/g/ - Technology

install openbsd

[Make a Post]
[X]





Nanonymous No.6434 [D][U][F][S][L][A][C] >>6444
File: 695270a437272d6f7a8898d1014fdeda3fca42d88d5a32efc0436f5a5c0401d5.jpg (dl) (9.81 KiB)
Ublock origin stopped working on tor again. Why do the retards to this to me. I demand to know why, I demand this work, I demand tendies and plug and play applications. How do I even fix this retard shit from happening again, like it happened now and a few months ago

Nanonymous No.6435 [D]
works on my machineā„¢

Nanonymous No.6437 [D] >>6438
>using TBB

Nanonymous No.6438 [D]
why would you need Ublock origin in TBB? it only lowers your anonymity

>>6437
policeman

Nanonymous No.6441 [D][U][F] >>6442 >>6451 >>6528
File: 25702048de9063f71116ea7c5e9ffd4978fa340837095f1ff62a692b1886124d.png (dl) (2.86 MiB)
Imagine being so irredemably retarded so as to use any content blocker that isn't uMatrix

Nanonymous No.6442 [D]
>>6441
Imagine being so retarded to use any content blocker instead of simply running Tor Browser on high security setting which disables javascript

Nanonymous No.6444 [D] >>6461 >>6478
>>6434
>Ublock origin stopped working on tor again.
This is impossible. ublock origin does not integrate with tor in any way. It could not have worked with tor in the first place, and so can't have stopped working with it now.

You may be referring to the Tor Browser, which is a totally different piece of software. If this is the case, you are literally retarded and can be certain that using or not using ublock origin is completely irrelevant for you, because I can guarantee you've already been pwned by any party interested in pwning you many times over.

Nanonymous No.6451 [D][U][F]
File: e89caa7b88e88349aa646a66163359d1dc88ec2fcea657a7a3ccdf728f5bf916.jpg (dl) (82.43 KiB)
>>6441
>Imagine being so irredemably retarded so as to use any content blocker that isn't uMatrix
this and
>Imagine being so irredemably retarded so as to visit sites that require usage of umatrix

Nanonymous No.6461 [D] >>6463
>>6444
>You may be referring to the Tor Browser, which is a totally different piece of software. If this is the case, you are literally retarded
Tor Browser is the only browser that provides anonymity and privacy
users of other browsers, even with Tor network, are brain damaged

Nanonymous No.6463 [D] >>6482
>>6461
TBB is a "high profile" target, and I understand why someone would be very uncomfortable about this. But using other browsers is really asking for all kinds of trouble unless you actually know what your browser is actually doing (which one almost certainly does not if it's not lynx or some text-based browser).

Nanonymous No.6478 [D]
>>6444
I'm retarded and just had to restart my browser

Nanonymous No.6482 [D] >>6485 >>6491
>>6463
any other browser than TBB is fingerprintable
even if you change useragent in lynx it will behave and look different to TBB

also, only TBB has proper url bar circuit isolation. when you visit site A you will get different circuit than when you visit site B
when both site A and site B will load some external resources like google or jquery, different circuits will be used

it is not possible to achieve something like that in lynx, unless you edited the source code

Nanonymous No.6485 [D] >>6486 >>6488 >>6521 >>6591
>>6482
>any other browser than TBB is fingerprintable
Depends on the capabilities. If you fake the user agent and, like Links or w3m, you don't have anything to process CSS and JS with, are there any methods of getting your fingerprint? Aside from being a rare minority that isn't using those two.

>also, only TBB has proper url bar circuit isolation
Now this bothers me. Correct me if I'm wrong, but it's because TBB is custom built and isn't using the system wide install of the tor daemon that you would use for everything else. So when you're writing a program that uses connections over the daemon, you don't have any methods of setting/resetting circuits aside from sending something like SIGHUP to it. Nanons have been posting their tor & lynx configs in other threads, but I can't remember which ones and I'm not sure that it replicates TBB functionality either.

Nanonymous No.6486 [D]
>>6485
https://stem.torproject.org/api.html
Don't know if Tor Browser uses the API or calls directly.

Nanonymous No.6488 [D] >>6503 >>6591
>>6485
>Depends on the capabilities. If you fake the user agent and, like Links or w3m, you don't have anything to process CSS and JS with, are there any methods of getting your fingerprint?
other header items (ACCEPT, ACCEPT_ENCODING etc)
order of header items
order of requests (if page has images and other stuff)

>Aside from being a rare minority that isn't using those two.
this is another unique bit of fingerprint

