[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Âcall for testing new tools and inÂstructions to get startedwith Tails (sajolida)Â



This is particularly interesting and unexpected. Creating a way for an average Joe to use tails sounds great. Mind if I ask what is the 4k support like for those of us that have it?  Thursday, 24 December 2015, 11:00pm +11:00 from  tor-talk-request@xxxxxxxxxxxxxxxxxxxx :

>Send tor-talk mailing list submissions to
>tor-talk@xxxxxxxxxxxxxxxxxxxx
>
>To subscribe or unsubscribe via the World Wide Web, visit
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>or, via email, send a message with subject or body 'help' to
>tor-talk-request@xxxxxxxxxxxxxxxxxxxx
>
>You can reach the person managing the list at
>tor-talk-owner@xxxxxxxxxxxxxxxxxxxx
>
>When replying, please edit your Subject line so it is more specific
>than "Re: Contents of tor-talk digest..."
>
>
>Today's Topics:
>
>ÂÂÂ1. Call for testing new tools and instructions to get	started
>ÂÂÂÂÂÂwith Tails (sajolida)
>ÂÂÂ2. A curious email from Twitter mentioning Tor Project (Akater)
>ÂÂÂ3. Re: A curious email from Twitter mentioning Tor Project
>ÂÂÂÂÂÂ(ncl@xxxxxxx)
>ÂÂÂ4. Re: A curious email from Twitter mentioning Tor Project
>ÂÂÂÂÂÂ(Jens Kubieziel)
>ÂÂÂ5. Re: A curious email from Twitter mentioning Tor Project (kytv)
>ÂÂÂ6. Re: torpoxy support for forced https (Katya Titov)
>
>
>----------------------------------------------------------------------
>
>Message: 1
>Date: Wed, 23 Dec 2015 15:08:48 +0000
>From: sajolida < sajolida@xxxxxxxxxxxx >
>To: "discussions about user-experience of Tor products."
>< ux@xxxxxxxxxxxxxxxxxxxx >, tor-talk@xxxxxxxxxxxxxxxxxxxx, List to be
>used by Tor teachers and trainers to build a "community," circulate
>training materials and get feedback
>< tor-teachers@xxxxxxxxxxxxxxxxxxxx >
>Subject: [tor-talk] Call for testing new tools and instructions to get
>started with Tails
>Message-ID: < 567AB900.2010709@xxxxxxxxxxxx >
>Content-Type: text/plain; charset=utf-8
>
>We are aware that the process of getting started with Tails
>(downloading, verifying, installing, starting, and configuring) might be
>the main stumbling block for its wider adoption.
>
>Over 2015, we have worked very hard to make this process easier and
>today we are happy to release a first beta version of the new process.
>
>We worked on:
>
>1. A Firefox add-on to automate the verification of the ISO image,
>ÂÂÂwritten by Giorgio Maone, the author of NoScript.
>
>2. The inclusion of Tails Installer directly in Ubuntu (and Debian
>ÂÂÂreally soon), to avoid burning a DVD, using two USB sticks, or going
>ÂÂÂthrough the command line.
>
>3. New instructions on the website to present the process
>ÂÂÂstep-by-step, according to your operating systems, skills, and
>ÂÂÂavailable hardware.
>
>We would love to have many diverse people test it and tell us what
>they think. For example, if you tried to install or verify Tails in
>the past but failed, your feedback will be much appreciated!
>
>It would be most helpful to point out:
>
>ÂÂ- Technical problems. If you think that something technical failed
>ÂÂÂÂduring the process, try to describe in details what you were
>ÂÂÂÂtrying to do and how it failed.
>ÂÂ- Usability problems. If you fail to understand something, point us
>ÂÂÂÂto the part that is unclear; if you get a result different from
>ÂÂÂÂwhat you expected, tell us what surprised you in a bad way.
>ÂÂÂÂPlease don't report problems that you think other people might
>ÂÂÂÂface, unless you are a usability expert
>ÂÂ- Victories. For example, tell us if you found this super cool or
>ÂÂÂÂif it helped you install Tails for the first time!
>
>/!\ We know this beta version is not perfect. We still have many
>ÂÂÂÂdetails to improve but we wanted to give you all an opportunity to
>ÂÂÂÂtry it out before it replaces the current documentation on the
>ÂÂÂÂwebsite.
