Re: more letters from the feds
Anthony DiPierro writes: > Or what about a hidden service for reading web pages in general? > Something which doesn't support POST (or maybe even GET), so is much > less likely to be used abusively. Is this feasible? The current directory scheme does allow (in fact, requires) policies to be specified in terms of IP addresses and TCP port numbers. So a "web browsing only" exit node is possible. A "Google only" exit node is possible if you knew the IP address of every Google server, which is a fairly tricky proposition. A "GET-only" exit node can't be specified with the current directory system, which isn't capable of expressing any information about what an node will do with connections to a particular TCP port other than allow or deny them. You could make an "HTTP GET only" exit node, but you wouldn't have a way to tell clients that your node enforced that policy, and users would probably get mad (and stop using your exit node entirely) when some of their transactions failed mysteriously. The fine-grainedness of exit policy languages is a difficult strategic question akin to the problem of the fine-grainedness of DRM policy languages. It's possible that making an exit policy language more specific would lead some existing exit node operators to forbid more things -- things that they would actually like to forbid but currently don't have a technical means of forbidding without getting effectively kicked out of the Tor network. On the other hand, it's possible that making an exit policy language more specific would lead some existing node operators to allow new things -- things that they wanted to allow but didn't have a technical means of specifying that they wanted to allow without also allowing other things that they didn't want to allow. It's also possible that some people who current don't run exit nodes would start allowing extremely limited exit nodes that they wouldn't have been willing to operate any other way. The technical overhead of moving beyond ports to a more specific kind of exit policy seems to me quite high, not because of the need to develop a language to express it, but because of the need to find a way of communicating it between the Tor client and client applications (to prevent applications from making requests that exit nodes they're using will block, or, conversely, to allow the Tor client to choose exit nodes that will not forbid any of the things that an application intends to do, or might possibly do). I'm not aware of any existing protocol that allows this information to be conveyed or any applications that support this kind of feature right now. To take a concrete example, how would Firefox tell Tor "I need to be able to HTTP POST" or how would an old version of lynx tell Tor "I only support HTTP/1.0"? How would ssh tell Tor that it was ssh? See section 2.1 of http://tor.eff.org/cvs/tor/doc/dir-spec.txt for the (extremely simple) status quo. -- Seth Schoen Staff Technologist[EMAIL PROTECTED] Electronic Frontier Foundationhttp://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
Re: TorK 0.13 Released - Many new features
On Saturday 27 January 2007 23:22, Patrick Hooker wrote: > C compiler cannot make > executables there are some suggestions in: http://forums.gentoo.org/viewtopic.php?t=27719 -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - A Tor Controller For KDE - http://tork.sf.net
Re: TorK 0.13 Released - Many new features
Hi Hogan and all, I'm trying to install Tork on my Kubuntu 6.06 machine. I'm not a C programmer, just script langs and much assembler level work a long time ago. I've followed the instructions to install from cvs, had to install "make", "autoconf", "automake", and "gcc" when they were not found. When I do the "./configure" I'm stumped with an error "C compiler cannot make executables" Can anyone help on this? Is it a file permission/owner problem or some such thing? Thanks, Patrick Robert Hogan wrote: > Hi All, > > I've just released a new version of TorK, with quite a few new features. > > The addition of a mixminion client, as well as the facility to manage > anonymous use of Opera and Firefox, broadens TorK's horizons a bit. > > I'm still looking for new ideas/features for TorK so if you can think of > something useful it should have, let me know. > > Screenshots are available at: > > http://www.kde-apps.org/content/preview.php?preview=1&id=39442&file1=39442-1.png&file2=39442-2.png&file3=39442-3.png&name=TorK > > > The highlights for the new release are (you may recognize the changelog > style ;-) ): > > Major Features > o New, improved set-up wizard (incomplete but fully functional). > o Send Anonymous Email using mixminion. > o Browse Anonymously with Firefox > o Browse Anonymously with Opera > o Graphs now show system network traffic on eth* interfaces. > o Link to privoxy configuration. > o Modify appearance of konqueror windows when anonymous browsing > enabled (experimental). > > Minor Features > o Optional 'Paranoid' mode for browsing. > o Improvements to tor network display. > o Make exit nodes in the server list identifiable. > o Improvements to quick launch interface. > o Reverse lookup IP address of servers when displaying their status. > o Better 'guard' icons. > o Better privoxy management. > > > You can try it straight from CVS: > > [handy copy/paste for installing it] > cd ~ > mkdir torkcvs > cd torkcvs > cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/tork co -P tork > cd tork > make -f Makefile.cvs > ./configure > make > su -c 'make install' > > > or download it at: > > http://sourceforge.net/project/showfiles.php?group_id=159836 > > Regards, > Robert > >
Re: TorK 0.13 Released - Many new features
Due to a cock-up on my part, this version of TorK is only compatible with the alpha series of Tor for the time being. Once 'getinfo ns/all' makes it into the stable series, it'll be usable on both again. Apologies if I've inconvenienced any 'stable' users. BTW, will ns/all go into stable anytime soon? Or should I really consider winding back? On Saturday 27 January 2007 22:40, Robert Hogan wrote: > Hi All, > > I've just released a new version of TorK, with quite a few new features. > > The addition of a mixminion client, as well as the facility to manage > anonymous use of Opera and Firefox, broadens TorK's horizons a bit. > > I'm still looking for new ideas/features for TorK so if you can think of > something useful it should have, let me know. > > Screenshots are available at: > > http://www.kde-apps.org/content/preview.php?preview=1&id=39442&file1=39442- >1.png&file2=39442-2.png&file3=39442-3.png&name=TorK > > > The highlights for the new release are (you may recognize the changelog > style ;-) ): > > Major Features > o New, improved set-up wizard (incomplete but fully functional). > o Send Anonymous Email using mixminion. > o Browse Anonymously with Firefox > o Browse Anonymously with Opera > o Graphs now show system network traffic on eth* interfaces. > o Link to privoxy configuration. > o Modify appearance of konqueror windows when anonymous browsing > enabled (experimental). > > Minor Features > o Optional 'Paranoid' mode for browsing. > o Improvements to tor network display. > o Make exit nodes in the server list identifiable. > o Improvements to quick launch interface. > o Reverse lookup IP address of servers when displaying their > status. o Better 'guard' icons. > o Better privoxy management. > > > You can try it straight from CVS: > > [handy copy/paste for installing it] > cd ~ > mkdir torkcvs > cd torkcvs > cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/tork co -P > tork cd tork > make -f Makefile.cvs > ./configure > make > su -c 'make install' > > > or download it at: > > http://sourceforge.net/project/showfiles.php?group_id=159836 > > Regards, > Robert -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - A Tor Controller For KDE - http://tork.sf.net
Re: more letters from the feds
On 1/27/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: Problem still exists though, that Tor needs more exit nodes. If nobody is willing to run an exit server the performance of the network suffers dramatically. If *nobody* is willing to run an exit server the performance drops to zero (at least for all but hidden services). That brings up an idea, though. Are there certain common perfectly legitimate things that exit nodes are being used for, that maybe some hidden services could be set up to take the load off? For instance, one could set up a hidden service to search Google or to read Wikipedia, things which aren't going to attract any negative attention, but which would take the load off an exit server. Or what about a hidden service for reading web pages in general? Something which doesn't support POST (or maybe even GET), so is much less likely to be used abusively. Is this feasible? Anthony
the small review of tor [article on ESpanish]
im send a small review on mexican FS magazine about of the tor proyect . all text on spanish.. http://revista-sl.gnulinux.com.mx/downloads/RevistaSL6.pdf more about the magazine www.revista-sl.org cheerss dud
TorK 0.13 Released - Many new features
Hi All, I've just released a new version of TorK, with quite a few new features. The addition of a mixminion client, as well as the facility to manage anonymous use of Opera and Firefox, broadens TorK's horizons a bit. I'm still looking for new ideas/features for TorK so if you can think of something useful it should have, let me know. Screenshots are available at: http://www.kde-apps.org/content/preview.php?preview=1&id=39442&file1=39442-1.png&file2=39442-2.png&file3=39442-3.png&name=TorK The highlights for the new release are (you may recognize the changelog style ;-) ): Major Features o New, improved set-up wizard (incomplete but fully functional). o Send Anonymous Email using mixminion. o Browse Anonymously with Firefox o Browse Anonymously with Opera o Graphs now show system network traffic on eth* interfaces. o Link to privoxy configuration. o Modify appearance of konqueror windows when anonymous browsing enabled (experimental). Minor Features o Optional 'Paranoid' mode for browsing. o Improvements to tor network display. o Make exit nodes in the server list identifiable. o Improvements to quick launch interface. o Reverse lookup IP address of servers when displaying their status. o Better 'guard' icons. o Better privoxy management. You can try it straight from CVS: [handy copy/paste for installing it] cd ~ mkdir torkcvs cd torkcvs cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/tork co -P tork cd tork make -f Makefile.cvs ./configure make su -c 'make install' or download it at: http://sourceforge.net/project/showfiles.php?group_id=159836 Regards, Robert -- KlamAV - An Anti-Virus Manager for KDE - http://www.klamav.net TorK - An Anonymity Manager For KDE - http://tork.sf.net
Re: more letters from the feds
On Sat, Jan 27, 2007 at 11:12:01AM -0500, [EMAIL PROTECTED] wrote: > Problem still exists though, that Tor needs more exit nodes. If nobody is You can buy a fast exit server, and choose it as your default exit. You can also build a private Tor network, and limit it to paying customers. (I'm welcome to suggestions as to which jurisdicions are most suitable in that respect). > willing to run an exit server the performance of the network suffers > dramatically. I personally find the performance of the network to be > almost unusable, so I choose other pay-for anonymity services. This is Which ones do you use? How much do they charge? > not a bash of Tor or its design, but as we all know there are simply not > enough servers running to handle the amount of clients. So how many exit nodes are you running? > Perhaps someone could draft a generic response letter to be sent to law > enforcement if a server operator is contact and post it online or even > include it in the package. It doesn't matter what you write, if your local jurisdiction outlaws e.g. pedophilia or persecutes online fraud and is serious about it you will receive more attention from LEOs and lawyers than you're comfortable with. Which is main reason why I'm no longer running an exit node. -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Not enough exit nodes? (was Re: more letters from the feds)
On Jan 27, 2007, at 11:12:01, [EMAIL PROTECTED] wrote: Problem still exists though, that Tor needs more exit nodes. If nobody is willing to run an exit server the performance of the network suffers dramatically. I personally find the performance of the network to be almost unusable, so I choose other pay-for anonymity services. This is not a bash of Tor or its design, but as we all know there are simply not enough servers running to handle the amount of clients. Pardon me if this has been answered, but has it been shown for sure that the major cause of Tor's slowness is lack of exit nodes? Anecdotally, I seem to find Tor's bandwidth to be adequate, but latency is a greater problem. I seem to remember someone recently saying that a lot of the slowdown is from slow encryption/decryption processing on server nodes, be they exit or middlemen. If the problem is not bandwidth, would more servers help, or do we need faster servers (as in CPU speed)? Perhaps the latency is simply something that cannot be avoided, since it seems to me connections over Tor are going to have at least triple the latency of a direct connection. In any case, I don't think more servers hurts the network (though query if it brings down the average speed of the network), so the generic response letter suggested by patgus would probably be a good idea. /jgt -- http://tamboli.cx/ PGP Key ID: 0x7F2AC862B511029F
Re: more letters from the feds
Problem still exists though, that Tor needs more exit nodes. If nobody is willing to run an exit server the performance of the network suffers dramatically. I personally find the performance of the network to be almost unusable, so I choose other pay-for anonymity services. This is not a bash of Tor or its design, but as we all know there are simply not enough servers running to handle the amount of clients. Perhaps someone could draft a generic response letter to be sent to law enforcement if a server operator is contact and post it online or even include it in the package. > It might be easier for you to have the tor traffic routed through a > gateway machine and have it limit bandwidth. > > On 1/11/07, gabrix <[EMAIL PROTECTED]> wrote: >> xiando wrote: >> >> I think this is a valid point. I ran an exit-node for a short while >> at >> home >> >> without thinking too much about it. The huge amount of traffic I was >> >> attracting (even within minutes of booting up) made me shut it off >> for >> the >> >> sake of personal convenience, but I don't think I will ever go back - >> >> >> > >> > Use bandwidth limiting? >> > >> > BandwidthRate 45 KB >> > BandwidthBurst 95 KB >> > >> > This is low, but that's all I can spare on my home ADSL, and at least >> it >> > contributes something. Limit your home node and it don't attract more >> than >> > you can spare. Also, you can lower it temporarily (the minimum is 20 >> KB) >> and >> > just -HUP tor if you need to upload a big file somewhere or something >> like >> > that. >> > >> > >> >> explaining to the authorities why child porn/terrorist manuals/online >> fraud >> >> appear to have originated from my home IP is not an edifying >> prospect, to >> >> say the least. >> >> >> > >> > This is something you need to consider if you're going to run a exit >> node, >> you >> > may have to face legal problems running a Tor exit server. If you are >> not >> > willing to do it then don't. My view is that if it ever comes to that >> then >> > I'll just face the legal problems, for in my view it won't be a matter >> of >> > >> > me vs. the state >> > >> > it'll be a matter of >> > >> > freedom (of speech) vs the state >> > >> > and if freedom vs the state has to be tried with my being involved >> then >> I'll >> > do it. >> > >> > >> >> These days I generally run a middle-man node but even that has >> started to >> >> feel inappropriate for home use. I would be amazed if regular >> appearances >> >> on directory servers does not blink wildly on some form of >> institutional >> >> radar, low-hanging fruit and all that. >> >> >> > >> > Middle-man don't exit any traffic. If someone puts you on a list >> simply >> for >> > _relaying_ encrypted traffic from A to B then that's just insane, but >> if >> > someone wants to do it, then go ahead. I really don't see how running >> a >> > middle-man node could get you into any kind of trouble (but what do I >> know). >> > >> > Has anyone ever got into trouble for running a middle-man node? >> > >> > >> >> * From a common-sense, peace-of-mind point of view, is running an >> exit-node >> >> strictly for co-located servers? Does anyone here run one at home? If >> so, >> >> have you had second thoughts? >> >> >> > >> > I run exit nodes co-located and also on my home ADSL. I don't have any >> second >> > thoughts, but as said, I am aware that I may get into legal trouble >> and >> I'm >> > 100% willing to face that if it comes to it - because, as said, I view >> that >> > as something that would be Freedom vs Tyranny, allowing Tor-servers >> vs. >> > forbidding them, not something that really has anything to do with me >> (apart >> > from my name being on the legal action because I run a tor-server, but >> the >> > case itself won't be me vs. the state, it'll be Tor vs. the state). >> > >> > >> >> * Are tor-at-home users who run middleman servers out of the goodness >> of >> >> their heart possibly exposing themselves to unwanted attention? Do we >> have >> >> any evidence of such attention, anecdotal or otherwise? >> >> >> > >> > Very good question. You'll be on the list of tor-servers, but I see no >> > other "attention" you could get. >> > >> > >> >> I had run an exit node as middle-man for about 5 mounthes and i never >> got into any kind of legal troubble apart that normal operations like >> browsing were impossible even bandwidth limiting >> BandwidthRate 20KB and BandwidthBurst 20KBthe minimum possible.I hope >> with new versions of tor , bandwidth limiting improved because when i >> used it, it didn't seem much to work .My isp says i have a 2MB >> connection in download but it never goes up 500KB-700KB most of the >> time.I was really disappointed to stop my middle-man but i had to .Let >> me know how you find bandwidth limiting once you start because you >> better start and try yourself , hasta siempre !!! >> >> >> >> >
Re: tor and p2p
On Wed, Jan 24, 2007 at 08:58:28PM +0100, Nils Vogels wrote: > This makes it very unlikely that any overlay network would ever be capable, > be it technologically or economically, to become big in p2p transports. "Ever" is a strong word. I agree in the context of the next few years, but I doubt that this is the case in general: 1. Demand for P2P filesharing is not infinite. 2. The perceived marginal benefit of additional bandwidth decreases as bandwidth increases. Once the underlying transport is fast enough (bear in mind that the core of the Internet is overprovisioned), the additional cost of onion routing may become tolerable. signature.asc Description: Digital signature
the small review of tor [article on ESpanish]
im send a small review on mexican FS magazine about of the tor proyect . all text on spanish.. http://revista-sl.gnulinux.com.mx/downloads/RevistaSL6.pdf more about the magazine www.revista-sl.org cheerss dud --
