Re: Has anyone had the identity revealed in Tor?
On Sat, Sep 15, 2007 at 08:49:17AM +0200, Stephen wrote: In some instances maybe so, in other instances not so hard to know: http://cryptome.org/nsa-ip-update8.htm Anyone knows what the false positives rate in the list is? I've long considered putting the address ranges in the firewall deny list, but was hesitant inasmuch this could affect legitimate customers. Oh, and somebody tell John Young to stop using stickers on Cryptome DVDs. That makes them unreadable, soon. Inkjet or LaserScribe labelling would have been preferrable. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: What do you think about this exit policy for germany?
On Wed, 2007-09-12 at 10:31 +0200, TOR-Admin (gpfTOR1) wrote: supporting spammers when setting up my node for 465,993,995? The SSL-encrypted SMTP-ports are using SMTP-Auth (mostly). The support of spammer is very low (in my opinion). By the way, I have the same problems like you since Nov.2006 (trouble with the german BKA because of childporn, trouble with my ISP). Half a year ago I switched to middleman but it did not help. I run into a telecommunication surveillance and became a terrorist or something like that. You have read the Heise-News about bad exit nodes (controlled governments and others): http://www.heise.de/newsticker/meldung/95770 I think, a middleman node is not a solution for our problems. May be, we are listed in a database and the listing is not deleted after switching to middleman. May be, a bad exit feature out the next middleman... My recommendation: Try to find a strong, TOR-friendly organisation for your nodes. You manage the nodes and the organisation takes the liability (jurisitische Verantwortung). Good recommandation, I agree, but almost impossible to follow IMHO only privacy and civil right organization are eligible, and in Italy there are very few, and normally not interested in technology. No way, at least for me. The normal pattern of a contact for this activity when I contacted a candidate organization is 1) you find a person that can decide 2) you talk to him, explaining the fact and normally have some interest in return 3) suddendly the person understand that sooner or later someone will say or write that he is helping terrorist and paedophiles 4) end of the story Someone has a success story ? Ciao. Marco -- +--- http://www.winstonsmith.info ---+ | il Progetto Winston Smith: scolleghiamo il Grande Fratello | | the Winston Smith Project: unplug the Big Brother | | Marco A. Calamari [EMAIL PROTECTED] http://www.marcoc.it | | DSS/DH: 8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B | + PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 --+ signature.asc Description: This is a digitally signed message part
Re: What do you think about this exit policy for germany?
Just one contra: Supporting $some_crime always means that you knew about that certain case they're suing you about. Since you can only know about something if you start sniffing - which is strictly forbidden - you can't possibly know about a direct certain crime. Unless you were it yourself, using your own Tor exit-node, trying to veil yourself behind this clever coupe. (yes, that's what one policeman thought of me once...) However, that doesn't protect you from Mickey Mouse investigation. Any lawyers here who can confirm/dissect my argument? Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. .
Re: a changing network security landscape is difficult for even the biggest tech companies to wrestle with
coderman wrote on 14.09.2007 06:39: On 9/13/07, scar [EMAIL PROTECTED] wrote: ... so, if we are using a website that uses HTTPS, but, in firefox, for example, in the cookies list under that website it shows Send for: any type of connection, then the session is vulnerable? vulnerable against a MITM that can request / inject an HTTP page, frame, or item to the site. this would expose the auth cookie and allow hijacking of the account. for solely passive monitoring, as long as everything is HTTPS it will be protected. snip Unfortunately, the problem is bigger than that. Suppose a website that stores user_login+hashed_password an as authentication token in a cookie not marked as secure (SSL only) cookie. If, even accidentally, our user browses to that site by means of an open HTTP, his browser will transfer this stored cookie in a standard GET request and make it susceptible to passive sniffering. Now the attacker can trivially pass the same cookie data to the website and hijack user's account. -- SATtva | security consulting www.vladmiller.info | www.pgpru.com signature.asc Description: OpenPGP digital signature
Re: MinGW compile link errors with svn 11440
On Sat, Sep 15, 2007 at 08:27:36AM +0800, Li-Hui Zhou wrote: There's a lot of errors when linking Thanks! Fixed in r11445. yrs, -- Nick Mathewson pgpNnVearY4dj.pgp Description: PGP signature
ATTN: An attack on my torrc? I did not specify a server or an exit node!!!
