Re: Building tracking system to nab Tor pedophiles
On 3/6/07, Roger Dingledine [EMAIL PROTECTED] wrote: ... So the moral of the story appears to be turn the plugins off, period. The broader moral is: don't run code from strangers on your computer. The even broader moral would be to lament that we're still not using SSL on most Internet interactions. the depths of just how badly security in general sucks well captured. at least some areas of the technology landscape are showing signs of improvement. bitfrost and mac(with parrallels?). otherwise, the capriciousness of users encouraged by the inherent architectural vulnerabilities sold in mass quantity by vendors more concerned with profit and appearance than customer vulnerabilities ensures lots of targets... i need a drink... *g* And maybe the fourth is that we (somebody here) should work on easy instructions for locking down common OS network interfaces so only Tor communications can get through. Or Tor LiveCDs that have that already done. Or VM images that can be run as routers between your computer and the Internet. ah, at least this can be worked on in a straightforward fashion. (unlike transnational market forces with lots of momentum :) and even various combinations of the above for additional compartmentalization without excessive overhead. some relevant links: http://virt.kernelnewbies.org/TechComparison http://wiki.laptop.org/go/Bitfrost (btw: if anyone has some bandwidth they would like to donate for janusvm dev torrents please email me so i can contact you for early seeding...)
Re: Building tracking system to nab Tor pedophiles
OK, we heard a lot of technical details, I'll cover the non-tech part of it. On 3/7/07, Fergie [EMAIL PROTECTED] wrote: Comments? Yes, it's stupid. First, the legal issues. What he does is overtaking a TOR-user's machine by malicious code. He's accusing people of being childporn consuments based on the fact that *some* childporn keyword was found - we all know how good that works! (just have a look at the available internet filtering-software out there). I don't know about other countries legislations but evidences which weer gathered illegally are worth shit at court. So if you got a real child molester he'll be found not guilty and when you find just some innocent dude you're still going to destroy his personal life. Just the rumor oh, that dude does child-porn is enough to destroy a lot of personal relationsships. Secondly: It's harming the TOR-project in two ways: * TOR will lose valuable reputation and the rest of the world will denounce us of bigotry. * If the anti-child-porn patch will be applied the next lobby-group will demand a backdoor. Why not the PETA? They could as for all customers who bould furry clothes online. It's for the animals! Why not the RIAA or MPAA? It's for the better good and the artists! The idea is - and sorry for my language - a big pile of crap. Just my 2c, Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institute, 1901.
Re: Building tracking system to nab Tor pedophiles
On Wed, Mar 07, 2007 at 02:50:34PM +0100, Alexander W. Janssen wrote: OK, we heard a lot of technical details, I'll cover the non-tech part of it. On 3/7/07, Fergie [EMAIL PROTECTED] wrote: Comments? Yes, it's stupid. Well, it sounds like a pretty thorough implementation of a well-known attack. If the goal was getting press coverage, it's successful. If the goal was let's embed a scripting language in everything! then it's also a success there. If the goal was getting talks at hacker cons, then I bet it will work fine. These are all laudable goals, and I sympathize with them all as far as they go. But if the goal were actually to send criminals to jail, then I rather suspect that the fellow would've had a talk with law enforcement, or a lawyer, beforehand. Similarly, I hope that in his interview, the author of this attack mentioned that the attack depends on bad configuration choices on the part of the user, and that the interviewer just didn't that would be interesting. It would be a bit misleading to say I have an attack on this system when you only have an attack against users using the system wrong. First, the legal issues. What he does is overtaking a TOR-user's machine by malicious code. He's accusing people of being childporn consuments based on the fact that *some* childporn keyword was found - we all know how good that works! (just have a look at the available internet filtering-software out there). Right. I don't see what keyword set you could possibly use to reliably distinguish between real criminals, people reading Nabokov, people reading reports _about_ the real criminals, and fangirls reading harry/ron slashfic online. [...] Secondly: It's harming the TOR-project in two ways: * TOR will lose valuable reputation and the rest of the world will denounce us of bigotry. * If the anti-child-porn patch will be applied the next lobby-group will demand a backdoor. Why not the PETA? They could as for all customers who bould furry clothes online. It's for the animals! Why not the RIAA or MPAA? It's for the better good and the artists! Right. This _is_ a general-purpose attack tool; there's no reason it can't be just as useful for identifying the IPs of misconfigured Tor users looking for information on democracy in China, or for the nearest VD clinic, or for information on how to run for office, or whatever. Snoops everywhere should be pleased. peace, -- Nick Mathewson pgppeRSPxFdbf.pgp Description: PGP signature
