Title: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: Zotia on August 04, 2013, 11:38:07 PM http://www.twitlonger.com/show/n_1rlo0uu
Freedom Hosting was a Tor hidden service, just like the Silk Road. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: ElectricMucus on August 04, 2013, 11:42:01 PM Hmm to be honest I haven't realized the magnitude. What happened exactly?
Was this strictly a client side exploit or was something used to reveal the real ip of the server? The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used. So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: humanitee on August 04, 2013, 11:53:11 PM Hmm to be honest I haven't realized the magnitude. What happened exactly? Was this strictly a client side exploit or was something used to reveal the real ip of the server? The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used. So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins. Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real. My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear. All users would have been safe if they would have disabled javascript. God damn noobs. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: ElectricMucus on August 05, 2013, 12:04:33 AM Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real. My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear. Well whoever knows the facts in that regard first will have the advantage. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: vokain on August 05, 2013, 12:05:59 AM this should only help decentralization
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: BitCoiner2012 on August 05, 2013, 12:08:21 AM So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example?
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: fr33d0miz3r on August 05, 2013, 12:08:54 AM So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example? yep, maybe Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: BitCoiner2012 on August 05, 2013, 12:10:01 AM So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example? yep, maybe Isn't that.. tremendously awful? Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: Melbustus on August 05, 2013, 12:15:12 AM So to what extent, based on this report, can we expect Tormail to have been compromised? Only during this event or, in fact, all information is now compromised on TOrmail for example? yep, maybe Why not just use BitMessage: https://bitcointalk.org/index.php?topic=226770.0 Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 01BTC10 on August 05, 2013, 12:15:37 AM Hmm to be honest I haven't realized the magnitude. What happened exactly? Was this strictly a client side exploit or was something used to reveal the real ip of the server? The way it seems, people should probably stop from using SR for a while, at least until there is more information on the exploit that was used. So yes, in contrast to my previous assessment this might really spark some panic regarding SRs future and so the price of Bitcoins. Somehow they got the IP of the server and put the 0 day exploit up to track the users who were going on the site. That's IF the account of the story is real. My guess is the guy fucked up and got compromised somehow. Nobody knows at this point, even the TOR people are waiting to hear. All users would have been safe if they would have disabled javascript. God damn noobs. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: humanitee on August 05, 2013, 12:18:15 AM I don't think it's going to be too bad. Apparently Tormail went down sporadically over the past few weeks and when it did, it did not coincide with Silk Road also going down.
The only people this will affect are people who didn't encrypt all their shit, as they should have been doing. That's why Whonix seem pretty safe. It use one virtual machine as a proxy to Tor and a second one for browsing and doing stuff. The second virtual machine only has connectivity to the first virtual machine so IP address can't leak even when compromised. Sweet! Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: crumbs on August 05, 2013, 12:20:12 AM All users would have been safe if they would have disabled javascript. God damn noobs. As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 01BTC10 on August 05, 2013, 12:20:50 AM All users would have been safe if they would have disabled javascript. God damn noobs. As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config. https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: fr33d0miz3r on August 05, 2013, 12:22:28 AM https://blog.torproject.org/blog/hidden-services-current-events-and-freedom-hosting
Quote From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based. We're investigating these bugs and will fix them if we can. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: crumbs on August 05, 2013, 12:24:41 AM All users would have been safe if they would have disabled javascript. God damn noobs. As far as i know, both win & nix bundles (noob-friendliest) come witbyh *everything* disabled in default config. https://www.torproject.org/docs/faq.html.en#TBBJavaScriptEnabled Whoops--sorry, you're right. /off to check the the box >:( Edit: lol, everything was disabled but i obviously should crime more -- older version of ff. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: cedivad on August 05, 2013, 12:26:04 AM Most interesting reading in a while, thanks.
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: adamstgBit on August 05, 2013, 12:39:02 AM Time to buy NameCoin ???
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: fr33d0miz3r on August 05, 2013, 12:40:04 AM Time to buy NameCoin ??? why? namecoin is not a hosting. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: adamstgBit on August 05, 2013, 12:42:53 AM Time to buy NameCoin ??? why? namecoin is not a hosting. dencentralized domain name service .bit Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: humanitee on August 05, 2013, 12:44:20 AM dencentralized domain name service .bit I wish it were that easy. Tor != namecoin Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: fr33d0miz3r on August 05, 2013, 12:46:08 AM dencentralized domain name service .bit you mean .adamstgBit ? Seriuosly, domain names .onion are not affected. There are problems with hosting service. Namecoin can't resolve problems with hostings, JS exploits, etc. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 01BTC10 on August 05, 2013, 12:46:14 AM Tor was not compromised. Only the servers hosting half of the hidden service and users browser if JS was not disabled.
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: ElectricMucus on August 05, 2013, 12:46:37 AM Time to come up with a more hardened alternative to tor. The problem is that on a hidden service the content is accessible in clear text at the physical location. With 3rd party hosting the cloud should run on a shared virtual machine where information is encrypted at all points. This might be possible to do even with tor, or not.
There is supposedly this thing: https://github.com/Miserlou/OnionCloud But I get the feeling that's not enough. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: vokain on August 05, 2013, 01:28:49 AM If i remember correctly there was a type of tormail you could use that did not use javascript when accessing your email
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 01BTC10 on August 05, 2013, 01:33:57 AM If i remember correctly there was a type of tormail you could use that did not use javascript when accessing your email You had the choice between http://roundcube.net and http://squirrelmail.orgI think Squirelmail don't need JS. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: vokain on August 05, 2013, 01:42:20 AM If i remember correctly there was a type of tormail you could use that did not use javascript when accessing your email You had the choice between http://roundcube.net and http://squirrelmail.orgI think Squirelmail don't need JS. you're right, that one didn't. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: BitCoiner2012 on August 05, 2013, 02:22:59 AM I am still a bit confused, are the users that were injected/infected the ones affected, or all users of the Tormail, IE the database and all data within it? I really can't derive this from the story. Both are important, but one is a lot more potent!
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 01BTC10 on August 05, 2013, 02:27:11 AM I am still a bit confused, are the users that were injected/infected the ones affected, or all users of the Tormail, IE the database and all data within it? I really can't derive this from the story. Both are important, but one is a lot more potent! Quote According to a Sunday blog post by the Tor Project's Executive Director, Andrew Lewman, the servers of Freedom Hosting were breached before the service went offline. "From what is known so far, the breach was used to configure the server in a way that it injects some sort of JavaScript exploit in the Web pages delivered to users," Lewman wrote. "This exploit is used to load a malware payload to infect user's computers. They most likely dumped all databases if they could but didn't physically seized the servers since they don't know the exact location. Quote The servers themselves are likely run on a "bulletproof" hosting service in Romania or Russia; Irish law enforcement authorities told the court Friday that Marques had transferred large sums of money to accounts in Romania and had been investigating obtaining a visa to enter Russia. http://arstechnica.com/tech-policy/2013/08/alleged-tor-hidden-service-operator-busted-for-child-porn-distributionTitle: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: DogtownHero on August 05, 2013, 02:31:26 AM tor is neither anonymous, or secure. you're all a bunch of fucking idiots. its a NSA spying network, and you idiots keep taking the bait.
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: Kazu on August 05, 2013, 02:43:33 AM Forgive me if I'm being naiive, but this doesn't quite make sense to me?
