Re: Hetzner
On Thu, Jun 18, 2009 at 05:52:08AM +0200, Timo Schoeler wrote: > > So am I, running a middle node. However, for months now I'm thinking of > reverting it to an exit node as the situation that everyone runs a > middle node, but no one dares to run an exit node just lets TOR die. This is great, but please be careful. Depending on the Bundesland customs vary, and it's pretty clear that online anonymity in Germany is firmly in the crosshairs. > Eugen's mail: > > | I've used to run a Tor exit with Hetzner a couple years ago, which > | resulted in several tet-a-tetes with the local (Bavaria) police. > > sounded very interesting. What was the reason for their visits? Two cases of complaints (petty online fraud), with the local cop acting as a proxy for the public persecutor, taking up the protocol. I denied the charges of course, and explained how Tor works, brought printouts, including a list of nodes and my node being listed. One case was a fax from BKA accusing me in trafficking in pedophilia. I decided that I don't really want to have my family deal with a search warrant in the wee hours, and switched to middleman. No complaints so far. > The problem remains: No exit nodes, no reliable/fast/stable/anonymous > TOR. This has to be fixed, and the urgency to fix this gets stronger > every day (see geopolitical stuff, yallayalla). -- Eugen* Leitl http://leitl.org";>leitl http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
Re: Hetzner
thus Eugen Leitl spake: On Thu, Jun 18, 2009 at 05:52:08AM +0200, Timo Schoeler wrote: So am I, running a middle node. However, for months now I'm thinking of reverting it to an exit node as the situation that everyone runs a middle node, but no one dares to run an exit node just lets TOR die. This is great, but please be careful. Depending on the Bundesland customs vary, and it's pretty clear that online anonymity in Germany is firmly in the crosshairs. Hence the discussion, I guess... ;) Eugen's mail: | I've used to run a Tor exit with Hetzner a couple years ago, which | resulted in several tet-a-tetes with the local (Bavaria) police. sounded very interesting. What was the reason for their visits? Two cases of complaints (petty online fraud), with the local cop acting as a proxy for the public persecutor, taking up the protocol. I denied the charges of course, and explained how Tor works, brought printouts, including a list of nodes and my node being listed. One case was a fax from BKA accusing me in trafficking in pedophilia. I decided that I don't really want to have my family deal with a search warrant in the wee hours, and switched to middleman. No complaints so far. Hard stuff. But since 'they' have those 'weapons' against running an exit node, what can we do (technologically, politically, ...) against it, to provide free speech in future? The problem remains: No exit nodes, no reliable/fast/stable/anonymous TOR. This has to be fixed, and the urgency to fix this gets stronger every day (see geopolitical stuff, yallayalla).
Re: Hetzner
On Wednesday 17 June 2009, Eugen Leitl wrote: > I've used to run a Tor exit with Hetzner a couple years ago, which > resulted in several tet-a-tetes with the local (Bavaria) police. > > I don't think Hetzner will give a damn if you're running a middleman. > Especially if it's throttled, so you're not making them lose money > on you. That's also my opinion. We also ran an exit node at Hetzner which lead to several discussions with their abuse people. One time the server simply was shut down and it took me days and much discussion to bring them to activate the network again. They have been very uncooperative all the time. As a consequence, we moved our services away from Hetzner. Bernhard signature.asc Description: This is a digitally signed message part.
Re: Hetzner
thus Bernhard Fischer spake: On Wednesday 17 June 2009, Eugen Leitl wrote: I've used to run a Tor exit with Hetzner a couple years ago, which resulted in several tet-a-tetes with the local (Bavaria) police. I don't think Hetzner will give a damn if you're running a middleman. Especially if it's throttled, so you're not making them lose money on you. That's also my opinion. We also ran an exit node at Hetzner which lead to several discussions with their abuse people. One time the server simply was shut down and it took me days and much discussion to bring them to activate the network again. They have been very uncooperative all the time. As a consequence, we moved our services away from Hetzner. Bernhard All other ISPs (in Germany) will behave exactly the same way due to suppression from the state... Timo
Re: Help Iranian dissidents by collecting and posting Bridge addresses? (here?)
Ted Smith schrub in 1245290677.7339.8.ca...@stormbringer: >It would probably be best to email it to a trusted Iranian organization >or group, using OpenPGP encryption. They can disseminate it from there. which would be…? all the best, /marcel __ 0xCF0D7FD1: 2186 45B0 5618 24AF 4CEC 4DBC 30E1 44F5 CF0D 7FD1 signature.asc Description: PGP signature
Re: Hetzner
- Original Message > From: Timo Schoeler > To: or-talk@freehaven.net > Sent: Thursday, June 18, 2009 10:56:03 AM > Subject: Re: Hetzner > > thus Bernhard Fischer spake: > > On Wednesday 17 June 2009, Eugen Leitl wrote: > >> I've used to run a Tor exit with Hetzner a couple years ago, which > >> resulted in several tet-a-tetes with the local (Bavaria) police. > >> > >> I don't think Hetzner will give a damn if you're running a middleman. > >> Especially if it's throttled, so you're not making them lose money > >> on you. > > > > That's also my opinion. We also ran an exit node at Hetzner which lead to > several discussions with their abuse people. One time the server simply was > shut > down and it took me days and much discussion to bring them to activate the > network again. > > They have been very uncooperative all the time. As a consequence, we moved > > our > services away from Hetzner. > > > > Bernhard > > All other ISPs (in Germany) will behave exactly the same way due to > suppression > from the state... > > Timo Note how that even after multiple abuse shutdowns, much discussion, eventual reactivation (thereby indicating that they understood that the alleged abuse did not originate from the customer), and a history of uncooperative behavior on their part: they still pretend that they have never heard of Tor. It looks like they just want people to waste time and energy explaining it to them. They hope that if it becomes too much trouble for you, maybe you will choose another provider.
Re: Hetzner
I've used to run a Tor exit with Hetzner a couple years ago, which resulted in several tet-a-tetes with the local (Bavaria) police. I don't think Hetzner will give a damn if you're running a middleman. Especially if it's throttled, so you're not making them lose money on you. That's also my opinion. We also ran an exit node at Hetzner which lead to several discussions with their abuse people. One time the server simply was shut down and it took me days and much discussion to bring them to activate the network again. They have been very uncooperative all the time. As a consequence, we moved our services away from Hetzner. Bernhard All other ISPs (in Germany) will behave exactly the same way due to suppression from the state... Timo Note how that even after multiple abuse shutdowns, much discussion, eventual reactivation (thereby indicating that they understood that the alleged abuse did not originate from the customer), and a history of uncooperative behavior on their part: they still pretend that they have never heard of Tor. It looks like they just want people to waste time and energy explaining it to them. They hope that if it becomes too much trouble for you, maybe you will choose another provider. Maybe that this is the normal 'modus operandi'. There's lusers and geeks running TOR -- those get into that mode. Timo
Re: Help Iranian dissidents by collecting and posting Bridge addresses? (here?)
On Thu, 2009-06-18 at 11:06 +0200, marcel wrote: > Ted Smith schrub in 1245290677.7339.8.ca...@stormbringer: > >It would probably be best to email it to a trusted Iranian organization > >or group, using OpenPGP encryption. They can disseminate it from there. > > which would be…? > I wouldn't know. I'm sure with enough hunting you can find one. signature.asc Description: This is a digitally signed message part
white-listed exit rules
Hello, I ran tor for a while and I noticed (in the apache and named logs) that there is quite a lot of torrent traffic. While I would have nothing against torrent and other sharing protocols (I think about the case of student campuses with very restrictive rules), still I have limited bandwidth to offer. And I would like that bandwidth to be better put to use. So I would like to run tor on a white list basis. I would like to know if anybody can share such a list - for news, social networks, forums, irc, im - suited for tor ? Regards, Teodor
Re: Help Iranian dissidents by collecting and posting Bridge addresses? (here?)
Hi Roger, On Wed, 2009-06-17 at 22:11 -0400, Roger Dingledine wrote: >>On Wed, Jun 17, 2009 at 06:26:43PM -0700, Chris Humphry wrote: >>Please help...without proxies (ie. Bridges) the Iranian dissidents >>have no voice! >Yeah, see, I'm not sure whether this is true. If ordinary bridges are >working, then probably ordinary Tor relays are working too. Or said >another way, if ordinary Tor relays aren't working, probably ordinary >bridges won't work either. I have no idea if Tor relays are working from Iran or not. On CNN they have been reporting that a vast amount of proxies are provided each day to the dissidents. Supposedly that is how they are sending the pics and video we see each day. To me it sounds like plain ol' one hop open proxies, not Tor. I have emailed CNN asking how one can provide proxies and to which organization, they have yet to email me back. >We've heard rumors they're blocking all encrypted traffic. Does this >mean everything that does an SSL handshake no matter the port? Or does >it mean the blocked port 443? >If the former, an automated system like Tor is going to have a tough time >keeping up -- at least without the tweaks we've been pondering over the >past few days. ;) Even if it is the former I like the tone of your sentence! I am looking forward to seeing what your guys/gals come up with :) >If the latter, then setting up a bunch of bridges on port 80 (even >though everything's still encrypted) might be the ticket. I will email CNN and ask them, but they are getting SO much email I have doubts they will get back to me. Does Tor Project not have contacts in Iran? I wonder how/if we can find out specifically how the Iran Government is blocking Internet access? If a representative from the EFF or Tor contacted CNN I bet they would respond... >Lots of misinformation going around, and not so much information. Yea I was wondering about that. Who to trust?... Thanks!
Re: Help Iranian dissidents by collecting and posting Bridge addresses? (here?)
Chris Humphry wrote: > Hi Roger, > > If a representative from the EFF or Tor contacted CNN I bet they would > respond... > > >Lots of misinformation going around, and not so much information. > This news was on slashdot not long ago: http://science.slashdot.org/story/09/06/16/2137203/Statistical-Suspicions-In-Irans-Election Notice that a link was presented to instructions on how to set up squid based proxy servers. That may be the reason why the proxy technique got in the media but I do not know why tor was not mentioned at all. > Yea I was wondering about that. Who to trust?... > > Thanks! > Thunderbird never asked me a second time for my smtp password until I wanted to send this message, I thing I will go suspicious.
Re: Help Iranian dissidents by collecting and posting Bridge addresses? (here?)
Hi, > We've heard rumors they're blocking all encrypted traffic. Does this > mean everything that does an SSL handshake no matter the port? Or does > it mean the blocked port 443? > > If the former, an automated system like Tor is going to have a tough time > keeping up -- at least without the tweaks we've been pondering over the > past few days. ;) Are you planning to implement protocol wrapping? bye, Matej
Re: Help Iranian dissidents by collecting and posting Bridge addresses? (here?)
From twitter, there is a user ("austinheap") out of San Fran who organized
this. It is simply having people setup squid proxies and sending the
pertinent info to him by email or twitter direct message: ip address and port
(change from the default port and other "standard" ports...I set mine up for
port 8808). He then compiles the list of ips and port info and passes it
along to his trusted iranian contacts who then disburse the info to their
trusted friends.
Try http://blog.austinheap.com/ click through the first blurb screen image in
green to get to the actual site. He has an entry about 1/3 down the page
titled "Best proxy practices" for this situation, providing guidance to help
and get around the Iranian govt censors.
He is providing guidance on squid proxy. As for tor, you can setup a bridge
relay in addition to this direct proxy.
praedor
On Thursday 18 June 2009 13:51:45 Chris Humphry wrote:
> Hi Roger,
>
> On Wed, 2009-06-17 at 22:11 -0400, Roger Dingledine wrote:
> >>On Wed, Jun 17, 2009 at 06:26:43PM -0700, Chris Humphry wrote:
> >>Please help...without proxies (ie. Bridges) the Iranian dissidents
> >>have no voice!
> >
> >Yeah, see, I'm not sure whether this is true. If ordinary bridges are
> >working, then probably ordinary Tor relays are working too. Or said
> >another way, if ordinary Tor relays aren't working, probably ordinary
> >bridges won't work either.
>
> I have no idea if Tor relays are working from Iran or not. On CNN they
> have been reporting that a vast amount of proxies are provided each day
> to the dissidents. Supposedly that is how they are sending the pics and
> video we see each day. To me it sounds like plain ol' one hop open
> proxies, not Tor. I have emailed CNN asking how one can provide proxies
> and to which organization, they have yet to email me back.
>
> >We've heard rumors they're blocking all encrypted traffic. Does this
> >mean everything that does an SSL handshake no matter the port? Or does
> >it mean the blocked port 443?
> >
> >If the former, an automated system like Tor is going to have a tough time
> >keeping up -- at least without the tweaks we've been pondering over the
> >past few days. ;)
>
> Even if it is the former I like the tone of your sentence! I am looking
> forward to seeing what your guys/gals come up with :)
>
> >If the latter, then setting up a bunch of bridges on port 80 (even
> >though everything's still encrypted) might be the ticket.
>
> I will email CNN and ask them, but they are getting SO much email I
> have doubts they will get back to me. Does Tor Project not have contacts
> in Iran? I wonder how/if we can find out specifically how the Iran
> Government is blocking Internet access?
>
> If a representative from the EFF or Tor contacted CNN I bet they would
> respond...
>
> >Lots of misinformation going around, and not so much information.
>
> Yea I was wondering about that. Who to trust?...
>
> Thanks!
--
There is danger from all men. The only maxim of a free government ought to be
to trust no man living with power to endanger the public liberty.
- John Adams [1772]
Re: Help Iranian dissidents by collecting and posting Bridge addresses? (here?)
On Thu, Jun 18, 2009 at 10:30:28PM +0300, Teodor Robas wrote: > Notice that a link was presented to instructions on how to set up > squid based proxy servers. > That may be the reason why the proxy technique got in the media but I > do not know why tor was not mentioned at all. Tor has been mentioned in a variety of articles. We actually try to avoid getting big mentions in the press -- every time I talk to journalists they have visions of headlines like "Tor Project declares war on China!" or "Lone American hacker conquers communist nation", but the reality is that those sort of articles will hurt much more than they help. Getting the news to the right people is very important, and I'm happy that Tor instructions are spreading by word-of-mouth, blogs, etc. But huge high-profile stories in Western media will end up forcing the authorities in these countries to act when otherwise they might not need to. You can bet that plenty of policy people in other countries are watching right now to learn what technologies they should instruct their firewall operators to prepare better for. It's a delicate balancing act. --Roger
mail from iran
I reside within Kermanshah provice of Iran and I have compiled and installed tor and privoxy on my ubuntu machine. It works flawlessly. Thank you.
Re: mail from iran
On Fri, Jun 19, 2009 at 10:36:33AM +0430, amir (hushang) azizi wrote: > I reside within Kermanshah provice of Iran and I have compiled and > installed tor and privoxy on my ubuntu machine. > > It works flawlessly. > > Thank you. Glad you found it useful. Let us know if we can answer any Tor questions for you. Also let us know if it stops working, so we can help to debug. :) Speaking of which: we've recently heard rumors that port 443 is blocked throughout Iran. Have you found that to be true? Tor should be able to work even if 443 is blocked, but it will work better if 443 works. And last: once you have a bit more free time, we'd love to have some help translating our tools and website into Farsi. Thanks! --Roger