Re: Building tracking system to nab Tor pedophiles
On Wednesday, March 07, 2007, at 07:42AM, Roger Dingledine [EMAIL PROTECTED] wrote: On Wed, Mar 07, 2007 at 12:56:22AM -0500, James Muir wrote: http://blogs.zdnet.com/security/?p=114 The approaches suggested won't work if you use Firefox with NoScript set to disable JavaScript, Java, Flash and any other plugins. You still have to be careful though -- if you enable them for some domains that you trust (say, foo.com), then you can still get nailed when you visit foo.com from an evil exit node, it inserts some malicious applets, and your noscript says well yeah, but the user typed in foo.com, therefore this applet is from foo.com, so I trust it. So the moral of the story appears to be turn the plugins off, period. The broader moral is: don't run code from strangers on your computer. The even broader moral would be to lament that we're still not using SSL on most Internet interactions. And maybe the fourth is that we (somebody here) should work on easy instructions for locking down common OS network interfaces so only Tor communications can get through. Or Tor LiveCDs that have that already done. Or VM images that can be run as routers between your computer and the Internet. --Roger Actually the moral of the story would be to surf using Lynx w/SSL from a Linux or BSD Tor enabled LiveCD. Unfortunately you won't see any pictures or movies so that will eliminate most users who use Tor for private surfing. ;-) Or you could get REALLY secure and just unplug the computers from the net and go outside for some fresh air and get a life! IMHO, Brad
Re: Building tracking system to nab Tor pedophiles
O.K. I've been biting my tongue on this one for a while now. I'll try to keep this short as it is not specifically TOR related As a survivor of childhood sexual abuse. I'm personally getting annoyed by this whole nab the paedophiles thing. for several reasons: 1.) 90+ percent of sexual abuse of children happen from family members or friends of the family.. so wasting huge resources on 10% while blatantly (and blissfully) ignoring the 90%, does society a huge disservice. by focusing the public's attention on the smallest part of the problem and away from the real problems. 2.) I can almost guarantee that his guys key words would trigger on abuse survivors talking in an online support group and I can't even begin to tell you how damaging it would be for an abuse survivor to have to deal with being falsely accused of being a perp. I think what needs to be done here is to create a FAQ or other standard document that will 1.) inform the vastly misinformed public. 2.) list places and ways they can make a difference. I do appreciate that people are actually trying to look at this.. it would just be nice if they were looking at the real problem. in short trying to destroy anonymity (which is necessary for many abuse survivors to begin the healing process) to waste the courts time with illegally obtained evidence, from chasing a small fraction of abusers, while ignoring the real problem and misleading the public while doing so is NOT a service to me nor to society in general. To the people on this list that are all gung ho to stop internet paedophiles I'd suggest you leave TOR alone and get involved with an established group such as perverted justice ( http://www.perverted-justice.com/ ) who have a history of working with law enforcement and making a real difference. Better yet volunteer at your local rape crisis centre. hound your government officials so perps don't walk with a 6 mo sentence after abusing their children for years. etc. I do apologize for the lack of brevity and the slightly OT post. 'nuff said Freemor On Wed, 2007-07-03 at 05:28 +, Fergie wrote: Hmmm. http://blogs.zdnet.com/security/?p=114 Comments? -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ -- Freemor [EMAIL PROTECTED] Freemor [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG signature.asc Description: This is a digitally signed message part
Re: one less onion skin
On Wed, Mar 07, 2007 at 09:29:43AM -0500, Paul Syverson wrote: [...] My kneejerk response is that (a) the overhead from this vs. everything else in Tor is very small, This was one of the major reasons for not doing it at the same time as CREATE_FAST. Assuming that TLS conns are mostly longer-lived than circuits, then circuit PK should strongly dominate link PK. The same amount of data, however, goes over TLS as over circuits. Given those (fuzzy, inaccurate) assumptions, it follows using CREATE_FAST should have been sufficient to get rid of 33% of the server-side PK. Dumping the first circuit hop's AES, however, would only get rid (at best) of 12.5% of server-side AES, so it wasn't as immediately clear of a win. (There are 8 server-side AES operations on all the data now: the first two servers in the circuit need to a TLS decrypt, a circuit decrypt, and a TLS encrypt; the third server does a TLS decrypt and a circuit decrypt.) AES was between 8 and 20% of server CPU time the last time I looked; this change would save at most 2.5% of server CPU, which doesn't really make it seem like low-hanging fruit to me. -- Nick Mathewson pgpIDyZo3wm3Q.pgp Description: PGP signature
Compile error w/0.1.2.9-rc on Kubuntu 6.10
RE: http://archives.seul.org/or/talk/Mar-2007/msg00035.html Mr. Mathewson wrote Again, if any of these warnings actually trigger in the code, please let me know. While not an error specified in the message above I did experience an error when I tried to compile on my Edgy Eft: (I could send the log if you would like) checking for libevent directory... configure: error: Could not find a linkable libevent. You can specify an explicit path using --with-libevent-dir I found a few pages like the following but I couldn't find know how to specify --with-libevent-dir: http://archives.seul.org/or/cvs/Jan-2006/msg00324.html I had the libevent1 package libevent1_1a-1_i386.deb installed before I tried to compile Tor. Am I missing something simple? Cheers The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
Re: Compile error w/0.1.2.9-rc on Kubuntu 6.10
On Wed, Mar 07, 2007 at 10:59:13AM -0800, light zoo wrote: checking for libevent directory... configure: error: Could not find a linkable libevent. You can specify an explicit path using --with-libevent-dir I had the libevent1 package libevent1_1a-1_i386.deb installed before I tried to compile Tor. You probably want a libevent*-dev package installed if you're trying to compile code against the libevent library rather than just using it at runtime. Dave -- Dave Page [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED]
Re: Building tracking system to nab Tor pedophiles
I've seen a VM that routes all traffic over TOR, invisibly to the O/S. (Not sure what they do about UDP). Developed at Georgia Tech. One better .. TOR on OpenWRT on a Linksys router. Tor at the *hardware* level. ~Mike.
Re: Compile error w/0.1.2.9-rc on Kubuntu 6.10
checking for libevent directory... configure: error: Could not find a linkable libevent. You can specify an explicit path using --with-libevent-dir ./configure --with-libevent-dir=/usr/local/lib that got it working for me (also Ubuntu 6.10 here, but the gnome variety)
Re: Building tracking system to nab Tor pedophiles
Thus spake Freemor ([EMAIL PROTECTED]): I think what needs to be done here is to create a FAQ or other standard document that will 1.) inform the vastly misinformed public. 2.) list places and ways they can make a difference. Excellent post, even if slight off-topic. As suggested on IRC, I think the Tor documentation strategy needs to be rethought. Most people barely read the download page, let alone the reems of FAQ questions. We've had two attacks now on Tor that rely on unmasking users who use Tor incorrectly. One of them actually published a paper and had decent results at unmasking this way (mostly Asian users who probably can't read our english mailinglist or english FAQ), and the media still doesn't seem to understand that these attacks are well documented. The Tor download page should have a concice Things to know before downloading section that lists a few key points about the most easy ways your identity can be revealed through Tor. Something like Things to know before you download Tor: - Browser plugins can be made to reveal your IP. - This includes Flash, Java, ActiveX and others. - It is recommended that you use FireFox and install the extensions NoScript, QuickJava, and FlashBlock to control this behavior if you must have these plugins installed for non-Tor usage. - Make sure your browser settings have a proxy listed for ALL protocols (including Gopher and FTP). - For further details, please consult the Tor FAQ. Maybe this will stop the same attack from hitting the blogosphere every 2 months. Even better, maybe it will stop that attack from actually working.. -- Mike Perry Mad Computer Scientist fscked.org evil labs
Re: Building tracking system to nab Tor pedophiles
As suggested on IRC, I think the Tor documentation strategy needs to be rethought. Most people barely read the download page, let alone the reems of FAQ questions. We've had two attacks now on Tor that rely on unmasking users who use Tor incorrectly. One of them actually published a paper and had decent results at unmasking this way (mostly Asian users who probably can't read our english mailinglist or english FAQ), and the media still doesn't seem to understand that these attacks are well documented. The Tor download page should have a concice Things to know before downloading section that lists a few key points about the most easy ways your identity can be revealed through Tor. Something like Things to know before you download Tor: - Browser plugins can be made to reveal your IP. - This includes Flash, Java, ActiveX and others. - It is recommended that you use FireFox and install the extensions NoScript, QuickJava, and FlashBlock to control this behavior if you must have these plugins installed for non-Tor usage. - Make sure your browser settings have a proxy listed for ALL protocols (including Gopher and FTP). - For further details, please consult the Tor FAQ. I had advocated something similar some time ago. Actually what I proposed was that some sort of test server be set up. I know there are already many of them, but I was thinking that there could be testing stages in an install wizard (or a post-install testing wizard) that takes the user through various tests and what to do in response to results. I know a lot of work, maybe another suggestion to be listed on the volunteer page or a candidate for summer of code? As a new user (about a week now) and without much of a background, hopefully I can offer some insight. The installation and documentation to get up and started is very helpful, especially the screen shots. However I am lost with Privoxy configuration, e-mail config (especially about the smtp port 465 in Thunderbird), and if.. how.. and when I need to modify modify the torrc file. I have subscribed to all the lists and am doing my best to absorb the info. I usually learn new programs by futzing with them until I have learned the ins and outs. However, this is different because the learning curve could do some damage (stories of how Tor users were not protected). My suggestions/responses to help protect green users like me from those who can take advantage of our lack of information are: - A hold your hand walk through of add ons to Firefox and Thunderbird to be installed before attempting to use the programs ( just like the set info instructions, they were great) - A few predefined configurations of Privoxy, Noscript etc. with a WALK THROUGH on how to access them, what they mean and how to tweak them in the future. - The test server sounds like a great idea. I keep reading about things which break pages and reveal your identity but I have no idea if it is actually happening. Is there a way to set an alert which notifies the user that his/her anonymity has been compromised? - Again, a list of IMPORTANT things you should not do is a great idea. I don't know if I can use another browser without privoxy etc installed after I have disconnected from Tor and wish to surf as I did previously. Is that bad? I am also pretty sure that I should not use any other programs which don't go through Tor while I am connected to Tor. Is it ok to use them after I disconnect? The takeaway from my rambling is that compromises to security and the networks reputation are going to come from users like me, not from a developer or experienced user. To maintain integrity it is a good idea to devote time to developing better walk throughs regarding use after initial setup and to help new users from hurting themselves or the reputation of the network. Jay
Re: Building tracking system to nab Tor pedophiles
Thus spake Paul Syverson ([EMAIL PROTECTED]): I don't think it was off topic. To repeat what I already said in an individual response. I think it was not OT since your post addressed the reality of a situation for which people were designing Tor modifications and deployments and you evaluated their applicability to intended application. Good. Solid post all around then. I had advocated something similar some time ago. Actually what I proposed was that some sort of test server be set up. I know there are already many of them, but I was thinking that there could be testing stages in an install wizard (or a post-install testing wizard) that takes the user through various tests and what to do in response to results. I know a lot of work, maybe another suggestion to be listed on the volunteer page or a candidate for summer of code? You dream big (not sure which is the bigger dream ;) Heheh, well speaking of dreaming big, while both what you and Jason Edwards said are great goals to have, I think we shouldn't get distracted from stopping the bleeding now with a few sentences right up front while something more elaborate is devised (or a volunteer steps up). The problem is if it isn't right on the download page and translated into most languages, people will just assume they are good to go without bothering to read the FAQ until something breaks (as Jason pointed out). I also fall into this category with most software (even stuff I develop for ;). -- Mike Perry Mad Computer Scientist fscked.org evil labs
