Re: Tor Server Affecting Net Access
You have total transfer per day limited, but do you have total transfer per second limited using BandwidthRate and BandwidthBurst? From my /etc/tor/torrc BandwidthRate 75 KB AccountingStart day 12:00 AccountingMax 1 GB -- To the agents of the N.S.A. reading this email: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. 4th Amendment to the United States Constitution.
Re: Hidden services
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi JT, I read the docs and slides on hidden services. But I still don't quite get it. Maybe I can help you with this. On slide 19 it looks as if there was only one hop between the client and the server. Is this the case or has the diagram been simplified? All connections to introduction and rendezvous points are sender-anonymous. This is depicted by the big onions on the slides. These connections consist of more than one hop just as with circuits to public servers. The standard hop count for each sender-anonymous connection is 3. If only client and server are for real and the all tor servers along the path are compromised then can the operator find out what the hidden service is offering and who is communicating. Well, if _all_ Tor servers in the path from a client to a hidden server were compromised, they could find out that the two are communicating. Communication between the two is still end-to-end encrypted from the client's to the server's Tor node. But the adversaries could make an own attempt to connect to the hidden server and find out what it is offering. Anyway, we are talking about at least 6 routers of which 3 are picked by the client and 3 by the hidden service. So, it's not so likely that they are all compromised. In fact, this is what Tor relies on. I think, you should not be too nervous about that kind of attack. Inside the Tor network(not using exits) everything is encrypted, right?! So does the last node in the path, connected to the hidden service know, that it is talking to a hidden service? As far as I understand hidden services can be run by servers and clients. The last node in the circuit, which is closest to the hidden server, does not know that it is talking to the hidden service. The hidden server opened a circuit to that router as done with every other circuit. So, this router cannot conclude what the hidden server is doing. It could also be - which is more likely - a usual client. If you are more interested in attacks on this, you might want to read the paper by Ă˜verlier and Syverson on locating hidden servers. Hope this helps. Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGA5qm0M+WPffBEmURAnRiAKCi0SCx4kD7nqh/7Y1zAFtFOZO7BgCffIMP UpT0Vm7Bs7OUu9wn1UDsMCc= =9Lkd -END PGP SIGNATURE-
Re: Tor Server Affecting Net Access
It could be that your router is struggling with the amount of connections Tor generates. Consumer class routers are known to have a relatively low number of max. connections or connections per second. You have total transfer per day limited, but do you have total transfer per second limited using BandwidthRate and BandwidthBurst? From my /etc/tor/torrc BandwidthRate 75 KB AccountingStart day 12:00 AccountingMax 1 GB -- To the agents of the N.S.A. reading this email: The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. 4th Amendment to the United States Constitution.
Re: Ultimate solution
On Fri, 23 Mar 2007 20:13:30 +0800, Tin Tin [EMAIL PROTECTED] said: why spend hundreds and thousands of hours of coding? Torpark is a start, no? Thx but no thx. 1) Torpark is only for windows 2) Torpar is commercial 3) no distributed trust 4) they want you to install flash player for an online tutorial 5) stuck up marketing people say it is offshore. offshore from what? antarctica? 6) they advertise that Torpark was developed by Hackers. a statement like that attracts the wrong people A browser that leaves no traces is great, yes. I don't believe in commercial anonymity solution. Companies can develop lots of great useful software but an anonymity service needs to be open source, not bound to one jurisdiction, decentral and dedicated to security(not already telling people to install dangerous software like flash) before they even signed up. How professional is that? I still believe Tor must be bundled with a browser that is perfectly configured to be run with Tor. Nothing commercial. Along with a webserver that starts with Tor and is also preconfigured by Tor experts(maybe we can bring an Apache expert into the Tor team). Every user must be a router giving a certain percentage of their bandwidth otherwise Tor will not work. The people that object to this can choose