Nice. I am hoping onion services become more ubiquitous for desktop use. So many decentralized networks work so hard to solve things like NAT busting and network issues, and they still forget about anonymity.
I am personally working on a tiny side project to build a chat/forum/etc platform based around onion services for all users. Traditionally, it was annoying to have to ask users to install Tor and open up the control port so your app could leverage it. In a recent alpha there is an experimental tiny little C API that can start the Tor system in-app [0]. Leveraging some of the work from [1], I put in some effort to get all the steps working to compile Tor statically in a a single Rust exe on Windows [2]. As Tor's embeddability game increases, I hope more apps will consider using it as part of their network stack. Granted I know the problems that are inherent with "vendoring" security libs like these, but for some uses the benefits outweigh the costs of requiring separate downloads and separate daemons running.
Would it be possible for you to port your work to I2P as well?
It's good to have a fallback network in case issues arise in Tor and something needs to plug the gap in the interim, and I2P would fulfill that roll pretty well.
They're running a Tor website... that requires JavaScript. smh
>Error! :(
>Your browser is not running Javascript that is required to use the whistleblowing client.
>It's common believe that Javascript and security don't sound well together, for this reason we suggest to use the Tor Browser, an extremely tuned FireFox browser with Tor integrated. Here you can found and download the latest release of: Tor Browser.
Note that those who want a JS-free whistleblowing platform should look for SecureDrop.[1] It's also harder to setup and may not be possible for certain threat models.
You are right in the first part (I'm italian).
Regarding people doing a good job, I don't know if this is the case. I tried to use this service (just to see how it works), and:
- "anonymous reports will be considered only in particular cases" (!)
- you cannot report if you are a private person/company
- you have no kind of legal counseling / protection
- other limitations
I'm not sure if it was designed to get actual reports or not.
This opinion is controversial, and I’m not going to go into all of the reasons why, but unless you REALY know what you’re doing Tor can’t be trusted.
I’d wager only 1% of people on Hacker News would be capable of using a Tor setup for more than a day without getting owned.
You’re better off buying a burner iPod or iPad, stick to public wifi spots, and factory reset it once a week. Even then, watch what you type since vocabulary is fingerprintable.
> and suggest an up to date OpSec guide to using Tor?
Use Disposable Whonix VMs in Qubes OS (available in the 4.0-rc4) for the best secure experience that you can get right now. For less security, an alternative would be to use Tails or Subgraph.
You can also control how much attack surface you expose in your browser in the Security Settings in the Tor Button (Medium (now termed Safe) disables JS on HTTP websites, JIT optimization, and sets media files to click-to-play. High (now termed Safest) disables JS everywhere, and SVG...).[1]
The more one studys the mechanics of corruption, the more one begins to understand that a similar battle has been waged in biology since the dawn of time.
The corrupting entity can not replace the corrupted entity, because it does not have the sufficient structures- and would fall prey to other corrupting entitys almost instantly. It can not grow bigger then the corrupted entity, due to its being dependent regarding nourishment on the corrupted entity.
All is fair in this little war. Strategys include shedding hard to corrupt matter (skin, muscus, nails and hair), have tissue with incredible replacement rates (colon-cells). Fast pace the life cycle of the corrupted entity, and have not enough nourishment in the offspring to continue the corruption.
Remedys include using of all natural substances (eat leaves to kill the worms), to behaviour changes (famous the way foxes bath, with a brush of hair forming a flea-raft)
Synchronize breeding cycles, to starve parasites and diseases. Destroy breeding grounds and switch locations, for stationary parasites.
Diversify into different corrupted entity-types to prevent specialized parasites from target hopping.
Im aware that this is dangerous comparison, and thus want to press that i do not compare humans with vermin. I do compare organizations made up by humans with organisms and parasites.
This measure is basically encouraging the parasites infrastructure to turn upon themselves. There is no reward and there is no protection of the parasite being damaged.
So it will be used mainly by other parasites to battle among one another (leak information about the neighboring clan)- or to have parasites on the parasites (aka the lower echelon members of the mafia removing upper echelons to raise).
Stupid question: there are so many public places that provide free wifi without authentication. If you go into one of these places and it is populated enough, and you have MAC randomization on, no smartphone on you, isn’t it good enough? Surely there are CCTV. But if you connect from a changing room or toilets of a busy mall, I don’t see how anyone could trace the connection.
At the very least you need to add a VM into that mix to stop (most of) the fingerprinting. You also need a trusted VPN, all kinds of JS and privacy blockers.
And that's assuming there are no hidden backdoors in your hardware. Which will be used, if you're important enough to track.
Too bad onions was compromised by the NSA. that makes speaking up against the Bad Guys a bit more dangerous.
Admittedly there is a high chance that the Italian high brass has NO finger on the American high brass, however as long as there is no certainty it's a safety risk.
Tor was /targeted/ by the NSA, but I haven't read anything that makes me believe it (or onion routing in general) has been compromised. I get the feeling tor has proven so effective that the only reasonable attack against it is sowing mistrust.
[+] [-] kodablah|8 years ago|reply
I am personally working on a tiny side project to build a chat/forum/etc platform based around onion services for all users. Traditionally, it was annoying to have to ask users to install Tor and open up the control port so your app could leverage it. In a recent alpha there is an experimental tiny little C API that can start the Tor system in-app [0]. Leveraging some of the work from [1], I put in some effort to get all the steps working to compile Tor statically in a a single Rust exe on Windows [2]. As Tor's embeddability game increases, I hope more apps will consider using it as part of their network stack. Granted I know the problems that are inherent with "vendoring" security libs like these, but for some uses the benefits outweigh the costs of requiring separate downloads and separate daemons running.
0 - https://blog.torproject.org/tor-0331-alpha-released-back-uns... 1 - https://github.com/iCepa/Tor.framework 2 - https://github.com/cretz/rtsw-poc
[+] [-] jerheinze|8 years ago|reply
[1] : https://github.com/ipfs/notes/issues/37
[+] [-] synchronise|8 years ago|reply
It's good to have a fallback network in case issues arise in Tor and something needs to plug the gap in the interim, and I2P would fulfill that roll pretty well.
[+] [-] forgotmypw|8 years ago|reply
>Error! :(
>Your browser is not running Javascript that is required to use the whistleblowing client.
>It's common believe that Javascript and security don't sound well together, for this reason we suggest to use the Tor Browser, an extremely tuned FireFox browser with Tor integrated. Here you can found and download the latest release of: Tor Browser.
[+] [-] jerheinze|8 years ago|reply
[1] : https://securedrop.org/directory
[+] [-] ziofill|8 years ago|reply
[+] [-] fmntf|8 years ago|reply
[+] [-] newbuser|8 years ago|reply
[+] [-] 3pt14159|8 years ago|reply
I’d wager only 1% of people on Hacker News would be capable of using a Tor setup for more than a day without getting owned.
You’re better off buying a burner iPod or iPad, stick to public wifi spots, and factory reset it once a week. Even then, watch what you type since vocabulary is fingerprintable.
It’s very hard to stay dark these days.
[+] [-] jerheinze|8 years ago|reply
Use Disposable Whonix VMs in Qubes OS (available in the 4.0-rc4) for the best secure experience that you can get right now. For less security, an alternative would be to use Tails or Subgraph.
You can also control how much attack surface you expose in your browser in the Security Settings in the Tor Button (Medium (now termed Safe) disables JS on HTTP websites, JIT optimization, and sets media files to click-to-play. High (now termed Safest) disables JS everywhere, and SVG...).[1]
[1] : https://tb-manual.torproject.org/en-US/security-slider.html
[+] [-] Pica_soO|8 years ago|reply
The corrupting entity can not replace the corrupted entity, because it does not have the sufficient structures- and would fall prey to other corrupting entitys almost instantly. It can not grow bigger then the corrupted entity, due to its being dependent regarding nourishment on the corrupted entity.
All is fair in this little war. Strategys include shedding hard to corrupt matter (skin, muscus, nails and hair), have tissue with incredible replacement rates (colon-cells). Fast pace the life cycle of the corrupted entity, and have not enough nourishment in the offspring to continue the corruption.
Remedys include using of all natural substances (eat leaves to kill the worms), to behaviour changes (famous the way foxes bath, with a brush of hair forming a flea-raft)
Synchronize breeding cycles, to starve parasites and diseases. Destroy breeding grounds and switch locations, for stationary parasites.
Diversify into different corrupted entity-types to prevent specialized parasites from target hopping.
Im aware that this is dangerous comparison, and thus want to press that i do not compare humans with vermin. I do compare organizations made up by humans with organisms and parasites.
This measure is basically encouraging the parasites infrastructure to turn upon themselves. There is no reward and there is no protection of the parasite being damaged. So it will be used mainly by other parasites to battle among one another (leak information about the neighboring clan)- or to have parasites on the parasites (aka the lower echelon members of the mafia removing upper echelons to raise).
[+] [-] dandare|8 years ago|reply
[+] [-] rotrux|8 years ago|reply
Kudos to Italy for betting on the horse that will inevitably win.
[+] [-] chii|8 years ago|reply
[+] [-] ecesena|8 years ago|reply
(source linked in the article, but in Italian: http://www.anticorruzione.it/portal/public/classic/Servizi/S...)
[+] [-] mtgx|8 years ago|reply
https://blog.torproject.org/tors-fall-harvest-next-generatio...
[+] [-] cm2187|8 years ago|reply
[+] [-] bufferoverflow|8 years ago|reply
And that's assuming there are no hidden backdoors in your hardware. Which will be used, if you're important enough to track.
[+] [-] letsgetphysITal|8 years ago|reply
See how unique you are. Spoiler; You are unique unless you are paranoid. Really, really paranoid.
[+] [-] unknown|8 years ago|reply
[deleted]
[+] [-] singularity2001|8 years ago|reply
Admittedly there is a high chance that the Italian high brass has NO finger on the American high brass, however as long as there is no certainty it's a safety risk.
[+] [-] jstanley|8 years ago|reply
[+] [-] jelly|8 years ago|reply
[+] [-] 0xFFC|8 years ago|reply
Any references you would want to provide for this claim?