directory authority/authorities need(s) updating?
When I restarted my tor server a while ago. it surprised me with Jan 26 04:25:08.406 [notice] This version of Tor (0.2.0.17-alpha) is newer than any recommended version, according to the directory authorities. Recommended versions are: 0.1.2.19,0.2.0.11-alpha,0.2.0.12-alpha,0.2.0.15-alpha So I peeked at the cached-consensus file and the cached-status/* files. The cached-consensus file contained client-versions 0.1.2.17,0.1.2.18,0.1.2.19,0.2.0.6-alpha,0.2.0.7-alpha,0.2.0.8-alpha,0.2.0.9-alpha,0.2.0.11-alpha,0.2.0.12-alpha,0.2.0.13-alpha,0.2.0.14-alpha,0.2.0.15-alpha,0.2.0.17-alpha So far, so good, but then it had server-versions 0.1.2.19,0.2.0.11-alpha,0.2.0.12-alpha,0.2.0.15-alpha So what's the deal with 0.2.0.16-alpha and 0.2.0.17-alpha not being recommended as servers? The cacned-status/* files also contained some oddities. Some had only two copies of the authority's IP address instead of a host+domainname followed by an IP address. One of them was for lefkada.eecs.harvard.edu, whose cached-status file offered neither client-versions nor server-versions, even though the cached-consensus file said it had come from this server and did offer its not necessarily correct opinion of both. The cached-status file for tor.dizum.com also offered neither client-versions nor server-versions. The other authorities offered reasonable client-versions and server-versions. Would the people running the authorities please get this straightened out ASAP? It seems like a bad idea to have them in such disagreement. Thanks much! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Child pornography blocking again
On 25/01/2008, F. Fox [EMAIL PROTECTED] wrote: Kraktus wrote: On 25/01/2008, Eugen Leitl [EMAIL PROTECTED] wrote: I just want to know if there is a technically feasible way of Use your brain. Packets have no EVIL bit to test for. I'm pretty sure my suggestion is better than an RFC April Fools' Joke. Hehe, I like that: RFC for the EVIL bit. Designed to stop all manner of online crime. =xoD Really, if I'd known my message was going to evoke this sort of response, I'd have entitled it 'Directory-distributed variables for exit lists'.
Tor operator raided in Finland
Hello I'm not sure if my last email reached the list but just wanted to let you know. Tor exit-node SpongeBob was raided by local police two days ago. Very rude and ignorant cops, the usual. They took all my computers and tried to take my UPS before I convinced them that it's not a computer. My lawyer said that I should not go in to details but I wanted to let you all know. Gpg keys revoked and so on. M
Re: Tor operator raided in Finland
We are here to help if you need it. Solidarity, Comrade Ringo Kamens Anarchist Black Cross Northern Michigan On Jan 26, 2008 6:44 PM, maillist [EMAIL PROTECTED] wrote: Hello I'm not sure if my last email reached the list but just wanted to let you know. Tor exit-node SpongeBob was raided by local police two days ago. Very rude and ignorant cops, the usual. They took all my computers and tried to take my UPS before I convinced them that it's not a computer. My lawyer said that I should not go in to details but I wanted to let you all know. Gpg keys revoked and so on. M
Re: Child pornography blocking again
On Jan 26, 2008 12:46 PM, Kraktus [EMAIL PROTECTED] wrote: Really, if I'd known my message was going to evoke this sort of response, I'd have entitled it 'Directory-distributed variables for exit lists'. It would have been better if you had, but you would have still received a negative response. Further splitting the anonymity set just wouldn't be a good thing unless it was *really* needed.
Re: Child pornography blocking again
On Sat, Jan 26, 2008 at 12:46:46PM -0500, Kraktus wrote: Really, if I'd known my message was going to evoke this sort of response, Really, if you want any other sort of response, DON'T SUGGEST IMPLEMENTING CENSORSHIP HOOKS IN TOR in future. Thanks so much. I'd have entitled it 'Directory-distributed variables for exit lists'. It doesn't matter how you call it, it still stinks. Of course suggesting paedophilia in a anonymity forum is the equivalent of Godwin's law. Basically, you lost in the moment you mentioned it. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Relay port changed to 443 (from 9001) with Tor 0.1.2.19 / Vidalia 0.0.16 ?
Hi there, after having installed the latest version I noticed that Relay Port in Basic Settings is now 443, it was 9001 before. No info about that in the changelogs or docs. I always had port 9001 open in my NAT firewall for incoming traffic, do I have to open 443 now instead? Should I leave it to 443 anyway? I guess that could conflict with https websites that I use without Tor. cu. Gregor
Re: Child pornography blocking again
On 26/01/2008, Eugen Leitl [EMAIL PROTECTED] wrote: On Sat, Jan 26, 2008 at 12:46:46PM -0500, Kraktus wrote: Really, if I'd known my message was going to evoke this sort of response, Really, if you want any other sort of response, DON'T SUGGEST IMPLEMENTING CENSORSHIP HOOKS IN TOR in future. Thanks so much. Tor already has censorship hooks. Tor nodes are already in control of their own exit policies. Certain ports are already blocked by default. This would simply provide Tor nodes with another tool to control what leaves their nodes. And if Tor nodes didn't want to use it, they wouldn't have to. I'd have entitled it 'Directory-distributed variables for exit lists'. It doesn't matter how you call it, it still stinks. Of course suggesting paedophilia in a anonymity forum is the equivalent of Godwin's law. Basically, you lost in the moment you mentioned it. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org Wasn't there a child porn hidden service at one point in the past? So it's not like this was never a real issue. Not that this would have any impact on the ability to run child porn hidden services, but still. Really, I'm not saying that you, as a Tor user / node operator / whatever you are, are a paedophile, or personally responsible for people engaging in paedophilia. If so, then I, as someone who believes the benefits still outweigh the disadvantages, and subsequently run an exit node, am just as guilty. But, if I could prevent my exit node from being used to access CP, without preventing it from also being used to access a plethora of good things, surely I would.
Re: Child pornography blocking again
On Jan 26, 2008 4:06 PM, maillist [EMAIL PROTECTED] wrote: Some f:ing paedophile is responsible for loosing all my computers and scaring my better half. Thanks a lot. Some f'ing paedophile is responsible for being a pervert, but the invasion of your home, the home of an innocent person, is the fault of your government, not some pervert. If theres going to be some directory controlled exit-policies then count me in (if I'm going to ever run an exit-node anymore). Even if it could be done it would not address the root cause of your concern.
TrackHostExits, dns-proxy-tor
I set up TransPort and dns-proxy-tor and some firewall rules to create an anonymized physical network. This works well. I can set up a little machine and not put any personal information on it and not worry about privoxy and JavaScript holes and all that. I want to use TrackHostExits or MapAddress to prevent my outside IP from changing to particular hosts. They use cookies tied to the IP for my login. My IP changing constantly makes me get logged out over and over, sometimes at very inopportune times. This won't work for me. I think it's a conflict between dns-proxy- tor's use of mappings and TrackHostExits/MapAddress. With TrackHostExits, I never see new entries show up in GETINFO addr- mappings/all, which it looks on a cursory inspection of consider_recording_trackhost that I should. I only see dns-proxy- tor's entries show up. MapAddress just doesn't do anything (the entry I make shows up in the list, but is not used). -- Click here and relax in style with your own massage chair. http://tagline.hushmail.com/fc/Ioyw6h4daZ9GcuD6EMNJfhH4VrkoPqELUWaimDwQdWlUL80TJfPZJf/
How to run an exit node and not getting raided by police?
As far as I know tor operators have been raided in Germany and Finland by ignorant cops who does not know anything about proxies or that one ip does not mean one person (ever heard of NAT, proxying or routing for example). How about other countries? How to avoid that nasty raid (at you home) and that oh so sweet paranoid feeling after that? Any ideas? How about following (just my two cents): Running exit node on computer that is physically located at some ISP's server farm? Renting a server from a different country, maybe a whole different continent and running exit node there? If you live in Europe and your country belongs to EU then maybe outside of EU? What would be a good country? How about service providers? - Maybe a good idea? PTR records (reverse dns)? Ip that translates to something like proxy.domain.com or tor-proxy.domain.com? Are the cops smart enough? Do they care? (I don't personally think that they care or understand.) Running exit node at local library's poorly secured computer? - That ain't nice and it's illegal - no. Running a exit node on computer owned by some civilrights group? Encryption? Is it good or bad if cops take your servers? If you give your keys to cops they can check that there ain't no cp. If your hard drive is not encrypted police can check it easily. What about privacy? Police tends to take all the computers and not just the one(s) running tor. What about encrypted container in encrypted fs's slack space for your private data? Then one can hand the outer volumes keys to police without any worries. And for my poor english.. Hope you all understand what I write =). Good day to you all! M
Re: Child pornography blocking again
Kraktus schrieb: Tor already has censorship hooks. Tor nodes are already in control of their own exit policies. Certain ports are already blocked by default. It is (technically and legally) a whole different thing to filter based on ports or to filter based on content. Content-based filtering will get you in a huge bunch of technical, administrative, legal and moral problems. In short: it does not work. One example: in some jurisdiction you will get a serious problem with liability, if you start to filter something based on content. In some other it would IMHO be blatant illegal and even punishable. You can only prevent this by being strictly neutral concerning the content through your systems. Dominik
Re: Child pornography blocking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kraktus wrote: On 25/01/2008, F. Fox [EMAIL PROTECTED] wrote: Kraktus wrote: On 25/01/2008, Eugen Leitl [EMAIL PROTECTED] wrote: I just want to know if there is a technically feasible way of Use your brain. Packets have no EVIL bit to test for. I'm pretty sure my suggestion is better than an RFC April Fools' Joke. Hehe, I like that: RFC for the EVIL bit. Designed to stop all manner of online crime. =xoD Really, if I'd known my message was going to evoke this sort of response, I'd have entitled it 'Directory-distributed variables for exit lists'. Oh come on... you can't tell me you didn't get a chuckle at the idea of an EVIL bit. =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR5urduj8TXmm2ggwAQiN2RAAk0IIwS4G3tRq1vw7+TRTX80RYKYBiZnC 7U6vpUXZoqKAe5Jl41N9/KIPVwPwU7txpN+GkBBXb1oEszi4/qv0rI0M8b7vNv7G 7zHAr0SMQLA9WbnCjsoPR9f9AIDZkgFYZni9Zd+NaZSYV/j82czEkhsyOwh3CoQM vJMel24qWUpIdkvqxo0rKwFSUlWwfZf1KJeqtWqy7Jko3/5qL+uTNRYkVtyavDP5 I25bfrTxJbzIQUUvGVCv5ZGPpXjB1h+wcmUjyAQ53AV9xfDB1+4PytE6eJsHvJ5/ PC6uASiJ8gnmxk4F0o3m5SF7yhb1nxa5Y7bF+mw5I7B24huSMWWZoCuwqv7FYUqf 5gN4dRegx9xKJS/pPGasEPHM/X1waoY8e3Z1yNX6/7aQUJ4nOKt0Ke2BA88cNtcV OjaBFbELXVM7nvqrpMPOKGXZYOu23J4USwRMvKnOgjtWZkPwJ+T4TFGGp9FF6l2+ Vy9DEIEX6/TSN8AryRbn0S17+TPcVn29XsJhjJlpkEqeelomh/FiiU8GnM5mbWkS DcqEaq0Ba4LcXIeHD/odRxEKHiTcWRNUFQ0t2sVrLnyhY6dTkiXpUfsFoINqNghV 2InGHSW3Nu08T/69oLuyZnkaIeakiQoQ8wY9KVzG1SznhEX0ID2DV/z2XqVor8fx pify9TFWsNk= =aQ46 -END PGP SIGNATURE-
Re: Child pornography blocking again
On 26/01/2008, Dominik Schaefer [EMAIL PROTECTED] wrote: Kraktus schrieb: Tor already has censorship hooks. Tor nodes are already in control of their own exit policies. Certain ports are already blocked by default. It is (technically and legally) a whole different thing to filter based on ports or to filter based on content. Content-based filtering will get you in a huge bunch of technical, administrative, legal and moral problems. In short: it does not work. One example: in some jurisdiction you will get a serious problem with liability, if you start to filter something based on content. In some other it would IMHO be blatant illegal and even punishable. You can only prevent this by being strictly neutral concerning the content through your systems. Dominik Thank you for the legal warning. To be clear, I am not suggesting a program to examine packets and do some sort of incredible image processing to figure out if a photograph is child pornography, or anything that would involve packet sniffing, I just want to block certain IPs and hostnames. I'm not sure why this would be illegal, since many ISPs and firewall software already do this, but I'll make sure to do my research before I do anything, if I do anything. I do not save logs except occasionally for debugging purposes, and even then, they are scrubbed. While unscrubbed logs might be useful to law enforcement in some circumstances, I recognise that I cannot help them catch bad people without also damaging the privacy of good people. Nor do I sniff packets.
Re: Child pornography blocking again
On 26/01/2008, maillist [EMAIL PROTECTED] wrote: Some f:ing paedophile is responsible for loosing all my computers and scaring my better half. Thanks a lot. I am sorry to hear that. If theres going to be some directory controlled exit-policies then count me in (if I'm going to ever run an exit-node anymore). As for many things one can use Tor for good or for bad but as long as running an exit node means getting busted by some rude cops I'm not going to run one anymore (maybe?). Btw, I changed my other node to middle-man only =(. M Okay, so maillist and I are definitely interested in this. Supposing, for the sake of argument, that we coded it, and the Tor developers certified that they did not believe the code would break anything, is there any reason we shouldn't be allowed to share a blacklist via a variable? Obviously, since it is so controversial, the variable needn't be added to the default exit policy, and would only be used by Tor operators who chose to use it. (Obviously, we'd have to check with local law people to make sure it was indeed legal for us to use such a blacklist, but anyway.)
Re: Child pornography blocking again
On 26/01/2008, F. Fox [EMAIL PROTECTED] wrote: Kraktus wrote: On 25/01/2008, F. Fox [EMAIL PROTECTED] wrote: Kraktus wrote: On 25/01/2008, Eugen Leitl [EMAIL PROTECTED] wrote: I just want to know if there is a technically feasible way of Use your brain. Packets have no EVIL bit to test for. I'm pretty sure my suggestion is better than an RFC April Fools' Joke. Hehe, I like that: RFC for the EVIL bit. Designed to stop all manner of online crime. =xoD Really, if I'd known my message was going to evoke this sort of response, I'd have entitled it 'Directory-distributed variables for exit lists'. Oh come on... you can't tell me you didn't get a chuckle at the idea of an EVIL bit. =:oD It is somewhat difficult to have a sense of humour when people are saying that you are the cancer killing Tor, a troll, a vigilante, that your mother and wife are witches, etc. But thanks for trying.
Re: How to run an exit node and not getting raided by police?
Well, if you're really worried, I suppose you could disallow exits to all but a whitelist of websites you trust not to contain content that is illegal to view in your country. Which would probably not include user-contributed websites.
Re: Child pornography blocking again
Kraktus wrote: Tor already has censorship hooks. Tor nodes are already in control of their own exit policies. Certain ports are already blocked by default. This would simply provide Tor nodes with another tool to control what leaves their nodes. And if Tor nodes didn't want to use it, they wouldn't have to. Hello, I would assert a disagreement here, and indicate that exitpolicy is a *traffic* obstruction hook, not a censorship hook. Key different: the ExitPolicy strictly works on the basis of the Layer3/Layer4 target address. Your proposed censorship hook seems to require a continually updated set of blocks on the basis of content. ExitPolicy can't tell an HTTP connection for wikipedia from an HTTP connection for a bit image. Please see a reasonable reference for usenet death penalty if this is in any way unclear.
Re: How to run an exit node and not getting raided by police?
On Sat, 26 Jan 2008 17:37:37 -0500 Kraktus [EMAIL PROTECTED] posted out of the blue with no context whatsoever: Well, if you're really worried, I suppose you could disallow exits to all but a whitelist of websites you trust not to contain content that is illegal to view in your country. Which would probably not include user-contributed websites. Just keep in mind that it would have to be a very small list because the ExitPolicy syntax, probably for good reason, does not allow something like ExitPolicy accept *.edu:80 for example. For one thing, this would require a name server query by the exit server for every exit connection to port 80 because the IP address would not be known prior to the exit connection attempt. Would a tiny whitelist get enough use to justify putting it into an exit policy? Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
(no subject)
unsubscribe or-talk
Incognito 20080109.1 released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, I released Incognito 20080109.1 earlier today. All relevant info is available at: http://incognito.anonymityanywhere.com Cheers! -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.7 (GNU/Linux) iD8DBQFHm+E6p8EswdDmSVgRAou4AJ45utghChlUuEyQKR/bRwJnbePWYQCgtT+F vqOLga4Un4WgNYjF+7y1sfo= =w/HU -END PGP SIGNATURE-
Re: Tor operator raided in Finland
maillist wrote: (snip) They took all my computers and tried to take my UPS before I convinced them that it's not a computer. No offense, but... LMAO! That's just sad; they can't tell a computer from a UPS... Hi, i also thought about it and it's possible to e. g. to hide a WLAN or powerline NAS in a wall, but that's expensive and i do prefer encryption - even for all of my backups and my backup in the safe-deposit box. That does cost nothing (except some performance, some seconds for creation an the password for mounting) and it's save. And i've read reportsthat the police sometimes also takes printers and other PC stuff, so an UPS is not a good idea. Currently i'm putting my root file system on an USB key, following the encrypted root filesystem howto, in a partition of type 0 (officially empty). And if you use a small USB key, e. g. an Sony Micro Vault Tiny, you can hide it nearly everywhere, because it's so small: http://www.sony.jp/products/Consumer/media/pocketbit/products/usm-h/images/prt_1_pic01.jpg If you have small children, you first should make sure that it can not get swallowed ;-) If someone, e. g. a judge or policeman, asks you for the password you can simply forget it or say that due to the International Covenant on Civil and Political Rights, article 14, paragraph 3, chapter g, you can not be forced to tell someone else the password: http://www.uni-potsdam.de/u/mrz/un/int-bill/ipbpren.htm So asking for a password is a suspect trick, because since the romans the principle that you can't be compelled to testify against yourself or to confess, e. g. by telling someone else a password, is standard and known as nemo tenetur se ipsum accusare. So if someone forces you to give a password it is highly illegal a) du to international law, b) against more than more than 2000 years of jurisdiction, c) against the freedom of thought (a password which is created by your brain is only a thought) and several other constitutional principles. In germany the nemo tenetur se ipsum accusare is specified as STPO Paragraph 55. Another point is that a good password is hard to create; therefore you can reclaim the international copyright for your good passwords. If someone would ask me for a password, i would spam, tell wrong passwords, to waste his time, which could be used to ask others for passwords ;-) Greets
Re: Tor operator raided in Finland
Why tor is banned in Finland? it's just unimaginable!!! I am from China, where internet censorship is used by the government. So we use tor to avoid censorship from the government. But so far as I know, there is no internet censorship in Finland, I donot know if I am right? If not for avoiding censorhip, why do you use tor? The Police should not have interrupted you if you had not done illeagal operate such as sending junk mails with tor - Original Message - From: maillist [EMAIL PROTECTED] To: or-talk@freehaven.net Sent: Sunday, January 27, 2008 2:44 AM Subject: Tor operator raided in Finland Hello I'm not sure if my last email reached the list but just wanted to let you know. Tor exit-node SpongeBob was raided by local police two days ago. Very rude and ignorant cops, the usual. They took all my computers and tried to take my UPS before I convinced them that it's not a computer. My lawyer said that I should not go in to details but I wanted to let you all know. Gpg keys revoked and so on. M
Re: Tor operator raided in Finland
On 26/01/2008, 孙超 [EMAIL PROTECTED] wrote: If not for avoiding censorhip, why do you use tor? Tor can also help protect people's privacy. The Police should not have interrupted you if you had not done illeagal operate such as sending junk mails with tor Sometimes, when a Tor user does something illegal with Tor, the exit node operator of the exit node the Tor user was using is blamed.
Re: Tor operator raided in Finland
Hello I'm not sure if my last email reached the list but just wanted to let you know. Tor exit-node SpongeBob was raided by local police two days ago. Very rude and ignorant cops, the usual. They took all my computers and tried to take my UPS before I convinced them that it's not a computer. My lawyer said that I should not go in to details but I wanted to let you all know. Gpg keys revoked and so on. Hi, you should keep your keys only on encrypted partitions and backups with forgotten passwords to avoid revoking GPG keys. And you should use a transparent proxy plus a provider proxy as parent proxy for the exit traffic of your TOR server, because usually only the TCP/IP IP number gets logged; e. g. logged by an Apache with default configuration and most other software. Well, sometimes shit happens and TOR servers are raided also in germany, where they are legal, so usually the raiding of a TOR server is only temporary and threads are only idle threats. Greets
Re: Tor operator raided in Finland
Hi, Sometimes, when a Tor user does something illegal with Tor, the exit node operator of the exit node the Tor user was using is blamed. if you use a transparent proxy plus a provider proxy as parent proxy for your TOR server, you can simply avoid that ;-) To be absolutely sure, you can restrict the TOR output to port 80 and and use transparent http proxying to port 80, plus a provider proxy as parent proxy. I'm runnig a TOR server for more than two years with no blocked port (except 25 since late 2006), proxied port 80 since 2007 and had no significant problems. Greets
Re: How to remove some useless nodes
You can add ExcludeNodes NodeName1, NodeName2 to your torrc, where the NodeName1, etc. are the names of Chinese exit nodes that you are aware of. However, you much disallow each Chinese node separately; you can't exclude by country. On 26/01/2008, 孙超 [EMAIL PROTECTED] wrote: We in China use tor mainly for avoiding Great Fire Wall, which is a very strong internet censorship software operated by the government. So, if linkage with nodes within China is completely useless for us to break the censorship. Usually, we can cut off such connection in tor's graphic window vidalia manually, but it very bothering, we must keep an eye on whether there is linkage within China. I wonder if there is some way to remove nodes located in China. If someone knows how to do, plz tell me, Thanks!!!
Re: Child pornography blocking again
Eugen Leitl wrote: On Sat, Jan 26, 2008 at 12:46:46PM -0500, Kraktus wrote: Really, if I'd known my message was going to evoke this sort of response, Really, if you want any other sort of response, DON'T SUGGEST IMPLEMENTING CENSORSHIP HOOKS IN TOR in future. Thanks so much. Agreed. I'd have entitled it 'Directory-distributed variables for exit lists'. It doesn't matter how you call it, it still stinks. Of course suggesting paedophilia in a anonymity forum is the equivalent of Godwin's law. Basically, you lost in the moment you mentioned it. Seriously! Can we drop this already? Send a fully tested and working patch, fork the code base, start a new project or knock it off. HTH, Jacob