Re: perfect-privacy.com, Family specifications, etc.

2010-05-17 Thread CyberRax 
  While some of them appear to be guards, none is running as an
  exit node, so this should not be possible.

 Thanks for pointing that out, Paolo.  I had missed that.  However,
 it should not be possible to get more than one of them in any given 
 circuit route, but because they are not grouped into a single Family, 
 a circuit could consist of all nodes except the exit node being 
 perfect-privacy.com's nodes.

For most users it would suffice if all PerfectPrivacy nodes would 
loose their Guard flag (which for those who haven't explicitly set 
UseEntryGuards 0 in their TORRC would mean that PerfectPrivacy 
servers would act the way they seems to be set up - as middle-relays).
As far as I can tell the main problem are the German relays which 
list other family members as PPrivGermanyX, while the servers themselves 
use the names PPrivComGermanyX. So it would be enough if servers 
PPrivComGermany2 - PPrivComGermany5 would become invalid.

The exact definition of family seems somewhat foggy in the 
documentation. The Tor manual says controlled or administered by 
a group or organization identical or  similar to that of the other 
servers which to me reads is run by the same people, while the 
TorFAQ starts with don't run more than a few dozen on the same 
network which seems to indicate that the physical network is what 
defines a family (which seems to be how the PerfectPiracy folks are 
defining it). It's only the last line of that section which says You 
should set MyFamily if you have administrative control of the computers 
or of their network. Seems like an optional thing to me rather than a 
requirement.

Personally I have mixed feelings about disabling a whole node-family 
just to send a message. Sure, it'll probably work and definitely would 
help Tor's security, but it'd also be bad for the networks throughput 
and punish the relay operators for something that doesn't seem to have 
been explicitly said out loud.




***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Answer by perfect-privacy.com Re: perfect-privacy.com, Family specifications, etc.

2010-05-17 Thread Moritz Bartl 
Hi,

What I did was just file a report at the company's website. It took them
only minutes to get back to me.
Scott, I don't know why, but you probably didn't get their response in
the first place.

 Original Message 
Subject: Re: - Medium - Tor servers, Tor community wants to disable your
nodes - General
Date: Mon, 17 May 2010 13:46:04 +0200
From: Perfect Privacy Administration ad...@perfect-privacy.com
Organization: PP Internet Services

Hello, Moritz!

We explained the situation already three days ago to Scott Bennett who
had contacted us by e-mail about it.  We will resolve the situation, as
soon as we have time.  The Tor software makes it unfortunately very
time-consuming to maintain the MyFamily entries, once one has a lot of
servers.  We currently would have to edit 45+ torrc entries on 45+
server whenever a server is added or removed (what happens frequently),
just to keep MyFamily up-to-date.

A proposal to the TOR developers:  I don't know if it's technically
possible, but maybe one could introduce a BelongingToFamily entry or a
similarly named command in future versions of TOR which could work as
such, as that every server which contains the same BelongingToFamily
entry (e.g. BelongingToFamily xyz) belongs to the family xyz.

That way one wouldn't have to enumerate all server names in the
MyFamily section of each and every individual torrc file what causes
an enormous effort if one adds a lot of servers (and donates a lot of
traffic) to the Tor network.  As mentioned, we currently would have to
edit 45+ torrc files on 45+ TOR servers whenever a server is added or
removed, and the number of our servers is constantly increasing.

Please find my reply to Scott beneath.  Maybe you can also be so kind to
forward it to the TOR community, as I'm not a part of the mailing list.

All the best,
Bruce
Perfect Privacy Administration



=



 Original Message 
Subject: Re: your multiple tor node Family specifications
Date: Fri, 14 May 2010 13:16:32 +0200
From: Perfect Privacy Administration ad...@perfect-privacy.com
Organization: PP Internet Services
To: Scott Bennett benn...@cs.niu.edu

Hello, Scott!

We are a non-profit work association which provides privacy services and
which donates a certain amount of the bandwidth of everyone of its
servers to the TOR network.

Our setup is currently as such, as that all servers which are located in
a specific data center or country, are grouped together in one family.
This has, above all, practical reasons, because we are already operating
45+ servers world-wide.  Additional servers are added on a frequent
basis; at times servers are also removed from our park, either because
we don't like the server's performance or because the data center
doesn't like the privacy services we are providing (and the abuse level
they create) and terminates a contract.

Grouping all servers into one family would, while being ideal, cause at
the moment a disproportional maintenance effort.  We would have to edit
and change the torrc files on 45+ machines whenever a server is added,
renamed or removed.  Currently, we only have one server in most data
centers, and where we have more than one it's usually not more than 2 to
5, so the effort to update the torrc files if another server should be
added to a specific data center is still quite manageable.

However, we naturally do understand your position.

Please consider this a temporary solution until we had the time to come
around to develop and to install scripts on all servers which will
enable use to propagate the MyFamily entry centrally to all TOR
servers in our park.  Whenever a TOR server is added or removed, the
scripts on the individual servers could then recreate updated torrc
files, using the centrally propagated MyFamily entry, reloading the
new torrc configuration at the same time.

This would solve the problem of cumbersomely manually updating a
steadily growing number of 45+ torrc files on 45+ different servers
whenever a server is added, renamed or removed from our park, just in
order to have the correct MyFamily entry in all of them.

Actually, thinking about it, if the TOR configuration file does support
a command like Include which would permit TOR to read configuration
entries from another file (a file which contains the My Family entry
and which we can centrally propagate to all servers with scp), a
solution to this problem could be implemented much quicker.  I don't
have the list of TOR commands in my head and will have to look up if
such a possibility exists...

In any way, we will take care of this issue as soon as our time permits.
We are planning to rewrite the torrc files anyway, making use of the
DirPortFrontPage command to display a disclaimer on port 80.  Maybe the
one effort can be combined with the other.

All the best,
Bruce
Perfect Privacy Administration



On 11.05.2010 20:25, Scott Bennett wrote:
  Your organization appears to have a large

nameserver stats

2010-05-17 Thread Olaf Selke 
Hi,

in case one might be interested in dns statistics of an exit node
generated by the Dns Statistics Collector tool DSC (*).

Data only include requests originating from blutmagie Tor exit. No other
hosts' traffic is taken into account. The query rate on the graphs'
x-axis has to be approximately doubled since there's a second nameserver
used I don't collect data from.

http://selke.de/pics/tld.png
http://selke.de/pics/2nd-level-domains.png
http://selke.de/pics/3rd-level-domains.png

Olaf

(*) http://dns.measurement-factory.com/tools/dsc
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/