0 users browsing Discussion. | 1 guest | 1 bot  
Main » Discussion » Mozilla, *sigh*
Pages: First Previous 15 16 17 18 19 20 21 22 23 Next Last
Posted on 19-09-15, 20:57
Stirrer of Shit
Post: #628 of 717
Since: 01-26-19

Last post: 173 days
Last view: 171 days
Posted by Nicholas Steel
>Maximizing the window leaves you open to a fingerprinting attack, but it's hardly instant deanonymization.

Uh... what? How?

If you're running maximized, you'll always have the same resolution unless you change screen/OS/whatever. So maybe 1080p w/ Windows window decorations is fine, but if you can see that there's someone with their browser at 2556x1414 (2560x1440 - 4x26) that's fairly unique, and if you see it several times it's probably the same person.
Posted by wertigon
I am a security professional, I know quite a few people working with this, and I have hacked quite a few of these very connections myself (for academic purposes only). Sorry, but it is not FUD. TOR is about as safe and anonymous to use through everyday usage as Bitcoin is.

The basic gist of it is, anything you download that makes a http request outside the TOR browser may reveal your identity. It could be an installer, a video game, an excel document or a CAD file. A VPN is not quite as vulnerable to this, but neither option is perfect.

Ignore the expert, though. After all, that is what you are good at. :)

Just what 'university' did the supposed 'expert' go to, and why does he not know how to spell the name of the technology he is allegedly hacking? Nobody would run random .exe files they got through Tor Browser and there's a giant warning if you try to do it. But for instance PDF files are A-OK. By observing basic precautions it is possible to reach an extremely high level of security with Tor, while this is completely impossible with a VPN.

As an aside, I am tired of this, not to say worship, but taking seriously of people ('experts') for the sole reason of having thrown their time away on an education. If you're just doing it to get a job, sure do whatever you have to, but to claim that there's some actual value in it is plainly absurd. There was a tradition in the temple of Dodona that oaks first gave prophetic utterances. The men of old, unlike in their simplicity to young philosophy, deemed that if they heard the truth even from ‘oak or rock,’ it was enough for them; whereas you seem to consider not whether a thing is or is not true, but who the speaker is and from what country the tale comes. This is not to say that it's impossible to become an expert through organized studies and that such should be trusted, but the inverse obviously doesn't hold - for the extreme example, look at exercise science. I would much rather get my advice from the biggest guy in the gym, provided he isn't on gear, than the alleged experts in the newspapers who discuss for days on end which machines should be used and quizzes anyone who disagrees about to what school they went.

Posted by tomman
More plain FUD from the "security researches" that led to the premature death of the Battery API in Javascript because Teh Googles could use your battery level to sell products and services to you or some BS.

Javascript is a unholy mess and can be used for evil, but this is waaaaaaaaaaaaaaaaaaay low in the scale of importance, but hey, it's clickbait.

No, it's from legitimate security researchers. As I recall it, it's plagiarized from an official list of "stuff you shouldn't do with Tor" from a few years ago, back when they were still using check.torproject.org and Disconnect.

Posted by CaptainJistuce
[Richard Hipp] looks like Steve Jobs.
...
Wait, that's what you said.

Okay, but seriously... when is the tech industry gonna get over "Jobs wore black turtlenecks so we must too!"? Jobs was an asshole, are you gonna be one too just because he was... wait, don't answer that, I'm happier not knowing.

No, I was thinking of the whole "evil reflection" thing, like Rosenberg from El Cazador or Kurama from Elfen Lied.

And as for Bond villains:





There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-09-15, 22:48
Post: #94 of 135
Since: 11-24-18

Last post: 3 days
Last view: 3 days
Expert as in, I live, breathe and do this shit for a living (but granted, only 25% of my working time). While I have only hacked TOR in a lab, it is very possible.

TOR (T... Onion Routing, forgot what the T stands for? The?) is an acronym therefore it should be spelt that way. Pretty much like HTTP, SSH or TLS. You don't like it, go complain to the Oxford English Dictionary team if you want to complain at someone. (Should be named TORP actually, but I digress)

Granted, been a couple of years since I last dabbled with it, got bigger fish to fry in my daily life now. Still, I concluded TOR is far from a silver bullet and only useful in certain highly specialised scenarios back then, and I doubt it has changed now.
Posted on 19-09-15, 23:43
Custom title here

Post: #694 of 892
Since: 10-30-18

Last post: 1 day
Last view: 11 hours
Posted by sureanem
That the US government made it is not all too relevant here - the purpose was to help their CIA spooks communicate easier with HQ, as well as to facilitate fomenting color revolutions in the second world. To try and put backdoors in it would have been like drilling holes in your gun in case someone else steals it - not exactly ideal.
Navy, actually. Not CIA.
And the point is that if it was actually that secure, they wouldn't have released it to the public.