This was in my message log today and I did not specify a server or an exit node (if that is what using exit refers to). Hell, I just re-installed this Windows XP SP2 and just installed the Tor bundle (Tor v.0.1.2.17, Vidalia v0.0.14). I haven't even opened the torrc or torrc.orig.1 before I noticed this warning! So I looked into those files and vidalia.conf. The nodes mono and ZoneSecurite are not present in those files. Message Log: Sep 15 08:07:28.203 [Notice] Tor v0.1.2.17. This is experimental software. Do not rely on it for strong anonymity. Sep 15 08:07:28.312 [Notice] Initialized libevent version 1.3b using method win32. Good. Sep 15 10:03:58.546 [Notice] We tried for 15 seconds to connect to '[scrubbed]' using exit 'ZoneSecurite'. Retrying on a new circuit. Sep 15 10:03:58.640 [Notice] We tried for 15 seconds to connect to '[scrubbed]' using exit 'ZoneSecurite'. Retrying on a new circuit. Sep 15 10:21:37.031 [Notice] Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up. Sep 15 11:45:27.093 [Notice] Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up. Sep 15 11:47:17.765 [Notice] Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up. Sep 15 11:49:32.906 [Warning] You specified a server mono by name, but this name is not registered, so it could be used by any server, not just the one you meant. To make sure you get the same server in the future, refer to it by key, as $B468125D79F3C03491EB95FD8126981E5348D88C. Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. http://smallbusiness.yahoo.com/webhosting
RE: Exclude nodes from certain countries
Fyi, what you are asking for is exactly what we are working towards with http://pickaproxy.com - allowing you to pick or exclude exit nodes by Country - where Tor is setup on our server as a client to your workstation. We are calling this geospoofing. . . . Wesley -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of misc Sent: September 15, 2007 8:43 AM To: or-talk@freehaven.net Subject: Re: Exclude nodes from certain countries On Fri, 14 Sep 2007 19:47:56 -0400, Ringo Kamens wrote: The best option is to run a squid server on localhost with a block by country filter. Then, route your tor client through it. Comrade Ringo Kamens I understand the part about running squid on localhost and routing web brouser through it. I can route the traffic from the brouser to squid and then into tor. But how can I route Tor client through localhost proxy? Tor client has to make an encrypted connection to Tor entry node. Do you mean putting squid in the middle of that encrypted connection? How would you do that? Plus, that will only filter the entry nodes by country. But I want to avoid EXIT nodes from certain countries. The entry nodes do not see my traffic, so I don't really care about them. However the exit nodes can see all my traffic in clear text, so it's the exit nodes that I want to filter by country (sorry if I didn't make it clear in my original post).
Re: ATTN: An attack on my torrc? I did not specify a server or an exit node!!!
On Saturday 15 September 2007 20:20:32 jeffery statin wrote: This was in my message log today and I did not specify a server or an exit node (if that is what using exit refers to). Hell, I just re-installed this Windows XP SP2 and just installed the Tor bundle (Tor v.0.1.2.17, Vidalia v0.0.14). I haven't even opened the torrc or torrc.orig.1 before I noticed this warning! The warnings are nothing to worry about. Sep 15 10:03:58.640 [Notice] We tried for 15 seconds to connect to '[scrubbed]' using exit 'ZoneSecurite'. Retrying on a new circuit. Tor/Vidalia created this circuit automatically and chose the exit randomly. Sep 15 11:49:32.906 [Warning] You specified a server mono by name, but this name is not registered, so it could be used by any server, not just the one you meant. To make sure you get the same server in the future, refer to it by key, as $B468125D79F3C03491EB95FD8126981E5348D88C. Vidalia probably requested information from Tor for 'mono' by 'name' rather than 'fingerprint'. Again, this is not anything to worry about. Just the normal operation of your tor/vidalia bundle. signature.asc Description: This is a digitally signed message part.
Re: I break the silence: My arrest
On 9/16/07, Juliusz Chroboczek [EMAIL PROTECTED] wrote: http://itnomad.wordpress.com/2007/09/16/tor-madness-reloaded/ Alex, perhaps you or somebody could put up a web page, in German, that explains in simple terms what Tor is about, aimed at explaining to the average German police officer what tor is about. This might (or might not) prove useful if other German tor operators get into a similar kind of situation. Actually what'd be more useful would be something like a tag in the whois-database... But the average copper would probably either ignore or not understand it :-( Juliusz Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. .
