On 06/09/2018 01:51 PM, Keifer Bly wrote:
I just scanned the picture files using Avast, which I use a a lot and it is a pretty great anti virus program based off of my use with it. Here is the contents of the email in programming code; I don't know about other email services but in Gmail this can be retrieved by signing into the web version (in a web browser) clicking the more options button (next to the replay button) and clicking "show original".
From what I can tell looking at the code, it is encoded using base64 and
the ip address of the web server it was sent from is 104.161.37.109.
However, as for telling anything else, it seems like that would be difficult to do without the right equipment. Let me know what you think.
Thanks for source with headers. I don't see anything useful, though, I do see that "In-Reply-To: 5b182b2c.1c69fb81.390f6.f0ea@mx.google.com" is correct, so the sender is probably subscribed to the list. Getting that right from messages in the online archives would be nontrivial.
But damn: "I joined this site so that i could weed through the guys who aren’t serious and reliable enough to invite to my house where i feel comfortable." Trolling the tor-relays list for nice guys to date? That is bizarre.
On Sat, Jun 9, 2018 at 5:26 PM Mirimir mirimir@riseup.net wrote:
On 06/09/2018 05:28 AM, Keifer Bly wrote:
I was asked by mirmir to send one of the emails as a txt file, and so
here
it is. It is at the google drive link below, I had tried to send it as an attachment, but got a note back saying it was being held because it was
too
big. The zip file contains the contents of the email and the attached images. Thank you. I will try creating a spam filter for the email domain they are coming from, though a few of them have come from yahoo.com
domain,
which annoyingly I can't really block as some of my legitimate contacts
use
yahoo mail. I could try reporting this to Google, what do you think?
https://drive.google.com/open?id=0B_cH2cPZZmbTMmE2Ni1hc1BZbXliM0hMaTZnN19Gcj...
Thanks. But the text there doesn't contain headers. But that's less an issue, because from headers aren't spoofed. The question now is whether this is simple trolling, or attempts to infiltrate machines of relay operators. Someone experienced with malware analysis could examine the images for attack code, as Roman suggested. But that's over my head.
Blocking *.mexyst.com domains, as Neel suggested, will likely stop most of them, with little or no downside. But blocking yahoo.com isn't workable for many. But if they're all as salacious as Keifer's example, blocking on language seems workable. Or language plus domain.
As with Efail, this is a reminder of the risks of decoding HTML, loading embedded images, and fetching remote content. And the importance of compartmentalizing email and browsing from credentials for relay management (and other high-impact stuff, such as finances).
On Fri, Jun 8, 2018 at 9:57 PM Mirimir mirimir@riseup.net wrote:
On 06/08/2018 05:03 PM, Keifer Bly wrote:
This is one of the about 20 emails that have been received. Upon
looking
it
looks like they are spoofing the [tor-relays] subject line. My
apologies
for the subject change but could not find a way to forward the emails without forwarding them from an old conversation. Thank you. (The
subject
this is in reference to is "Spam Emails Received From This Mailing
List").
OK, so they're just using subject lines from the list. And not spoofing the from address.
But what you forwarded doesn't include the headers. By googling, I get this:
| 1) Open the message in your Gmail inbox. | 2) Click the down-arrow in the top-right corner of the message. | 3) Click the "Show original" link toward the bottom of the options | box. The message will open in a separate window with the full | message headers at the top.
Just save that as a text file, and send it to me as an attachment.
Why the bloody hell someone would target users of this list in that way is bizarre. And why you? Rather than me, who is admittedly an outspoken jerk sometimes ;)
---------- Forwarded message --------- From: Becky Janet beckyjanet335900@re.mexyst.com Date: Fri, Jun 8, 2018 at 7:48 PM Subject: Re: [tor-relays] Tor Guard Relay To: Keifer Bly keifer.bly@gmail.com
first you need to trust someone to find real sex partner. So if you
want
to
find real sex partner then you need to trust me. Always i'm telling you it's totally f r e e. Just connect with My Private Page http://datingflirt.info/1stold by submitting you mail, name, age
etc.
I'm
assure you if it's ask any cc then no need to connect with me. So just trust and try. Trust Me & Try It Now NCTB ; After completing this task check your mail ,Automatically you will get my personal phone no in
your
mail within 5 min. Just check your mail (inbox/s p a m) and call me
asap.
I'm waiting for your cam
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Yes, it is extremely strange, it arouses my suspicion. Why would they specifically choose the tor server operator’s list which isn’t going to have large amounts of people for them to meet to begin with? I am concerned this might be an attempted attack against the network trying to lure in the tor network server operators and effect their computers with something malicious. The attachments of the one email did not appear to have any suspicious code, however who knows what may be on the website they are advertising. I have created the suggested filter in m Gmail, thanks for the advice. However, is there a way we can ban email addresses from the relay operators list? It seems like removing the email addresses that have been sending these from the list might be a good idea, if that is possible.
Thanks.
From: Mirimir Sent: Saturday, June 9, 2018 6:11 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Fwd: Tor Guard Relay
On 06/09/2018 01:51 PM, Keifer Bly wrote:
I just scanned the picture files using Avast, which I use a a lot and it is a pretty great anti virus program based off of my use with it. Here is the contents of the email in programming code; I don't know about other email services but in Gmail this can be retrieved by signing into the web version (in a web browser) clicking the more options button (next to the replay button) and clicking "show original".
From what I can tell looking at the code, it is encoded using base64 and
the ip address of the web server it was sent from is 104.161.37.109.
However, as for telling anything else, it seems like that would be difficult to do without the right equipment. Let me know what you think.
Thanks for source with headers. I don't see anything useful, though, I do see that "In-Reply-To: 5b182b2c.1c69fb81.390f6.f0ea@mx.google.com" is correct, so the sender is probably subscribed to the list. Getting that right from messages in the online archives would be nontrivial.
But damn: "I joined this site so that i could weed through the guys who aren’t serious and reliable enough to invite to my house where i feel comfortable." Trolling the tor-relays list for nice guys to date? That is bizarre.
On Sat, Jun 9, 2018 at 5:26 PM Mirimir mirimir@riseup.net wrote:
On 06/09/2018 05:28 AM, Keifer Bly wrote:
I was asked by mirmir to send one of the emails as a txt file, and so
here
it is. It is at the google drive link below, I had tried to send it as an attachment, but got a note back saying it was being held because it was
too
big. The zip file contains the contents of the email and the attached images. Thank you. I will try creating a spam filter for the email domain they are coming from, though a few of them have come from yahoo.com
domain,
which annoyingly I can't really block as some of my legitimate contacts
use
yahoo mail. I could try reporting this to Google, what do you think?
https://drive.google.com/open?id=0B_cH2cPZZmbTMmE2Ni1hc1BZbXliM0hMaTZnN19Gcj...
Thanks. But the text there doesn't contain headers. But that's less an issue, because from headers aren't spoofed. The question now is whether this is simple trolling, or attempts to infiltrate machines of relay operators. Someone experienced with malware analysis could examine the images for attack code, as Roman suggested. But that's over my head.
Blocking *.mexyst.com domains, as Neel suggested, will likely stop most of them, with little or no downside. But blocking yahoo.com isn't workable for many. But if they're all as salacious as Keifer's example, blocking on language seems workable. Or language plus domain.
As with Efail, this is a reminder of the risks of decoding HTML, loading embedded images, and fetching remote content. And the importance of compartmentalizing email and browsing from credentials for relay management (and other high-impact stuff, such as finances).
On Fri, Jun 8, 2018 at 9:57 PM Mirimir mirimir@riseup.net wrote:
On 06/08/2018 05:03 PM, Keifer Bly wrote:
This is one of the about 20 emails that have been received. Upon
looking
it
looks like they are spoofing the [tor-relays] subject line. My
apologies
for the subject change but could not find a way to forward the emails without forwarding them from an old conversation. Thank you. (The
subject
this is in reference to is "Spam Emails Received From This Mailing
List").
OK, so they're just using subject lines from the list. And not spoofing the from address.
But what you forwarded doesn't include the headers. By googling, I get this:
| 1) Open the message in your Gmail inbox. | 2) Click the down-arrow in the top-right corner of the message. | 3) Click the "Show original" link toward the bottom of the options | box. The message will open in a separate window with the full | message headers at the top.
Just save that as a text file, and send it to me as an attachment.
Why the bloody hell someone would target users of this list in that way is bizarre. And why you? Rather than me, who is admittedly an outspoken jerk sometimes ;)
---------- Forwarded message --------- From: Becky Janet beckyjanet335900@re.mexyst.com Date: Fri, Jun 8, 2018 at 7:48 PM Subject: Re: [tor-relays] Tor Guard Relay To: Keifer Bly keifer.bly@gmail.com
first you need to trust someone to find real sex partner. So if you
want
to
find real sex partner then you need to trust me. Always i'm telling you it's totally f r e e. Just connect with My Private Page http://datingflirt.info/1stold by submitting you mail, name, age
etc.
I'm
assure you if it's ask any cc then no need to connect with me. So just trust and try. Trust Me & Try It Now NCTB ; After completing this task check your mail ,Automatically you will get my personal phone no in
your
mail within 5 min. Just check your mail (inbox/s p a m) and call me
asap.
I'm waiting for your cam
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Sat, Jun 09, 2018 at 06:21:16PM -0700, Keifer Bly wrote:
However, is there a way we can ban email addresses from the relay operators list? It seems like removing the email addresses that have been sending these from the list might be a good idea, if that is possible.
Yes, it is easy to unsubscribe people, and to prevent them from subscribing.
But, which addresses shall we unsubscribe? The spammer addresses are not subscribed (I checked). They're likely subscribed as something else, and then sending spam in response to the mails they get.
Maybe there is a mailman module that lets you send a different watermarked mail to each subscriber, or to send mails out with different timing patterns to do a binary search over the list, in order to discover which addresses are triggering the spam? But I don't know of an easy way to do it.
Also, I hear from at least one person that some tor-dev subscribers are getting spams too. :(
As for motivation, my general assumption is not that it's a targeted attack because we are Tor (or even that they particularly know or care what Tor is), but rather that the Internet has been turning into a giant mass of spam, and this event is just another step in that direction. Consider it a variant of the "never attribute to malice that which can be adequately explained by..." sayings.
Sorry for the troubles, --Roger
Dang. I stopped getting them for a while due to the SPAM filter I configured in Gmail, however they are now coming through again. These spammers are trying to be smart by sending these spam messages from different domains; they are now coming from scarlettsofia710182@it.argmx.com
Anyone else getting these?
Thanks.
On Sat, Jun 9, 2018 at 10:38 PM Roger Dingledine arma@mit.edu wrote:
On Sat, Jun 09, 2018 at 06:21:16PM -0700, Keifer Bly wrote:
However, is there a way we can ban email addresses from the relay
operators list? It seems like removing the email addresses that have been sending these from the list might be a good idea, if that is possible.
Yes, it is easy to unsubscribe people, and to prevent them from subscribing.
But, which addresses shall we unsubscribe? The spammer addresses are not subscribed (I checked). They're likely subscribed as something else, and then sending spam in response to the mails they get.
Maybe there is a mailman module that lets you send a different watermarked mail to each subscriber, or to send mails out with different timing patterns to do a binary search over the list, in order to discover which addresses are triggering the spam? But I don't know of an easy way to do it.
Also, I hear from at least one person that some tor-dev subscribers are getting spams too. :(
As for motivation, my general assumption is not that it's a targeted attack because we are Tor (or even that they particularly know or care what Tor is), but rather that the Internet has been turning into a giant mass of spam, and this event is just another step in that direction. Consider it a variant of the "never attribute to malice that which can be adequately explained by..." sayings.
Sorry for the troubles, --Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 07/13/2018 03:07 PM, Keifer Bly wrote:
Dang. I stopped getting them for a while due to the SPAM filter I configured in Gmail, however they are now coming through again. These spammers are trying to be smart by sending these spam messages from different domains; they are now coming from scarlettsofia710182@it.argmx.com
Anyone else getting these?
Thanks.
I haven't received those after posts since June 27. And nothing from *.argmx.com. But I am getting sex spam from a few Gmail addresses, with blank subject lines. New, and perhaps related.
On Sat, Jun 9, 2018 at 10:38 PM Roger Dingledine arma@mit.edu wrote:
<SNIP>
Maybe there is a mailman module that lets you send a different watermarked mail to each subscriber, or to send mails out with different timing patterns to do a binary search over the list, in order to discover which addresses are triggering the spam? But I don't know of an easy way to do it.
That would be a bad precedent, I think ;)
Also, I hear from at least one person that some tor-dev subscribers are getting spams too. :(
Searching for the spam addresses, I found reports from other mail lists. So it's not just Tor lists.
<SNIP>
I looked it up. You can forward the spams that the Gmail address are sending to registrar-abuse@google.com, which reports spam emails and inappropriate content being sent by Gmail users to Google. Try that.
From: Mirimir Sent: Friday, July 13, 2018 7:41 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Jerk spammers on tor-relays (was Re: Fwd: Tor GuardRelay)
On 07/13/2018 03:07 PM, Keifer Bly wrote:
Dang. I stopped getting them for a while due to the SPAM filter I configured in Gmail, however they are now coming through again. These spammers are trying to be smart by sending these spam messages from different domains; they are now coming from scarlettsofia710182@it.argmx.com
Anyone else getting these?
Thanks.
I haven't received those after posts since June 27. And nothing from *.argmx.com. But I am getting sex spam from a few Gmail addresses, with blank subject lines. New, and perhaps related.
On Sat, Jun 9, 2018 at 10:38 PM Roger Dingledine arma@mit.edu wrote:
<SNIP>
Maybe there is a mailman module that lets you send a different watermarked mail to each subscriber, or to send mails out with different timing patterns to do a binary search over the list, in order to discover which addresses are triggering the spam? But I don't know of an easy way to do it.
That would be a bad precedent, I think ;)
Also, I hear from at least one person that some tor-dev subscribers are getting spams too. :(
Searching for the spam addresses, I found reports from other mail lists. So it's not just Tor lists.
<SNIP> _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Yes, it is extremely strange, it arouses my suspicion. Why would they specifically choose the tor server operator’s list which isn’t going to have large amounts of people for them to meet to begin with? I am concerned this might be an attempted attack against the network trying to lure in the tor network server operators and effect their computers with something malicious.
Many TOP POSTED FULL BLOCK QUOTED REPLIES...
Note some potential basic attack known since decades ago. Here's a recap... This can be happening with any topical lists for any number of years now. Some of these ladies aren't looking to fuck, they're looking to fuck you all over. There's even a picture of one of these ladies on page 62... https://static.macmillan.com/static/holt/greenwald/NoPlaceToHide-Documents-U... ... and some STD's to rubber up against from pg 101 on down, actually the entire doc and more such as these too... https://wikipedia.org/wiki/Joint_Threat_Research_Intelligence_Group
Curious there can be many people up in arms tracking down a little spam, yet when it comes to some entity spamming out "Goldbug Messenger" crypto app to some heavy hitting lists, not any of them seem to post public review of whether or not its source code and binary is an exploit or not. So like potential above, many people could be getting fucked unawares.
Be safe and keep your stick on the ice.
Horny Rose wants to marry and exploit many people, lol.
Assuming culprit is a stupid nontargeting subscribed address, list manager does have a way to expose it, users may gripe though, because even if found, reported, and nuked at the source, they'll likely just sign up again.
Readers should just filter locally. And mark them as spam if they want to risk letting the cloud deal with it in some secret and flaky way.
Not posting headers because it's a waste of time.
This saves many people a lot of time... https://neomutt.org/
---------- Reply-To: Rose Gregory rosegregory507495@pe.mexyst.com Date: Mon, 11 Jun 2018 00:53:53 +0000 From: Rose Gregory KendraJohnson.1985@yahoo.com To: grarpamp grarpamp@gmail.com Subject: Re:Re: [tor-relays] Fwd: Tor Guard Relay
Hey just saw ur email reply:) I am kinda bored just at home what's ur deal anyways? you interested in doing something? pic for pic?
Date: Mon, 11 Jun 2018 07:59:55 +0600 From: Rose Gregory rosegregory507495@pe.mexyst.com To: grarpamp grarpamp@gmail.com Subject: Re:Re: [tor-relays] Fwd: Tor Guard Relay
Hey Sweetheart,Are you fr ee now ? I'm waiting for your reply.If you will not get my previous txt then please hit me.I will send you my nacked pics again my number here Sent from my iPhone
On 06/10/2018 03:58 PM, grarpamp wrote:
Horny Rose wants to marry and exploit many people, lol.
Assuming culprit is a stupid nontargeting subscribed address, list manager does have a way to expose it, users may gripe though, because even if found, reported, and nuked at the source, they'll likely just sign up again.
Readers should just filter locally. And mark them as spam if they want to risk letting the cloud deal with it in some secret and flaky way.
Not posting headers because it's a waste of time.
This saves many people a lot of time... https://neomutt.org/
I've looked at known spam, and they all come from either m111.bytekeys.com (104.161.37.109) or us27.axiobyte.com (104.161.37.152). Both are hosted on mellowhost.com by Input Output Flood LLC. Funny name, no? The abuse contact is Gabriel Ramuglia (abuse@ioflood.com). I suggest that we all file abuse reports.
Here's the supporting data.
from https://ipinfo.io/
ip: "104.161.37.109" hostname: "m111.bytekeys.com" city: "Dhaka" region: "Dhaka Division" country: "BD" loc: "23.7231,90.4086" postal: "1000" asn: Object asn: "AS53755" name: "Input Output Flood LLC" domain: "ioflood.com" route: "104.161.32.0/20" type: "hosting" company: Object name: "Mellowhost" domain: "mellowhost.com" type: "hosting"
ip: "104.161.37.152" hostname: "us27.axiobyte.com" city: "Dhaka" region: "Dhaka Division" country: "BD" loc: "23.7231,90.4086" postal: "1000" asn: Object asn: "AS53755" name: "Input Output Flood LLC" domain: "ioflood.com" route: "104.161.32.0/20" type: "hosting" company: Object name: "Mellowhost" domain: "mellowhost.com" type: "hosting"
from https://myip.ms/info/whois/104.161.37.109
Whois Original Data on IP 104.161.37.109 NetRange: 104.161.0.0 - 104.161.255.255 CIDR: 104.161.0.0/16 NetName: IOFLOOD NetHandle: NET-104-161-0-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: AS53755 Organization: Input Output Flood LLC (IOFL) RegDate: 2014-07-28 Updated: 2014-07-28 Comment: http://www.ioflood.com Ref: https://whois.arin.net/rest/net/NET-104-161-0-0-1 OrgName: Input Output Flood LLC OrgId: IOFL Address: 3402 E University Dr. #6 City: Phoenix StateProv: AZ PostalCode: 85034 Country: US RegDate: 2011-05-02 Updated: 2017-01-28 Comment: http://www.ioflood.com Ref: https://whois.arin.net/rest/org/IOFL OrgAbuseHandle: RAMUG-ARIN OrgAbuseName: Ramuglia, Gabriel OrgAbusePhone: +1-702-482-8064 OrgAbuseEmail: abuse@ioflood.com
from https://myip.ms/info/whois/104.161.37.152
Whois IP Live Results for 104.161.37.152 IP Address: 104.161.37.152 IP Location: USA, Nevada, Mesquite IP Reverse DNS (Host): us27.axiobyte.com IP Owner: Input Output Flood Llc Owner IP Range: 104.161.0.0 - 104.161.255.255 (65,536 ip) Owner Address: 3402 E University Dr. #6, Phoenix, AZ, 85034, US Owner Country: USA Owner Phone: +1-702-482-8064 Owner Website: ioflood.com Owner CIDR: 104.161.0.0/16 Whois Record Created: 28 Jul 2014 Whois Record Updated: 28 Jan 2017
<SNIP>
Good idea. I will forward one of the emails to that email address (abuse@ioflood.com) and explain what is going on. Will contact back with results. From: Mirimir Sent: Sunday, June 10, 2018 8:52 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Fwd: Tor Guard Relay
On 06/10/2018 03:58 PM, grarpamp wrote:
Horny Rose wants to marry and exploit many people, lol.
Assuming culprit is a stupid nontargeting subscribed address, list manager does have a way to expose it, users may gripe though, because even if found, reported, and nuked at the source, they'll likely just sign up again.
Readers should just filter locally. And mark them as spam if they want to risk letting the cloud deal with it in some secret and flaky way.
Not posting headers because it's a waste of time.
This saves many people a lot of time... https://neomutt.org/
I've looked at known spam, and they all come from either m111.bytekeys.com (104.161.37.109) or us27.axiobyte.com (104.161.37.152). Both are hosted on mellowhost.com by Input Output Flood LLC. Funny name, no? The abuse contact is Gabriel Ramuglia (abuse@ioflood.com). I suggest that we all file abuse reports.
Here's the supporting data.
from https://ipinfo.io/
ip: "104.161.37.109" hostname: "m111.bytekeys.com" city: "Dhaka" region: "Dhaka Division" country: "BD" loc: "23.7231,90.4086" postal: "1000" asn: Object asn: "AS53755" name: "Input Output Flood LLC" domain: "ioflood.com" route: "104.161.32.0/20" type: "hosting" company: Object name: "Mellowhost" domain: "mellowhost.com" type: "hosting"
ip: "104.161.37.152" hostname: "us27.axiobyte.com" city: "Dhaka" region: "Dhaka Division" country: "BD" loc: "23.7231,90.4086" postal: "1000" asn: Object asn: "AS53755" name: "Input Output Flood LLC" domain: "ioflood.com" route: "104.161.32.0/20" type: "hosting" company: Object name: "Mellowhost" domain: "mellowhost.com" type: "hosting"
from https://myip.ms/info/whois/104.161.37.109
Whois Original Data on IP 104.161.37.109 NetRange: 104.161.0.0 - 104.161.255.255 CIDR: 104.161.0.0/16 NetName: IOFLOOD NetHandle: NET-104-161-0-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: AS53755 Organization: Input Output Flood LLC (IOFL) RegDate: 2014-07-28 Updated: 2014-07-28 Comment: http://www.ioflood.com Ref: https://whois.arin.net/rest/net/NET-104-161-0-0-1 OrgName: Input Output Flood LLC OrgId: IOFL Address: 3402 E University Dr. #6 City: Phoenix StateProv: AZ PostalCode: 85034 Country: US RegDate: 2011-05-02 Updated: 2017-01-28 Comment: http://www.ioflood.com Ref: https://whois.arin.net/rest/org/IOFL OrgAbuseHandle: RAMUG-ARIN OrgAbuseName: Ramuglia, Gabriel OrgAbusePhone: +1-702-482-8064 OrgAbuseEmail: abuse@ioflood.com
from https://myip.ms/info/whois/104.161.37.152
Whois IP Live Results for 104.161.37.152 IP Address: 104.161.37.152 IP Location: USA, Nevada, Mesquite IP Reverse DNS (Host): us27.axiobyte.com IP Owner: Input Output Flood Llc Owner IP Range: 104.161.0.0 - 104.161.255.255 (65,536 ip) Owner Address: 3402 E University Dr. #6, Phoenix, AZ, 85034, US Owner Country: USA Owner Phone: +1-702-482-8064 Owner Website: ioflood.com Owner CIDR: 104.161.0.0/16 Whois Record Created: 28 Jul 2014 Whois Record Updated: 28 Jan 2017
<SNIP> _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
grarpamp -
Keifer Bly -
Mirimir -
Roger Dingledine