tor

关于 Tor 项目的几句话 ——

几天前Tor 项目公布了对另一起关于浏览器用户和整个网络去匿名化安全性事故的回应。简言，执法人员能够对使用旧版Ricochet客户端的用户进行去匿名化，因为该客户端存在一个漏洞，暴露了用户使用的 Tor 节点。

但2022年6月发布的 Ricochet-Refresh 客户端由于采用了Tor项目 3 年前宣布的 Vanguards-lite 保护措施，因此不存在这一漏洞。

您可以在下面阅读更多有关该事件的信息：
https://blog.torproject.org/tor-is-still-safe/
https://habr.com/ru/news/845008/

在这一事件的背景下，Tor昨天发布了另一个 alpha 版本的浏览器，并修复了一些漏洞。它主要适用于 WIndows 和 Android，但不重要。

该版本可在此处下载：https://www.torproject.org/download/alpha/

此外，4 天前Tor 浏览器 13.5.4 版本发布，其中 NoScript 已更新至 11.4.37 版本，OpenSSL 已更新至 3.0.15，因此建议大家进行更新：https://blog.torproject.org/new-release-tor-browser-1354/

#tools #Tor

Wild ass day in the Tor node operator world. Got an email from my VPS, forwarding a complaint from WatchDog CyberSecurity saying that my box was scanning SSH ports!

> Oh no, oh no, I knew I should have set up fail2ban, oh god why was I so lackadaisical!

So I remote in to the machine: no unusual network activity, no unusual processes, users, logins, command history, no sign that anything is doing anything I didn't tell it to do.

So what's up? Turns out there's been a widespread campaign where some actor is spoofing IPs to make it look like systems running Tor are scanning port 22: https://forum.torproject.org/t/tor-relays-tor-relays-source-ips-spoofed-to-mass-scan-port-22/15498/14

Operators from all over are saying they're getting nastygrams from their VPS providers because WatchDog is fingering their source IPs (which are being spoofed and NOT part of a global portscanning botnet).

@delroth did an amazing writeup of the whole thing here: https://delroth.net/posts/spoofed-mass-scan-abuse/

#tor #infosec #cybersecurity #threatintel #privacy

#QuestionsWelcome

In the spirit of a recent post on making the #Fediverse a more welcoming place, renewing a post I had on my old profile but apparently not here: ask me anything! I can't guarantee I'll have all the answers or be fast to reply but lll try to at least say something. Some things I can talk vaguely usefully about include:

#DNS #Google #InfoSec #SRE #SysAdmin #Internet #Unions #Organizing #Baseball #Web #Tor #Privacy and probably a billion more.

I bet the old Usenet forums could tell some stories here.

#internetarchive #horror #tor #privacy #crime #incognito #chrome #jokes #memes #cyber #usenet

ALT

Funding for the @torproject is cut with the axe to the US Agency for Global Media. Tor helps me keep my children hidden from data brokers and is an essential anti-censorship tool for people living under oppressive regimes in countries worldwide.

https://archive.is/lKFCu

hey #tor , how can we help?

What would be the perfect desktop RSS application?

I've recently gotten back into one of my projects where I'm trying to build an #RSS reader with Rust & Iced
Things are coming together nicely since that last post...
- Items are now properly stored in a DB and actually retrieved for display
- I've written a module that parses description/content areas to build the layout (this was HARD!)
- It seems to work well with many feeds I'm testing out.

I really just need to get to the grind of completing it and adding the necessary features. But I'd love feedback from fellow open web enjoyers.

If you have any thoughts on must-have features I'd love to hear them.
My current dream list is:
- First-class #Tor & #I2P support with other options configurable (**I would really like suggestions on how to handle this well)
- Full text search (to be useful as a personal search engine)
- Import from FreshRSS (for entirely selfish reasons)
- Discovery features: the plan is to setup a way to discover feeds that your feeds link to.

@board
#tor #tails #隐形网络计划
嗨，各位 Fedi 朋友们大家好！

2013年5月20日，一名年轻的眼镜男独自抵达了香港。他的电脑上贴有 EFF 和Tor 的贴纸，他会使用 Tails 系统，平时用 Qubes OS 和 Whonix。他多层加密存储了很多美国的机密，向外界披露。他就是爱德华·斯诺登。

简单概述一下，Tails 诞生于 2009 年，是一款基于 Debian GNU/Linux 桌面环境使用 GNOME，以 Tor 网络运行的操作系统，通过安装进便携式移动存储设备以在 x86/64 位元装置的设备中启动该系统

系统通过 Tor 运行，保障使用者不会被跟踪，网络服务商只知道使用者是使用 Tor 访问

安装系统时一定要对进行下载的系统镜像验证！！！Tails 下载项方中有直接通过 Web 端验证，也可以通过 GnuPG/PGP 签署的数字签名文件验证

本贴简单谈论简直至 2025 年 7 月 Tails 系统中国大陆地区使用体验