directory authority/authorities need(s) updating?

2008-01-26 Thread Scott Bennett
 When I restarted my tor server a while ago. it surprised me with

Jan 26 04:25:08.406 [notice] This version of Tor (0.2.0.17-alpha) is newer than 
any recommended version, according to the directory authorities. Recommended 
versions are: 0.1.2.19,0.2.0.11-alpha,0.2.0.12-alpha,0.2.0.15-alpha

So I peeked at the cached-consensus file and the cached-status/* files.  The
cached-consensus file contained

client-versions 
0.1.2.17,0.1.2.18,0.1.2.19,0.2.0.6-alpha,0.2.0.7-alpha,0.2.0.8-alpha,0.2.0.9-alpha,0.2.0.11-alpha,0.2.0.12-alpha,0.2.0.13-alpha,0.2.0.14-alpha,0.2.0.15-alpha,0.2.0.17-alpha

So far, so good, but then it had

server-versions 0.1.2.19,0.2.0.11-alpha,0.2.0.12-alpha,0.2.0.15-alpha

So what's the deal with 0.2.0.16-alpha and 0.2.0.17-alpha not being recommended
as servers?
 The cacned-status/* files also contained some oddities.  Some had only
two copies of the authority's IP address instead of a host+domainname followed
by an IP address.  One of them was for lefkada.eecs.harvard.edu, whose
cached-status file offered neither client-versions nor server-versions, even
though the cached-consensus file said it had come from this server and did
offer its not necessarily correct opinion of both.  The cached-status file for
tor.dizum.com also offered neither client-versions nor server-versions.  The
other authorities offered reasonable client-versions and server-versions.
 Would the people running the authorities please get this straightened out
ASAP?  It seems like a bad idea to have them in such disagreement.
 Thanks much!


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army.   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**


Re: Child pornography blocking again

2008-01-26 Thread Kraktus
On 25/01/2008, F. Fox [EMAIL PROTECTED] wrote:
 Kraktus wrote:
 On 25/01/2008, Eugen Leitl [EMAIL PROTECTED] wrote:
 I just want to know if there is a technically feasible way of
 Use your brain. Packets have no EVIL bit to test for.

 I'm pretty sure my suggestion is better than an RFC April Fools' Joke.

 Hehe, I like that: RFC for the EVIL bit. Designed to stop all manner of
 online crime. =xoD

Really, if I'd known my message was going to evoke this sort of response,
I'd have entitled it 'Directory-distributed variables for exit lists'.


Tor operator raided in Finland

2008-01-26 Thread maillist
Hello

I'm not sure if my last email reached the list but just wanted to let
you know.

Tor exit-node SpongeBob was raided by local police two days ago. Very
rude and ignorant cops, the usual. They took all my computers and tried
to take my UPS before I convinced them that it's not a computer.

My lawyer said that I should not go in to details but I wanted to let
you all know.

Gpg keys revoked and so on.

M


Re: Tor operator raided in Finland

2008-01-26 Thread Ringo Kamens
We are here to help if you need it.
Solidarity,
Comrade Ringo Kamens
Anarchist Black Cross Northern Michigan

On Jan 26, 2008 6:44 PM, maillist [EMAIL PROTECTED] wrote:

 Hello

 I'm not sure if my last email reached the list but just wanted to let
 you know.

 Tor exit-node SpongeBob was raided by local police two days ago. Very
 rude and ignorant cops, the usual. They took all my computers and tried
 to take my UPS before I convinced them that it's not a computer.

 My lawyer said that I should not go in to details but I wanted to let
 you all know.

 Gpg keys revoked and so on.

 M



Re: Child pornography blocking again

2008-01-26 Thread Gregory Maxwell
On Jan 26, 2008 12:46 PM, Kraktus [EMAIL PROTECTED] wrote:
 Really, if I'd known my message was going to evoke this sort of response,
 I'd have entitled it 'Directory-distributed variables for exit lists'.

It would have been better if you had, but you would have still
received a negative response.

Further splitting the anonymity set just wouldn't be a good thing
unless it was *really* needed.


Re: Child pornography blocking again

2008-01-26 Thread Eugen Leitl
On Sat, Jan 26, 2008 at 12:46:46PM -0500, Kraktus wrote:

 Really, if I'd known my message was going to evoke this sort of response,

Really, if you want any other sort of response, DON'T SUGGEST IMPLEMENTING
CENSORSHIP HOOKS IN TOR in future. Thanks so much.

 I'd have entitled it 'Directory-distributed variables for exit lists'.

It doesn't matter how you call it, it still stinks.

Of course suggesting paedophilia in a anonymity forum is the
equivalent of Godwin's law. Basically, you lost in the moment
you mentioned it.

-- 
Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE


Relay port changed to 443 (from 9001) with Tor 0.1.2.19 / Vidalia 0.0.16 ?

2008-01-26 Thread gregorwsky
Hi there,

after having installed the latest version I noticed that Relay Port
in Basic Settings is now 443, it was 9001 before.
No info about that in the changelogs or docs. I always had port 9001
open in my NAT firewall for incoming traffic, do I have to open 443
now instead?

Should I leave it to 443 anyway? I guess that could conflict with
https websites that I use without Tor.

cu. Gregor


Re: Child pornography blocking again

2008-01-26 Thread Kraktus
On 26/01/2008, Eugen Leitl [EMAIL PROTECTED] wrote:
 On Sat, Jan 26, 2008 at 12:46:46PM -0500, Kraktus wrote:
 Really, if I'd known my message was going to evoke this sort of response,

 Really, if you want any other sort of response, DON'T SUGGEST IMPLEMENTING
 CENSORSHIP HOOKS IN TOR in future. Thanks so much.

Tor already has censorship hooks.  Tor nodes are already in
control of their own exit policies.  Certain ports are already
blocked by default.

This would simply provide Tor nodes with another tool to
control what leaves their nodes.  And if Tor nodes didn't want
to use it, they wouldn't have to.

 I'd have entitled it 'Directory-distributed variables for exit lists'.

 It doesn't matter how you call it, it still stinks.

 Of course suggesting paedophilia in a anonymity forum is the
 equivalent of Godwin's law. Basically, you lost in the moment
 you mentioned it.

 --
 Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org

Wasn't there a child porn hidden service at one point in the past?
So it's not like this was never a real issue.  Not that this would
have any impact on the ability to run child porn hidden services,
but still.

Really, I'm not saying that you, as a Tor user / node operator /
whatever you are, are a paedophile, or personally responsible
for people engaging in paedophilia.  If so, then I, as someone
who believes the benefits still outweigh the disadvantages, and
subsequently run an exit node, am just as guilty.  But, if I could
prevent my exit node from being used to access CP, without
preventing it from also being used to access a plethora of good
things, surely I would.


Re: Child pornography blocking again

2008-01-26 Thread Gregory Maxwell
On Jan 26, 2008 4:06 PM, maillist [EMAIL PROTECTED] wrote:
 Some f:ing paedophile is responsible for  loosing all my computers and
 scaring my better half. Thanks a lot.

Some f'ing paedophile is responsible for being a pervert, but the
invasion of your home, the home of an innocent person, is the fault of
your government, not some pervert.

 If theres going to be some directory controlled exit-policies then count
 me in (if I'm going to ever run an exit-node anymore).

Even if it could be done it would not address the root cause of your concern.


TrackHostExits, dns-proxy-tor

2008-01-26 Thread funks
I set up TransPort and dns-proxy-tor and some firewall rules to 
create an anonymized physical network.  This works well.  I can set 
up a little machine and not put any personal information on it and 
not worry about privoxy and JavaScript holes and all that.

I want to use TrackHostExits or MapAddress to prevent my outside IP 
from changing to particular hosts.  They use cookies tied to the IP 
for my login.  My IP changing constantly makes me get logged out 
over and over, sometimes at very inopportune times.

This won't work for me.  I think it's a conflict between dns-proxy-
tor's use of mappings and TrackHostExits/MapAddress.  With 
TrackHostExits, I never see new entries show up in GETINFO addr-
mappings/all, which it looks on a cursory inspection of 
consider_recording_trackhost that I should.  I only see dns-proxy-
tor's entries show up.  MapAddress just doesn't do anything (the 
entry I make shows up in the list, but is not used).

--
Click here and relax in style with your own massage chair.
http://tagline.hushmail.com/fc/Ioyw6h4daZ9GcuD6EMNJfhH4VrkoPqELUWaimDwQdWlUL80TJfPZJf/



How to run an exit node and not getting raided by police?

2008-01-26 Thread maillist
As far as I know tor operators have been raided in Germany and Finland
by ignorant cops who does not know anything about proxies or that one ip
does not mean one person (ever heard of NAT, proxying or routing for
example). How about other countries?

How to avoid that nasty raid (at you home) and that oh so sweet paranoid
feeling after that? Any ideas?

How about following (just my two cents):

Running exit node on computer that is physically located at some ISP's
server farm?

Renting a server from a different country, maybe a whole different
continent and running exit node there? If you live in Europe and your
country belongs to EU then maybe outside of EU? What would be a good
country? How about service providers? - Maybe a good idea?

PTR records (reverse dns)? Ip that translates to something like
proxy.domain.com or tor-proxy.domain.com? Are the cops smart enough? Do
they care? (I don't personally think that they care or understand.)

Running exit node at local library's poorly secured computer? - That
ain't nice and it's illegal - no.

Running a exit node on computer owned by some civilrights group?

Encryption? Is it good or bad if cops take your servers? If you give
your keys to cops they can check that there ain't no cp. If your hard
drive is not encrypted police can check it easily. What about privacy?
Police tends to take all the computers and not just the one(s) running tor.

What about encrypted container in encrypted fs's slack space for your
private data? Then one can hand the outer volumes keys to police without
any worries.

And for my poor english.. Hope you all understand what I write =).

Good day to you all!

M


Re: Child pornography blocking again

2008-01-26 Thread Dominik Schaefer

Kraktus schrieb:

Tor already has censorship hooks.  Tor nodes are already in
control of their own exit policies.  Certain ports are already
blocked by default.
It is (technically and legally) a whole different thing to filter based on 
ports or to filter based on content.
Content-based filtering will get you in a huge bunch of technical, 
administrative, legal and moral problems. In short: it does not work.


One example: in some jurisdiction you will get a serious problem with 
liability, if you start to filter something based on content. In some other it 
would IMHO be blatant illegal and even punishable. You can only prevent this 
by being strictly neutral concerning the content through your systems.


Dominik


Re: Child pornography blocking again

2008-01-26 Thread F. Fox
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Kraktus wrote:
 On 25/01/2008, F. Fox [EMAIL PROTECTED] wrote:
 Kraktus wrote:
 On 25/01/2008, Eugen Leitl [EMAIL PROTECTED] wrote:
 I just want to know if there is a technically feasible way of
 Use your brain. Packets have no EVIL bit to test for.
 I'm pretty sure my suggestion is better than an RFC April Fools' Joke.
 Hehe, I like that: RFC for the EVIL bit. Designed to stop all manner of
 online crime. =xoD
 
 Really, if I'd known my message was going to evoke this sort of response,
 I'd have entitled it 'Directory-distributed variables for exit lists'.
 

Oh come on... you can't tell me you didn't get a chuckle at the idea of
an EVIL bit. =:oD

- --
F. Fox: A+, Network+, Security+
Owner of Tor node kitsune
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBR5urduj8TXmm2ggwAQiN2RAAk0IIwS4G3tRq1vw7+TRTX80RYKYBiZnC
7U6vpUXZoqKAe5Jl41N9/KIPVwPwU7txpN+GkBBXb1oEszi4/qv0rI0M8b7vNv7G
7zHAr0SMQLA9WbnCjsoPR9f9AIDZkgFYZni9Zd+NaZSYV/j82czEkhsyOwh3CoQM
vJMel24qWUpIdkvqxo0rKwFSUlWwfZf1KJeqtWqy7Jko3/5qL+uTNRYkVtyavDP5
I25bfrTxJbzIQUUvGVCv5ZGPpXjB1h+wcmUjyAQ53AV9xfDB1+4PytE6eJsHvJ5/
PC6uASiJ8gnmxk4F0o3m5SF7yhb1nxa5Y7bF+mw5I7B24huSMWWZoCuwqv7FYUqf
5gN4dRegx9xKJS/pPGasEPHM/X1waoY8e3Z1yNX6/7aQUJ4nOKt0Ke2BA88cNtcV
OjaBFbELXVM7nvqrpMPOKGXZYOu23J4USwRMvKnOgjtWZkPwJ+T4TFGGp9FF6l2+
Vy9DEIEX6/TSN8AryRbn0S17+TPcVn29XsJhjJlpkEqeelomh/FiiU8GnM5mbWkS
DcqEaq0Ba4LcXIeHD/odRxEKHiTcWRNUFQ0t2sVrLnyhY6dTkiXpUfsFoINqNghV
2InGHSW3Nu08T/69oLuyZnkaIeakiQoQ8wY9KVzG1SznhEX0ID2DV/z2XqVor8fx
pify9TFWsNk=
=aQ46
-END PGP SIGNATURE-


Re: Child pornography blocking again

2008-01-26 Thread Kraktus
On 26/01/2008, Dominik Schaefer [EMAIL PROTECTED] wrote:
 Kraktus schrieb:
 Tor already has censorship hooks.  Tor nodes are already in
 control of their own exit policies.  Certain ports are already
 blocked by default.
 It is (technically and legally) a whole different thing to filter based on
 ports or to filter based on content.
 Content-based filtering will get you in a huge bunch of technical,
 administrative, legal and moral problems. In short: it does not work.

 One example: in some jurisdiction you will get a serious problem with
 liability, if you start to filter something based on content. In some other it
 would IMHO be blatant illegal and even punishable. You can only prevent this
 by being strictly neutral concerning the content through your systems.

 Dominik

Thank you for the legal warning.  To be clear, I am not suggesting a
program to examine packets and do some sort of incredible image
processing to figure out if a photograph is child pornography, or
anything that would involve packet sniffing, I just want to block
certain IPs and hostnames.  I'm not sure why this would be illegal,
since many ISPs and firewall software already do this, but I'll make
sure to do my research before I do anything, if I do anything.

I do not save logs except occasionally for debugging purposes, and
even then, they are scrubbed.  While unscrubbed logs might be
useful to law enforcement in some circumstances, I recognise that
I cannot help them catch bad people without also damaging the
privacy of good people.  Nor do I sniff packets.


Re: Child pornography blocking again

2008-01-26 Thread Kraktus
On 26/01/2008, maillist [EMAIL PROTECTED] wrote:
 Some f:ing paedophile is responsible for  loosing all my computers and
 scaring my better half. Thanks a lot.

I am sorry to hear that.

 If theres going to be some directory controlled exit-policies then count
 me in (if I'm going to ever run an exit-node anymore).

 As for many things one can use Tor for good or for bad but as long as
 running an exit node means getting busted by some rude cops I'm not
 going to run one anymore (maybe?).

 Btw, I changed my other node to middle-man only =(.

 M

Okay, so maillist and I are definitely interested in this.  Supposing,
for the sake of argument, that we coded it, and the Tor developers
certified that they did not believe the code would break anything, is
there any reason we shouldn't be allowed to share a blacklist via a
variable?  Obviously, since it is so controversial, the variable needn't
be added to the default exit policy, and would only be used by Tor
operators who chose to use it.

(Obviously, we'd have to check with local law people to make sure it
was indeed legal for us to use such a blacklist, but anyway.)


Re: Child pornography blocking again

2008-01-26 Thread Kraktus
On 26/01/2008, F. Fox [EMAIL PROTECTED] wrote:
 Kraktus wrote:
 On 25/01/2008, F. Fox [EMAIL PROTECTED] wrote:
 Kraktus wrote:
 On 25/01/2008, Eugen Leitl [EMAIL PROTECTED] wrote:
 I just want to know if there is a technically feasible way of
 Use your brain. Packets have no EVIL bit to test for.
 I'm pretty sure my suggestion is better than an RFC April Fools' Joke.
 Hehe, I like that: RFC for the EVIL bit. Designed to stop all manner of
 online crime. =xoD

 Really, if I'd known my message was going to evoke this sort of response,
 I'd have entitled it 'Directory-distributed variables for exit lists'.

 Oh come on... you can't tell me you didn't get a chuckle at the idea of
 an EVIL bit. =:oD

It is somewhat difficult to have a sense of humour when people are
saying that you are the cancer killing Tor, a troll, a vigilante, that
your mother and wife are witches, etc.  But thanks for trying.


Re: How to run an exit node and not getting raided by police?

2008-01-26 Thread Kraktus
Well, if you're really worried, I suppose you could disallow exits to
all but a whitelist of websites you trust not to contain content that
is illegal to view in your country.  Which would probably not include
user-contributed websites.


Re: Child pornography blocking again

2008-01-26 Thread tor-operator

Kraktus wrote:


Tor already has censorship hooks.  Tor nodes are already in
control of their own exit policies.  Certain ports are already
blocked by default.

This would simply provide Tor nodes with another tool to
control what leaves their nodes.  And if Tor nodes didn't want
to use it, they wouldn't have to.


Hello,

I would assert a disagreement here, and indicate that exitpolicy is a 
*traffic* obstruction hook, not a censorship hook.


Key different: the ExitPolicy strictly works on the basis of the Layer3/Layer4 
target address.  Your proposed censorship hook seems to require a continually 
updated set of blocks on the basis of content.  ExitPolicy can't tell an HTTP 
connection for wikipedia from an HTTP connection for a bit image.  Please see 
a reasonable reference for usenet death penalty if this is in any way 
unclear.


Re: How to run an exit node and not getting raided by police?

2008-01-26 Thread Scott Bennett
 On Sat, 26 Jan 2008 17:37:37 -0500 Kraktus [EMAIL PROTECTED]
posted out of the blue with no context whatsoever:

Well, if you're really worried, I suppose you could disallow exits to
all but a whitelist of websites you trust not to contain content that
is illegal to view in your country.  Which would probably not include
user-contributed websites.

 Just keep in mind that it would have to be a very small list because
the ExitPolicy syntax, probably for good reason, does not allow something
like

ExitPolicy accept *.edu:80

for example.  For one thing, this would require a name server query by the
exit server for every exit connection to port 80 because the IP address
would not be known prior to the exit connection attempt.  Would a tiny
whitelist get enough use to justify putting it into an exit policy?


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army.   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**


(no subject)

2008-01-26 Thread Paul Henning
unsubscribe or-talk


Incognito 20080109.1 released

2008-01-26 Thread anonym
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Greetings,

I released Incognito 20080109.1 earlier today. All relevant info is
available at: http://incognito.anonymityanywhere.com

Cheers!

-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.7 (GNU/Linux)

iD8DBQFHm+E6p8EswdDmSVgRAou4AJ45utghChlUuEyQKR/bRwJnbePWYQCgtT+F
vqOLga4Un4WgNYjF+7y1sfo=
=w/HU
-END PGP SIGNATURE-



Re: Tor operator raided in Finland

2008-01-26 Thread dr . _no
 maillist wrote:
 (snip)
  They took all my computers and tried
  to take my UPS before I convinced them that it's not a computer.
 
 No offense, but... LMAO! That's just sad; they can't tell a computer
 from a UPS...

Hi,

i also thought about it and it's possible to e. g. to hide a WLAN or powerline 
NAS in a wall,
but that's expensive and i do prefer encryption - even for all of my backups
and my backup in the safe-deposit box.
That does cost nothing (except some performance, some seconds for creation an 
the password 
for mounting) and it's save. 
And i've read reportsthat the police sometimes also takes printers and other PC 
stuff, so an
UPS is not a good idea.

Currently i'm putting my root file system on an USB key, following the 
encrypted root filesystem
howto, in a partition of type 0 (officially empty).
And if you use a small USB key, e. g. an Sony Micro Vault Tiny, you can hide it 
nearly everywhere,
because it's so small: 
http://www.sony.jp/products/Consumer/media/pocketbit/products/usm-h/images/prt_1_pic01.jpg

If you have small children, you first should make sure that it can not get 
swallowed ;-)

If someone, e. g. a judge or policeman, asks you for the password you can 
simply forget it or say that due to
the International Covenant on Civil and Political Rights, article 14, paragraph 
3,  chapter g, you
can not be forced to tell someone else the password:
http://www.uni-potsdam.de/u/mrz/un/int-bill/ipbpren.htm
So asking for a password is a suspect trick, because since the romans the 
principle that you can't be 
compelled to testify against yourself or to confess, e. g. by telling someone 
else a password, is standard
and known as nemo tenetur se ipsum accusare.
So if someone forces you to give a password it is highly illegal a) du to 
international law, b) against more
than more than 2000 years of jurisdiction, c) against the freedom of thought (a 
password which is created
by your brain is only a thought) and several other constitutional principles.
In germany the nemo tenetur se ipsum accusare is specified as STPO Paragraph 
55.

Another point is that a good password is hard to create; therefore you can 
reclaim the international 
copyright for your good passwords.

If someone would ask me for a password, i would spam, tell wrong passwords, to 
waste his time, which could
be used to ask others for passwords ;-)

Greets



Re: Tor operator raided in Finland

2008-01-26 Thread 孙超

Why tor is banned in Finland? it's just unimaginable!!!

I am from China, where internet censorship is used by the government.
So we use tor to avoid censorship from the government.

But so far as I know, there is no internet censorship in Finland, I donot 
know if I am right?


If not for avoiding censorhip, why do you use tor? The Police should not 
have interrupted you if you had not done illeagal operate such as sending 
junk mails with tor


- Original Message - 
From: maillist [EMAIL PROTECTED]

To: or-talk@freehaven.net
Sent: Sunday, January 27, 2008 2:44 AM
Subject: Tor operator raided in Finland



Hello

I'm not sure if my last email reached the list but just wanted to let
you know.

Tor exit-node SpongeBob was raided by local police two days ago. Very
rude and ignorant cops, the usual. They took all my computers and tried
to take my UPS before I convinced them that it's not a computer.

My lawyer said that I should not go in to details but I wanted to let
you all know.

Gpg keys revoked and so on.

M






Re: Tor operator raided in Finland

2008-01-26 Thread Kraktus
On 26/01/2008, 孙超 [EMAIL PROTECTED] wrote:
 If not for avoiding censorhip, why do you use tor?

Tor can also help protect people's privacy.

 The Police should not
 have interrupted you if you had not done illeagal operate such as sending
 junk mails with tor

Sometimes, when a Tor user does something illegal with Tor, the exit
node operator of the exit node the Tor user was using is blamed.


Re: Tor operator raided in Finland

2008-01-26 Thread dr . _no
 Hello
 
 I'm not sure if my last email reached the list but just wanted to let
 you know.
 
 Tor exit-node SpongeBob was raided by local police two days ago. Very
 rude and ignorant cops, the usual. They took all my computers and tried
 to take my UPS before I convinced them that it's not a computer.
 
 My lawyer said that I should not go in to details but I wanted to let
 you all know.
 
 Gpg keys revoked and so on.

Hi,

you should keep your keys only on encrypted partitions and backups with 
forgotten passwords
to avoid revoking GPG keys.
And you should use a transparent proxy plus a provider proxy as parent proxy 
for the exit traffic of
your TOR server, because usually only the TCP/IP IP number gets logged; e. g. 
logged by an Apache with
default configuration and most other software.

Well, sometimes shit happens and TOR servers are raided also in germany, where 
they are legal, so
usually the raiding of a TOR server is only temporary and threads are only idle 
threats.

Greets



Re: Tor operator raided in Finland

2008-01-26 Thread dr . _no
Hi,

 Sometimes, when a Tor user does something illegal with Tor, the exit
 node operator of the exit node the Tor user was using is blamed.

if you use a transparent proxy plus a provider proxy as parent proxy
for your TOR server, you can simply avoid that ;-)

To be absolutely sure, you can restrict the TOR output to port 80 and and use
transparent http proxying to port 80, plus a provider proxy as parent proxy.

I'm runnig a TOR server for more than two years with no blocked port (except 25 
since late 2006),
proxied port 80 since 2007 and had no significant problems.

Greets



Re: How to remove some useless nodes

2008-01-26 Thread Kraktus
You can add
ExcludeNodes NodeName1, NodeName2
to your torrc, where the NodeName1, etc. are the names of Chinese exit
nodes that you are aware of.  However, you much disallow each Chinese
node separately; you can't exclude by country.


On 26/01/2008, 孙超 [EMAIL PROTECTED] wrote:
 We in China use tor mainly for avoiding Great Fire Wall, which is a very
 strong internet censorship software operated by the government. So, if
 linkage with nodes within China is completely useless for us to break the
 censorship. Usually, we can cut off such connection in tor's graphic window
 vidalia manually, but it very bothering, we must keep an eye on whether
 there is linkage within China. I wonder if there is some way to remove nodes
 located in China.

 If someone knows how to do, plz tell me, Thanks!!!


Re: Child pornography blocking again

2008-01-26 Thread Jacob Appelbaum
Eugen Leitl wrote:
 On Sat, Jan 26, 2008 at 12:46:46PM -0500, Kraktus wrote:
 
 Really, if I'd known my message was going to evoke this sort of response,
 
 Really, if you want any other sort of response, DON'T SUGGEST IMPLEMENTING
 CENSORSHIP HOOKS IN TOR in future. Thanks so much.
 

Agreed.

 I'd have entitled it 'Directory-distributed variables for exit lists'.
 
 It doesn't matter how you call it, it still stinks.
 
 Of course suggesting paedophilia in a anonymity forum is the
 equivalent of Godwin's law. Basically, you lost in the moment
 you mentioned it.
 

Seriously!

Can we drop this already?

Send a fully tested and working patch, fork the code base, start a new
project or knock it off.

HTH,
Jacob