Re: Illuminati (was: Re: Paid performance-tor option?)
> You watched "Zeitgeist" once too often? Oh dear ... No, but it's perhaps about time for _you_ to watch ... http://www.journalof911studies.com/ a bit say, so to have a chance to discover-once/learn-more-on Galileo, Newton, and Celsius [Fahrenheit respectively]. (About time ... anno 2008, at the least.) But be warned, journalof911studies.com collect writings by 1st order researchers and professionals only, or mainly: on mathematics, physics, chemistry, crystallography, engineering, etc.^1 These researchers, and professionals, are NOT hired muddlers, NOT damage-controllers, NOT deniers, NOR any other lackeys; in fact, they make honor to science in general, and to the branches in which they are expert in particular. (Though of course, as in many other sombre circumstances it has happened in history before already--guess--they have put at risk their own careers.) Hence, if it's rather occult, comsogonic and esoteric stuff that receives your preference, then journalof911studies.com would be the wrong place to "watch" into. Also, given that you have mentioned FUD [keep reading], maybe you are confused: journalof911studies.com is related to sites such popularmechanics.com as, say, Switzerland and New Zealand on the planet--they are at the antipodes. > I don't think that this mailing-list is the appropriate place to propagate > your FUD based conspiracy theories as if they were facts. So would you mind > to stop it? Nonetheless, you have followed the path deeply enough ... allow me to sketch it for you, how it basically looks on Mutt [with threads enabled], right here: Alexander Berna [0.8K ]| `-> Scott Bennett [1.7K ]`*> Roy Lanek [5.9K ] `-> Roy Lanek [1.2K ]|->Re: Paid performance-tor option? [2] Sven Anderson [0.9K ]`->Illuminati (was: Re: Paid performance Plus, you may be missing how the thing has started ... do you? (And about the "conspiracy theories," and on how to solve your defect on knowledge and information, you should have got enough suggestions already.) /Roy Lanek 1. From the 'Journal of 9/11 Studies Home': http://www.journalof911studies.com/ Thank you for visiting The Journal of 9/11 Studies, a peer-reviewed, open-access, electronic-only journal, covering the whole of research related to the events of 11 September, 2001. Many fields of study are represented in the journal, including Engineering, Physics, Chemistry, Mathematics and Psychology. All content is freely available online. Our mission in the past has been to provide an outlet for evidence-based research into the events of 9/11 that might not otherwise have been published, due to the resistance that many established journals and other institutions have displayed toward this topic. The intention was to provide a rapid acceptance process with full peer review. That has been achieved. It is now our belief that the case for falsity of the official explanation is so well established and demonstrated by papers in this Journal that there is little to be gained from accepting more papers here. Instead we encourage all potential contributors to prepare papers suitable for the more established journals in which scientists might more readily place their trust. One paper has already been published in a mainstream civil engineering journal: Fourteen Points... and more are being prepared for submission. Etc. -- S S . s l a c k w a r e SS air tenang menghanyutkan S + linux SSstill water runs deep S
Re: xB Mail: Anonymous Email Client
> It's appropriate to repeat it because you're spamming this list again > with your ideas about licensing. You continue your attempts to ride on > the coat tales of the Free Software and Open Source licenses that came > before you. Jacob, I'm not spamming the list with licensing ideas. I commented that the idea contributions would be used in a software licensed under TESLA, as that is a legitimate caveat for those here, as expressed before. Your further illustration is a testament to the legitimacy of that caveat. > *The TESLA software license is neither 'open source' or 'free'/'free > software' as people commonly understand those terms.* As people commonly understand those terms, I disagree. For the 99.% of the users out there, it is free and open source. They don't hit any restriction. Download it, modify it, sell it, redistribute it modified or unmodified. That .0001% that apparently some people feel outraged over, only represents the addition of backdoors/spyware, or commercial theft. > Stop misusing those terms and people will > stop calling you on it. It's a factual debate and the facts aren't on > your side. Shall I say it again? While we can all love Richard Stallman, your choice of definition is not universal. That the software is open source and free, is dependent on your purpose being non-malicious. I'll clarify, as per your reply: FOSS definitions != fact. They are colloquial, they are subjective terms. warning: "spam licensing idea" ahead, involves gpl... We could license it under GPL, but wrap that in a license / software that says you can't get to the GPL license if you have malicious intent (possible?). It just seems easier to use a single license. > To be clear, your xB* software doesn't belong on or-talk because it has > next to nothing to do with Tor. I'm not sure if you're aware of it, but there are both security and anonymity implications for passing mail over tor that should be discussed. And if you haven't understood it yet, we are indeed talking about passing mail over tor, because that is exactly what the software will do, presumably. That is what _I_ want to discuss. My only caveat is telling contributors how I plan to use the information they share. I don't want people to be angry that I used information or methods in a way that wasn't suitable to them. That seems like a pretty straight forward issue. For some reason, Seth thought my disclosure of use required comment, in the interests of malware producers who might be contributing in the hopes of introducing malware/spyware. Reductio ad absurdum, that is the logical conclusion to the objection, if it isn't purely for attempting to open discourse about subjective terms. Maybe I should think of Seth's post as less of an objection and more like a wikipedia stub, but then again that isn't how he phrased it so I'll take the comments as they come. > If you configure a mail client to use > Tor, no one else needs to know about it. I remember your same posts about incoginto, tor browser, torpedo, vidalia, torbutton, janusvm, rockate, etc. You're right. Discussion about software projects that implement tor don't belong in or-talk. Sure. How am I supposed to take your comments seriously, Jacob? That lack of evidence doesn't seem to bloster that claim as your motive. Maybe you're just a very easy-going guy and decided here is where you would make your stand for disallowing discussion on or-talk of software that integrates tor, and things that aren't purely about tor project itself. Or maybe you're right, and your post doesn't belong on or-talk, and perhaps neither does this one. In that case, may I suggest that if you have a response, you send it to me personally? I wouldn't want to force you or anyone else to violate your self-proclaimed definition of what belongs on or-talk, after all. At some point you have to step back, abandon the ivory tower, and realize that your definitions are not the only definitions, and if they were that still doesn't elevate them into fact. Your position requires that contention, and is thus untenable. That you've called attention to it in some attempt to extricate Seth is admirable. However, at the end of the day I'm here to discuss the implications of sending mail over tor so I can produce actual software that real people can use, and you're here for some reason other than that. Pardon me if I don't allow you to undermine my purpose. Arrakis
Couple more questions
Hey guys, a few more questions for the experts: 1) I noticed that the Tor-IM-Browser package uses GAIM, routed through SOCKS 5:9050. If I am using GAIM with TOR/Privoxy, should i set Gaim to use SOCKS 5:9050 or, or HTTP 127.0.0.1:8118 and routing it through privoxy? 2) I am using Firefox routed to 8080 proxomitron routed to 8118 privoxy. Any comments on this? I hope I am still preventing DNS leakage, as it seem like Proxomitron gives me more filtering of scripts, etc than prvixy. 3) Should I change from privoxy to polipo? I am a windows xp user. Thanks for all.
