logs archiveIRC Archive / Oftc / #tor / 2015 / August / 29 / 1
blan
kernelcorn Is there an alternative to google traduction as lcoally soft?
kernelcorn
what?
Lever
Anti-mad : there's App for win PC called "proxifier" http://proxifier.com/ you can use it
jjweiss
kernelcorn: I think he's asking if there are any language translators that work locally
kernelcorn
not to my knowledge
Anti-mad
other question : how may I to connect ti hidden tor irc ?
cacahuatl
Set up your IRC client to use tor as a SOCKS5 proxy then connect normally.
Anti-mad
cacahuatl : I yet sut up my client ( I'm connect with a tor-exit node now )
antiatom
I just noticed that Freenode requires the use of a compromised NIST elliptic curve as a SASL mechanism for all Tor users
...or PLAIN
         

jjweiss
more importantly, they no longer allow connections from tor, and haven't for quite some time
thus not really relevant to tor use, now is it? :)
antiatom
jjweiss: Sure they do, they run Tor hidden services: https://freenode.net/irc_servers.shtml#tor
Oh... well nevermind they are unavailable it says
jjweiss
exactly
Anti-mad
sadasd
kernelcorn
antiatom: what NIST curve are you talking about?
dalo^
Is chutnet independant of the Tor project?
kernelcorn
no, it's maintained by Tor developers
see https://gitweb.torproject.org/chutney.git, look at the URL too. All of the developers of Chutney also work on Tor or post on the tor-dev mailing list.
dalo^
Thank.
edita
heyhey
noandse
Hello
what are the dependencies in order to run Tor Browser on linux system?
running X is clear, what are other (e.g. GTK+-) dependencies?
any list of requirements available or does Tor Browser Bundle contains it all?
Peng
Simple suggestion: Install your OS's Firefox package
or just its dependencies
noandse
Thanks for simple answer. On spot.
I thought though that TBB contains most of it itself
making it portable
but as I see even firefox does not have that many dependencies itself.
So your simple answer was really on spot. Thanks.
torchinz
is facebook over tor a good idea?
velope
good for what, and compared to what
facebook is still facebook, tor or not
torchinz
compared to the normal browsing, wherever it is banned
like people would never use tor for transaction, unless it is bitcoins.
Peng
It depends on what you're trying to accomplish.
velope
people sure do use tor for all kinds of private and secure things
especially when the alternative is regular internet without tor
jjweiss
more importantly, is facebook acting as their own HSDirs now?
Peng
And, beyond things like BitTorrent, there's no Rule that you can't use Tor for normal browsing that doesn't benefit from it.
Atroc
with fake profile and just fake data its okay but why you want to use this site with tor when you dont even want to use it withour tor?
wikipedia onion address would be a much better idea
         

velope
hidden services can't choose their own HSDirs. otherwise clients couldn't find them.
jjweiss
that HS vulnerability could make facebook over tor to the HS a "bad idea" whereas it may or may not be if connecting to the clearnet site
Peng
HS Facebook still does HTTPS, yeah?
torchinz
HS?
Atroc
torchinz: hiddenservice
jjweiss
velope: fine, then swap out, "be their own HSDirs" with, "following the recommended mitigation practices"
torchinz
ohh...facebook does have an official onion site, isnt it?
jjweiss
I thought my shorthand should be fairly obvious, but I suppose it's not fair to assume that knowledge of the OP
Atroc
torchinz: facebookcorewwwi.onion i think. its easy to remember
torchinz
yes exactly Atroc
jjweiss
the main problem with the hidden service is that you have to resort to DNS trickery and mapaddress magic to make the facebook apps use it as it isn't otherwise configurable
Atroc
but i wonder why wikipedia doesnt have an onion address
jjweiss
you could add it? :)
Atroc
well yeah I could but would you trust it when its not by wikipedia? ;)
qwerty1
it's best not to use facebook at all
jjweiss
it's also best to live in a cave somewhere far away from technology, but I don't see many people choosing that option
Atroc
i dont have a facebook account anything. i use whatsapp but i dont write private data with it.. or use my smartphone for private data
qwerty1
well no
certainly don't get a facebook account
Atroc
*anyway
jjweiss
facebook can actually be a good information source and a good place to plant (dis)information if one just resists the compulsions and peer pressure to post anything potentially damaging
they've also gotten away from strictly enforcing the name policies, so a pseudonym or even nickname rather than legal name will foil most would-be attackers' attempts to "find" you
velope
in this channel let's keep it specifically about tor.
you can discuss facebook in general in #nottor
Atroc
is there a wikipedia sql dumb?
jjweiss
velope: tor is the final piece of the equation, actually :)
qwerty1
their hidden service came about because they have the author of cracklib working there
it's not representative
jjweiss
Does anyone know the ticket number for the HSdir vulnerability off the top of their heads, by any chance?
special
jjweiss: what are you referring to, specifically?
jjweiss
the denonymization attack that's possible due to HSDirs' position in the network (along with some basic brute force methods, iirc)
I thought I bookmarked it, but I can't seem to find it, and websearches come up with a lot of articles about it and a few scholarly works, but no tickets, save for this one: https://trac.torproject.org/projects/tor/ticket/8106
special
do you mean the (now historical) relay_early attack?
jjweiss
I wasn't aware of that one, but it looks a bit scary too
special: no, this one: http://www.idigitaltimes.com/deanonymizing-tor-hidden-service-traffic-through-hsdir-cake-walk-say-researchers-hitb-445328
the last time I looked at the relevant ticket, it was projected not to have a viable workaround until sometime in 2016
s/workaround/fix/
special
ah. okay.
jjweiss
the actual workaround was supposedly to "act as your own HSDir" iirc
special
there are two tickets that are relevant, in terms of making it harder to become the HSDir for a service of your choosing
jjweiss
which now that I think of it, would still be bad for sites like facebook where the location of the hidden service is known. a governmental adversary could still force them to use the exploit to "find" you
special
(you cannot choose to act as your own HSDir)
velope
(for the second time)
jjweiss
I probably came away with an oversimplified understanding of the workaround then
special: at any rate, do you happen to know the two relevant ticket numbers?
special
#8243 made it harder to become a HSDir; we also raised the uptime requirement to 96 hours. That is useful against an attacker that is changing their identity key to serve a particular service
the real solution is #8244, and we're working on implementing shared randomness now, so it will be fixed for the next-gen hidden services.
also, that article doesn't discuss the impact of guards on their attack
jjweiss
special: thank you. I've added the rss streams so I can keep better track now ;)
special
there's also work being done on detecting malicious HSDirs in the network, and removing them
it's very obvious when relays are trying to remain as the HSDir for a specific service long-term
jjweiss
I'm actually pursuing a different course whereby the darknets like tor, themselves, are also considered untrusted networks and the actual delivery mechanisms are relatively agnostic. that's more #nottor or #moocows material though :)
special
and you might also be interested in the recent usenix paper on fingerprinting hidden service circuits
https://blog.torproject.org/blog/technical-summary-usenix-fingerprinting-paper
jjweiss
I guess the extent of tor-relevance is that I feel it's a lot like placing all of one's eggs in a single basket trusting a darknet to begin with. HSes SHOULD be using SSL and other encryption on top, and providers SHOULD be multipathing across different darknets where possible. that in and of itself would mitigate a LOT of problems
« prev 1 2 3 next »