--- In UTF-16, where available. ---
Posted on 19-09-16, 17:17
Stirrer of Shit
Post: #629 of 717
Since: 01-26-19

Last post: 173 days
Last view: 171 days
Posted by https://2019.www.torproject.org/docs/faq.html.en#WhyCalledTor
Why is it called Tor?

Because Tor is the onion routing network. [...]

Note: even though it originally came from an acronym, Tor is not spelled "TOR". Only the first letter is capitalized. In fact, we can usually spot people who haven't read any of our website (and have instead learned everything they know about Tor from news articles) by the fact that they spell it wrong.

Did you learn everything you know about Tor from news articles wertigon?

Posted by CaptainJistuce
Navy, actually. Not CIA.
And the point is that if it was actually that secure, they wouldn't have released it to the public.

Navy made it, but the main beneficiaries inside the US government sure are the CIA.

It does not follow. By that line of reasoning AES and the like should have backdoors too since it was standardized by the US government, not to talk about Bitcoin. Historically, the US government's backdoors have only been of the kind that they were damn sure an adversary couldn't exploit, so something of the public/private key kind (e.g. Dual_EC_DRBG) would have been their only choice.

And as for that, it's hardly the dried-and-shut case of "NSA uses their superior cryptography skills to hide invisible backdoors in every single cryptography algorithm freely available on the open market" - people knew something was up even in the early 2000's. IBM got some mystery meat S-boxes for DES from the NSA, and everyone thought they were backdooring it, but they were actually making it more secure:
Controversies arose out of classified design elements, a relatively short key length of the symmetric-key block cipher design, and the involvement of the NSA, nourishing suspicions about a backdoor. Today it is known that the S-boxes that had raised those suspicions were in fact designed by the NSA to actually remove a backdoor they secretly knew (differential cryptanalysis). However, the NSA also ensured that the key size was drastically reduced such that they could break it by brute force attack (the computing power to brute force DES however did not exist in 1975).


(As an aside, it must be a very painful position to be in to have everyone accusing you of introducing backdoors when you were actually trying to help them stay safe but being unable to tell them because you would endanger them)

The US government has realized extreme geopolitical gains from the Internet in general and Tor in particular, and this alone pays for it a thousand times over. No serious nation-state actor would have the precise combination of greed and stupidity required to pull off such a suicidally risky 'keep the cake and eat it' move. The US is already an open society, and as such the damage from even perfect cypherpunk-style anonymity is negligible, especially when compared to what that might do to China/Iran/Russia, and what it already has done to a whole host of countries before.

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-09-16, 17:23
Rated M for Manly

Post: #397 of 502
Since: 10-29-18

Last post: 21 days
Last view: 30 min.
User is online
I've seen people who use Lua almost daily consistenly call it LUA. Of all the personal insults you could've slung at werti, that was the lamest.
Posted on 19-09-16, 19:42
Stirrer of Shit
Post: #630 of 717
Since: 01-26-19

Last post: 173 days
Last view: 171 days
It's not as much of an insult as it is pointing out the failure to observe a useful shibboleth. Wild guess here, for which I have absolutely no proof, these are people who learned Lua through the U of Life because they wanted to actually make something - presumably for video games - and are not all too interested in hearing about useless academic concepts like "higher-order functions" or "lambdas". Whereas, for Tor, the opportunity of "learning by doing" is quite limited (what people in the AI business would call "one-shot learning"), and as such one does indeed need to read quite dry technical documents to understand how it works. In other words, as the project themselves observe, it's a much more useful nitpick, like when Mr. Schmidt pronounced it "Thor," as in the Norse god of thunder.

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-09-17, 02:27

Post: #119 of 163
Since: 10-30-18

Last post: 22 days
Last view: 15 hours
Posted by sureanem
like when Mr. Schmidt pronounced it "Thor," as in the Norse god of thunder.

You know—-Tor, the god of Tunder.
Posted on 19-09-17, 04:41
Post: #90 of 144
Since: 11-01-18

Last post: 14 days
Last view: 10 hours
tsor, god of tsundere
Posted on 19-09-17, 08:57
Post: #95 of 135
Since: 11-24-18

Last post: 3 days
Last view: 3 days
Lol.

At the end of the day I got better things to do than argue meaningless semantic shit on the internet. You have been fairly warned about the shortcomings of TOR; what you do with that information is up to you. :)

(Also, scandinavian here, so I would rather not confuse TOR with a certain god of thunder, but I digress)
Posted on 19-09-17, 10:40 (revision 3)
Custom title here

Post: #695 of 892
Since: 10-30-18

Last post: 1 day
Last view: 11 hours
Posted by sureanem

Posted by CaptainJistuce
Navy, actually. Not CIA.
And the point is that if it was actually that secure, they wouldn't have released it to the public.

Navy made it, but the main beneficiaries inside the US government sure are the CIA.

If the CIA was using it, they would have blocked the public release. Prevent anyone from studying it for potential vulnerabilities, and prevent them from even gaining any insight into how the CIA communicates.
Also, TOR traffic is identifiable and blockable. Therefore, the CIA would not use it if it was public knowledge.


It does not follow. By that line of reasoning AES and the like should have backdoors too since it was standardized by the US government, not to talk about Bitcoin. Historically, the US government's backdoors have only been of the kind that they were damn sure an adversary couldn't exploit, so something of the public/private key kind (e.g. Dual_EC_DRBG) would have been their only choice.

And as for that, it's hardly the dried-and-shut case of "NSA uses their superior cryptography skills to hide invisible backdoors in every single cryptography algorithm freely available on the open market" - people knew something was up even in the early 2000's. IBM got some mystery meat S-boxes for DES from the NSA, and everyone thought they were backdooring it, but they were actually making it more secure:
Controversies arose out of classified design elements, a relatively short key length of the symmetric-key block cipher design, and the involvement of the NSA, nourishing suspicions about a backdoor. Today it is known that the S-boxes that had raised those suspicions were in fact designed by the NSA to actually remove a backdoor they secretly knew (differential cryptanalysis). However, the NSA also ensured that the key size was drastically reduced such that they could break it by brute force attack (the computing power to brute force DES however did not exist in 1975).


(As an aside, it must be a very painful position to be in to have everyone accusing you of introducing backdoors when you were actually trying to help them stay safe but being unable to tell them because you would endanger them)

The government, in a post-9/11 world, is not going to release an open, untracable communication standard into the wild for everyone to use. They don't even want american citizens going unmonitored(and to hell with legality), much less random dudes from Pablochevakia. If your arguments for how great TOR is were accurate, then the release would have been blocked to prevent "the terrorists" from using it.

Do not confuse the 21st century political environment with 1975's.

Also, IBM figured out differential cryptanalysis and selected the substitution boxes to be resistant. The NSA just declared differential cryptanalysis classified so that IBM couldn't release the information about it publicly. Because they wanted to preserve the vulnerability in other encryption schemes.
And then they badgered IBM and the NIST to use shorter keys, so that they could still brute-force DES(the final standard used a longer key than the NSA had requested, but a shorter key than IBM felt was appropriate).
So no, the NSA did NOT make DES better. They made it a little worse, and prevented anyone else in encryption development from knowing about a serious vulnerability for two decades, preserving themselves a way to break into most encryption not developed by IBM.

Note also that DES was only approved for use on unclassified data. Why was it forbidden from use on classified data if not because it was known-vulnerable? The answer, of course, is because the NSA already knew it could be brute-forced by anyone with a sufficient budget, like a major world power's intelligence division. Most assuredly because they were already doing it. Just to figure out if the ruskies could, I'm sure. The NSA would never spy on american citizens.

The US government has realized extreme geopolitical gains from the Internet in general and Tor in particular, and this alone pays for it a thousand times over.

What political gains has the US seen from the public release of TOR?

The US is already an open society, and as such the damage from even perfect cypherpunk-style anonymity is negligible, especially when compared to what that might do to China/Iran/Russia, and what it already has done to a whole host of countries before.

You honestly know nothing about american society or politics.

--- In UTF-16, where available. ---
Posted on 19-09-17, 11:40
Not from my cellphone

Post: #545 of 742
Since: 10-30-18

Last post: 18 hours
Last view: 6 hours
Once again, how a thread dedicated to show how Mozilla keeps failing to our world became sureanem's soapbox and his Reality Distortion Field!? I can't even frame this guy anymore as a Slashdot, a Hackernews, a Reddit, a 4chan, or even a "50 cent army" employee.

I don't give a fuck about how Tor is pronounced, because I don't use it (I do have a install just for fun, not for any actual purpose, plus it defaults to Asstralis/Quantum Firefux, so I don't even bother launching it)

Seriously, dude, cut it off. Mozilla is a cancer on its own (mostly thanks to Google), and that's more than enough for this thread.

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 19-09-17, 12:10 (revision 1)
It's a long story that involves a piñata and a gun and a very naughty doggie…

Post: #399 of 502
Since: 10-29-18

Last post: 21 days
Last view: 30 min.
User is online
You remember those little buttons that'd you see on really old websites, "Netscape Now" and such? The kind that I more or less parody on the page for my P&C game?

