[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] I need help if figuring out how to access and use your site



I am receiving your emails but simply cannot figure out how to access the content. I dont get any links I can access by clicking on them and cannot view what is written on the subject matters shown. If you cannot help me figure out how to use your emailed product then PLEASE immediately remove me from your email list and quit sending me emails that to me are useless.
Dennis Math
Casey Math

> From: tor-talk-request@xxxxxxxxxxxxxxxxxxxx
> Subject: tor-talk Digest, Vol 56, Issue 48
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Date: Tue, 29 Sep 2015 15:44:48 +0000
> 
> Send tor-talk mailing list submissions to
> 	tor-talk@xxxxxxxxxxxxxxxxxxxx
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> or, via email, send a message with subject or body 'help' to
> 	tor-talk-request@xxxxxxxxxxxxxxxxxxxx
> 
> You can reach the person managing the list at
> 	tor-talk-owner@xxxxxxxxxxxxxxxxxxxx
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of tor-talk digest..."
> 
> 
> Today's Topics:
> 
>    1. Re: Please help us... (Olaf Selke)
>    2. Re: Please help us... (aka)
>    3. New methods / research to detect add-ons? (pacifica@xxxxxxxxxx)
>    4. Re: pidgin and tor (kn@xxxxxxxxx)
>    5. Re: New methods / research to detect add-ons? (aka)
>    6. Re: pidgin and tor (aka)
>    7. Re: New methods / research to detect add-ons?
>       (pacifica@xxxxxxxxxx)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Tue, 29 Sep 2015 14:25:13 +0200
> From: Olaf Selke <olaf.selke@xxxxxxxxxxxx>
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] Please help us...
> Message-ID: <560A8329.60108@xxxxxxxxxxxx>
> Content-Type: text/plain; charset=windows-1252; format=flowed
> 
> Am 28.09.2015 um 12:08 schrieb Mr Claypole:
> 
> >
> > They use many, many more ips to post the abuse, this is just a small selection.
> >
> >
> > I have sent similar emails to the 'abuse' email address I have been able to find for these ip networks, will they be able to help us?
> >
> >
> > I don't fully understand how your system for anonymity works, however I do understand why such a system is needed, there are many regions and people in the work who need anonymous access to communication.
> >
> >
> > However, our current problem individual is using your services to perpetrate the very oppressive, abusive behaviour that your system is designed to help fight. Please let me know if there is anything you can do.
> 
> a list of all currently active Tor exit node ip addresses can be 
> downloaded from
> 
> https://torstatus.blutmagie.de/ip_list_exit.php/Tor_ip_list_EXIT.csv
> 
> It's updated every 15 minutes or so.
> 
> cheers Olaf
> 
> 
> ------------------------------
> 
> Message: 2
> Date: Tue, 29 Sep 2015 15:47:29 +0200
> From: aka <akademiker1@xxxxxxxxxxxxxx>
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] Please help us...
> Message-ID: <560A9671.2030206@xxxxxxxxx>
> Content-Type: text/plain; charset=windows-1252
> 
> Configure your message board software so all posts from Tor exit nodes
> IPs need to be moderator approved. It takes seconds per post for a mod
> to check and minutes for a malicious individual to post.
> If your message board software doesn't support this, just block all Tor
> exit nodes IPs for a week or so until the malicious individual gets bored.
> 
> If you have access to the .htaccess file:
> http://www.reaper-x.com/2012/05/15/how-to-block-tor-on-apache-and-nginx/
> 
> Mr Claypole:
> > Hello,
> > 
> > 
> > I am an Admin for a message board in the UK. We have a non-registration policy to allow free and open discussion about matters related to our football club, it has served us well in the past to keep the club in business and helps maintain transparency.
> > 
> > 
> > Our admin roles call for us to periodically remove posts or ban user ips if they have broken our message board rules (not that we have many).
> > 
> > 
> > That is all we can do - remove posts and ban ip ranges.
> > 
> > 
> > This all normally works OK, however we have a recent particularly nasty individual that is constantly posting vile, racist, violent messages. The person is constantly changing ip and repeatedly posting material that is highly offensive and illegal.
> > 
> > 
> > If you want an example of these abusive messages let me know, they usually contain descriptions of torture or death for particular ethnic or religious groups, it is exceedingly strange and nasty. We have no idea why they are targeting our football club message board.
> > 
> > 
> > They are using tor services to generate their multiple ips. Recent exit nodes ips (is that the right terminology?) used on the 27/09/2015 have included:
> > 
> > 
> > 194.150.168.95
> > 192.99.154.24
> > 85.10.210.199
> > 
> > 92.222.113.177
> > 
> > 178.20.55.18
> > 
> > 
> > They use many, many more ips to post the abuse, this is just a small selection.
