Come here! When you want to go shopping,Very cheap

[Arrakis Tor]

Hello
A good web for you :http://www.bestchoosing.info";>*&www.bestchoosing.info%&
.Hope
you will like it.
MAC,Tiffany,Nike,Adidas,benefit,GUCCI,Juicy,Chanel
etc
Clothes,Shoes,Cosmetics,Wallet,Handbag,Sunglasses
etc
they accept paypal,Master Card,Visa
Card,"Very safe and
convenient"
All products with low price and good quality.
Have a good day
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Tor Bulk Exit Exporter Broken - check.torproject.org

[Arrakis]

http://check.torproject.org/cgi-bin/TorBulkExitList.py

Reports error:

Mod_python error: "PythonHandler TorBulkExitList"

Traceback (most recent call last):

  File "/usr/lib/python2.4/site-packages/mod_python/apache.py", line 299, in 
HandlerDispatch
result = object(req)

  File "/var/www/tor-detector/cgi-bin/TorBulkExitList.py", line 198, in handler
updateCache()

  File "/var/www/tor-detector/cgi-bin/TorBulkExitList.py", line 103, in 
updateCache
parsedList = open(parsedExitList, 'w')

IOError: [Errno 2] No such file or directory: 
'/tmp/TorBulkCheck/parsed-exit-list'

Re: tor-browser bundle on XP

[Arrakis]

Jacob,

  XeroBank's network does not use tor whatsoever. Modern onion
  routing is not suitable for commercial anonymity.

  Perhaps the confusion is that our client software is not
  our network software, unlike Tor. xB Browser users do not
  create the XeroBank network. xB Browser only accesses other
  networks as a client.

  So you have this:

  [Browser] -> [Connection Client] -> [Network]

  In the instance of Tor, the connection client and the network
  are essentially the same. In the instance of XeroBank, the
  connection client for legacy users will be PuTTY/SSH to the XB1
  network, and for modern users the connection client will be
  OpenVPN/TLS to the XB2 network.

  Currently xB Browser lets the user select which anonymity
  network they want to use: Tor or XeroBank. This also means
  we could theoretically also add JAP or I2P in as well. It
  is also written to work with the Mozilla softwares, so it
  can easily run a News Reader, Chat client, Mail client,
  or any other in place of the Browser if one was motivated.

  It is somewhat agnostic of the network it connects to except
  for the threat models. Because Tor is vulnerable to exit node
  injection and MITM attacks, it employs a Tor-specific user.js
  option overlay which blocks out scripts and plugins and mime
  types, and RSA/MD5 SSL certificates. When connected to XeroBank's
  VPN the threat model is different so it behaves accordingly, allowing
  scripts, plugins, and mime types, but wiping out flash cookies,
  DOM objects, cookies, hidden registry plugins, and other homing
  badware. It also has a hybrid user option overlay, for the SSH
  connections because it knows there isn't injection/mitm risks
  but it also knows the VPN isn't catching all the traffic so it
  covers up java proxy settings in windows, and restricts scripts,
  and plugins etc at the option of the user, but it doesn't worry
  about RSA/MD5 SSL certificates.

  It was rewritten from scratch a couple years ago, and I don't
  think it has a single line of PortableApps code left in it.
  I think it would be safe to say this is nothing like the Torpark
  you remember.

Steve





Jacob Appelbaum wrote:
> Arrakis wrote:
>> Phobos et al,
>>
>>  xB Browser installs giving a user a choice of two modes.
>>  The first is Tor, the second is the XeroBank network. xB
>>  Browser is included in the XeroBank Installer bundle which
>>  includes xB VPN and xB Mail as well.
>>
>>  xB Browser, if Tor is installed, will just run Tor for it's
>>  connection client.
> 
> I think there's some confusion here. In a previous thread you suggested
> that XeroBank [0] doesn't use Tor. This is confusing because your
> "source" package contains a Tor binary:
> 
> /tmp/xb% 7z e XeroBank_Source.zip
> 
> /tmp/xb% find .|grep -i tor
> ./history.dat
> ./tor-resolve.exe
> ./localstore.rdf
> ./Tor
> ./torcircuitstatus.exe
> ./Torcircuitstatus
> ./torcircuitstatus.dll
> ./tor.exe
> ./TOR_user.js
> ./.autoreg
> ./formhistory.dat
> 
> It looks like Tor is included with your software.
> 
> Regards,
> Jacob
> 
> [0] http://archives.seul.org/or/talk/Dec-2008/msg00053.html
> 

Re: tor-browser bundle on XP

[Arrakis]

Phobos et al,

 xB Browser installs giving a user a choice of two modes.
 The first is Tor, the second is the XeroBank network. xB
 Browser is included in the XeroBank Installer bundle which
 includes xB VPN and xB Mail as well.

 xB Browser, if Tor is installed, will just run Tor for it's
 connection client.

 Otherwise, the installer will ask you for credentials and
 lookup your account data to see if it should connect you via
 SSH to XeroBank, or launch an OpenVPN connection to XeroBank,
 or sense you already have an OpenVPN connection and become
 submissive to direct connection, which gets routed out through
 OpenVPN.

 So xB Browser can connect to Tor, any SSH proxy, or any OpenVPN
 proxy, and acts as the privacy browser for the anonymous
 connection you ask it to make.

 Further disambiguation: Xero Networks, the parent company of
 XeroBank, runs both the XeroBank network, and the Onyx network.
 The two are separate, the former being a 2-hop juridictionally
 split, crowded and multiplexed broadband anonymity network, the
 latter being a much more "hardcore" network featuring 3+ hop
 multi-jursidictional, decentralized, distributed, multiplexed,
 cascade split, crowded, lag obfuscated, 1 Gbps burst broadband
 anonymity network. XeroBank network access is offered to
 consumer clients, Onyx network access is offered to business
 and government clients.

Steve

xB Browser now includes SSL MD5 blocking

[Arrakis]

xB Browser now detects and warns about certificate chains
that use the MD5 algorithm for RSA signatures via popup,
thanks to Philipp Gühring of CACert, and Márton Anka's
SSL Blacklist.

This release includes 60MB of 512, 1024, 2048, and 4096 bit
certificate MD5 blacklists.

XeroBank Installer 2.9.1.2
xB Browser 2.0.0.20a

http://update.xerobank.com/distro/XeroBank/source/XeroBank_Installer.exe
http://update.xerobank.com/distro/XeroBank/source/XeroBank_Installer.exe.sig

As always, source code available.

http://update.xerobank.com/distro/XeroBank/source/XeroBank_Source.zip
http://update.xerobank.com/distro/XeroBank/source/XeroBank_Source.zip.sig

Enjoy,
Steve Topletz

Re: Commercial tor offering?

[Arrakis]

OgnenD,

> I think peer review exists in science (and technology) for a purpose. If 
> there 
> is only one analyst, maybe your claim holds. However, results in general need 
> to be testable and reproducible by anyone, so that everyone can convince 
> themselves in the validity of claims being made. Anyways, this is just my 
> philosophical remark, it is not the main interest of why I asked the original 
> question.

