Re: tor is blocked in china

2010-12-22 Thread Lu Wei 
and...@torproject.org wrote on 2010-12-21 22:08:

> ...
Thank you for the confirmation. Someone kindly gave me a private bridge,
it failed yesterday but worked today. I think that's because it's a
dynamic address. Fortunately they have not blocked all dynamic DNS
service. Only a little inconvenience is that bridge address must be
entered digitally.
> 
> Many users in China are using vpns and other insecure proxies, and then
> using tor over those technologies to protect their traffic and browsing.
> Fluffybunny vpn, hot spot shield, and others are popular right now. 

Most people use products from internetfreedom.org, as vpns and proxies,
they are not designed specifically for anonymity, but availability and
speed. Although chained usage with tor is possible, the performance is
drastically slow.
> 
> We want to roll out a better bridge design that makes it vastly more
> expensive to try to block. The research and development on this step has
> been underway for a while. Other projects to simply increase the
> quantity of bridges are the Torouter [1] and bridge-bundle [2] plans we're
> working on towards a March 2011 release.  
> 
> [1]
> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/Torouter
> 
> [2]
> https://trac.torproject.org/projects/tor/wiki/projects/ExperimentalBridgeBundles
> 
Do you have plan to implement some friend-to-friend mechanism? The
ultimate threat is that any publicly retrievable data could also be
retrieved by the admins. A little off topic; Looking forward to your
good news.

-- 
Regards,
LU Wei
PGP key ID: 0x92CCE1EA
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Any way to secure/anonymize ALL traffic?

2010-12-22 Thread 7v5w7go9ub0o 
On 12/22/10 20:32, Kyle Williams wrote:
> On Wed, Dec 22, 2010 at 8:39 AM,
> 7v5w7go9ub0o<7v5w7go9u...@gmail.com>wrote:
>
>>
>> Any and ALL suggests a machine that allows only HTTP/S activity
>> to/from a TOR process; to/from a TOR entry node; all other traffic
>> (e.g. UDP from some sneaky plugin) is blocked.
>>
>> An iptables script or Windows firewall could do that. Presumably a
>> second script would be invoked for normal operation.
>>
>> Alternatively, VMs dedicated to TOR applications could achieve
>> your goal, plus protect your box if something grabs your e.g.
>> browser and tries to sniff around.
>>
>> JanusVM(.com) does exactly this and works with any OS.

Dang. I went to that site and was impressed; yet I was not at
all inclined to try it out.

WHY?   .Suddenly it dawns on me that my closed-minded attitude was
because of VM-prejudice ( :-) ) - I'm a Linux user and so am oriented
toward QEMU and VirtualBox (I presume that VMware is a favorite and best
choice for Windows users). I'd guess there are a number of us who
have never checked out JanusVM because we don't want to learn VMware
just to experiment with a single application.

A quick google came up with this:


JanusVM seems an important application; and I don't want to reinvent the
wheel putting TOR into a VM!So I hope to play with conversion
sometime next week. But if you already know how to do this (convert),
how about putting a note on your web page telling VB and Qemu users how
to use JanusVM on their VM host of choice?


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Any way to secure/anonymize ALL traffic?

2010-12-22 Thread Kyle Williams 
On Wed, Dec 22, 2010 at 8:39 AM, 7v5w7go9ub0o <7v5w7go9u...@gmail.com>wrote:

> On 12/22/10 08:38, Praedor Atrebates wrote:
> > I have always been disturbed by the fact that javascript or flash
> > can sidestep tor and give away your real IP.  Is there truly no way
> > to control one's own computer so that any and ALL traffic that goes
> > out to the ethernet port or wlan gets directed through tor no matter
> > what?  Can any combination of software and hardware prevent software
> > on one's own computer from acting the way someone else wants rather
> > than as the owner wants?  I would love to be able to use javascript
> > and flash (some site require one or the other or both to be
> > functional) and know that ANY traffic that exits my own system WILL
> > be directed through the tor network.
> >
> >
>
> Any and ALL suggests a machine that allows only HTTP/S activity to/from
> a TOR process; to/from a TOR entry node; all other traffic (e.g. UDP
> from some sneaky plugin) is blocked.
>
> An iptables script or Windows firewall could do that. Presumably a
> second script would be invoked for normal operation.
>
> Alternatively, VMs dedicated to TOR applications could achieve your
> goal, plus protect your box if something grabs your e.g. browser and
> tries to sniff around.
>
> JanusVM(.com) does exactly this and works with any OS.

Best regards,

Kyle

Re: Any way to secure/anonymize ALL traffic?

2010-12-22 Thread 7v5w7go9ub0o 
On 12/22/10 17:10, Praedor Atrebates wrote:
> Could one setup a VM with some arbitrary timezone for it alone and
> run tor and bind there so that flash and javascript cannot get such
> info as local timezone, etc?  Would it be possible to have the VM
> change timezone in some random/semi-random fashion so that any
> timezone (and other) info that could be otherwise acquired would be
> just as unreliable an identifier of your system/location as
> information acquired from a tor session?  Then, even if flash or
> javascript did try to pull information outside tor it would be
> totally bogus and ever-changing.  It would still be nice to be able
> to squelch any attempt by flash to find your REAL IP address by
> forcing it to ALWAYS exit via tor no matter what.
>

Yes.   Feed the VM either random, or standardized (every TOR VM has the
same "fingerprint") data.

As mentioned earlier, a firewall (in this case within the VM) can block
all connections, except between TOR and TOR entry modes; the VM
insulates any unique user info from a roving plugin/extension. The VM
also protects the host, should the application within be compromised
(e.g. memory attack).

JAVA is capable of more identity-revealing mischief than JS; within a VM
you could safely run even JAVA.

HTH

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Any way to secure/anonymize ALL traffic?

2010-12-22 Thread Matthew 

 On 22/12/10 13:38, Praedor Atrebates wrote:

I have always been disturbed by the fact that javascript or flash can sidestep 
tor and give away your real IP.


Are you sure that JavaScript can give away your IP?  Flash can - but my 
understanding is that JavaScript cannot.


As another poster noted though: JS is great for providing browser and 
system information such as the local time zone.

Is there truly no way to control one's own computer so that any and ALL traffic 
that goes out to the ethernet port or wlan gets directed through tor no matter 
what?  Can any combination of software and hardware prevent software on one's 
own computer from acting the way someone else wants rather than as the owner 
wants?  I would love to be able to use javascript and flash (some site require 
one or the other or both to be functional) and know that ANY traffic that exits 
my own system WILL be directed through the tor network.


Three suggestions:

a) Use Tor with TorButton and NoScript which will deal with your Flash / 
JavaScript issues.  It is impractical to turn JavaScript off and a few 
sites like YouTube demand Flash.


b) Make sure you wipe your cache and your Flash Cookies.  Are you using 
Windows or Linux?  For Ubuntu you need to wipe the .adobe and .macromedia 
folders.


c) Why not use Tor with a commercial VPN.  The VPN (providing it does DNS 
resolution) will route all traffic and then you can use specific 
applications like Firefox or Pidgin to work with Tor.

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Any way to secure/anonymize ALL traffic?

2010-12-22 Thread Marco Predicatori 
Praedor Atrebates, on 12/22/2010 05:41 PM, wrote:

> and also altered my resolv.conf  (linux) so that it reads:
> 
> namserver 127.0.0.1
> 
> as per the instructions, however, when I alter the resolv.conf 
> file thus I lose the ability to resolve any addresses.
> Something must be missing.

Do you have a nameserver running on your localhost, 127.0.0.1, like
Bind?

-- 
http://www.predicatori.it/marco/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Any way to secure/anonymize ALL traffic?

2010-12-22 Thread Moritz Bartl 
Just as a reminder, the problem with Flash and Javascript is not only 
that they might be able to cirvumvent network settings. Both can gather 
local information and give it away - in that case it doesn't matter if 
the channel itself is anonymous.


Moritz

Am 22.12.2010 14:38, schrieb Praedor Atrebates:

I have always been disturbed by the fact that javascript or flash can sidestep 
tor and give away your real IP.  Is there truly no way to control one's own 
computer so that any and ALL traffic that goes out to the ethernet port or wlan 
gets directed through tor no matter what?  Can any combination of software and 
hardware prevent software on one's own computer from acting the way someone 
else wants rather than as the owner wants?  I would love to be able to use 
javascript and flash (some site require one or the other or both to be 
functional) and know that ANY traffic that exits my own system WILL be directed 
through the tor network.



***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Any way to secure/anonymize ALL traffic?

2010-12-22 Thread 7v5w7go9ub0o 
On 12/22/10 08:38, Praedor Atrebates wrote:
> I have always been disturbed by the fact that javascript or flash
> can sidestep tor and give away your real IP.  Is there truly no way
> to control one's own computer so that any and ALL traffic that goes
> out to the ethernet port or wlan gets directed through tor no matter
> what?  Can any combination of software and hardware prevent software
> on one's own computer from acting the way someone else wants rather
> than as the owner wants?  I would love to be able to use javascript
> and flash (some site require one or the other or both to be
> functional) and know that ANY traffic that exits my own system WILL
> be directed through the tor network.
>
>

Any and ALL suggests a machine that allows only HTTP/S activity to/from
a TOR process; to/from a TOR entry node; all other traffic (e.g. UDP
from some sneaky plugin) is blocked.

An iptables script or Windows firewall could do that. Presumably a
second script would be invoked for normal operation.

Alternatively, VMs dedicated to TOR applications could achieve your
goal, plus protect your box if something grabs your e.g. browser and
tries to sniff around.

HTH

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Shortcut key?

2010-12-22 Thread Jerzy Łogiewa 
Is there a way to give a shortcut combo-key to Tor on/off toggle with Torbutton 
in Firefox?

--
Jerzy Łogiewa -- jerz...@interia.eu



Swiateczne tapety na telefon!
Pobierz >> http://linkint.pl/f2882

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Any way to secure/anonymize ALL traffic?

2010-12-22 Thread Michael Gomboc 
Check that:
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy


Regards,
Michael

2010/12/22 Praedor Atrebates 

> I have always been disturbed by the fact that javascript or flash can
> sidestep tor and give away your real IP.  Is there truly no way to control
> one's own computer so that any and ALL traffic that goes out to the ethernet
> port or wlan gets directed through tor no matter what?  Can any combination
> of software and hardware prevent software on one's own computer from acting
> the way someone else wants rather than as the owner wants?  I would love to
> be able to use javascript and flash (some site require one or the other or
> both to be functional) and know that ANY traffic that exits my own system
> WILL be directed through the tor network.
>
>
> --
> The means of defense against foreign danger historically have become the
> instruments of tyranny at home.
> – James Madison
> ***
> To unsubscribe, send an e-mail to majord...@torproject.org with
> unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
>



-- 
Michael Gomboc
www.viajando.at
pgp-id: 0x5D41FDF8