Re: Exclude nodes from certain countries
On Sat, 15 Sep 2007 17:47:11 -0400 misc [EMAIL PROTECTED] wrote: On Sat, 15 Sep 2007 12:29:16 -0700, Wesley Kenzie wrote: www.pickaproxy.com So your server can see all the traffic in cleartext before it enters Tor network AND where the traffic is coming from. In other words users do not have any protection from your server. If you have not been approached by N$A/C1A/echel0n/etc yet, it will happen sooner than you think. Why would they waste their time? They will have already gotten copies of what they want as it traveled in the clear between its origin and the web server. Remember the news articles a while back about all those snoop boxes in the locked rooms at ATT? Do you realize that fairly soon you will have a choice of various unpleasant consequences versus obediently logging everything that goes through your server and submitting the logs to proper channels? As noted above, if they want it, they will have already gotten it. The only reason to bother the web site operator(s) is for the general purpose of intimidation. That is, if you don't work there already :( Do you, Wesley? This smells to me like a honeypot... It's probably worth a few bucks to them to establish a sucker trap web site, so maybe that's what he's doing. The irony, of course, is that the enemies of freedom, in particular, the domestic enemies referred to in our Constitution, are funded at the expense of U.S. taxpayers. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: I break the silence: My arrest
On Sun, 16 Sep 2007 00:32:27 +0200 Alexander W. Janssen [EMAIL PROTECTED] wrote: On 9/16/07, Juliusz Chroboczek [EMAIL PROTECTED] wrote: http://itnomad.wordpress.com/2007/09/16/tor-madness-reloaded/ Alex, perhaps you or somebody could put up a web page, in German, that explains in simple terms what Tor is about, aimed at explaining to the average German police officer what tor is about. This might (or might There is already a web page, though perhaps not tailored specifically for cops: http://tor.eff.org/index.html.de not) prove useful if other German tor operators get into a similar kind of situation. Actually what'd be more useful would be something like a tag in the whois-database... But the average copper would probably either ignore or not understand it :-( Um...and that would be more useful how? I thought the suggestion was to provide them information that *would* convince the average cop not to bother. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
[Fwd: Re: I break the silence: My arrest]
Now that I can break my silence it's time for some action. A question to all Tor-operators: I'd like to do a survey about all incidents which happened to operators. Stuff like: * arrested * confiscated equippment * nastygram * surveillance * ... What would be possible other questions/point in the survey? Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. .
Re: I break the silence: My arrest
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Bennett wrote: On Sun, 16 Sep 2007 00:32:27 +0200 Alexander W. Janssen [EMAIL PROTECTED] wrote: On 9/16/07, Juliusz Chroboczek [EMAIL PROTECTED] wrote: http://itnomad.wordpress.com/2007/09/16/tor-madness-reloaded/ Alex, perhaps you or somebody could put up a web page, in German, that explains in simple terms what Tor is about, aimed at explaining to the average German police officer what tor is about. This might (or might There is already a web page, though perhaps not tailored specifically for cops: http://tor.eff.org/index.html.de not) prove useful if other German tor operators get into a similar kind of situation. Actually what'd be more useful would be something like a tag in the whois-database... But the average copper would probably either ignore or not understand it :-( Um...and that would be more useful how? I thought the suggestion was to provide them information that *would* convince the average cop not to bother. There's still the possibility that a server op is using their Tor node as a scapegoat and really is doing bad things (I don't mean to imply that's the case here). Even if the police know that their suspect is running a Tor node, what Tor is, and what it's used for, they're still going to investigate him. All we can hope for is that they'd be a bit nicer about it. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRuxn/aYAM/AiUno8AQJADA/+PBpRpuj0OjtOYDDUl72M9ev2W5sW+zVp QMb4GT64Qgt4lOPxiNVN/yOnTEgx6yfaZNMY/urTijw2HXA+Lel4Lskz/5Ml9P3g z+NhaiN4BLa5F5MUvFVKlQzPGMoGKdadr96jBgAuCwAp92ArfVkX2FeFmN+nEpFM 7lSG9Cbsz9JQLLtDvdeh1An0r3r21vkYn5zdnBW09NsrBw8PjJXLFqVtPoI98GMV bFSlGshpOjACHfvMqSxALuDwMrIxUIrsNm+JtSuWtyHD6lllNGiwNoSJPOjWhYGu lJL0SfmRYWNuRdz7xGQe8QYkXiXHY2WWo7XWTuopbjco0n+Gv09l+LeoenR7eZno Z09M52PgW7KfDNvGx18h28K3XRXXkpZ4hapHgHqG5IBXDO/oy81h3/uzA/lINkIP Trbtsj32xHO6nXyTTyWNXkAEfIkVWhnZbzQ7+c1AzxFTBnZ+NQhodFh4j/u5e7pC xMl5h3uUb/vWMPBbcedXfygh57kVt6DPB4ZyE44n/GlngBxW2emwRgcK20Kwyrap RHWrZQLEEwTFB7HiORdixjTrKs/EwHbxJbRopf39xMJNpuiMCfZQXLNLXjE9jEsV 1SR1On98HSGbBKNma/SEF+r9YvTCdoMjFyVnu0mFlpvs3L/n/oOy5JLLZ2WhMSlY 1pUgP61qQpw= =lVfH -END PGP SIGNATURE-
Re: I break the silence: My arrest
On 9/16/07, Ryan Wagner [EMAIL PROTECTED] wrote: There's still the possibility that a server op is using their Tor node as a scapegoat and really is doing bad things (I don't mean to imply that's the case here). Even if the police know that their suspect is running a Tor node, what Tor is, and what it's used for, they're still going to investigate him. All we can hope for is that they'd be a bit nicer about it. Actually one guy from the police exactly asked me: Can you prove that the traffic is really from Tor and someone else and not from your pretending this was Tor traffic? F*ck! This is insane. If i'd be an evildoer I would use *every other* exitnode, but not mine! Why should I use mine? There'd be a chance that they kick down my door! I'd handcraft my torrc in a way to blacklist my very own node. And why on earth should I, as the suspect, prove myself unguilty in that case? I can't! There's a saying: Innocent until proven guilty. And it's good that way. I don't need to prove my innocense. THEY have to prove I'm guilty! Never forget that. It's the law. It's a stupid idea. Sorry. Bollocks. Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. .
Re: I break the silence: My arrest
Is there any way that people can donate to help cover your legal fees? I'll commit to one US dollar. If half the people who read this message did that, it would at least take a small chunk out of that mountain of legal fees you're facing. Also, have you talked to the CCC (ccc.de) about this? They might be able to help. Comrade Ringo Kamens On 9/15/07, Alexander W. Janssen [EMAIL PROTECTED] wrote: On 9/16/07, Ryan Wagner [EMAIL PROTECTED] wrote: There's still the possibility that a server op is using their Tor node as a scapegoat and really is doing bad things (I don't mean to imply that's the case here). Even if the police know that their suspect is running a Tor node, what Tor is, and what it's used for, they're still going to investigate him. All we can hope for is that they'd be a bit nicer about it. Actually one guy from the police exactly asked me: Can you prove that the traffic is really from Tor and someone else and not from your pretending this was Tor traffic? F*ck! This is insane. If i'd be an evildoer I would use *every other* exitnode, but not mine! Why should I use mine? There'd be a chance that they kick down my door! I'd handcraft my torrc in a way to blacklist my very own node. And why on earth should I, as the suspect, prove myself unguilty in that case? I can't! There's a saying: Innocent until proven guilty. And it's good that way. I don't need to prove my innocense. THEY have to prove I'm guilty! Never forget that. It's the law. It's a stupid idea. Sorry. Bollocks. Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. .
Re: I break the silence: My arrest
On 9/16/07, Ringo Kamens [EMAIL PROTECTED] wrote: Is there any way that people can donate to help cover your legal fees? I'll commit to one US dollar. If half the people who read this message did that, it would at least take a small chunk out of that mountain of legal fees you're facing. Also, have you talked to the CCC (ccc.de) about this? They might be able to help. Hi Ringo, thanks for your offer, but I'm able to sort this out on my own. However, your offer is valid and some kinda Tor Legal Fund (which was discussed earlier) would make sense. There are still some open cases (like morphiums's case, a student) which could need monetary help. However, I'm not a lawyer and I don't know anything about how to set up such a thing. It's be easy to set up a Paypal-account, but it'd be not non-profit, means someone's got to pay taxes for this. Any takers? Comrade Ringo Kamens Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. .
