|
Home > Archive > Anonymous Servers > November 2007 > Browsing the web anonymously
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Browsing the web anonymously
|
|
| George Orwell 2007-10-20, 7:14 pm |
|
Hi,
Does anyone know how to browse the web (http protocol) anonymously? I
prefer a plugin working with IE or FireFox.
Thanks in advance.
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it
| |
| Thomas J. Boschloo 2007-10-20, 7:14 pm |
| George Orwell schreef:
> Hi,
>
> Does anyone know how to browse the web (http protocol) anonymously? I
> prefer a plugin working with IE or FireFox.
>
> Thanks in advance.
http://tor.freehaven.net/
There is a compilation of Firefox with Tor in it. I don't know how up to
date it is kept with new browser exploits. But it should be easy to use.
| |
| StealthMonger 2007-10-20, 7:14 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Thomas J. Boschloo" <nospam@hccnet.nl> writes:
> George Orwell schreef:
[vbcol=seagreen]
[vbcol=seagreen]
[vbcol=seagreen]
> http://tor.freehaven.net/
Note however that a resourceful adversary can trace Tor browsing or
any other browsing that is "real time", i.e. has low latency. From
the Tor documentation:
... for low-latency systems like Tor, end-to-end traffic
correlation attacks [8, 21, 31] allow an attacker who can observe
both ends of a communication to correlate packet timing and volume,
quickly linking the initiator to her destination.
http://tor.eff.org/cvs/tor/doc/desi.../challenges.pdf
To get untraceable anonymity, high random latency and mixing with
other traffic is necessary. This can be achieved by sending a http
request through a chain of anonymizing remailers to a web-to-mail
gateway with a Reply-To: address that causes the requested page to
show up on alt.anonymous.messages. Take a full feed of a.a.m at all
times without interruption, and pluck the page from there when it
appears.
-- StealthMonger
<StealthMonger@hod.aarg.net>
<StealthMonger@nym.panta-rhei.eu.org>
<StealthMonger@nym.alias.net>
--
stealthmail: Scripts to hide whether you're doing email, or when,
or with whom. http://stealthsuite.afflictions.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFHGn/ +DkU5rhlDCl4RAvZ6AKC0TOyloLCyquNmWM5FE88
jhXNZTQCfc3+v
k8EEbxzHGmnv64g4PCVsxgY=
=XuEu
-----END PGP SIGNATURE-----
| |
| George Orwell 2007-10-21, 7:13 am |
| Thanks a lot both Thomas and Stealthmonger.
My purpose is not to log my real ip-address in various web-forums.
I think Tor serves that purpose well, doesn't it?
On Sun, 21 Oct 2007 01:20:14 +0200 (CEST), StealthMonger
<Use-Author-Supplied-Address-Header@[127.1]> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>"Thomas J. Boschloo" <nospam@hccnet.nl> writes:
>
>
>
>
>
>Note however that a resourceful adversary can trace Tor browsing or
>any other browsing that is "real time", i.e. has low latency. From
>the Tor documentation:
>
> ... for low-latency systems like Tor, end-to-end traffic
> correlation attacks [8, 21, 31] allow an attacker who can observe
> both ends of a communication to correlate packet timing and volume,
> quickly linking the initiator to her destination.
>
>http://tor.eff.org/cvs/tor/doc/desi.../challenges.pdf
>
>To get untraceable anonymity, high random latency and mixing with
>other traffic is necessary. This can be achieved by sending a http
>request through a chain of anonymizing remailers to a web-to-mail
>gateway with a Reply-To: address that causes the requested page to
>show up on alt.anonymous.messages. Take a full feed of a.a.m at all
>times without interruption, and pluck the page from there when it
>appears.
>
>
> -- StealthMonger
> <StealthMonger@hod.aarg.net>
> <StealthMonger@nym.panta-rhei.eu.org>
> <StealthMonger@nym.alias.net>
>
> --
> stealthmail: Scripts to hide whether you're doing email, or when,
> or with whom. http://stealthsuite.afflictions.org
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.6 (GNU/Linux)
>Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
>
>iD8DBQFHGn/ +DkU5rhlDCl4RAvZ6AKC0TOyloLCyquNmWM5FE88
jhXNZTQCfc3+v
>k8EEbxzHGmnv64g4PCVsxgY=
>=XuEu
>-----END PGP SIGNATURE-----
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it
| |
| Thomas J. Boschloo 2007-10-21, 7:13 am |
| George Orwell schreef:
> Thanks a lot both Thomas and Stealthmonger.
> My purpose is not to log my real ip-address in various web-forums.
> I think Tor serves that purpose well, doesn't it?
It does. But be sure to turn off Javascript, ActiveX, Java, Alexia and
stuff in your browser.
Also see chapter 16 in
http://birdsofafeather.bravehost.com/DrWhoFAQ.txt
Websites can trick your browser into transmitting your real IP through
Tor and you have to be more clever than those sites.
| |
| Thomas J. Boschloo 2007-10-21, 7:13 am |
| Thomas J. Boschloo schreef:
> George Orwell schreef:
>
> It does. But be sure to turn off Javascript, ActiveX, Java, Alexia and
> stuff in your browser.
>
> Also see chapter 16 in
> http://birdsofafeather.bravehost.com/DrWhoFAQ.txt
>
> Websites can trick your browser into transmitting your real IP through
> Tor and you have to be more clever than those sites.
Sorry. It was cruel from me to post a link for someone that wants to be
anonymous :-) Here goes:
16. How do I "cover my tracks" online?
Never surf naked. Always, always use a proxy. The easiest method is
to use Tor. Tor is now bundled together with Vidalia and Privoxy.
it is simple to install and use. Vidalia is the control panel for
Tor. However, you can achieve the same by right clicking on the Tor
icon on the Taskbar. Installing the Vidalia bundle will install both
Tor and a program called Privoxy. Together these two programs will
protect both your privacy (Privoxy) and anonymity (Tor). Vidalia
will also install the Torbutton on your FireFox browser. A very
useful way to enable/disable Tor.
Using Privoxy is necessary because browsers leak your DNS requests
when they use a SOCKS proxy directly, which is bad for your anonymity.
Privoxy also removes certain dangerous headers from your web requests
and blocks obnoxious ad sites like Doubleclick.
| |
| George Orwell 2007-10-21, 7:13 am |
| Thanks a lot both Thomas and Stealthmonger.
My purpose is not to log my real ip-address in various web-forums.
I think Tor serves that purpose well, doesn't it?
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it
| |
| Non scrivetemi 2007-10-22, 7:13 pm |
| StealthMonger wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> "Thomas J. Boschloo" <nospam@hccnet.nl> writes:
>
>
>
>
>
> Note however that a resourceful adversary can trace Tor browsing or
> any other browsing that is "real time", i.e. has low latency. From
> the Tor documentation:
>
> ... for low-latency systems like Tor, end-to-end traffic
> correlation attacks [8, 21, 31] allow an attacker who can observe
> both ends of a communication to correlate packet timing and volume,
> quickly linking the initiator to her destination.
How many adversaries have the ability to monitor both their target,
and all 2127 nodes at the same time?
Tor may not be perfect, it may not even be the most hardened way to
obtain information anonymously, but it is truly anonymous and it's the
best game in town for general purpose anonymity hands down.
| |
| Anonymous 2007-10-24, 7:13 pm |
| "Thomas J. Boschloo" <nospam@hccnet.nl> wrote:
> George Orwell schreef:
>
> It does. But be sure to turn off Javascript, ActiveX, Java, Alexia and
> stuff in your browser.
>
> Also see chapter 16 in
> http://birdsofafeather.bravehost.com/DrWhoFAQ.txt
"Using Privoxy is necessary because browsers leak your DNS requests
when they use a SOCKS proxy directly, which is bad for your anonymity."
False information. Most browsers actually do not leak DNS requests.
Privoxy may be necessary for users of outdated software like you and
Dr. Who, but for most of us it's an unnecessary waste of resources and
an added point of failure.
>
> Websites can trick your browser into transmitting your real IP through
> Tor and you have to be more clever than those sites.
Clever?
Has nothing to do with it. You have to be more informed. Which is why
Dr. Who's FAQ and your inevitable stupidity are so dangerous to people
who don't know any better.
| |
|
| On Tue, 23 Oct 2007 01:53:23 +0200 (CEST), Non scrivetemi wrote:
>
> How many adversaries have the ability to monitor both their target,
> and all 2127 nodes at the same time?
Hundreds, a 1,000?
> Tor may not be perfect, it may not even be the most hardened way to
> obtain information anonymously, but it is truly anonymous and it's the
> best game in town for general purpose anonymity hands down.
Brst, yes; truly anonymous, nope.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
George Orwell <nobody@mixmaster.it> wrote in
news:27e3b3853c171f6011402f98aa8b31b7@mi
xmaster.it:
> Hi,
>
> Does anyone know how to browse the web (http protocol) anonymously? I
> prefer a plugin working with IE or FireFox.
>
> Thanks in advance.
>
Check out XeroBank (The browser formerly known as TorPark)
http://www.xerobank.com/xB_browser.html
It comes with tor and is pre configured for maximum anonymity and
privacy settings. It's also portable and can be installed to and run
from a flash drive.
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRyAOlnV+YnyE1GYEAQgy4Af/aDeUyYEwU29Xj5qnE8k666chLhwYPaNg
65frIaHHMoe1/qEpOiFmVqliCC6eQEh8KRyN/MUBsAdHn+hleOFzA1udTxk7yCci
b2qDdhj3GD6ltKugITRd3OcxggXLXoe2EcXZVFb6
WIUaM4lRseemqG+ZJlIYHLpn
U6S40VI60KVci+M+D4D4CJPD+/AiZNjIY9Ak1JL/MVOP4Oe1d7D9gmmDsBOVKc6u
6gDMfpHtcv3sn6fofk2fBbGJnInxvFQVdGIuzrni
BysofTCEKOJKj4nE1GxCCM6I
MFKaycww/ Y+B68vWzqom0gLXSxuI9PnBNaQfzANzqtwHvq4tC
YY0KA==
=IIR0
-----END PGP SIGNATURE-----
| |
|
| On Wed, 24 Oct 2007 22:33:57 -0500, Ed wrote:
> Check out XeroBank (The browser formerly known as TorPark)
> http://www.xerobank.com/xB_browser.html
>
> It comes with tor and is pre configured for maximum anonymity and
> privacy settings. It's also portable and can be installed to and run
> from a flash drive.
And it's a clone ripoff.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
| Anonymous 2007-10-25, 7:14 am |
| Ari wrote:
> On Wed, 24 Oct 2007 22:33:57 -0500, Ed wrote:
>
>
> And it's a clone ripoff.
A clone ripoff of what?
| |
|
| On Thu, 25 Oct 2007 10:17:54 +0200 (CEST), Anonymous wrote:
>
> A clone ripoff of what?
TOR
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ari <arisilverstein@yahoo.com> wrote in
news:nmrl4ddykcqa$.1j30m5y9ze9fs$.dlg@40tude.net:
> On Thu, 25 Oct 2007 10:17:54 +0200 (CEST), Anonymous wrote:
>
>
> TOR
Check again. It's not a ripoff of anything. It's a custom build of
Firefox that includes a TOR installation. If you read the docs you'll
see that's what they say it is. They've just packaged it all together
in a convienient, portable install with privacy settings optimized
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRyD1W3V+YnyE1GYEAQjjcwf9GKfZlWkV
xGvT1H5j7cMWS7fHwR+DLFEv
3oQ8xw2n8qrfetkmJCbBhdowEIFRqsQHomC1vwjQ
OAaDRBwv8kMCRCnfXQW2/rKM
vlviXfElqNWK2MkAOvNkyhBP5NZ+nkMzsOpOYsBf
arIWG/yYxIfzDsHowimOfSbv
MG0mveVZ+6NWPtnk7e+g0OEvShL35227KOkvXEIV
5XvoqAEL+0fO+VR4WEOQfJfL
0wSKNXtlI4GIX3KuR77NAPV/Y998SN9mWyMzw/5FpEihaskSD7A+vjXGYtj+4Mc2
syJWSm7tSmUQ3U82t2a3poFJsHkLoXE9dEHHYKQ3
+iVeRxfFmEQKCA==
=KQI7
-----END PGP SIGNATURE-----
| |
| Anonymous Sender 2007-10-25, 7:12 pm |
| Ari wrote:
> On Thu, 25 Oct 2007 10:17:54 +0200 (CEST), Anonymous wrote:
>
>
> TOR
WTF are you blubbering about? It's not a clone of Tor, it uses the Tor
network. Nobody is trying to hide that fact, but it apparently got by
you anyway.
At least we know who was trolling Steve Topletz now too. Nice going.
You're two for two in the self spank department this week along with the
accidental random text posts there slick. Gonna swing for the three run
homer now?
Not that it's really any real surprise to find out you're nothing but a
nym hopping troll. You don't act much different with your hand in your
"Ari" sock.
| |
|
| On Thu, 25 Oct 2007 14:58:31 -0500, Ed wrote:
>
> Check again. It's not a ripoff of anything. It's a custom build of
> Firefox that includes a TOR installation. If you read the docs you'll
> see that's what they say it is. They've just packaged it all together
> in a convienient, portable install with privacy settings optimized
It's a ripoff, Ed, its Torrify which was a takeoff of TOR but now they want
money. Do you condone the use of Open Source with a GUI as anything less?
| |
|
| On Thu, 25 Oct 2007 23:06:52 +0000 (UTC), Anonymous Sender wrote:
> At least we know who was trolling Steve Topletz now too. Nice going.
> You're two for two in the self spank department this week along with the
> accidental random text posts there slick. Gonna swing for the three run
> homer now?
>
> Not that it's really any real surprise to find out you're nothing but a
> nym hopping troll. You don't act much different with your hand in your
> "Ari" sock.
XXXX off. You can keep this shoot-in-the-sky bullshit all you want. I'm one
of the very few on here that don't hide my actions behind some bullshit
remailer like you do.
Step up and prove out, or kiss my XXX and lick it.
| |
| Anonymous 2007-10-26, 1:14 pm |
| Ari wrote:
> On Thu, 25 Oct 2007 14:58:31 -0500, Ed wrote:
>
>
> It's a ripoff, Ed, its Torrify which was a takeoff of TOR but now they want
> money. Do you condone the use of Open Source with a GUI as anything less?
You're clueless.
Torify is a wrapper script for the tsocks library, which really has
nothing to do with Tor other than being written by Peter Palfrader. It's
a *nix socksification tool that just happens to work with Tor on that
platform because Tor is essentially a SOCKS proxy.
There isn't even a Windows port of tsocks, and XB is a Windows-only
package you ninny. <laugh>
XB is the evolution of TorPark into a packaged commercial venture. It
piggybacks the Tor network, and has issues of its own, but it's not a
ripoff of anything except MAYBE the bandwidth donated by Tor node
operators.
| |
|
| On Fri, 26 Oct 2007 15:38:43 +0200 (CEST), Anonymous wrote:
>
> You're clueless.
>
> Torify is a wrapper script for the tsocks library, which really has
> nothing to do with Tor other than being written by Peter Palfrader. It's
> a *nix socksification tool that just happens to work with Tor on that
> platform because Tor is essentially a SOCKS proxy.
>
> There isn't even a Windows port of tsocks, and XB is a Windows-only
> package you ninny. <laugh>
>
> XB is the evolution of TorPark into a packaged commercial venture. It
> piggybacks the Tor network, and has issues of its own, but it's not a
> ripoff of anything except MAYBE the bandwidth donated by Tor node
> operators.
Excuse the mistep, TorPARK, correct, ripoff of bandwidth, accurate.
Ripoff period.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
| Anonymous Sender 2007-10-27, 7:13 am |
| Ari wrote:
> On Fri, 26 Oct 2007 15:38:43 +0200 (CEST), Anonymous wrote:
>
>
> Excuse the mistep, TorPARK, correct, ripoff of bandwidth, accurate.
> Ripoff period.
Not according to Nick Mathewson. <shrug>
Of course you're just looking for something to rant about here anyway,
as your glaring backpedal from "GUI" based stolen software bullshit to
bandwidth right on cue so clearly demonstrate.
Honestly, this little faux pas rivals your barcode encryption episode
Ari. It may even surpass it in sheer stupidity value.
| |
|
| On Sat, 27 Oct 2007 11:29:04 +0000 (UTC), Anonymous Sender wrote:
>
> Not according to Nick Mathewson. <shrug>
Who you know personally?
> Of course you're just looking for something to rant about here anyway,
> as your glaring backpedal from "GUI" based stolen software bullshit to
> bandwidth right on cue so clearly demonstrate.
Clearly.
>
> Honestly, this little faux pas rivals your barcode encryption episode
> Ari. It may even surpass it in sheer stupidity value.
Excuse me, I have to flood sci.crypt now. lol
Idiot.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
| Anonymous 2007-10-28, 1:14 am |
| Ari wrote:
> On Sat, 27 Oct 2007 11:29:04 +0000 (UTC), Anonymous Sender wrote:
>
>
> Who you know personally?
As a matter of fact I do. Nick and the rest of the Tor team have other
issues with TorPark/XB, mostly centering around technical issues
directly impacting security. They have also publicly expressed their
own plans to create commercial Tor access points at some point, doing
exactly what Xerobank is doing.
>
> Clearly.
>
> Excuse me, I have to flood sci.crypt now. lol
You have yet to even attempt to explain the "random text" messages
posted by you in those and other groups where your foolishness has been
met with the sort of response you're all too familiar with by now.
Thinly veiled denials are nothing but more evidence that it was you.
> Idiot
A suitable sig. 
| |
| Anonymous 2007-10-28, 1:14 am |
| Anonymous <cripto@ecn.org> wrote in news:c2c05acfb1cb7853ec006f9fce779849
@ecn.org:
> Ari wrote:
>
>
> As a matter of fact I do. Nick and the rest of the Tor team have other
> issues with TorPark/XB, mostly centering around technical issues
> directly impacting security. They have also publicly expressed their
> own plans to create commercial Tor access points at some point, doing
> exactly what Xerobank is doing.
>
Is this a coincidence or what!?
I'm anonymous, and your anonymous.
I know Nick, and you know Nick.
I blow Nick, and you blow Nick.
Us guys that know all about this anonymous stuff need to stick
together and use words like "XBBrowser" and "impacting".
That way everyone will *think* they know us, when in fact we're
really inconsequential nobodies. No one can prove we don't know
Nick. ;)
Anonymous, indeed. And that's why everyone should trust us.
We're a team! You and me.
You live with your mother like I do!
Son?
| |
| Anonymous Sender 2007-10-28, 7:14 am |
| Anonymous wrote:
> Anonymous <cripto@ecn.org> wrote in news:c2c05acfb1cb7853ec006f9fce779849
> @ecn.org:
>
>
> Is this a coincidence or what!?
No,it's Ari Silverstein proving beyond any doubt he's not only a petty
cunt, but a bald faced liar.
| |
| Anonymous 2007-10-28, 1:12 pm |
| Anonymous wrote:
> Anonymous <cripto@ecn.org> wrote in
> news:c2c05acfb1cb7853ec006f9fce779849 @ecn.org:
>
>
> Is this a coincidence or what!?
>
> I'm anonymous, and your anonymous.
>
> I know Nick, and you know Nick.
>
> I blow Nick, and you blow Nick.
>
> Us guys that know all about this anonymous stuff need to stick
> together and use words like "XBBrowser" and "impacting".
>
> That way everyone will *think* they know us, when in fact we're
> really inconsequential nobodies. No one can prove we don't know
> Nick. ;)
>
> Anonymous, indeed. And that's why everyone should trust us.
>
> We're a team! You and me.
>
> You live with your mother like I do!
>
> Son?
>
So basically you're telling us you don't have an argument anymore after
you found out Tor's developers have no problem with the commercial
nature of Xerobank so you're reduced to puerile whining. You conceded
your idiotic "stolen software" argument, abandoned the "bandwidth" issue
in record time, and rather than be adult enough to just admit your
mistakes you'd rather impress us with taking cheap shots at anonymous
posters in general from behind a remailer.
How pathetic. Thanks for clearing all that up for us this week too,
kiddo.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ari <arisilverstein@yahoo.com> wrote in
news:smr8rr6rg0yc$.1vj1z0plxlww$.dlg@40tude.net:
> On Thu, 25 Oct 2007 14:58:31 -0500, Ed wrote:
>
>
> It's a ripoff, Ed, its Torrify which was a takeoff of TOR but now they
> want money. Do you condone the use of Open Source with a GUI as
> anything less?
XeroBank may be selling services, but
http://www.xerobank.com/xB_browser.html isn't costing a cent (or i'd
never use it)
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRyQqe3V+YnyE1GYEAQiZRAf/eX3hkclMNBkuYcU675ArkXXAydqxR3SD
dHRLSetsUZ/mR+// fueZUv5Ro+3SpQHFeoafMQZ7VWBJIPyfY9FXQyfv
tuU6Surk
S5mCNZGG6lQM8Z5uzkovdFmAQa7VDCG8zHYoKtNl
smryhO1RpSaZ0Qr6m9oGYFqF
Fra5W1fvj2h0cKKeUGjq5ct5IKHPKDoGLdNyTEvH
evvzL3L8dkcJL5RpxycHE2Jd
eozoPCabIZRzFahty+xYOZNtRulHvjRWrXAc4+yu
+A7HQOGui26gp6VhNElPskhC
x+6+0hAapUvNHPGwtHQmVAjuWYZtXEkNsk/nE/SQ2VsWs0FAcBVPOw==
=oAMH
-----END PGP SIGNATURE-----
| |
|
| On Sun, 28 Oct 2007 02:16:27 +0200 (CEST), Anonymous wrote:
>
> You have yet to even attempt to explain the "random text" messages
> posted by you in those and other groups where your foolishness has been
> met with the sort of response you're all too familiar with by now.
>
> Thinly veiled denials are nothing but more evidence that it was you.
Yes, evidence, that what it is. You got me, with all your evidence,
nothing is more important than my admission + your evidences. Right?
Wait, thinly veiled denial? Where? I admit to it, everything, anything
you say about me, to date, all of it is true! True! How can I overcome
your irrefutable evidences?
Excuse me, I have to flood sci.crypt now. lol
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
|
| On Sat, 27 Oct 2007 21:08:27 -0600 (MDT), Anonymous wrote:
>
> Is this a coincidence or what!?
>
> I'm anonymous, and your anonymous.
>
> I know Nick, and you know Nick.
>
> I blow Nick, and you blow Nick.
>
> Us guys that know all about this anonymous stuff need to stick
> together and use words like "XBBrowser" and "impacting".
>
> That way everyone will *think* they know us, when in fact we're
> really inconsequential nobodies. No one can prove we don't know
> Nick. ;)
>
> Anonymous, indeed. And that's why everyone should trust us.
>
> We're a team! You and me.
>
> You live with your mother like I do!
>
> Son?
That was me, Ari, everybody, I was Anonymous, just so everybody will
know, all of you who give a shit, all one of you.
Excuse me, I have to flood sci.crypt now. lol
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
|
| On Sun, 28 Oct 2007 08:24:48 +0000 (UTC), Anonymous Sender wrote:
>
> No,it's Ari Silverstein proving beyond any doubt he's not only a petty
> cunt, but a bald faced liar.
Got me again, how did you know Anonymous was me? I thought we were
anonymous, guess not, does that mean you're XXXXed?
Seems so.
Excuse me, I have to flood sci.crypt now. lol
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
|
| On Sat, 27 Oct 2007 21:08:27 -0600 (MDT), Anonymous wrote:
> Anonymous <cripto@ecn.org> wrote in news:c2c05acfb1cb7853ec006f9fce779849
> @ecn.org:
>
>
> Is this a coincidence or what!?
>
> I'm anonymous, and your anonymous.
>
> I know Nick, and you know Nick.
>
> I blow Nick, and you blow Nick.
>
> Us guys that know all about this anonymous stuff need to stick
> together and use words like "XBBrowser" and "impacting".
>
> That way everyone will *think* they know us, when in fact we're
> really inconsequential nobodies. No one can prove we don't know
> Nick. ;)
>
> Anonymous, indeed. And that's why everyone should trust us.
>
> We're a team! You and me.
>
> You live with your mother like I do!
>
> Son?
So basically you're telling us you don't have an argument anymore after
you found out Tor's developers have no problem with the commercial
nature of Xerobank so you're reduced to puerile whining. You conceded
your idiotic "stolen software" argument, abandoned the "bandwidth" issue
in record time, and rather than be adult enough to just admit your
mistakes you'd rather impress us with taking cheap shots at anonymous
posters in general from behind a remailer.
How pathetic. Thanks for clearing all that up for us this week too,
kiddo.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
|
| On Fri, 26 Oct 2007 03:28:15 -0400, Ari wrote:
> On Thu, 25 Oct 2007 23:06:52 +0000 (UTC), Anonymous Sender wrote:
>
>
> XXXX off. You can keep this shoot-in-the-sky bullshit all you want. I'm one
> of the very few on here that don't hide my actions behind some bullshit
> remailer like you do.
>
> Step up and prove out, or kiss my XXX and lick it.
So basically you're telling us you don't have an argument anymore after
you found out Tor's developers have no problem with the commercial
nature of Xerobank so you're reduced to puerile whining. You conceded
your idiotic "stolen software" argument, abandoned the "bandwidth" issue
in record time, and rather than be adult enough to just admit your
mistakes you'd rather impress us with taking cheap shots at anonymous
posters in general from behind a remailer.
How pathetic. Thanks for clearing all that up for us this week too,
kiddo.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
|
| On Thu, 25 Oct 2007 23:06:52 +0000 (UTC), Anonymous Sender wrote:
>
> WTF are you blubbering about? It's not a clone of Tor, it uses the Tor
> network. Nobody is trying to hide that fact, but it apparently got by
> you anyway.
>
> At least we know who was trolling Steve Topletz now too. Nice going.
> You're two for two in the self spank department this week along with the
> accidental random text posts there slick. Gonna swing for the three run
> homer now?
>
> Not that it's really any real surprise to find out you're nothing but a
> nym hopping troll. You don't act much different with your hand in your
> "Ari" sock.
So basically you're telling us you don't have an argument anymore after
you found out Tor's developers have no problem with the commercial
nature of Xerobank so you're reduced to puerile whining. You conceded
your idiotic "stolen software" argument, abandoned the "bandwidth" issue
in record time, and rather than be adult enough to just admit your
mistakes you'd rather impress us with taking cheap shots at anonymous
posters in general from behind a remailer.
How pathetic. Thanks for clearing all that up for us this week too,
kiddo.
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
| Anonymous 2007-10-28, 7:12 pm |
| Ari wrote:
> On Sun, 28 Oct 2007 08:24:48 +0000 (UTC), Anonymous Sender wrote:
>
>
> Got me again, how did you know Anonymous was me? I thought we were
> anonymous, guess not, does that mean you're XXXXed?
Of course not. I'm not as stupid as you are.
>
> Seems so.
>
> Excuse me, I have to flood sci.crypt now. lol
| |
| Anonymous 2007-10-28, 7:12 pm |
| Ari wrote:
> On Sun, 28 Oct 2007 02:16:27 +0200 (CEST), Anonymous wrote:
>
>
> Yes, evidence, that what it is. You got me, with all your evidence,
> nothing is more important than my admission + your evidences. Right?
>
> Wait, thinly veiled denial? Where? I admit to it, everything, anything
> you say about me, to date, all of it is true! True! How can I overcome
> your irrefutable evidences?
>
> Excuse me, I have to flood sci.crypt now. lol
That, or just act like a total XXX there. Impossible to predict which
tact you'll take from one hour to the next.
| |
|
| On Sun, 28 Oct 2007 01:21:52 -0500, Ed wrote:
> XeroBank may be selling services, but
> http://www.xerobank.com/xB_browser.html isn't costing a cent (or i'd
> never use it)
What do you make of the following?
"....If XeroBank is served with court orders of all appropriate
jurisdictions for all specific servers, we may be forced to attempt to
trace live data connections...."
*Logging*
XeroBank does not log client activities or IP addresses when using the
XeroBank anonymizing network.....
--
"You can't trust code that you did not totally create yourself"
Ken Thompson "Reflections on Trusting Trust"
http://www.acm.org/classics/sep95/
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ari <arisilverstein@yahoo.com> wrote in
news:71wmswb7rxtf$.v6t9c7glzunl.dlg@40tude.net:
> On Sun, 28 Oct 2007 01:21:52 -0500, Ed wrote:
>
>
> What do you make of the following?
>
> "....If XeroBank is served with court orders of all appropriate
> jurisdictions for all specific servers, we may be forced to attempt to
> trace live data connections...."
>
> *Logging*
> XeroBank does not log client activities or IP addresses when using the
> XeroBank anonymizing network.....
That is one of an assortment of reasons why I would never pay XeroBank a
single cent. I would instead use TOR.
Frankly, the only big reason for using the old Torpark OR the new
Xb_browser is the convienience of a portable app installed on a flash
drive.
However for serious anonymity needs you're best off to get your own copy
of a portable firfox install, then install Tor on the flash drive with
it after getting Tor from tor.eff.org
If I want to be REALLY anonymous, I'd use Freenet for my anonymous
publishing and file sharing needs.
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRyVL+XV+YnyE1GYEAQhyIwf/QM+hKZnjz6Hw28uqnzqTL2G8l3CvYVoU
sEWXnNl8sAsw6lz5oYrYaslGdC2VZvtmER3znqZw
wEEnKDLInTdXDhDyoeaGvX4w
fFbs+0Upe2nOD2EmaLMn0vnw0K6rYOpei2iEF2CF
aRISEPucuqmNnZMeXMSdhUEr
y9nsN2d892+P50mOjn26Bs+uZqCdEJsmOgcdLknL
mR13qWSeoxdkEIabctKfpIUN
TdyjOqSSTYMAd2dGKyU+mL9bvqZu9XkrN6xTW0JO
dZoCOUwUtVCanMuLUJ3R2rCZ
oX9z3KTM1AYse3U4C2s+gj0E+OA/mjK6KJiFk2SFf4qi1dvUchiT6Q==
=uYqg
-----END PGP SIGNATURE-----
| |
| Nomen Nescio 2007-10-29, 1:14 am |
| Ari wrote:
> On Sun, 28 Oct 2007 01:21:52 -0500, Ed wrote:
>
>
> What do you make of the following?
>
> "....If XeroBank is served with court orders of all appropriate
> jurisdictions for all specific servers, we may be forced to attempt to
> trace live data connections...."
Simple common sense. The same holds true for any entity that allows
connection to or through servers under their control. It's a refreshing
break from the typical "can't be touched" snake oil eschewed by some
privacy/anonymity services.
>
> *Logging*
> XeroBank does not log client activities or IP addresses when using the
> XeroBank anonymizing network.....
Since XeroBank "piggybacks" on the Tor network such logs would be of no
practical value to them. The "abuse" motivation doesn't apply as they
have no reliable way of collating any specific incident with and
specific user. Keeping logs would essentially be a waste of perfectly
good drive space.
We know you have a hardon for truly anonymous services in general, and
ZeroBank in particular Ari. We can only guess at why, but the fact that
you've maliciously and repeatedly attacked all of the above is
irrefutable.
We can only hope that by pointing this out people will see you and your
spew for exactly what they are.
| |
|
| On Sun, 28 Oct 2007 20:57:07 -0600, Ed wrote:
> If I want to be REALLY anonymous, I'd use Freenet for my anonymous
> publishing and file sharing needs.
Why Freenet?
| |
|
| On Sun, 28 Oct 2007 20:57:07 -0600, Ed wrote:
>
> That is one of an assortment of reasons why I would never pay XeroBank a
> single cent. I would instead use TOR.
>
> Frankly, the only big reason for using the old Torpark OR the new
> Xb_browser is the convienience of a portable app installed on a flash
> drive.
Fair enough, Ed.
| |
| Anonymous 2007-10-29, 7:14 am |
| Ed wrote:
> If I want to be REALLY anonymous, I'd use Freenet for my anonymous
> publishing and file sharing needs.
Please....
"The traffic is encrypted, so it is quite difficult for the nodes that
you connect to to see what your Freenet-traffic consists of, but it is
far from impossible. It is therefore important that you connect only to
people you know. If that is not possible, then at least people you've
talked to."
That's from Freenode's site. Freenode isn't anonymous, it's an
elaborate distribution of trust. The entire network can (and has)
been compromised by learning a single user's IRC password. 
Tor is actually anonymous. It doesn't depend on your entry nodes keeping
your activities secret. There's no identifying logins to learn.
If you're using Freenode for anything sensitive you're a fool. You can
however make it safer by accessing it via Tor. ;)
http://itnomad.wordpress.com/2006/1...ep-for-windows/
| |
|
| On Mon, 29 Oct 2007 04:30:16 +0100 (CET), Nomen Nescio wrote:
>
> Since XeroBank "piggybacks" on the Tor network such logs would be of no
> practical value to them. The "abuse" motivation doesn't apply as they
> have no reliable way of collating any specific incident with and
> specific user. Keeping logs would essentially be a waste of perfectly
> good drive space.
Gee, hard disk space, now there's a precious item lol
Cotse logs. They log all including Tor users. Why is that? Because unlike
you, *real* businessmen have real operational reasons to do so. Would you
like for me to explain why?
Don't bother asking. Your at best a third rate contractor, business to you
is "taking care of" as in jacking off.
| |
| Anonymous Sender 2007-10-29, 7:14 am |
| Nomen Nescio wrote:
> Ari wrote:
>
>
> Simple common sense. The same holds true for any entity that allows
> connection to or through servers under their control. It's a
> refreshing break from the typical "can't be touched" snake oil
> eschewed by some privacy/anonymity services.
>
>
> Since XeroBank "piggybacks" on the Tor network such logs would be of
> no practical value to them. The "abuse" motivation doesn't apply as
> they have no reliable way of collating any specific incident with and
> specific user. Keeping logs would essentially be a waste of perfectly
> good drive space.
>
> We know you have a hardon for truly anonymous services in general, and
> ZeroBank in particular Ari. We can only guess at why, but the fact
> that you've maliciously and repeatedly attacked all of the above is
> irrefutable.
>
> We can only hope that by pointing this out people will see you and
> your spew for exactly what they are.
>
Wasn't this nitwit the one claiming tor wasn't anonymous because all
you had to do was trace IP addresses back through the network like any
other connection?
Real genius there. LOL!
| |
| Anonymous 2007-10-29, 7:14 am |
| Ari wrote:
> On Mon, 29 Oct 2007 04:30:16 +0100 (CET), Nomen Nescio wrote:
>
>
> Gee, hard disk space, now there's a precious item lol
>
> Cotse logs. They log all including Tor users. Why is that? Because
> unlike you, *real* businessmen have real operational reasons to do
> so. Would you like for me to explain why?
No need for you to try and explain your pathetic straw grab.
They log. It would be a waste of time to filter out Tor connections.
Simple as that.
| |
|
| On Mon, 29 Oct 2007 09:21:10 +0100 (CET), Anonymous wrote:
>
> No need for you to try and explain your pathetic straw grab.
Thought so. Call me when you have the balls to post under your real name
and have any real business that you have to operate.
See ya'
| |
| Nomen Nescio 2007-10-29, 7:14 am |
| Anonymous Sender wrote:
> Nomen Nescio wrote:
>
>
> Wasn't this nitwit the one claiming tor wasn't anonymous because all
> you had to do was trace IP addresses back through the network like any
> other connection?
Actually, I think that was "Gogarty".
But it is hard to keep the nitwits sorted so I may be mistaken. ;)
>
> Real genius there. LOL!
>
Don't be so judgmental. Ari makes quite the living for himself securing
40 acre nuclear test facilities with his bar code encryption. ;)
| |
| Nomen Nescio 2007-10-29, 7:14 am |
| Ari wrote:
> Call me!
Sorry cupcake, but no. I'm flattered that you lust for a more intimate
relationship with me, don't get me wrong, but I prefer my mates to be
females.
And human.
| |
| zerofreedom admin 2007-10-31, 7:12 pm |
| yes you can use "vadalia" that is bundled with Tor and Privoxy and can
used more easily with firefox as you can put a plug-in that you can
toggle at the click of a mouse instead of I.E. where you have to
manually change it all the time.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Ari <arisilverstein@yahoo.com> wrote in
news:4uc8qhqyafsx$.7pg1e4rhc5el.dlg@40tude.net:
> On Sun, 28 Oct 2007 20:57:07 -0600, Ed wrote:
>
>
> Why Freenet?
Because it's the only thing I know of outside of remailers that, if used
properly, offers pretty much bulletproof anonymity, untraceability and
plausible denyability.
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRykj93V+YnyE1GYEAQiwdgf+IKcmki90
fDRpdjTiZ/am+UqjZzor4DzO
22r9itsOGeWzuL9jB6nev1WVGDXBdT5ano+qnnoi
vPfwK3p+KuS8r0XQrGzDpM6c
/6dCVGLwrsDSQVUMJE4f/GJvQ3/kNFigM649JYKT6vJoVU64qmftmoc1fi6qr+q7
3V94TObePssatIvH5Z4Z9hggTTXusk3U9o2x81AY
sEpyQg9gynVyV4jgOzKrRzWl
mvmhFyPzbbNJX2NPLFq3eib4ajrsVmFxbJDFhvCI
LRVeBX+tWL6O5FDzABD0xc12
otDlstlsKAG2Txf5SCyDgEPPkEJJuTjKBOPFDm1U
dljVC3kVVQXOnA==
=+/i7
-----END PGP SIGNATURE-----
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Anonymous <cripto@ecn.org> wrote in
news:fff6c094a439efa8443b70dee0db463d@ec
n.org:
> Ed wrote:
>
>
> Please....
>
> "The traffic is encrypted, so it is quite difficult for the nodes that
> you connect to to see what your Freenet-traffic consists of, but it is
> far from impossible. It is therefore important that you connect only
> to people you know. If that is not possible, then at least people
> you've talked to."
>
> That's from Freenode's site. Freenode isn't anonymous, it's an
> elaborate distribution of trust. The entire network can (and has)
> been compromised by learning a single user's IRC password.
That'd be fine if I was talking about Freenode. I was referring to
Freenet (http://freenetproject.org) either the 0.7 version
[http://freenetproject.org/download.html] (now that it's got opennet) or
the stable and still preferred by many 0.5 version
[http://freenetproject.org/download-old.html] that has always been an
opennet. (there's also an alternate download and a bit of a how-to
available: http://peculiarplace.com/freenet/ )
With Freenet, as long as you've a care about what your content reveals
about you, it's all but impossible to identify who inserted or requested
what content.
> Tor is actually anonymous. It doesn't depend on your entry nodes
> keeping your activities secret. There's no identifying logins to
> learn.
>
> If you're using Freenode for anything sensitive you're a fool. You can
> however make it safer by accessing it via Tor. ;)
I've never actually used Freenode, but now I'm going to have to look it
over just for the heck of it.
> http://itnomad.wordpress.com/2006/1...ing-freenode-vi
> a-tor-step-by-step-for-windows/
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRykje3V+YnyE1GYEAQjkPwgAn6RI/PUykmxFPRgik5L0va3eW24yRu6u
hBOk8lJYa71aY0lVynQx9JTS8JpsBPldj0LEh6UJ
/uSyUdng4M4Te8H8jMkvytSI
dhfRTp+J8ACVg8SmVpRjrbtFlYc8MMCjYct9BAEL
00R3yptofLmljOZcE+rJuVY4
MtPK0HXUp/ U8SJ1EqAvchyEhSA4B4uSYiXQZELlFJb4XHyJlsn
rWzoKP6cu1Myw3
jcYpnhxcStFFv2ah0XYuZsBAQpU2rnxIe2cs0O0K
nlW8bQP3EwK9yQZsbzwy8L8f
mmOE3do35O1BW/ W5j1tXJOhOngsclSxDPQIkEvmKhHlXbNngP6HieQ
==
=J3g+
-----END PGP SIGNATURE-----
| |
| Nomen Nescio 2007-11-01, 7:14 am |
| Ed wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Anonymous <cripto@ecn.org> wrote in
> news:fff6c094a439efa8443b70dee0db463d@ec
n.org:
>
>
> That'd be fine if I was talking about Freenode. I was referring to
> Freenet (http://freenetproject.org) either the 0.7 version
Yes, my mistake. I wrote Freenode but was talking about Freenet (does
"Freenode" even exist?).
The cites I quotes are from the freenetproject.org web site. Freenet is
not anonymous, it's an elaborate web of trust. They state that in a
round about way themselves as well as explicitly warning you that your
"friends" have the opportunity to see all your traffic in the clear.
It was also Freenet that was compromised at one time by the disclosure
of a single password.
| |
| Anonymous 2007-11-02, 1:15 am |
| zerofreedom admin wrote:
> yes you can use "vadalia" that is bundled with Tor and Privoxy and
> can used more easily with firefox as you can put a plug-in that you
> can toggle at the click of a mouse instead of I.E. where you have to
> manually change it all the time.
The copy of Privoxy that ships with Vidalia had/has a *huge* security
hole in it that allowed an attacker to remotely reconfigure Privoxy at
will, even removing Tor from your connection entirely and causing you
to connect in the clear.
It appears that not only is Privoxy less desirable than a good browser
setup, it's also an additional point of failure.
Just like "the trolls" have stated all along... <shrug>
| |
|
| On Wed, 31 Oct 2007 14:18:49 -0500, zerofreedom admin wrote:
> yes you can use "vadalia" that is bundled with Tor and Privoxy and can
> used more easily with firefox as you can put a plug-in that you can
> toggle at the click of a mouse instead of I.E. where you have to
> manually change it all the time.
Keep up. Privoxy is compromised.
| |
| Nomen Nescio 2007-11-02, 7:14 am |
| Ari wrote:
> On Wed, 31 Oct 2007 14:18:49 -0500, zerofreedom admin wrote:
>
>
> Keep up. Privoxy is compromised.
Use to be.
Actually not, if you read all the instructions.
Actually it wasn't *compromised* at all, the default config was unsafe.
But don't let a little thing like accuracy slow you down kid.
| |
| George Orwell 2007-11-02, 1:14 pm |
| > > Keep up. Privoxy is compromised.
>
> Use to be.
>
> Actually not, if you read all the instructions.
>
> Actually it wasn't *compromised* at all, the default config was unsafe.
>
> But don't let a little thing like accuracy slow you down kid.
For those of us not aware, could someone explain what the problem was with
Privoxy?
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it
| |
| Anonymous Sender 2007-11-02, 7:11 pm |
| George Orwell wrote:
>
> For those of us not aware, could someone explain what the problem was
> with Privoxy?
Plagiarized directly from OR-Talk, the original explanation posted by
Gregory Fleischer:
<cut>
Versions of the Vidalia bundle prior to 0.1.2.18 install Privoxy with
an insecure configuration file. Both Windows and Mac OS X versions
are affected. The installed 'config.txt' file ('config' on Mac OS X)
had the following option values set to 1:
- enable-remote-toggle
- enable-edit-actions
Additionally, on Windows the following option was set to 1:
- enable-remote-http-toggle
Malicious sites (or malicious exit nodes) could include active content
(e.g., JavaScript, Java, Flash) that caused the web browser to:
- make requests through the proxy that causes Privoxy filtering to
be bypassed or completely disabled
- establish a direct connection from the web browser to the local
proxy and modify the user defined configuration values
The Privoxy documentation recommends against enabling these options in
multi-user environments or when dealing with untrustworthy clients.
However, the documentation does not mention that client-side
web browser scripts or vulnerabilities could be exploited as well.
It should be noted that using Tor is not a prerequisite for some of
these attacks to be successful. Users of Tor may be at greater risk,
because malicious exit nodes can inject content into otherwise trusted
sites.
In order to allow time for people to upgrade, additional attack
details and sample code will be withheld for a couple of days.
<cut>
| |
|
| On Fri, 2 Nov 2007 11:30:01 +0100 (CET), Nomen Nescio wrote:
>
> Use to be.
>
> Actually not, if you read all the instructions.
>
> Actually it wasn't *compromised* at all, the default config was unsafe.
Actually, Privoxy is compromised. Whether it is still compromised by later
versioning does not change he fact that Privoxy is compromised.
| |
| Thomas J. Boschloo 2007-11-03, 1:12 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Anonymous schreef:
[snip]
> As a matter of fact I do. Nick and the rest of the Tor team have other
> issues with TorPark/XB, mostly centering around technical issues
> directly impacting security. They have also publicly expressed their
> own plans to create commercial Tor access points at some point, doing
> exactly what Xerobank is doing.
Just like with mixmaster and anonymizer?
::checks TOR license::
Hmm, at least other distributions don't have to send code changes to the
TOR team. That is a good thing I guess.
But I am not too happy about all going commercial stuff. They usually
state they put costumers first. But that tends to be right after the
paycheck of their upper management. And if it is convenient and in the
best interest of the corporation (them)
Thomas
- --
A society with suicide bombers
is a polite society
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRyymLAEP2l8iXKAJAQEt4QMbBD8pv1He
pEQT7KyAI1VZAmRtubXOJV1k
2qNSENBz0NY8/E9F7kciL/9s7x+NX4YKztzlNT65WzKER7DY3Adv/ZMeamBgpyLH
N8uqpohyec47jg4CRAfQ1nTVFiY/WyP3FnZj2g==
=/dLp
-----END PGP SIGNATURE-----
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Nomen Nescio <nobody@dizum.com> wrote in
news:e2711724bbe98732fd1ebab530a4ea3b@di
zum.com:
> Ed wrote:
>
>
> Yes, my mistake. I wrote Freenode but was talking about Freenet (does
> "Freenode" even exist?).
>
> The cites I quotes are from the freenetproject.org web site. Freenet
> is not anonymous, it's an elaborate web of trust. They state that in a
> round about way themselves as well as explicitly warning you that your
> "friends" have the opportunity to see all your traffic in the clear.
If you're referring to the warning that shows up in the log when 0.7
starts:
==
Note that this version of Freenet is still a very early alpha, and may
well have numerous bugs and design flaws. In particular: YOU ARE WIDE
OPEN TO YOUR IMMEDIATE PEERS! They can eavesdrop on your requests with
relatively little difficulty at present (correlation attacks etc). ==
This is because 0.7's 'darknet' requires users to manually add
references to their node in order to connect to the network. Because of
this it's theoretically possible to determine what content is in the
datastore of a node you are connected to and by correlating this with
data from several nodes in the vicinity it's possible to determine what
one node is inserting or requesting. Of course you would need a
majority of the nodes connected to your target to be under your control
to achieve this.
All this changes with opennet because then the node is making new
connections all the time without human interference.
On the other hand, 0.5 has always been opennet and has a LOT more
simultaneous connections per node. I believe that 0.7 is limited to a
max of 30 connections to other nodes at any one time. 0.5 allows a lot
more connections. My 0.5 node currently has 112 connections (65 inbound
/47 outbound) and that's considered low, many nodes have twice that or
more. This number changes fairly often, as do the nodes I'm connected
to. It might be possible to use a statistical attack to determine
what's in my store, but it'd take a LOT of computing horsepower to do
it.
> It was also Freenet that was compromised at one time by the disclosure
> of a single password.
I haven't heard of that but it MUST have been 0.7
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRyqQE3V+YnyE1GYEAQjrtwf/XBgDylOTsykuyMYs+W8S/AZXIPCcniiz
8o7rfZesJrVz/ IQ9tY4fNvbmHueveuvDBE1WmKc5IJbnwiEhaOFQK
BngXe0JRzE6
wEYKsbGlYrz7Nh685DQ7H7klcNViUptXdmMFUGRd
7wwWvtUpUDzRqJCNqXoALX74
UGVv9Ncfk/Kbn5lVHiUWlU7DC5e1n/ImdUbiQboHOYXesAwDkszV2iZHeG0Y8sT2
S/tXUw8+hP3R2nNl/F8lQNQQEGMlhsNBX3kz4/Sv1KfIf4ABYQfLR4sRD0OlEtu8
yqLkX/WcMCSNhmHKyVhEumV+zQzQabcFkQJ0ObQ6v8/StVmiYMKdWQ==
=pZbG
-----END PGP SIGNATURE-----
| |
|
| Ed wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> Nomen Nescio <nobody@dizum.com> wrote in
> news:e2711724bbe98732fd1ebab530a4ea3b@di
zum.com:
>
>
> If you're referring to the warning that shows up in the log when 0.7
> starts:
I'm talking about cites directly from their own web site.
http://freenetproject.org/connect.html
You might want to read the rest of the Freenet documentation now. A
real eye opener. You certainly wouldn't be running around claiming
Freenet was "REALLY anonymous in discussions about Tor and such.
Or, maybe you would. There's all sorts of fools in the world....
| |
|
| Ari wrote:
> On Fri, 2 Nov 2007 11:30:01 +0100 (CET), Nomen Nescio wrote:
>
>
> Actually, Privoxy is compromised. Whether it is still compromised by
> later versioning does not change he fact that Privoxy is compromised.
Privoxy isn't compromised, halfwit. It was a configuration misstep.
A fully documented feature left enabled when it shouldn't have been.
There's no "versioning" involved in fixing the problem.
Period.
No go play with your barcode crypto and leave the intelligent
discussions to the adults. Your constant yapping at our ankles with
your tin foil theories is boring.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Mr X. <xor@hermetix.org> wrote in
news:640c7ca19427fbfd041eee630cd685c5@he
rmetix.org:
> Ed wrote:
>
>
> I'm talking about cites directly from their own web site.
>
> http://freenetproject.org/connect.html
>
> You might want to read the rest of the Freenet documentation now. A
When I speak of freenet I am talking about 0.5 unless I specifically
state otherwise. That document is talking about 0.7, which among other
things has a limit of 30 connections per node. 0.5 allows for a LOT
more connections to other nodes. also, these connections are not static
like they are on 0.7' "darknet", old connections are dropped and
replaced with new ones.
> real eye opener. You certainly wouldn't be running around claiming
> Freenet was "REALLY anonymous in discussions about Tor and such.
To my knowledge, nobody has ever been traced by any known attacks
against freenet and as long as the person creating it was careful to not
include identifyable information, no document obtained from freenet has
ever been traced to it's origin. I believe that as good as it is, TOR
cannot make such a claim because there actually have been attacks that
could allow a connection to be traced back to it's origin.
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRzf8mXV+YnyE1GYEAQhUIggAtU4+/4XtvVnP68TEW3lVgJdB5fhRd4SM
/LV3lI7YdqZD/ cJ8l4fr683ly3Jj8W6bjRry4fFTYGd7wckWAgL90
blYhX3y1cD1
RFisw7Nk2FP5DPHmV27mbMWjibB7aPItPioth2LD
rt8BxK2okuftnqszoyPGq8la
KW5f6wyfk8rAYa23iWia4+C+62uad2KPqmqujzSq
Xoeu0qwe1UBkxcv3rVjXggkx
9n3AY6GymJVSgE7AHhuey1R8DkRjxNhitm9cFPa7
Ub4KBEWSUrUD7n9eU00793C6
0W48A4wNN6IuI8CIg+kBGnarRg7FsWoQNE/53QTOedf2sNPZ5OaFdw==
=l8Fo
-----END PGP SIGNATURE-----
| |
| J(ohn|ane) Doe 2007-11-13, 7:14 am |
| Ed wrote:
>
> When I speak of freenet I am talking about 0.5 unless I specifically
ROTFL!
Failed backpedal attempt noted. Freenet 0.5 was a bigger disaster than
0.7 due to it's horribly weak keys. It not only suffered from the same
vulnerabilities, they're an order of magnitude easier to exploit.
Author: Matthew Toseland
Date: 2007-10-24 13:06
"Freenet 0.7 build 1069 is now available. Please upgrade. This includes
a fix to a weak keys issue in our Diffie-Hellman code (including STS and JFK),
which apparently also affected Freenet 0.5 (we are not going to fix it in 0.5
as 0.5 is unmaintained, but if you want to send us a patch we will apply it),
which allowed man-in-the-middle attacks to break our link encryption."