In academics, peer review is great, and needed. However, it follows that in
science that the scientific method be followed. The results must be empirical
and quantifiable.

If such a method is known, and an analyst can propose some method of testing
that we all relatively agree upon, and the results are measurable, I think that
would be great and I welcome that.

> This is, however, much more interesting to me. You seem to imply that a 
> company in one jurisdiction owns/operates nodes in another jurisdiction. Am I 
> understanding this correctly?

That is correct.

Steve

Re: Commercial tor offering?

[Arrakis]

Robert,

> At first glance your statement above could be taken to suggest that Onyx 
> provides provably better anonymity than Tor. A second reading suggests 
> that you are merely claiming Onyx deploys additional techniques that are 
> regularly investigated for their anonymity properties, while at the same 
> time overcoming certain attacks that Tor is still susceptible to.

As there is no metric for measuring anonymity, it would be accurate to say
that it is not going to be provable. What we can do is say such a property
reasonably appears to exist, and make our determinations from there.

> Would you agree that:
> 
> - Onyx has not been the subject of independent analysis thus far, so its 
> anonymity properties are an open question.

One problem with the idea of "independent analysis" when applied to
technology,  is that it requires that there is an independent analyst with
equivalent or superior knowledge to the system provider and tools with
which to measure a test, and a metric for measurement. Anything less and
you end up with an estimation that is less matched to the analyst's
ability, and more synchronized to the analyst himself.

If you are providing a system with young technologies implemented in a
unique manner, you are unlikely to find an independent analyst with
mastery in these implementations, or the ability to test, much less
measure the veracity of such claims. The use of independent analysis will
probably come down to warm fuzzies regarding your trust of the reputation
/ authority of the analyst, instead of measurement of the system itself.
Even then, he can only say at best that it *appears* to have these
properties.

However, logically it is possible to disprove claims. If we could agree
on the mastery of the analyst, and his/her independence, then I don't see
why we wouldn't allow such attempts.

Unfortunately, the best possible result you can hope for from the analyst
is "I couldn't break the system, it appears to be what is purports" which
isn't going to be an affirmative response, and would be the same response
given by any less-than-qualified analyst.

This is where we get back to needing a metric to measure anonymity,
otherwise we are snipe-hunting for warm fuzzies. Would you agree?

> - Some of the features you describe are not proven to provide better 
> anonymity (e.g. traffic padding).

As there is no metric of measuring anonymity, it would be a moot point
to say there is a technically "better" anonymity. What we can say is this
provides what appears to be better anonymity because of a sound design.

In this specific instance, the matter is that padding increases the
opacity of the context of a transmission. This generally assumes that the
less accurate data an adversary has to perform traffic analysis, the
weaker the signal intelligence and thus the better the anonymity will be.

Perhaps an analogy would be two gifts under a Christmas tree. One is
shrink-wrapped and you can clearly see the outline of the object and the
other is padded in a box. To a casual observer, I could estimate that it
is easier to determine the contents of the shrink-wrapped item rather
than the item in the box. Probably not the best analogy, but just at the
top of the mind.

> - Onyx's immunity to sybil attacks and exit node injection is not explicit 
> in its design. This immunity depends on the behaviour of the network 
> operators.

That is correct, we verify the integrity of the nodes and extend
commensurate trust to the operators of those nodes, which is based
on a reputation system. A pertinent difference is that operators do not
volunteer, they are only invited, so there is little opportunity for
malicious nodes.

> - Are there plans afoot to open Onyx to independent investigation without 
> becoming a paying customer? Does the design of the Onyx network allow such 
> investigation?

If a metric for measuring anonymity is established, I think we would
gladly welcome such an investigation.

> - Isn't the use of a small number of privately, centrally owned servers to 
> provide an anonymity network inherently problematic? Doesn't the anonymity 
> of the client on such a network depend almost completely on the integrity 
> of the network operator (i.e. xerobank)?

The network node ownership and operation is completely decentralized and
distributed. Nodes are owned and operated by different corporations in
unique jurisdictions, differing from the location of the nodes they operate.

> Apologies if some of my questions/assumptions above could be answered or 
> contradicted by reading the whitepaper in full, but I'm sure they 
> represent the sentiments of many readers on this list who are a little 
> skeptical of what kind of beast Onyx actually is but aren't prepared to 
> analyse it in any depth. This would certainly be a good opportunity for 
> clearing such matters up with or-talk cynics such as myself.

It's my pleasure. These are complicated subjects to say the least.

Steve

Re: Commercial tor offering?

[Arrakis]

Phobos,

 XeroBank's network doesn't use Tor. Common misnomer. But we did stay at a 
holiday inn express:

 XeroBank uses IPSec cascades and is distinguished by have additional anonymity
 features tor doesn't employ such as mixing, crowding optimization, channel 
multiplexing, traffic
 padding, fingerprint/watermark dropping, timing-attack resistance; and 
properties tor
 doesn't have such as immunity to sybil attacks and exit node traffic 
injection. :)

 http://xerobank.com/docs/onyx_whitepaper.pdf

Steve

[EMAIL PROTECTED] wrote:
> On Thu, Dec 04, 2008 at 11:54:51AM -0500, [EMAIL PROTECTED] wrote 0.4K bytes 
> in 12 lines about:
> : I am sure someone had digested this before but what would be some issues 
> with 
> : purchasing (say) twenty different boxes around the USA with good pipes and 
> 
> Indeed.  There are at least two commercial services that use Tor;
> IronKey and Xerobank come to mind.  I've tried neither, nor seen their
> Tor configuration.  So, others have had the same idea as you.
> 

Privacy News Aggregator

[Arrakis]

Tor Community,

  We are working on a news aggregation website that will coalesce
  privacy related matters into a single rich-media website. That
  means technology, politics, business, finance, etc. as they
  relate to solely privacy, typically affecting the individual.

  We are looking for those who might be interested in contributing
  tips or columns on a daily, weekly, or semimonthly basis. Articles
  would be between 150 to 600 words.

  Currently this is a love-of project that is being run without
  profit by those who enjoy privacy. This means those of you who
  want to elevate your public exposure, project, blog, promote a
  service or privacy product that is related will have advertising
  and backlink compensation. If the project becomes monetized, we
  will begin compensating columnists.

  If you are interested, please drop me a line directly.

Steve

Re: No torrc in xBBrowser

[Arrakis]

M Peterson,

  Not exactly. XB software works on both the tor and xb network,
  which are two separate entities which produce both software and
  network resources.

  XB software can access Tor network, Tor software cannot access
  XB network.

  A square is a rectangle, but a rectangle is not necessarily a
  square.