>Correct me if I'm wrong, but it's because TBB is custom built and isn't using the system wide install of the tor daemon that you would use for everything else. So when you're writing a program that uses connections over the daemon, you don't have any methods of setting/resetting circuits aside from sending something like SIGHUP to it.
Tor bundled with TBB is standard Tor. you could connect TBB in safe way to system wide Tor install, if you used same config that Tor bundled with TBB uses.
however, TBB has special code that sets proxy username & password when TBB wants another circuit for another tab, when Tor receives that proxy username it knows it should use another circuit. you cannot achieve that in Lynx unless you implemented same thing into it's code
>Tor circuit and HTTP connection linkability
>Design Goal: Tor circuits and HTTP connections from a third party in one URL bar origin MUST NOT be reused for that same third party in another URL bar origin.
>Implementation Status: The isolation functionality is provided by a Torbutton component that sets the SOCKS username and password for each request. The Tor client has logic to prevent connections with different SOCKS usernames and passwords from using the same Tor circuit. Firefox has existing logic to ensure that connections with SOCKS proxies do not re-use existing HTTP Keep-Alive connections unless the proxy settings match. We extended this logic to cover SOCKS username and password authentication, providing us with HTTP Keep-Alive unlinkability.


>So when you're writing a program that uses connections over the daemon, you don't have any methods of setting/resetting circuits aside from sending something like SIGHUP to it.
you have method, you can do what TBB does, you can control circuits by setting socks proxy username & password. but you also need to connect to Tor socksport that uses KeepAliveIsolateSOCKSAuth flag. you can open TBB and look what parameters it runs Tor with

>Nanons have been posting their tor & lynx configs in other threads, but I can't remember which ones and I'm not sure that it replicates TBB functionality either.
it doesn't replicate TBB functionality, their setups are a failure and they are idiots
it might be possible to simulate TBB to some degree with lynx, but that will require code changes in lynx, not some stupid useragent change

Nanonymous No.6489 [D]
more here
https://2019.www.torproject.org/projects/torbrowser/design/

Nanonymous No.6491 [D] >>6509 >>6591 >>6602
>>6482
>it is not possible to achieve something like that in lynx, unless you edited the source code
You are right, but I suppose I am more concerned with browsers being prone to hidden mischief or not cleanly functioning in proxy mode (eg, leaking DNS, phone home with real IP), etc etc. It's now nearly impossible to trust most browser software to only do what it says on the tin.

Nanonymous No.6503 [D] >>6509
>>6488
>other header items (ACCEPT, ACCEPT_ENCODING etc)
>order of header items
If you're making your own program, these can be emulated to resemble TBB, as needed.
>order of requests (if page has images and other stuff)
This is a problem, yeah. I've read that Cloudflare is using it a lot for fingerprinting. However, with a lot of requests and time differences due to routing, won't it generate a lot of false positives as well?
>this is another unique bit of fingerprint
Here's another way to look at it - how many users browsing with Tor actually have the safest option by default and never toggle JS on websites? Given that major things your average person might use almost always require scripts to be on, this would also put you in a smaller crowd. But that shouldn't really deter you from disabling it, I think. Same with CSS, it does make you stand out but it also reduces your attack surface by a lot.

>however, TBB has special code that sets proxy username & password when TBB wants another circuit for another tab
>Torbutton component
>KeepAliveIsolateSOCKSAuth
Thanks, this makes a lot more sense than what I have found before (using controlport with secret to change circuits).

Nanonymous No.6505 [D]
Recent post about frequenting from the Tor project related: https:// blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead

Nanonymous No.6509 [D] >>6554 >>6591
>>6491
>but I suppose I am more concerned with browsers being prone to hidden mischief or not cleanly functioning in proxy mode (eg, leaking DNS, phone home with real IP)
firewall and/or whonix VM is what can protect you from TBB leaking DNS, phoning home with real IP
I had situations when TBB tried to make direct connection, it wasn't an active attack though

>It's now nearly impossible to trust most browser software to only do what it says on the tin.
but solution is not to create your own unique setup with lynx that will stand out. it wouldn't be that bad if nanochanners decided on a single setup with lynx+tor, same settings etc

>>6503
>If you're making your own program, these can be emulated to resemble TBB, as needed.
but not if you run lynx+Tor, unless you edit source code and recompile

>However, with a lot of requests and time differences due to routing, won't it generate a lot of false positives as well?
web browsing is based on TCP, not UDP, and it also uses keep alive (persistent connection). routing or time differences doesn't matter with TCP, each packet has number and they are reordered when they arrive
but this order of requests could also be simulated in your own program that connects to websites with Tor. but order of requests will be different in Lynx compared to TBB unless you edit the source code to make it the same

>Here's another way to look at it - how many users browsing with Tor actually have the safest option by default and never toggle JS on websites? Given that major things your average person might use almost always require scripts to be on, this would also put you in a smaller crowd. But that shouldn't really deter you from disabling it, I think. Same with CSS, it does make you stand out but it also reduces your attack surface by a lot.
some do browse with safest option. I visit child pornography forums and pedos there often say to use Highest security setting, they upload child pornography videos to sites that work without javascript.
lets guess that 10% of TBB users use Highest setting. that's smaller crowd but still pretty big. but how many Tor users disable CSS or use web browser that doesn't support CSS? only a few people from nanochan. so this is bad thing for privacy unless we convinced thousands of people to not use CSS