So somehow freedom hosting was hacked, and the hacker put some malicious JS on each of freedom hosting's hosted websites, and used that hack to put software on freedom hosting's machine to ascertain its location. That part seems reasonable & believable. But, apparently the JS somehow got at the viewer's IP? That seems like, sorta a major bug in the Tor software? Couldn't any admin anywhere use that code to get at the viewer's IP, in theory? Unless I'm understanding something wrong? EDIT: so the tor browser had some sort of a glitch that allowed malware to be downloaded to the computers, and then apparently ping one of the attacker's computers outside of tor to get the IP of the viewer? Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: humanitee on August 05, 2013, 02:47:14 AM Forgive me if I'm being naiive, but this doesn't quite make sense to me? So somehow freedom hosting was hacked, and the hacker put some malicious JS on each of freedom hosting's hosted websites, and used that hack to put software on freedom hosting's machine to ascertain its location. That part seems reasonable & believable. But, apparently the JS somehow got at the viewer's IP? That seems like, sorta a major bug in the Tor software? Couldn't any admin anywhere use that code to get at the viewer's IP, in theory? Unless I'm understanding something wrong? EDIT: so the tor browser had some sort of a glitch that allowed malware to be downloaded to the computers, and then apparently ping one of the attacker's computers outside of tor to get the IP of the viewer? Basically you can do that with Flash, Javascript, and a few other web languages. Usually NoScript stops all these things in the browser bundle, but they don't have it enabled by default because it breaks a lot of sites and they are trying to capture more, less savvy users. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: Kazu on August 05, 2013, 02:49:22 AM Forgive me if I'm being naiive, but this doesn't quite make sense to me? So somehow freedom hosting was hacked, and the hacker put some malicious JS on each of freedom hosting's hosted websites, and used that hack to put software on freedom hosting's machine to ascertain its location. That part seems reasonable & believable. But, apparently the JS somehow got at the viewer's IP? That seems like, sorta a major bug in the Tor software? Couldn't any admin anywhere use that code to get at the viewer's IP, in theory? Unless I'm understanding something wrong? EDIT: so the tor browser had some sort of a glitch that allowed malware to be downloaded to the computers, and then apparently ping one of the attacker's computers outside of tor to get the IP of the viewer? Basically you can do that with Flash, Javascript, and a few other web languages. Usually NoScript stops all these things in the browser bundle, but they don't have it enabled by default because it breaks a lot of sites and they are trying to capture more, less savvy users. What? Then whats the entire point of tor? Wtf? I still don't see how JS is getting my IP, though. I'm using TOR, the browser is the TOR browser. I assume (i'm not an expert) that all connections through that browser have to hop through tor, right? So how is the JS opening the connection outside of TOR, in order to get the IP? Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: BitCoiner2012 on August 05, 2013, 02:53:44 AM Forgive me if I'm being naiive, but this doesn't quite make sense to me? So somehow freedom hosting was hacked, and the hacker put some malicious JS on each of freedom hosting's hosted websites, and used that hack to put software on freedom hosting's machine to ascertain its location. That part seems reasonable & believable. But, apparently the JS somehow got at the viewer's IP? That seems like, sorta a major bug in the Tor software? Couldn't any admin anywhere use that code to get at the viewer's IP, in theory? Unless I'm understanding something wrong? EDIT: so the tor browser had some sort of a glitch that allowed malware to be downloaded to the computers, and then apparently ping one of the attacker's computers outside of tor to get the IP of the viewer? Basically you can do that with Flash, Javascript, and a few other web languages. Usually NoScript stops all these things in the browser bundle, but they don't have it enabled by default because it breaks a lot of sites and they are trying to capture more, less savvy users. What? Then whats the entire point of tor? Wtf? I still don't see how JS is getting my IP, though. I'm using TOR, the browser is the TOR browser. I assume (i'm not an expert) that all connections through that browser have to hop through tor, right? So how is the JS opening the connection outside of TOR, in order to get the IP? From what I understand it basically drops a little bomb that ticks off a ping when you use the browser outside of TOR, or something to that extent. I could be completely mistaken. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: dwma on August 05, 2013, 02:54:29 AM What? Then whats the entire point of tor? Wtf? I still don't see how JS is getting my IP, though. I'm using TOR, the browser is the TOR browser. I assume (i'm not an expert) that all connections through that browser have to hop through tor, right? So how is the JS opening the connection outside of TOR, in order to get the IP? TOR is a networking tunnel system. Your computer is still connected to the internet with an IP address. Not sure how many people turned on javascript or failed to turn it off. The javascript could also create cookies which could be queried elsewhere. I am not sure of specifics but cookies and javascript would be the downfall. Again - research browser packages. Trying to set all the stuff up yourself is asking to have these exploits left open. (but might possibly save you from nefarious third-parties if the tor browser package has been compromised.) Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: humanitee on August 05, 2013, 02:59:45 AM What? Then whats the entire point of tor? Wtf? I still don't see how JS is getting my IP, though. I'm using TOR, the browser is the TOR browser. I assume (i'm not an expert) that all connections through that browser have to hop through tor, right? So how is the JS opening the connection outside of TOR, in order to get the IP? It's a script so it can do quite a number of things. One thing it can do is launch different protocol handlers, ie. Flash, which when launched won't know to connect through the Tor client and will connect through your regular connection - because that's what it does by default. So you'd load the site on Tor and some component thereof on your regular connection, which needless to say, compromises your identity. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: DogtownHero on August 05, 2013, 03:03:14 AM fucktards are gonna be fucktards, all there is to it.
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: Kazu on August 05, 2013, 03:09:32 AM What? Then whats the entire point of tor? Wtf? I still don't see how JS is getting my IP, though. I'm using TOR, the browser is the TOR browser. I assume (i'm not an expert) that all connections through that browser have to hop through tor, right? So how is the JS opening the connection outside of TOR, in order to get the IP? It's a script so it can do quite a number of things. One thing it can do is launch different protocol handlers, ie. Flash, which when launched won't know to connect through the Tor client and will connect through your regular connection - because that's what it does by default. So you'd load the site on Tor and some component thereof on your regular connection, which needless to say, compromises your identity. Wow, I thought tor protected you from this kind of hack in some way. Isn't there some way of stopping all non-tor connections automatically? I mean, like doing some way of catching all traffic that isn't through tor, and blocking it all. Clearly it would get in the way sometimes, but going without JS sorta makes the majority of websites useless. I was under the impression there was some 0-day firefox exploit that allowed the hacker to download some .exe (or equiv) file to the client computer and execute it, and get the IP in that way. In a perfect world, there would be an https-style warning "this site is attempting to display some content to you outside of the tor network, do you want to allow" or the like. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 01BTC10 on August 05, 2013, 03:10:29 AM What? Then whats the entire point of tor? Wtf? I still don't see how JS is getting my IP, though. I'm using TOR, the browser is the TOR browser. I assume (i'm not an expert) that all connections through that browser have to hop through tor, right? So how is the JS opening the connection outside of TOR, in order to get the IP? It's a script so it can do quite a number of things. One thing it can do is launch different protocol handlers, ie. Flash, which when launched won't know to connect through the Tor client and will connect through your regular connection - because that's what it does by default. So you'd load the site on Tor and some component thereof on your regular connection, which needless to say, compromises your identity. Wow, I thought tor protected you from this kind of hack in some way. Isn't there some way of stopping all non-tor connections automatically? I mean, like doing some way of catching all traffic that isn't through tor, and blocking it all. Clearly it would get in the way sometimes, but going without JS sorta makes the majority of websites useless. I was under the impression there was some 0-day firefox exploit that allowed the hacker to download some .exe (or equiv) file to the client computer and execute it, and get the IP in that way. In a perfect world, there would be an https-style warning "this site is attempting to display some content to you outside of the tor network, do you want to allow" or the like. Quote Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network[5], Debian GNU/Linux[6] and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP. https://whonix.org/wiki/Main_PageWhonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: Kazu on August 05, 2013, 05:09:04 AM What? Then whats the entire point of tor? Wtf? I still don't see how JS is getting my IP, though. I'm using TOR, the browser is the TOR browser. I assume (i'm not an expert) that all connections through that browser have to hop through tor, right? So how is the JS opening the connection outside of TOR, in order to get the IP? It's a script so it can do quite a number of things. One thing it can do is launch different protocol handlers, ie. Flash, which when launched won't know to connect through the Tor client and will connect through your regular connection - because that's what it does by default. So you'd load the site on Tor and some component thereof on your regular connection, which needless to say, compromises your identity. Wow, I thought tor protected you from this kind of hack in some way. Isn't there some way of stopping all non-tor connections automatically? I mean, like doing some way of catching all traffic that isn't through tor, and blocking it all. Clearly it would get in the way sometimes, but going without JS sorta makes the majority of websites useless. I was under the impression there was some 0-day firefox exploit that allowed the hacker to download some .exe (or equiv) file to the client computer and execute it, and get the IP in that way. In a perfect world, there would be an https-style warning "this site is attempting to display some content to you outside of the tor network, do you want to allow" or the like. Quote Whonix is an operating system focused on anonymity, privacy and security. It's based on the Tor anonymity network[5], Debian GNU/Linux[6] and security by isolation. DNS leaks are impossible, and not even malware with root privileges can find out the user's real IP. https://whonix.org/wiki/Main_PageWhonix consists of two parts: One solely runs Tor and acts as a gateway, which we call Whonix-Gateway. The other, which we call Whonix-Workstation, is on a completely isolated network. Only connections through Tor are possible. Wow, thats super legit. Somebody should build a chrome-os type thing off of that for clients. Its made for that type of thing. Problem is youd likely get very bad load times, am I right? Still, I'm sure some people would have a use for it. Wow, with Whonix & Bitcoin, its possible to practically use the entirity of the internet, payments & all, without any privacy concerns whatsoever. Its good to the point of being disconcerting. In any case, wouldn't it be possible to build it right into the browser? I mean, everything in the browser, all plug-ins, etc... would either not work, or would have to go through tor. Thatd be much more convenient than having to completely re-boot into an entirely different OS just to use tor. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: fr33d0miz3r on August 05, 2013, 10:59:22 AM Kids, the way to use Tor is to have your firewall to intercept ALL your outgoing connections and route em via Tor proxy. Flash or no flash. Agreed. Correct settings and no problem. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: oda.krell on August 05, 2013, 11:39:10 AM Tor was not compromised. Only the servers hosting half of the hidden service and users browser if JS was not disabled. For those only skimming this thread, this is the correct answer. (doesn't mean it isn't pretty bad, but an important distinction to be made nonetheless) Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 01BTC10 on August 05, 2013, 12:46:46 PM Quote In any case, wouldn't it be possible to build it right into the browser? I mean, everything in the browser, all plug-ins, etc... would either not work, or would have to go through tor. Thatd be much more convenient than having to completely re-boot into an entirely different OS just to use tor. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 2weiX on August 05, 2013, 12:50:12 PM Quote In any case, wouldn't it be possible to build it right into the browser? I mean, everything in the browser, all plug-ins, etc... would either not work, or would have to go through tor. Thatd be much more convenient than having to completely re-boot into an entirely different OS just to use tor. Or something like this: http://learn.adafruit.com/onion-pi/overview Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: 01BTC10 on August 05, 2013, 12:56:25 PM Quote In any case, wouldn't it be possible to build it right into the browser? I mean, everything in the browser, all plug-ins, etc... would either not work, or would have to go through tor. Thatd be much more convenient than having to completely re-boot into an entirely different OS just to use tor. Or something like this: http://learn.adafruit.com/onion-pi/overview Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: Kazu on August 05, 2013, 04:28:29 PM Kids, the way to use Tor is to have your firewall to intercept ALL your outgoing connections and route em via Tor proxy. Flash or no flash. How does one go about doing this? Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: FreedomCoin on August 05, 2013, 08:07:18 PM 1. Disable JS
2. Enable NS 3. Use VPN for backup connection, NOT directly from your ISP. 4. be smart Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: notme on August 08, 2013, 02:26:16 PM Wow, thats super legit. Somebody should build a chrome-os type thing off of that for clients. Its made for that type of thing. Problem is youd likely get very bad load times, am I right? Still, I'm sure some people would have a use for it. Wow, with Whonix & Bitcoin, its possible to practically use the entirity of the internet, payments & all, without any privacy concerns whatsoever. Its good to the point of being disconcerting. No. Technology can not alleviate all privacy concerns. You still need to engage your brain. Even sentence structure and word choice habits can be used to pinpoint your identity. Quote In any case, wouldn't it be possible to build it right into the browser? I mean, everything in the browser, all plug-ins, etc... would either not work, or would have to go through tor. Thatd be much more convenient than having to completely re-boot into an entirely different OS just to use tor. Again, no. If you do it all in the browser, you expose yourself to browser exploits. Browsers have pretty much the largest attack surface of any major piece of software. Even with an OS based solution, you are vulnerable to kernel exploits. However, kernels receive much better auditing and have a much smaller attack surface. Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: bernard75 on September 16, 2013, 05:19:57 PM http://www.wired.com/threatlevel/2013/09/freedom-hosting-fbi/
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: AntiOps on September 16, 2013, 08:50:21 PM Tor was not compromised. Only the servers hosting half of the hidden service and users browser if JS was not disabled. For those only skimming this thread, this is the correct answer. (doesn't mean it isn't pretty bad, but an important distinction to be made nonetheless) Thanks Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: Zeek_W on September 17, 2013, 06:15:02 AM Well isn't that something! I just assumed most exit nodes were honeypots and never bothered snooping around .onion sites.
Title: Re: Half of all Tor sites compromised, Freedom Hosting founder arrested. Post by: bernard75 on September 17, 2013, 06:18:23 AM This is an interesting point.
Why would the NSA infiltrate the network if they developed it and control enough exit nodes to keep extensive logs anyway? |