Delivery-Date: Tue, 23 Sep 2014 12:45:50 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 78BBE1E0B71;
	Tue, 23 Sep 2014 12:45:49 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D00202133A;
	Tue, 23 Sep 2014 16:45:41 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 4C41D2105C
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 16:45:37 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id y_cH56aXyC9n for <tor-talk@lists.torproject.org>;
 Tue, 23 Sep 2014 16:45:37 +0000 (UTC)
Received: from mail-wg0-f48.google.com (mail-wg0-f48.google.com [74.125.82.48])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 02EDB20FA9
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 16:45:36 +0000 (UTC)
Received: by mail-wg0-f48.google.com with SMTP id x13so1543049wgg.31
 for <tor-talk@lists.torproject.org>; Tue, 23 Sep 2014 09:45:33 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:sender:message-id:date:from:user-agent
 :mime-version:to:subject:references:in-reply-to:content-type
 :content-transfer-encoding;
 bh=cOKceGmcfbrSgY67q8hLf/7J43eXa5+70eMmTxyq2qk=;
 b=RLIJz9+Q2AxU1ihrShX6oQM/RTzglW8GNUcJgLUNCp0eZid7e+gkRhDVL7PYuVjy0r
 3JjrOxRPdylOdrWgvUJl1osA9WS0DYt5VMa7MJEFmNy9L8QouDSZzD4jef1WpqWmgxmt
 CB2aUu/WMs9zbTh3TVd47J5ni+JguCf61WhDx3LIwTyGFYNrLUXNMMAo+y+SqOHloeAK
 AZ6Uuq8HkEwI2akJlIFZKPQB7MM4UFQdM8m2OrbHZmP4Fa42nil/DAF62b7fOK/Zynge
 /vg2nWXVhVfjnuhxjAZKgheyg507t/jW1a/HuLbH82L0ZVSz9olLcAf80nTKzx9MT2Y8
 H5vA==
X-Gm-Message-State: ALoCoQlW/in04tgpREIfTgNsjBlWPEs2HxpPfF3Ze5y2hX0M3p75AM2whS7dInhbT0lAA+Fyzmz7
X-Received: by 10.180.219.106 with SMTP id pn10mr11512627wic.51.1411490733794; 
 Tue, 23 Sep 2014 09:45:33 -0700 (PDT)
Received: from MacBookAir-2.local (net-91-81-94-22.cust.vodafonedsl.it.
 [91.81.94.22])
 by mx.google.com with ESMTPSA id bj7sm16491752wjc.33.2014.09.23.09.45.32
 for <tor-talk@lists.torproject.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Tue, 23 Sep 2014 09:45:33 -0700 (PDT)
Message-ID: <5421A3AB.4090100@infosecurity.ch>
Date: Tue, 23 Sep 2014 18:45:31 +0200
From: "Fabio Pietrosanti (naif)" <lists@infosecurity.ch>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9;
 rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <CAD2Ti2-v-LZc1dnXiz7tbRRH8k=Zx080wY_UGs7LF_Zh0=DsOQ@mail.gmail.com>
In-Reply-To: <CAD2Ti2-v-LZc1dnXiz7tbRRH8k=Zx080wY_UGs7LF_Zh0=DsOQ@mail.gmail.com>
Subject: Re: [tor-talk] TPO/TBB clone on SourceForge, use of TPO name
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Il 9/22/14, 11:42 PM, grarpamp ha scritto:
> Whether clones or worse, there's something
> very weird going on with these guys.
Here an OSINT notes/analysis on several of that "suspicious" software:
https://docs.google.com/spreadsheet/ccc?key=0AqtQ4kKC2rLzdEVjWkxTcUVTTWxmdnh4VWFDY25zTHc&usp=sharing

I've been particularly considering also other "suspicious" software that
has been "strangely" solicited/promoted across many activists community
but comes from unknown/anonymous persons.

Please note that such TorProject copycat site seems to be particularly
targeting UAE users from Sourceforge's stats:
- TorBrowser (16.170 download with 2nd top-country UAE)
- Browser4Tor  (357 download, with 46% from UAE)

That analysis is a bit old, September 2013, but may contain userful info
for people digging into that problem.

-- 
Fabio Pietrosanti (naif)
HERMES - Center for Transparency and Digital Human Rights
http://logioshermes.org - http://globaleaks.org - http://tor2web.org

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