Nanonymous No.6521 [D] >>6584
>>6485
>http://links.twibright.com/download/ChangeLog
>Sat Aug 3 18:20:54 CEST 2019 mikulas:
>
> Report "Lynx/Links" user agent when searching on Google so that
> Google returns non-css page
No thx

Nanonymous No.6528 [D] >>6552
>>6441
kys cucksumer. there is no good solution to webshit but atm one of the best is just run a firefug fork with javascript.enabled;false and use the usual extra profile with JS for your bank if you're retarded enough to do banking on THE FUCKING WEB

Nanonymous No.6552 [D]
>I visit child pornography forums and pedos there often say to use Highest security setting, they upload child pornography videos to sites that work without javascript.
Are you a pedo?

>>6528
>kys cucksumer. there is no good solution to webshit but atm one of the best is just run a firefug fork with javascript.enabled;false
the only acceptable solution for now is to use Tor Browser

>and use the usual extra profile with JS for your bank if you're retarded enough to do banking on THE FUCKING WEB
this is dumb, you will report your IP and location every time you login into the bank

Nanonymous No.6554 [D] >>6562
>>6509

You deserve to get caught. Please don't openly admit to disgusting crime here.

Nanonymous No.6562 [D] >>6593 >>6595
>>6554
>You deserve to get caught.
I don't deserve and I won't. keep dreaming

>Please don't openly admit to disgusting crime here.
fuck you cuck
I watch and distribute child pornography on the internet. I also fuck kids in real life and produce CP with them. there is nothing wrong with love and sex with children. I never saw any convincing argument against sex with children. Just try it and stop hating

Nanonymous No.6584 [D]
>>6521
You can change the user-agent, you fucking idiot. Go read a fucking book, you don't deserve to be inside this community.

Nanonymous No.6586 [D]
>Bait post gets 25 replies
The absolute state of nanochan

Nanonymous No.6591 [D] >>6602
>>6485
>but I can't remember which ones
This is the thread:
https://nanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onion/g/4669.html

>>6488
All your points have already been addressed on the other thread.
>TBB has special code that sets proxy username & password
Bullshit. Tor already have this, it's called "IsolateSOCKSAuth".
>HTTP Keep-Alive connections
Links doesn't support that. The only long lived connection is for uploads.
>>6491
>You are right
No, he is not.
>>6509
>routing or time differences doesn't matter with TCP
You don't even know what the hell you're talking about, do you?

Nanonymous No.6593 [D]
>>6562
>I also fuck kids in real life and produce CP with them. there is nothing wrong with love and sex with children. I never saw any convincing argument against sex with children. Just try it and stop hating
based af

Nanonymous No.6595 [D]
>>6562
based pedo

Nanonymous No.6602 [D] >>6606
>>6591
>Bullshit. Tor already have this, it's called "IsolateSOCKSAuth".
do you know what IsolateSOCKSAuth flag does? it makes Tor make separate circuit if different user/pass in socks connection was used. if you connect Links, Lynx or any other browser this flag will do nothing, because socks user and pass will be the same on every request
Tor Browser has special code that sends different user/pass on each isolated tab (for example one group of tabs with nanochan, other with wikipedia, other with child porn site), tor receives different user/pass so it knows to use another circuit for each of those sites
any other standard browser won't send different user/pass in socks so Tor will do shit with IsolateSOCKSAuth
IsolateSOCKSAuth requires browser cooperation, Tor Browser is the only one I know that does it. not sure about Brave browser, it has Tor support but I didn't look how is it implemented

there is another Tor socksport flag that can be useful for Links+Tor idiots: IsolateDestAddr
if you set this flag to socksport and connect Links to this port, it will use different circuits for different websites, however it will only work properly for sites that don't do any 3rd party requests, like nanochan
any other sites that connect to other servers to load images or scripts will work different than in Tor Browser, and if two sites connect to google or jquery etc, same circuit will be used
that's why I explain to use Tor Browser instead of stupid Links+Tor. Links+Tor might be acceptable but only if we modify Links code

>Links doesn't support that. The only long lived connection is for uploads.
that's bad. Firefox and Tor Browser use keep-alive, if Links doesn't this fact alone makes it stand out from Tor Browser

>>6491
>No, he is not.
show how to do it then

>You don't even know what the hell you're talking about, do you?
I do know. If you know better, explain how TCP works then
We were talking about order of requests, they can be used for fingerprintng and identifying different browsers. TCP will make sure packets are read in proper order

Nanonymous No.6606 [D]
>>6602
>show how to do it then
>If you know better, explain how TCP works then
Everything you are saying was already discussed on the other thread. I won't repeat myself here:
https://nanochanqwrwtmamtnhkfwbbcducc4i62ciss4byo6f3an5qdkhjngid.onion/g/4669.html