• Tor and general internet privacy advocates

    From Khelair@VERT/TINFOIL to All on Sun Oct 6 13:23:45 2013
    I just posted this somewhere else, but I figured it might be of interest
    to some people here, especially those folk that were interested in the darknet/meshnet ideas.

    -=-=-=-=-

    For tor privacy advocates: make sure you RTFM, you've GOT to use proper
    habits along with torifying your system and clients.


    http://news.cnet.com/8301-13578_3-57606133-38/nsa-sought-to-unmask-users-of-net-privacy-tool-tor-says-report/
    (see http://tinyurl.com/qy2df3s )

    http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity
    (see http://tinyurl.com/onbjqju )

    http://www.theguardian.com/world/interactive/2013/oct/04/egotistical-giraffe-nsa-tor-document
    (see http://tinyurl.com/ovgsfzk )

    I think the most interesting facts in there have to do with the bits that
    they have about having installed man-in-the-middle attack machines at
    primary (T3 and above?) backbones where they can emulate any server that
    they choose, and selectively implement attacks based on the software, OS,
    and security measures that any user has installed.

    God bless the USA.


    -The opinions expressed are not necessarily an advocation of any of the aforementioned ideologies, concepts, or actions. We still have the freedom of speech, for now, and I enjoy using it in a satirical or ficticious manner to amuse myself-

    "In times of universal deceit, telling the truth will be a
    revolutionary act." -- George Orwell


    ---
    ■ Synchronet ■ Tinfoil Tetrahedron : telnet bismaninfo.hopto.org 8023 : http:8080
  • From S/370@VERT/ECBBS to Khelair on Mon Nov 25 22:23:22 2013
    Re: Tor and general internet privacy advocates
    By: Khelair to All on Sun Oct 06 2013 13:23:45

    After reading the first link, I'm surprised the NSA didn't catch more people.
    I doubt most of its users even understand the FAQ...

    But what scared me was the part about the NSA exploiting the Tor browser (aka the Firefox that comes with it). The Tor project itself always recommended it cause it was "safer". I guess the moral of the story is to be proactive and not rely solely upon others for security.

    ---
    ■ Synchronet ■ electronic chicken bbs - bbs.electronicchicken.com
  • From Poindexter Fortran@VERT/REALITY to S/370 on Tue Nov 26 07:33:21 2013
    Re: Tor and general internet privacy advocates
    By: S/370 to Khelair on Mon Nov 25 2013 10:23 pm

    But what scared me was the part about the NSA exploiting the Tor browser (aka the Firefox that comes with it). The Tor project itself always recommended it cause it was "safer". I guess the moral of the story is
    to be proactive and not rely solely upon others for security.

    You could still run a newer version of Firefox, turn off javascript and cookies, run in private browsing mode and route your DNS through the proxy, and set a proxy to TOR. Not as clean as the bundle, but probably more secure.

    I'd think most people using TOR coudl walk through the steps to set it up manually without too many issues.

    ---
    ■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org
  • From Mro@VERT/BBSESINF to All on Tue Nov 26 18:46:08 2013
    Re: Tor and general internet privacy advocates
    By: Poindexter Fortran to S/370 on Tue Nov 26 2013 07:33 am

    But what scared me was the part about the NSA exploiting the Tor browser (aka the Firefox that comes with it). The Tor project itself always recommended it cause it was "safer". I guess the moral of the story is to be proactive and not rely solely upon others for security.


    no part at all of using tor makes you SAFE.
    ---
    ■ Synchronet ■ ::: BBSES.info - free BBS services :::
  • From Poindexter Fortran@VERT/REALITY to Mro on Wed Nov 27 11:54:38 2013
    Re: Tor and general internet privacy advocates
    By: Mro to All on Tue Nov 26 2013 06:46 pm

    no part at all of using tor makes you SAFE.

    True, indeed. Tos is a part of this nutritious breakfast, which includes SSL, VPN, anonymizing proxies and common sense.

    ---
    ■ Synchronet ■ realitycheckBBS -- http://realitycheckBBS.org
  • From S/370@VERT/ECBBS to Poindexter Fortran on Fri Nov 29 00:51:16 2013
    Re: Tor and general internet privacy advocates
    By: Poindexter Fortran to S/370 on Tue Nov 26 2013 07:33:21

    That's the thing. I remember the Tor project was frowning upon the use of default Firefox installations because they were "insecure" even if you take precautions such as using private browsing and noscript. They even recommended not using noscript because a sniffer could identify you based upon the scripts that load or not. Now they include noscript with the bundle but don't even disable javascript by default, citing that:

    "We configure NoScript to allow JavaScript by default in the Tor Browser Bundle because many websites will not work with JavaScript disabled. Most users would give up on Tor entirely if a website they want to use requires JavaScript, because they would not know how to allow a website to use JavaScript (or that enabling JavaScript might make a website work)."

