gmane.network.tor.user

Re: Socks5 and msmtp

Leandro Noferini — 2012-05-23T20:19:13


[...]


Yes, sure!

Sorry, I did not read this with sufficient attention.


Well, what could we begin to do?

Re: Socks5 and msmtp

grarpamp — 2012-05-23T04:59:55


Ok, sure with that, but well the presumption is that security conscious
users would _want_ to be checking both the cert and the fingerprint.
That being the same sort of users that use Tor.
At least they should be doing that, given they care to use Tor.


Hmm, I think that's the same meaning as running 'separate daemons'.


Which is why this thread exists, as a suggestion that a SOCKS5
option to smtp would much enhance/solve things.


I'm rather certain Tor has a v6 ticket and active development
open at this moment.


We hope most, if not all.
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

HttpProxy and Squid

Matthew Kaufman — 2012-05-22T21:32:44

Helli,

What is the HttpProxy configuration directive for in torrc?

What if I am an exit relay and I have:

HttpProxy 127.0.0.1:3128

(a Squid proxy running locally) -- Do outgoing connections process through
Squid then?
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: Socks5 and msmtp

Leandro Noferini — 2012-05-22T08:53:49

Il 22/05/2012 07:16, grarpamp ha scritto:


No, msmtp could be configured not to check ssl certs with

tls_certcheck off

option in .msmtprc



You could use different ports with different smtp relays.

It is not easy but I did not find anything better.


Tor too.


Some of them sure!

Re: Socks5 and msmtp

grarpamp — 2012-05-22T05:16:29

On Mon, May 21, 2012 at 3:10 PM, Leandro Noferini
<lnoferin< at >cybervalley.org> wrote

Yes, but I'm pretty sure that would break TLS since msmtp sees localhost as CN
in its config and the cert CN says realsmtp.net. socat might be able to do that
TLS settings, but then there is not msmtp <-> realsmtp end2end TLS, only
socat <-> realsmtp, and msmtp doesn't know its results. And it requires managing
a separate daemon for each account provider user wants to send mail to. And
SOCKS4/4A doesn't work with IPv6.

Seems like msmtp having its own internal transparent SOCKS5 capability
would solve those issues. Right?
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: google analytics says it can track across separate domains

Ethan Lee Vita — 2012-05-21T02:42:16

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I'm enjoying the back-and-forth and the learning that's coming. I tend
to inherently agree with Joe on the issue, but I'm enjoying learning
more about how the TBB deals with these issues, as well. Both of you are
providing an excellent educational service. :)

Mike, as to the issue of having enough time to fix the issues and deal
with questions as to how TBB works, I have a suggestion. I used to deal
with similar issues for a dev team and their discussion list in a
'community manager' role, so the devs could work on actual code and the
community could have someone to explain the process. I didn't write
code, but I had enough understanding and access to be able to explain
processes and deal with questions.

Is there somebody with enough understanding of TBB, yet without the same
coding ability that they'd be more useful fixing bugs, that could serve
a similar role answering user questions, update FAQs, explain important
bug fixes, pros and cons of changing diffe

(no subject)

rad — 2012-05-21T19:17:42

_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: Socks5 and msmtp

Leandro Noferini — 2012-05-21T19:10:06

Sorry for delay!

Also in private mail for this delay.


socat -d -d -d -lu TCP4-LISTEN:2526,fork SOCKS4A:localhost:realsmtp.net:587,socksport=9050

now what you need is to point your mua to localhost:2526 as smtp server.

It works.


[...]

Re: "*.onion" performance tru "onion.to"

Jesus Cea — 2012-05-21T09:55:16

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/05/12 11:13, Fabio Pietrosanti (naif) wrote:

I was not aware of this TOR compilation option. Thanks.

I was wondering if would be possible to implement access to Hidden
Services WITHOUT running a TOR node at the same time. What I have in
mind is something like a local (in my own machine) proxy that do
trasparent proxy for any standard webpage but go thru TOR for
"*.onion" domains. Reading about how Hidden Services work, seems to be
doable. Connecting directly to the rendezvous point. No client anonymity.

Would this be something to pursuit?.

- -- 
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea< at >jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:jcea< at >jabber.org         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/

Re: "*.onion" performance tru "onion.to"

Fabio Pietrosanti (naif — 2012-05-21T09:13:03

Tor2web is a way to use Tor for Tor2web improving performance:
https://trac.torproject.org/projects/tor/ticket/2553

You need to enable it at compile time with --enable-tor2web-mode .

It remove the number of hops required to connect to a TorHS.

That's because in Tor2web threat model:
- the client accessing the TorHS resource is not anonymous
- the server exposing the TorHS resource is anonymous

so there is not need to "enforce tor client anonymity" in that use-case.

Now imho there is the need to have "volounteer python hacking" on
Tor2web 3.0 code to work on that set of issues
https://github.com/globaleaks/Tor2web-3.0/issues .

If someone want to subscribe to Tor2web mailing list to get engaged
http://wiki.tor2web.org/index.php/Main_Page#Contact

-naif
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: "*.onion" performance tru "onion.to"

Jesus Cea — 2012-05-21T09:02:48

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21/05/12 09:09, Fabio Pietrosanti (naif) wrote:

Could you elaborate? What is t2w mode?

