Re: PHP coder needs Tor details
I've found put that if I want to make nobody utilize Tor I must submit FULL path to Tor Like: /usr/local/bin/tor If I just type tor than it doesn't work. Now, when I try to execute Tor command like nobody I get this message: [notice] Tor v0.1.1.26. This is experimental software. Do not rely on it for strong anonymity. [notice] Configuration file /usr/local/etc/tor/torrc not present, using reasonable defaults. Initialized libevent version 1.2a using method kqueue. Good. Error creating directory //.tor: Permission denied Failed to parse/validate config: Couldn't access/create private data directory //.tor Last 2 rows are confusing me -what should I do? - No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started.
Re: PHP coder needs Tor details
Mr. Blue wrote: I've found put that if I want to make nobody utilize Tor I must submit FULL path to Tor Like: /usr/local/bin/tor If I just type tor than it doesn't work. Now, when I try to execute Tor command like nobody I get this message: [notice] Tor v0.1.1.26. This is experimental software. Do not rely on it for strong anonymity. [notice] Configuration file /usr/local/etc/tor/torrc not present, using reasonable defaults. Initialized libevent version 1.2a using method kqueue. Good. Error creating directory //.tor: Permission denied Failed to parse/validate config: Couldn't access/create private data directory //.tor Last 2 rows are confusing me -what should I do? Tor needs to create a directory where it can store network data. It tried to create one at //.tor, but it does not have the necessary permissions. You need to tell Tor someplace where it has permission to create a directory. Have you had a look at the sample torrc file that comes with the tor source? It is quite helpful. Here is an excerpt: ## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. #DataDirectory /usr/local/var/lib/tor So add a line like this to your torrc file: DataDirectory /path/to/where/nobody/can/write/tor (that's nobody as in the username nobody). You can also specify this as a command line parameter -- read the tor man page to see how to do that. -James
Re: PHP coder needs Tor details
Thank you VERY much! Main problem is that I've never been aware of DataDirectory And in my torrc file is commented out so I'll uncomment it and alter it if needed. James Muir [EMAIL PROTECTED] wrote: Mr. Blue wrote: I've found put that if I want to make nobody utilize Tor I must submit FULL path to Tor Like: /usr/local/bin/tor If I just type tor than it doesn't work. Now, when I try to execute Tor command like nobody I get this message: [notice] Tor v0.1.1.26. This is experimental software. Do not rely on it for strong anonymity. [notice] Configuration file /usr/local/etc/tor/torrc not present, using reasonable defaults. Initialized libevent version 1.2a using method kqueue. Good. Error creating directory //.tor: Permission denied Failed to parse/validate config: Couldn't access/create private data directory //.tor Last 2 rows are confusing me -what should I do? Tor needs to create a directory where it can store network data. It tried to create one at //.tor, but it does not have the necessary permissions. You need to tell Tor someplace where it has permission to create a directory. Have you had a look at the sample torrc file that comes with the tor source? It is quite helpful. Here is an excerpt: ## The directory for keeping all the keys/etc. By default, we store ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. #DataDirectory /usr/local/var/lib/tor So add a line like this to your torrc file: DataDirectory /path/to/where/nobody/can/write/tor (that's nobody as in the username nobody). You can also specify this as a command line parameter -- read the tor man page to see how to do that. -James - Check out the all-new Yahoo! Mail beta - Fire up a more powerful email and get things done faster.