Arrakis

M. Peterson wrote:
> cool, XB = Tor, and Tor has changed to XB.
> 
> On Fri, Aug 15, 2008 at 10:36 PM, Arrakis <[EMAIL PROTECTED]> wrote:
> 
>> We've just uploaded the XeroBank 2.8.8.15 installer.
>>
>> It includes xB Browser 2.0.0.16a, and the full
>> source and library and tools. Just install NSIS,
>> put the plugins in the plugin directory, and run
>> make.bat to compile your own xB Browser and xB VPN
>> and/or installer to pack them both.
>>
>> Naturally includes changelog, and all the source is
>> very well commented and in plain english.
>>
>> For adding in torrc commands, just run xB Config and
>> it has a place for you to put them in. Click the
>> "Generate INI" button and start xB Browser and it
>> will run with the commands you gave it.
>>
>> Steve
>>
>> H D wrote:
>>> I am running xBBrowser 2.0.0.15a and want to set
>>> entry and exit and other things in the torrc.
>>> Where do I place the torrc file in xBBrowser?
>>>
>>> I am also curious about the add-ons "xB Browser
>>> Customization". No description to find for it.
>>>
> 

Re: xB Mail: Anonymous Email Client

[Arrakis]

> Here are some suggestions. Some of them ere also mentioned in the other
> thread about changing the default exit policy.
> 
> 1.) Block remote image loading

It was my intention to block all markup rendering, in addition to blocking
that inside the client.

> 2.) Obfuscate the data sent in the EHLO so it doesn't leak the hostname/ip

I'll have to check how thunderbird implements smtp.

> 3.) Even using an obfuscated EHLO, that can still leak information. If
> you're using TLS rather than SSL on connect when sending an email, the
> exit node can see what is sent in the EHLO. The fact that you send the
> same EHLO every time could potentially let the exit node identify you if
> you come back. Therefore, although it's not the standard, SSL on connect
>  on port 465 is preferable to TLS on port 587/25 when submitting email
> over Tor.

Very good observation.

> 4.) The "Use secure connection" account settings should never be "TLS if
> available" as a mitm attack could stop you from negotiating SSL without
> realising.

Agreed. I think this was an issue in The Bat! client.

> 5.) The "Check for new messages every" option could leak to the exit
> node that it is the same client coming back, if you set it to an unusual
> value like 17 minutes for example. Changing from the default should be
> dissuaded.

Agreed. Or possibly randomizing the time. This also leads to a timing
correlation on "timeout" settings as well.

> 6.) If people use a Torified account alongside a non Torified account
> (I'd make it advise people to use a separate profile). But if they do,
> do that, then it needs to make sure the two accounts don't share the
> same LDAP server.

It is my intent that people do not use the client to mix anonymous and
non anonymized accounts over an anonymity network, as we would again
break the context protection.

> 7.) Turn off return receipts and Junk filtering

Junk filtering is sticky. Because we are going to use thunderbird, we
can create bayesian filters in token form, and push token updates to
the client. It would be kind of amazing if the latest paris hilton
spam was blocked before the user had to read it. The management program
could update such a token over https, un-anonymized, every x time.

> 8.) For convenience rather than security, I'd make it automatically turn
> on the options to download the full messages to disk.

Thats one of those distasteful things about mail, and one of the reasons
I prefer IMAP over POP. POP is fine if you're encrypting your message
base, but if not, IMAP is preferable. But I tell you what... i really
*could* encrypt the messagebase on thunderbird. No telling how secure
that would really be in windows implementation, but it is certainly
a fun idea.

> Oh. It would also be nice if you could add a list of keywords that
> Thunderbird shouldn't allow you to send in an email, in case you
> accidently sign a message with your own name for example.

Great idea. Love it.

Regards,
Arrakis

Re: xB Mail: Anonymous Email Client

[Arrakis]

But what it seems to do is to
create a crucible to temper only the experts into being able to use it,
who didn't need it anyway.

> Third there is SIMPLE-MAIL as a Firefox addon
> https://addons.mozilla.org/en-US/firefox/addon/5593
> Telega is the author and is currently coding a XUL gui for retroshare
> instant messenger, you find it here:
> http://retromessenger.sf.net
> This library is currently not open source, but the auther may think about
> that.
> XUL allows as well a standalone application.

I'll look at this as well.

> The idea, to join as well in XUL a mail client with PGP keys and the
> libretroshare Instant Messenger is already placed.
> 
> You see, 2 Projects, on its way bringing online and offline communication
> together, both based on PGP keys.
> 
> That is why you should be compatible to PGP key exchange. Does FirePGP
> provide this?

FireGPG provides selective encryption of text using GPG/OpenPGP. A better
approach, in my opinion, is the Thunderbird Enigmail extension, which
prompts but does not enforce PGP encryption, and has an integrated key
manager, and keyserver query engine built into it. I think this is an
excellent foundation to work with, if we can understand how to guide users
into such a harness.

> Do you really think, mixmaster has enough nodes? Do you really think that a
> tif-for-tat model is good, so that each one running the PGP-Email-Client
> should be as well at the same time an Outproxy for other mails? No..

That depends, really, if the client is designed for open or darknet
operation. My current interest is for open network operation, so the
client does not participate. If it was for a darknet, I would probably
say the client should participate.

> And: Regarding webmail: I want an email client, With Tor it is already
> possible to surf to webmail accounts.

Possible, but certainly not safe. We would need to browser portion to
enforce end-to-end encryption at all times, and only talk to servers
which were known to use end-to-end without blabbing a cookie in plaintext.

> Do you really want to make a new proxy network only for email-mixture?

I wouldn't mind adapting my current idea to darknet operations, but it
is not my current intent to reinvent the wheel, so we want to use networks
that already exist out there, like one of either tor or mixmaster.

> Thanks for a feedback, how you go on

Max, thank you for your contribution. I'll take your suggestions under
advisement in addition to researching the projects you've mentioned.

Thanks again,
Arrakis

Re: xB Mail: Anonymous Email Client

[Arrakis]

> It's appropriate to repeat it because you're spamming this list again
> with your ideas about licensing. You continue your attempts to ride on
> the coat tales of the Free Software and Open Source licenses that came
> before you.

Jacob, I'm not spamming the list with licensing ideas. I commented
that the idea contributions would be used in a software licensed
under TESLA, as that is a legitimate caveat for those here, as expressed
before. Your further illustration is a testament to the legitimacy
of that caveat.

> *The TESLA software license is neither 'open source' or 'free'/'free
> software' as people commonly understand those terms.*

As people commonly understand those terms, I disagree. For the 99.%
of the users out there, it is free and open source. They don't hit any
restriction. Download it, modify it, sell it, redistribute it modified
or unmodified. That .0001% that apparently some people feel outraged
over, only represents the addition of backdoors/spyware, or commercial
theft.

> Stop misusing those terms and people will
> stop calling you on it. It's a factual debate and the facts aren't on
> your side.

Shall I say it again? While we can all love Richard Stallman, your
choice of definition is not universal. That the software is open
source and free, is dependent on your purpose being non-malicious.
I'll clarify, as per your reply: FOSS definitions != fact. They
are colloquial, they are subjective terms.

warning: "spam licensing idea" ahead, involves gpl...
We could license it under GPL, but wrap that in a license / software
that says you can't get to the GPL license if you have malicious intent
(possible?). It just seems easier to use a single license.

> To be clear, your xB* software doesn't belong on or-talk because it has
> next to nothing to do with Tor. 

I'm not sure if you're aware of it, but there are both security and
anonymity implications for passing mail over tor that should be discussed.
And if you haven't understood it yet, we are indeed talking about passing
mail over tor, because that is exactly what the software will do, presumably.

That is what _I_ want to discuss. My only caveat is telling contributors
how I plan to use the information they share. I don't want people to be
angry that I used information or methods in a way that wasn't suitable
to them. That seems like a pretty straight forward issue. For some reason,
Seth thought my disclosure of use required comment, in the interests of
malware producers who might be contributing in the hopes of introducing
malware/spyware. Reductio ad absurdum, that is the logical conclusion to
the objection, if it isn't purely for attempting to open discourse about
subjective terms. Maybe I should think of Seth's post as less of an objection
and more like a wikipedia stub, but then again that isn't how he phrased it
so I'll take the comments as they come.

> If you configure a mail client to use
> Tor, no one else needs to know about it.

I remember your same posts about incoginto, tor browser, torpedo, vidalia,
torbutton, janusvm, rockate, etc. You're right. Discussion about software
projects that implement tor don't belong in or-talk. Sure. How am I supposed
to take your comments seriously, Jacob? That lack of evidence doesn't seem
to bloster that claim as your motive. Maybe you're just a very easy-going
guy and decided here is where you would make your stand for disallowing
discussion on or-talk of software that integrates tor, and things that aren't
purely about tor project itself.

Or maybe you're right, and your post doesn't belong on or-talk, and perhaps
neither does this one. In that case, may I suggest that if you have a response,
you send it to me personally? I wouldn't want to force you or anyone else to
violate your self-proclaimed definition of what belongs on or-talk, after all.

At some point you have to step back, abandon the ivory tower, and realize
that your definitions are not the only definitions, and if they were that
still doesn't elevate them into fact. Your position requires that
contention, and is thus untenable. That you've called attention to it in
some attempt to extricate Seth is admirable. However, at the end of the day
I'm here to discuss the implications of sending mail over tor so I can produce
actual software that real people can use, and you're here for some reason other
than that. Pardon me if I don't allow you to undermine my purpose.

Arrakis

Re: xB Mail: Anonymous Email Client

[Arrakis]

> (I don't think it's necessary to repeat that thread.)

Then I'm unsure why you thought it appropriate to repeat it now.

If FOSS is your jesus, that's fine. If you don't mind spyware
makers and for-profit codejackers being the only ones getting
a boot in the face, that's fine too. The point being, it is
not your prerogative to choose my software religion, or that
of others.

And if it was merely your noble intention to bring relevant
subject data to light, rather than embarrassing the EFF by
making a comment antithetical to their existence and attempting
to derail a thread, then we should seriously consider uploading
your consciousness to the google collective.

Kind Regards,
Arrakis

P.S. Privacy enhancing technologies are a young science. Who
knows, some people might appreciate such a license...

http://www.securityfocus.com/news/6779

http://blogs.stopbadware.org/articles/2007/09/07/fake-tor-application-delivers-badware-punch

http://www.google.com/search?hl=en&q=site%3Axerodata.com&btnG=Google+Search

xB Mail: Anonymous Email Client

[Arrakis]

I am writing an anonymous email client. The main
delay has been getting it compatible with the xerobank
installer so that it automatically downloads mail
credentials and creates the secmod/key3/cert8 PKCS11
databases and performs automatic encryption of the
user credentials, locking it with the users' PIN code
as the master password.

The design idea is to use an anonymous email server
/ service, or to take any freemail provider and turn
it into an anonymous account (assuming a clean acct).

So I decided while I picked up a cold at defcon that
I would sit down and finally finish it. It works.

It is built using Mozilla Thunderbird. It will contain
the Enigmail extension, and a self-contained GPG
distribution. It will probably also contain NoScript
because it has an html renderer inside it. The program
already has a built-in auto-updater from xerobank that
will download and install it's own PGP signed updates.
The enigmail will be configured to use 5+ keyservers
such as mit, sks, pgp, etc.

The threat model includes content and context obscurity.

Where this meets Tor and anonymity is the question. It
is my intention to filter by protocol, blocking all
communication that is not using either SSL or TLS. Are
there any other considerations we should have, other
than blocking updates? Should we force OCSP and cert
revokation checking? Is there any reason we shouldn't
include the CACert root certificate? Should we scrap
Tor and make it use mixmaster? Should we force users
to create/import PGP Keypairs?

The more I understand email threats/issues over Tor
the better. I am aware that there are only occasionally
any exit servers allowing port 25, but if we are
forcing SSL/TLS, then it won't matter what port they
pick. So any preferences for extensions and behavior are
welcome.

Suggestions will be used to craft an opensource software
released under TESLA license which prevents malware /
spyware additions, and unauthorized modification for
the purpose of commercial profit.

This program will be completed today, and ready for
testing tomorrow, so the sooner I get comments the
better.

Arrakis

Re: Paid performance-tor option?

[Arrakis]

mplsfox02,

This study was performed by Privacy International,
as far as I am aware. I think it best to forget how
they decided to color code the map, and just look
at the numbers inside the columns.

It would also be of interest in how they went about
acquiring their data, and what the standards were.

For the specifics, we are interested in those columns
I pointed out, as those are directly related to
internet privacy. The rest are areas that are outside
the scope of our threat model.

Arrakis



[EMAIL PROTECTED] wrote:
> 
> Arrakis:
> 
>> [EMAIL PROTECTED] wrote:
>>>
>>> macintoshzoom:
>>>
>>>> Sorry, just re-reading my post, I am partially wrong, JONDONYM
>>>> (formerly JAP) is still running its main nodes from "compromised"
>>>> countries.
>>>
>>> There are no "compromised" or "safe" countries as there is no hostile or
>>> friendly network. Any concepts based on such assumptions are doomed.
> 
>> You may care to take a look at this, specifically the
>> 5th, 7th, 8th, and 9th columns. Not all countries are
>> equal, especially when those countries to data
>> interception and data retention themselves.
>>
>> http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597
>>
> 
> Thanks for the link. That does not contradict to what I said. Who did
> this study? I cannot rely my security concept on some human estimates.
> It's interesting, though. There are differences, but no country is "dark
> green" or even "cyan". This study is more a journalistic than a
> scientific one, since the information it is based on is not always
> comparable and does not represent all the characteristics that are
> important for privacy. Maybe Greece is just better in hiding the breaches?
> 
> 

Re: Paid performance-tor option?

[Arrakis]

You may care to take a look at this, specifically the
5th, 7th, 8th, and 9th columns. Not all countries are
equal, especially when those countries to data
interception and data retention themselves.

http://www.privacyinternational.org/article.shtml?cmd%5B347%5D=x-347-559597

[EMAIL PROTECTED] wrote:
> 
> macintoshzoom:
> 
>> Sorry, just re-reading my post, I am partially wrong, JONDONYM
>> (formerly JAP) is still running its main nodes from "compromised"
>> countries.
> 
> There are no "compromised" or "safe" countries as there is no hostile or
> friendly network. Any concepts based on such assumptions are doomed.
> 
> 

Re: Paid performance-tor option?