I'm seriously considering making one about sane and simple pages, that aren't 90% JavaScript frameworks, 8% layout markup, and only 2% actual content. And then put it on my site's landing page, being an example.

edit:
Posted on 19-09-17, 12:39
Not from my cellphone

Post: #546 of 742
Since: 10-30-18

Last post: 18 hours
Last view: 6 hours
If I ever relaunch my website, I guess it's time to remove the IE-specific bits that were inserted with Frontpage XP, almost two decades ago (like the rollover effect over the left navbar - now you can achieve that with pure CSS but back then Frontpage came with their small pile of IE-only Javascripts).

It's also a shame that <BGMUSIC> no longer works, and its replacements at some point involved Flash (YUCK!), or more scriptfuckery :/

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 19-09-17, 13:58
Keyboard Compatible!

Post: #400 of 502
Since: 10-29-18

Last post: 21 days
Last view: 30 min.
User is online
Then you cannot has my button 😛
Posted on 19-09-17, 19:15
Not from my cellphone

Post: #547 of 742
Since: 10-30-18

Last post: 18 hours
Last view: 6 hours
https://news.slashdot.org/story/19/09/17/1750247/firefox-moving-to-a-faster-4-week-release-cycle

The buzzword of the day: "agile".

Because releasing software When It's Done is for dinosaurs - looks like hipster coders compete to see who can cram more half-assed "features" and flaws in their modern pieces of so-called software.

Combined with Valve's "it compiles, SHIP IT" attitude, no wonder why I want to get the hell away from interacting with software in general nowadays :/

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 19-09-29, 12:48
Not from my cellphone

Post: #559 of 742
Since: 10-30-18

Last post: 18 hours
Last view: 6 hours
Apparently I'm not the only one against D'OH!: the (soon to be the former?) Kingdom of Great Britain really hates it, to the point of nominating Mozilla as a "Internet Villain" (whatever that means):
https://news.slashdot.org/story/19/07/05/1438257/internet-group-brands-mozilla-internet-villain-for-supporting-dns-privacy-feature

Well, it's actually some of their ISPs which believe that they have the sacred right to spy on you protect you from seeing bare breasts, which is apparently not that legal in those latitudes, and D'OH! certainly would interfere with the Kingdom-mandated censors.

Mozilla finally caved in, by "promising" that D'OH! will not be the default for England and its territories:
https://news.slashdot.org/story/19/09/29/0434233/firefox-promises-uk-government-dns-over-https-wont-be-default-in-uk

D'OH! is a bad idea, but governments spying on you and censoring your porn are a absolutely terrible idea.

Fuck, everybody is evil, let's go shopping~

(also: tinfoil hat nerds complaining that UK/US are authoritarian states, without knowing exactly what the fuck is an authoritarian state, and I certainly speak as a citizen from one of said authoritarian hellholes. Someone should forcefully pull those nerds out of their mothers' basements and send them to my shithole for a year, so they can actually learn how it's living in a true authoritarian hell!)

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 19-09-29, 13:41
Stirrer of Shit
Post: #648 of 717
Since: 01-26-19

Last post: 173 days
Last view: 171 days
I'm not quite sure I follow. Do you defend the UK censors' alleged sovereign right to censor the Internet, or do you concede that this would indeed be a major blow towards such censorship but still assert that it's not worth it because it would undermine your idiosyncratic blocking solutions?

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-09-29, 18:26
Not from my cellphone

Post: #560 of 742
Since: 10-30-18

Last post: 18 hours
Last view: 6 hours
Any government trying to censor you is beyond evil, and that has no excuse. Mozilla (or anyone else) conceding to the censors' requests is another way to say "fuck you" to your userbase.

Having said that, I still insist that D'OH! is NOT the solution. You're trading enemies (your ISP/government -> Cloudflare & co.), plus layering more shit on top of HTTPS because that for the web frat boys all problems look like nails when all you have is a hammer is not the way to go. TLS on top of system-wide DNS? Cool, bring it on. HTTP + client-side DNS? Oh hell no.

There are no winners here, I'm sad to say.

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 19-09-29, 20:00

Post: #206 of 280
Since: 10-29-18

Last post: 10 hours
Last view: 2 hours
Posted by tomman
Any government trying to censor you is beyond evil

I can think of better criteria...

My current setup: Super Famicom ("2/1/3" SNS-CPU-1CHIP-02) → SCART → OSSC → StarTech USB3HDCAP → AmaRecTV 3.10
Posted on 19-09-29, 20:47
Custom title here

Post: #712 of 892
Since: 10-30-18

Last post: 1 day
Last view: 11 hours
Posted by tomman

Fuck, everybody is evil, let's go shopping~
WHOOO!!!!!!!!

--- In UTF-16, where available. ---
Pages: First Previous 15 16 17 18 19 20 21 22 23 Next Last
Main » Discussion » Mozilla, *sigh*
you need to wake up michael