Re: I break the silence: My arrest
If you set up a paypal account I would be willing to donate on a case-by-case basis (in this case, it would be to help with your legal fees). I think even if you don't need help with legal fees by receiving donations from all across the world it sends the message to German authorities that harassing and attacking tor node operators is not acceptable. Also, being able to mail in money would also be nice ; ) Comrade Ringo Kamens On 9/15/07, Alexander W. Janssen [EMAIL PROTECTED] wrote: On 9/16/07, Ringo Kamens [EMAIL PROTECTED] wrote: Is there any way that people can donate to help cover your legal fees? I'll commit to one US dollar. If half the people who read this message did that, it would at least take a small chunk out of that mountain of legal fees you're facing. Also, have you talked to the CCC (ccc.de) about this? They might be able to help. Hi Ringo, thanks for your offer, but I'm able to sort this out on my own. However, your offer is valid and some kinda Tor Legal Fund (which was discussed earlier) would make sense. There are still some open cases (like morphiums's case, a student) which could need monetary help. However, I'm not a lawyer and I don't know anything about how to set up such a thing. It's be easy to set up a Paypal-account, but it'd be not non-profit, means someone's got to pay taxes for this. Any takers? Comrade Ringo Kamens Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. .
Re: Exclude nodes from certain countries
On Sat, 15 Sep 2007 17:57:51 -0500 (CDT), Scott Bennett wrote: Why would they waste their time? They will have already gotten copies of what they want as it traveled in the clear between its origin and the web server. Remember the news articles a while back about all those snoop boxes in the locked rooms at ATT? As noted above, if they want it, they will have already gotten it. The only reason to bother the web site operator(s) is for the general purpose of intimidation. Scott, anybody who is browsing to www.pickaproxy.com to use Tor there would OBVIOUSLY use SSL (https://www.pickaproxy.com). SSL support was the first thing I checked when I went onto their web-site. (If they didn't support SSL, I probably would not have even bothered replying to that post). The connection to www.pickaproxy.com would be encrypted with SSL, then the traffic would be decrypted at www.pickaproxy.com and redirected into their Tor client, where it would be re-encrypted. Therefore the ONLY party knowing the author IP and the contents of communication will be www.pickaproxy.com (unless you use anonymous proxy-chain to connect to www.pickaproxy.com). I'm aware of those ISP rooms sucking the traffic from internet backbones into N$A. So I can only imagine how much pressure this particular web-server operator will be under, if that's not a honeypot from the start.
Re: I break the silence: My arrest
On 9/16/07, Ringo Kamens [EMAIL PROTECTED] wrote: If you set up a paypal account I would be willing to donate on a case-by-case basis (in this case, it would be to help with your legal fees). I think even if you don't need help with legal fees by receiving donations from all across the world it sends the message to German authorities that harassing and attacking tor node operators is not acceptable. Also, being able to mail in money would also be nice ; ) Well. There's an EFF Europe now and it has a coordinator, Erik Josefsson, who's in cahrge with it. Maybe we should contact him and let all the funds ran over the european EFF? Erik, you're listening? Is there any possiblity to create a legal fund? (Problem is: At leat german organisations can't accept donations tax-free from foreign countries. Also I'd like to see someone official in charge rather than some person - like me, who is pretty much unkown and not trustworthy when it comes to money.) Comrade Ringo Kamens Alex. -- I am tired of all this sort of thing called science here... We have spent millions in that sort of thing for the last few years, and it is time it should be stopped. -- Simon Cameron, U.S. Senator, on the Smithsonian Institution, 1901. .