[Arrakis]

Roy,

  Free, no strings attached. Naturally I cannot disclose what specific
  organizations we work with, as that would be counter-intuitive to
  privacy protection. Here is one offer, currently, just take a look
  for yourself: http://xerobank.com/olympics.php

  We'll consider others on a case basis, but some general countries of
  ill repute suffice. If you were to ask me a hard number, I would say
  any country scoring above 40 on the Press Freedom Index.

Steve

Roy Lanek wrote:
>> We offer free service for journalists in areas where there are significant
>> restrictions on free speech and free press.
> 
> And why should you offer free [I am guessing: free as in free beer] service
> for journalists--are you recruiting, looking for PR? Detail free speech and
> free press [who knows, maybe these are--here--intended differently than with
> free beer] please. In particular, make concrete examples of such areas. Better
> still!, sketch your list [top-down relative to "restrictions on free speech
> and free press," most restricted on top]: 10 entries, say [but if you give
> more I would not say no].
> 
> /Roy Lanek

Re: Paid performance-tor option?

[Arrakis]

Mac,

I'm actually the operations advisor for XeroBank, which
is incorporated in Panama. Servers are located in the
US, Canada, Netherlands, Germany, Switzerland, Malaysia,
Denmark, and the UK. The network is fully operational, with
some users reporting speeds of >25Mbps of international traffic
throughput, with a <250ms response time total trip.

We do not use the Tor network, but an IPSec cascade, with
OpenVPN connection clients. Our software, however, is
compatible with the Tor network.

All payments are anonymized through a technology called
VAULTS, which stands for Variable Anonymous User Letterbox
Token System. When you sign up, you are assigned a deposit
account that can handle your ID/payment method. Your account
is funded with chaumian tokens. You are also assigned an
anonymous access account. Tokens flow from the deposit
account to the anonymous access account in a one-way transaction
so we cannot tell who 'funded' which account. This allows
us to anonymize the payments and identity of account holders,
from the activities of the account itself. Kind of a complex
design, but it allows xb to use any payment method they
want, which is currently confined to credit/debit/wire.

I won't comment on anonymizer as I'm not here to impeach
their integrity. You can contact me offlist to discuss if
you like.

> You are emailing from an [EMAIL PROTECTED] Gmail account: Why
> not yet your own protected, firewalled and encrypted email server yet?
> .. It doesn't gives much confidence in your privacy knowledge.

I am not attempting to hide my identity or source, my content
and context are not sensitive. However, we do have private,
firewalled, anonymized, superultramagical etc., encrypted-only
IMAP/SMTP servers. That and I don't want mailing lists constantly
streaming into my personal communications email box.

> Anyway, if you are able to really improve free tor
> privacy/anonymity/security for global customers, my felicitations, and I
> would study your offer-s seriously in a near future, if not for my
> personal use, yes for my pseudonymously posted privacy/security blogs.

We offer free service for journalists in areas where there are
significant restrictions on free speech and free press.

> Mac.
> If you do gpg mail (I couldn't find your pug pgp/gpg key at any pub
> keyserver), enclosed is my pub-key for non-post mailing if-when any.

My public key is 0xBB678C30, and available on most keyservers.

It is neither my intent nor desire to turn this message into a
commercial advertisement. If you have more questions pertaining
to xb's services, please contact me offlist. However, if you have
more questions about anonymity networks in general, I am happy to
discuss it.

Regards,
Steve

Re: Paid performance-tor option?

[Arrakis]

Mac,

For high bandwidth in addition to low latency, you are correct
that commercial anonymity is the only option. However there are a
lot of issues with commercial anonymity, and anonymity that is
not purely P2P designed. These issues can result in worse privacy
if you don't pay attention to the circumstances of your provider.

Beyond that, many of them have high political risk, and high
legal risk so they are not analogous to Tor, which is distributed and
decentralized, barring authoritative directory servers.

Political risk refers to the possibility of integrity being compromised
due the actions of the country or countries in which the network operates
in. A data retention law, for example, would severely hamper efforts in
anonymity. That means providers like relakks, swissvpn, etc turn into a
honeypot. This also applies to JonDos, as the operators are located in
Germany and the EU, which has a data retention directive in addition to
being a plethora of surveillance societies. To battle this, all of your
traffic must be end-to-end encrypted, but can still be subject to traffic
analysis for context. JonDos however is a slightly different beast. This
is because they operate a mixed-trust model. You are trusting the
operators not to do exit node injection, and it also requires rerouting
through three entities because they do not trust each other. In that
way it is similar to tor.

Other commercial networks, that are single entity, typically have one-hop
or two-hop proxies because they are not disguising origination from
themselves, as that isn't in their threat model. Centralized one-hop
proxies should always be avoided for non-trivial communications or
integrity. The known multi-hop proxies are ironkey, jondos, xerobank,
and cryptohippie.

Legal risk deals with centralization of the operation/operators. These
corporations are governed in surveillance societies, or low-privacy
areas, and are instantly compromised if a record is requested by any
agency of authority. Examples of services with high legal risk are
findnot, anonymizer, ironkey, and cotse.

To attain similar anonymity as tor, with a single trust domain
such as a corporation, they would have to be distributed in server
location, and decentralized in operations. This narrows your choices
down to just two choices that I know of: xerobank as mentioned by
rochester and cryptohippie. Both are incorporated in low risk areas,
and have multi-jurisdictional networks.

There are many providers, all with different levels of integrity
and competence, which should be considered by the user. These come
into play with items like the privacy policy, logging, source
availability of software being used, etc. Other issues are what
type of protocol they use. Beware of L2TP alone, as it does not have
encryption, and thus content is exposed, and only context is
obscured. Beware of PPTP, as it is known to leak DNS. On the relakks
network it leaks 100% the last time I checked. SSH is good, but make
sure you are piping your traffic through it. OpenVPN is a good
choice, and so is IPSec, but again you'll need a good implementation
to prevent leaks, which is often OS dependent.

The bottom line is that providers aren't the same, and anonymity has no
metric of measurement for easy comparison, yet. It's all apples to
oranges. Consider what your needs are, who your potential adversary is,
and do your homework before you buy or demo anything. If you don't, in
many cases, you may as well be CCing your traffic directly to echelon,
as many of the providers are being monitored or are known to proactively
provide logs to law enforcement.

Steve




Rochester TOR Admin wrote:
> Since you've come to your own conclusions please go see Xerobank
> http://www.xerobank.com or one of those other services available.
> 
> On Mon, Aug 18, 2008 at 11:20 AM, macintoshzoom
> <[EMAIL PROTECTED]>wrote:
> 
>> PERFORMANCE and freeness from big-bro-s influent area is a must for tor and
>> for the world benefiting tor.
>>
>> JONDONYM, formerly JAP, have just established this.
>> ( https://www.jondos.de/en/ )
>>
>> If tor is incompetent to find HUGE funding for free, it may be time to
>> setup an international tor paid option.
>>
>> Mac.
>>
>>
>>
> 

Re: The pirate bay, torrent and TOR

[Arrakis]

Kyle

Can you get uTorrent to work if you change the tld of address
to .something ? How is the filtering taking place?

