Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - astor

Pages: 1 ... 16 17 [18] 19 20 ... 208
256
Security / Tor Mail Gateway: Your prayers have been answered (sort of)
« on: August 20, 2013, 07:58 am »
Just came across this:

Quote
>>> This isn't gonna cut it.  A Tormail replacement that's any good,
>>> that's reliable, that's censorship-resistant, that's hardened ...
>>> that will require professionals to set it up.

I don't want to imply that we are professionals, but we will soon run a
mail gateway for .onions.

The idea is that you can email @xyz.onion.to, and the mail gateway will
forward the mail to @xyz.onion. The gateway will only accept PGP mails,
and I'm thinking about enforcing TLS.

For the other way round, xyz.onion will be able to register and receive
a passphrase. With the passphrase, xyz.onion will be able to relay/send
emails as @xyz.onion.to. The gateway will also rewrite outgoing
@xyz.onion to @xyz.onion.to.
Maybe we should use client certificates instead.

Another open question is what we should do with headers. At the moment,
the configuration file (onion_anonymize_headers) explicitly removes
User-Agent, X-Enigmail, X-Mailer and X-Originating-IP, whitelists
((Resent-)?From|To|Cc|Date|Return-Path|Message-ID|Reply-To|Bcc), and
then throws away any other header. This is obviously not the final
configuration. If anyone wants to contribute, feel welcome.

I hope that with the modified torsocks that has an option to only torify
.onion I can simply put it in front of postfix and be done. We'll see.

I invite everyone to contribute to the postfix configuration, and,
eventually, to run more mail gateways.

https://github.com/moba/tor2mail

No documentation yet, but I will make it ready before we launch.

That's a message to the tor-talk mailing list by the guy who runs Torservers, so he's not some clueless newb with pie in the sky goals that are abandoned half way through development (like Bitwasp). Someone still needs to run a hidden service email server, but that's the easier part. Interfacing with clearnet anonymously was the hard part that Tormail solved before.

Interestingly, a Tor-only email server already exists:

http://365u4txyqfy72nul.onion/mail/

http://365u4txyqfy72nul.onion/wmail/notice.html

So the pieces are in place, if this mail gateway could send messages to the TSZ mail server, we effectively have a Tormail replacement.

What I really like is that they will scan and discard emails that are non PGP encrypted.

257
Shipping / Re: Ordering Large International Bulk
« on: August 20, 2013, 05:30 am »
For bulk orders, you might want to look into light sensors or other devices that could tip you off if the package is opened. Then get a PO box in a fake name and if you believe the package is compromised and a CD is coming, throw away the key and never visit that post office again.

There might be something better than light sensors though. Quite often the packages are x-rayed first, so they could determine a device like that is inside and simply open it in a darkroom.

258
Security / Re: Let's talk about security
« on: August 20, 2013, 04:14 am »
Quote
Qubes also focuses on making the VMs light-weight so that it was possible to run really a lot of them at the same time

This is a funny statement, because Qubes seems bloated as crap to me. I've been playing around with it lately. The netvm and firewallvm take up 500 MB of RAM each! For what? These VMs shouldn't be using 50 MB of RAM. The dom0 control stack takes a full 2 GB. So just to boot into the default desktop you need 3 GB, and each AppVM starts out using 500 MB and grows as you run more apps. You really need 6-8 GB to run Qubes, with 4 GB as the bare minimum.

You can probably reconfigure these VMs to use less RAM, but that is the default setup.

259
Security / Re: Let's talk about security
« on: August 20, 2013, 03:42 am »
Quote from: StaticTension on August 20, 2013, 03:02 am
Whonix with physical isolation is a different story though but it still relies on virtual machines for the set up which according to Qubes is crap from what I understood reading the docs.

In the physical isolation setup, they recommend running the Gateway on bare metal but the Workstation in a VM to hide hardware serial numbers. Makes sense, and I'm pretty sure Qubes touts that as a feature somewhere in their documentation.

260
Silk Road discussion / Re: Never mind.
« on: August 20, 2013, 03:09 am »
So there's a new row in the buyer stats that lists "total vendors".

How does SR know how many unique vendors someone purchased from more than a year ago if they delete or anonymize the individual transaction data after several months?

In order to show this number, SR must save the buyers and vendors involved in each transaction, which along with the price (and thus probably product), means they have been saving all the info about every transaction, since the beginning of the market.

Unless DPR has been aggregating this info on a monthly basis because he predicted more than a year ago that he would add this feature?

261
Security / Re: I have no reason to use privnote instead of PGP
« on: August 19, 2013, 03:48 am »
Or they just take over the Privnote server. It's hosted at Rackspace in San Antonio, completely vulnerable to whatever the FBI wants to do to it.

