logs archiveIRC Archive / Oftc / #tor / 2015 / September / 21 / 1
Raiz
fusebox, who uses localhost :)
my hostname is Freedom \o/
scrambler
hi ppl
hi kernelcorn it's been so many time
i was wondering a good smartphone in which i can run Tor securely
i know Android is somehow vulnerable, but maybe there is some phone better than the rest
ruds
you'll have to do quite a bit to the smartphone to actually have security. I recall there being a webpage about smartphone hardening
* good security and privacy
BrokenCrypto
jacob did a write up on the moto x i think
wasn't much of a smartphone afterwards though lol
ruds
https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
scrambler
yeah
Guest2379
moto x can detect stingrays with snoop snitch
whitanne
i think it's impossible, phones aren't designed for privacy
scrambler
i know the one plus comes wioth cyanogenmod
is that a good version of android?
whitanne, but there's have to be some room for it
         

BrokenCrypto
problem is the hardware baseband chips and such
scrambler
i mean, running orbot to connect to irc at least
yeah
Guest2379
my best advice is you can never trust the smart phone because of the base band
the best you can hope is the moto x with snoop snitch to detect stingrays
but depend on tor on it to keep you safe from a sophisticated adversary use a pc for that
dont depend on it
erdbeer
scrambler, a phone as a relay will be a really slow relay
scrambler
yeah, the master slave relation of the two processors
jake talked about it
it makes sense
what is your opinion about Whonix?
and the whole security by isolation concept?
Guest2379
I like whonix
whitanne
whonix has great documentation
Guest2379
it would have prevented a few different attacks that caught some tor users off guard
scrambler
its been runing smooth since i set it up
BrokenCrypto
too many propietary bits for my liking
Guest2379
Qubes + Whonix is better
Whonux = debian
whonix = debian
whats wrong wityh it BrokenCrypto
scrambler
Guest2350, yeah, but it does not have non-free repos enabled
whitanne
you can run android completely over tor with whonix gateway + android-x86 :)
scrambler
so its pretty ok
i have my hidden service on it
like for 6 months
Guest2379
You have whonix on a vps for hidden service?
I didnt think you could do that
scrambler
no i have it in a home brew server
on my residential dyn ip
it runs pretty well
scrambler_l
i run lighttpd and irc
mostly for spanish speaking people
there is not much spanish content in onionland
luckyuser
how are tor users dealing with the suspected control of exit nodes by unsavory types?
Guest2379
visit https site
sites
BrokenCrypto
use trusted exits
         

luckyuser
oh. makes sense.
i didnt know you could control exits.
Guest2379
assume all exits are compromised
BrokenCrypto
you can or you can switch exits with new identity every so often
Guest2379
only visit onions or https versions of sites
BrokenCrypto
true better method
luckyuser
i like the idea of tor but thought there was no way to really stay under
whitanne
under what
luckyuser
under encryption... anonymity
whitanne
encryption != anonymity
luckyuser
but if you pop out an exit headed for bigtits.com then the whole tor thing was sort of a waster
scrambler_l
BrokenCrypto, Guest2350 it doesn't matter the SSL since mostly certs are not signed by CAs right?
whitanne
what lol
scrambler_l
you would have to verify the fp first
Guest2379
scrambler is you visit onions your data in automatically encrypted
BrokenCrypto
if anything you can argue that the CA system is compromised
luckyuser
ok. so you dont mind no anonymity, just privacy is enough?
Guest2379
Its true the CA system is sh*t but its what we got unless you manually verify fingerprints
Guest2350
if you can't trust the root CA or its certs that is all bs
whitanne
scrambler_l: idk how you'd verify a ssl fp, most sites don't publish their fp
scrambler_l
yeah
Guest2379
right click the https
BrokenCrypto
yup turtles all the way down
Guest2379
and you can check the fingerprint
scrambler_l
whitanne, looking at the certificate?
Guest2379
or download cert patrol addin to FF
it will tell you if there is a suspicious change
BrokenCrypto
but not on the tbb
scrambler_l
i have published my ssl fp in the motd
tbb
not everybody do it
scrambler_l
and you can pgp email me and verify again
Guest2379
I wish everyone would use namecoin for ssl FP
tbb
whitanne: can't the ssl observatory (https everywhere) help for this kind of thing ?
Guest2379
Yes but SSL Observator sends the sites you visit to them
tbb
when on clearnet ofc
Guest2379
takes awa anonymity
tbb
Guest2379: that goes through tor
(if configured to)
BrokenCrypto
just use lynx with tor and surf safely
Guest2350
fu*k most don;'t
re: scrambler_l 's comment
Guest2379
Lynx :) no one uses it
tbb
i do
BrokenCrypto
lynx is awesome
« prev 1 2 3 4 5 next »