logs archiveIRC Archive / Oftc / #tor / 2015 / November / 15 / 1
feverDream
clear
Chocolate_Chip
Is it safe to store bookmarks in the tor browser?
torchinz
Chocolate_Chip, they will ultimately get deleted anyway, I think
Chocolate_Chip
torchinz, what
torchinz
Oh, I thought u asked that storing bookmarks question. just answered that.
sorry, if u didnt ask that
velope
no, bookmarks are not deleted. and yes, it is safe to use them.
Chocolate_Chip
k
Thank you
What about the Favicon
velope
what about it. torbrowser has customizations to prevent problems with favicons.
Chocolate_Chip
Ok
Also, I had some questions. I found this guide to hardproof Tor, and I was curious why this is not done by default
Let me pull it up
http://tutorneunixbasq6.onion/guide/tbb.html
I understand why javascript isn't modified, but why not the other things
         

wtf_fcntl
Is that that guide which tells you to do things like disabling referers?
That's a very bad guide, I don't know why it's so popular.
Not only is it outdated, but it recommends you do things which are downright harmful to your anonymity, but which look good at first glance.
Chocolate_Chip
Oh. What specifically
Shoudl I undo it?
wtf_fcntl
Yes
Just use the security slider, if you want more protection.
Chocolate_Chip
I do
wtf_fcntl
Everything else that makes you different from the rest makes you stand out more.
Chocolate_Chip
Oh
Why though
wtf_fcntl
It reduces your "anonymity set". For example, disabling referrers does not improve your security or anonymity, but makes you easier to track.
Chocolate_Chip
So it increases the chance of finding you due to the absence of them>
wtf_fcntl
Right. It gives you a unique signature, or "fingerprint", yet the benefit it provides is non-existent.
Chocolate_Chip
Why doesn't the Tor browser come with something like Random Agent Spoofer
velope
not helpful, harmful
wtf_fcntl
Because that doesn't provide any protection, and will make you stand out.
It's better if everyone looks identical.
If everyone has the same user agent, the same referrer settings, the same everything, then you blend in with all the other millions of users.
Chocolate_Chip
oh
velope
right, it seems lots of people wanting privacy and security have the instinct to hide or withhold every last possible bit of information. but that is not what anonymity is about.
Chocolate_Chip
I believe I reset everything
wtf_fcntl
That's good. Then just use the slider alone, since it's been designed with an eye towards maintaining your anonymity set.
Every other change you make, whether in the settings, or by using adons, is another piece of information that narrows you down, so avoid other modifications if at all possible.
Chocolate_Chip
k
feverDream
Has anyone read this ? http://arstechnica.com/security/2015/11/op-ed-how-did-they-break-diffie-hellman/
I was surprised to hear that a large number of vpns use the same DH-prime for key-exchange.
Peng
Using the same prime makes sense. Using a crappy weak one that was obsolete 10 years ago makes less sense.
But this is more a topic for #nottor
feverDream
Peng: I could be wrong, but I vaguely remember reading about someone identifying tor-traffic using something similar.
Peng: and yes, wrong channel :)
         

wtf_fcntl
feverDream: Tor cannot be broken in the same way, because it does not use common primes.
SnowFall
How would one (would it make sense to) run the Tor browser bundle inside of /opt as non root user? Am trying this using a sym link to /usr/local/bin/start-tor-browser with non root user belong to group "staff", and with permissions on Tor folders/files set to root:staff
I get permissions error. In effect, I think I'm trying to set up Tor to run like an installed app (e.g., iceweasel), so the files are in folders that have root:root, but any user can start the app.
velope
sorry, torbrowser does not have the structure for that to work correctly
each user needs to have their own complete copy of the torbrowser directory tree
qwerty1
you would need to modify config files so it puts tor and torbrowser's data and config in each user's home directory
like openbsd's torbrowser port does
(if you succeed in doing this, please document it on the wiki, https://trac.torproject.org/)
velope
i suppose it can be done. however, the torbrowser developers have and will restructure the tree without supporting customizations like that, so such things are fragile and are likely to break torbrowser's automatic self-updating.
qwerty1
(tor broswer configured that way is much more amenable to inclusion in linux distros' package mangement systems)
it isn't too hard to do
we must resist the urge to treat all users like idiots just because many are
the built in autoupdating would need to be disabled
SnowFall
Thanks....food for thought....if I proceed, will document...thanks again.
Procrastinated
Is something wrong with TOR? Why is the metrics showing such a drop in usage? Has the government some how attacked TOR since the events in Paris?
Peng
Procrastinated: https://blog.torproject.org/blog/lifecycle-of-a-new-relay may be involved
Oh, Tor in general instead of your relay.
(I'd say i needed more coffee, but i have had so much coffee today i don't even)
It's worth noting some of the graphs were buggy last week.
Procrastinated
I am looking at this : https://metrics.torproject.org/userstats-relay-country.html
It's a bit freeky
Peng, why?
qwerty1
could be a metrics glitch rather than an real occurance, or a botnet being uninstalled?
idk
Peng
Mm. That's quite a graph.
qwerty1
i'm not having any problems using tor
most likely is metrics glitch imo
Procrastinated
but if this is not a glitch, it is a serious threat to people's anonimity
qwerty1
if it's a botnet going offline? how so?
Peng
No, it's a serious something.
qwerty1
everything else looks fairly normal
normal number of users here etc
so whatever it is i don't think it's affecting human tor users
rachelfish
Oh hi there
Are we talking about the random dip in the tor user graph?
qwerty1
yes
Peng
:D
_ADAM
Doots
Do you want to come over and tap inbthe walls doots?
Have tou seen the branch davidian complex?
Doots.
qwerty1
_ADAM: you've been babbling unintelligibly for days
kindly stfu
_ADAM
Do you want a place to live?
I canbpick up some 3rd world slaves if they can be trained to cimplwte tasks.
qwerty1
this is #tor
_ADAM
Isnt that what it us for?
qwerty1
please stop the offtopic stuff
_ADAM
3rd works privacy.
qwerty1
nobody can tell what you're saying if anything
_ADAM
3rd world.
qwerty1
stupid fu*k
lol
« prev 1 2 next »