proxy or VPN. Streaming
high-quality video uses way too much bandwidth, and it doesn't seem like
you actually need the anony
On 5/22/2014 6:07 AM, Lunar wrote:
> Jon:
>> One thought as I played around with it would be to replace "..." with
>> a strike-through of the information that is not available based on the
>> combination of technologies chosen?
>
> That would be a nice idea to try. Unfortunately, the current Tor B
On 5/21/2014 12:26 AM, Cinaed Simson wrote:
> Any chance using a secure version of TSL and getting rid of the known
> insecure ciphers?
>
See this bug here:
https://trac.torproject.org/projects/tor/ticket/11253
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change o
On 5/19/2014 6:13 AM, Mike Perry wrote:
> Due to the ubiquity of deployment of this scheme, it is likely that this
> identifier will soon be abused by all sorts of entities, likely starting
> with banking and government sectors, and quickly moving on to the
> advertising industry (why not play a s
On 5/14/2014 4:23 AM, Mike Cardwell wrote:
> * on the Tue, May 13, 2014 at 08:51:28PM -0400, Michael Wolf wrote:
>> I had an idea recently that might be an improvement (or might not?) on
>> the darkweb-everywhere concept. What if we introduced an HTTP header
>> similar to HST
On 5/13/2014 9:32 PM, Mirimir wrote:
> On 05/13/2014 06:51 PM, Michael Wolf wrote:
>> I had an idea recently that might be an improvement (or might not?) on
>> the darkweb-everywhere concept. What if we introduced an HTTP header
>> similar to HSTS -- `X-Onion-Address` perh
On 5/13/2014 9:21 PM, Asa Rossoff wrote:
> On May 14, 2014 00:51 UTC, Michael Wolf wrote:
>> I had an idea recently that might be an improvement (or might not?) on
>> the darkweb-everywhere concept. What if we introduced an HTTP header
>> similar to HSTS -- `X-Onion-Addr
On 5/13/2014 9:10 PM, Patrick Schleizer wrote:
> Sounds good!
>
> Should some.clearnet.domain/some/thing send
>
> X-Onion-Address: xxx.onion/some/thing
> or
> X-Onion-Address: xxx.onion
> ?
I think the xxx.onion is sufficient. We're simply telling the client
that the site is available at anothe
On 5/13/2014 7:24 PM, Patrick Schleizer wrote:
> darkweb-everywhere
>
> "HTTPS Everywhere rulesets for hidden services and eepsites."
>
> https://github.com/chris-barry/darkweb-everywhere
>
I had an idea recently that might be an improvement (or might not?) on
the darkweb-everywhere concept. W
On 4/26/2014 1:11 PM, Keith Alexander wrote:
> is using the tor network over a vpn considered safe?
>
> me -> vpn -> tor network -> interwebs
>
> the vpn connection reduces the mtu and increases latency.
>
> any impacts on anonymity?
>
This is what the wiki [1] has to say about it:
"You can v
On 4/21/2014 11:06 PM, grarpamp wrote:
> Browsers should have an option to log the ciphersuite
> used per site so users can review their own suite
> profile after some time period and adjust options accordingly.
>
> I saw one mandantory rsa_rc4_128_sha recently,
> forgot where though.
Forcing RC4
On 4/16/2014 12:07 AM, C B wrote:
> Yes same request. The ticket though is closed, and is slightly different. I
> doubt that anyone would use TBB if it randomly closed itself every 10 or 15
> minutes, closing all open tabs, and then restarted itself, but without any of
> the old history. Just th
On 4/15/2014 7:58 PM, C B wrote:
> Thanks but why should I have to do anything to get that functionality? And by
> the way, it is not the map that I am looking for. I never could get the map
> to do anything anyway. "In the meantime, we are providing standalone Vidalia
> packages for people who
On 4/15/2014 10:38 PM, Michael Wolf wrote:
> Deja vu...
>
> https://lists.torproject.org/pipermail/tor-talk/2014-January/031949.html
>
> Also, a ticket to implement what your asking for:
>
> https://trac.torproject.org/projects/tor/ticket/9892
*you're... I coul
On 4/12/2014 2:58 PM, Roger Dingledine wrote:
> I have a cron job to copy moria1's perspective on the votes at 57
> minutes after each hour to
> http://freehaven.net/~arma/moria1-v3-status-votes
>
> --Roger
Thanks, Roger, that's perfect!
--
tor-talk mailing list - tor-talk@lists.torproject.org
On 4/12/2014 12:18 PM, Matthew Finkel wrote:
> On Sat, Apr 12, 2014 at 11:59:32AM -0400, Michael Wolf wrote:
> It sounds like you're looking for consensus-health[0] :)
>
> [1] https://consensus-health.torproject.org/
>
Thanks, Matthew. It *almost* gives me what I'm
Is there a way to view just the most recent directory authority votes?
I found the archives here:
https://metrics.torproject.org/data.html
April is 1.5 GB, which is a lot when I only want to see set of votes.
If there is currently no way to download only the most recent votes, it
would be a really
On 4/9/2014 2:29 PM, Christopher J. Walters wrote:
> This bug has been a known issue for about 2 years, and we are only now
> learning about it.
The bug has existed for about 2 years, but was not a "known issue"
before the last week or so. (Excluding, of course, criminals and such
who may have f
Apparently the US Navy's web site blocks the IP addresses of *non-exit*
relays. The block message is the same as on healthcare.gov:
"
Access Denied
You don't have permission to access "http://www.navy.mil/"; on this server.
Reference #18.a67133b8.xx.xxx
"
You'd think the US Navy wou
On 2/11/2014 5:13 PM, C B wrote:
> This makes no sense at all. We want your money AND we want to be able to
> geolocate you. For what?
My guess would be that the MPIAA and similar groups are placing the
georestrictions on the content, and Hulu doesn't really care.
--
tor-talk mailing list - tor-
On 1/29/2014 7:08 PM, Joe Btfsplk wrote:
> Playing devil's advocate - is it a good or not so good idea for users
> 1) not to be able to see their current (exit) node? For Tor users in
> certain countries, would it be the best choice to use nodes located in
> their own countries or in ones suspecte
On 1/26/2014 5:57 AM, Lunar wrote:
> Katya Titov:
>> New Identity works from both TBB and Vidalia. The difference is that
>> from TBB the entire browser closes and restarts and you lose open tabs.
>> When choosing a new identity from Vidalia the browser remains open.
>
> I need to point this out o
On 1/9/2014 4:30 AM, Max Jakob Maass wrote:
> An example would be "Certificate Patrol"
> (https://addons.mozilla.org/en-US/firefox/addon/certificate-patrol/)
> for Firefox. It implements Certificate Pinning and will notify you if
> certificates change (even with special warnings if they change way
On 1/7/2014 11:09 AM, Mark McCarron wrote:
> We're not discussing censorship, but the removal of potential exploitable
> data. Its not a keyword system, it removes cookies, web bugs, adds jitter to
> timings, etc. It can be disabled with a click.
>
> Regards,
>
> Mark McCarron
>
Tor exit
On 1/6/2014 12:39 PM, dhanlin wrote:
> TBB enables JavaScript by default, presumably because many websites need
> JavaScript. NoScript can be used to selectively allow JavaScript from
> certain domains, but doing so could make it possible to fingerprint your
> Tor use.
>
> By my judgment, you are
On 1/3/2014 9:25 PM, C B wrote:
> Incomplete list
>
> Blocking access from Tor Browser
>
>
> Also blocking access from Tor exit nodes
>
> https://www.healthcare.gov/
> https://www.kohls.com/
>
>
> I get
> Access DeniedYou don't have permission to access "http://www.healthcare.gov/";
> on thi
On 11/21/2013 2:53 PM, Yuri wrote:
> On 11/21/2013 03:02, Roman Mamedov wrote:
>> 'No messages'? So you don't even get any messages like...
>
> No, I meant there are no errors or warnings in log. Tor relay appears to
> start normally, self test messages are all there.
> Now, after several hours, i
On 11/19/2013 7:23 PM, jamie hyatt wrote:
> looking for small amount of good grade snow to buy.
I'm sure the law enforcement in the Charlotte, NC area will be by to
assist you shortly.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://li
On 11/16/2013 1:55 PM, Roger Dingledine wrote:
> Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x
> series. It takes a variety of fixes from the 0.2.5.x branch to improve
> stability, performance, and better handling of edge cases.
>
Any idea when this will be available in the to
On 11/12/2013 11:43 AM, Phil Mocek wrote:
> On Tue, Nov 12, 2013, at 1:57, bao song wrote:
>> Is it possible to access the [healthcare.gov] site with any Tor
>> exit nodes?
>
> I have no reason to believe that it has been attempted from every Tor
> exit node, but [other people and I][1] have tried
On 11/10/2013 3:12 PM, Akater wrote:
> The only solution would be recommending people to run exit nodes from home.
>
> Actually I wonder why tor users seem to be convinced it's a bad idea. I
> used to think this IS the point of Tor. If you run exit node from home then
> nobody can prove that any p
Please forgive the length of this... I just wanted to outline the
problem/solution as I see it, in order to be as clear as possible.
One of the benefits of running a Tor relay is supposed to be "better
anonymity against some attacks[1]". As such, I (and I assume others)
run a Tor relay from home
On 11/2/2013 2:33 AM, DeveloperChris wrote:
> I got to speak with my acquaintance about his experience. Sadly It was
> as bad but not as quick as I was told.
>
> He told me within a three week period of setting up the tor exit node he
> considered his entire internal network compromised as several
On 10/31/2013 4:41 PM, Michael Wolf wrote:
> On 10/31/2013 3:07 PM, antispa...@sent.at wrote:
>> On 31.10.2013 17:53, Manfred Ackermann wrote:
>>> I just did it without asking for permission ;-) Same result ... it still
>>> comes out of a Tor IP.
>>
>> AFAIK
On 10/31/2013 3:07 PM, antispa...@sent.at wrote:
> On 31.10.2013 17:53, Manfred Ackermann wrote:
>> I just did it without asking for permission ;-) Same result ... it still
>> comes out of a Tor IP.
>
> AFAIK you don't need permission for creating a mirror. After all, the
> works are in the Public
On 10/27/2013 6:09 PM, Pokokohua wrote:
> Saw this ad/news item on another list
>
> --
> PrivateCore Demonstrates Industry’s First PRISM-Proof Tor Server in Public
> Cloud
>
> ...
>
> “The NSA PRISM program has raised concerns around the world
On 10/27/2013 6:41 PM, Roger Dingledine wrote:
> On Sun, Oct 27, 2013 at 06:25:41PM -0400, Bill Cox wrote:
>> I want to support free speech and other Internet freedoms, but
>> unfortunately the world has lots of people who enjoy ruining it for
>> everyone else. Would it be possible to reduce the g
On 10/27/2013 2:06 PM, Ted Smith wrote:
> On Sun, 2013-10-27 at 03:41 -0400, Michael Wolf wrote:
>> On 10/27/2013 12:15 AM, communicationsys...@safe-mail.net wrote:
>>> Tails uses one DNS server from OpenDNS.
>>>
>>> What prevents a malicious party from
On 10/27/2013 12:15 AM, communicationsys...@safe-mail.net wrote:
> Tails uses one DNS server from OpenDNS.
>
> What prevents a malicious party from signing up exit nodes at OpenDNS and
> logging traffic, blocking content, and/or redirecting traffic?
Assuming the malicious party runs the exi
On 10/25/2013 3:31 AM, DeveloperChris wrote:
> Hi all I am new to this list and to TOR in general
Welcome!
> An acquittance of mine created a tor exit node, I know little detail
> more than that other than he was banned by services such as skype and
> ebay. and apparently the machine he used was
On 10/24/2013 5:42 PM, Joe Btfsplk wrote:
> On 10/24/2013 2:57 PM, Michael Wolf wrote:
>> In regards to being "noticed once" -- if the site you are visiting is
>> being watched by your government, then being noticed just once may be
>> cause for them to watch you m
On 10/24/2013 12:26 PM, Joe Btfsplk wrote:
> On 10/23/2013 8:04 AM, Lunar wrote:
>> Tor Weekly News October 23th, 2013
>>
>> “some circuits are going to be compromised, but it’s better to
>> increase your
>> probability of having no compromised circuits at the
On 10/16/2013 2:45 AM, Roman Mamedov wrote:
> On Wed, 16 Oct 2013 02:00:23 -0400
> grarpamp wrote:
>
>> Ironic to see them using these to link to recent revelations when...
>> - it's centralized,
>
> Irony here is that all three of you are still using GMail. :)
>
>
>
It would only be ironic
On 10/15/2013 7:05 PM, krishna e bera wrote:
> On 13-10-15 10:29 AM, Jon wrote:
>> Another article from the Washington Post may be interested in.
>>
>> *http://tinyurl.com/lcdas97
>
> Please make your emails worthwhile to read and useful to index, by
> providing a sentence in your own words saying
On 10/2/2013 3:58 PM, Shaun Savage wrote:
> He got busted.
>
> On 10/02/2013 12:10 PM, David Larsus wrote:
>> looking for a way to contact silk road.Site shut down.money at stake.
>
And now that Mr. Larsus (if that is his real name) has posted publicly
that he has "money at stake" at silk road,
On 9/16/2013 5:45 AM, Alexandre Guillioud wrote:
> "Also it is worth mentioning that disabling Javascript does not protect
> against this type of fingerprinting, as it is available to CSS too:
> https://developer.mozilla.org/en-US/docs/Web/Guide/CSS/Media_queries";
>
> It could be available to css
On 9/13/2013 4:19 PM, Sebastian Pfeifer wrote:
>
> Tor 0.2.3.25 on Debian
>
Your problem likely stems from the botnet that has been overwhelming the
network:
https://blog.torproject.org/blog/how-to-handle-millions-new-tor-clients
The solution would be to upgrade to Tor 0.2.4.17-rc, which prior
On 9/13/2013 1:56 AM, Michael Wolf wrote:
> From the Tor FAQ:
> https://www.torproject.org/docs/faq.html.en#BetterAnonymity
>
>> "Do I get better anonymity if I run a relay?
>>
>> Yes, you do get better anonymity against some attacks.
>>
>> The simp
From the Tor FAQ:
https://www.torproject.org/docs/faq.html.en#BetterAnonymity
> "Do I get better anonymity if I run a relay?
>
> Yes, you do get better anonymity against some attacks.
>
> The simplest example is an attacker who owns a small number of Tor
> relays. He will see a connection from you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/11/2013 3:30 PM, Antonio J. Delgado wrote:
> Hi,
> I just receive a letter from my ISP abuse department. Someone tried to
do some SQL injection attack using my tor node and my IP address is now
banned from a lot of services and websites (not Go
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 9/11/2013 2:52 PM, Roman Mamedov wrote:
> It's even curiouser than that :)
>
>
>
> Looks like the Akamai CDN has blocked Tor relays from accessing some
portion
> of sites hosted by it. Aside from www.healthcare.gov, I found that
www.fox.com
> and
I've been running a Tor Relay (not an exit node) from my home for quite
a while now, and up to this point have not encountered any issues
accessing any sites. However, today I attempted to access
https://www.healthcare.gov, and received a HTTP 403 response and a
pretty standard 403 message. To te
61 matches
Mail list logo