Re: suggestion for 'is my installation of tor working?' page
Nick Mathewson wrote: On Sun, Feb 04, 2007 at 08:58:36PM -0800, Wesley Kenzie wrote: I've got an initial version up now at http://www.showmyip.com/torstatus/ - feedback welcome! More content and links to come! As others have noted, this is really excellent, but there's way too much information there for it to be useful for unsophisticated users. There's no way that my dad, for example could tell that his window width and height identify him far more uniquely than do his User-Agent or his DMA code. Maybe there should be some kind of What I Learned section at the top, with parts like: Javascript said: Your IP is x.y.z.w. (Learn more about how to disable Javascript _here_.), Java said: Your IP is x.y.z.w.: (Learn more about how to disable Java _here_.) That is, sort information by order of significance of disclosure, and for each piece of information, tell users what it means, how much it isolates them, and how to stop disclosing it. Also, is there some way to see, use, and distribute the source for these pages? As long as you operate them, yours will of course be most popular, but my free software instincts make me ask what do we do if Wesley is unavailable for a while? Along with having a web page which attempts to educate Tor users about the dangers of executing Java, JavaScript, Flash, etc. in their browsers, I think there also needs to be a stronger warning about this on the main Tor web site (tor.eff.org). There is a warning on the wiki but this is something that's important enough to promote to the main page (and have translated). There are Java and Flash applets that, when run in a Tor user's browser, will open non-proxied connections back to their originating web sites and thus expose a user's real IP address. This is, I think, the most serious threat to Tor users who don't disable these in their browsers -- never mind fingerprinting my machine by capturing my screen resolution, etc. with JavaScript. The NoScript extension with FireFox works great -- it disables all scripts and plugins. I hope people who really need anonymity are using these. However, I expect that many are using IE. I don't run Windows, but I would guess that there probably isn't an easy way to disable Flash in IE. A clear warning with the Tor client installation instructions might help new Tor users better protect their anonymity. -James
Re: suggestion for 'is my installation of tor working?' page
I agree, people are working on network-wide attacks (which is great) but the biggest and most obvious risk to user privacy/anonymity is scripts. Perhaps firefox and noscript should come bundled and configured? Ringo Kamens On 2/15/07, James Muir [EMAIL PROTECTED] wrote: Nick Mathewson wrote: On Sun, Feb 04, 2007 at 08:58:36PM -0800, Wesley Kenzie wrote: I've got an initial version up now at http://www.showmyip.com/torstatus/ - feedback welcome! More content and links to come! As others have noted, this is really excellent, but there's way too much information there for it to be useful for unsophisticated users. There's no way that my dad, for example could tell that his window width and height identify him far more uniquely than do his User-Agent or his DMA code. Maybe there should be some kind of What I Learned section at the top, with parts like: Javascript said: Your IP is x.y.z.w. (Learn more about how to disable Javascript _here_.), Java said: Your IP is x.y.z.w.: (Learn more about how to disable Java _here_.) That is, sort information by order of significance of disclosure, and for each piece of information, tell users what it means, how much it isolates them, and how to stop disclosing it. Also, is there some way to see, use, and distribute the source for these pages? As long as you operate them, yours will of course be most popular, but my free software instincts make me ask what do we do if Wesley is unavailable for a while? Along with having a web page which attempts to educate Tor users about the dangers of executing Java, JavaScript, Flash, etc. in their browsers, I think there also needs to be a stronger warning about this on the main Tor web site (tor.eff.org). There is a warning on the wiki but this is something that's important enough to promote to the main page (and have translated). There are Java and Flash applets that, when run in a Tor user's browser, will open non-proxied connections back to their originating web sites and thus expose a user's real IP address. This is, I think, the most serious threat to Tor users who don't disable these in their browsers -- never mind fingerprinting my machine by capturing my screen resolution, etc. with JavaScript. The NoScript extension with FireFox works great -- it disables all scripts and plugins. I hope people who really need anonymity are using these. However, I expect that many are using IE. I don't run Windows, but I would guess that there probably isn't an easy way to disable Flash in IE. A clear warning with the Tor client installation instructions might help new Tor users better protect their anonymity. -James
Re: suggestion for 'is my installation of tor working?' page
On Fri, Feb 16, 2007 at 12:08:31AM -0500, James Muir wrote: [...] The NoScript extension with FireFox works great -- it disables all scripts and plugins. I hope people who really need anonymity are using these. However, I expect that many are using IE. I don't run Windows, but I would guess that there probably isn't an easy way to disable Flash in IE. A clear warning with the Tor client installation instructions might help new Tor users better protect their anonymity. Good idea! Send in a patch, and I'll clean it up and check it in. It doesn't need to include IE instructions; somebody else can send them in later if they know then answer. yrs. -- Nick Mathewson pgpBeUtpGAd3v.pgp Description: PGP signature