Re: Per-Tab Torbutton
On 1 February 2011 00:45, Aplin, Justin M jmap...@ufl.edu wrote: Until Firefox provides a way to isolate tabs as individual processes, I don't see such a feature being implemented. Is there a bug filed with Mozilla which requests this feature?
Re: Tor exits in .edu space
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 My name is Thomas Lowenthal, and I'm and undergraduate student at Princeton University. I'm majoring in the Politics Department, with a certificate from the Program in Applications of Computing, and the Program in Information Technology and Society. I'm also an Undergraduate Fellow at Princeton's Center for Information Technology Policy[1]. I'll be graduating this summer, in 2011. I run the exit TempleSouth[2] inside the IP space of Princeton University. The computer itself isn't a departmental or University piece of equipment, it's just my own machine that lives under my desk. Over time, it's had different names and fingerprints, as I moved from machine to machine, and operating system to operating system. Running an exit node here has been a lot of work, but it's been extremely interesting to see the reactions that different administrators here have had. I run a Tor exit node because I support the ubiquitous availability of strong anonymity for anyone who wants it. Tor is one of the strongest, best- researched, and most widely-used online anonymity system, and I want to help keep it running at maximum capacity. Initially, I operated a relay but -- not one to shy away from a fight -- reviewed the EFF's legal guidance, and switched to an exit node. This was in the days before Mike Perry's excellent /Tips for Running and Exit Node with Minimal Harassment/[3], and I used a wide open exit policy. Of course, after a little while some DMCA complaints started showing up. I responded with polite and precise variations on the abuse templates. However, Princeton has a policy of assuming the accuracy of such notices, and that they refer to actually illegal behavior. I was sanctioned on the basis that I was personally violating copyright law. Of course, I argued back. I gradually made my way through different administrative procedures, talking with several administrators, and committees, and finally Princeton's general counsel. It took a few years (and untold meetings) but I've managed to persuade them that running an exit node is neither illegal nor unethical (if not actively altruistic). The most interesting part has been the reactions from the various people involved in the the discipline/discussion process. The first few administrators, and the committee that sanctioned me to begin with, were completely incredulous that this whole Tor business could be anything but an elaborate ploy to download movies and music online. It was beyond imagining that a message sent by -- highly reputable -- entertainment companies could be anything but cold hard fact: prima facie evidence of wrongdoing. I had to pull out Section 230 of the Communications Decency Act[4] and subtly hint that sanctioning me might be illegal itself, before they'd consider seeking a second opinion on my wrongdoing. Our DMCA contact was much more pragmatic, and genuinely interested in what was going on. She went out and did her homework on the Tor project, examining things with a non-judgemental eye. She empathized with my desire to work towards internet freedom. Her concerns were pragmatic and legal. Se was worried that I could move towards giving the University a bad name, or causing it actual harm. She was also skeptical that I -- a student with a home-made computer under my desk -- could be considered a service provider in the eyes of the DMCA, especially since I hadn't registered a DMCA contact. However, the school's general counsel was the most understanding. After I explained to him exactly how Tor works, and we reviewed the safe harbor provisions of the DMCA, he got on board with the EFF's legal position. He also realized that this left the University with negligible liability for what was going on, and that -- on the contrary -- it was only sanctioning me that would raise the legal risk under the CDA. The support that I received from the project was somewhat limited, but I can't really imagine receiving that much more. I spoke with arma on the IRC channel, and he provided me with moral support, and offered to get me in touch with Ed Felten at Princeton's CITP. An open letter from lawyers, addressing an ISP or University's liability concerns might be valuable, but then again it might not. It's my feeling that this sort of situation is best resolved with polite determination and some mild politicking, but I don't see that there's much that the Tor project can do to persuade large organizations of its worth. The most valuable resource that I have right now is Mike Perry's excellent /Tips for Running and Exit Node with Minimal Harassment/. That's exactly the sort of thing that's really valuable to people like me. I'd like it to be linked directly from 'so you want to be a server' section of the torproject.org . Beyond that, the most valuable thing for the project to do is advocacy. The more people know about Tor, and respect the value of online anonymity, the easier people should find it
Re: Cookie Mismatch when using Gmail.
On 8 January 2011 17:25, Mike Perry mikepe...@fscked.org wrote: Try changing this last setting (extensions.torbutton.xfer_google_cookies) to false. It is designed to try to move your google cookies from one domain to another to avoid requiring you to solve captchas for every google country domain. That change worked for me.
Re: Tor nodes with idenitical names.
On 17 August 2010 17:47, Matthew pump...@cotse.net wrote: How can... nodes be specifically referred to...? Refer to the nodes by their unique fingerprints;.
Re: Tor 0.2.2.14-alpha is out
On 20 July 2010 03:14, Moritz Bartl t...@wiredwings.com wrote: Speaking on behalf of a good, blind friend: This is not true. Unless you consider him not normal. I don't want to get into the intricacies of interface design, and ableism, but some points of note: -blind people are not normal: they suffer from a disability that differentiates them from others in terms of what they can do; -the blind are hard to cater for with WIMP-type computer interfaces; adapting interfaces for the blind is often a subsidiary - and difficult - task to basic interface design; -most good CAPTCHAs like (reCAPTCHA) already incorporate accommodations for blind users; I agree that it's important to design computer systems and interfaces such that they're accessible to those with disabilities. However, this should not be at the expense of the system's core functionality: we should not allow the great to be the enemy of the good. In this specific case, the point is probably moot. Spontaneuous idea: I think it might be interesting to use a fingerprint similar to the one caculated by Panopticlick to limit/influence the selection of bridge addresses. Panopticlick uses a fingerprinting system that's quite effective against individual web users, because of the way that we set our browsers up for functionality. However, a malicious automated crawler can say whatever it wants: whatever resolution, javascript, cookies, and flash settings it wants. Using that type of fingerprinting would have little effect on a malicious crawler, but would be extremely inconvenient for normal users.
Re: DerAufbruch{,1,2} nodes not in a Family
Is there a page on the wiki that contains suggested families? It's great that we have people like Scott to find these families, and it's great that he sends them out to the list. However, new users, new subscribers to the list, and so on will have difficulty accessing them. The list archives are quite hard to browse, and it would make sense to have this info in one place. Scott, could you start a page with this info?
Re: [OT] another proxy, but not open source :-(
I seem to recall that something called haystack, with a remarkably similar webpage was the software and donations portal developed by @austinheap during the Iran election. Since Heap's twitter is still linked from the haystacknetworkcom page, I assume that this project remains the offspring of that effort. I can't comment directly, but I recall that the effort seemed pretty legitimate at that time. I assume that it's still legitimate, even if not free software in the strictest sense. The Censorship Research Center is San Francisco non-profit, started by Heap. They do have a contact form on their about page: http://www.censorshipresearch.org/about/ While I think that free (as in speech as in Stallman) software is the best way to go, I can understand why someone of good intentions might think otherwise. I reckon that haystack is not a malicious honeypot, or cynical effort to relive people of their cash. However, I do think that the project may not be overly successful, and that donations would do more good elsewhere. On 25 May 2010 02:45, Scott Bennett benn...@cs.niu.edu wrote: I don't know who Censorship Research Center might be, but they claim to have a development project going for another encrypted proxy service. However, they say it will be free software, but *not* be open source, so no one can examine what they have done in order to look for bugs, design flaws, etc. :-( There isn't much real information at the web site, http://www.haystacknetwork.com but what little there is looks very much like an attempt to sucker people who don't understand much about security. Oh. I almost forgot. Their FAQ page mentions tor, complaining about tor's publicly available directory and arguing that their method is better, while not mentioning bridges. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Answer by perfect-privacy.com Re: perfect-privacy.com, Family specifications, etc.
Though I appreciate Jim's signature proposal, that could become difficult and convoluted to implement quite quickly. I think that perfectprivacy's initial suggestion was actually quite compelling: allow ``#include'' type statements to be used in a torrc. Currently, an operator of multiple relays has to edit the actual torrc of all the relays, which is probably quite fiddly, because they are all slightly different. With includes, the operator would only have to edit the ``master family'' file, and upload that to the relevant directory on all their nodes, a much simpler process. Moreover, includes are much easier to code than any sort of key verification system. It seems like includes are a relatively simple solution to a relatively simple problem.
Re: Family specifications (was: Re: perfect-privacy.com, Family specifications, etc)
On 20 May 2010 07:44, and...@torproject.org wrote: If Mallory lists Alice and Bob, but neither Alice nor Bob list Mallory, it's not a valid Family. Otherwise, Mallory could list every node in the network and screw everyone. Why would this screw everyone? I admit that I don't fully understand how families are implemented, however, this doesn't seem sensible to me. Under a scheme which allowed ``one-sided family declarations'' this doesn't seem to be the ideal behaviour. If Mallory lists all the nodes in the network, then this should prevent all the paths which have Mallory somewhere in them, but not paths which avoid her entirely. An aggressive family declaration by Mallory only prevents her from getting traffic, without impacting the rest of the network.This would seem to be the only sensible way to implement ``one-sided family declarations'', to prevent exactly the problem described.
Re: Botnet attack? [was: Re: Declining traffic]
On 26 April 2010 09:59, Timo Schoeler timo.schoe...@riscworks.net wrote: When running tor, I see i) CPU cycles being eaten up by tor almost entirely; ii) my machine experiences things like those: One is a chinese dialup, the other ones are from a big German ISP (Deutsche Telekom AG). For me it really seems as there's some kind of botnet attack going on. Timo What makes you think that this is a botnet attack? What are the characteristics of a botnet attack, and how do these logs exhibit them? If there are only a few IP addresses, wouldn't that contraindicate botnet involvement? On a loosely related note, it would generally be a good idea to mask IP addresses on public mailing lists.
Re: Anti-Virus software for windows server
http://xkcd.com/463/ If you administer your server in a reasonable way, you shouldn't need any antivirus software. On 21 March 2010 12:19, Jon torance...@gmail.com wrote: Seems to me I saw in one of the messages awhile back about anti-virus software for servers. I cant seem to locate it in the archives. What anti-virus programs are being used for windows servers? Specifically, win 2003 or win 2008 ? Thanks. Jon *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/https://archives.seul.org/or/talk/
Re: Drop Tor users via bridges by over 2/3 in the beginning of March (was: Tor in China)
On 10 March 2010 07:42, Paul Menzel paulepan...@users.sourceforge.netwrote: So my next question is, why did the users count drop that much in the beginning of March? At the beginning of March, the great firewall of China blocked all (then) known tor exits and relays, and a substantial number of bridges - presumably enumerated over a prior, somewhat extended period.
Re: New ban of tor-exit-nodes -IPs by the LiveJournal
On 7 March 2010 11:31, James Brown jbrownfi...@gmail.com wrote: Many IP-addresses of exit-nodes of the Tor was banned from access to the LJ today. We have the next information when trying to connect with it: You've been temporarily banned from accessing LiveJournal, perhaps because you were hitting the site too quickly. Please make sure that you're following our Bot Policy http://www.livejournal.com/bots/. If you have questions, contact us at webmas...@livejournal.com with the following information: CMTGP7urjSahlts @ xx.xx.xx.xx I think that it is a new, latent method to restrict access to the LJ through the Tor which certainly established by order of Putin's and Medvedev's junta gived to the SUP. I'm not sure about your conspiracy theory; it sounds like they've just implemented a new bot policy. If they really wanted to ban Tor, they could just ban all the exits. This policy does have a negative impact on those attempting to access LJ through Tor. However, it sounds like a neutral rule of general applicability: banning bots which violate your bot rules is not an unreasonable thing to do. It certainly doesn't seem that they're deliberately trying to go after Tor users in an attempt to prevent them from connecting. In the past, when LJ has implemented measures that had negative knock-on effects on Tor, they've responded pretty positively to inquiries from the Tor developers/community. It's been my impression that they're pretty sympathetic to the anonymity needs of their users, and willing to compromise in order to meet those needs. Perhaps a fluent English-speaker could write them a polite note pointing out that this new measure (if indeed it is new) has had this unforeseen negative secondary effect, and requesting their cooperation in mitigating it.
Re: Could not open C:/msys/1.0/local/share\tor\fallback-consensus
On 27 February 2010 03:46, KT listcli...@gmail.com wrote: Tor v0.2.1.24 on XP Pro SP3. I am getting the following, but I don't have a directory C:/msys...?? Feb 27 08:26:46.904 [info] read_file_to_str(): Could not open C:/msys/1.0/local/share\tor\fallback-consensus: No such file or directory Apart from anything else that may be a problem there, the change in slash direction around share makes that a totally illegal dir name.
Re: What can see a server of a Bittorent when I contact with it through Tor?
On 25 February 2010 11:17, Stephen Carpenter thec...@gmail.com wrote: Well how exactly would you accomplish that? You could put the tracker on a location hidden service, that eliminates one exit node, however, to connect with other hosts in the swarm, you need to be able to connect to them... which means now, you have to have every bittorrent client in the swarm ALSO running a location hidden service, lest you need exit nodes to contact them. I highly doubt any bittorrent client yet supports operating in this manner. It would be very cool to see... but... there would be some hurdles. (should each node in the swarm publish a public rendezvos descriptor? If not a custom client would be needed to set them up and distribute them via the tracker rather than the public directories). For both these aims, there are projects. The HiddenTrackerhttp://z6gw6skubmo2pj43.onionis a bittorrent tracker put behind a Tor hidden service (but it seems to be down http://twitter.com/HiddenTracker/status/9451900556 right now). BitBlinder http://www.bitblinder.com/ attempts to create a closed Tor-based network for bittorrent traffic, including a system attempting to assure equal sharing.
Re: What can see a server of a Bittorent when I contact with it through Tor?
On 25 February 2010 12:50, grarpamp grarp...@gmail.com wrote: BitBlinder attempts to create a closed Tor-based network for bittorrent traffic, including a system attempting to assure equal sharing. It may end up being ok. But never I understand why create a separate Tor universe. Sure, if want to only do torrent. But that is may not usual case and steals resources that could be better put to use making the one single tor universe bigger. You have to run a relay with their system so everybody may as just well run one within the single Tor universe. I question registraton and possible future commercial motivations. Given client's pki, registration should not be needed, just run the client and use pubkey as self register/track/accounting somewhere. And there will be major scale issues to solve, why not cooperate and do that under Tor namebadge as well. I think that the choice to use a separate tor network is based on two things: -a desire to avoid overloading the existing tor infrastructure with BitTorrent traffic , and -a pragmatic need to implement the bandwidth `coins' system to ensure equal sharing. And on those notes, I think that there is value in using an independent network. Besides, it wouldn't be too difficult (but still not totally trivial) to after-the-fact switch the BB network onto the primary Tor network; it would be much more troublesome to take BB off the Tor network if it seemed to be problematic.
Re: why polipo?
On 19 February 2010 20:32, Andrew Lewman and...@torproject.org wrote: Once Firefox fixes bug 280661, we don't need a http proxy at all. However, given the current pace of progress on 280661, we may switch to Chrome before the fix occurs. If the switch to Chrome was made, I assume that there'd be a port of the TorButton extension to Chrome? If that does happen, a nice feature for the Tor/!Tor switch would be to have Tor used only in incognito mode. I'm not sure how you make extensions work in incognito mode, but I'm sure that I'm not alone in wanting this feature.
Re: Path-spec - fast circuits
On 14 February 2010 03:15, Scott Bennett benn...@cs.niu.edu wrote: But one big problem is that you have no guarantee whatsoever that I'm telling you the truth about my measurements. See for example Kevin Bauer et al's Low Resource Routing Attacks Against Tor. Yes, I've understood that from the outset, but I haven't seen any evidence that such abuse is actually happening. Tor isn't just designed to be resilient to attacks that are actually being employed. It is designed to be resistant to theoretical attacks too - as well it should be. Indeed: complaining that we're protecting against attacks, but nobody is using them is like saying `I bought this expensive umbrella, but then I didn't even get wet.':
Re: Torbutton : please offer better user agent choices
I've recently had conversations with some activists in Europe who want to run unpublished exit nodes (meaning they set PublishServerDescriptor 0 in their torrc). Of course, one risk is the only people using this unlisted exit node are those in the social graph of the activists. Slightly off-topic question. For those theoretical unpublished exit nodes, would (trusted) clients add them to their node list through entries in their torrc?
Re: Google cookies
On 13 February 2010 14:16, Jon Cosby j...@jcosby.com wrote: On Fri, 2010-02-12 at 23:45 -0500, and...@torproject.org wrote: On Wed, Feb 10, 2010 at 11:27:26AM -0800, j...@jcosby.com wrote 0.3K bytes in 10 lines about: : I just noticed that on closing a Firefox session, google cookies are not : removed. I have to toggle Tor to remove them. Is this normal? Do you mean toggle torbutton? It depends what you have told torbutton to do or how you have setup firefox to manage cookies. Yes, I'm using the Torbutton, with the default cookie settings (clear on toggle, etc.) The google cookies are the only ones that require a manual click to clear. All others are removed on closing and resetting Firefox. Are you referring to the Google cookies that Torbutton uses to avoid having to fill in CAPTCHAs every time you load a Google page? Those are the same across Torbutton users, so they won't identify you.
Re: TOR Blocked at Universities
Why couldn't your exit policy just block the IPs of the journal sites? Because there's 1000 of them (and each would be a /32). It was discussed in another thread at the time, and the developers led me to the conclusion that such hugely long exit policies were a bad idea. Could you bind your exit traffic to IPs outside your University's primary block?
Re: client bug in 0.2.2.7-alpha and a new bad exit: exoassist
On 31 January 2010 21:58, Scott Bennett benn...@cs.niu.edu wrote: So it appears that a) there is a new tor client bug in 0.2.2.7-alpha that leaves the exoassist.exit in the name passed along from its SOCKS listener to the destination port. Isn't .exit deprecated because it's a potential vector for attack?
Re: Trend Micro blocking Tor site?
2010/1/11 Seth David Schoen sch...@eff.org snip I can forward the screenshot to anyone interested. Can you attach the image, and send it to the list?
Re: Pidgin with TOR
2009/12/31 emigrant fromwindowstoli...@gmail.com hi all, i am using the pidgin with ubuntu. and i installed TOR as well. i want to set up TOR to one of the yahoo accounts in pidgin. so i went to proxy settings and changed the gnome proxy setttings into socks5 and host 127.0.0.1 and port 9050. but each time i restart pidgin the yahoo account wont' start. i think its may be due to yahoo email is opened? how can i solve the problem? thank you very much. Port 9050 is your web proxy (probably Polipo). Pidgin wants to use a Socks proxy, so you should set the port to 8118, which is where Tor itself is listening.
Re: Vidalia Bundle and RSS in Thunderbird 3.0
2009/12/27 Programmer In Training p...@joseph-a-nagy-jr.us On 12/27/2009 10:00 PM, Andrew Lewman wrote: Leave the http, https, ftp, ssl, gopher, whatever fields blank. only configure the socks field as localhost:9050. If thunderbird 3 has proper socks support, it will only use the socks proxy on localhost, port 9050 for access to the internet. That setting causes my connection to time out and I cannot send/retrieve anything. What happens if you set the http fields to 127.0.0.1:8118, and the SOCKS field to 127.0.0.1:9050? What happens if you set the SOCKS field like this, but leave all other fields blank? Thunderbird may not know that `localhost' is shorthand for 127.0.0.1. Slightly off-topic, but broadly related: Isn't Thunderbird known to be a `leaky' client? Of course, with a new version, its behaviour may have changed; but I was under the impression that it occasionally included the system's true IP address, hostname, or other identifying details in outgoing messages, or in communication with a mailserver. Can anyone confirm or deny this? Also, are extensions' traffic piped through the main proxy settings, or are extension writers responsible for determining their own behaviour? I'd love to use Thunderbird with Tor, but not if its unsafe to do so. Given that Thunderbird and Firefox share extension architecture, is it possible to use TorButton with Thunderbird? My apologies if this messages is out of date by the time it is received. It is send using a slow store-and-forward system. The emphasis is on the `store'.
Re: [ANNOUNCE] Chromium Browser VM Beta
2009/11/30 Kyle Williams kyle.kwilli...@gmail.com I've been working on a secured browser VM for the last few months, and I feel it's to a point that it can be shared with the rest of the world. Thanks for working on this project. One question: have you implemented the defenses that torbutton uses to mitigate a variety of anonymity-hurting attacks (that is, those that aren't mitigated by the VM design itself)? Without these, the anonymity provided by this project might be limited.
Re: Danish TPB DNS Blocks
2009/11/26 Scott Bennett benn...@cs.niu.edu Changing the DNS server to DNS rootservers would fix this problem. Bzzzt!! That would eventually get an exit marked as a bad exit, too. Why? Because the root name servers serve only information in the root domain and the so-called top-level domains (e.g., .com, .edu, .gov, .info, .mil, country domains, and so on). They are much, much too busy to act as forwarders, so if you ask for anything that they don't serve themselves, you will get a no answers response. How odd. I use the root servers on my personal machine, and have never noticed this phenomenon. If you are correct, does DNS work? How does a user know which DNS servers are authoritative for other blocks?
Re: Danish TPB DNS Blocks - tor-ramdisk DNS fix, how?
Perhaps you'll just have to wait for the developer to fix the problem? 2009/11/25 Georg Sluyterman ge...@thecrew.dk Georg Sluyterman wrote, On 2009-11-25 18:29: ---cut I have changed it to OpenDNS now. ---cut--- Or maybe not.. It seems that i can not get an IP via DHCP and manually change the DNS-resolver address, because (as far as i can see) shell support is removed in recent Tor-ramdisk releases. What do i do then? -- Regards Georg Sluyterman
Re: AN idea of non-public exit-nodes
I'm not sure that the correlation attacks for `bridge exits' are better than those for normal bridges. However, the `exit risk' would likely be more discouraging to such `bridge exits'. However, as a more general question, making the Tor network difficult to completely enumerate might be interesting. Clearly, there are valuable advantages to a hard-to-map network, but can it be done without gross disadvantages? 2009/11/24 Damian Johnson atag...@gmail.com Interesting idea, but seems like it could be pretty dangerous. If an attacker was able to figure out the subset of Tor users taking advantage of these special exits and ran one themselves then correlation probably wouldn't be too difficult. In addition, abuse issues makes finding exit operators a lot harder than bridges so you probably wouldn't get the vast number of volunteers needed for the current bridge distribution tactics. -Damian On Tue, Nov 24, 2009 at 5:05 PM, Ted Smith ted...@gmail.com wrote: On Tue, 2009-11-24 at 19:49 -0500, Roger Dingledine wrote: See especially point #1: even if we didn't tell clients about the list of relays directly, somebody could still make a lot of connections through Tor to a test site and build a list of the addresses they see. I guess we could perhaps add support for configuring your own secret exit node that your buddy runs for you. But at that point the anonymity that Tor can provide in that situation gets pretty fuzzy. It's like a bridge, but for exits. They would probably have to be a lot less friend-to-friend than bridges, but it might still be doable. I think this is what the original poster meant, anyways.
Danish TPB DNS Blocks
A number of Danish ISPs have blocked thepiratebay.org, by redirecting the DNS entry for that domain to a page stating that the site is blocked. This sometimes results in Danish exits giving this inappropriate result for that domain. Should the IP addresses of those ISPs be automatically given the badexit flag, since they don't do DNS in a correct and neutral way?
Re: Reduce hops when privacy level allows to save Tor network bandwidth
My question is: do you really think it would help? If people are using Tor inappropriately (meaning they could get what they want with a simple anonymous proxy), what are the chances they're going to have it configured appropriately to reduce the bandwidth they use? I don't want to weigh in on the more substantive issues here, but I do think that this specific question can be answered without too much difficulty. For those who require a lower level of anonymity than that which Tor provides, but choose to use Tor anyway, Tor's poor performance is probably a major complaint. If they had the opportunity to change a setting from 'high security' to `one-hop proxy', and got better performance from the latter, I think that many of this group would change that setting. This would make Tor more useful to them, and decrease the network load per person in this group. This is not to say that more use wouldn't immediately crop up to fill this gap, nor that more `one hop' users wouldn't start using Tor likewise. I don't want to say whether building one-hop functionality is a good idea, but I certainly think that some people would use it.
Re: Kaspersky wants to make Tor illegal and supports a globalized policed internet.
hIf The Internet is restricted in such ridiculous ways as Kaspersky suggests, then other internets will just spring up to replace it. For those who don't know, such a project already exists, run by Freaknet: http://en.wikipedia.org/wiki/Netsukuku Netsukuku is very interesting. It's also very difficult to tell whether it is gibberish or not: http://www.kuro5hin.org/story/2005/10/6/101832/209 I want very much for it to be real. Looks like a bunch of gibberish to me; and not very good gibberish at that.
Re: French 3-Strikes Law
The law stated that you are responsible of your connection usage. It simply means, legally, that if someone (undercover or not) else use it, you could be disconnected. They called it the négligence caractérisée, meaning you didn't take any countermeasures to prevent someone else from using your connection to breach the intellectual property. Can you give more information about this provision? Is an ISP responsible for the actions of their users? Is a message board owner liable if someone posts unauthorized material? What about an email service provider? What about foreign sites, or corporate sites? If someone on Blogger posts unauthorized material, would Google's French connections be cut off? Would Larry and Sergey be blacklisted?
French 3-Strikes Law
http://arstechnica.com/tech-policy/news/2009/10/french-3-strikes-law-returns-now-with-judicial-oversight.ars France's constitutional council has finally accepted the 3-strikes law. Can anyone who's read it comment on what it means for those who operate exits in France? Would operators (likely) be successful in such cases? Would they have some protection from the cases in the first case? Any insights would be appreciated!
Re: Kaspersky wants to make Tor illegal and supports a globalized policed internet.
2009/10/21 grarpamp grarp...@gmail.com Perhaps the worldwide spread of the Pirat Partiet will take upon this cause. But they would need a corporate branch... like Sinn Fein to the IRA. I don't really want to stretch this analogy too far, and I certainly don't think that it's reasonable to compare people who obtain, share and distribute media in ways often suggested to violate local laws; with an organised group of armed political activists/terrorists who killed many in bombings. Nonetheless, wouldn't Piratpartiet already be the Sinn Fein (completely legitimate political arm) to the massive group of sometimes self-identified pirates (the legally dubious underground organisation)?
Re: Kaspersky wants to make Tor illegal and supports a globalized policed internet.
2009/10/21 Eugen Leitl eu...@leitl.org On Wed, Oct 21, 2009 at 08:35:10AM -0400, Flamsmark wrote: I don't really want to stretch this analogy too far, and I certainly don't think that it's reasonable to compare people who obtain, share and distribute media in ways often suggested to violate local laws; with an organised group of armed political activists/terrorists who killed many in bombings. Nonetheless, wouldn't Piratpartiet already be the Sinn Fein (completely legitimate political arm) to the massive group of sometimes self-identified pirates (the legally dubious underground organisation)? Spoken as a Pirate Party member, that's pure slander. Among its many goals, Pirate Party does not want to abolish copyright altogether. However, it definitely wants to change the current status quo, which is unacceptable, and hurts both the artists/content producers and consumers. I don't think that Sinn Fein enjoyed the death and fear that was the result of IRA actions either. However, they shared a belief in a more unified Ireland, much as 'pirates' and Piratpartiet share a belief in more reasonable copyright laws, and execution, as well as a variety of other electronic and surveillance freedom issues. If you think that what I said was slanderous, you may be interpreting more of a normative view than I was trying to espouse.
Re: any rough stats on bridges ?
I'd like to see some stats, or even some conjecture, as to the longevity of a bridge, and what it means for the bridge to be born, be used, and eventually be blocked. I understand the mechanisms used to slowly feed bridge information to people who request them, but even that slowness can't keep them from eventually being discovered and blocked. It seems that a reasonable question might be: for a home user, with a static IP, planning to contribute to Tor, which is most useful: should they just be a bridge; start out as a bridge, and then eventually change to a relay; or immediately sign on as a relay? Given some responses to this, might it make sense to construct a tool to tell people when their bridges should change to relays?
Re: any rough stats on bridges ?
2009/10/19 Martin Fick mogul...@yahoo.com I think that unless you have a good way of telling specific people in the need of a bridge about your bridge without telling the world, that you should not consider being a bridge, Is that a gut feeling, or based on some research? What about the ways that we have of selectively giving bridges to those who need them?
Re: any rough stats on bridges ?
Neither. If you have a selective way of telling people you deem in the need, than you meet my criteria. It would likely be hard for us all to meet that criteria though, I don't. You may tell me that you can help me, but then I have to trust you, which doesn't really make too much sense. And a general mechanism to do this seems impossible, doesn't it? How can you keep a secret while telling it to the world. Any newcomers to tor who cannot understand the implications of when they should or should not be running a bridge are unlikely to understand the nuances of distributing a secret to those in the need (and by whose criteria are they in need anyway) only. If you have arguments to the contrary, I welcome them and feel that many on this list might benefit from them, because it would be beyond my understanding of the point of bridges, and perhaps other's too? The project currently has a method of distributing bridges to anyone who asks. Individual requesters are given only a select number of addresses. If a 'clueless' user sets their tor as a bridge, their bridge gets added to the (secret) bridge directory, and handed out from time to time.. Please see https://www.torproject.org/bridges for more information.
Re: Directory History
I'm having some difficulty using the script. After a day of wgetting the archives, I run: python exonerator.py --archive=/opt/exonerator/archives/ archive.torproject.org/tor-directory-authority-archive/ ip 2009-11-16 12:00:00 and am informed that: We are missing consensuses and/or server descriptors. Please download these archives and extract them to your data directory. Be sure NOT to rename the extracted directories or the contained files. What am I doing wrong here?
Re: Directory History
Is there a web interface to the archives, or would users of the archives have to check manually? On Tue, Oct 6, 2009 at 07:12, Karsten Loesing karsten.loes...@gmx.netwrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/06/2009 12:19 PM, morphium wrote: I think this question has already been asked before, but I can't find it...so: Is there an archive anywhere where I can see what Tor nodes have been active at a specific date? You can find the descriptor archive here: http://archive.torproject.org/tor-directory-authority-archive/ I'm in court (Jena, Germany) in 3 weeks because someone ordered something (worth about 50 Euro) and they're accusing me now. I think it would be good not only to explain them what Tor is, but to have an excerpt from a directory listing around the date, so I can prove my Tor node was active that time. You may find this script useful that parses these archives and tells you whether an IP address was a relay at a given time: https://tor-svn.freehaven.net/svn/projects/archives/trunk/exonerator/ The script is available in Java and in Python. Good luck with your court case! - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrLJgEACgkQ0M+WPffBEmWwpQCgq5MQK8Tx45sasE/RP/QAUUeB CZIAn203QG0IIlfZ3wJyAtg65OQLhNnD =SPx2 -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tame circuits
Is there a way to completely stop a Tor from building circuits?! Why would you want to stop Tor from building circuits? What exactly do you want Tor to be doing?
Re: minimal traffic footprint Tor on the road
It's my experience that Polipo provides for faster proxying than Privoxy (running both on a recent Ubuntu). However, Polipo is not uniformly stable on Windows. I use Privoxy with local Tor instances on Windows, but Polipo on Ubuntu. On Mon, Sep 28, 2009 at 18:00, Jim McClanahan jimmy...@copper.net wrote: Jan Reister wrote: Il 28/09/2009 15:25, Eugen Leitl ha scritto: Why the switch to Polipo from Privoxy? Is Privoxy officially deprecated now? I just found out today and am wondering myself. From hearsay, Polipo should perform faster and better. There was a somewhat extended discussion about Privoxy vs Polipo on this list not too long ago (a month or two?). You may wish to review that. My recollection of that discussion is that Polipo being better was called into question. Certainly Privoxy is alive and well. Besides plugging DNS leaks, the two programs serve somewhat different purposes. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: private vs. public tor network ... any other options ?
On the other hand, I do control a fair amount of infrastructure and bandwidth in multiple locations ... so it's very tempting to leverage those resources in a way that gives me tor-like anonymity, but without the (sometimes terrible) speed and latency. If you limit yourself to a small set of nodes, you will definitely compromise your anonymity against a powerful attacker. But what if you're not worried about a powerful attacker, or serious anonymity? What if you just want a casual observer to think you're using Tor, and leave it at that? Is there a middle ground ? Is it possible for me to simultaneously contribute network resources to the public Tor network, allowing me to blend in like every other Tor user, yet at the same time somehow leveraging the specific resources I control to achieve faster speeds for my own use ? You could run two relays on each node you control. One relay would be part of the public tor network, and limit the bandwidth to a (large) fraction of what you have available. One relay would be part of your private tor network and use the rest of the available bandwidth. You'd have to bootstrap your tor network from scratch, and set up an authority, and so on. Then you could run your local tor client on your private network, and have a small set of fast nodes available to you. A casual observer at either end (you-hop1 or hop3-internet) would see the traffic from/to a tor node, and assume that it was truly torified. Depending what you personally think the threat profile is - and I'd suggest reading some of the research to find out what threats to consider - you might want to use an entry point or exit node on the regular network, or do other circuit manipulation. Note that trying to take advantage of your own resources inevitably limits your anonymity potential. Customizing your network also means that you won't benefit as much, or at all, from upgrades to Tor. However, if all you want is casually anonymous browsing at high speed, this may be useful to you. Nonetheless, I make no guarantees that the system you set up will be sufficiently anonymous for you.
Re: I Write Mass Surveillance Software
It's not clear that he said that. He was sufficiently evasive to so many questions, that there are lots of ways to put it back together. It's also not clear what sort of threat his software poses. Does it do OS attacks, degradation? We just don't know what he means. On Thu, Sep 17, 2009 at 00:25, Ted Smith ted...@gmail.com wrote: On Wed, 2009-09-16 at 17:01 -0400, Rich Jones wrote: http://www.reddit.com/r/IAmA/comments/9kwph/i_am_a_guy_who_writes_covert_software_that_runs/ Thoughts? also, I realized that two of the posts I've made this this list have now been reddit-related. Sorry about that. But I'd really like to know what you all make of this. He doesn't give very many specifics, unfortunately. What do you think his 'sidestepping' is? R The jig is up guys, apparently lateral thinking bypasses Tor.
Re: Making sure that I'm secured
On Sat, Aug 22, 2009 at 05:16, Sadece Gercekler ina...@ymail.com wrote: I'm using the Tor+Firofox browser bundle downloaded at torproject.org. I setup a virtual Windows XP machine under my normal OS (using VMWare) and I'm doing all my private browsing under that machine. I need to use an rss reader, but can't use a web based one (like google reader) since I have javascript disabled. I decided to use an application (like sharpreader) for rss, I configured it to use the Tor proxy and it seems to be using it (since it fails to connect when I stop Tor). But I want to be %100 sure it doesn't make any direct connections. Do you have any suggestions to make sure that nothing escapes outside except Tor itself? Is there any way to close all outgoing ports except for Tor under Windows XP Pro? Thanks Depending on your host operating system, it may be possible to prevent any internet access from that guest, except via a tor process on the host. There has been some discussion on the list about how to do that with linux guests/hosts, but I'm sure you could extrapolate from that. On the plus side, if you prevent any non-tor access the the internet from the guest machine, you may be more secure enabling javascript and browser plugins, and using an online RSS reader.
Re: Bad exit node: freeMe69
On Thu, Aug 20, 2009 at 17:29, Tom Hek t...@tomhek.nl wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Aug 20, 2009, at 23:02 PM, KT wrote: Exit node freeMe69 [1] is injecting the following snippet to response body: script type=text/javascript src=http://s.tobban.com/solver/cpt.php;/script [1] http://tinyurl.com/mz9d7e It's actually injected by it's ISP, Comcast. The IP which s.tobban.comresolves to is assigned to Comcast. I don't think the exit node admin can't do anything about it. Wow, that sort of script injection sounds like something that the FCC might have a problem with.
Re: How can I set going more one Tor daemons?
On Sat, Aug 15, 2009 at 12:47, James Brown jbrownfi...@gmail.com wrote: I have a laptop with the Debian Lenny AMD64 and I want to start several Tor daemons in one moment, each for every user. How can I do it? Why do you need to run several Tor daemons? Wouldn't it make more sense to start one Tor daemon under the default debian-tor user, and let it accept SOCKS requests from localhost connections (possibly with some authentication depending on the setup)?
Re: External Relay Control [maintaining 'uptime' perception]
That's totally possible too. However, my point there was that those behaviors are the easy part. The question is how to stop relaying for a short period without ending your 'uptime'. On Wed, Aug 12, 2009 at 12:05, Andrew Lewman and...@torproject.org wrote: On 08/09/2009 04:00 PM, Flamsmark wrote: Most of these behaviors are scriptable without difficulty by editing the torrc and sending Tor a sighup. The better way to do this may be via the control port and SETCONF commands. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identica/Twitter: torproject
Re: windows tor
Why not just a Windows kernel driver? Because it hasn't been written yet. You're welcome to help write a kernel driver, or a VPN host or whatever else you think is the next logical step to improving Tor. However, remember the version number: 0.2.1.*. Tor is not a 'finished' piece of software. It is not feature-complete; it does not implement everything that's either desired or required for ideal use. However, right now, much of the development effort is not spent making it easier for clients to use. There's a feeling that it's currently 'good enough' that those who really need to use Tor will be able to follow the instructions and get it working. If you don't agree with that emphasis, again, it's your prerogative to build those feature that you think are most important. We all look forward to seeing your contributions! On Thu, Aug 13, 2009 at 00:27, Peter necedema...@gmail.com wrote: You're kidding me right. A VM? Why not just a windows kernel driver? Look at torvm, https://torproject.org/torvm. It's still alpha-ware, but essentially does just what you want. You mentioned you were a programmer, join us in improving TorVM. I'd like a pony, too. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identica/Twitter: torproject
Re: windows tor
Then perhaps complaining about the direction of the work that many others have done pro bono is a little premature, no? On Thu, Aug 13, 2009 at 01:18, Peter necedema...@gmail.com wrote: Heh, well, I tell you what. You send me a hundred thousand dollars, and after the check clears I'll write you a great windows kernel driver. Otherwise, I'm broke, my life is a living hell, and I already have several projects I work on out of the goodness of my heart, so, I'm sorry. Thanks and good luck. On Thu, Aug 13, 2009 at 1:13 AM, Flamsmarkflamsm...@gmail.com wrote: Why not just a Windows kernel driver? Because it hasn't been written yet. You're welcome to help write a kernel driver, or a VPN host or whatever else you think is the next logical step to improving Tor. However, remember the version number: 0.2.1.*. Tor is not a 'finished' piece of software. It is not feature-complete; it does not implement everything that's either desired or required for ideal use. However, right now, much of the development effort is not spent making it easier for clients to use. There's a feeling that it's currently 'good enough' that those who really need to use Tor will be able to follow the instructions and get it working. If you don't agree with that emphasis, again, it's your prerogative to build those feature that you think are most important. We all look forward to seeing your contributions!
Re: windows tor
'Widespread adoption' is not the current sort-term aim. While we all think that fast, universal, anonymous internet access would be a good thing, we simply can't support that right now. The volunteer network of relays isn't that big. Even now, Tor has trouble dealing with the network load. If Tor were to become more popular with users, without seeing a commensurate increase in the relay capacity, that would massively reduce the functionality of the network. Right now, It's important to make tor available for the most at-risk users: those in oppressive regimes, whistle-blowers, undercover journalists and so on. After that, the priority is on improving the structure of the system, not on further usability. While I can see where you're coming from in suggesting that a kernel driver is better, the reality is more complex. Because the primary development effort is on the core Tor software, a VM requires a relatively small development effort at present. One barely even needs to be able to code to construct a VM that uses existing software: it's mostly an exercise in implementing best-practices. Moreover, a VM is actually easier to support right now than a driver. A driver would need a coder dedicated to maintaining it. A VM on the other hand needs only a geek, and can easily update to the latest versions of Tor (and supporting applications) when they are released. On Thu, Aug 13, 2009 at 01:23, Peter necedema...@gmail.com wrote: I'm not complaining about it, I'm just saying, if you want widespread adoption, a kernel driver is the way to go. And moreover, a kernel driver is easier to write and support than a VM. On Thu, Aug 13, 2009 at 1:21 AM, Flamsmarkflamsm...@gmail.com wrote: Then perhaps complaining about the direction of the work that many others have done pro bono is a little premature, no? On Thu, Aug 13, 2009 at 01:18, Peter necedema...@gmail.com wrote: Heh, well, I tell you what. You send me a hundred thousand dollars, and after the check clears I'll write you a great windows kernel driver. Otherwise, I'm broke, my life is a living hell, and I already have several projects I work on out of the goodness of my heart, so, I'm sorry. Thanks and good luck. On Thu, Aug 13, 2009 at 1:13 AM, Flamsmarkflamsm...@gmail.com wrote: Why not just a Windows kernel driver? Because it hasn't been written yet. You're welcome to help write a kernel driver, or a VPN host or whatever else you think is the next logical step to improving Tor. However, remember the version number: 0.2.1.*. Tor is not a 'finished' piece of software. It is not feature-complete; it does not implement everything that's either desired or required for ideal use. However, right now, much of the development effort is not spent making it easier for clients to use. There's a feeling that it's currently 'good enough' that those who really need to use Tor will be able to follow the instructions and get it working. If you don't agree with that emphasis, again, it's your prerogative to build those feature that you think are most important. We all look forward to seeing your contributions!
External Relay Control [maintaining 'uptime' perception]
Tor currently has an accounting system for allowing data quota limitations to be applied. This allows a relay to enter 'hibernation', maintaining it's 'up' status, and directory-perceived uptime, without actually relaying traffic. However, it is feasible that an operator might want to control Tor for bandwidth reasons, but not use the built-in accounting system. The relay might share a connection with other applications, and have to change it connection profile relative to them. Possible actions that might be desired include:- changing bandwidth limits, - changing between an exit and a relay, - switching the relay on or off, or - suspending dirport operation. Possible conditions giving rise to such needs include: - a periodic quota is reached (since other applications are sharing the connection, Tor can't be aware of when this limit might be reached), or - another application requires a greater share of the connection temporarily. Most of these behaviors are scriptable without difficulty by editing the torrc and sending Tor a sighup. In most cases, this is not a problem. However, when relaying must be suspended - and this suspension is not conducted via the built-in accounting system - the relay is unlisted from directories. Since uptime is used as an index for many of the classifications applied to relays (naming c), this has a notable effect on the relay's 'profile' in the network, and the way that clients perceive it. Presumably, this is not a desirable situation. Is there a good workaround for this?
Re: Torbutton for Mozilla Thunderbird
This is potentially a less-than-ideal solution. Torbutton for Friefox is carefully and specifically designed to address web-browsing privacy concerns, making the user seem to belong to the largest possible set of potential users. Simply sending Thunderbird traffic through Tor may not provide the desired level of anonymity. There are other privacy concerns with Thunderbird, for instance, it sometimes broadcasts its hostname. Moreover, there hasn't been an anonymity audit of Thunderbird like there has with Firefox. There may be other behaviours like this which completely compromise the anonymity benefits provided by Tor. On Sat, Aug 8, 2009 at 14:33, Karsten N. tor-ad...@privacyfoundation.dewrote: James Brown schrieb: How can I get the Torbutton for the Mozilla Thunderbird? I use ProxyButton for this job. I does a proxy switch to Tor and rewrite my IP address in the header of the mail. Received: from [85.245.13.68] (helo=[0.0.0.0]) by n...@domain.tld download http://proxybutton.mozdev.org/installation.html Karsten N.