>
>If you're ready to give it a try, visit:
>
>ÂÂÂÂ https://tails.boum.org/install/
>
>Please send your feedback to tails-testers@xxxxxxxxx
>
>
>
>------------------------------
>
>Message: 2
>Date: Thu, 24 Dec 2015 03:08:02 +0000
>From: Akater < nuclearspace@xxxxxxxxx >
>To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
>Subject: [tor-talk] A curious email from Twitter mentioning Tor
>Project
>Message-ID: < 567B6192.7080709@xxxxxxxxx >
>Content-Type: text/plain; charset="utf-8"
>
>Note: I'm using Tor for Twitter for some time; however it is not (and
>has never been) a particularly rock solid anonymity solution for me. I'm
>mostly doing it for research: how an average Tor user, or a
>privacy-seeking user in general, is welcomed these days. I've had some
>issues with Twitter access recently. My post on this, as well as other
>related threads on tor-talk, are linked below. [1--4]
>
>Given all this, the following email (Received 2015-12-11 from
>info@xxxxxxxxxxx) is somewhat curious:
>
>> Dear @akater,
>
>> As a precaution, we are alerting you that your Twitter account is one
>> of a small group of accounts that may have been targeted by state-
>> sponsored actors. We believe that these actors (possibly associated
>> with a government) may have been trying to obtain information such as
>> email addresses, IP addresses, and/or phone numbers.
>
>> At this time, we have no evidence they obtained your account
>> information, but we?re actively investigating this matter. We wish we
>> had more we could share, but we don?t have any additional information
>> we can provide at this time.
>
>> It?s possible your account may not have been an intended target
>> of the suspected activity, but we wanted to alert you as soon as
>> possible. We recognize that this may be of particular concern
>> if you choose to Tweet using a pseudonym. For tips on protecting
>> your identity online, you may want to visit the "Tor Project
>> ( https://www.torproject.org/ )" or EFF?s "Protecting Yourself on
>> Social Networks"
>> ( https://ssd.eff.org/en/module/protecting-yourself-social-networks ).
>
>I've got nothing to comment on actually. Posting this just for the record.
>
>Tor+Twitter related links (archive.seul.org; if there's a better source
>feel free to notify me in private), in reverse chronological order:
>
>[1] Re: [tor-talk] twitter tor block redux
>http://archives.seul.org/tor/talk/Dec-2015/msg00001.html
>[2] [tor-talk] twitter tor block redux
>http://archives.seul.org/tor/talk/Nov-2015/msg00117.html
>[3] [tor-talk] A little more hostility towards Tor from Twitter
>http://archives.seul.org/tor/talk/Oct-2015/msg00189.html
>[4] [tor-talk] tor + twitter issues
>http://archives.seul.org/tor/talk/Sep-2015/msg00054.html
>
>
>
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: signature.asc
>Type: application/pgp-signature
>Size: 801 bytes
>Desc: OpenPGP digital signature
>URL: < http://lists.torproject.org/pipermail/tor-talk/attachments/20151224/1d6fa233/attachment-0001.sig >
>
>------------------------------
>
>Message: 3
>Date: Thu, 24 Dec 2015 03:40:43 +0000
>From: " ncl@xxxxxxx " < ncl@xxxxxxx >
>To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
>Subject: Re: [tor-talk] A curious email from Twitter mentioning Tor
>Project
>Message-ID: < 567B693B.6080503@xxxxxxx >
>Content-Type: text/plain; charset=utf-8
>
>Akater:
>> Note: I'm using Tor for Twitter for some time
>
>I have been as well, and I've also received that notice from twitter.
>I don't think I'm a particularly suspicious or special person to any
>government, should we pass this off as a false alarm triggered by using
>tor to twitter, or is there a really poor system out there trying to get
>at people's accounts for the crime of association with people/projects
>of interest?
>
>An odd coincidence too: my e-mail host had its drives confiscated by
>authorities[1] about a week after twitter noticed me, but that is almost
>certainly nothing to do with me.[2]
>
>[1]
>http://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-server-seized-by-german-authorities-admin-announces/
>[2]
>https://motherboard.vice.com/read/the-story-of-cockli-the-site-used-to-shut-down-the-la-school-district
>
>
>
>------------------------------
>
>Message: 4
>Date: Thu, 24 Dec 2015 11:53:23 +0100
>From: Jens Kubieziel < maillist@xxxxxxxxxxxx >
>To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
>Subject: Re: [tor-talk] A curious email from Twitter mentioning Tor
>Project
>Message-ID: < 20151224105323.GN28031@xxxxxxxxxxxx >
>Content-Type: text/plain; charset="us-ascii"
>
>* Akater schrieb am 2015-12-24 um 04:08 Uhr:
>> Given all this, the following email (Received 2015-12-11 from
>> info@xxxxxxxxxxx) is somewhat curious:
>
>Thanks for mentioning it. There were several users who received this
>mail, see
><URL:https://twitter.com/qbi/lists/statesponsoredattack2015/members>.