Re: Vidalia exit-country
Thanks for the info! On Thu, Aug 21, 2008 at 5:18 AM, Camilo Viecco <[EMAIL PROTECTED]> wrote: > Hello M > > Thanks for giving it a try. I have comments inline > > M wrote: > >> Hello friends I'm new on the list. I hope you bear with my questions and >> problems. >> >> I just installed Camilo's version of Vidalia, and it seems i have a couple >> of problems: >> >> 1) You can only exclude one country from the "invalidnodes" settings. >> > You can do multiple selections by pressing the 'Control (ctrl)' button when > selecting > the second (or next) country. > >> >> >> 2) You have to exclude it every time you start vidalia (it does not save >> the settings) >> >> Are these bugs in my installation, or is the program like this? >> > It is a bug in the program. Exit countries should be saved. Thanks for > finding it. I will fix it in a few days. > >> >> 3) Also, how much does this reduce anonymity? >> > > Placing any restrictions on the nodes most likely will reduce your > anonymity. In particular limiting > the exit country significanly reduces your anonymity as it is much cheaper > for an attacker to place > nodes in that country and thus your probability of selecting a 'bad' exit > is higher. > Reducining the number of other nodes could 'possibly' be bad for your > anonymity. Part > of Tor's attacker model assumes that there are many attackers that will not > cooperate with each other. > There might be more academic studies about these effects, but none come to > my mind at the moment. > Will let the list give you the pointers. > (I think 2007 PETS IX attack on Tor would be a place to start > (http://www.freehaven.net/anonbib/cache/murdoch-pet2007.pdf)) > > Thank you for noticing AND submitting about the bug > > Camilo >
Re: xB Mail: Anonymous Email Client
Arrakis wrote: >> (I don't think it's necessary to repeat that thread.) > > Then I'm unsure why you thought it appropriate to repeat it now. > It's appropriate to repeat it because you're spamming this list again with your ideas about licensing. You continue your attempts to ride on the coat tales of the Free Software and Open Source licenses that came before you. *The TESLA software license is neither 'open source' or 'free'/'free software' as people commonly understand those terms.* > If FOSS is your jesus, that's fine. If you don't mind spyware > makers and for-profit codejackers being the only ones getting > a boot in the face, that's fine too. The point being, it is > not your prerogative to choose my software religion, or that > of others. It's absolutely reasonable to point out that the TESLA license isn't what it purports to be. Get an OSI certification on the license and then call it 'open source' software. He's not telling you how to license your code. He's telling *other people* what your code license isn't. You're misusing terms they're familiar with and it's fair to let people know the history behind your misuse of the terms. The posts speak for themselves. > And if it was merely your noble intention to bring relevant > subject data to light, rather than embarrassing the EFF by > making a comment antithetical to their existence and attempting > to derail a thread, then we should seriously consider uploading > your consciousness to the google collective. You're crossing the line here. Seth isn't embarrassing the EFF. He's pointing out that you're misusing the terms you throw around without fully understanding them. As an EFF supporter, I certainly find his behavior to be reasonable. Stop misusing those terms and people will stop calling you on it. It's a factual debate and the facts aren't on your side. > Kind Regards, > Arrakis > > P.S. Privacy enhancing technologies are a young science. Who > knows, some people might appreciate such a license.. People might. When you find them, please start a mailing list so that people who care will sign up and then they can read all about it. This kind of discussion doesn't belong on or-talk anyway. To be clear, it's not because of your licensing that the emails aren't a fit. Your licensing is just a hilariously bad mistake. One that you keep repeating to the same crowd of people you ask for advice (that you never seem to take). Over and over and over again. I'm sick of it. I'm also not interested in you attacking Seth because you do not comprehend Free and Open Source licensing terms. To be clear, your xB* software doesn't belong on or-talk because it has next to nothing to do with Tor. If you configure a mail client to use Tor, no one else needs to know about it. Please stop spamming or-talk with details of your software projects. Please take the discussion somewhere else. Pretty pretty please, Jacob
Re: Vidalia exit-country
Hello M Thanks for giving it a try. I have comments inline M wrote: Hello friends I'm new on the list. I hope you bear with my questions and problems. I just installed Camilo's version of Vidalia, and it seems i have a couple of problems: 1) You can only exclude one country from the "invalidnodes" settings. You can do multiple selections by pressing the 'Control (ctrl)' button when selecting the second (or next) country. 2) You have to exclude it every time you start vidalia (it does not save the settings) Are these bugs in my installation, or is the program like this? It is a bug in the program. Exit countries should be saved. Thanks for finding it. I will fix it in a few days. 3) Also, how much does this reduce anonymity? Placing any restrictions on the nodes most likely will reduce your anonymity. In particular limiting the exit country significanly reduces your anonymity as it is much cheaper for an attacker to place nodes in that country and thus your probability of selecting a 'bad' exit is higher. Reducining the number of other nodes could 'possibly' be bad for your anonymity. Part of Tor's attacker model assumes that there are many attackers that will not cooperate with each other. There might be more academic studies about these effects, but none come to my mind at the moment. Will let the list give you the pointers. (I think 2007 PETS IX attack on Tor would be a place to start (http://www.freehaven.net/anonbib/cache/murdoch-pet2007.pdf)) Thank you for noticing AND submitting about the bug Camilo
Re: Vidalia exit-country
7v5w7go9ub0o wrote: What a great idea! Thank you for working on this!! And thanks to Google for supporting this project. Sadly, I get a clean linux compilation, but no extra tab. Is there an additional dependency? e.g. geoip? TIA gcc-3.4.6, glibc-2.6.1 There are no other dependencies expect a recent version of tor. Maybe is a terminology issue. Check if on the 'settings' page you find a button named 'Node Policy'. If you find it click on it and enable 'Enable Vidalia Relay Policy Management', then enable 'Strict Exit Relay Management' You should be set. Let me know of you have more problems Camilo
Re: xB Mail: Anonymous Email Client
> (I don't think it's necessary to repeat that thread.) Then I'm unsure why you thought it appropriate to repeat it now. If FOSS is your jesus, that's fine. If you don't mind spyware makers and for-profit codejackers being the only ones getting a boot in the face, that's fine too. The point being, it is not your prerogative to choose my software religion, or that of others. And if it was merely your noble intention to bring relevant subject data to light, rather than embarrassing the EFF by making a comment antithetical to their existence and attempting to derail a thread, then we should seriously consider uploading your consciousness to the google collective. Kind Regards, Arrakis P.S. Privacy enhancing technologies are a young science. Who knows, some people might appreciate such a license... http://www.securityfocus.com/news/6779 http://blogs.stopbadware.org/articles/2007/09/07/fake-tor-application-delivers-badware-punch http://www.google.com/search?hl=en&q=site%3Axerodata.com&btnG=Google+Search
Re: AVG + TOR = BARF
On Wed, Aug 20, 2008 at 03:16:32PM -0700, [EMAIL PROTECTED] wrote 0.5K bytes in 14 lines about: : I dont know if anyone is getting this but I tried to install and use Tor but AVG would not permit it. Any suggestions? Disable AVG? Did AVG give any indication as to why it won't let you install it? -- Andrew
AVG + TOR = BARF
I dont know if anyone is getting this but I tried to install and use Tor but AVG would not permit it. Any suggestions?
Re: xB Mail: Anonymous Email Client
Arrakis writes: > Suggestions will be used to craft an opensource software > released under TESLA license which prevents malware / > spyware additions, and unauthorized modification for > the purpose of commercial profit. In case some people weren't around a year and a half ago, I invite them to look at the thread archived at http://archives.seul.org/or/talk/Mar-2007/msg00289.html in which objections to calling such software "open source" are discussed. (I don't think it's necessary to repeat that thread.) -- Seth Schoen Staff Technologist[EMAIL PROTECTED] Electronic Frontier Foundationhttp://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
Re: DNS lookup types
On Wed, Aug 20, 2008 at 05:16:39PM -0400, Erilenz wrote: > Hi, > > When using DNSPort or tor-resolve, you can look up A records and PTR > records, but not NS or MX records. Can this functionality be added? It can be. Somebody would need to write a proposal (see the process in http://www.torproject.org/svn/trunk/doc/spec/proposals/001-process.txt ) for it and implement it. This would be a good project for somebody who wanted to get familiar with the Tor internals. yrs, -- Nick
DNS lookup types
Hi, When using DNSPort or tor-resolve, you can look up A records and PTR records, but not NS or MX records. Can this functionality be added? -- Erilenz
xB Mail: Anonymous Email Client
I am writing an anonymous email client. The main delay has been getting it compatible with the xerobank installer so that it automatically downloads mail credentials and creates the secmod/key3/cert8 PKCS11 databases and performs automatic encryption of the user credentials, locking it with the users' PIN code as the master password. The design idea is to use an anonymous email server / service, or to take any freemail provider and turn it into an anonymous account (assuming a clean acct). So I decided while I picked up a cold at defcon that I would sit down and finally finish it. It works. It is built using Mozilla Thunderbird. It will contain the Enigmail extension, and a self-contained GPG distribution. It will probably also contain NoScript because it has an html renderer inside it. The program already has a built-in auto-updater from xerobank that will download and install it's own PGP signed updates. The enigmail will be configured to use 5+ keyservers such as mit, sks, pgp, etc. The threat model includes content and context obscurity. Where this meets Tor and anonymity is the question. It is my intention to filter by protocol, blocking all communication that is not using either SSL or TLS. Are there any other considerations we should have, other than blocking updates? Should we force OCSP and cert revokation checking? Is there any reason we shouldn't include the CACert root certificate? Should we scrap Tor and make it use mixmaster? Should we force users to create/import PGP Keypairs? The more I understand email threats/issues over Tor the better. I am aware that there are only occasionally any exit servers allowing port 25, but if we are forcing SSL/TLS, then it won't matter what port they pick. So any preferences for extensions and behavior are welcome. Suggestions will be used to craft an opensource software released under TESLA license which prevents malware / spyware additions, and unauthorized modification for the purpose of commercial profit. This program will be completed today, and ready for testing tomorrow, so the sooner I get comments the better. Arrakis
Re: Paid performance-tor option?
mplsfox02, This study was performed by Privacy International, as far as I am aware. I think it best to forget how they decided to color code the map, and just look at the numbers inside the columns. It would also be of interest in how they went about acquiring their data, and what the standards were. For the specifics, we are interested in those columns I pointed out, as those are directly related to internet privacy. The rest are areas that are outside the scope of our threat model. Arrakis [EMAIL PROTECTED] wrote: > > Arrakis: > >> [EMAIL PROTECTED] wrote: >>> >>> macintoshzoom: >>> Sorry, just re-reading my post, I am partially wrong, JONDONYM (formerly JAP) is still running its main nodes from "compromised" countries. >>> >>> There are no "compromised" or "safe" countries as there is no hostile or >>> friendly network. Any concepts based on such assumptions are doomed. > >> You may care to take a look at this, specifically the >> 5th, 7th, 8th, and 9th columns. Not all countries are >> equal, especially when those countries to data >> interception and data retention themselves. >> >> http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597 >> > > Thanks for the link. That does not contradict to what I said. Who did > this study? I cannot rely my security concept on some human estimates. > It's interesting, though. There are differences, but no country is "dark > green" or even "cyan". This study is more a journalistic than a > scientific one, since the information it is based on is not always > comparable and does not represent all the characteristics that are > important for privacy. Maybe Greece is just better in hiding the breaches? > >
Re: Bandwidth distribution (was: Re: AllowInvalidNodes entry, exit, ... ?)
On Wed, 20 Aug 2008 18:19:40 +0200 Sven Anderson <[EMAIL PROTECTED]> wrote: >Am 18.08.2008 um 16:43 schrieb macintoshzoom: > >> Using "valid nodes" I have noticed too many times mu browsing is =20 >> going to the same exit nodes yes fast, but always the same tor =20= > >> exit nodes "club". > >this is not really a surprise if you look at the distribution of the =20 >bandwidth. I did some graphs for the bandwidth distribution of =20 >yesterday. > >As you can see in [1] the distribution of bandwidth over the exit =20 >nodes follows a power-law (aka Pareto, Zipf, heavy/long tail, ...), =20 >like so many other distributions. In the double-logarithmic plot this =20= > >is expressed in a linear relation. In this case the linearity starts =20 >between 20 and 30 kB/s. (The bandwidth of the exit nodes is =20 >exponentially binned which results in the equidistant data points.) > >These power-law distributions have the well-known characteristic of =20 >many small values and very few big values, also referred to as 90/10 =20 >or 80/20 rule. In plot [2] you can see the cumulative distribution =20 >function (CDF) over the ranked exit nodes. As you can see, the 30 =20 >biggest exit nodes are holding 50% of the total tor exit bandwidth, =20 >and the 100 biggest hold 70%. While this is still quite moderate it =20 >shows how often you will see the top 30, even if the exit node =20 >selection would only be based on bandwidth. But the "Fast" and =20 >"Stable" flags of course increase this effect. > >So there's no conspiracy, it's a natural law. > >[1] http://sven.anderson.de/misc/en_bw_dist.pdf >[2] http://sven.anderson.de/misc/en_bw_cdf.pdf > Very nicely done. I was just curious, though, what other flags you used, if any. Running? Not BadExit? Thanks much for the graphs! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Update to default exit policy
Am 20.08.2008 um 19:58 schrieb Dawney Smith: The only reason that your 10.100.145.215 IP appears in the headers there is because your email client sends it. Your email client doesn't need to send it, and as someone else mentioned, it's "scrubbed" if you're using TorButton with Thunderbird for example. Yes, it doesn't make sense to use tor with a normal mail-client. But if you are behind a NAT router, it's not as bad as it looks first. It's at least as safe as using a webmail interface if you configure your email client correctly. Didn't I write "normal mail-client"? Of course you can use Thunderbird with (an old?) TorButton. But it's important to point that out. Sven -- http://sven.anderson.de"Believe those who are seeking the truth. tel:+49-551-9969285 Doubt those who find it." mobile: +49-179-4939223 (André Gide)
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 19:04, [EMAIL PROTECTED] wrote: > Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and > connect to the smtp server trough tor. Will my "real" ip adress occur in > the mail headers, or the ip of the exit node? > > I'm guessing the ip of the exit node, right? Because if not, it would be > senseless to use tor? Would be great if someone could clarify this! Contrary to Sven's reply I claim Thunderbird with Torbutton enabled will _not_ leak your real IP address in the EHLO/HELO messages. Here's an experiment proving it: 1. First, let's look at what my mail headers look like when I send mail without Tor at all, i.e. a direct connection: Received: from 192.168.1.2 (nl103-154-119.student.uu.se [130.243.154.119]) The "192.168.1.2" address is what was reported in the EHLO/HELO message to the SMTP server, which is my computers NAT:ed IP address. The long address within the parenthesis is from which computer the connection to the SMTP server was made, and in this case it's my firewall/router. 2. The following is what we get when use Thunderbird with Tor, but without Torbutton: Received: from 192.168.1.2 (tor-anonymizer1.dotplex.de [87.118.101.102]) So, the connection was made from a Tor exit node (as expected) but the SMTP server got my real IP address in the HELO/EHLO message. Since I'm behind a NAT:ed firewall the IP address reported isn't very revealing, but people whose computers are directly connected to the Internet (i.e. no firewall/router in the way) would get their _real_ IP address there. 3. Finally, this is what gets into the the mail header for me when enabling Torbutton: Received: from 0.0.0.0 (tor-anonymizer1.dotplex.de [87.118.101.102]) As you can see nothing is revealed here and all is good. Torbutton wins! To see all this for yourselves, compare the mail header of this mail (which is sent with Torbutton enabled, like experiment 3) and any of my other emails in this thread (which are sent without Tor or any other form of anonymization, like experiment 1). Just to be sure I've confirmed all this with a packet sniffer -- with Torbutton enabled the EHLO/HELO messages are scrubbed and thus harmless. To confirm this I guess you'd have to fire up your favourite packet sniffer and try it out yourselves. So, yeah, with Torbutton you are definitely safer than without it. The SMTP server does _not_ get your IP address in the EHLO/HELO message. But there could be all sorts of other leakages that I don't know of, though, so I wouldn't put my life on it. That's why I think more research is needed. But let's stop hijacking this thread now. If there's more interest in discussing this I suggest starting a new thread for that. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkisXJMACgkQp8EswdDmSVic+ACg1r/BRUphZlT/vfObMh8wfpwo XlkAnj3PY2HGSYRd3qvhScDhif19OOJ7 =jlZ3 -END PGP SIGNATURE-
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sven Anderson wrote: >> Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, >> and connect to the smtp server trough tor. Will my "real" ip adress >> occur in the mail headers, or the ip of the exit node? >> >> I'm guessing the ip of the exit node, right? Because if not, it would >> be senseless to use tor? Would be great if someone could clarify this! > > Both. Look at my headers (Apple Mail): > > Received: from [134.76.55.100] (helo=[10.100.145.215]) > by serv-80-156.SerNet.DE with esmtpsa (TLSv1:RC4-SHA:128) > (Exim 4.51) > id 1KVqPO-0002gu-4k > for or-talk@freehaven.net; Wed, 20 Aug 2008 18:19:42 +0200 > > When using tor, 134.76.55.100 will be the tor exit node ip, and > 10.100.145.215 will still be your local client ip. The only reason that your 10.100.145.215 IP appears in the headers there is because your email client sends it. Your email client doesn't need to send it, and as someone else mentioned, it's "scrubbed" if you're using TorButton with Thunderbird for example. > Yes, it doesn't make sense to use tor with a normal mail-client. But if > you are behind a NAT router, it's not as bad as it looks first. It's at least as safe as using a webmail interface if you configure your email client correctly. - -- Dawn -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIrFtacoR2aV1igfIRAo8pAKCKxeN/KHtu43xN8FXSThwYDJmzvACguLJD t7heELhjiEcN1z4e7LQ9ZRM= =Ldgd -END PGP SIGNATURE-
Illuminati (was: Re: Paid performance-tor option?)
Am 20.08.2008 um 05:49 schrieb Roy Lanek: 9/11 has been planned much earlier than 2001. Dear Mr Fletcher (sic!), I don't think that this mailing-list is the appropriate place to propagate your FUD based conspiracy theories as if they were facts. So would you mind to stop it? Beside that, as other posters stated already, your style of writing with all these brackets and sidetracks is very stressful to read, especially for a non-native-speaker like me. I get headaches every time I try. But this is probably due to the implant in my head, that some secret agency equipped me with in an unwary moment, and now wants to hinder me to find out THE TRUTH. You watched "Zeitgeist" once too often? Sven -- http://sven.anderson.de"Believe those who are seeking the truth. tel:+23-232-3232323 Doubt those who find it." mobile: +32-323-2323232 (André Gide)
Re: Vidalia exit-country
Hello friends I'm new on the list. I hope you bear with my questions and problems. I just installed Camilo's version of Vidalia, and it seems i have a couple of problems: 1) You can only exclude one country from the "invalidnodes" settings. 2) You have to exclude it every time you start vidalia (it does not save the settings) Are these bugs in my installation, or is the program like this? 3) Also, how much does this reduce anonymity?
Re: Update to default exit policy
Am 20.08.2008 um 19:04 schrieb [EMAIL PROTECTED]: Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and connect to the smtp server trough tor. Will my "real" ip adress occur in the mail headers, or the ip of the exit node? I'm guessing the ip of the exit node, right? Because if not, it would be senseless to use tor? Would be great if someone could clarify this! Both. Look at my headers (Apple Mail): Received: from [134.76.55.100] (helo=[10.100.145.215]) by serv-80-156.SerNet.DE with esmtpsa (TLSv1:RC4-SHA:128) (Exim 4.51) id 1KVqPO-0002gu-4k for or-talk@freehaven.net; Wed, 20 Aug 2008 18:19:42 +0200 When using tor, 134.76.55.100 will be the tor exit node ip, and 10.100.145.215 will still be your local client ip. Yes, it doesn't make sense to use tor with a normal mail-client. But if you are behind a NAT router, it's not as bad as it looks first. Sven -- http://sven.anderson.de"Believe those who are seeking the truth. tel:+49-551-9969285 Doubt those who find it." mobile: +49-179-4939223 (André Gide)
Re: Update to default exit policy
Quoting 7v5w7go9ub0o <[EMAIL PROTECTED]>: anonym wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 15:42, 7v5w7go9ub0o wrote: anonym wrote: Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Nope. The encrypted connection occurs before the smtp handshake. IP/host info is not compromised, this is not an issue. Care to elaborate on this? The way I understand it, the encrypted connection will only prevent eavesdroppers from snooping the IP address/host, but the destination email server will get it in the EHLO/HELO message. IMHO, that equals a compromise of grand scale. AH! we were talking about two different things. :-( I was referring to third-parties being unable to sniff your email contents or your host address within an SSL/SMTP transaction via TOR. You're talking about withholding information from the mail server itself (e.g. you're on the road with a laptop, and don't want to leave records of where you were as you sent your messages). And indeed, you raise an interesting point! Sorry, I didn't get it: in case I'm using Thunderbird and Torbutton, and connect to the smtp server trough tor. Will my "real" ip adress occur in the mail headers, or the ip of the exit node? I'm guessing the ip of the exit node, right? Because if not, it would be senseless to use tor? Would be great if someone could clarify this! Merci! :)
Re: Update to default exit policy
anonym wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 20/08/08 15:42, 7v5w7go9ub0o wrote: >> anonym wrote: >>> Email clients leak tons of information, the most critical I know of >>> being your IP address and/or host in the EHLO/HELO in the beginning >>> of the SMTP(S) transaction. >> Nope. >> >> The encrypted connection occurs before the smtp handshake. >> >> IP/host info is not compromised, this is not an issue. > > Care to elaborate on this? > > The way I understand it, the encrypted connection will only prevent > eavesdroppers from snooping the IP address/host, but the destination > email server will get it in the EHLO/HELO message. IMHO, that equals a > compromise of grand scale. AH! we were talking about two different things. :-( I was referring to third-parties being unable to sniff your email contents or your host address within an SSL/SMTP transaction via TOR. You're talking about withholding information from the mail server itself (e.g. you're on the road with a laptop, and don't want to leave records of where you were as you sent your messages). And indeed, you raise an interesting point! FWICT, different clients put different information into that HELO. Even a common client such as TBird puts different info. in Mac OS's (unique registration information) than it does in Windows (IPA octet). - Having the option to configure what goes into this field may be a basis for selecting one's email client. - Guess it's time to sniff some SMTP connections, and if I become irritated enough, tweak the source code and recompile my client; hexedit my client; change clients; or install a proxy or server. (sigh)
Re: Update to default exit policy
anonym wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 20/08/08 15:42, 7v5w7go9ub0o wrote: >> anonym wrote: >>> Email clients leak tons of information, the most critical I know of >>> being your IP address and/or host in the EHLO/HELO in the beginning >>> of the SMTP(S) transaction. >> Nope. >> >> The encrypted connection occurs before the smtp handshake. >> >> IP/host info is not compromised, this is not an issue. > > Care to elaborate on this? > > The way I understand it, the encrypted connection will only prevent > eavesdroppers from snooping the IP address/host, but the destination > email server will get it in the EHLO/HELO message. IMHO, that equals a > compromise of grand scale. AH! we were talking about two different things. :-( I was referring to third-parties being unable to sniff your email contents or your host address within an SSL/SMTP transaction via TOR. You're talking about withholding information from the mail server itself (e.g. you're on the road with a laptop, and don't want to leave records of where you were as you sent your messages). And indeed, you raise an interesting point! FWICT, different clients put different information into that HELO. Even a common client such as TBird puts different info. in Mac OS's (unique registration information) than it does in Windows (IPA octet). - Having the option to configure what goes into this field may be a basis for selecting one's email client. - Guess it's time to sniff some SMTP connections, and if I become irritated enough, tweak the source code and recompile my client; hexedit my client; change clients; or install a proxy or server. (sigh)
Bandwidth distribution (was: Re: AllowInvalidNodes entry, exit, ... ?)
Hi Mac, Am 18.08.2008 um 16:43 schrieb macintoshzoom: Using "valid nodes" I have noticed too many times mu browsing is going to the same exit nodes yes fast, but always the same tor exit nodes "club". this is not really a surprise if you look at the distribution of the bandwidth. I did some graphs for the bandwidth distribution of yesterday. As you can see in [1] the distribution of bandwidth over the exit nodes follows a power-law (aka Pareto, Zipf, heavy/long tail, ...), like so many other distributions. In the double-logarithmic plot this is expressed in a linear relation. In this case the linearity starts between 20 and 30 kB/s. (The bandwidth of the exit nodes is exponentially binned which results in the equidistant data points.) These power-law distributions have the well-known characteristic of many small values and very few big values, also referred to as 90/10 or 80/20 rule. In plot [2] you can see the cumulative distribution function (CDF) over the ranked exit nodes. As you can see, the 30 biggest exit nodes are holding 50% of the total tor exit bandwidth, and the 100 biggest hold 70%. While this is still quite moderate it shows how often you will see the top 30, even if the exit node selection would only be based on bandwidth. But the "Fast" and "Stable" flags of course increase this effect. So there's no conspiracy, it's a natural law. [1] http://sven.anderson.de/misc/en_bw_dist.pdf [2] http://sven.anderson.de/misc/en_bw_cdf.pdf Sven -- http://sven.anderson.de"Believe those who are seeking the truth. tel:+49-551-9969285 Doubt those who find it." mobile: +49-179-4939223 (André Gide)
Re: Mapping the physical locations of Tor nodes
> Any thoughts as to why these two maps are different? socialistsushi has far > more nodes in asia, in particular china than the freehaven map. The sort by > city choice on socialistsuchi also lists beijing as the city with the most > routers. ** China is #1 in the world for Internet users [has surpassed the U.S.] ... which is a somewhat *banal* observation. ** Less commonplace is observing that the CIA is pushing strong with/sponsoring the Falun Gong sect, AKA the "dissident Chinese" ... I am guessing from recent posts, here on the list. (As a title of comparison, let's recall that, e.g., the members of the Scientology movement, which are [and rightly so] regarded as a "danger to democracy" in Germany, should be called "dissident Germans" accordingly.) /Roy Lanek -- S sudah jatuh, tertimpa tangga pula--a S . s l a c k w a r e SS person slips, and a ladder falls on him S + linux SS [all the bad things seems to happen at S the same time]
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 15:42, 7v5w7go9ub0o wrote: > anonym wrote: >> Email clients leak tons of information, the most critical I know of >> being your IP address and/or host in the EHLO/HELO in the beginning >> of the SMTP(S) transaction. > > Nope. > > The encrypted connection occurs before the smtp handshake. > > IP/host info is not compromised, this is not an issue. Care to elaborate on this? The way I understand it, the encrypted connection will only prevent eavesdroppers from snooping the IP address/host, but the destination email server will get it in the EHLO/HELO message. IMHO, that equals a compromise of grand scale. I'm certainly no expert in these areas, so please enlighten me if I'm incorrect. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkisMa0ACgkQp8EswdDmSVjFdgCeJh44mkWoKHWWpPpLKjMmEuqi UMoAn0KrYtHEbglbWdjqn09c64ACsskX =EmYH -END PGP SIGNATURE-
Re: Paid performance-tor option?
Arrakis: [EMAIL PROTECTED] wrote: macintoshzoom: Sorry, just re-reading my post, I am partially wrong, JONDONYM (formerly JAP) is still running its main nodes from "compromised" countries. There are no "compromised" or "safe" countries as there is no hostile or friendly network. Any concepts based on such assumptions are doomed. You may care to take a look at this, specifically the 5th, 7th, 8th, and 9th columns. Not all countries are equal, especially when those countries to data interception and data retention themselves. http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597 Thanks for the link. That does not contradict to what I said. Who did this study? I cannot rely my security concept on some human estimates. It's interesting, though. There are differences, but no country is "dark green" or even "cyan". This study is more a journalistic than a scientific one, since the information it is based on is not always comparable and does not represent all the characteristics that are important for privacy. Maybe Greece is just better in hiding the breaches?
Re: Update to default exit policy
anonym wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/08/08 17:46, Dawney Smith wrote: I have a *lot* of experience with email administration on a very large scale, I know what I'm talking about. I'm sure you do. I'd love to have email work flawlessly and securly with Tor, so opening ports 465 and 587 would be great (currently I do have problems since there's few exit nodes which do that). But as I understand it, email clients + Tor might be a very bad idea ATM. Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Nope. The encrypted connection occurs before the smtp handshake. IP/host info is not compromised, this is not an issue. Really, this isn't an argument countering your in any way, but rather a plea that the issues of using email clients with Tor are researched and resolved before that combination gets promoted (IMHO opening ports 465 and 587 is a step towards promoting it). It's very likely your average user will screw up given the current state of things. TOR guidelines are clear. Don't use active content; Do use encrypted protocols. (Now it will be the case that some users do NOT use email encryption - they are lost anyway!)
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 20/08/08 14:02, Dawney Smith wrote: > anonym wrote: >> I'm sure you do. I'd love to have email work flawlessly and securly with >> Tor, so opening ports 465 and 587 would be great (currently I do have >> problems since there's few exit nodes which do that). But as I >> understand it, email clients + Tor might be a very bad idea ATM. Email >> clients leak tons of information, the most critical I know of being your >> IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) >> transaction. > > Lots of protocols that can be used over Tor are potentially leaky. There > are tonnes of exit nodes that allow IRC traffic for example, which can > easily leak your username/hostname if you don't configure it correctly. > I'm not sure what makes SMTP submission special when it comes to the > exit policy. Well, technically nothing makes SMTP special in this sense, and this is really more of a general problem due to the design of Tor. But I think it's special in another sense. For clarity, let's first consider HTTP for a moment. Apparently a lot has been made in the Tor community in order to making use of HTTP safer, with Firefox and the new Torbutton being heavily promoted. That's great, because without this complete solution users would (more or less) only get a false sense of security when they install Tor and configure IE to use it. Now, why has there been such an initive? My guess is that it's because how common web browsing is, and I've got the impression that emailing is pretty common too. That's why I think a similar initiative for the protocols involed for emailing is necessary. Of course, this only affects users of actual email clients, and I have no usage statistics for how common that is compared to using webmail nowadays. Maybe we are: 1) too few and 2) too advanced (in the sense that we can identify problems and come up with solutions ourselves) for such an effort to make sense? I don't know. Grepping the mail headers of this list suggests that it's fairly common (at least 50%), but those of us active on this are most likely not representative for neither the general Internet population nor the general Tor user base. >> Really, this isn't an argument countering your in any way, but rather a >> plea that the issues of using email clients with Tor are researched and >> resolved before that combination gets promoted (IMHO opening ports 465 >> and 587 is a step towards promoting it). It's very likely your average >> user will screw up given the current state of things. > > As you said, the main issue is your hostname being leaked along with the > EHLO, or your client loading remote images without using Tor. > Personally, I use Thunderbird inside a virtual machine which can only > access the Internet via Tor and has no personally identifiable > information, including a random hostname and username etc. Hiding behind NAT also works. And FYI the old Thunderbird compatible Torbutton 1.0.4 will scrub the IP address/host from the EHLO/HELO messages. Any way, this is getting pretty off topic. I for one hope that the default exit policy will be updated as you suggest as I'm tired of having to rebuild circuits etc. all the time when SMTP times out due to the scarcity of usable exit nodes. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkisF/MACgkQp8EswdDmSVh0zQCeNcT0Y2pKdHw3DBFoNlRtYwuw NT0AoIqKo3Mgva/rM/BKO5CGD+n6YxnX =SJ3q -END PGP SIGNATURE-
Re: Update to default exit policy
On Wed, 20 Aug 2008 11:34:41 +0100 Dawney Smith <[EMAIL PROTECTED]> wrote: >7v5w7go9ub0o wrote: > >>> There is a clear misunderstanding of the issue at hand by many people >>> here. The exit policy was put in place to prevent connections between >>> Tor users and the last hop (the end MX server), *not* to prevent >>> connections between Tor users and SMTP relays, which is what everybody >>> keeps repeating. >>> >>> There is no problem with a Tor user connecting to an SMTP relay and >>> sending email. If they can do it using Tor, they can do it without using >>> Tor, faster. In those cases, it is the administrator of the SMTP relay >>> that is responsible to stop spam. >>> >>> Just to repeat the problem. It is Tor users connecting to the >>> destination MX server that is the problem. Mail relay, not mail >>> submission. >>> >>> Ports 465 and 587 are mail submission ports. Port 25 is for both >>> submission *and* relay. Port 587 is a mail submission port. I'm not so sure about 465, though. A comment that I had left for myself in my torrc prompted me to check it out again to refresh my memory. The lines pertaining to it in my /etc/services say, #smtps 465/tcp#smtp protocol over TLS/SSL (was ssmtp) #smtps 465/udp#smtp protocol over TLS/SSL (was ssmtp) urd 465/tcp# URL Rendezvous Directory for SSM So I went back and dug it out (http://www.iana.org/assignments/port-numbers) again: urd 465/tcpURL Rendesvous Directory for SSM igmpv3lite 465/udpIGMP over UDP for SSM >>> >>> I have a *lot* of experience with email administration on a very large >>> scale, I know what I'm talking about. Must be interesting. I don't think I ever had to handle more than somewhere between 20,000 and 30,000 users, so it was fairly simple most of the time. And, I mustn't omit, there was a very dedicated secretary down the hall who dealt with things like forgotten passwords in between all her regular duties. :-) >> >> Thanks for pursuing this! > >No problem. Hopefully the relevant people are taking note. Who exactly >is responsible for setting the default exit policy, and what is their >opinion on this matter? > >> 1. Your arguments make good technical sense. >> >> 2. In fact, many endpoints have already enabled those ports without >> experiencing problems. > >Only a couple of dozen though unfortunately. If you ignore German and US >exit nodes, I can only see 4 at the moment that will let me exit on port >465. Well, my server has had 465 open for a long time, but it is one of the ones in the U.S. that you excluded above. I don't know offhand whether an exit to 65 has ever been used on my server, but I've gotten no complaints about it to date, so I don't currently see it as a problem. I do keep 25 closed and basically for the same reason that I keep 6668-6999 closed. > >> 3. Many of us routinely handle our ssl email accounts via TOR, and your >> proposal (open them by default) would help spread the load, as well as >> reasonably expanding the default functionality of TOR. >> >> Thanks Again! >> >> (p.s. this post is being sent via ssl GMAIL, which will include the >> "posting host" when using smtps. My posting host will be a TOR exit node >> :-) ) > >Ditto. > Fortunately for me, I don't need to do that at present, but given the way of the world, I figure I probably will sooner or later. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * **
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 anonym wrote: >> I have a *lot* of experience with email administration on a very large >> scale, I know what I'm talking about. > > I'm sure you do. I'd love to have email work flawlessly and securly with > Tor, so opening ports 465 and 587 would be great (currently I do have > problems since there's few exit nodes which do that). But as I > understand it, email clients + Tor might be a very bad idea ATM. Email > clients leak tons of information, the most critical I know of being your > IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) > transaction. Lots of protocols that can be used over Tor are potentially leaky. There are tonnes of exit nodes that allow IRC traffic for example, which can easily leak your username/hostname if you don't configure it correctly. I'm not sure what makes SMTP submission special when it comes to the exit policy. > Really, this isn't an argument countering your in any way, but rather a > plea that the issues of using email clients with Tor are researched and > resolved before that combination gets promoted (IMHO opening ports 465 > and 587 is a step towards promoting it). It's very likely your average > user will screw up given the current state of things. As you said, the main issue is your hostname being leaked along with the EHLO, or your client loading remote images without using Tor. Personally, I use Thunderbird inside a virtual machine which can only access the Internet via Tor and has no personally identifiable information, including a random hostname and username etc. - -- Dawn -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIrAfrcoR2aV1igfIRAsyuAJ9JTHIuRJQ12qS3j2G1P5QTjHxqJACgkAQT E8DK8FuClOfL7Wuvd9A2zSQ= =oHrD -END PGP SIGNATURE-
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 19/08/08 17:46, Dawney Smith wrote: > I have a *lot* of experience with email administration on a very large > scale, I know what I'm talking about. I'm sure you do. I'd love to have email work flawlessly and securly with Tor, so opening ports 465 and 587 would be great (currently I do have problems since there's few exit nodes which do that). But as I understand it, email clients + Tor might be a very bad idea ATM. Email clients leak tons of information, the most critical I know of being your IP address and/or host in the EHLO/HELO in the beginning of the SMTP(S) transaction. Really, this isn't an argument countering your in any way, but rather a plea that the issues of using email clients with Tor are researched and resolved before that combination gets promoted (IMHO opening ports 465 and 587 is a step towards promoting it). It's very likely your average user will screw up given the current state of things. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkir/F8ACgkQp8EswdDmSVhXFACeOa208cVQzxS5uzWLyK4zOMTG JosAn1j8g02lmNX9EunThkG4yEzzmBCP =8ku6 -END PGP SIGNATURE-
Re: Update to default exit policy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 7v5w7go9ub0o wrote: >> There is a clear misunderstanding of the issue at hand by many people >> here. The exit policy was put in place to prevent connections between >> Tor users and the last hop (the end MX server), *not* to prevent >> connections between Tor users and SMTP relays, which is what everybody >> keeps repeating. >> >> There is no problem with a Tor user connecting to an SMTP relay and >> sending email. If they can do it using Tor, they can do it without using >> Tor, faster. In those cases, it is the administrator of the SMTP relay >> that is responsible to stop spam. >> >> Just to repeat the problem. It is Tor users connecting to the >> destination MX server that is the problem. Mail relay, not mail >> submission. >> >> Ports 465 and 587 are mail submission ports. Port 25 is for both >> submission *and* relay. >> >> I have a *lot* of experience with email administration on a very large >> scale, I know what I'm talking about. > > Thanks for pursuing this! No problem. Hopefully the relevant people are taking note. Who exactly is responsible for setting the default exit policy, and what is their opinion on this matter? > 1. Your arguments make good technical sense. > > 2. In fact, many endpoints have already enabled those ports without > experiencing problems. Only a couple of dozen though unfortunately. If you ignore German and US exit nodes, I can only see 4 at the moment that will let me exit on port 465. > 3. Many of us routinely handle our ssl email accounts via TOR, and your > proposal (open them by default) would help spread the load, as well as > reasonably expanding the default functionality of TOR. > > Thanks Again! > > (p.s. this post is being sent via ssl GMAIL, which will include the > "posting host" when using smtps. My posting host will be a TOR exit node > :-) ) Ditto. - -- Dawn -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIq/NBcoR2aV1igfIRAkMeAJ9MpfCI7k48cQlU+pkVSAHibPR0nwCgo41e dwyYXKAwBuNw431g7qTolBI= =3b/V -END PGP SIGNATURE-