Delivery-Date: Fri, 31 Oct 2014 17:58:31 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 7192C1E0053;
	Fri, 31 Oct 2014 17:58:29 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 12161318DE;
	Fri, 31 Oct 2014 21:58:21 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C54D3318C3
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 21:58:17 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id JtmbseKdM7qP for <tor-talk@lists.torproject.org>;
 Fri, 31 Oct 2014 21:58:17 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 8E67D31875
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 21:58:17 +0000 (UTC)
Received: from berryeater.riseup.net (berryeater-pn.riseup.net [10.0.1.120])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id D381341C7C
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 21:58:14 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1414792694; bh=Sao8fdzCnErMZoNMSA1tjSm3rPgWbRGpd+gbibwVCA4=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=BMyJo1NtM2L4NkgimR0j2b3feychSz0rajVNnSR5Iia4vUksxBiPsgsUP4xjmj8Ij
 E+vo+znCe56U6AfM0KzMSAzzB1/e9DhywJVbA2PPw6FmXXJ5O7uS1Cm2dTQVrXami2
 EQp87JlWluPmyy609jB7FhTOVAi/1Q7h4QSwjfKY=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: mirimir) with ESMTPSA id 138DC42EA5
Message-ID: <545405EF.7000200@riseup.net>
Date: Fri, 31 Oct 2014 15:58:07 -0600
From: Mirimir <mirimir@riseup.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
 rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <20141031122302.GA5554@glue.grepular.com>
 <D078CF97.816C%alecm@fb.com> <5453AF92.906@afo-tm.org>
 <20141031161231.GE25941@inner.h.apk.li>
 <CAMCPh3x2ddjwrV-cDP9Xd1yrTS0J4R2Ftx8+5bN4GFsgoW8JDg@mail.gmail.com>
 <CAAnkLT3M0aRUk15PrHudBJSJ-9OJNMT4p2eQk1MmPbErxgXUwA@mail.gmail.com>
In-Reply-To: <CAAnkLT3M0aRUk15PrHudBJSJ-9OJNMT4p2eQk1MmPbErxgXUwA@mail.gmail.com>
X-Virus-Scanned: clamav-milter 0.98.4 at mx1
X-Virus-Status: Clean
Subject: Re: [tor-talk] Facebook brute forcing hidden services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On 10/31/2014 11:07 AM, Mike wrote:
> Here is an obvious question that I can't figure out.
> Why would you use a service that cares nothing about keeping your details
> secret?
> They'll give you up to the state faster than you can blink.
> 
> If you are in a country that blacklists facebook, (china) logging onto
> facebook should be the least of your concerns. TOR and facebook don't
> belong in the same sentence.

If I were using Facebook under those circumstances, I would use a
pseudonym. I wouldn't reveal anything sensitive, and I would avoid
interacting with anyone that I knew in meatspace. But then, the same
applies to any public forum, including this mail list ;)

> Honestly if I was running an exit node still. I'd just add facebook to
> nullroute right now.
> 
> On Fri, Oct 31, 2014 at 12:52 PM, AntiTree <antitree@gmail.com> wrote:
> 
>> It appears that someone has been issued a facebookcorewwwi.onion cert
>> from another CA as .onion has no way of verifying a collision.
>> https://news.ycombinator.com/item?id=8538527
>>
>> On Fri, Oct 31, 2014 at 12:12 PM, Andreas Krey <a.krey@gmx.de> wrote:
>>> On Fri, 31 Oct 2014 16:49:38 +0000, AFO-Admin wrote:
>>> ...
>>>> Hi,
>>>> i really think that this is a good thing, because i think this hidden
>>>> service will get a lot attention in countries where Facebook is
>>>> blocked.
>>>
>>> In blocking countries you'll use Tor whether you to the .com
>>> or the .onion domain. The way around the block is tor, not the
>>> hidden service.
>>>
>>> The hidden service add a protection layer to the traffic from
>>> the tor network to facebook, but they are using SSL anyway.
>>>
>>> And it remains to be seen what they do with static assets
>>> that are loaded from different domains - but actually it wouldn't
>>> matter when those are not going through the hidden service.
>>>
>>> Andreas
>>>
>>> --
>>> "Totally trivial. Famous last words."
>>> From: Linus Torvalds <torvalds@*.org>
>>> Date: Fri, 22 Jan 2010 07:29:21 -0800
>>> --
>>> tor-talk mailing list - tor-talk@lists.torproject.org
>>> To unsubscribe or change other settings go to
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

