logs archiveIRC Archive / Oftc / #tor / 2015 / August / 25 / 1
Snaail
So I'll launch only in superuser when needed
And I'm gonna learn about what you call "bulletproof".
velope
when using something like kali, it's easy to think of security as all "expert" offense and no defense
but you need to continue standard good security practices, which includes doing commands as root only when strictly necessary
kernelcorn
software that doesn't run as root does not have the ability to modify your operating system, even if it tried to. Even if it tried to install a keylogger, for example, Linux prevents it from doing that.
if you run everything as root, then an application can literally do whatever it wants. This is not a good idea.
Snaail
velope, that's why kali's slogan is "The quieter you become, the more you're able to hear"
Learned the difference, thanks kernelcorn !
Pff ... that was finally so simple ! Thanks one more time, bye
iddqd
What kind of usage percentage does Tor Browser have today?
Are we talking millions worldwide at least?
Millions of human users, that is.
Or is it something depressing like thousands?
cacahuatl
I think for obvious reasons it might be hard to produce meaningful statistics on that.
CosmicNoise
How much have I compromised my online privacy just by coming here?
qwerty1
not very
iddqd: users in what time period?
we don't know, but probably millions
nice nick btw
CosmicNoise
So, what is the consensus on Operation Onymous?
Are their claims of exploiting a Tor weakness simply bravado, trying to instil fear?
Or do they actually have such capabilities?
         

qwerty1
pretty much
trying to instil fear
CosmicNoise
Fair play.
cacahuatl
No one knows for sure, definitely part psyops though. I suggest you read the court documents and transcripts for the arrests for what scant details they provide.
CosmicNoise
cacahuatl, yeah. I find it pretty disgusting that we're able to get warrants and jail people without ever disclosing reasons for suspicion, or methods of surveillance.
cacahuatl
It seems like CERTCC (*spit*) were co-operating with LE on the relay_early stuff but that's not directly documented. Some of the evidence fits that narrative.
CosmicNoise
cacahuatl, how early? Way before Onymous, surely?
woosa
CosmicNoise: is 46.166.188.210 ur real ip
CosmicNoise
woosa, nah.
woosa
no problem then
CosmicNoise
woosa, but in general, how would one hide ANY IP from showing on IRC like that?
woosa
use tor
Ident name: ~woosa
Host name: 62SAAATPT.tor-irc.dnsbl.oftc.net
CosmicNoise
Do all IRC networks allow connecting from TOR though?
woosa
nope
most dont
CosmicNoise
I have no qualms admitting I'm a newbie.
What are some interesting onion sites to get started with? Nothing dodgy.
mrphs
CosmicNoise: freepress3xxs3hk.onion
CosmicNoise
Thanks :)
mrphs
you might be interested in Ricochet.im and https://onionshare.org/
CosmicNoise
Excellent tools.
Thanks.
kernelcorn
3g2upl4pq6kufc4m.onion is DuckDuckGo of course
CosmicNoise
Oh. Is there a benefit to using the onion site rather than just the usual site on the Tor browser?
         

kernelcorn
in my opinion, not particularly
cacahuatl
It stops certain kinds of attacks (MITM, cross-signing by a rogue CA, etc) if you have a known-good onion address.
kernelcorn
right, since it keeps the communication all internal to Tor
nicoo
kernelcorn: Also, impersonating an onion service is hard-ish (you have to make a HS key whose hash collides with the one in the address)
PoGo
Hi there !
kernelcorn
nicoo: right. This will be much harder (or perhaps impossible) with the next-generation of hidden services (224)
nicoo
kernelcorn: Yes, HSv2 switches to Ed25519 (and improves a lot the protocol)
CosmicNoise
How does one set up an onion site?
kernelcorn
the whole Ed25519 key will now be in the address, which is going to make them quite long
CosmicNoise: https://www.torproject.org/docs/tor-hidden-service.html.en
CosmicNoise
I should read through all the documentation on the website...
There's a tonne.
kernelcorn
please do :)
Amni
Is there an example working .onion I can use to test?
I'm connected to tor but I can't seem to resolve the couple of .onions I've tried
iddqd
I seem to often see IP addresses beginning with 46.
What's 46.x?
velope
Amni: yes, a tor developer personally runs http://duskgytldkxiuqc6.onion
iddqd
Tor Browser looks craptastic on Windows 10.
As in, the GUI is all morphed and skewed.
woosa
Amni: duckduckgo has an onion
iddqd
I have an onion in the kitchen.
... crickets.
qwerty1
excellent
Amni
Alright that works. I guess the ones I've been trying to get to have been taken down
velope
or just not maintained, or bills not paid, etc.
Amni
Right, I guess taken down was the wrong way to put it
Are down
Thanks guys
qwerty1
iddqd: 46.x.x.x is assigned to several different ASs
mostly european
should be all european actually
iddqd: why do you use windows 10? :/
iddqd: https://edri.org/microsofts-new-small-print-how-your-personal-data-abused/
iddqd: if you object to gnu/linux there is pcbsd http://www.pcbsd.org/
you can install wine easily and linux binary emulation just works so you can run tbb
wine is a windows emulator https://www.winehq.com/
mrphs
nottor
qwerty1
indeed
iddqd: come to #nottor
or the other channel
iddqd
qwerty1: Because Windows 10 is the only OS.
Windows 7 is legacy and 8 is garbage.
And Linux is a joke.
And Mac is both the same as MS privacy-wise, has very little software and sucks in many other ways.
Windows 10 sucks too, but there's no choice.
CosmicNoise
iddqd, Linux is a joke?
iddqd, all gazillion distributions?
W10 is a joke.
iddqd
It's a joke that actually works, suckily as it does it.
mrphs
shall we stay on topic?
jsh
cacahuatl: argh, got pulled away again. sorry. anyway, i'm on iOS, not Android. orbot is android-only (i think).
« prev 1 2 3 next »