You lost kid. You read some clueless noobs opinion of Freenet, and
because you're clueless yourself and it's what you wanted to hear you
believed it. The naked truth of the matter is that even Freenet's
developers and maintainers admit it's not a truly anonymous system at
all, but an elaborate web of trust. Your 0.5 version only makes that
trust easier to compromise than it is in current versions.
> state otherwise. That document is talking about 0.7, which among other
That "document" is a page on their web site that hasn't been
updated since 0.5 was current liar. It's talking about Freenet's
design philosophy, not any version of the software.
>
> To my knowledge, nobody has ever been traced by any known attacks
The *ENTIRE NETWORK* was compromised fool. Top to bottom and side to
side. And that *WAS* version 0.5.
> against freenet and as long as the person creating it was careful to not
> include identifyable information, no document obtained from freenet has
> ever been traced to it's origin. I believe that as good as it is, TOR
> cannot make such a claim because there actually have been attacks that
> could allow a connection to be traced back to it's origin.
Name one.
[crickets]
There's no comparison between Freenet and Tor at all. Tor is a provably
anonymous design and Freenet isn't. They're two completely different
things.
You have absolutely no idea at all what you're even talking about, let
alone understand it enough to discuss it on a technical level. You're
nothing but a Freenet fan-boi spreading false information.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
"J(ohn|ane) Doe" <xor@hermetix.org> wrote in
news:0f8f6496e7a1a6e4b7c2c037559c0a4d@he
rmetix.org:
> Ed wrote:
>
>
> ROTFL!
>
> Failed backpedal attempt noted. Freenet 0.5 was a bigger disaster than
> 0.7 due to it's horribly weak keys. It not only suffered from the same
> vulnerabilities, they're an order of magnitude easier to exploit.
>
> Author: Matthew Toseland
> Date: 2007-10-24 13:06
>
> "Freenet 0.7 build 1069 is now available. Please upgrade. This
> includes a fix to a weak keys issue in our Diffie-Hellman code
> (including STS and JFK), which apparently also affected Freenet 0.5
> (we are not going to fix it in 0.5 as 0.5 is unmaintained, but if you
> want to send us a patch we will apply it), which allowed
> man-in-the-middle attacks to break our link encryption."
I've read about that weak crypto problem. It's also been addressed for
0.5:
> Date: Mon, 5 Nov 2007 13:27:29 +0000
> To: support@freenetproject.org
> Message-ID: <20071105132729.GE19329@amphibian.dyndns.org>
> From: toad@amphibian.dyndns.org (Matthew Toseland)
> Subject: Re: [freenet-support] Req: official release of patch for 0.5
>
> We will distribute a fixed release shortly.
>
> You lost kid. You read some clueless noobs opinion of Freenet, and
> because you're clueless yourself and it's what you wanted to hear you
> believed it. The naked truth of the matter is that even Freenet's
> developers and maintainers admit it's not a truly anonymous system at
> all, but an elaborate web of trust. Your 0.5 version only makes that
> trust easier to compromise than it is in current versions.
>
>
> That "document" is a page on their web site that hasn't been
> updated since 0.5 was current liar. It's talking about Freenet's
> design philosophy, not any version of the software.
>
>
> The *ENTIRE NETWORK* was compromised fool. Top to bottom and side to
> side. And that *WAS* version 0.5.
If that's the case *somebody* should be able to take at least one file
retrieved from freenet and identify the inserter. If that can be done I
would very much like to see the details of how it was done.
I've also never seen any talk about it in over 3 years of reading the
freenet board on Frost and I'm certain that if something like that were
proven to have happened, it'd be all over Frost
>
> Name one.
I've read about at least one case that invovled an evil node observing
exit traffic and doing some kind of statistical attack, however since I
can't locate a url pointing to it, I'll shut up about Tor for now.
> There's no comparison between Freenet and Tor at all. Tor is a
> provably anonymous design and Freenet isn't. They're two completely
> different things.
They are... very different.
- --
http://blog.peculiarplace.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBRzzaSHV+YnyE1GYEAQitoggAsYbTs4nQ
8fARpB2C0461X0H3n3eGFVCs
YTgyDfrtQm462/ OIfswLpYF4hx+GNqhCgVjdxmd5ouno4wu4k7MpNi
/Kmk2Ep6wj
K4GLf5KByS5P343ObQvxHHZoLw0gMOuqX4CyMhCb
hdoSP6pso8JtS3Gy6azvRSTP
M3KKtwXXPZ5LcbhorIipXOyEaz8Vt+NEMu7i/NQ1hIN1TfCptg7pDllVkad6K3uI
z/ 45HYqIAoybT201yz5SCOTkwzN0FcUXAMC84SGgmb
JPf/IhOAeoW9CRJe4P39to
AbCuQUfHUT4P3+aYqZxs0CpkTFrUaA64u3HY3JcY
N5yd9EJcJvWEug==
=hUtg
-----END PGP SIGNATURE-----
| |
|
|
|
| On Thu, 15 Nov 2007 17:46:27 -0600, Ed wrote:
>
> I've read about at least one case that invovled an evil node observing
> exit traffic and doing some kind of statistical attack, however since I
> can't locate a url pointing to it, I'll shut up about Tor for now.
You may be referring to the exit node, password catching scenario, the data
was not encrypted, either passwords or email text. There was no backward
chasing to reveal anything, it was right there in plain sight, found by
filtered keyword.
| |
| geoff w 2007-11-21, 1:16 am |
| Either freenet is dead, the ISPs are filtering it, or there's some
temporary issue with freenetproject.org. I can't get to it tonight. In
fact - it is the least reliable website I frequent. ever.
What gives?
On Nov 16, 10:12 pm, Ari <arisilverst...@yahoo.com> wrote:
> On Thu, 15 Nov 2007 17:46:27 -0600, Ed wrote:
>
>
>
> You may be referring to the exit node, password catching scenario, the data
> was not encrypted, either passwords or email text. There was no backward
> chasing to reveal anything, it was right there in plain sight, found by
> filtered keyword.
| |
|
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
geoff w <geoff.whittington@gmail.com> wrote in
news:31cccd58-aa8b-42e5-b85c-91b9e619921d@y5g2000hsf.googlegroups.com:
> Either freenet is dead, the ISPs are filtering it, or there's some
> temporary issue with freenetproject.org. I can't get to it tonight. In
> fact - it is the least reliable website I frequent. ever.
>
> What gives?
Perhaps their server is having problems, though I've never had trouble
loading it.
As for the network itself, I don't have 0.7 running right now but 0.5 is
doing pretty good:
Connections open (Inbound/Outbound/Limit) 111 (54/57/2000)
- --
http://tinfoilchef.com
http://offthecuff.lurasbookcase.com
http://peculiarplace.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32) - GPGshell v3.52
iQEVAwUBR0rxOXV+YnyE1GYEAQjrFggAi8ShKKvh
yR4hxLx3sBy67wdlfYwZEB90
xjw634Ga8A1BFQ/ NuPkb55EalodRXafdvuKSPzBn8pwakT1a3xO8f7u
XVMoLWMqh
ZOxVq+UCRjVLo3HKIfeYetMPe5i9WucDzbpIuXW0
iB/gV6eDHti2VQHwLlLyY+qZ
ofylRK6t8M49HRYnv169HIwNupJtEkz//MhGrx5lt8xAqviT0ItuHHhiHCK+RjUj
qQaYzo6pBlZ3tjuUNs4+Kn+Z3nI2FhMkXfcFyLDl
LgngsT3PhMhFofAEAE/vbdS8
MhRmOmtFB2khPldudkNYlaFg1CTO2EZ4mgunduQl
afJP2zdoVa6mLg==
=eItd
-----END PGP SIGNATURE-----
|
|
|
|
|