to use different software. But I doubt that there would be any. Looks at all the P2P networks. People give their bandwith because there is no other way. Nobody complains. -- emule Also, I just searched 7 different security communities for the keyword Tor. On 6 of them people asked if there was anything faster than Tor. The number of Tor servers will increase extremey slowly with the current implementation. Only experts that can figure out how to setup a server will contribute to the speed. I am not a computer genius but it took me a while to figure out how a Tor server works. Now how can a noob run a Tor server. Only if he is one by default. But now imagine a total computer noob with and extremely fast connection who just joined the network. He will doesn't know anything about the internal workings of Tor and he doesn't have to and still he can contribute so much to make Tor better by contributing his very fast internet connectin. If every user has a chance to use a webserver that is already ready to go a real tor internet will start to evolve and people won't need to exit the Tor network. There won't be time to check out www pages if there are tons of Tor pages. :) Also if the client base becomes the router base the distributed trust explodes. The biggest contributers in terms of server right now are USA and Germany. If they ban anonymity services in Germany(which is not so unlikely) it is going to be a problem for the network. But if every user is a router, then even a grandma in Kenia whose nephew set up her Tor software or an internet cafe in Chile can contribute to distributed trust without having to configure anything. The number of possible circuits would explode. And nobody could just start a boulder type attack. -- JT [EMAIL PROTECTED] -- http://www.fastmail.fm - Does exactly what it says on the tin
Re: [or-talk] Tor Server Affecting Net Access
On Thu, Mar 22, 2007 at 11:54:11PM -0700, [EMAIL PROTECTED] wrote: snip However, if the issue is simply that having a couple hundred people's tor traffic running on your home DSL connection just gums up the works, and even segregating the tor server to its own IP won't address the issue, then I may have to sadly stop running it as I have to keep everything else functioning too. Thanks for any suggestions. First note -- I've noticed that the IP I'm using for my exit node is defintely blocked some places. I've not noticed any effects on the other IP's, so it doesn't look like anyone is going through the insanity of knocking out whole subnets yet, but... Anyway, I'm assuming people are simply blocking all servers in the TOR directory listing... Or have people observed that non-exit nodes are actually not being blocked? (my point here being that you should probably consider the additional static IP anyway...) The IP address probably won't help your bandwidth issue though. You could try turning down your bandwidth rate from 75KB and see if ths helps, but that should be sufficiently low to keep things from grinding to a halt (I personally noticed that I could run apps like bittorrent at 80+% of my home bandwidth without killing online games and VoIP). I'll admit the possibility that the max connections per second issue is a problem for a home gateway... but my exit server is on a fairly low-power machine (Linux/UltraSPARC 300mhz box), which is actually comparable to some home routers these days in sheer MIPS. Call me paranoid, but I'd actually be a little concerned about upstream traffic shaping from your ISP if they're trying to throttle back file sharers at the like. Ok, probably not a helpful message for troubleshooting, just my own $0.02. -- Sam
Re: Ultimate solution
Thank you JT, you expressed so eloquently what I have been thinking. Yes, please come out with a ready server package. I am a noob who sometimes don't even understand the messages in the log (and not at all the debug log). I have been trying to get my boxes to run as servers for weeks. No luck. And I don't know where and how to get help. I am very grateful for the security tor has given me, and would like to contribute to the community instead of just taking, taking. It would be great if we could have a default server package. ___ New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at the Yahoo! Mail Championships. Plus: play games and win prizes. http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk
Exit Node vs. Middleman Requirements
Just wondering, is the Tor network in need of more bandwidth\servers? If so, are more exit-nodes or middle-man nodes required? - Expecting? Get great news right away with email Auto-Check. Try the Yahoo! Mail Beta.
Re: Exit Node vs. Middleman Requirements
Rouslan Nabioullin wrote: Just wondering, is the Tor network in need of more bandwidth\servers? yes! If so, are more exit-nodes or middle-man nodes required? more exit nodes, because every exit node can be a middleman morphium
Re: Tor Server Affecting Net Access
On Fri, Mar 23, 2007 at 01:54:38AM -0700, [EMAIL PROTECTED] wrote: You have total transfer per day limited, but do you have total transfer per second limited using BandwidthRate and BandwidthBurst? From my /etc/tor/torrc BandwidthRate 75 KB AccountingStart day 12:00 AccountingMax 1 GB Suggestions, to try in order. Let me know which one of these solves it, so we have another data point. :) 1) Add BandwidthBurst 75 KB to your torrc too. Right now your BandwidthBurst is at the default, which is 6 MB, which is certainly enough to saturate your upstream during bursts. 2) Upgrade to 0.1.2.12-rc, or if you can't, turn off your DirPort. The 0.1.1.x release only rate limits incoming traffic, whereas 0.1.2.x rate limits both, including handling directory traffic well. Outgoing traffic is probably causing your problem, whatever it is. 3) Try reducing the number 75 to a lower number. Maybe you don't have the upstream bandwidth you think you have. 4) Drake had a good question, which was does having Tor running degrade your connectivity even when it's known to be hibernating? 5) Your DSL router may have problems handling hundreds of TCP connections at once. Are you running the most recent bios? I don't think getting a separate IP will do much. But hey, if you get to this point in the list, who knows. :) But once you've figured out the issue, yay exit nodes, we could use more. Hope that helps, --Roger
Re: Exit Node vs. Middleman Requirements
On Fri, Mar 23, 2007 at 09:14:03PM +0100, morphium wrote: Rouslan Nabioullin wrote: Just wondering, is the Tor network in need of more bandwidth\servers? yes! If so, are more exit-nodes or middle-man nodes required? more exit nodes, because every exit node can be a middleman Right. We have something like 900 Tor servers right now, and they're trying to handle traffic from a few hundred thousand active users pushing perhaps a gigabit of traffic each way on average. That's not a good ratio. :) Around a third of the available bandwidth is from exit nodes. So we could sure use more exit nodes too. --Roger
Re: Ultimate solution
I've been watching this thread with some interest and just wanted to add my view to the discussion. I think there is a real danger in making TOR too easy. Yes, I do understand that Microsoft and others have created a world of people that want every program to function completely with 3 clicks. For some applications this is a laudable goal. However, when one is dealing with a program that deals with security or anonymity I think it is important that people who intend to use the program take the time and effort to learn. They need to learn what it does, what it doesn't do, how it does it, how it is circumvented, how to check if it is working correctly, etc. One of the major reasons there is so much tracking of personal data on the web is most users lack of responsibility for their own privacy and security. For these reasons, my concern is that making TOR a 3 click wonder will not only further propagate this some one else will worry about my privacy/security for me thinking and ultimately would lead people to a false sense of security because they wont properly understand the TOR network, and will blissfully find ways to make their computer leak more then a bucket with no bottom, all the while thinking oh, it's fine, I've got TOR on, I can see the icon in the systray right there. I feel that rather then head down the 3 click wonder path, it would be better to invest time in reminding users that we are talking about their security, or their anonymity, that as such it is their responsibility, and decidedly worth the time to learn as much as possible about the programs or systems they use to protect it. I would hate to see the day when the TOR team has to waste countless hours and resources to battle complaints that TOR failed to protect me when I insert use that TOR was never intended for. Just my thoughts on the subject Freemor P.s. to the tor Dev's -- Yes, I know TOR is not a security application. That just snuck in there as I deal with computer security regularly and often see the same the computer/internet/isp/mysterious someone should take care of that for me mentality. On Fri, 2007-23-03 at 02:44 -0700, JT wrote: Hi, why spend hundreds and thousands of hours of coding? Is there a browser that doesn't support javascript, java, flash, quicktime, etc but only pictures so one can read html text and pictures and can read a normal newspaper? If there is such a browser why not force Tor users to use it? Make Tor only work with that browser. If Tor wants to be an anonymous communication tool it should come in an entire package. If Tor wants to be successful it MUST come in complete package. 