logs archiveIRC Archive / Oftc / #tor / 2015 / July / 17 / 1
gabre
hello
may I ask about Orbot?
joshlucien
gabre: you can try, but #guardianproject may be better for orbot-specific questions
gabre
1, if my "mobile ISP" were tracking traffic, e.g. when do users watch videos, when do they listen to music, when do they read specific pages... would orbot be enough to "bypass" this tracking?
I think yes because of the "onion layers" on my packets
am I right?
cacahuatl
Yes, it's encrypted past your provider, but if you sent unencrypted traffic into the tor network, it will leave unencrypted on the other side
it's encrypted during it's transit though, so your local ISP wouldn't see the content
gabre
yes but they will need to control that exit node in order to do the mentioned kind of tracking
cacahuatl
correct
gabre
2, is it easy to say (for my ISP) to say if I am using Tor? is it easy for them using patterns (active field of research) to guess what I am trafficking using the onion-layered encrypted packages?
easy = yes, they are possible to do this for a "normal" user
My guess: it is not easy, they will only say that oh sh..t encrypted traffik we dunno anything about it
cacahuatl
Yes, they can say with a high probability that you're using Tor.
Because the list of tor nodes is publically available and there are certain tell-tale signs, but it tries it's best to look like a standard firefox TLS handshake
gabre
and if they arent blocking Tor then is there any "special handling from ISP side" for Tor traffick?
but there is only a public list of EXIT nodes mmm? so my ISP will only see me connecting an entry guard, not?
         

cacahuatl
No, all tor relays are in the consensus, those which can act as guards are listed as such, they can see you're connecting to a guard.
There are "bridges" which act as guards that are not listed in the consensus, and there are "pluggable transports" that attempt to mask the kind of traffic (eg, your ISP can't tell with any certainty that you're using Tor)
but generally these are only meaningful to avoid ISPs who block Tor traffic
gabre
it would be a blessing maybe if 90% of their traffic appeared as Tor :D
then, using Tor would be a "normal scenario", not using it would be weird
but now the numbers are the opposite of this
cacahuatl
This is indeed the best solution. Step 1) use Tor Step 2) get others to use Tor Step 3) colletively defend your right to use Tor
The more people who use it for more varied kinds of reason, the better the protection it provide and the easier step 3 is
gabre
I guess I have the right to use Tor (now)
okay but question three: does Orbot block UDP and other non-TCP traffic? (using it as a VPN service)
cacahuatl
not sure about the new VPN features, that one is best directs at guardianproject unless someone else here knows the specifics of that?
gabre
has GP a channel?
cacahuatl
There's one of freenode and one here #guardianproject but I don't think the one here is especially active?
gabre
there are ppl there
I ll make a visit
so if I want "untrackability" for my mobile, is it good to use Orbot?
cacahuatl
lol it's best to throw your mobile in a blast furnace, but it's a start
gabre
sorry I meant it for ISP traffic tracking
how much amount of lolcat videos one watch
I know that my mobile is a personal tracking device
cacahuatl
Yes, to defeat your ISP then Orbot will work, so would a straight VPN though
gabre
ok but it is hard to find a good vpn for android (as I see)
Tor means a lot of IPs for me, a VPN is only one IP
a free VPN is similar to an ISP from the mentioned tracking point of view
I hope you understand how I mean
cacahuatl
Yes, then Orbot is the best solution.
gabre
and yes, Orbot blocks UDP
anon438769326
hello, apparently, tor does not really ensure anonymity anymore http://arstechnica.com/tech-policy/2015/07/feds-bust-through-huge-tor-hidden-child-porn-site-using-questionable-malware/
rayn
hello ppl
the torcc script has the variable RUN_DAEMON at the start option. how is this variable set? I can only find it in one place
im sorry i was referring to the /etc/init.d/tor script. :P
cacahuatl
rayn: Possibly it's something it can inherit from /etc/profile{.d/*}?
rayn
nice name cacahuatl
cacahuatl: im trying to start tor as a normal user. i made the configs. copied that script somwhere else. And that variable always is different to "yes".
cacahuatl
well it's going to be pulled from env
you can set it arbitrarily
linuxthefish
who has facebook?
guys add me on facebook https://www.facebook.com/profile.php?id=100010019825974
         

kernelcorn
most Tor enthusiasts aren't going to be on Facebook, if they even have an account
ryonaloli_
s/www.facebook.com/facebookcorewwwi.onion/
fix'd
kernelcorn
s/add me on facebook/add me on Tox or Ricochet/
cacahuatl
I'm not a huge fan of Tox :/ last time I reviewed their spec it seemed to only offer confidentiality
with a vast metadata surface
ryonaloli_
what metadata is released other than who is talking to who and when?
cacahuatl
:P other than, yes indeed
ryonaloli_
ah
Djlocus
Hey.
is sharing javascript code allowed here?
ryonaloli_
if it's related to tor support yeah. otherwise it might be better for #nottor
Djlocus
start private chat with me
because theirs some javascript code i wanna go over with you about Tor. might maybe help them gaurd against something like this also.
qwerty1
pastebin it
cacahuatl
put it on paste.debian.net and provide a link to it
Djlocus
okay. 1 min
qwerty1
or if less than 10 lines, paste to the channel
~10
Djlocus
more like 1k lines
i got the pastebin link
here
http://pastebin.com/LPsxa4Uc
qwerty1
is that new or old?
Djlocus
i got done with this two days ago
qwerty1
tell mozilla
Djlocus
wanted to share this
okay.
qwerty1
mozilla is upstream for tor browser
Djlocus
okay thx for the help. because id hate for a problem to go wrong and something as easy as 1k lines of code being able to exploit the browser.
kinda suck
qwerty1
mikeperry: ^
Djlocus
i wonder. why facebook would make a onion website if their gonna attempt to make you enable javascript
noones that dumb....
ryonaloli_
because javascript isn't pure evil
it just makes exploitation a little easier
cacahuatl
er, isn't this just magneto from years ago?
"var magneto = ("\ufc60\u8ae8"+...."
ryonaloli_
lol torsploit
qwerty1
that was what i thought
if it isn't please go to https://bugzilla.mozilla.org/ and file it
https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines
thanks for notifying us
Djlocus
already did
the code which i provided. i was thinking about how i could get around Tor but thinking hard i could just of made a browser exploit like that i showed yall. and could auto execute on load.
« prev 1 2 3 4 5 next »