> > 
> > 
> > I have sent similar emails to the 'abuse' email address I have been able to find for these ip networks, will they be able to help us?
> > 
> > 
> > I don't fully understand how your system for anonymity works, however I do understand why such a system is needed, there are many regions and people in the work who need anonymous access to communication.
> > 
> > 
> > However, our current problem individual is using your services to perpetrate the very oppressive, abusive behaviour that your system is designed to help fight. Please let me know if there is anything you can do.
> > 
> > 
> > Thank you,
> > 
> > 
> > Colin.
> > 
> 
> 
> ------------------------------
> 
> Message: 3
> Date: Tue, 29 Sep 2015 14:57:58 +0000
> From: pacifica@xxxxxxxxxx
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: [tor-talk] New methods / research to detect add-ons?
> Message-ID: <7757388edf9790a0fad5afca48569b52@xxxxxxxxxx>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
> 
> Hello afternoon / evening / morning tor-talk -- I am hoping that someone 
> can point me in the right direction. I know it is well-discussed that 
> adding Firefox add-ons to the Tor Browser Bundle decreases anonymity, 
> but I would like to review the studies myself. I'm having trouble 
> finding credible research where detection of add-ons has resulting in a 
> significant decrease in anonymity... can someone please point me to 
> those resources?
> 
> To be explicit, I am not concerned with "plug-ins" like Java or Flash, 
> but rather "add-ons" like HTTPS everywhere or Privacy Badger.
> 
> Thanks in advance.
> 
> pacifica
> 
> 
> ------------------------------
> 
> Message: 4
> Date: Tue, 29 Sep 2015 17:06:54 +0200 (CEST)
> From: kn@xxxxxxxxx
> To: tor-talk <tor-talk@xxxxxxxxxxxxxxxxxxxx>
> Subject: Re: [tor-talk] pidgin and tor
> Message-ID:
> 	<829658081.4249.1443539214512.JavaMail.open-xchange@ox1app>
> Content-Type: text/plain; charset=UTF-8
> 
> Hi,
> 
> > Is it safe to use pidgin over tor?
> 
> You have to compile Pidgin by self without "libjingle", because the
> Interactive Connectivity Establishment (ICE) of "libjingle" will breakout
> the proxy in case of a audio or video call. 
> 
> A small tutorial to compile a Tor-save Pidgin for Linux (only in German):
> https://www.privacy-handbuch.de/handbuch_24s.htm
> 
> Best regards
> Karsten
> 
> 
> ------------------------------
> 
> Message: 5
> Date: Tue, 29 Sep 2015 17:14:17 +0200
> From: aka <akademiker1@xxxxxxxxxxxxxx>
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] New methods / research to detect add-ons?
> Message-ID: <560AAAC9.4020001@xxxxxxxxx>
> Content-Type: text/plain; charset=windows-1252
> 
> Every add-on installed/not installed gives you one more bit of detection.
> For example to detect HTTPS-Everywhere you start a http connection via
> javascript and check if it gets automaticly upgraded to https. To detect
> Adblock you check via javascript if a certain ad got loaded. To detect
> Scriptblock you check if javascript got executed at all.The three
> examples above give you 3 more bits, so your detection got 8 times more
> targeted.
> If the NSA now records you visiting an internet forum via TBB and
> leaking something and detect another visitor with the same 3 bits set
> looking for a train scheduele, they can verify with a high confidence
> you posted that message and live in that area.
> That's why it's important that every TBB installation has the same
> Http-Header values and same add-ons.
> You don't need any studies, it's simple common knowledge.
> 
> pacifica@xxxxxxxxxx wrote:
> > Hello afternoon / evening / morning tor-talk -- I am hoping that someone
> > can point me in the right direction. I know it is well-discussed that
> > adding Firefox add-ons to the Tor Browser Bundle decreases anonymity,
> > but I would like to review the studies myself. I'm having trouble
> > finding credible research where detection of add-ons has resulting in a
> > significant decrease in anonymity... can someone please point me to
> > those resources?
> > 
> > To be explicit, I am not concerned with "plug-ins" like Java or Flash,
> > but rather "add-ons" like HTTPS everywhere or Privacy Badger.
> > 
> > Thanks in advance.
