[tor-talk] tor-talk Digest, Vol 42, Issue 79
Marcos Eugenio Kehl
marcoskehl at hotmail.com
Thu Jul 24 12:36:50 UTC 2014
From: tor-talk-request at lists.torproject.org
Subject: tor-talk Digest, Vol 42, Issue 79
To: tor-talk at lists.torproject.org
Date: Wed, 23 Jul 2014 06:24:31 +0000
Send tor-talk mailing list submissions to
tor-talk at lists.torproject.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
or, via email, send a message with subject or body 'help' to
tor-talk-request at lists.torproject.org
You can reach the person managing the list at
tor-talk-owner at lists.torproject.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-talk digest..."
--Anexo de Mensagem Encaminhado--
From: delton.barnes at mail.ru
To: tor-talk at lists.torproject.org
Date: Tue, 22 Jul 2014 12:38:34 +0000
Subject: [tor-talk] Tor Browser usability - frequent broken connections
Hello,
I use Tor Browser for all web browsing as many of you probably do. A
frequent problem is you will be logged in to various sites and then the
connection will break. For instance, attempting to make any request
gives "Firefox could not establish a connection to the server at ...".
Changing identities will always rectify the problem, but doing so via
the onion button causes all open windows and tabs to be closed, which
means you have to log back in and then get back to whatever page you
were on. This is especially troublesome if you were filling out a form
or completing a multi-step process in a web application.
Is there a way to change identities or just circuits without closing
everything and without using an external application? I understand the
browser is closed and re-opened when you request a new identity to
prevent your identity from being associated with your prior identity,
but sometimes you do not need a new identity and just want to fix the
connection.
I do not think this a problem specific to me because it occurs on
multiple devices on multiple networks.
Thanks,
Delton
--Anexo de Mensagem Encaminhado--
From: delton.barnes at mail.ru
To: tor-talk at lists.torproject.org
Date: Tue, 22 Jul 2014 12:45:12 +0000
Subject: Re: [tor-talk] Tor Browser usability - frequent broken connections
Delton Barnes:
> I use Tor Browser for all web browsing as many of you probably do. A
> frequent problem is you will be logged in to various sites and then the
> connection will break. For instance, attempting to make any request
> gives "Firefox could not establish a connection to the server at ...".
> Changing identities will always rectify the problem, but doing so via
> the onion button causes all open windows and tabs to be closed, which
> means you have to log back in and then get back to whatever page you
> were on. This is especially troublesome if you were filling out a form
> or completing a multi-step process in a web application.
>
> Is there a way to change identities or just circuits without closing
> everything and without using an external application? I understand the
> browser is closed and re-opened when you request a new identity to
> prevent your identity from being associated with your prior identity,
> but sometimes you do not need a new identity and just want to fix the
> connection.
>
> I do not think this a problem specific to me because it occurs on
> multiple devices on multiple networks.
The FAQ answers my question:
https://www.torproject.org/docs/faq#NewIdentityClosingTabs
This ticket is for exactly the feature I'm seeking:
https://trac.torproject.org/projects/tor/ticket/9442
It's flagged tbb-easy, so maybe I'll try to implement.
Delton
--Anexo de Mensagem Encaminhado--
From: scott at arciszewski.me
To: tor-talk at lists.torproject.org
Date: Tue, 22 Jul 2014 11:32:31 -0400
Subject: [tor-talk] Fwd: Tor and tlk.io
> Somebody told me of tlk.io. I have joined. I closed the window and when
> I was back I already had all settings as last time. I cleared the
> cookies and went back. I was like logged in, without ever logging in. I
> closed the window, cleaned up everything the delete all data can remove
> and 15 minutes after I reentered. I was still registered. New identity
> had no effect either. I had to close down Tor and start it again to lose
> the whatever that keeps identifying me.
>
> What is this? How do they do it? Are there other sites like that?
I'm using the latest version of the Tor Browser Bundle. It gives me this
prompt: http://imgur.com/ZGqzK4Z
http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block
^- possibly related
Hello Scott and tor talkers!