Steve

Kyle Williams wrote:
> On Fri, Aug 15, 2008 at 3:29 PM, Teddy Smith <[EMAIL PROTECTED]> wrote:
> 
>> On Fri, 2008-08-15 at 12:33 -0600, Kasimir Gabert wrote:
>>> On Fri, Aug 15, 2008 at 12:29 PM, Teddy Smith <[EMAIL PROTECTED]> wrote:
 On Fri, 2008-08-15 at 20:18 +0200, Noiano wrote:
> Hello everybody,
> as you may know The Pirate Bay is being blocked in Italy for legal
> issues. It's just a matter of time before all connection to all the
>> TPB
> servers will be blocked. Many people are suggesting to use tor+vidalia
> in order to bypass the block. It's a good suggestion but, IMHO, people
> care very little about just surfing thepiratebay.org. They want to
> access the tracker and download ;-) .
> Since I do not know the torrent protocol I wander: is it possible to
>> use
> tor as a "proxy" to access the tracker and get the data connections
>> not
> passing through tor? This would be possible if the request a client
> makes to a tracker contains the non-tor ip of the client, I guess.
>
> Any idea is welcome.
>
> Noiano (from italy :-P  )
>
>
 IIRC, a few months ago someone set up a tracker as a hidden service,
 specifically for this kind of thing. I didn't test it myself, but some
 people reported success.

>>> Hello,
>>>
>>> I think what is being talked about is something far simpler: accessing
>>> TPB through Tor, but have the P2P connections not being blocked.  This
>>> is actually the recommended way of using Tor with P2P, and is easily
>>> possible in most clients.  I only know about deluge, seeing that is
>>> what I use on my Ubuntu box, and all I had to do was check "Tracker
>>> Proxy" in the settings, and type in my Tor SOCKS proxy.
>>>
>>> Let me know if this helps, and good luck!
>>> Kasimir
>>>
>>>
>> Sorry, I meant to imply that it was possible to have a torified or even
>> hidden tracker, answering the OP's question of "is it possible". Thanks
>> for the Deluge tip, it's my client too and as usual, it's incredibly
>> simple to configure!
>>
>> I do see a possible risk here, though: How easy would it be for the
>> MAFIAA to run hostile exits that killed connections to trackers? They
>> (or their proxies, e.g., Media Defender and the like) seem exactly the
>> type to do this, and they definitely have the resources. So if Tor was
>> to be used as a method of bypassing tracker censorship, the trackers
>> should probably be advised to run their own nodes.
>>
> 
> I've modified a torrent tracker to work exclusively with .onion addresses.
> It will not work with regular IP addresses.
> The tracker is bound only to localhost, and sits behind two firewalls to
> block it from regular IP addresses.
> I've found only one torrent client (Azureus) that allows you to use a .onion
> address for a tracker and peers.
> I wish uTorrent would behave the same way Azureus does, but it doesn't.
> This system is in testing right now.  This is running on a separate Tor
> network.
> Let me repeat that last part.  This is NOT the normal Tor network.  This is
> a SEPARATE Tor network.
> This has been worked here and there for about a year now.  Working out the
> bugs is time consuming.
> So far, it works well with 7 users.
> However, scalability issues are going to be inevitable and will probably be
> the cause for failure down the road.
> 
> If anyone would like to be a alpha/beta tester, e-mail me directly.
> 

Re: No torrc in xBBrowser

[Arrakis]

We've just uploaded the XeroBank 2.8.8.15 installer.

It includes xB Browser 2.0.0.16a, and the full
source and library and tools. Just install NSIS,
put the plugins in the plugin directory, and run
make.bat to compile your own xB Browser and xB VPN
and/or installer to pack them both.

Naturally includes changelog, and all the source is
very well commented and in plain english.

For adding in torrc commands, just run xB Config and
it has a place for you to put them in. Click the
"Generate INI" button and start xB Browser and it
will run with the commands you gave it.

Steve

H D wrote:
> I am running xBBrowser 2.0.0.15a and want to set 
> entry and exit and other things in the torrc. 
> Where do I place the torrc file in xBBrowser? 
> 
> I am also curious about the add-ons "xB Browser 
> Customization". No description to find for it.
> 

Re: No torrc in xBBrowser

[Arrakis]

Curious,

  If you just download the source code from the xb browser page, you
  get all the build requirements and library and source, and even another
  program to configure it for tor to dump in the commands you
  would use in the torrc. Essentially the xB Config program parses
  and writes INI files, including the torrc commands. Things have
  changed _massively_ since a couple of years ago.

  I think I'll also put together an automatic build script for windows
  users in the next edition of source code.

Steve

Curious Kid wrote:
> A couple of years ago, I was looking for how to use the torrc instead of the 
> .ini file in order to bypass a firewall/proxy. The only answers I could find 
> were something along the lines of "we can't tell you how to evade..." and 
> "that's not why Tor was created." I even looked at the NSIS code using 
> Notepad++ and saw where it was passing the arguments, but also realized that 
> only a small part of it (the launcher) was open source. I got tired of 
> messing with it and having it hang for a minute every time I tested it. I 
> found things that worked much better for me.
> 
> Anyway, how do you get it to use the torrc if we need to implement things 
> from the Tor man page (rather than the Xerobank configuration file), and 
> where should it be located for the Xerobank implementation to work? Also, 
> telling us how to do all those lock-downs would be great for verifying if 
> they work. Are they very different from the ones in TorButton? The Firefox in 
> the Tor Browser Bundle is not "just out of the box."
> 
> Later,
> 
> 
> 
> - Original Message 
> From: Kyle Williams <[EMAIL PROTECTED]>
> To: or-talk@freehaven.net
> Sent: Thursday, August 14, 2008 3:51:45 PM
> Subject: Re: No torrc in xBBrowser
> 
> 
> On Thu, Aug 14, 2008 at 8:00 AM, H D <[EMAIL PROTECTED]> wrote:
> 
> I am running xBBrowser 2.0.0.15a and want to set
> entry and exit and other things in the torrc.
> Where do I place the torrc file in xBBrowser?
> 
> I am also curious about the add-ons "xB Browser
> Customization". No description to find for it.
> 
> --
> http://www.fastmail.fm - Same, same, but different…
> 
> 
> I would recommend you that you ask your question over at XeroBank's Forum 
> (forum.xerobank.com).
> You could build your own, however, unless you are good at securing Mozilla 
> products, you might want to continue using xBBrowser.
> 
> Straight out of the box, Firefox is not safe to use with Tor.  It is 
> susceptible to many side-channel attacks that could leak your real IP address.
> The docs at ( https://wiki.torproject.org/noreply/TheOnionRouter/Portable_Tor 
> )  do not have any mention about the security involved in building your own.
> As a matter of fact, I don't see any documentation on how to build your own 
> Browser Bundle...hrm.
> 
> I only see instruction on how to use a web browser (Firefox) and a chat 
> client (Pidgin).
> If you don't know how to use a web browser, then you might want to check out 
> ( https://www.torproject.org/torbrowser/index.html.en ) and take some time to 
> read up on it.  However, since you've already used xB Browser, then I'm sure 
> you already know how to use a web browser.  ;-)
> 
> If you're feeling adventurous, go ahead and build your own.
> Otherwise, stick to free products that have been doing this awhile and have 
> spent time (and money) on making sure it is secure from side-channel attacks.
> 
> Again, I would recommend you that you ask your question over at XeroBank's 
> Forum (forum.xerobank.com).
> Most people around here, if not all of them, don't appreciate xerobank.  So 
> do not expect to find answers for your xerobank questions here.
> 
> 
> Best regards,
> 
> - Kyle
> 
> 
> 
>   

Re: No torrc in xBBrowser

[Arrakis]

H D,

Interesting. Javascript disabled, I assume?
Try registering now. Also worth mentioning is
that the forum is in beta, and not publicly
advertised yet, so such comments like yours
help.

