[tor-talk] tor-talk Digest, Vol 58, Issue 22

Marcos Eugenio Kehl marcoskehl at hotmail.com
Thu Nov 12 17:12:32 UTC 2015



From: tor-talk-request at lists.torproject.org
Subject: tor-talk Digest, Vol 58, Issue 22
To: tor-talk at lists.torproject.org
Date: Thu, 12 Nov 2015 12:00:02 +0000

Send tor-talk mailing list submissions to
	tor-talk at lists.torproject.org
 
To subscribe or unsubscribe via the World Wide Web, visit
	https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
or, via email, send a message with subject or body 'help' to
	tor-talk-request at lists.torproject.org
 
You can reach the person managing the list at
	tor-talk-owner at lists.torproject.org
 
When replying, please edit your Subject line so it is more specific
than "Re: Contents of tor-talk digest..."


--Anexo de Mensagem Encaminhado--
From: soulplane11 at gmail.com
To: tor-talk at lists.torproject.org
Date: Thu, 12 Nov 2015 01:25:07 -0500
Subject: [tor-talk] Did the FBI Pay a University to Attack Tor Users?

There's an interesting article on the Tor Project's blog today that asks
that.
https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
 
Is this a problem that can't be stopped, these relays that may join the
network in an effort to de-anonymize users? Can anyone still flood the
network with tons of relays? Though the relays that were identified were
removed wouldn't someone persistent just learn from that and differentiate
more?
 


--Anexo de Mensagem Encaminhado--
From: anthony at cajuntechie.org
To: Tor-talk at lists.torproject.org
Date: Thu, 12 Nov 2015 02:26:27 -0600
Subject: [tor-talk] Security of running Tor on a Linux VM on a Windows host

Hello, 
 
A friend is hell bent on running Tor on a Linux VM hosted on Windows 8. this doesn't seem like the best idea to me but I thought I'd ask the experts.  What are the security implications of doing so? Are there any mitigations that can make things more secure? Any 'gotchas'? For what it's worth,  the have chosen to use VirtualBox over VMware. 
 
Thanks, 
Anthony Papillion 
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


--Anexo de Mensagem Encaminhado--
From: moritz at torservers.net
To: tor-talk at lists.torproject.org
Date: Thu, 12 Nov 2015 10:16:13 +0100
Subject: Re: [tor-talk] Onionmap, a free software worldmap of Tor relays

Hi,
 
On 11/12/2015 03:49 AM, Virgil Griffith wrote:
> Im not sure how one proposes this, but could we get a code review on
> OnionMap and then move it to
> 
> https://map.torproject.org ?
 
I am not an authoritative source, but these are my thoughts around it
without speaking to anyone about it:
 
The difficulty with moving stuff to *.torproject.org is that nowadays,
with a lot of expectations of different groups and users towards the
project, you can't (don't want to) simply put things there that are not
'guaranteed to be maintained', at least in more degree than "this was
written by someone who appears to be fairly new to the community". It's
hard to find reliable maintainers for these type of things (we're
talking years or a decade), and it may be better to not have things than
to have things that people expect to be there and then they suddenly
break and nobody notices except your visitors and the only thing you can
do in response it shut it down.
 
I'd be more than happy to host it on torservers.net, it's a relay
related thing anyway! Opi, what do you think about
relaymap.torservers.net? I have created a CNAME record now that points
to your Github.
 
-- 
Moritz Bartl
https://www.torservers.net/
 


--Anexo de Mensagem Encaminhado--
From: mirimir at riseup.net
To: tor-talk at lists.torproject.org
Date: Thu, 12 Nov 2015 02:28:52 -0700
Subject: Re: [tor-talk] Security of running Tor on a Linux VM on a Windows host

On 11/12/2015 01:26 AM, Anthony Papillion wrote:
> Hello, 
> 
> A friend is hell bent on running Tor on a Linux VM hosted on Windows 8. this doesn't seem like the best idea to me but I thought I'd ask the experts.  What are the security implications of doing so? Are there any mitigations that can make things more secure? Any 'gotchas'? For what it's worth,  the have chosen to use VirtualBox over VMware. 
> 
> Thanks, 
> Anthony Papillion 
 
Tell them to just use Whonix :)
 

Hi!
With you want to use Tor in Linux, also 
you can try Tails (with Persistence enabled).


--Anexo de Mensagem Encaminhado--
From: coderman at gmail.com
To: soulplane11 at gmail.com; tor-talk at lists.torproject.org
Date: Thu, 12 Nov 2015 02:24:36 -0800
Subject: Re: [tor-talk] Did the FBI Pay a University to Attack Tor Users?

On 11/11/15, Soul Plane <soulplane11 at gmail.com> wrote:
> ...
> Is this a problem that can't be stopped, these relays that may join the
> network in an effort to de-anonymize users?
 
conflating issues; let's pick apart,
 
can you stop evil relays from ever participating?
 No. however the design of Tor takes this into account through guard
selection, circuit building, consensus decisions, see
https://ritter.vg/p/tor-vlatest.pdf
 
can you stop enough evil relays from routinely be selected in circuits
such that correlation like this is impossible?
 Probably! this is where better relay checking techniques (beyond the
usual exit checks) could help. Note that troubleshooting for tor-relay
community would be advantaged by more robust checks as well.
 
can you stop evil relays from using 0day attacks against users?
 No; 0day has, does, and will continue to happen. this is why defense
in depth is important - you don't know if you might one day fall into
a window of vulnerability to the wrong attacker and end up without
Tor's privacy protections.
 
 
 
> Can anyone still flood the
> network with tons of relays?
 
yes, and this is annoying.
 see LizardSquad attempted Tor DoS.
 
this kind of crap sybil does not affect the anonymity of clients however!
 
 
 
> Though the relays that were identified were
> removed wouldn't someone persistent just learn from that and differentiate
> more?
 
this is the challenge. when an attacker is motivated, patient, well
funded, and exercising utmost stealth, it is very difficult to
distinguish their behavior from others in the world wide Tor relay
community.
 
 
best regards,
 
 		 	   		  


More information about the tor-talk mailing list