Fwd: [liberationtech] Tor Browser 6.0.4 is ready for testing
Uff... Some months ago, I would be happy. Now, it means nothing... :(( ---------- Forwarded message ---------- From: "Yosem Companys" <companys@stanford.edu> Date: Aug 15, 2016 12:10 PM Subject: [liberationtech] Tor Browser 6.0.4 is ready for testing To: "Liberation Technologies" <liberationtech@lists.stanford.edu> Cc: "Georg Koppen" <gk@torproject.org> From: Georg Koppen <gk@torproject.org> Hi all, We are pleased to accounce that Tor Browser 6.0.4 is ready for testing. Bundles can be found on: https://people.torproject.org/~boklm/builds/6.0.4-build2/ This release finally brings Tor Browser users the latest Tor stable, 0.2.8.6, and avoids pinging Mozilla servers for system extensions. The latter was responsible for users getting an extension into their Tor Browser that resulted in annoying and confusing "Your Firefox is out of date" notifications on start-up (bug 19890). Thanks to Mozilla engineers who fixed that issue as fast as possible on their side: the extension is not shipped to Tor Browser users anymore if they ping Mozilla's server. Users that are on the alpha channel or are using the hardened Tor Browser were not affected. The same goes for Tails users as far as we know. The full changelog since Tor Browser 6.0.3 is: Tor Browser 6.0.4 -- August 16 * All Platforms * Update Tor to 0.2.8.6 * Update NoScript to 2.9.0.14 * Bug 19890: Disable installation of system addons Georg -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/ mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at companys@stanford.edu.
On 08/15/2016 12:24 PM, Cecilia Tanaka wrote:
Uff... Some months ago, I would be happy. Now, it means nothing... :((
Like any other tool, the TOR Browser has strengths and weaknesses, appropriate uses and foolish/destructive uses. Lest we forget, Chelsea Manning used TOR to move massive amounts of data to Wikileaks. One can argue that Ed Snowden found what he was allowed to find and shipped it to Greenwald & Co. under the approving gaze of some compartment at NSA; Manning, not so much. Billions of dollars worth of damage were done to the U.S. National Interest, which is why she rates a sentence of slow death by ritualistic torture. This recording was never supposed to see the light of day, but it walked right out of a tightly secured base and onto the Internet within hours: Manning tells all, including how and why to do that thing: https://freedom.press/blog/2016/04/freedom-press-foundation-publishes-leaked... -or- https://tinyurl.com/jrvbj8o She would have gotten away with it, too, if some "individual" who needs not be named had not sold her for cheap. Onion routing can be a useful part of a complete operational security toolkit. Only when its limitations are understood and pessimistic assumptions are made, of course. :o)
On 08/15/2016 10:12 AM, Steve Kinney wrote:
limitations are understood and pessimistic assumptions are made, of course.
This is what I've been saying all along. The assumption is ONLY that it buys you some time to GTFO of that internet cafe and down the road. With Tails, you get a level up in anonymity perhaps because the machine used is at least hard, if not impossible to identify. Case in point: The local internet provider here uses AOL upstream, and one day, while torrenting (transmission, full encryption on) a music album , my supervisor came in and asked if I was running a torrent client... that she'd received a call from the local provider about someone bootlegging. She's a sympathetic sort so I say 'yeah' and told her what it was... A WARNER album. AOL/Time/Warner is apparently sniffing every packet passing through their servers identified as a torrent for bootleg content. It took about an hour for AOL > Local provider and a phone call from them. Rr (Ps, to those who collect such things note gpg sig update)
On Mon, 15 Aug 2016 10:42:27 -0700 Rayzer <rayzer@riseup.net> wrote:
On 08/15/2016 10:12 AM, Steve Kinney wrote:
limitations are understood and pessimistic assumptions are made, of course.
This is what I've been saying all along. The assumption is ONLY that it buys you some time to GTFO of that internet cafe and down the road.
Oh yes. That's how 'hidden' services operate. You 'get out of the internet cafe' when the DEA comes to get your server and shoot you.
With Tails, you get a level up in anonymity perhaps because the machine used is at least hard, if not impossible to identify.
And your credentials for making that kind of bullshit claim are what, exactly. Rhetorical question of course. Spare me your bullshit, you tor-MILITARY-CORPORATION-bot.
Case in point: The local internet provider here uses AOL upstream, and one day, while torrenting (transmission, full encryption on) a music album , my supervisor came in and asked if I was running a torrent client... that she'd received a call from the local provider about someone bootlegging. She's a sympathetic sort so I say 'yeah' and told her what it was... A WARNER album.
AOL/Time/Warner is apparently sniffing every packet passing through their servers identified as a torrent for bootleg content. It took about an hour for AOL > Local provider and a phone call from them.
Rr
(Ps, to those who collect such things note gpg sig update)
On 08/15/2016 08:25 PM, juan wrote:
With Tails, you get a level up in anonymity perhaps because the machine used is at least hard, if not impossible to identify.
And your credentials for making that kind of bullshit claim are what, exactly. Rhetorical question of course. Spare me your bullshit, you tor-MILITARY-CORPORATION-bot.
Because you can take the fucking drive out of a computer and run entirely off a thumbdrive. It leaves no trace and wipes memory as it shuts down, and now that's exactly what I'm going to do with you troll. Shut you down. Killist you, and you can bark at the moon for all I give a fuck. Rr
On Mon, 15 Aug 2016 20:59:43 -0700 Rayzer <rayzer@riseup.net> wrote:
On 08/15/2016 08:25 PM, juan wrote:
With Tails, you get a level up in anonymity perhaps because the machine used is at least hard, if not impossible to identify.
And your credentials for making that kind of bullshit claim are what, exactly. Rhetorical question of course. Spare me your bullshit, you tor-MILITARY-CORPORATION-bot.
Because you can take the fucking drive out of a computer and run entirely off a thumbdrive. It leaves no trace and wipes memory as it shuts down, and now that's exactly what I'm going to do with you troll.
Uh oh. I'm so afraid and upset. I on the other hand will keep calling out the garbage you post here.
Shut you down. Killist you,
yep, the kind of think that commie pieces of shit like you do best =) and you can bark at the moon for
all I give a fuck.
Rr
On Aug 15, 2016 2:20 PM, "Steve Kinney" <admin@pilobilus.net> wrote:
Onion routing can be a useful part of a complete operational security
toolkit. Only when its limitations are understood and pessimistic assumptions are made, of course. Thank you very much, my love. Unhappily, my faith in the Tor Project is a bit shaken in the moment. Too many pessimistic assumptions, dear. :-/ Kisses and onions, Steve! :*
On Mon, 15 Aug 2016 13:12:28 -0400 Steve Kinney <admin@pilobilus.net> wrote:
On 08/15/2016 12:24 PM, Cecilia Tanaka wrote:
Uff... Some months ago, I would be happy. Now, it means nothing... :((
Like any other tool, the TOR Browser has strengths and weaknesses, appropriate uses and foolish/destructive uses.
Lest we forget, Chelsea Manning used TOR to move massive amounts of data to Wikileaks.
Source? And even if that were true, then that would be how he got caught? using tor? Hardly good advertising for tor. I know that allegedly he was betrayed, but, you know, "parallel construction". Truth is, it would have been a lot better for him to copy any data he wanted to 'leak' and mail it using 'snail mail'.
One can argue that Ed Snowden found what he was allowed to find and shipped it to Greenwald & Co. under the approving gaze of some compartment at NSA; Manning, not so much. Billions of dollars worth of damage were done to the U.S. National Interest,
How? Not meaning to badmouth manning, it's not his fault that the US is a fascist cesspool, but americans either don't give a fuck about their mass murdering government, or cheer for it.
which is why she rates a sentence of slow death by ritualistic torture.
This recording was never supposed to see the light of day, but it walked right out of a tightly secured base and onto the Internet within hours: Manning tells all, including how and why to do that thing:
https://freedom.press/blog/2016/04/freedom-press-foundation-publishes-leaked...
-or-
She would have gotten away with it, too, if some "individual" who needs not be named had not sold her for cheap.
Onion routing can be a useful part of a complete operational security toolkit. Only when its limitations are understood and pessimistic assumptions are made, of course.
:o)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/15/2016 11:25 PM, juan wrote:
Lest we forget, Chelsea Manning used TOR to move massive amounts of data to Wikileaks.
Source?
Manning, if I recall correctly:
https://freedom.press/blog/2016/04/freedom-press-foundation-publishes-le aked-audio-bradley-manning%E2%80%99s-statement
-or-
And even if that were true, then that would be how he got caught? using tor? Told Adrian Lamo, who told the Feds. http://www.democracynow.org/2011/12/19/adrian_lamo_bradley_manning_infor mant_defends - -or- https://tinyurl.com/7t3gfcm
Hardly good advertising for tor. I know that allegedly he was betrayed, but, you know, "parallel construction".
Belief makes people stupid, in the sense that it makes them think in circles as necessary to support the belief. I do not "believe" that someone ratted Chelsea out, but I do consider it very likely. In part because of the time that passed between the first, exceptionally damaging public release of Manning's material, and the arrest - some time after the third exceptionally damaging release. :o/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXso+ZAAoJEECU6c5XzmuqtrEIAM51riuBM+F6sPZZtT9SwtPn f45VKDmUCI3jqzE5l9BGMFl76Q5YkZKpgg/plZdME/Ocn9Pz0g9KKCN7K6KCDhpz J2aKhGBTRvaPXRDhqkpP8Nx1SezGGt1OPEJeQPM4cqaTAS/faQW7ds4j+/3gzHpG YG4o7kh2trj4aTIrQ4fK82Mb/wvFjBktRVyDzD7yL5Dcq95EntS1Z7obu7nu8afv Ysmd0kwLcUJwVpKsB2gqCWTwsMgZ8A4DsOIj+d/Yn6ZUSI1clV8Arzf5T69DqIPp buHTlREygPgdfbXuKF77QfssGp33u3rfuQauH+PvBJqjOPT4kPstNHk4G+IHIVw= =gejT -----END PGP SIGNATURE-----
On Mon, 15 Aug 2016 23:59:21 -0400 Steve Kinney <admin@pilobilus.net> wrote:
Belief makes people stupid, in the sense that it makes them think in circles as necessary to support the belief. I do not "believe" that someone ratted Chelsea out, but I do consider it very likely.
So what. And you didn't really address my points, especially the fact that it is safer to physically mail stuff.
In part because of the time that passed between the first, exceptionally damaging public release of Manning's material, and the arrest - some time after the third exceptionally damaging release.
WHat damaging releases were those? I can think of the 'collateral murder' video as somewhat upsetting to the pentagon's propaganda efforts, for a few weeks, but that was all.
:o/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXso+ZAAoJEECU6c5XzmuqtrEIAM51riuBM+F6sPZZtT9SwtPn f45VKDmUCI3jqzE5l9BGMFl76Q5YkZKpgg/plZdME/Ocn9Pz0g9KKCN7K6KCDhpz J2aKhGBTRvaPXRDhqkpP8Nx1SezGGt1OPEJeQPM4cqaTAS/faQW7ds4j+/3gzHpG YG4o7kh2trj4aTIrQ4fK82Mb/wvFjBktRVyDzD7yL5Dcq95EntS1Z7obu7nu8afv Ysmd0kwLcUJwVpKsB2gqCWTwsMgZ8A4DsOIj+d/Yn6ZUSI1clV8Arzf5T69DqIPp buHTlREygPgdfbXuKF77QfssGp33u3rfuQauH+PvBJqjOPT4kPstNHk4G+IHIVw= =gejT -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/16/2016 12:19 AM, juan wrote:
In part because of the time that passed between the first, exceptionally damaging public release of Manning's material, and the arrest - some time after the third exceptionally damaging release.
WHat damaging releases were those? I can think of the 'collateral murder' video as somewhat upsetting to the pentagon's propaganda efforts, for a few weeks, but that was all.
The 'collateral murder' video hit Iraq during negotiations with the 3rd (?) post-conquest iteration of an allegedly sovereign Iraqi government for continued U.S. occupation and control of Iraq. It pissed the Iraqi public off so badly that continued 100% immunity from local prosecution of U.S. persons for any and all crimes including murder was taken off the table. In consequence of this, the U.S. occupation force was pulled out of Iraq. This was more than a little inconvenient, it was bloody expensive. The U.S. proxy force "formerly known as" ISIS have a dual mission: West of the Syria/Iraq border, the ongoing destabilization of Syria to prevent construction of oil & gas pipelines from Iran to a BRICS-friendly Mediterranean seaport. East of the border, to force the Iraqis to allow U.S. occupation forces back in to "protect" Iraq from an invading armed force and assure continued US/NATO control of Iraqi oil. The Cablegate and War Diaries releases both stirred diplomatic anthills, complicating or terminating numerous U.S. foreign policy operations in progress, causing direct losses on numerous fronts and imposing global scale damage control tasks. All of the above cost money - a damn lot of it - and tied up human resources that would have otherwise been very productively engaged in business as usual, i.e. looting the planet. Compare and contrast this impact to that of the well controlled Snowden leak, which has caused a bit of embarrassment while serving the practical purpose of putting the U.S. civilian population on notice that Big Brother really is watching their every move. On the domestic political warfare front, State and Corporate actors would not necessarily view this as a Bad Thing, as cultivating paranoia is one of their long term self-defense missions. Somebody probably located in Germany has since handed the world NSA docs with more practical impact on U.S. espionage operations than the whole Snowden Affair to date, and the U.S. public at large has no idea it even happened. Propaganda costs money and nobody on this side of the Atlantic seems to be interested in paying for play in this case.
And you didn't really address my points, especially the fact that it is safer to physically mail stuff.
I would not call that a 'fact' without considering that physically mailing storage media has its own inherent risks. IIRC, Wikileaks' advertised postal addresses are in "Five Eyes" territory, so nothing will be delivered via post without e-z and unavoidable State inspection and approval. Arranging any physical delivery method that might be more secure would require two-way communication in advance with Wikileaks, so why not simplicate matters by using the same "secure" comms channel to transmit the docs and have done with it? :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXs0svAAoJEECU6c5XzmuqXvYIAJPaLqjIQIlcw0WhO6K/Zjo9 AuTPhZwa7HRY4Ma4dKNHG8fvKpHezdiUbdRYHMlQ0MTk1M4bE5eBkKopJ3lRKWBY YfgcWKiPAtjc9WniTJC4yjYSc2v3bObWvawOg74VzB1ml4FEG9MsNwqzbgpiO1lP ubmJgX1AZNgKO6TJurXBnY4h6Wwph+Z7bJRGMyxldWzf1z8fHLJ7uwc5rK191HKT N3uaKb6yGDMn8izYK4xd6hNVtK96sNFDdXNyXpNKq1bslOEf9Q1645LS8+s7xBg9 nHO8oa69lKGKkk7BUAojcvQSpwpMN3DzgEXqwx6z41BsSBrRBCpcuOgjEXv65so= =XwHK -----END PGP SIGNATURE-----
On 08/16/2016 12:19 AM, juan wrote:
On Mon, 15 Aug 2016 23:59:21 -0400 Steve Kinney <admin@pilobilus.net> wrote:
Belief makes people stupid, in the sense that it makes them think in circles as necessary to support the belief. I do not "believe" that someone ratted Chelsea out, but I do consider it very likely.
So what.
And you didn't really address my points, especially the fact that it is safer to physically mail stuff.
Are you aware that all mail in the US is scanned at central points and subjected to a fairly high level of scrutiny. Anonymous mail is more highly scrutinized. --- Marina Brown
In part because of the time that passed between the first, exceptionally damaging public release of Manning's material, and the arrest - some time after the third exceptionally damaging release.
WHat damaging releases were those? I can think of the 'collateral murder' video as somewhat upsetting to the pentagon's propaganda efforts, for a few weeks, but that was all.
:o/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAEBAgAGBQJXso+ZAAoJEECU6c5XzmuqtrEIAM51riuBM+F6sPZZtT9SwtPn f45VKDmUCI3jqzE5l9BGMFl76Q5YkZKpgg/plZdME/Ocn9Pz0g9KKCN7K6KCDhpz J2aKhGBTRvaPXRDhqkpP8Nx1SezGGt1OPEJeQPM4cqaTAS/faQW7ds4j+/3gzHpG YG4o7kh2trj4aTIrQ4fK82Mb/wvFjBktRVyDzD7yL5Dcq95EntS1Z7obu7nu8afv Ysmd0kwLcUJwVpKsB2gqCWTwsMgZ8A4DsOIj+d/Yn6ZUSI1clV8Arzf5T69DqIPp buHTlREygPgdfbXuKF77QfssGp33u3rfuQauH+PvBJqjOPT4kPstNHk4G+IHIVw= =gejT -----END PGP SIGNATURE-----
On Aug 16, 2016, at 2:23 PM, Marina Brown <catskillmarina@gmail.com> wrote:
On 08/16/2016 12:19 AM, juan wrote: On Mon, 15 Aug 2016 23:59:21 -0400 Steve Kinney <admin@pilobilus.net> wrote:
Belief makes people stupid, in the sense that it makes them think in circles as necessary to support the belief. I do not "believe" that someone ratted Chelsea out, but I do consider it very likely.