>This link is a Twitter list where I collect all people who mentioned
>that they received this mail.
>
>Currently it is quite unclear what the reason for this mail is. Twitter
>has confirmed that they sent it. Some people assumed that it has
>something to do with Tor, but I found several others who never used Tor
>with Twitter.
>
>-- 
>Jens Kubieziel  http://www.kubieziel.de
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: signature.asc
>Type: application/pgp-signature
>Size: 836 bytes
>Desc: Digital signature
>URL: < http://lists.torproject.org/pipermail/tor-talk/attachments/20151224/a3a6157f/attachment-0001.sig >
>
>------------------------------
>
>Message: 5
>Date: Thu, 24 Dec 2015 11:32:00 +0000
>From: kytv < kytv@xxxxxxxxxx >
>To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
>Subject: Re: [tor-talk] A curious email from Twitter mentioning Tor
>Project
>Message-ID: < 20151224113200.GA7083@xxxxxxxxxx >
>Content-Type: text/plain; charset="us-ascii"
>
>On Thu, Dec 24, 2015 at 11:53:23AM +0100, Jens Kubieziel wrote:
>
>[..]
>
>> Currently it is quite unclear what the reason for this mail is. Twitter
>> has confirmed that they sent it. Some people assumed that it has
>> something to do with Tor, but I found several others who never used Tor
>> with Twitter.
>
>Indeed. When I received the email I assumed it was due to using Tor with
>Twitter since that seemed to me to be the most likely reason. That, or
>some detection algorithm used by TWitter was touchier than it should
>have been, causing it to trigger when it shouldn't have.
>
>After a couple of weeks (and finding no more than 46 confirmed "Persons
>of Interest (by 'State Actors')", I'm at a loss as to why we received
>it. Looking at the list members and our posts, nothing stands out as
>being noteworthy.
>-------------- next part --------------
>A non-text attachment was scrubbed...
>Name: signature.asc
>Type: application/pgp-signature
>Size: 801 bytes
>Desc: not available
>URL: < http://lists.torproject.org/pipermail/tor-talk/attachments/20151224/9e9f798f/attachment-0001.sig >
>
>------------------------------
>
>Message: 6
>Date: Thu, 24 Dec 2015 21:41:12 +1000
>From: Katya Titov < kattitov@xxxxxxxxxx >
>To:  tor-talk@xxxxxxxxxxxxxxxxxxxx
>Subject: Re: [tor-talk] torpoxy support for forced https
>Message-ID: < 20151224214112.18368519@xxxxxxxxxxxxxxxxxxxxx >
>Content-Type: text/plain; charset=US-ASCII
>
>> I suggest torproxy could generate a random CA certificate when its
>> installed and transparently convert all http to https, generating the
>> required SSL certificates on-the-fly and signing them with the random
>> CA certificate.  The user would then have to add the random CA
>> certificate to their browser, or better yet, this could somehow be
>> automated for the Tor Browser.  One open question with this scheme is
>> whether torproxy would also need to rewrite html content to change
>> http urls to https.
>
>This is similar to a method which oppressive governments use to monitor
>their users. Not something that Tor should be involved in.
>
>> Alternately, the Tor Project could ask Mozilla and other browsers
>> developers to add a switch for "treat .onion as secure".  Or maybe it
>> could be "treat .onion as secure but only if certain conditions hold,
>> such as the proxy is running on the localhost and a to-be-determined
>> status query of the proxy succeeds".
>
>.onion sites already are secure. I think what you are looking for is a
>way to to signal to the user that HTTPS is not required for .onion
>sites. I'd lean towards just using HTTPS because that means there is no
>further education to be performed. Let's Encrypt could help here.
>-- 
>kat
>
>
>------------------------------
>
>Subject: Digest Footer
>
>_______________________________________________
>tor-talk mailing list
>tor-talk@xxxxxxxxxxxxxxxxxxxx
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
>------------------------------
>
>End of tor-talk Digest, Vol 59, Issue 25
>****************************************
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk