Concealing what operating system image someone downloads is a part of concealing what operating system someone is using. I think that concealing what operating system someone is using has benefits to privacy and security.

You are thinking of some other website. ;-)

The images were uploaded to the main mirror on the weekend without an announcement so they could be distributed to the other mirrors first. Release notes are now available now at http://knopper.net/knoppix/knoppix760-en.html .

Regards
-KK

Tor isn't supposed to be used for harmful downloads/activities ONLY. And it is those who are using it to do something nasty are to blame for negative reputation it gets, in first place. And so, harmless downloads are part of Tor. Just as they are part of any other network.

There is no "more important" and "less important" things. This is utter BS. You can count on powerful business analytic logic running in background and processing all URL, doing a deep classification. It can be used to build profiles, etc. To detect you later anywhere. Ever called into some call center? And heard warning they are recording, etc? What do you think they do with recordings? They analyze voice. And building profiles. So they recognize you every time you speak. This used to blacklist "bad" customers, etc. And of course it can have a plenty of other uses, like total control, tracking each and every step, etc.

Same happens with URLs these days.

You're clearly noob in the very basics of anonymity and privacy. The whole point of Tor is that it is impossible to distinguish various actions, be these "good", "bad" or whatever. Not to mention definitions of good and bad vary wildly across communities, countries and jurisdictions, so what is good in one place can easily warrant you capital punishment in another place. And so, you can't know if I'm downloading Linux distro or doing something else. So, I could be downloading Linux distro. Take that. So, say, police knocking my door "because I've used Tor" stands a good chance to find I've just downloaded that fucking Linux distro. Which both makes Tor more legit since it turns out it haves good, 100% legal uses, and discourages poorly thought police actions, etc. But it seems some people have rather primitive ways of thinking, failing to compute consequences further than 1 step away...

Of course. Browser set up to use it. In fact, it is more complicated and you would be surprised to learn how my intranet works. I'm not going to explain details, but at the end of day I'm seeking it both to be universally accessible to me as long as there is ANY network connectivty, even limited/firewalled one. And another goal is to keep it under control, fending off eavesdroppers, thwarting unwanted software behavior and somewhat raising bar for network attacks and exploits. That's how networks are really supposed to work. There is long way to go to get it right, but I've assembled a very draft sketch. And sometimes it looks rather funny.

Sure thing. This is one of the goals. Only involved parties should have knowledge of what's going on. This is what called privacy. Everyone else would see just garbage. Without any knowledge if it something "good" or "bad", and what are real source and destinatoin. That's how it supposed to work .

...and before being so happy download failed: have you ever thought working it around is as simple as that:

Tor -> some random proxy -> server.

Would take me hardly more than 2 minute to assemble a chain and point my downloader to this proxy. I can also do multi-stream download if needed, so you can be sure, if something goes slow, I will be last person to suffer from that. But actually I'm not that evil and I take care on fair resource usage, etc. So I usually trying to do heavy downloads in off-peak hours and if it's not a case I could limit rate, etc. So much for happiness, etc. You see, there is no way to deny me anything in network without making resource really private. And even then, if its community large enough, you never know if I'm here or not. That's how privacy supposed to work

VPNs give little privacy on their own. It is a matter of contacting single entity to get mapping of your IP -> actions outcoming from VPN. Not too much efforts, eh? Even most of smartass skilled "lifehackers" (or just hackers) can try to deal with it, not to mention more powerful adversaries.

And if you turn Tor on and off, you see, once some site set up tracking cookies, it is not a big deal if you use tor or not anymore. All IPs are going to be linked to same unique ID, no matter if there was Tor, etc. Should there be your real IP or some linking to accounts, you lose. So, privacy is hard thing even if you do it right, and doing it half-way just does not works. Face that.

If you paid money, your privacy is already gone. Except maybe if you pay by Bitcoin and able to do it right. Which isn't exactly easy, and if you fail to do it right, Bitcoin actually records all transactions in public database, so... yes, you can try to track, say, all transactons of, say, on Phoronix wallet

So basically, if we think twice, you told us:
- Dear local police, if you ever see Tor traffic originating from my house, you should immediately catch me. Because you can count it is "bad" download.
- If some doubts about my personality still exists, I've also used VPN, you can check it, I've paid it using my credit card.

So if you behave like this, you do not need Tor at all and do not have to worry about it speed in first place - it would not protect you from anything at all, so you only killing your connection speed without achieving anything - most of your actions still can be linked to you, most of time it would happen automatically, you can count on it . Even 15 years ago servrs were already able to distinguish "unique visitors" numbers. Guess what they did.

...on side note, there is plenty of free VPNs, btw . But you never know who controls VPN and what they really want and what they really do. You can set up own server. But it also solves it only partially, because you can't guard your server in remote location 24/7 anyway, nor you know what exactly datacenter does in their network.

Sure, and comcast who is even actively hijacks traffic is a joke, etc. It is just amazing how silly, shortsighted or naive some people could be.

It seems some people are much better with it when they are getting exploit targeting their exact version of browser and OS, etc. Sure, it makes attacks far more convenient.

The Knoppix authors don't run any FTP servers. Which server did you try?

FTP mentioned in news article, obviously - ftp://ftp.uni-kl.de/pub/linux/knoppix-dvd/

Though it seems I've been dumbass enough and blamed really wrong person: it has been a mirror, so I guess I'm really wrong about blaming Knoppix author. Sorry about that!!! It seems it just some overzealous ftp admins. Though I still wonder why they are so eager to learn my IP.

ftp.uni-kl.de is a server at the University of Kaiserslautern. I just tried connecting there with Tor configured as socks5 proxy in firefox using the http-Protocol, which works just fine. For the ftp protocol, you may need a different browser setting because of the nature of ftp with a reverse control/data connection:



otherwise you get the security error message that you probably meant. The easy fix is using http, not ftp.

knopper Wow, I'm impressed! Its very kind to explain it to me. I'm ashamed to admit with my knowledge of networking I'm supposed to know it myself, yet I somehow missed it, probably because I rarely use FTP & got misleading error message. Hey, Nille, wouldn't world be a better place if we all would try to be like Knopper?