[opensuse] Tor browser for 13.1
All, I have not yet investigated the tor network, but as "ransomeware" has become more prolific, with the bad-guys demanding payment via anonymous tor sites and bitcoin, it is probably time to understand WTF it is. (a colleague running M$ was hit today) Are there different tor browsers available, or is torproject basically it. Also, if anyone has a favorite link explaining the nuts and bolts of the tor quagmire, I welcome that as well. At first blush, it looks like tor navigation is basically what internet nav was prior to http (circa 1988). Just looking for a reference. Will start with wikipedia and go from there. Castration is too good for these ransomeware weasels. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri 27 Feb 2015 03:28:11 PM CST, David C. Rankin wrote:
All,
I have not yet investigated the tor network, but as "ransomeware" has become more prolific, with the bad-guys demanding payment via anonymous tor sites and bitcoin, it is probably time to understand WTF it is. (a colleague running M$ was hit today) Are there different tor browsers available, or is torproject basically it.
Also, if anyone has a favorite link explaining the nuts and bolts of the tor quagmire, I welcome that as well. At first blush, it looks like tor navigation is basically what internet nav was prior to http (circa 1988). Just looking for a reference. Will start with wikipedia and go from there.
Castration is too good for these ransomeware weasels.
Cryptolocker perhaps? Seen a few last year.... http://krebsonsecurity.com/2014/08/new-site-recovers-files-locked-by-cryptol... -- Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890) SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.36-38-default up 1 day 4:09, 4 users, load average: 0.58, 0.39, 0.42 CPU AMD A4-5150M APU @ 3.3GHz | GPU Richland Radeon HD 8350G -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I On February 27, 2015 5:00:13 PM EST, Malcolm <malcolmlewis@cableone.net> wrote:
On Fri 27 Feb 2015 03:28:11 PM CST, David C. Rankin wrote:
All,
I have not yet investigated the tor network, but as "ransomeware" has become more prolific, with the bad-guys demanding payment via anonymous tor sites and bitcoin, it is probably time to understand WTF it is. (a colleague running M$ was hit today) Are there different tor browsers available, or is torproject basically it.
Also, if anyone has a favorite link explaining the nuts and bolts of the tor quagmire, I welcome that as well. At first blush, it looks like tor navigation is basically what internet nav was prior to http (circa 1988). Just looking for a reference. Will start with wikipedia and go from there.
Castration is too good for these ransomeware weasels.
Cryptolocker perhaps? Seen a few last year.... http://krebsonsecurity.com/2014/08/new-site-recovers-files-locked-by-cryptol...
The bad guys have moved to cryptowall I believe. No decryption for it that I know of. Greg -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/02/15 08:28, David C. Rankin wrote:
All,
I have not yet investigated the tor network, but as "ransomeware" has become more prolific, with the bad-guys demanding payment via anonymous tor sites and bitcoin, it is probably time to understand WTF it is. (a colleague running M$ was hit today) Are there different tor browsers available, or is torproject basically it.
Also, if anyone has a favorite link explaining the nuts and bolts of the tor quagmire, I welcome that as well. At first blush, it looks like tor navigation is basically what internet nav was prior to http (circa 1988). Just looking for a reference. Will start with wikipedia and go from there.
Castration is too good for these ransomeware weasels.
David, TOR is actually Firefox but (the latest Tor) is Firefox 31.x. It matters not which version of openSUSE you are running - Tor is for any version of oS (I have it installed on 13.2 and TW). I installed it a couple of days ago and if you download the latest version it will update itself to version 4.0.x. Being a Firefox user since year dot and having all sorts of Extensions installed in Firefox (v35.0) I thought of installing the same Extensions in TOR. Don't. Stay with what Tor has when you 'install' it. Reason is that some of the Extensions/Addons in Firefox may actually give away your identity. For example, there is a setting in Firefox re Privacy which has the option to let sites know if you want or do not want to be traced. The TOR default setting is TELL SITES NOTHING. The only change I made to Tor is to install my preferred Appearance Addon (I always use Nautipolis) - but everything else was left as it was when I 'installed' Tor. As Tor admits Tor is slower than the normal Firefox so don't get frustrated when you start using Tor. To find out the reason for the slowness read the FAQ on the Tor site. BC -- Using openSUSE 13.2, KDE 4.14.4 & kernel 3.19.0-2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 28/02/15 08:36, Basil Chupin wrote:
On 28/02/15 08:28, David C. Rankin wrote:
All,
I have not yet investigated the tor network, but as "ransomeware" has become more prolific, with the bad-guys demanding payment via anonymous tor sites and bitcoin, it is probably time to understand WTF it is. (a colleague running M$ was hit today) Are there different tor browsers available, or is torproject basically it.
Also, if anyone has a favorite link explaining the nuts and bolts of the tor quagmire, I welcome that as well. At first blush, it looks like tor navigation is basically what internet nav was prior to http (circa 1988). Just looking for a reference. Will start with wikipedia and go from there.
Castration is too good for these ransomeware weasels.
David,
TOR is actually Firefox but (the latest Tor) is Firefox 31.x.
This is misinformation! Tor is NOT Firefox. The 'Tor Browser Bundle' is built off of Firefox, and that is the recommended way to use Tor advised by the Tor project. But Tor can be used independently and in conjunction with other browsers and/or applications.
It matters not which version of openSUSE you are running - Tor is for any version of oS (I have it installed on 13.2 and TW).
Tor Browser Bundle is for any version of openSUSE. Tor itself is a package available in the version-specific repos.
I installed it a couple of days ago and if you download the latest version it will update itself to version 4.0.x.
Being a Firefox user since year dot and having all sorts of Extensions installed in Firefox (v35.0) I thought of installing the same Extensions in TOR. Don't. Stay with what Tor has when you 'install' it.
Reason is that some of the Extensions/Addons in Firefox may actually give away your identity. For example, there is a setting in Firefox re Privacy which has the option to let sites know if you want or do not want to be traced. The TOR default setting is TELL SITES NOTHING.
The only change I made to Tor is to install my preferred Appearance Addon (I always use Nautipolis) - but everything else was left as it was when I 'installed' Tor.
The Tor Browser Bundle is essentially Firefox (not necessarily the latest version; it's developed off of a stable base so it updates less frequently) with special configurations and various features (e.g. Javascript, Flash) either restricted or disabled. It's still possible to enable some of these features, but as Basil says, it's best not to.
As Tor admits Tor is slower than the normal Firefox so don't get frustrated when you start using Tor. To find out the reason for the slowness read the FAQ on the Tor site.
Tor is a lucky dip relying on passing through multiple hops and ultimately ejecting you via an 'exit node' (last machine traffic passes through), all of which can slow your web browsing, so don't rely on it performing well for anything requiring more bandwidth than viewing regular web pages. To give you an example of why you might *not* want to use the Tor Browser Bundle: You could set up Tor independently in conjunction with the package named 'Vidalia', and by way of a proxy. Let's take for instance somebody wanting to access content restricted by region/country, e.g. BBC television broadcasts from the UK by default blocked in other countries. You install the Tor package for openSUSE (I think Packman had it, or it's on the Open Build Service), along with Vidalia, and a proxy tool such as Polipo. In your browser of choice, you set all traffic to be routed via the proxy server (you could do this in conjunction with a private browsing session to keep it separate from other windows from the same browser). The Vidalia config allows you to set a region or country-specific 'exit node', that is the preferred location of the last point on the Tor network where your traffic comes from. In this case, you'd set that to GB. It will then pick from a pool of British exit nodes available (in some cases, there may be none, especially for smaller countries). If you get a crappy connection, Vidalia provides a tool to select another at random. Of course, since the hops in the network and the exit node might squeeze the bandwidth, trying to watch such media content might work better at some times than others. But if you were using the Tor Browser Bundle with its default restricted settings, you'd likely not be able to view such media at all. Point being, people use Tor for all sorts of reasons, not just for absolute anonymity/privacy. You might also wish to set another application, such as VLC or Thunderbird, to be routed via the Tor network. The Tor Browser Bundle therefore is of no use in that case, you need the separate Tor package. It's worth bearing in mind that the thousands of individuals and institutions that provide exit nodes or other reinforcements of the Tor network (at their own expense and sometimes risk of having their equipment seized) often do so in consideration of those needing it due to free speech restrictions or getting a voice out from danger zones. Hence, if too many people use it for high bandwidth content such as media downloads for leisure purposes, it doesn't help those most desperately in need. Peter -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/28/2015 01:56 PM, Peter wrote:
It's worth bearing in mind that the thousands of individuals and institutions that provide exit nodes or other reinforcements of the Tor network (at their own expense and sometimes risk of having their equipment seized) often do so in consideration of those needing it due to free speech restrictions or getting a voice out from danger zones. Hence, if too many people use it for high bandwidth content such as media downloads for leisure purposes, it doesn't help those most desperately in need.
- read that specially designed is "Tails" : https://tails.boum.org/ ................... regards -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/28/2015 03:56 AM, Peter wrote:
Of course, since the hops in the network and the exit node might squeeze the bandwidth, trying to watch such media content might work better at some times than others. But if you were using the Tor Browser Bundle with its default restricted settings, you'd likely not be able to view such media at all. Point being, people use Tor for all sorts of reasons, not just for absolute anonymity/privacy.
I heard that Tor doesn't offer "absolute anonymity/privacy" in some cases. It's apparently possible for state-level actors to analyze Tor entry/exit node traffic to track connections. I can't offer more, I just heard it in passing. Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 28.02.2015 um 16:40 schrieb Lew Wolfgang:
On 02/28/2015 03:56 AM, Peter wrote:
Of course, since the hops in the network and the exit node might squeeze the bandwidth, trying to watch such media content might work better at some times than others. But if you were using the Tor Browser Bundle with its default restricted settings, you'd likely not be able to view such media at all. Point being, people use Tor for all sorts of reasons, not just for absolute anonymity/privacy.
I heard that Tor doesn't offer "absolute anonymity/privacy" in some cases. It's apparently possible for state-level actors to analyze Tor entry/exit node traffic to track connections. I can't offer more, I just heard it in passing.
See here for TOR's weaknesses: https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Weaknesses In a nutshell, no technology is perfect. If you use TOR on websites that use HTTP (non-encrypted sites), then anyone on the way can read every single byte that goes over the wire. If you want to stay anonymous via TOR and then go to your favorite pr0n site which doesn't support https and log in there, then you've identified yourself to some extent. That's not a TOR problem as such. More about browser fingerprinting: https://en.wikipedia.org/wiki/Device_fingerprint Regards, -- Aaron "Optimizer" Digulla a.k.a. Philmann Dark "It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits." http://blog.pdark.de/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 01/03/15 02:40, Lew Wolfgang wrote:
On 02/28/2015 03:56 AM, Peter wrote:
Of course, since the hops in the network and the exit node might squeeze the bandwidth, trying to watch such media content might work better at some times than others. But if you were using the Tor Browser Bundle with its default restricted settings, you'd likely not be able to view such media at all. Point being, people use Tor for all sorts of reasons, not just for absolute anonymity/privacy.
I heard that Tor doesn't offer "absolute anonymity/privacy" in some cases. It's apparently possible for state-level actors to analyze Tor entry/exit node traffic to track connections. I can't offer more, I just heard it in passing.
Regards, Lew
I know....a bit late in commenting :-( . I posted a couple of days ago a question in offtopic about who, is anyone, is using WICKR. WICKR is available for Linux but regrettably I believe that it is for use only with Ubuntu (as the d/load file is a *.deb file [69MB big]). According to what is on their website, WICKR is *totally* secure - even from the NSA. BC -- Using openSUSE 13.2, KDE 4.14.4 & kernel 3.19.1-2 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Am 28.02.2015 um 12:56 schrieb Peter:
TOR is actually Firefox but (the latest Tor) is Firefox 31.x. This is misinformation! Tor is NOT Firefox. The 'Tor Browser Bundle' is built off of Firefox, and that is the recommended way to use Tor advised by the Tor project. But Tor can be used independently and in conjunction with other browsers and/or applications.
