logs archiveIRC Archive / Oftc / #tor / 2015 / July / 19 / 1
jj33
hi
eard
anybody know a https download link for tails?
ryonaloli_
eard: there is none
however the checksum and the gpg signature is served over https
eard
but tails.boum.org has its own xkeyscore rule
i want to protect my friends
ryonaloli_
that's a bit of a misconception. *everyting* has an xkeyscore rule
the tails one was just one of the example ones that was published
eard
i don't think foxnews.com has one :)
ryonaloli_
it does
iirc, all known websites do
it's not just "suspicious things", it's all things
ashawn
you work for the nsa don't you?
ryonaloli_
if i worked for the nsa, i'd happily propagate the myth that they only spy on certain keywords
and that you can be totally safe just by avoiding certain urls
         

ashawn
gp
ryonaloli_
i wish they didn't publish those specifically. it was done for shock value and made everyone think "zomg using tor gets you on a list therefore if i don't use tor i will stay anonymous!"
dariusc93
I got a quick question, is there any reason why the tor circuit is always the same while the other 2 arent?
ryonaloli_
yes. that's the guard node, which does not change rapidly to help prevent certain types of traffic correlation attacks
it makes it take drastically longer for someone who puts up a lot of evil tor nodes from compromising a large portion of the network
eard
also means ur fu*ked even longer if u picked the wrong one :)
ryonaloli_
all it takes is being fu*ked once to be 100% fu*ked
so a rapidly changing guard means the chance of being 100% fu*ked is a lot higher
dariusc93
Ah I see. I was wondering because the one that I am stuck on is extremely slow and it been the same for over a month
ryonaloli_
you can change it if you want, if you value speed over anonymity (changing it too often starts lowering your anonymity)
dariusc93
How do I change it? I only use it when im traveling though
arma
dariusc93: you might also enjoy https://www.torproject.org/docs/faq#EntryGuards
you can change it by editing your state file in your datadirectory
or by setting an entrynodes line in your torrc
but maybe the simplest answer is "by reinstalling tor browser"
dariusc93
Gotca
jadette^
hi
vaskozl
Hey, how would I go about making a port only available trough the hidden service?
And not by using a direct connection to the ip?
ryonaloli_
by using iptables to close the port
tor will still be able to access it because localhost is typically not restricted with iptables rules
vaskozl
ryonaloli_: Thanks :)
Also anyone have experience with setting up a irc server? I'll set one up but was wondering if there were any recommendations to avoid any unwanted leaks.
ryonaloli_
if you don't know how to avoid leaks, i'd recommend against setting up an irc server
vaskozl
ryonaloli_: You see I'm trying to learn if there is anything I haven't considered, hence why I asked. Someone might have possibly already have shared configs tuned for privacy.
vixxo
hello guys, I've read too much about and there are contrasting opinion so I would like to ask if downloading through TOR ( NO p2p) can comprimise anonimity. As far as I've understood It will not compromise security, the issue is that downloaded file's source must be trusted. The problem is that I've read of many exit nodes trying to do attacks compromising files integrity with malaware and stuff like that. So what's the state of art? I'm a bit confused
ryonaloli_
some types of files can be compromised by the exit node or the site hosting them. for example executables (obviously), and some types of documents which can either have scripts on them, or fetch external resources
vixxo
ryonaloli_: why this doesn't happen downloading webpages, for example through javascripts ?
         

ryonaloli_
because tor browser will obey the proxy settings and only use tor
but what if you download a .doc file, and open it with microsoft word. microsoft word isn't tor browser, so if it contains an embedded image, microsoft word will fetch that image using the internet, without using tor
vixxo
ok thank you
ryonaloli_
if you need to open documents like that, you should either open them on a computer that is disconneccted from the internet, or preferably open them on Tails (https://tails.boum.org) which will block all non-tor requests
babygoat
hi. i was here a while back because "torify ssh foobar" did not work anymore. someone gave me some line to put in ~/.ssh/config to make it work without prepending "torify"... any ideas what that line was?
wgreenhouse: was it you who gave me hte advice?
ncl
babygoat: 'ProxyCommand' probably?
babygoat
ncl: yes! thank you. (https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/ssh for those who asked themselves)
(it needs netcat-openbsd rather than netcat-traditional)
TomvdW
oh I bet it was me
Learjet
Hi
Is there any tor developer/sys admin?
TomvdW
maybe I can help?
Learjet
TomvdW maybe yes if your are a developer. I read that NSA is able to easily track users in the tor network. I don't know if it's only a rumor or what. What do developer know about that?
TomvdW
no need to be a developer (though I am) to comment on that :)
it's mostly a rumor. there is no evidence of it, and for the NSA to be able to pull that off they would need a very international presence that intercepts pretty much all worldwide internet traffic
so definitely not "easily"
Learjet
and I read that there is a new client for tor which would protect users by the NSA. It might be that the creator of this new client is the NSA... a trojan.
TomvdW
I think you need to start reading better media :)
yes there is an alternate path selector for Tor, but I don't think it's backed by the NSA, and iirc it was mostly for a research paper
Learjet
The fact that this new client might be a trap is my supposition
TomvdW
it might be, it might not be. it was a research paper and it's best to ignore those until they are properly peer-reviewed.
I believe you're referring to Astoria?
Learjet
yes
TomvdW
yeah. that's just a research paper: arxiv.org/pdf/1505.05173.pdf
Learjet
An other question. Some people say that download files from tor is dangerous... I perfectly understand that an exe file can be dangerous as it contains executable code. But they say that even an image or video can be dangerous. I don't understand why... an image shouldn't contain executable code, only data...
TomvdW
theoretically an exit node could alter traffic and inject malware. however, that only applies to http traffic, so over https it's fine
additionally, if you download executables, it could expose your identity
(if you run them and the executable does something)
and of course images can contain executables if your software contains bugs
Learjet
code injection?
TomvdW
sure
Learjet
So, in other words... an image file could contain not onloy data about pixels, but furthermore executable code that is injected and executed by the image decoder... but this type of aattack works only if the image decoder has bugs..?
TomvdW
yes
Learjet
ok
TomvdW
same for flash videos, java applets, etc.
for flash we all know it, for images less so :)
Learjet
I imagine that Windows Media Player, VLC and image reader of windows are all robust softwares, well protcted. Right?
TomvdW
doubtful
there are bugs in every piece of software
Learjet
ok, thanks for your explanation TomvdW ;)
RolaCola
Learjet there doesn't need to be a vulnerability in software for it to be exploited. Sometimes harmless features can be used to compromise your anonymity.
For example, supposing you downloaded a video file and played it with Windows Media Player. There could be content licenses in the media file which are fetched remotely (and wouldn't route through Tor).
Learjet
Is there not a "file scanner" to check if a media file contains not wanted data?
RolaCola
how would a program know what you do or dont want?
TomvdW
such a scanner would itself be vulnerable :)
RolaCola
Like PDF's for example. They can have remote resources fetched from the internet. How would a scanner know which ones you want to load and which you don't?
Learjet
RolaCola, you don't want that a file contains anything that needs access to the internet
RolaCola
Lock everything down with a firewall, then. No scanner necessary :p
Learjet
You can deactivate the LAN
yes
TomvdW
unless a vulnerability in some software manages to disable the firewall :)
Learjet
I never open a file while online
I deactivate the LAN
but I'm not sure that when I close the file I'm not in danger
maybe I should use a sanbox
sandbox
« prev 1 2 next »