Re: I break the silence: My arrest
Hi Alex, I am really sorry about what has happened to you. I think there is a need to incorporate. If there is for example an incorporated society which runs some tor-nodes, police is going to confiscate the servers (which is okay), but not going to search houses from members of the incorporated society. Also there would be some legal advantages in questions of liability. Regards, Ricky. -- Falls Freiheit überhaupt etwas bedeutet, dann bedeutet sie das Recht darauf, den Leuten das zu sagen, was sie nicht hören wollen. - George Orwell, aus dem Nachwort zu Animal Farm, 1945 - GPG-Fingerprint: 10D6 7B8F 1F7C 7CB1 2C4E 930E AFD2 FDF3 A10B D302 GPG-Key-ID: AFD2FDF3A10BD302 http://www.lawlita.com/pgp-schluessel/ signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Exclude nodes from certain countries
My main criticism of pickaproxy is... why? Why do that when you can program a tor controller to do exactly the same thing with a offline database? Comrade Ringo Kamens On 9/15/07, misc [EMAIL PROTECTED] wrote: On Sat, 15 Sep 2007 17:57:51 -0500 (CDT), Scott Bennett wrote: Why would they waste their time? They will have already gotten copies of what they want as it traveled in the clear between its origin and the web server. Remember the news articles a while back about all those snoop boxes in the locked rooms at ATT? As noted above, if they want it, they will have already gotten it. The only reason to bother the web site operator(s) is for the general purpose of intimidation. Scott, anybody who is browsing to www.pickaproxy.com to use Tor there would OBVIOUSLY use SSL (https://www.pickaproxy.com). SSL support was the first thing I checked when I went onto their web-site. (If they didn't support SSL, I probably would not have even bothered replying to that post). The connection to www.pickaproxy.com would be encrypted with SSL, then the traffic would be decrypted at www.pickaproxy.com and redirected into their Tor client, where it would be re-encrypted. Therefore the ONLY party knowing the author IP and the contents of communication will be www.pickaproxy.com (unless you use anonymous proxy-chain to connect to www.pickaproxy.com). I'm aware of those ISP rooms sucking the traffic from internet backbones into N$A. So I can only imagine how much pressure this particular web-server operator will be under, if that's not a honeypot from the start.
Re: Exclude nodes from certain countries
On Fri, 14 Sep 2007 19:47:56 -0400, Ringo Kamens wrote: The best option is to run a squid server on localhost with a block by country filter. Then, route your tor client through it. Comrade Ringo Kamens I researched it more and everybody is saying squid goes between the browser and tor: Browser - Squid - Tor Please explain how can you route Tor through squid?
Re: I break the silence: My arrest
If the most Tor users are really into human rights, free speech, reporters and the like, then there *are* organizations which vastly more power than such a 'little' Tor-operator-fund can provide, thought.. But where are they, when it's getting hot on Tor? Why all the load is up to the operators? Where are the *users* supporting Tor? I'm reading all this and coming to the conclusion: I'm alone (except some nice words), if it takes me. There's nothing to read about external professional support. My experience: Just finding a internet techieness lawyer is a hard job... But I don't like to be alone, if I'm doing something for all (the users!) on this mission for freedom! Are there mostly black hats on there, which surely not stand up and say comrade, here's my hand, we'll drive this legal in the open field...? If there is NO SUPPORT from the users itself, any organization or the like, we (as the fully responsible operators) should seriously reconsider... Just another 'naive' one from me, or is it a point? ;-) Greets Am Samstag, den 15.09.2007, 19:50 -0400 schrieb Ringo Kamens: If you set up a paypal account I would be willing to donate on a case-by-case basis (in this case, it would be to help with your legal fees). I think even if you don't need help with legal fees by receiving donations from all across the world it sends the message to German authorities that harassing and attacking tor node operators is not acceptable. Also, being able to mail in money would also be nice ; ) Comrade Ringo Kamens -- BlueStar88 [EMAIL PROTECTED] signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Exclude nodes from certain countries
I don't think you get the problem here. Squid wouldn't be able to affect the choice of exit nodes. It would just be able to filter entry nodes. Comrade Ringo Kamens On 9/15/07, misc [EMAIL PROTECTED] wrote: On Fri, 14 Sep 2007 19:47:56 -0400, Ringo Kamens wrote: The best option is to run a squid server on localhost with a block by country filter. Then, route your tor client through it. Comrade Ringo Kamens I researched it more and everybody is saying squid goes between the browser and tor: Browser - Squid - Tor Please explain how can you route Tor through squid?
Re: Exclude nodes from certain countries
On Sat, 15 Sep 2007 21:39:17 -0400, Ringo Kamens wrote: I don't think you get the problem here. Squid wouldn't be able to affect the choice of exit nodes. It would just be able to filter entry nodes. Comrade Ringo Kamens I know how to filter entry nodes. I can do it with Protowall or another firewall. That's easy. I wonder if Tor makes an initial connection to all nodes from which it later constructs a circuit. If Tor is never allowed to connect to certain nodes, and therefore doesn't know about them, can they still be used as exit nodes?