> > 
> > pacifica
> 
> 
> ------------------------------
> 
> Message: 6
> Date: Tue, 29 Sep 2015 17:18:51 +0200
> From: aka <akademiker1@xxxxxxxxxxxxxx>
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] pidgin and tor
> Message-ID: <560AABDB.2060006@xxxxxxxxx>
> Content-Type: text/plain; charset=windows-1252
> 
> Pidgin on Windows by default isn't compiled with libjingle support.
> 
> kn@xxxxxxxxx wrote:
> > Hi,
> > 
> >> Is it safe to use pidgin over tor?
> > 
> > You have to compile Pidgin by self without "libjingle", because the
> > Interactive Connectivity Establishment (ICE) of "libjingle" will breakout
> > the proxy in case of a audio or video call. 
> > 
> > A small tutorial to compile a Tor-save Pidgin for Linux (only in German):
> > https://www.privacy-handbuch.de/handbuch_24s.htm
> > 
> > Best regards
> > Karsten
> > 
> 
> 
> ------------------------------
> 
> Message: 7
> Date: Tue, 29 Sep 2015 15:44:44 +0000
> From: pacifica@xxxxxxxxxx
> To: tor-talk@xxxxxxxxxxxxxxxxxxxx
> Subject: Re: [tor-talk] New methods / research to detect add-ons?
> Message-ID: <e758ffe6cee4c5630084e7925ae0f65a@xxxxxxxxxx>
> Content-Type: text/plain; charset=US-ASCII; format=flowed
> 
> Thanks aka -- I'm familiar with the conventional wisdom that add-ons 
> make you more unique... but I am really looking for any formal study or 
> code PoC that perhaps identifies more direct methods of detecting 
> add-ons. Perhaps it's different for every add-on, and it probably is, 
> especially considering some add-ons may not be reviewed for 
> security/privacy at all. So some library would probably need to be 
> compiled and maintained to try to exhaustively detect all known add-ons, 
> similar to fingerprint.js.
> 
> The current logic (AFAIK) would be: if websiteA.com hasn't developed a 
> detection technique for Add-On-X, then it can't detect it. I suspect 
> add-ons could be detected more directly, but I have not seen any study 
> or code to support that yet.
> 
> To be clear, I'm not arguing that TBB's design logic is flawed here at 
> all -- I know it's not, and I can think of a _lot_ of reasons why, a 
> couple of which you listed. Anything that distinguishes you from "the 
> herd" is "bad" to the extent it doesn't catastrophically compromise your 
> security.
> 
> But I'm still looking for something a bit more formal in terms of 
> discussing a quantitative, or pseudo-quantitative impact on anonymity / 
> privacy by add-on detection either in code PoC or academic research...
> 
> Thank you for your reply. I completely agree with TP's position on 
> add-ons and often advocate for the same. Just playing devil's 
> advocate... :)
> 
> Thanks,
> 
> pacifica
> 
> 
> On 2015-09-29 15:14, aka wrote:
> > Every add-on installed/not installed gives you one more bit of 
> > detection.
> > For example to detect HTTPS-Everywhere you start a http connection via
> > javascript and check if it gets automaticly upgraded to https. To 
> > detect
> > Adblock you check via javascript if a certain ad got loaded. To detect
> > Scriptblock you check if javascript got executed at all.The three
> > examples above give you 3 more bits, so your detection got 8 times more
> > targeted.
> > If the NSA now records you visiting an internet forum via TBB and
> > leaking something and detect another visitor with the same 3 bits set
> > looking for a train scheduele, they can verify with a high confidence
> > you posted that message and live in that area.
> > That's why it's important that every TBB installation has the same
> > Http-Header values and same add-ons.
> > You don't need any studies, it's simple common knowledge.
> > 
> > pacifica@xxxxxxxxxx wrote:
> >> Hello afternoon / evening / morning tor-talk -- I am hoping that 
> >> someone
> >> can point me in the right direction. I know it is well-discussed that
> >> adding Firefox add-ons to the Tor Browser Bundle decreases anonymity,
> >> but I would like to review the studies myself. I'm having trouble
> >> finding credible research where detection of add-ons has resulting in 
> >> a
> >> significant decrease in anonymity... can someone please point me to
> >> those resources?
> >> 
> >> To be explicit, I am not concerned with "plug-ins" like Java or Flash,
> >> but rather "add-ons" like HTTPS everywhere or Privacy Badger.
> >> 
> >> Thanks in advance.
> >> 
> >> pacifica
> 
> 
> 
> ------------------------------
> 
> Subject: Digest Footer
> 
> _______________________________________________
> tor-talk mailing list
> tor-talk@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> 
> 
> ------------------------------
> 
> End of tor-talk Digest, Vol 56, Issue 48
> ****************************************
 		 	   		  
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk