[quoting you in full since this mail was eaten by the whonix-devel list
for some reason even though I manually allowed it]
intrigeri:
> Hi,
>> [can you please decide what mailing-list this discussion should happen
> on, and then we can stop cross-posting over 4 mailing-list?]
>> Patrick Schleizer wrote (02 Jan 2016 22:36:13 GMT) :
>> But I think location aware Tor entry guards (LATEG) are wrong headed.
>> The topic of LATEG is so difficult to explain to the user, that as you
>> plan, you cannot add it the the UI. Perhaps buried under an advanced
>> setting, but that's not worth so much. So it cannot be manual by
>> default. Only automatic.
>> I agree.
>>> Which brings me to the issue.
>>> There is a reason, why Tor picks a Tor entry guard and sticks to it. By
>> changing it more often than Tor would do, you are subverting the reason
>> for using Tor entry guards in the first place. In a sense, you are to a
>> small degree thereby becoming a Tor developer, and modifying Tor's relay
>> choosing algorithm.
>> I think I see what you mean, and indeed it's the kind of things about
> which my self-confidence is pretty low, and I'd personally rather
> avoid fiddling with things I don't understand.
>> But the thing is: by using random guards every time Tails starts, we
> are _already_ making the very same kind of decisions. Only, we are
> making it very badly, and this has been going on for too many years
> already.
>> Let's face it: as distro integrators, in the current state of things,
> we have to make a decision to compensate for the fact that Tor's guard
> selection wasn't designed with our threat model in mind.
> Keeping things as-is would be a decision. Using fully persistent entry
> guards (not location aware), like Tor Browser users get currently,
> would be another decision. We cannot escape it, so we're trying to
> make this decision in a way that's much better for the vast majority
> of Tails users.
The simplest answers to give it are "same as Tor default", "same as
Debian system Tor" and/or "same as TBB". Since you can install Debian
and Tor on USB or TBB and USB, then be on travel, The Tor Project has
decided to keep entry guards across geographical location. The would
imho be the best [as closest to TPO] solution that any Tor focused
distribution can do.
>> I wonder, if the whole LATEG thing would not be much better implemented
>> in Tor itself. If so, then any (further) research of the entry guard
>> topic would still apply to Tails, and not to Tor only.
>> With my (lazy by design) distro integrator's hat, I can only agree:
> the more work is done by little-t-tor, the less I have to deal with
> myself, and the more is shared cross-distro. Yay.
>> However, taking a step back, I'm not sure it makes a whole lot of
> sense: to be location-aware, tor would have to gain knowledge about
> new concepts, and interface with OS services, that it can currently
> happily ignore so far; add to this that tor is multi-platform;
> I expect it's not an easy problem to deal with at this specific place,
> but again: if someone solves it, I certainly won't complain :)
>>> The documentation advice for advanced users caring about AdvGoalTracking
>> could be to use obfuscated [private] bridges and to alternate
>> them per travel location.
>> Right, I think it's important that people who what more control can
> get it this way, and IIRC our current best proposal does not prevent
> anyone from doing this.
>>> Or perhaps you might be able to explain in tor-launcher /
>> anon-connection-wizard [1] [2] [3] the LATEG / AdvGoalTracking issue.
>> If the configuration GUI has good facilities to document a broad and
> complex problem, yay, bringing the doc closer to the software is
> probably a winning strategy.
>>> [...] By adding the SSID, we prevent attackers from being able to
>>> spoof only the MAC address of the router to reuse a given Tor state;
>>> they also have to spoof the SSID which is visible to the user and might
>>> be detected as malicious. [...]
>>> I find it unlikely, that users might judge an often changing SSID
>> malicious. FreeWifi832458252823523 vs FreeWifi358235892435. How many
>> users are going to remember that? I would guess, they would just click
>> through whatever hoops required to make the WiFi connect again.
I'll rephrase this below.
> I have no time/energy to think seriouly about it now, and I've been
> postponing my reply for a month due to this, so I'll try to be
> pragmatic: I'm adding this as a FIXME on our blueprint, and will come
> back to it later.
>> I'm not sure I understand the problem you mean to raise, though.
> Can you please elaborate what problem you see if users do exactly this
> ("click through whatever hoops required to make the WiFi connect
> again", which I agree is very likely)?
day 1
1) Tails user regularly goes to physical place A that provide [free] WiFi.
2) The name of the wifi is FreeWifi832458252823523 with MAC address "A".
The user uses the regular way to set up a WiFi connection. Network
Manager etc.
3) Now, Tails would remember FreeWifi832458252823523 and assign entry
guard A.
day 2
3) Tails user goes to the same physical place A that provide [free] WiFi.
2) The name of the wifi has changed to FreeWifi358235892435 with mac
address "B". The user uses the regular way to set up a WiFi connection.
Network Manager etc.
3) Now, Tails would remember FreeWifi358235892435 and assign entry guard A.
This is the behavior I expect from most users. And this is what I meant
by 'users will click through whatever hoops required to make the WiFi
connect again'.
*
The entry guard selection would now be influenced by by the provider of
the [free] WiFi. And I think such an adversary capability is something
as we agree that is to be avoided.
To make the attack better, the adversary could decide to tear it down.
The user would likely recognize this as networking would fail. Then the
user would likely look into Network Manager scan results and click the
next FreeWifi[somelongnumberhere].
To have location aware code, you need to gather location data. WiFi
names, signal strength, MAC addresses are not suited to conclude the
current location as this information can be influenced by adversaries.
You perhaps would have to gather such data from GPS. [I don't know if
there are attacks against it that are related here.] But I guess most
devices where Tails is running nowadays don't have GPS.
So you would have to ask the user for its location. But usability wise
such questions are awful.
Cheers,
Patrick
More information about the Whonix-devel
mailing list
“Look here!” Dick began to chuckle. “We’ve got a queer combination to work with—our Sky Patrol has! Suspicious Sandy—and—Superstitious Jeff!” Sandy grinned ruefully, a little sheepishly. Larry smiled and shook his head, warning Dick not to carry his sarcasm any further, as Jeff frowned. 52 "You do doubt me. If you did not, it would never occur to you to deny it. You doubt me now, and you will doubt me still more if you don't read it. In justice to me you must." "That same. She was part Mescalero, anyway." This Act, as disgraceful as any which ever dishonoured the statute-book in the reigns of the Tudors or Stuarts, was introduced into the Commons, on the 12th of May, by Sir William Wyndham, and was resolutely opposed by the Whigs, amongst whom Sir Peter King, Sir Joseph Jekyll, Mr. Hampden, Robert Walpole, and General Stanhope distinguished themselves. They did not convince the majority, which amounted to no less than two hundred and thirty-seven to one hundred and twenty-six. In the Lords, Bolingbroke himself moved the second reading, and it was ably opposed by the Lords Cowper, Wharton, Halifax, Townshend, Nottingham, and others. The greatest curiosity was displayed regarding the part which Oxford would take, as it was known that in the Council he had endeavoured to soften the rigorous clauses; but in the House he followed his usual shuffling habit, declaring that he had not yet considered the question; and, having induced the Opposition to let the second reading pass without a division, he absented himself from the final voting, and thus disgusted both parties and hastened his own fall. The battle of Falkirk, which in itself appeared so brilliant an affair for Prince Charles, was really one of his most serious disasters. The Highlanders, according to their regular custom when loaded with plunder, went off in great numbers to their homes with their booty. His chief officers became furious against each other in discussing their respective merits in the battle. Lord George Murray, who had himself behaved most bravely in the field, complained that Lord John Drummond had not exerted himself, or pursuit might have been made and the royal army been utterly annihilated. This spirit of discontent was greatly aggravated by the siege of the castle of Stirling. Old General Blakeney, who commanded the garrison, declared he would hold out to the last man, in spite of the terrible threats of Lord George Murray if he did not surrender. The Highlanders grew disgusted with work so contrary to their habits; and, indeed, the French engineer, the so-called Marquis de Mirabelle, was so utterly ignorant of his profession, that the batteries which he constructed were commanded by the castle, and the men were so much exposed that they were in danger of being destroyed before they took the fortress. Accordingly, on the 24th of January they struck to a man, and refused to go any more into the trenches. "Haint we bit off more'n we kin chaw. Shorty?" asked Si, as he looked over the increasing gang. "Hadn't we better ask for some help?" "How far would it carry?" Corpril, Company Q, 2 Hundsrdth Injiamiy Volintear "He d?an't care much. F?ather, he likes to be comfortable, and this Inclosure w?an't make much difference to that. 'T?un't as if we wanted the pasture badly, and F?ather he d?an't care about land." "Byles," interrupted Calverley, speaking rapidly, "you are poor—you are in arrear with your rent; a distress will be levied, and then what will become of you—of your wife and the little one? Listen to me! I will give you money to keep a house over your head; and when I am steward, you shall have the first farm at my lord's disposal, if you will only aid me in my revenge! Revenge!" he repeated, vehemently—"but you hesitate—you refuse." "Yes, yes, there is little doubt of that: but how can we come at the truth? Sudbury still retains his wrath against us, and would oppose an arrest; and even could he be waylaid, and brought hither, he is stubborn, and might refuse to answer." HoME一级做人爱c视正版免费
ENTER NUMBET 0017 aa7a6.com.cn www.diya3.com.cn www.luli3.com.cn yaodia.com.cn tzron.com.cn wunan7.net.cn www.digan4.net.cn www.kejida.com.cn www.20-00.com.cn www.520ice.com.cn