- -- 
Jesus Cea Avion                         _/_/      _/_/_/        _/_/_/
jcea< at >jcea.es - http://www.jcea.es/     _/_/    _/_/  _/_/    _/_/  _/_/
jabber / xmpp:jcea< at >jabber.org         _/_/    _/_/          _/_/_/_/_/
.                              _/_/  _/_/    _/_/          _/_/  _/_/
"Things are not so easy"      _/_/  _/_/    _/_/  _/_/    _/_/  _/_/
"My name is Dump, Core Dump"   _/_/_/        _/_/_/      _/_/  _/_/
"El amor es poner tu felicidad en la felicidad de otro" - Leibniz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQCVAwUBT7oEuJlgi5GaxT1NAQI7vAQAkipNWVfQQM1KMp7lQBxgjFDg2YQKZMD/
4+LuTXpLvNqFWJ6/GyRBi5NzKufbb0rPnvSpQSSBvm9ZKKkQMWcewSIS04J3ztxw
IAwo2lce/7+1R19Gg5oxArNYgk7iHQuGmgoPy3mM3KWOwndLy9lE8XRSNML3dq/H
DpJhc6pnIa8=
=rVWE
-----END PGP SIGNATURE-----
___________________

Re: "*.onion" performance tru "onion.to"

2012-05-21T08:43:43


At a guess:

man torrc:

======================================================================
Tor2webMode 0|1

When this option is set, Tor connects to hidden services
non-anonymously. This option also disables client connections to
non-hidden-service hostnames through Tor. It must only be used when
running a tor2web Hidden Service web proxy. To enable this option the
compile time flag --enable-tor2webmode must be specified. (Default: 0)
======================================================================

My understanding that when enabling Tor2webMode, the number of hops
between you and the hidden service is reduced. This is because under
normal circumstances both the client and server get anonymity when using
hidden services. When somebody uses a tor2web style service though,
they're basically giving up their client anonymity to the web service,
so the number of hops for the client side of the connection is reduced
to improve performance.

Re: "*.onion" performance tru "onion.to"

Fabio Pietrosanti (naif — 2012-05-21T07:09:31

Also via Tor2web, we enabled on one of the node Tor2web mode:

1st request: 0m7.705s
2nd request: 0m1.898s

Please note that currently Tor2web.org is running 2 nodes and only one
of them run Tor2web mode with Tor2web 3.0:
burninetliliito5.tor2web.org 38.229.70.4 (t2w 2.0 + standard tor)
burninetliliito5.tor2web.org 194.150.168.70 (t2w 3.0 + t2w mode)

-naif
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: unscribe

Zebro kojos — 2012-05-21T06:37:08

Perhaps a mistype?

https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -> 'tor-talk
Subscribers' -> enter email address -> 'Unsuscribe or edit options' -> you
can get the password emailed to you if you've forgotten it.

On Mon, May 21, 2012 at 9:13 AM, torbridges.security <
torbridges.security< at >gmail.com> wrote:

_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

unscribe

torbridges.security — 2012-05-21T06:13:27

unscribe
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: Tor relay denial of service

Runa A. Sandvik — 2012-05-21T06:09:12

Please update https://trac.torproject.org/projects/tor/ticket/5934 if
you have more information about this.

Re: google analytics says it can track across separate domains

Martin Hubbard — 2012-05-21T05:28:06


Buying stuff semi-anonymously is easy with giftcards, prepaid
cellphones, etc. Delivery is the hard part. Drug dealers have
pretty much burned down the anonymous private mailbox niche.
But even one that requires ID will prevent casual tracking.
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: Website auto login

|| ΣΖΟ || — 2012-05-21T02:26:16

Thanks!

In itself not a bad idea, Though then the user has to do next tor an
extra thing, and i hoped to figure out a more automatic way.

A non invasive website, that respects privacy as good as possible, no
IP logs for instance, but also no accounts, just no data that could
have ANY personal clues. but allowing people to communicate with true
freedom of speech. (i hope people are able to do this in a
sophisticated way and build something out of it)

Could something like this idea work with tor-and other privacy tools.

Think in terms like Wordpress plugin, and eventually a browser plug-in
with a button , though that would give away the cloaked status.

I'm thinking out loud here, to find the edge of what is possible and secure.

maybe with the use of well known out nodes and a button to  "use well
known out node for this site"

anything, as long as the user keeps his full privacy.

Ideally the only requirement to be able to access the site is ... use
tor (or another true privacy tool)

Nowadays with ACTA

Re: Website auto login

|| ΣΖΟ || — 2012-05-21T02:36:12

well i had a good look and bugmenot.com kind of shows why bugmenot is
not the ideal solution

their slogan: "Find and share logins for websites that force you to register:"

And im looking for a way so that i can make a site that gives free
access but 'forces' to be anonymous.

Does this make any sense?

A site with a social function that forces a logon is demoting freedom
of speech. There should be a law against them?

Isn't freedom of speech a ground right?
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: "*.onion" performance tru "onion.to"

SiNA Rabbani — 2012-05-20T22:39:02

Sounds like there is some caching action on onion.to.

--SiNA

On 05/20/2012 02:50 PM, Jesus Cea wrote:

Re: Website auto login

krishna e bera — 2012-05-20T22:31:48

You can try http://www.bugmenot.com/
which shares accounts for sites that require registration.


If the site runs on a Tor hidden service 
then only Tor users can get to it.
Whether they are truly anonymous depends on 
their own diligence in configuring and using their system.
_______________________________________________
tor-talk mailing list
tor-talk< at >lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk