Slashdot Mirror
Domain: torproject.org
Stories and comments across the archive that link to torproject.org.
Comments · 559
-
Use your software freedom with Firefox
As I've said multiple times before, Firefox's saving grace is that it is free software—software we're free to run, inspect, share, and modify. If you don't trust Firefox you can make it trustworthy by examining what it does, changing it to meet your needs, and share improved copies to help your community. These freedoms are a clear difference from proprietary (user-subjugating) software such as Microsoft's browsers, Google Chrome, Apple Safari, and Opera. These freedoms are why Firefox is the basis of so many other browsers such as Tor Browser (making it easier to web browse on Tor) and LibreFox (which aims to "enforc[e] privacy and security of Firefox without forking the project").
-
Re:actually...
Access to Tor has not been blocked and that's the point.
Not here. And it is cat and mouse. And the connection is still subject to the whims of the service provider.
Again, it doesn't impact the psychologically stable and educated individuals but rather the significant contingent of humanity that is unstable and/or uneducated and impressionable.
I am fully aware of psychological frailties, but appointing the Handicapper General is not the cure.
I'm not suggesting regulating speech, I'm suggesting owners of sites have the right to do whatever they want with their sites because it belongs to them, not you. The fact that they allowed you post to it does not mean you have the right to post to it.
As long as the market is open and universally accessible (dumb pipe), not subject to arbitrary authority, I will go along with that. But as long as anybody has the power to shut them/you down, we need to develop technological defenses against all censorship to avoid even having to discuss the issue of regulation.
-
A Reminder to people who're going to use FREE Wifi
Don't forget to use these before using the internet.
https://www.vpngate.net/en/ (OpenVPN/L2TP)
https://www.torproject.org/ (Orfox/Tor)Both are free, and better than any paid VPN service.
-
Re:Exit nodes are great for snooping
Exit nodes can see all the data going through them, but they do not know where that data originates from. If you use TLS on top of the Tor circuit, it is unlikely that the exit node can figure out who you are. To do so would require the exit node to also control your entry node and to run a sophisticated timing attack; unsurprisingly, Tor takes measures to guard against it. Exits are also regularly probed for malicious behaviour like traffic sniffing and banned from the network if caught doing that.
-
Re:Ads
MachineShedFred opined:
Nope. It's completely about access. People don't want to have to subscribe to 10 different services, and go searching through 10 different services because of some contractual agreement that nobody outside of the lawyers and content producers know about.
So they'll go to the one place they know they'll find it, with the benefit of having extremely low cost: The Pirate Bay.
While I think your explanation of the motives for bittorrent piracy is incomplete, my real disagreement is with your conclusion. Have you actually tried acessing TPB recently?
The MPAA and the TV folks (at least, I assume it's their doing) have their third-world contractors DDoS-ing the living shit out of it. If you use a standard browser, it's all but inaccessible - although it's easy enough via Tor. They also have those same hirelings barfing screen after screen of bullshit torrents that contain only malware all over the movie sections.
Pretty much all of that activity is coming from India, of course, because it's not illegal there to deliberately obstruct website access or distribute malware on a for-hire basis.
The thing is, while it is unquestionably a Federal felony to do either of those things in the USA - and masterminding an international conspiracy to DDoS websites and deliberately distribute malware is arguably an even more serious crime - every U.S. law enforcement agency deliberately turns a blind eye to this asshattery, because Hollywood's income must be protected at all costs, despite fairly clear evidence that bittorrent piracy doesn't diminish their profits in any meaningful way.
Which, of course, doesn't keep business journals like Forbes from uncritically parroting the MPAA's claims to the contrary, because facts simply don't matter any more.
Or so I hear.
Anyway, Tor
-
Firefox AND Tor Browser: Nasty MitM possibility
Firefox AND Tor Browser: Nasty MitM possibility with the blocklist service (plus info disclosure)
- https://trac.torproject.org/pr...
(Proof of concept and Technical info within ticket's top post)
Related tickets:
Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...#
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
#User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
-
Firefox AND Tor Browser: Nasty MitM possibility
Firefox AND Tor Browser: Nasty MitM possibility with the blocklist service (plus info disclosure)
- https://trac.torproject.org/pr...
(Proof of concept and Technical info within ticket's top post)
Related tickets:
Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...#
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
#User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
-
Firefox AND Tor Browser: Nasty MitM possibility
Firefox AND Tor Browser: Nasty MitM possibility with the blocklist service (plus info disclosure)
- https://trac.torproject.org/pr...
(Proof of concept and Technical info within ticket's top post)
Related tickets:
Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...#
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
#User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
-
Firefox AND Tor Browser: Nasty MitM possibility
Firefox AND Tor Browser: Nasty MitM possibility with the blocklist service (plus info disclosure)
- https://trac.torproject.org/pr...
(Proof of concept and Technical info within ticket's top post)
Related tickets:
Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...#
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
#User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
-
Firefox AND Tor Browser: Nasty MitM possibility
Firefox AND Tor Browser: Nasty MitM possibility with the blocklist service (plus info disclosure)
- https://trac.torproject.org/pr...
