[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Facebook brute forcing hidden services



On 10/31/2014 11:07 AM, Mike wrote:
> Here is an obvious question that I can't figure out.
> Why would you use a service that cares nothing about keeping your details
> secret?
> They'll give you up to the state faster than you can blink.
> 
> If you are in a country that blacklists facebook, (china) logging onto
> facebook should be the least of your concerns. TOR and facebook don't
> belong in the same sentence.

If I were using Facebook under those circumstances, I would use a
pseudonym. I wouldn't reveal anything sensitive, and I would avoid
interacting with anyone that I knew in meatspace. But then, the same
applies to any public forum, including this mail list ;)

> Honestly if I was running an exit node still. I'd just add facebook to
> nullroute right now.
> 
> On Fri, Oct 31, 2014 at 12:52 PM, AntiTree <antitree@xxxxxxxxx> wrote:
> 
>> It appears that someone has been issued a facebookcorewwwi.onion cert
>> from another CA as .onion has no way of verifying a collision.
>> https://news.ycombinator.com/item?id=8538527
>>
>> On Fri, Oct 31, 2014 at 12:12 PM, Andreas Krey <a.krey@xxxxxx> wrote:
>>> On Fri, 31 Oct 2014 16:49:38 +0000, AFO-Admin wrote:
>>> ...
>>>> Hi,
>>>> i really think that this is a good thing, because i think this hidden
>>>> service will get a lot attention in countries where Facebook is
>>>> blocked.
>>>
>>> In blocking countries you'll use Tor whether you to the .com
>>> or the .onion domain. The way around the block is tor, not the
>>> hidden service.
>>>
>>> The hidden service add a protection layer to the traffic from
>>> the tor network to facebook, but they are using SSL anyway.
>>>
>>> And it remains to be seen what they do with static assets
>>> that are loaded from different domains - but actually it wouldn't
>>> matter when those are not going through the hidden service.
>>>
>>> Andreas
>>>
>>> --
>>> "Totally trivial. Famous last words."
>>> From: Linus Torvalds <torvalds@*.org>
>>> Date: Fri, 22 Jan 2010 07:29:21 -0800
>>> --
>>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> --
>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk