Re: Prebuilding circuits?
F. Fox wrote: Kees Vonk wrote: F. Fox wrote: I'm assuming that the site you mention is a normal, unencrypted Web site - i.e., port 80; let's call that site, Site X. It is an encrypted site on a none standard port, would that make a difference? The non-standard port does, since it may not be part of the default exit policy. That would greatly reduce the number of potential exits - and your Tor client would likely have to start a circuit just for that site. So if I understand this correctly you could say that Tor builds circuits for ports, not for sites? If that is correct, can I tell Tor to prebuild a circuit for a certain port?
Re: [ANN] Vidalia and Mixminion repository for ubuntu
Okay problem fixed in the new version of the package. Just update. :) I made tor a dependencie of vidalia. So if you install vidalia tor will be installed before (if you haven't installed it by yourself before). Then in the postint-scripts I'm checking if tor is running and if it is, tor will be closed and removed from the runlevels. Any feedback welcome. greets Here's the postinst-script: #!/bin/sh -e if pgrep -x tor;then echo Tor is already running. This will not work with vidalia so I'm trying to kill it and because it could be a service I'm trying to remove it from the runlevels. pkill -x tor else echo The tor-service is not running. That's fine. But nevertheless I'm trying to remove it from the runlevels. fi update-rc.d -f tor remove
Re: Tor server behind NAT on Vista,, Update,,
On Tue, Mar 18, 2008 at 02:04:14AM -0700, [EMAIL PROTECTED] wrote 7.5K bytes in 56 lines about: : One thing I noticed, right now Tor Bandwidth Usage GUI tells me recv:24.56 MB and Sent: 69.23 MB I am allowing my server to act as Directory Mirror, but, troubling discrepancy between Recv and Sent. Anyone have a clue about that? The FAQ has most of your answers, https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#TrafficNotBalanced :Also, on my machine behind NAT and SPI hardware firewall I am also running Zone Alarm. ZA's logs show a high rate of blocked intrusion attempts, I am currently tracking down some using Whois,, I guess that is just part of the game running a server,,,Comments welcome,, :) This is a partial answer, https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#Portscans. In general, ZA is probably just detecting traffic on various ports and considers it an attack. I don't think ZA assumes you're running a server, and therefore it won't know how to handle connections not originating locally. Thanks for donating the bandwidth and running a server! -- Andrew
GSoC Idea: Packaging Tor+Vidalia
Hi, I would like to apply for the Better Deb Packaging for Tor+Vidalia GSoC idea. Should I start looking for a mentor? Cheers, L [0]: https://www.torproject.org/volunteer.html.en#Projects
Re: GSoC Idea: Packaging Tor+Vidalia
Hi, if you are interested I can defenitivly help you with the packaging part of this task! I have already packaged vidalia for ubuntu. My solution at the moment is stopping the tor daemon and removing it from the runlevels through vidalia's postinst script. There's really no need for tor to run with every boot. That should be the users choice not the packagers. Although it is a nicer way to run tor as debian-tor user like Peter packaged it. The next thing is if tor is configured with ControlPort 9051 Vidalia is already attaching to it but it seems it can't change the config than. If you are interested I would like to help you with finding a proper solution for the problem. greets signature.asc Description: PGP signature
Re: GSoC Idea: Packaging Tor+Vidalia
Am Fr 21 Mär 2008 schrieb Adna rim: If you are interested I would like to help you with finding a proper solution for the problem. Yes, I am. Although I have little experience with Debian packaging, I use it daily and I have always wanted to contribute to it. Besides, I have C++ (and even some Qt) experience. I guess I'll be applying on Monday -or, as latest, on Tuesday (I will have no Internet this weekend). Cheers, L
More GSoC Ideas
I am *not* vying for a spot (I doubt I would make it) but here are a couple of ideas and reasons for them. 1. Enable tor to use a blacklist of some sort, perhaps with categories, at the tor operator's choice. (Perhaps using Squid in a non-caching mode) Examples: A. I had at least one connection to legal-preteen.com. I am willing to take some chances of getting into trouble with the law for the sake of avoiding internet censoship, but not to that end. Child pornography and The Great Firewall of China are two completely separate things. B. I've had to block Google because my roomates were getting the nasty this might be spyware page and weren't all too happy about that. C. I've blocked The Pirate Bay, and when I have time, will block other such sites. (See idea 2). If operators want to let tor users go through to those sites that's fine, I don't even care all that much except that I think the limited tor bandwidth can go to better uses. 2. On *nix systems, make it easy for snort to filter out tor traffic on a protocol level. I realize there are plenty of legal uses for BitTorrent, Gnutella, etc., but most of them do not require anonymity in a strong sense. That is, they can get the same content through http (most of the time) anyway, and downloading a Linux distribution (or whatever) won't be flagged by most governments/agencies/whatever. It's my bandwidth, I have the right to let *others'* use it as I see fit. Moreover, if these were implemented I would be much more comfortable setting up additional tor nodes at friends' houses, or my parents', who have high-speed connections. However, the last thing my parents need is the FBI knocking on their door wondering why they are visiting legal-preteen.com. I don't think that would make them very happy. (Granted, I could just set tor up as a non-exit node, which I may do, but the tor network could use more exit nodes in general.) Just ideas, -madjon -- [EMAIL PROTECTED]
Re: More GSoC Ideas
Various comments on these, regarding why some of these are dubious ideas: A. I had at least one connection to legal-preteen.com. I am willing to take some chances of getting into trouble with the law for the sake of avoiding internet censoship, but not to that end. Child pornography and The Great Firewall of China are two completely separate things. You will never, ever, ever block all child porn websites. It's simply impossible. To make things worse, in the US there's at least some possibility that filtering things by content leaves you open for lawsuits based on what you didn't filter - meaning that blocking child porn websites might leave you liable for the ones you missed. From a purely PR perspective, people might also argue well, he clearly knew child porn was being viewed through his server, and he kept his srever up! Burn him, he's a witch! B. I've had to block Google because my roomates were getting the nasty this might be spyware page and weren't all too happy about that. I don't really have a problem with this one :) (Although if you can get a second IP from your ISP, this can be solved neatly - I have all Tor traffic going through its own special IP. Still, this is often impractical.) C. I've blocked The Pirate Bay, and when I have time, will block other such sites. (See idea 2). If operators want to let tor users go through to those sites that's fine, I don't even care all that much except that I think the limited tor bandwidth can go to better uses. The Pirate Bay itself uses extraordinarily little bandwidth, and to my knowledge nobody has ever been prosecuted for downloading .torrent files. The actual process of running the torrent doesn't necessarily even touch TPB (what with distributed hash tables and the like) and even the parts that do touch TPB use a minimal amount of bandwidth. Essentially, this doesn't do what you might think it does. 2. On *nix systems, make it easy for snort to filter out tor traffic on a protocol level. I realize there are plenty of legal uses for BitTorrent, Gnutella, etc., but most of them do not require anonymity in a strong sense. That is, they can get the same content through http (most of the time) anyway, and downloading a Linux distribution (or whatever) won't be flagged by most governments/agencies/whatever. It's my bandwidth, I have the right to let *others'* use it as I see fit. First off, it's nearly impossible to make Tor capable of filtering on this sort of a level - the Tor client simply doesn't know what kind of traffic may be sent through it until the connection is already made, and thus it can't possibly avoid servers that disallow certain protocols. The only thing you could do here is sever connections as soon as you determine that it's the wrong type and this obviously has severe usability implications. Second, an increasing number of protocols are encrypted, thanks to the efforts of Verizon and co - I certainly turn on encryption on my bittorrent client whenever I use it, and I don't even use it to download illegal stuff. Obviously anything encrypted will pass straight through your clever protocol filter. However, the last thing my parents need is the FBI knocking on their door wondering why they are visiting legal-preteen.com. I think they may be even more irritated when you assure them that legal-preteen.com is blocked, and then the FBI shows up wanting to know why they're visiting hot-hot-hot-15-and-under.com :) -Ben
Re: Tor 0.2.0.22-rc is out
Tor 0.2.0.22-rc is the third release candidate for the 0.2.0 series. It enables encrypted directory connections by default for non-relays, fixes some broken TLS behavior we added in 0.2.0.20-rc, and resolves many other bugs. The bundles also include Vidalia 0.1.1 and Torbutton 1.1.17: I downloaded the vidalia-bundle-0.2.0.22-rc-0.1.1-tiger.dmg and installed it. I now have Tor 0.2.0.22-rc and Vidalia 0.1.1. I also have a folder for Torbutton 1.1.17 in my Library, but Firefox still has Torbutton 1.0.4.01 What am I doing wrong? Thanks. Get the name you always wanted with the new y7mail email address. www.yahoo7.com.au/y7mail
Re: More GSoC Ideas
I didn't expect a very warm response, glad to see I wasn't disappointed! On Fri, Mar 21, 2008 at 2:32 PM, Ben Wilhelm [EMAIL PROTECTED] wrote: Various comments on these, regarding why some of these are dubious ideas: A. I had at least one connection to legal-preteen.com. I am willing to take some chances of getting into trouble with the law for the sake of avoiding internet censoship, but not to that end. Child pornography and The Great Firewall of China are two completely separate things. You will never, ever, ever block all child porn websites. It's simply impossible. To make things worse, in the US there's at least some possibility that filtering things by content leaves you open for lawsuits based on what you didn't filter - meaning that blocking child porn websites might leave you liable for the ones you missed. From a purely PR perspective, people might also argue well, he clearly knew child porn was being viewed through his server, and he kept his srever up! Burn him, he's a witch! I don't expect to ever block all such traffic. B. I've had to block Google because my roomates were getting the nasty this might be spyware page and weren't all too happy about that. I don't really have a problem with this one :) (Although if you can get a second IP from your ISP, this can be solved neatly - I have all Tor traffic going through its own special IP. Still, this is often impractical.) I can't even get a static IP without being nickeled and dimed to death. C. I've blocked The Pirate Bay, and when I have time, will block other such sites. (See idea 2). If operators want to let tor users go through to those sites that's fine, I don't even care all that much except that I think the limited tor bandwidth can go to better uses. The Pirate Bay itself uses extraordinarily little bandwidth, and to my knowledge nobody has ever been prosecuted for downloading .torrent files. The actual process of running the torrent doesn't necessarily even touch TPB (what with distributed hash tables and the like) and even the parts that do touch TPB use a minimal amount of bandwidth. Essentially, this doesn't do what you might think it does. Yeah, I don't care much about the .torrent files because they are so small. It just makes it a little bit harder for them to start running a torrent through my server in the first place. 2. On *nix systems, make it easy for snort to filter out tor traffic on a protocol level. I realize there are plenty of legal uses for BitTorrent, Gnutella, etc., but most of them do not require anonymity in a strong sense. That is, they can get the same content through http (most of the time) anyway, and downloading a Linux distribution (or whatever) won't be flagged by most governments/agencies/whatever. It's my bandwidth, I have the right to let *others'* use it as I see fit. First off, it's nearly impossible to make Tor capable of filtering on this sort of a level - the Tor client simply doesn't know what kind of traffic may be sent through it until the connection is already made, and thus it can't possibly avoid servers that disallow certain protocols. The only thing you could do here is sever connections as soon as you determine that it's the wrong type and this obviously has severe usability implications. Second, an increasing number of protocols are encrypted, thanks to the efforts of Verizon and co - I certainly turn on encryption on my bittorrent client whenever I use it, and I don't even use it to download illegal stuff. Obviously anything encrypted will pass straight through your clever protocol filter. Not looking for perfection, and not looking for *tor* to do any filtering (in either of the cases I described), programs such as snort and squid can be configured to do just that, but it's not easy. However, the last thing my parents need is the FBI knocking on their door wondering why they are visiting legal-preteen.com. I think they may be even more irritated when you assure them that legal-preteen.com is blocked, and then the FBI shows up wanting to know why they're visiting hot-hot-hot-15-and-under.com :) Indeed! -Ben I am not looking for perfection in any of this. Tor is not perfect, it isn't even made to be (every time I start up my server it reminds me not to rely on it for strong anonymity. I am looking at changing *probabilities*. If running an exit node is perceived as safer for more people, it might be easier to get non-techies/geeks to run (exit) nodes. I'd love to see the idea at least discussed (if somewhat informally) before simple dismissal. -madjon -- [EMAIL PROTECTED]
Re: GSoC Idea: Packaging Tor+Vidalia
On Fri, Mar 21, 2008 at 03:16:27PM -0300, [EMAIL PROTECTED] wrote 0.2K bytes in 11 lines about: : I would like to apply for the Better Deb Packaging for Tor+Vidalia GSoC : idea. Great. You should follow the steps at https://www.torproject.org/gsoc.html.en -- Andrew
Re: Tor 0.2.0.22-rc is out
On Sat, Mar 22, 2008 at 06:58:25AM +1100, [EMAIL PROTECTED] wrote 0.6K bytes in 23 lines about: : I downloaded the : vidalia-bundle-0.2.0.22-rc-0.1.1-tiger.dmg and : installed it. I now have Tor 0.2.0.22-rc and Vidalia : 0.1.1. I also have a folder for Torbutton 1.1.17 in my : Library, but Firefox still has Torbutton 1.0.4.01 Nothing. If torbutton exists already, we don't overwrite it. You probably want to open firefox, choose the File Menu, then Open File, browse to /Library/Torbutton/ and install the 1.1.17-alpha xpi. -- Andrew