(Proof of concept and Technical info within ticket's top post)
Related tickets:
Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...#
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
#User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
-
Firefox/TorBrowser: Nasty MitM possibility! ALERT!
Firefox/TorBrowser: Nasty MitM possibility with the blocklist service
- https://trac.torproject.org/pr...
(Proof of concept and Technical info within article's top post) -
Nasty MitM possibility with the Firefox blocklist
Nasty MitM possibility with the Firefox blocklist service (UNRESOLVED!)
https://trac.torproject.org/pr...
-----Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Nasty MitM possibility with the Firefox blocklist
Nasty MitM possibility with the Firefox blocklist service (UNRESOLVED!)
https://trac.torproject.org/pr...
-----Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Nasty MitM possibility with the Firefox blocklist
Nasty MitM possibility with the Firefox blocklist service (UNRESOLVED!)
https://trac.torproject.org/pr...
-----Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Nasty MitM possibility with the Firefox blocklist
Nasty MitM possibility with the Firefox blocklist service (UNRESOLVED!)
https://trac.torproject.org/pr...
-----Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Nasty MitM possibility with the Firefox blocklist
Nasty MitM possibility with the Firefox blocklist service (UNRESOLVED!)
https://trac.torproject.org/pr...
-----Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Nasty MitM possibility with the Firefox blocklist
Nasty MitM possibility with the Firefox blocklist service (UNRESOLVED!)
https://trac.torproject.org/pr...
-----Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8 sends OS+kernel+TOTAL_PING_COUNT
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8 sends OS+kernel+TOTAL_PING_COUNT
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8 sends OS+kernel+TOTAL_PING_COUNT
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8 sends OS+kernel+TOTAL_PING_COUNT
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8 sends OS+kernel+TOTAL_PING_COUNT
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...- Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
- TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...related, old, closed ticket (also unresolved):
- Nasty MitM possibility with the Firefox blocklist service
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT i
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT i
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT i
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT i
Tor Browser 8.0 sends OS+kernel+TOTAL_PING_COUNT in update queries to Mozilla
- Tails 3.9, which ships with TB 8.0, is also affected.
######
User report:[1]
https://blog.torproject.org/co...Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
######
-
Tor BB 8.0 sends OS+kernel+pings to Mozilla!?
Tor Browser Bundle 8.0 sends OS+kernel in update queries to Mozilla
User report:[1]
https://blog.torproject.org/co...Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
-
Tor BB 8.0 sends OS+kernel+pings to Mozilla!?
Tor Browser Bundle 8.0 sends OS+kernel in update queries to Mozilla
User report:[1]
https://blog.torproject.org/co...Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
-
Tor BB 8.0 sends OS+kernel+pings to Mozilla!?
Tor Browser Bundle 8.0 sends OS+kernel in update queries to Mozilla
User report:[1]
https://blog.torproject.org/co...Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
-
Tor BB 8.0 sends OS+kernel+pings to Mozilla!?
Tor Browser Bundle 8.0 sends OS+kernel in update queries to Mozilla
User report:[1]
https://blog.torproject.org/co...Sanitize the add-on blocklist update URL
https://trac.torproject.org/pr...related, old, closed ticket (unresolved):
TBB-Firefox sends OS+kernel in update queries to Mozilla
https://trac.torproject.org/pr...[1]: "TBB-Firefox sends Linux kernel version in extensions blocklist update queries to Mozilla. 6 years old ticket closed https://trac.torproject.org/pr... without fix this privacy issue.
From Ubuntu 18.04.1 LiveCD
"about:config
extensions.blocklist.url""Also it send TOTAL_PING_COUNT to tell mozilla how many days you use TBB."
-
Debian + Torproject .onion listing
-
bypasses a *legacy* NoScript
From the mouth (well keyboard) of the NoScript dev himself, this is a bug which affects the old NoScript version 5, the XUL extension that is still used in a few old browsers still based on the Firefox 52 ESR (like Tor Browser).
The NoScript version 10, the Web Extension that works in more recent version of Firefox (they switched to Web Extensions exclusively since Firefox version 57), isn't affected.
Thus the current version of TorBrowser, version 8, which is based on FireFox ESR 60, is running an unaffected NoScript version. (Even the
Your current vanilla Firefox 62 / Firefox Android 62 isn't affected either. -
Waterfox
-
Re:Open source crypto to the rescue
Tor is very easy to detect. At my company, we block all sorts of sketchy traffic from their exit nodes. There are no "secret" nodes. They are published here and can be systematically blocked.
-
Already mentioned but nobody cared...
-
Tor browser will FTFY.
Give it a try.
-
Bridges
I seriously doubt that access to the entire set of hidden bridge nodes has been blocked. These nodes are not advertised, and I am assuming that they do not appear in the public consensus documents.
The distribution points of the bridge node IP addresses were likely blocked. If and when Tor users find new bridge nodes by some means or other, they will be able to access the network again.
-
Re: Strong Maybe?
It's hard to filter out Facebook
The Facebook Container makes it easy.
Of course they can still see that you come from the same IP address, but if all Facebook traffic is passed through a proxy then it won't do them any good.