Steve

H D wrote:
> Thank you. I have the Torbrowser but it did not work 
> on my XP machine. Today I download the new and going 
> to test. 
> 
> The Xerobank forum is impossible to register. I tried 
> 3 times and always the error of no avathar but there 
> is no avathar to choose. Not even with images enabled. 
> To click a row in the list is obviously not enough to 
> get an avathar. 
> 
> If the author see this, please regiser me. The email 
> used is the same as here. 
> 

Re: SPD talk: "Simulating a Global Passive Adversary for Attacking Tor-like Anonymity Systems"?

[Arrakis]

So this attack is nothing to worry about?  It is just FUD?  Was it done
on a private Tor network (as is my assumption)?


If you read the slides, you will see it appears the nodes in the
attack were real. Maybe they just named them that way for humor,
however how funny is it that one of the nodes is the same name
as a tor directory authority (lefkada) ?

Steve

Re: How are hackers breaking Tor and trojan users?

[Arrakis]

roger wrote:
> All of the Windows transparent proxying approaches I've seen so far come
> with a huge VM blob (plus the requirement of a huge opaque VM player),
> so while it would be great to offer it as one download option, it can't
> be our only option: there will always be folks with few resources for
> whom it isn't suitable.

I think about that a lot. We've got the current version of xB Browser
down to 10 MB. Now if we move to a VM solution you bumped it up to
a 30 MB download at least. Is the issue that the user can't download
that size? Is the issue that the user doesn't have the storage? Is
the issue that the user doesn't have the overhead to run a VM? If we
knew the user you had in mind a little better, that would help. We
have our own idea about who they are based on usage stats, but maybe
that is an after-the-fact metric.

I think the VM solution is possible to meet most of the criteria.
There is a new fork of xb machine/xb browser in the works that may be
hybrid solution.

> But the real problem here comes down to the lack of design documentation
> or security analysis on the current Windows transparent proxying
> options. Nobody knows what's in them really, nobody knows how to
> reproduce them so they can confirm what's in them, nobody knows how
> they're *supposed* to work so they can't verify that, there's no place
> to go to read a good analysis of the tradeoffs, etc. In that respect,
> we're still in the same place we were a year ago, when I wrote my previous
> mail on this topic:

This is a change I've been pushing for. The only problem is the drastic
evolution of the design. The tradeoff is naturally that we innovate faster
than we can write up a paper, getting those things done in parallel would
be amazing at least. First we solved a vm problem, then we toyed with
remote filesystem mounting, then we scrapped local userdata partition, and
now we're doing some other interesting things. We can get there faster
than we can talk about getting there, and unfortunately the "there" isn't
a place but a process. However, I think we're approaching a point where
we can say "yes, this design solves these problems, and treats these others
in this way" with some consistency. At that point, the paper can get framed.

> Just so we're all clear here, I believe Steve is referring to browser
> vulnerabilities that can force your browser to bypass its proxy
> configuration and skip over Tor entirely. Attacks like this do pop
> up periodically; I am stunned at how many bugs there are in Firefox,
> and IE is even worse.

Including but not limited to.

> This was a great attack, but I think the latest versions of Torbutton
> and Vidalia make it a non-issue going forward. I would love to hear if
> you think otherwise.

I think otherwise, but time will tell.

> But we have to also remember that the broader class of 0-day software
> vulnerabilities also includes ways to exploit your browser to compromise
> your computer, run programs on it, steal all your data, etc. And I think
> we all agree that end-to-end application vulnerabilities aren't going
> to get resolved just by sticking your Tor in a VM.

It's true. Local security has to be strong, which is something we've gotten
a good deal accomplished on in xb's vm. You would be hard pressed to find
a more locked-down system that runs tor. As for the aforementioned attack, it
isn't something I think is only tor's problem, but perhaps a bigger issue.
The point is, you can't just ignore it by writing it out of the threat model.
Or maybe you can? However, we can't just go ahead and spoil christmas for
everyone because you want to know what's in the box. I mean, after all, you've
written a design doc and security analysis. I'm sure the code just writes
itself at that point and you've got nothing to worry about. :D On a
serious note, I don't think it is something you're going to want or be
able to apply a patch to for a strong solution, so disclosing it privately
isn't going to be a concern. Just sit back and enjoy the magic.


Coderman, decimating as usual! You are entirely correct, but a little
perspective is great.

coderman wrote:

this is a pretty strong statement and unsupported for any more complex
attack against a host.  to claim immunity from 0day is to ignore the
(less likely) use of multiple exploits against a virtual machine
environment for escalation of compromise of the guest up to full
control of the host. [0] [1] [2] [3] [4] [5] [6] [7] [8]


While it is theoretically possible, it becomes exponentially unlikely
as you keep requiring to exploit one vulnerability built upon another.
In this specific case, let's take the xb machine design that kyle is
working on. The real attack vector there is the applications that are
already installed, and more vaguely, the vm itself. However, once the
processes are locked down to a specific uid/permission level you can
keep them from talking to one another or intruding on the other's turf.
Not that it isn't possible,

Re: How are hackers breaking Tor and trojan users?

[Arrakis]

Phobos, et al,

> I don't see what Xerobank could

gain from devaluing the software they rely upon for their product.


Exactly. This is hopefully going to make tor stronger and raise
awareness about proper implementation regarding the OSI model.
Unfortunately it pushes most tor-related software into security
obsolescence, including one of our own, through the revelation
that you are fighting a losing battle. It doesn't mean some
can't be salvaged in some incarnation, but it will show that tor
can be turned into a massive liability when you aren't using
sound implementation. So there is a way to "win", and it doesn't
involve defending at layer 4/5/6/7. Those days are over, as soon
as your realize you can stop the effects of 0-days altogether.

So which software/combinations does this issue affect? pretty
much all of them. What would I suggest to do to keep from getting
punked out? Use janusvm or xb machine to access tor. And these
softwares will also keep you safe from that theoretical
vulnerability the other dc talk is supposed to be about. Why?
Because proper implementation removes the attack landscape for
0-day attacks.


For all I know, they put a banana peel on the
floor for Roger to slip on.


It's one hell of a banana, but it's one banana from an infinite
bunch. The particular banana is interesting, but the point is
that you need to change the way your shoes interact with the
floor. And to answer your question without analogy, it works.
Not just on a theoretical level on a research network, but on
the real live tor network, as is, right now.