Re: Exclude nodes from certain countries
If Tor is never allowed to connect to certain nodes, and therefore doesn't know about them, can they still be used as exit nodes? AFAIK tor connects to an entry guard which then connects to the exit node for you. This way, they can't take the logs from the exit node and go well.. the IP in question connected to you 20 seconds before the alleged connection was made, so that's who it probably was. This should be all explained in the docs somewhere. Comrade Ringo Kamens On 9/15/07, misc [EMAIL PROTECTED] wrote: On Sat, 15 Sep 2007 21:39:17 -0400, Ringo Kamens wrote: I don't think you get the problem here. Squid wouldn't be able to affect the choice of exit nodes. It would just be able to filter entry nodes. Comrade Ringo Kamens I know how to filter entry nodes. I can do it with Protowall or another firewall. That's easy. I wonder if Tor makes an initial connection to all nodes from which it later constructs a circuit. If Tor is never allowed to connect to certain nodes, and therefore doesn't know about them, can they still be used as exit nodes?
Re: I break the silence: My arrest
I would really like to hear some good news from currently investigated Tor ops, about their success contacting CCC or EFF EU... Btw: Are there no official CCCers or EFFers reading here and open for a comment? Greets Am Samstag, den 15.09.2007, 21:38 -0400 schrieb Ringo Kamens: [...] that's where we need to focus our attention. And perhaps FSF EU, EFF EU, or CCC is the place to start with that. Comrade Ringo Kamens [...] -- BlueStar88 [EMAIL PROTECTED] signature.asc Description: Dies ist ein digital signierter Nachrichtenteil
Re: Exclude nodes from certain countries
On Sat, 15 Sep 2007 22:20:16 -0400, Ringo Kamens wrote: AFAIK tor connects to an entry guard which then connects to the exit node for you. This way, they can't take the logs from the exit node and go well.. the IP in question connected to you 20 seconds before the alleged connection was made, so that's who it probably was. This should be all explained in the docs somewhere. Comrade Ringo Kamens But if I click on network map in Vidalia I see various Exit Nodes there. So obviously Tor knows about them. Also, to determine if a node is an entry or exit node, Tor has to exchange some sort of traffic with it, right? Since there is no centralized place where Tor can get a list of all entry nodes, wouldn't it have to poll all the nodes to determine their status?
Re: Exclude nodes from certain countries
On Sat, 15 Sep 2007 21:39:17 -0400 Ringo Kamens [EMAIL PROTECTED] wrote: I don't think you get the problem here. Squid wouldn't be able to affect the choice of exit nodes. It would just be able to filter entry nodes. Comrade Ringo Kamens This is getting to be really irritatingly frequent on this list. Grrr... On 9/15/07, misc [EMAIL PROTECTED] wrote: On Fri, 14 Sep 2007 19:47:56 -0400, Ringo Kamens wrote: The best option is to run a squid server on localhost with a block by country filter. Then, route your tor client through it. Comrade Ringo Kamens I researched it more and everybody is saying squid goes between the browser and tor: Browser - Squid - Tor Please explain how can you route Tor through squid? C: And it makes it confusing regarding which points you're referring to in the message to which you're responding in your message if don't intersperse your comments into the earlier message. A: It's hard to follow the thread because you have to start at the end and read the quotations in reverse order. B: Why not? A: Basic list courtesy: DON'T TOP-POST! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Exclude nodes from certain countries
On Sat, 15 Sep 2007 23:30:58 -0400 misc [EMAIL PROTECTED] wrote On Sat, 15 Sep 2007 22:20:16 -0400, Ringo Kamens wrote: AFAIK tor connects to an entry guard which then connects to the exit node for you. This way, they can't take the logs from the exit node and go well.. the IP in question connected to you 20 seconds before the alleged connection was made, so that's who it probably was. This should be all explained in the docs somewhere. Comrade Ringo Kamens But if I click on network map in Vidalia I see various Exit Nodes there. So obviously Tor knows about them. Also, to determine if a node is an entry or exit node, Tor has to exchange some sort of traffic with it, right? Since there is no centralized place where Tor can get a list of all entry nodes, wouldn't it have to poll all the nodes to determine their status? Please read the tor documentation. If you think you've already done that, please go back and read it again. Once you understand the functions of the directory authorities and the directory mirrors, take a few minutes to browse through the files that tor maintains on your computer. Note especially the contents of the files named cached-routers and cached-routers.new, and also the status document files in the cached-status/ subdirectory. All should be clear to you after you do those basic things. Note that this is a user safety issue: one should *not* use tor without having gained first a minimal understanding of what tor is doing and what it is not doing. Without that understanding, a user is in grave danger of assuming his/her anonymmity is being maintained when, in fact, it may not be. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