Tor is being integrated into Firefox. So once that happens Firefox can offer this out of the box and the Tor project will no longer have to maintain Tor Browser.
-
Re:Do this
Hey Firefox, looking for something else to copy?
What, you mean like how Firefox provides built-in tracking protection? Or how Firefox provides a Facebook Container which isolates Facebook from the rest of your browsing activity? Or how Firefox is developing an anti-fingerprinting mode? Or how Firefox is integrating Tor as a built-in feature?
I don't think you know what you're talking about. The web browser is the most commonly used piece of application software. If there's one type of software you should educate yourself about, it's web browsers.
-
Re:Even better
Tor is being integrated into Firefox with the goal of making Tor Browser unnecessary. The Tor Project says the two big benefits of this are that Tor will get more users and they'll be able to focus more on research rather than maintaining their Firefox fork.
-
Re:Even better
freakin' anonymity protocol that Firefox (and its various forks) will almost certainly never have.
Firefox will have it. Mozilla's project Fusion is working to integrate Tor into Firefox. The goal is to make Tor Browser (which is a Firefox fork) obsolete by including Tor in Firefox by default.
-
Re:Who controls Tor's DNS traffic? [AC, can't subm
related:
Should we warn when exit nodes are using opendns or google dns?
https://trac.torproject.org/pr... -
Who controls Tor's DNS traffic? [AC, can't submit]
Who controls Tor's DNS traffic? An Analysis of the Tor DNS Landscape
= Article: https://medium.com/@nusenu/who...
= Archived - https://archive.fo/iGQJE"How is the tor network doing two years after Philipp Winter et al. urged the tor relay operators to stop using Google's DNS resolver?
With new players like Quad9 and Cloudflare on the "DNS resolver market" asking for your DNS traffic, who are the big DNS players on today's tor network?"
-
OONI Probe
-
Re:craigslist
Tor, the browser for pedophiles and murders, but Republicans stay out!
-
Then use Tor.
Use more Tor's Onion service. See WeSupportTor for an example.
And stop using centralized services such as Cloudflare. -
Use Tor Browser
Tor Browser removes all telemetry/crash reports and it's optimized for privacy.
Also add MITM blocker to know about your connection. -
Re:Not censored
This is the same Tor whose team had such strong free speech principles they said they would change it to make it hard to access The Daily Stormer.
Pics or it didn't happen. The only comment I found was this:
We are disgusted, angered, and appalled by everything these racists stand for and do. We feel this way any time the Tor network and software are used for vile purposes. But we can't build free and open source tools that protect journalists, human rights activists, and ordinary people around the world if we also control who uses those tools. Tor is designed to defend human rights and privacy by preventing anyone from censoring things, even us.
-
Hidden services vs exit nodes
An
I think you definitely need to document yourself how TOR work in general (and how
(And also how HTTPS work, by the way)TOR is a layered encryption scheme (hence the "onion" part of the name).
Each layer is a cryptographic public key layer. Only a node with the corresponding private key can peel a layer and see what is inside.
Inside there might be:
- (for all nodes) another encrypted layer, in which case the node forward it to the next node, identified by the public key in that new layer.
- (for exit nodes) an exit node might find underneath instructions to contact a resource on the regular net
- (for hidden service) an node with hidden service might find underneath instructions to pull data out of its own web server to which it is attachedIf the target address is
in that case, the request NEVER reaches an exit node.
One of the node on the route actually happens to have a webserver attached to it, and when peeling the onion layer, get instruction to return some data from that server, instead of passing the onion to the next node in line.
No exit node will ever see the URL.
Only the hidden server will ever know which file got send.The only thing I'm simplifying here is the gymnastics in setting up a circuit between the user and the server.
(It's done a way to guarantee each-other's anonymity, both end points have a say on the layers between them).An exit node might see an URL as you mention, only if
- it's a genuine web address (like slashdot.org)
- the traffic is in plain unencrypted HTTP.
In this case, the exit node will see a conenction requrest to theIf the traffic is HTTPS
in that case, the exit node sees the conenction to the
Only an entity possessing the private keys of webserver could successfully impersonate the server and pull a man-in-the-middle. Other wise you need to hope that the browser is stupid enough to trust your shady certificate authority (e.g.: You're China, and thus you can issue a certificate for Google.cn signed by the China CA trusted by some gullible browser that hasn't removed this CA yet from their list like any other modern browser) and the user uses no certificate pinning plugin (complaining that the google certificate suddenly isn't signed by Google's own CA but by China).
Without this, the HTTPS is completely opaque. You don't see the full visited URL.Never mind that the
Nice for them to add it to a list but WHAT are they doing to scan with this list ?
No exit node is ever going to observing that URL.The only place where this URL will be seens is on the log of the actual server.
Either the actual position of this server is unknown.
Or the adversary actually OWNS the server. At which point the logs of the server aren't the biggest problem anymore : now the advesary can honney trap all they want as they control the server.I think you misunderstand how Tor works. There will always be an exit node.
Nope, no. No, no, no, no.
-
Re:Aaron Swartz did not die just to have this stil