262
Security / Re: NEED HELP ENCRYPTING WHOLE HD, SORRY FOR LONG POST. WILL PAY FOR HELP :)
« on: August 18, 2013, 10:41 pm »
Quote from: pharmacypowder on August 18, 2013, 06:43 pm
I know my ISP can see I am using TOR obviously if I simply run it from my home connection, but I never do. I am fortunate enough to have access to many peoples wifi that is not password protected as anyone that lives in a city usually does so I never run it using my home connection

You should spoof your MAC address.

Quote
Firstly, you say a hard drive can be COMPLETELY encrypted. Does this literally mean if my computer is seized by law enforcement, NO info at all with be able to be seen be them? Can this be done with TrueCrypt as from what I hear, it can, and not even the FBI can crack it....I would REALLY appreciate a step by step guide on totally encrypting my harddrive and not even have to worry if my computer ended up in the wrong hands....

Almost no info can be seen by LE. There must be some unencrypted part that runs and decrypts the rest of the drive. LE can can know your drive is encrypted with Truecrypt, but they won't know much else about it.

Truecrypt can do full disk encryption on a running Windows system. If you want a guide, they have extensive documentation:

http://www.truecrypt.org/docs/system-encryption

Quote
I also need a recommendation on a good VPN to use as I know some (especially some of the free ones) cannot be trusted. I want to be 100% sure my ISP cannot even see I am running TOR. I understand they can still tell I am running a VPN but tons of people run VPN's and I just want to be 100% in a worst case scnario that even if my computer is seized, nothing will be able to recovered linking me to the road.

A VPN will hide your Tor use from someone who is fishing for Tor users, but it probably won't hide your Tor use from someone who is specifically targeting you. Then again, if someone is specifically targeting you, revealing that you use Tor is the least of your problems.

As for specific providers, it's a bad idea to mention any on this forum. You'll have to figure that out for yourself or talk to people privately.

263
Security / Re: Better anonymity (extra socks5 hop at exit node) ?
« on: August 18, 2013, 10:26 pm »
http://www.publicproxyservers.com/proxy/list_rating1.html

264
Off topic / Re: No-fap: one of the best drugs out there
« on: August 18, 2013, 10:14 pm »
Quote from: mejulie2 on August 18, 2013, 07:31 pm
i have personally gone through porn, benzo and alcohol withdrawal and porn was by far the hardest and had the greatest benefit.... dont wanna give too much away here though

Sounds like you had a problem with it. I agree that alcoholics shouldn't drink and sex addicts shouldn't watch porn.

265
Security / Re: Let's talk about security
« on: August 18, 2013, 09:56 pm »
Quote from: ECC_ROT13 on August 18, 2013, 10:59 am
I was always working under the assumption that all HSDir nodes had access to all hidden service descriptors  (telling them who the Introduction Points for the HS were).     I know there was a new feature added in the past year or so to allow the use of a key to only allow clients where knowing the key the ability to find the IP for the service.. but that's a non-starter for "public" hidden sites, since all users have to know the key.

The second thing you're talking about is HiddenServiceAuthorizeClient in stealth mode, which requires a cookie/key/password to access the hidden service.

Descriptors are published using a distributed hash table type system. Donncha explains it well:

Quote
Tor hidden service desc_id‘s are calculated deterministically and if there is no ‘descriptor cookie’ set in the hidden service Tor config anyone can determine the desc id‘s for any hidden service at any point in time.This is a requirement for the current hidden service protocol as clients must calculate the current descriptor id to request hidden service descriptors from the HSDir’s. The descriptor ID’s are calculated as follows:

descriptor-id = H(permanent-id | H(time-period | descriptor-cookie | replica))

The replica is an integer, currently either 0 or 1 which will generate two separate descriptor ID’s, distributing the descriptor to two sets of 3 consecutive nodes in the DHT. The permanent-id is derived from the service public key. The hash function is SHA1.

time-period = (current-time + permanent-id-byte * 86400 / 256) / 86400

The time-period changes every 24 hours. The first byte of the permanent_id is added to make sure the hidden services do not all try to update their descriptors at the same time.

identity-digest = H(server-identity-key)

The identity-digest is the SHA1 hash of the public key generated from the secret_id_key file in Tor’s keys directory. Normally it should never change for a node as it is used for to determine the router’s long-term fingerprint, but the key is completely user controlled.

A HSDir is responsible if it is one of the three HSDir’s after the calculated desc id in a descending lists of all nodes in the Tor consensus with the HSDir flag, sorted by their identity digest.  The HS descriptor is published to two replica‘s (two set’s of 3 HSDir’s at different points of the router list) based on the two descriptor id’s generated as a result of the ’0′ or ’1′ replica value in the descriptor id hash calculation.

Source: http://donncha.is/2013/05/trawling-tor-hidden-services/

Quote
Hidden service hosting is one area where there's just not a lot of good information available.   Sure, you can find howtos to get it running, but that's not the hard part.   Nobody running high-load hidden sites is interested in sharing how they do it, for obvious reasons.

Yep. In terms of optimizing for performance, the Torservers Wiki has a lot of good info for high bandwidth relays that also applies to hidden services, but in terms of security, there isn't much out there. I have seen one of the Tor developers say that if he ran a hidden service, he would put it in a VM so it doesn't know the public IP address of the server, and other people who have run hidden services support isolation techniques. Beyond that, you are left to figure it out yourself.

Quote
Personally, I wish we had an example of a popular, heavily-used site based around a hidden service that wasn't engaged in something that would get you thrown in jail somewhere.   This forum is the closest thing to a community full of bright people that I've found on an onion site, and it's obviously closely aligned enough with SR that it gets maligned alongside SR.   But if you want intelligent conversation and an address ending in ".onion", its all I've found.

Agreed. There have been plenty of attempts at starting forums in onionland. Most of them never got more than a few users and went offline pretty quickly. There was Onionforum which lasted about 5 years, but even it had a few thousand users at its height, not tens of thousands like this one.

Here's a screenshot of it: http://toxicity.myftp.org/Share/Screenshots/OnionForum.png

That was considered the nexus of onionland activity in its day, and we have eclipsed it by one or two orders of magnitude.

Despite the spammers and trolls, this is a great forum. Personally, I came for the drugs and stayed for the community. :)



266
Security / Re: I have no reason to use privnote instead of PGP
« on: August 18, 2013, 09:24 pm »
The funny thing is, nobody had a reason to trust Privnote in the first place, with or without JavaScript. It's a clearnet web site. LE can identify the operators. LE knows that shit tons of sensitive info is posted there. LE could compel the operators to change the JavaScript to transmit messages back to the server in plaintext (along with serving an FH-style exploit to you, in case you are accessing Privnote over Tor).

Isn't it enough that you have to trust DPR with your bitcoins and the vendor with your address? Why unnecessarily increase your attack surface with third parties that require your trust, and don't deserve it?

267
Security / Re: Better anonymity (extra socks5 hop at exit node) ?
« on: August 18, 2013, 09:18 pm »
Quote from: SniperFox on August 18, 2013, 07:26 pm
See I was thinking of using web proxies in the tor browser, kproxy works well and I was thinking of using this also. Would that be fine?

me --> vpn --> tor --> web proxy --> destination

This is fine as long as you change web proxies. There are sites that list thousands of them.

268
Off topic / Re: No-fap: one of the best drugs out there
« on: August 18, 2013, 07:12 pm »
Quote from: joywind on August 16, 2013, 06:56 am
"What happens when you drop a male rat into a cage with a receptive female rat? First, you see a frenzy of copulation. Then, progressively, the male tires of that particular female. Even if she wants more, he has had enough. However, replace the original female with a fresh one, and the male immediately revives and gallantly struggles to fertilize her."


^ That's what is happening to you when you constantly watch porn. Every click of the mouse is another female that you mentally mated. Repeat this for 10 videos, 10 partners ... and all of a sudden you have no urge/motivation to pass on your genes via clappping real cheeks.

The unchallenged assumption is that we need to pass on our genes, you know, because there aren't enough people in the world.

Quote
Stop masturbating, stop watching porn -- once you break through the two week hurdle you begin to feel like superman, it's absolutely amazing. It's like amphetamine without the come down.

More energy, more confidence, better at everything you do, more alert to the little things in life and overall always in a better mood.

You literally become the best possible version of yourself.

People that I've talked to who were in forced non-fap zones, like jail, where you have no privacy because of partially obscured or unobscured toilets and showers, don't have such a positive opinion of it. Sexual release reduces stress. The inability to achieve sexual release seems to exacerbate the stress of being in jail. People become obsessed with sexual stimuli. Not being able to see females except on TV makes them obsess over every female they see. I watched one of those prison shows and they described how the inmates jerked off to any little thing, like the top of a female guard's head. That doesn't seem healthy to me.

By exposing yourself to sexual stimuli, like porn, you are desensitizing yourself to it, and making yourself more functional as a human being.

269
Silk Road discussion / Re: you must know at least this much.
« on: August 18, 2013, 05:39 pm »
Quote from: chews13 on August 18, 2013, 07:54 am
well there should be a test or something where you have to know at least this much to ride down this road.

LE already provides such a test. You'll know when you've failed.

270
Security / Re: Better anonymity (extra socks5 hop at exit node) ?
« on: August 18, 2013, 04:17 pm »
All this does is give you a permanent exit node (the second VPN), which greatly reduces your anonymity. With a static exit point and a semi-static entry point, it's easier for an attacker to pwn you. If you need an unblocked exit IP address, because exit nodes are blocked by so many web sites, find a random web proxy that isn't blocked, and use a different one each time.

Pages: 1 ... 16 17 [18] 19 20 ... 208