logs archiveIRC Archive / Oftc / #tor / 2015 / July / 8 / 1
franl_afk
hest, https://www.torproject.org/docs/faq.html.en#ChangePaths
hest
franl_afk: that's not how the tor browser works though. it uses socks usernames to retain the same circuit for the same website as long as it's used, and to get different circuits for different websites, based on the url bar domain.
franl
hest, but that would mean a new circuit every time you click a link to a different Web site, right?
hest
franl: yes. and what i'm wondering is how this works for the search bar - if it's the same and the browser uses the same circuit for all searches during a session, all those searches are linkable.
franl
Linkable? An observer of exit nodes will only see a bunch of queries to the same search engine, some from the same exit node, some from others. No idea if the same user is making them all.
hest
no, but she can make a pretty good guess, depending on how busy the exit relay and the search engine are.
franl
hest, you assume a ubiquitous observer of all entry and exit node traffic. Tor doesn't protect against that.
hest
no, i assume that connections through the same relay can be statistically linked, which is the same assumption that causes tor to switch exit every 10 minutes and tor browser to use different exits for different sites.
franl
Just watching exit node traffic tells the adversary nothing about the sources of the traffic (assuming it is SSL-encrypted). That's kind of the whole point.
         

mcmc
has anyone else checked in here about Ubuntu's Firefox mods corrupting TBB alpha updates?
franl
OK, not "nothing", there are, as you say, statistical relations, but if Tor already switches circuits to defeat that, what makes you think it doesn't work for search engine sites too?
FlashySlash
hey, don't you know about some site where I can search for onion links?
hest
franl: i don't know, that's why i'm asking. if the same mechanism is used for searches as for other websites (new circuits for different websites, re-used circuit for the same website), then every search will go through the same circuit for the whole browser session.
FlashySlash: Ahmia.
FlashySlash: http://msydqstlz2kzerdg.onion/search/
franl
hest, isn't a dirty circuit closed after ~10 minutes?
FlashySlash, http://torlinkbgs6aabns.onion/
hest
franl: not in recent versions of the tor browser, they are retained for as long as they are used (for the same website). i think it's to prevent expiring login sessions.
FlashySlash
Thanks hest, do you somewhere store your links?
hest
FlashySlash: as bookmarks in the browser, just like normal links.
franl
hest, hmm. If that's true, then you should force a new ciruit every so often while searching.
FlashySlash
In your normal borwser like chrome or in Tor, hest?
hest
FlashySlash: the tor browser.
which is my normal browser... i use it for pretty much everything on the web except banking.
FlashySlash
Oh, I thought it would delete the bookmarks since it deletes the history etc
LordPicard
hi there. simple question, what is the diferente between bridges and direct connects?
I'm checking metrics for some countrys and they show less clients on direct and more on bridges. 2013-2015. is that normal ?
letsfindout
so, I didn't realize the default debian install has no firewall policy. Was there any danger to running tor browser bundle in this configuration? I imagine the only thing it listens to is the socks5 proxy? Does that even listen on anything beside loopback?
rudi_s_
letsfindout: Use netstat -lnp to find out.
kernelcorn
sudo apt-get install gufw
letsfindout
rudi_s_: was looking at this, but it's slightly confusing to read. If it says, local address as 127.0.0.1:9150 and 127.0.0.1:9151, which I believe is tbb, then it can only be accessed at that ip, meaning local only, right?
kernelcorn
yes
that means that Tor has opened SOCKS ports on those ports, which are on localhost
9050 is for data (web browsing, etc) and 9151 is for controlling Tor
letsfindout
and those are the only ports that tbb opens, right?
outside of outgoing connections
kernelcorn
Tor, which is a binary application launched when you start the Tor Browser, makes outgoing connections to the Tor network
it then opens up a SOCKS port on localhost, as you saw, such that anything sent into the SOCKS port will be sent through the Tor network and out to the Internet
as far as incoming connections go, that is handled with a firewall, not with Tor
         

letsfindout
sure, but the firewall only restricts what applications are already trying to do. Was just trying to find out what tor tries to open. Thanks for the help
kernelcorn
a firewall can have outbound rules, but it's most commonly used to stop incoming threats
letsfindout
yeah, I was worried that maybe tor opened a listening port for outside connections, since I didn't notice the firewall policy was non-existent on debian post-install
kernelcorn
it's certainly good to be concerned about that
pleasehelp
hello, im using win7, tor browser version 4.5.2 and 4.5.3, but i can't open tor when installed. I can't find log file to upload, please help.
cacahuatl
Can you clarify "can't open tor"? Does the browser start?
pleasehelp
no
cacahuatl
What happens when you try to start it?
pleasehelp
nothing start after clicking"start tor browser"
umm
seems like the pc is loading, but soon it's back to normal
it seems to try opening, but failed.
just nothing opened
cacahuatl
If you have some anti-virus solution installed, does it have anything in it's logs about it?
pleasehelp
i shut down all the anti virus software long time ago
cacahuatl
next place to look it probably your windows Application event logs
pleasehelp
including windows firewall
please tell me where to find it
cacahuatl
start menu, right click computer, select 'Manage', then somewhere in there, one of the top options under manage has the event logs.
pleasehelp
yes sir
cacahuatl
Been a while since I poked about on windows. They're the best directions I can provide from memory.
Another question is where is it being extracted to? the UAC stuff might block it executing from certain directories.
arma
in case you're curious about the hacking team dump and their proposed attack on tor: https://blog.torproject.org/blog/preliminary-analysis-hacking-teams-slides
pleasehelp
i tried to extract it at both desktop and (E:)
cacahuatl
yeah, I found their "SetEnvironmentVariable" payloads in one of their .c files, arma :P
arma
cacahuatl: yeah. find anything else interesting?
cacahuatl
https://github.com/hackedteam/poc-x/blob/master/socks.rb
spoofing the Tor bootstrap messages
one could try authenticating with a known-bad cookie and if it works then alert the user if it gets a "authenticated" message, would defeat that code :P
but the only thing I've found related to it so far is that "shim the browser" thing
pleasehelp
cacahuatl
: there is no tor.exe in task manager btw
cacahuatl
No, it wouldn't be running if the browser doesn't start.
pleasehelp
so that means the exe didn't run at all ?
and no related name event in the event browser
cacahuatl
Very hard to say without any kind of error message why it's not running. Has it worked previously?
pleasehelp
no
never
and the result is all the same
umm
sir
i just installed beta one
and it start now
torbrowser-install-5.0a3_en-US
thx for your kindness sir
cacahuatl
eh, no problem, strange that there's no sign of any kind of error, I'd normally expect that to be the result of AV with a false positive or the like.
pleasehelp
have a good day sir, bye :)
someone235
I'm trying to request new identity, but when I execute "telnet localhost 9051" I get "telnet: Unable to connect to remote host: Connection refused"
someone knows why and how to fix this?
Tichodroma
do you use the TBB?
someone235
Tichodroma, I don't think so. What is it?
Tichodroma
the Tor Browser Bundle?
someone235
nop
Tichodroma
how do you run Tor? How did you install it?
someone235
Tichodroma, from ubuntu repositories
service tor start
Tichodroma
so you run a node. Do you use any client, for example a browser, that uses this node?
someone235
Tichodroma, yes, I use it with firefox
Tichodroma
and does anybody else use this Tor node?
someone235
Tichodroma, no
Tichodroma
then I recommend to uninstall Tor and install the Tor Browser Bundle. It has nice GUI tools to get a new identity
« prev 1 2 next »