I would like to kwow your opinion about this adblocker Chamaleon. It is usefull to improve our surface web privacy?
https://github.com/ghostwords/chameleon
Marcos Kehl (Brazil)
--Anexo de Mensagem Encaminhado--
From: joebtfsplk at gmx.com
To: tor-talk at lists.torproject.org
Date: Tue, 22 Jul 2014 11:14:02 -0500
Subject: Re: [tor-talk] Carnegie Mellon Kills Black Hat Talk About Identifying Tor Users -- Perhaps Because It Broke Wiretapping Laws
On 7/22/2014 3:30 AM, Eugen Leitl wrote:
> https://www.techdirt.com/articles/20140721/11362227955/carnegie-mellon-kills-black-hat-talk-about-identifying-tor-users.shtml
>
> Carnegie Mellon Kills Black Hat Talk About Identifying Tor Users -- Perhaps
> Because It Broke Wiretapping Laws
>
> from the questionable-legality dept
>
> There's some buzz in security circles today after it came out that a session
> at the upcoming Black Hat Conference entitled "You Don't Have to be the NSA
> to Break Tor: Deanonymizing Users on a Budget" by Michael McCord and
> Alexander Volynkin (both of whom work for Carnegie-Mellon University and
> CERT) had been pulled from the conference at the request of CMU.
>
> A Black Hat spokeswoman told Reuters that the talk had been canceled at the
> request of lawyers for Carnegie-Mellon University, where the speakers work as
> researchers. A CMU spokesman had no immediate comment.
Wiretapping? Please. Web sites (that want to) & their 3rd party
associates (trackers) track users from one end to the other.
More speculation. A good question is, *who requested* that the Carnegie
Mellon *lawyers* make a request to Black Hat to cancel the talk on
identifying Tor users?
We must ask, did Carnegie Mellon really think Tor Project would sue
them? Hardly.
Did they think the gov't would sue them on behalf of Tor Project? No.
Which entities would have the most to lose if this Tor weakness was exposed?
Which entities are most interested in cracking Tor?
That possibly resulted in certain people stopping their Tor use and / or
the weakness being patched, so possibly not as much valuable user info
was available?
The Disney Co? EFF.org? Amazon? No, not likely.
In any good investigation, detectives follow motive & money. *IF*... the
gov't is or could be involved in something (/not saying they are here,
but could be/), then the "means" is *almost always* there, if it's
important enough. As we saw from Snowden's documents the incredible,
unbelievable things they were able to do (at incredible expense & manpower).
Whether the gov't was involved in the talk being cancelled *aside*, we
can't forget that the programs detailed in Snowden's document, have NOT
stopped, or even slowed down.
Yes, officials appeared before Congress (more than once).
Yes, they were caught in bald faced lies (perjury?).
*No, nothing was done* / no action taken by anyone, to reign in or slow
down these programs (which literally cost a fortune in taxpayers' money).
--Anexo de Mensagem Encaminhado--
From: isis at torproject.org
To: tor-talk at lists.torproject.org
Date: Wed, 23 Jul 2014 02:29:08 +0000
Subject: Re: [tor-talk] Fwd: Tor and tlk.io
Scott Arciszewski transcribed 0.9K bytes:
> > Somebody told me of tlk.io. I have joined. I closed the window and when
> > I was back I already had all settings as last time. I cleared the
> > cookies and went back. I was like logged in, without ever logging in. I
> > closed the window, cleaned up everything the delete all data can remove
> > and 15 minutes after I reentered. I was still registered. New identity
> > had no effect either. I had to close down Tor and start it again to lose
> > the whatever that keeps identifying me.
> >
> > What is this? How do they do it? Are there other sites like that?
Many sites use HTML5 canvas fingerprinting. Visiting either
https://github.com/isislovecruft or https://pad.riseup.net/p/Lb57JrCmVzBt
should trigger that little dialogue about "accessing the canvas" in TorBrowser
too.
> I'm using the latest version of the Tor Browser Bundle. It gives me this
> prompt: http://imgur.com/ZGqzK4Z
Can I ask you a question? When this dialogue (the http://imgur.com/ZGqzK4Z
one) comes up, what do you usually do? Do you click the "Allow in the Future"
button? Or click the little "X" in the corner? Or something else?
> http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block
> ^- possibly related
TorBrowser is patched to block attempts by websites to access HTML5 canvases,
since there isn't much legitimate purpose for a site to do this, other than to
track you as that article you linked points out.
However, if you've already clicked the "Allow in the Future" button on the
little dialogue that comes down from the URL bar when a site attempts to do
this, there isn't currently an easy way to revoke the permission you gave. [0]
Additionally, there appears to be an issue in nsIPermissionManager (used by
TorButton when "New Identity" is clicked), because the permissions currently
aren't being cleared properly. [1]
For now, my best advice is to be very careful allowing any site to access
HTML5 canvases until we make it easier to revoke the permission. (In other
words, click the little "X" next time. :) )
[0]: https://bugs.torproject.org/12682
[1]: https://bugs.torproject.org/12683
--
♥Ⓐ isis agora lovecruft
_________________________________________________________
GPG: 4096R/A3ADB67A2CDB8B35
Current Keys: https://blog.patternsinthevoid.net/isis.txt
--Anexo de Mensagem Encaminhado--
From: scott at arciszewski.me
To: tor-talk at lists.torproject.org
Date: Tue, 22 Jul 2014 22:44:25 -0400
Subject: Re: [tor-talk] Fwd: Tor and tlk.io
Any time an option comes up that I don't want to think about, I immediately
deny it. Better safe than sorry.
On Tue, Jul 22, 2014 at 10:29 PM, isis <isis at torproject.org> wrote:
> Scott Arciszewski transcribed 0.9K bytes:
> > > Somebody told me of tlk.io. I have joined. I closed the window and
> when
> > > I was back I already had all settings as last time. I cleared the
> > > cookies and went back. I was like logged in, without ever logging in. I
> > > closed the window, cleaned up everything the delete all data can remove
> > > and 15 minutes after I reentered. I was still registered. New identity
> > > had no effect either. I had to close down Tor and start it again to
> lose
> > > the whatever that keeps identifying me.
> > >
> > > What is this? How do they do it? Are there other sites like that?
>
> Many sites use HTML5 canvas fingerprinting. Visiting either
> https://github.com/isislovecruft or https://pad.riseup.net/p/Lb57JrCmVzBt
> should trigger that little dialogue about "accessing the canvas" in
> TorBrowser
> too.
>
> > I'm using the latest version of the Tor Browser Bundle. It gives me this
> > prompt: http://imgur.com/ZGqzK4Z
>
> Can I ask you a question? When this dialogue (the http://imgur.com/ZGqzK4Z
> one) comes up, what do you usually do? Do you click the "Allow in the
> Future"
> button? Or click the little "X" in the corner? Or something else?
>
> >
> http://www.propublica.org/article/meet-the-online-tracking-device-that-is-virtually-impossible-to-block
> > ^- possibly related
>
> TorBrowser is patched to block attempts by websites to access HTML5
> canvases,
> since there isn't much legitimate purpose for a site to do this, other
> than to
> track you as that article you linked points out.
>
> However, if you've already clicked the "Allow in the Future" button on the
> little dialogue that comes down from the URL bar when a site attempts to do
> this, there isn't currently an easy way to revoke the permission you gave.
> [0]
> Additionally, there appears to be an issue in nsIPermissionManager (used by
> TorButton when "New Identity" is clicked), because the permissions
> currently
> aren't being cleared properly. [1]
>
> For now, my best advice is to be very careful allowing any site to access
> HTML5 canvases until we make it easier to revoke the permission. (In other
> words, click the little "X" next time. :) )
>
> [0]: https://bugs.torproject.org/12682
> [1]: https://bugs.torproject.org/12683
>
> --
> ♥Ⓐ isis agora lovecruft
> _________________________________________________________
> GPG: 4096R/A3ADB67A2CDB8B35
> Current Keys: https://blog.patternsinthevoid.net/isis.txt
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
--Anexo de Mensagem Encaminhado--
From: griffin at cryptolab.net
To: tor-talk at lists.torproject.org
Date: Wed, 23 Jul 2014 02:24:25 -0400
Subject: Re: [tor-talk] I can't use tor in state university's campus network...
ttzeqq wrote:
>>> > I am in US.What can I do?
The easiest way to bypass such a restriction is to select Configure
when launching TorBrowser, select No when asked if you need to use a
proxy, then select Yes when asked if the firewall only allows access to
certain ports. Here are some screenshots to help:
http://imgur.com/a/gjKYP
> Patrick <apexcp at gmail.com> wrote:
>> Do a lot of universities block Tor?
This is usually a result of them restricting ports to 80 & 443 -- not
actually trying to block Tor. Amusingly, this was also the case when I
was doing a demo at the Tails launch party. Local network blocked all
ports but 443 and 80. Awkward.
best,
Griffin
More information about the tor-talk
mailing list