90% of the users use it to surf anonymously, the rest use ftp, chat or whatever. How about instead of telling a user to: install tor and vidalia activate tor install the tor button intstall the noscript install flashblock configure noscript deactivate flash, etc install cookie culler turn off the referer header in the browser etc etc have them just install the package for free communication. That way there is no way they can forget to turn anything off or on. That way every person that uses the Tor package for free communication can benefit from the expertise of the people that release the package. All the hacks that are published are not against Tor but against the users communication package that the users put together himself. Why not help/force internet noobs to be safe. I know it is called the Tor project but why not extend it to a real communication package. Vidalia was as good start. Now one step further!! Is there a free open source browser that could be shipped with the Tor package that is fully configured for anonymous surfing and fine tuned to be most anonymous, set so that it can be only used through Tor? It should be modified so that a noob can not change the settins by accident. I am not a programmer but this is what must happen. If Tor is only supposed to be for technical experts and people that hang out in security forums every day then we should continue as is but if Tor is supposed to be for the masses(more people more distributed trust) then there must be a bundle. A package with everything set up for anonymous browsing where some internet newbie can not possibly reveal his IP by misconfiguration. The user clicks the setup program Tor installs, the Tor browser opens, ready to go. No way the surfer can use that browser without Tor. Such a software package would make Moore's publications completely uncecessary. I wish I could help implement this but I am not a programmer. But this is the only way for Tor to succeed. A software bundle including perfectly configured browser, every user must be a server, and there must be a button with which people can choose to be an exit or not. Right now it is way to difficult. If grandma and grandpa are capable of choosing to be a server or exit nodes then Tor will become
Re: Ultimate solution
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Freemor, What if it was done in a way that educates and informs users, such as how Bastille Linux works? Someone could probably easily create an installer/GUI config program that teaches the user about network security as he uses it. I'm no coder, but I understand a good feature when I see it! This may be why I sometimes act as a buffer between clients and the techies that can't easily relate to 'noobs'. What do you like about this idea? Gracias, Andrew - --- Frivolous lawsuits. Unlawful government seizures. What's YOUR defense? Protect your assets, keep what you earn, and generate more income at the same time! Visit http://www.mpassetprotection.com/ today. On 03/23/2007 09:50 PM, Freemor wrote: I've been watching this thread with some interest and just wanted to add my view to the discussion. I think there is a real danger in making TOR too easy. Yes, I do understand that Microsoft and others have created a world of people that want every program to function completely with 3 clicks. For some applications this is a laudable goal. However, when one is dealing with a program that deals with security or anonymity I think it is important that people who intend to use the program take the time and effort to learn. They need to learn what it does, what it doesn't do, how it does it, how it is circumvented, how to check if it is working correctly, etc. One of the major reasons there is so much tracking of personal data on the web is most users lack of responsibility for their own privacy and security. For these reasons, my concern is that making TOR a 3 click wonder will not only further propagate this some one else will worry about my privacy/security for me thinking and ultimately would lead people to a false sense of security because they wont properly understand the TOR network, and will blissfully find ways to make their computer leak more then a bucket with no bottom, all the while thinking oh, it's fine, I've got TOR on, I can see the icon in the systray right there. I feel that rather then head down the 3 click wonder path, it would be better to invest time in reminding users that we are talking about their security, or their anonymity, that as such it is their responsibility, and decidedly worth the time to learn as much as possible about the programs or systems they use to protect it. I would hate to see the day when the TOR team has to waste countless hours and resources to battle complaints that TOR failed to protect me when I insert use that TOR was never intended for. Just my thoughts on the subject Freemor P.s. to the tor Dev's -- Yes, I know TOR is not a security application. That just snuck in there as I deal with computer security regularly and often see the same the computer/internet/isp/mysterious someone should take care of that for me mentality. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGBLFygwZR2XMkZmQRA23KAKCkiZiO64p9PQ0WqdvsWTaJ0PSb+QCdHuHh b1WOI57aGHGYdHcQaqOjzyw= =AwEQ -END PGP SIGNATURE-
Re: Ultimate solution
1) Torpark is only for windows 2) Torpar is commercial 3) no distributed trust 4) they want you to install flash player for an online tutorial 5) stuck up marketing people say it is offshore. offshore from what? antarctica? 6) they advertise that Torpark was developed by Hackers. a statement like that attracts the wrong people I don't believe in commercial anonymity solution. Why don't we create a petition or something alike to the developers of Torpark to release it as a free (GPLed) software?