So what.
And you didn't really address my points, especially the fact that it is safer to physically mail stuff.
Are you aware that all mail in the US is scanned at central points and subjected to a fairly high level of scrutiny. Anonymous mail is more highly scrutinized.
--- Marina Brown
Awful lot of dope makes its way through USPS, with TOR as the medium for setting up delivery, every day all day... Just log in to alphabay and browse around ... ;) But, who knows how long they'll last, there might be sealed indictments already... -- John
On Tue, 16 Aug 2016 14:23:42 -0400 Marina Brown <catskillmarina@gmail.com> wrote:
On 08/16/2016 12:19 AM, juan wrote:
On Mon, 15 Aug 2016 23:59:21 -0400 Steve Kinney <admin@pilobilus.net> wrote:
Belief makes people stupid, in the sense that it makes them think in circles as necessary to support the belief. I do not "believe" that someone ratted Chelsea out, but I do consider it very likely.
So what.
And you didn't really address my points, especially the fact that it is safer to physically mail stuff.
Are you aware that all mail in the US is scanned at central points and subjected to a fairly high level of scrutiny. Anonymous mail is more highly scrutinized.
I don't know all the details, but yes, I've seen some discussions by people who mail 'drugs'. But if the sender manages to mail a letter/package anonymously, then that's it. They can scrutinize the package all they want but won't learn much. And can they for instance x-ray all packages and know if a package contains, say, a micro sd card? That seems harder to do... Anyway, my point was that presenting tor as useful and 'legitimate' because it allegedly was used by Manning strikes me as...advertinsing.
--- Marina Brown
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/16/2016 05:06 PM, juan wrote:
Anyway, my point was that presenting tor as useful and 'legitimate' because it allegedly was used by Manning strikes me as...advertinsing.
Oh lookout- Legitimacy implies a sanctioning Authority. :D Speaking of mail vs. network transport of leakish dox... The point of failure for a mail order drugs market is the sender: Receivers are scattered all over and at least "slightly" hard to identify, if the network side is not breached. But the sender's organization is small in number and, if suspected, easy to put a mail cover on. The point of failure for a mailed in leaks is the receiver: The receiver's location(s) and personnel small in number, and easy to put a mail cover on. The receiver might counter this by providing mail drops and couriers (hopefully) unknown to the opposition, which in cases like Wikileaks would mean reliance on network security to transmit a one-time destination address to the prospective leaker. Again, if the network connection is "secure enough" why not just send the dox that way? Numerous variations are possible, of course. I would not consider either option a categorically superior one in /all/ cases. When security really matters, try to do something new and unexpected as well as sneaky and well protected. :o) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQEcBAEBAgAGBQJXs7qbAAoJEECU6c5XzmuqfB4H/jvezm/562UuRNFx5nYqpOZ7 pmmjRGNTjS06czWM0mLszx7CNJhWArHgG79vM+wqfk37jRU5VTgUYuwbqBT/vA1L qqGOP1T0GQdBsK+4T+hbJ2P7Mz4X74zmWAcCQpW6MDqGRvYdx50Z1Zku10HUnntv VY1GE5hFRp4CP2AFK5gkphCixDlxQDeA/MMsj0AVhONaF+/B94p39OFgCJrJkS+2 368ZwU7mDfKSLoWdrhhXLkjtIMYmqu7Xgy4ui/w16LYZRlKWCyen628qYERCi447 RiMNcVnnAjEuH4bR7zRu4av+2Xa+kPsGdx8jQJqNanNEZSoEW6dVupwkglAXkTc= =DAxg -----END PGP SIGNATURE-----
participants (6)
-
Cecilia Tanaka -
John Newman -
juan -
Marina Brown -
Rayzer -
Steve Kinney