You're both right to a certain extent. TOR is just a way to hide your tracks when you surf the net. Basically, it makes it almost impossible to find out your IP address. But modern browsers are very nosy and they love to blabber. If you use Google Chrome via TOR, then you're pretty safe against malware attacks but the browser shares so many information about you with anyone listening that connecting via the TOR network becomes pointless. I mean the sites your browse can't see your IP address anymore but the browser will tell anyone "Hey, this is Aaron Digulla and he lives in .... and he's .... old and he likes ..." That's why the TOR project decided to ship their own browser. The version of Firefox which comes with the Tor Browser Bundle is nailed shut. It won't tell anyone anything. If you don't enable JavaScript, Java and Flash, no one will be able to track you. So it's again a question of balance between security (latest version of Firefox) against anonymity. If your life depends on anonymity, use the browser that comes with TOR. Just make sure you have the latest anti-virus installed and active and enable JavaScript only for those sites which you need and which absolutely refuse to work otherwise. Java is a no-go anyway and many sites should work without Flash. Enabling Flash adds so many way to identify you, that using TOR is pointless. Regards, -- Aaron "Optimizer" Digulla a.k.a. Philmann Dark "It's not the universe that's limited, it's our imagination. Follow me and I'll show you something beyond the limits." http://blog.pdark.de/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 02/28/2015 05:56 AM, Peter wrote:
It's worth bearing in mind that the thousands of individuals and institutions that provide exit nodes or other reinforcements of the Tor network (at their own expense and sometimes risk of having their equipment seized) often do so in consideration of those needing it due to free speech restrictions or getting a voice out from danger zones. Hence, if too many people use it for high bandwidth content such as media downloads for leisure purposes, it doesn't help those most desperately in need.
Peter
Peter, Basil, Lew, All, Thanks, The torproject.org has essentially the same information and more regarding good practices/warning in the warnings section of their download link: https://www.torproject.org/download/download-easy.html.en#warning One of the main issues they stress is, if you are browsing with the Tor browser, DO NOT torrent over Tor or open/access documents downloaded from remote sites --and-- related, DO NOT install plugins to handle remote download content, because torrent, and in many cases opening the remote downloads or allowing them to be handled by plugin will ignore/bypass proxy settings which impacts both your and others anonymity by disclosing direct IP information. Now, linux apparently has a solution for most of that as well. If complete anonymity is of concern, the torproject site provides a link to the 'tails' project which is a standalone OS where the plugin and remote doc handling communication layers are apparently designed to go over Tor rather than there being a potential for direct IP exposure. That's well beyond anything I can foresee being concerned with, but for sake of completeness, it's worth a mention. Regarding install, I'll check packman, but the package can be built from source as long as you have libevent, libevent-devel installed. The torproject provides a pre-compiled install for both x86 and x86_64, but I'd rather build it on my current system that deal with any potential library version/soname issues. (even though software should be smart enough to handle it today) I've tried webpin, but the 3-char tor name is too short to provide any matches. If it is not on packman, does anyone have a 13.1 .spec file (or one for a reasonably close release I can cannibalize)? I would prefer to build the rpm rather than doing a make install to /usr/bin or /bin, and being lazy, I would prefer not to have to roll a .spec from scratch. If anyone has a link to a 13.1 package, I'd appreciate it. Thanks again. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sat 28 Feb 2015 05:29:02 PM CST, David C. Rankin wrote: <snip>
I've tried webpin, but the 3-char tor name is too short to provide any matches. If it is not on packman, does anyone have a 13.1 .spec file (or one for a reasonably close release I can cannibalize)? I would prefer to build the rpm rather than doing a make install to /usr/bin or /bin, and being lazy, I would prefer not to have to roll a .spec from scratch. If anyone has a link to a 13.1 package, I'd appreciate it.
Thanks again.
Hi Use osc se tor...? It's part of the openSUSE distribution? Check the 13.1 update channel. Grab the src rpm from here and modify for the tor-browser-bundle; http://rpm.pbone.net/index.php3/stat/4/idpl/28472182/dir/pclinuxos/com/tor-b... -- Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890) SUSE Linux Enterprise Desktop 12 GNOME 3.10.1 Kernel 3.12.36-38-default up 2 days 7:26, 4 users, load average: 0.27, 0.28, 0.23 CPU AMD A4-5150M APU @ 3.3GHz | GPU Richland Radeon HD 8350G -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Aaron Digulla -
Basil Chupin -
David C. Rankin -
ellanios82 -
greg.freemyer@gmail.com -
Lew Wolfgang -
Malcolm -
Peter