Re: Building tracking system to nab Tor pedophiles
Heheh, well speaking of dreaming big, while both what you and Jason Edwards said are great goals to have, I think we shouldn't get distracted from stopping the bleeding now with a few sentences right up front while something more elaborate is devised (or a volunteer steps up). The problem is if it isn't right on the download page and translated into most languages, people will just assume they are good to go without bothering to read the FAQ until something breaks (as Jason pointed out). I also fall into this category with most software (even stuff I develop for ;). Hear, hear! -James
Re: Building tracking system to nab Tor pedophiles
On Wed, Mar 07, 2007 at 09:53:08PM -0500, James Muir wrote: Heheh, well speaking of dreaming big, while both what you and Jason Edwards said are great goals to have, I think we shouldn't get distracted from stopping the bleeding now with a few sentences right up front while something more elaborate is devised (or a volunteer steps up). The problem is if it isn't right on the download page and translated into most languages, people will just assume they are good to go without bothering to read the FAQ until something breaks (as Jason pointed out). I also fall into this category with most software (even stuff I develop for ;). Hear, hear! Yes. Three cheers. I think this is a fine interim thing to do. Maybe I'm overly sold on install wizards but I think a step in the install that says something about not being secure against responding web sites by default and a pointer to a couple of things to do before continuing is probably going to catch more people than anything on the download page. Of course there will still be some (most?) people who will just say yeah, whatever and click continue. But this is an interim idea. (Now someone has to write installers in every language. Perhaps _that_ could be added to the volunteer page. In the interim interim, something on the download page will get caught be our volunteer translators sooner than anything I said above). aloha, Paul
Re: blog about tor and skype
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 well, 1.) Skype Call Traced http://archives.seul.org/or/talk/Aug-2006/msg00232.html and http://archives.seul.org/or/talk/Aug-2006/msg00252.html also directly relevant to my point 2.) need i mention skype is closed-source? and 3.) when starting Tor, This is experimental software. Do not rely on it for strong anonymity. conclusion: don't mix a weak link with a weaker link and expect a reliable chain :) -BEGIN PGP SIGNATURE- iD8DBQFF74yZXhfCJNu98qARCGFmAKCODG3fE8GGYFrSxmZ8l3MHicpbmgCgvBms 4BFNKWNyB7Pl7TaKk6GarXo= =0hXP -END PGP SIGNATURE-
Re: Building tracking system to nab Tor pedophiles
On Wed, Mar 07, 2007 at 10:35:54PM -0500, Paul Syverson wrote: On Wed, Mar 07, 2007 at 09:53:08PM -0500, James Muir wrote: Heheh, well speaking of dreaming big, while both what you and Jason Edwards said are great goals to have, I think we shouldn't get distracted from stopping the bleeding now with a few sentences right up front while something more elaborate is devised (or a volunteer steps up). The problem is if it isn't right on the download page and translated into most languages, people will just assume they are good to go without bothering to read the FAQ until something breaks (as Jason pointed out). I also fall into this category with most software (even stuff I develop for ;). Hear, hear! Yes. Three cheers. I think this is a fine interim thing to do. Maybe I'm overly sold on install wizards but I think a step in the install that says something about not being secure against responding web sites by default and a pointer to a couple of things to do before continuing is probably going to catch more people than anything on the download page. Of course there will still be some (most?) people who will just say yeah, whatever and click continue. But this is an interim idea. (Now someone has to write installers in every language. Perhaps _that_ could be added to the volunteer page. In the interim interim, something on the download page will get caught be our volunteer translators sooner than anything I said above). Now that we all agree, could somebody draft the statement as a patch for the download page source at http://tor.eff.org/svn/website/en/download.wml ? Who will be first to get their patch to [EMAIL PROTECTED] Whose patch will be best? Only you can decide! ;) peace, -- Nick Mathewson pgpKRAgRueFPB.pgp Description: PGP signature