RE: Exclude nodes from certain countries
On Sat, 15 Sep 2007 12:29:16 -0700, Wesley Kenzie wrote: www.pickaproxy.com So your server can see all the traffic in cleartext before it enters Tor network AND where the traffic is coming from. In other words users do not have any protection from your server. If you have not been approached by N$A/C1A/echel0n/etc yet, it will happen sooner than you think. Do you realize that fairly soon you will have a choice of various unpleasant consequences versus obediently logging everything that goes through your server and submitting the logs to proper channels? That is, if you don't work there already :( Do you, Wesley? This smells to me like a honeypot... We are just responding to customer demand. Hundreds of our showmyip.com users have asked for exactly this so we are working to make this functionality available. We will show users how to setup and use stunnel to encrypt their connections to us. But this is not intended to be only an anonymous proxy service, but rather a geospoofing service that piggybacks on some of Tor's functionality. I am expecting that the most nefarious of Tor users will avoid us, and personally I'll be glad of it. . . . Wesley
Re: Exclude nodes from certain countries
On Sat, 15 Sep 2007 23:17:14 -0500 (CDT), Scott Bennett wrote: Please read the tor documentation. If you think you've already done that, please go back and read it again. That brings back the pain of reading it the first time :) I must admit I gave up after first few pages. I found it was too technical and overwhelming, even though I'm not a computer novice. Once you understand the functions of the directory authorities and the directory mirrors, take a few minutes to browse through the files that tor maintains on your computer. Note especially the contents of the files named cached-routers and cached-routers.new, and also the status document files in the cached-status/ subdirectory. All should be clear to you after you do those basic things. Note that this is a user safety issue: one should *not* use tor without having gained first a minimal understanding of what tor is doing and what it is not doing. Without that understanding, a user is in grave danger of assuming his/her anonymmity is being maintained when, in fact, it may not be. Now that you pointed me to specific things to research, it's a bit easier and it's a place to start. Is there some sort of in-a-nutshell documentation without excessive technicalities that you can recommend?
Re: I break the silence: My arrest
Am Sonntag, 16. September 2007 02:19 schrieb Alexander W. Janssen: On 9/16/07, Ringo Kamens [EMAIL PROTECTED] wrote: If you set up a paypal account I would be willing to donate on a case-by-case basis (in this case, it would be to help with your legal fees). I think even if you don't need help with legal fees by receiving donations from all across the world it sends the message to German authorities that harassing and attacking tor node operators is not acceptable. Also, being able to mail in money would also be nice ; ) Well. There's an EFF Europe now and it has a coordinator, Erik Josefsson, who's in cahrge with it. Maybe we should contact him and let all the funds ran over the european EFF? Erik, you're listening? Is there any possiblity to create a legal fund? (Problem is: At leat german organisations can't accept donations tax-free from foreign countries. Also I'd like to see someone official in charge rather than some person - like me, who is pretty much unkown and not trustworthy when it comes to money.) I (a German) am particularly reluctant to use PayPal. Recently, c't (a German computer magazine) published a series of incidents which shattered my faith in PayPal completely. Further, PayPal informs the police willingly about movements at their end - also abroad. Even though I have an account with PayPal in Germany, US-police obviously could obtain information from PayPal about me. Besides, small submissions (like 1 US$) swallow high fees, that doesn't make much sense. I am currently into registering an association that was founded more than a hundred years ago - that is quite some work, but manageable. I find the thought to found an association quite intriguing, particularly for Germany, where the members of a registered association (eingetragener Verein) would be protected against legal prosecution. The association could act as contract partners with the ISPs, and as that run Tor nodes which are managed by its members. BTW, one such node has just been set up which is legally registered with an association in Germany and run by a previous Tor-node admin who has also been harassed by the police. But I don't think they will be setting up more nodes. Martin -- Dr. Martin Senftleben, Ph.D. (S.V.U.) http://www.drmartinus.de/ http://www.daskirchenjahr.de/ pgpZnoJ8KXLBP.pgp Description: PGP signature