    Says a lot of scary things about its userbase...

    ---
    ■ Synchronet ■ electronic chicken bbs - bbs.electronicchicken.com
  • From Khelair@VERT/TINFOIL to S/370 on Fri Dec 13 23:19:12 2013
    Re: Tor and general internet privacy advocates
    By: S/370 to Khelair on Mon Nov 25 2013 22:23:22

    But what scared me was the part about the NSA exploiting the Tor browser (ak the Firefox that comes with it). The Tor project itself always recommended i cause it was "safer". I guess the moral of the story is to be proactive and rely solely upon others for security.

    Yeah. I still get that rubbed in my face every now and then. I'm lucky to have one friend who stays right on the bleeding edge of this kind of stuff because of the development he's doing on specialized tor node plug 'n forget hardware to expand the tor network quickly and cheaply. Every once in awhile he comes across something that really shows you that even if you're on the bleeding edge, there will still be times when you're beaten to the punch and realize that you've probably had your real name attached to everything you've put out for a significant duration, unless you're using a machine with no cameras, no identifying information in this OS at ALL, no microphone, a secure OS, and a wireless network that you've gotten onto from a location distant from your regular haunts, where nobody will see you typing. :P

    -- Greetings, NSA, and best wishes


    ---
    ■ Synchronet
  • From Khelair@VERT/TINFOIL to Poindexter Fortran on Fri Dec 13 23:20:56 2013
    Re: Tor and general internet privacy advocates
    By: Poindexter Fortran to S/370 on Tue Nov 26 2013 07:33:21

    I'd think most people using TOR coudl walk through the steps to set it up manually without too many issues.

    Eh, not so sure about that. There's a lot of people (IMO) that are smart enough to want to help with a relay, and want the privacy, but don't really understand cryptography well at all. They mean well, and understand the need for it, but don't have the time, gray matter, or initiative to learn about the underlying concepts nor the terminology required to configure it correctly.

    -- Greetings, NSA, and best wishes


    ---
    ■ Synchronet
  • From Khelair@VERT/TINFOIL to S/370 on Fri Dec 13 23:21:58 2013
    Re: Tor and general internet privacy advocates
    By: S/370 to Poindexter Fortran on Fri Nov 29 2013 00:51:16

    "We configure NoScript to allow JavaScript by default in the Tor Browser Bun because many websites will not work with JavaScript disabled. Most users wou give up on Tor entirely if a website they want to use requires JavaScript, because they would not know how to allow a website to use JavaScript (or tha enabling JavaScript might make a website work)."

    Says a lot of scary things about its userbase...

    Bingo. Exactly what I was thinking but didn't mention in my last message.

    -- Greetings, NSA, and best wishes


    ---
    ■ Synchronet
  • From S/370@VERT/ECBBS to Khelair on Sun Dec 15 22:03:23 2013
    Re: Re: Tor and general internet privacy advocates
    By: Khelair to S/370 on Fri Dec 13 2013 23:19:12

    Lol at "plug 'n forget"

    As long as you use a UNIX-based OS, I don't see this being much of a problem. Its hard to compromise these machines simply because of the nature of UNIX software distribution (only installing software from a central repository with MD5 checking). Personally I change my MAC and hostname before connecting to networks and use private browsing with noscript. Solves the more basic security issues.

    Should they take control of the webcam, this is where tape comes in handy ;)

    ---
    ■ Synchronet ■ electronic chicken bbs - bbs.electronicchicken.com
  • From Khelair@VERT/TINFOIL to S/370 on Mon Dec 16 07:50:22 2013
    Re: Re: Tor and general internet privacy advocates
    By: S/370 to Khelair on Sun Dec 15 2013 22:03:23

    As long as you use a UNIX-based OS, I don't see this being much of a problem Its hard to compromise these machines simply because of the nature of UNIX software distribution (only installing software from a central repository wi MD5 checking). Personally I change my MAC and hostname before connecting to networks and use private browsing with noscript. Solves the more basic secur issues.

    Should they take control of the webcam, this is where tape comes in handy ;)

    Heh. Sounds like you do your homework. :)

    --Damo

    ---
    ■ Synchronet