Want to hear more and see it live? Write to the defcon folks and
tell them you want to go to the talk.

I've got the strangest desire to go eat some bananas.

Ciao,
Steve

Re: How are hackers breaking Tor and trojan users?

[Arrakis]

Krishna

You're making assumptions. I can't reveal the details of the talk,
but the tor developers have been informed of this problem for a
long time. I understand you're excitement though, I'm anxious too.

Steve

krishna e bera wrote:
You allege there is an exploitable flaw in current Tor versions 
and have not informed Tor developers of details yet??

I would hope DefCon does not accept presenters having such ethics.


On Tue, Jun 10, 2008 at 12:50:10PM -0500, Arrakis wrote:

Yes, it can be done.

If the talk is accepted at DefCon, it will be demonstrated live.



MadAtTorHackers wrote:

I read that hackers are breaking Tor and turning into a trojan/rootkit?  Is
this possible?  How can they do this?

In post: http://www.wilderssecurity.com/showpost.php?p=1257878&postcount=722
says XeroBank:

Re: How are hackers breaking Tor and trojan users?

[Arrakis]

Foxyproxy+Polipo+Tor will not be immune.
xB Machine and JanusVM will be immune to the attack.

Steve

Florian Reitmeir wrote:

On Tue, 10 Jun 2008, MadAtTorHackers wrote:


Is there a safe Tor Virtual Machine to use?


as always.. define what is "safe".

For me, Foxyproxy+Polipo+Tor is enough.

Re: How are hackers breaking Tor and trojan users?

[Arrakis]

Yes, it can be done.

If the talk is accepted at DefCon, it will be demonstrated live.



MadAtTorHackers wrote:

I read that hackers are breaking Tor and turning into a trojan/rootkit?  Is
this possible?  How can they do this?

In post: http://www.wilderssecurity.com/showpost.php?p=1257878&postcount=722
says XeroBank:

* I saw something about a Tor exploit talk being planned for Defcon. I'll

assume that's where the s%*t is scheduled to hit the fan? *
The one scheduled so far isn't going to be anything I don't think. I have
serious doubts, considering the wording. Ours, if accepted, will truly
unmask tor users and turn tor into a trojan/rootkit.



Is this XeroBank spreading fear to Tor without cause?  Or did hackers break
Tor and create it a Trojan / Rootkit?

I see also JanusVM developer are working for XeroBank:
http://xerobank.com/team.php

Is JanusVM not being maintained because of XeroBank taking over?  It is dead
since 2007.  They say download removed for Debian, but keep donations
request and link to current Oct-19-2007:
http://www.janusvm.com/download.html

How can Tor become Trojan / Rootkit, this seems not possible?  How are
hackers allowed to break user computers and not be illegal?  Why is JanusVM
working for XeroBank?  Is there a safe Tor Virtual Machine to use?

I have many questions.  Thank you!

xB Machine OS 0.9 Beta Released

[Arrakis]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

xB Machine 0.9 Beta is now available for download.
For those of you unaware, it is the security hardened
next-gen anon OS. This package is ~400MB. The 4GB of
source code will be made available via torrent file
when the official version is released in a little bit.

Enjoy,
Steve Topletz

Download:

https://update.xerobank.com/beta/xBM0.9.zip
915A3960A5E3860D94F0300F3002A607

Added features since last release:

- - LiveCD and Bootable ISO, for CD/USB/HD usability.
- - From zero to GUI in 90 seconds.
- - Internalized QEMU and accelerator module
- - VMware detection and support
- - No login required
- - E17 Desktop with iBar
- - Includes xB Browser + generic xB Mail
- - Includes torrent client
- - Self-destruct
- - Compatible with Tor, XB 1.0, and XB 2.0 networks

Todo out of beta:

- - XB 2.0 automatic credentials DLer
- - WiFi support
- - Sound support
- - vmdisk/crypto drive support
- - crypto usb drive support
- - UI/icons/skinning

Usage:
To use this as a liveCD, execute xBMachine.exe.
To use as bootable, burn the ISO.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIIGo2YM+2mWxc4wkRAqRNAKC4WJSnpEWTQqwcOPTU6IxzXNHg+ACfaNr+
OnY7+5r9TWLVmoPfQc9oJD0=
=CRi2
-END PGP SIGNATURE-

Re: Tor and Firefox 3

[Arrakis]

Howdy Roger,

I thought the original question was asking about an alternative
to torbutton.

No plans to include torbutton in future versions of xB Browser.
The reason we took it out is because it is counter-intuitive
to user behaviors.

Most users don't want a browser for both "anonymous" and "public"
sessions. As an analogy, you may find people prefer to feed their
dogs with different spoons than they themselves use, and it isn't
for lack of a sanitizing dishwasher. So the user seems to prefer
an entirely different disposable session, instead of
"states" as provided by TorButton. Because our focus is user-
oriented instead of design-oriented, elimination of TorButton was
obvious.

This conveys many benefits, not the least of which being one
less point of failure and zero learning curve for the user. A
greater benefit is that this promotes and enables concurrent
browser usage so the user does not have to give up the browser
they are used to. I feel this significantly increases the chance
that the user will keep on employing a "secure" browser, rather
than being faced with the choice between between having to integrate
and learn something new, or turning off the "warning lights"
and going back to insecure browsing habits. Wow, poor English.

However, a significant distinction has to be made so the users
do not confuse the "secure" browser with their normal browser,
so we introduced the XeroBank Modern firefox theme, based on
the defunct Netscape browser.

More good news, though. At 6.7m download requests, I think we are
now getting a strong idea of the user, and the appropriate threat
model, so it may be time to start writing some papers that
establish the evolutionary principles of xBB.

Steve

Re: Tor and Firefox 3

[Arrakis]

XeroBank's network is not based off onion routing, although we do
have a private onion routing network that isn't available to the
public yet. It uses 2-hop relay traffic over TLS, as >2 hops are
unneeded in a single trust domain, unless you want to do some
extra country hopping. The XeroBank network is accessible for
windows, mac, linux, etc via OpenVPN and SSH.

Steve

defcon wrote:

is xero bank based off of tor? or what? does it have a linux version?

Re: Tor and Firefox 3

[Arrakis]

The current configuration can use either the Tor or the XB network.
Does that not satisfy the request?

Steve

Rochester TOR Admin wrote:

Yes, XeroBank's Browser is based on Tor [it used to be called TorPark] but
it also uses their own XeroBank network which is a privatized anonymity
network.

Instead of locking down a browser with a plugin like TorButton does, the xB
Browser is an attempt to lock down the entire browser.

There's no linux version in production.

They do offer a virtual machine that can run on linux -
http://xerobank.com/xB_machine.html

ROC Tor Admin

On Thu, Mar 13, 2008 at 8:23 PM, defcon <[EMAIL PROTECTED]> wrote:


is xero bank based off of tor? or what? does it have a linux version?

Re: Tor and Firefox 3

[Arrakis]

We'll be releasing a version of xB Browser using
the firefox 3 core after more stability testing.

Otherwise, your Firefox 2 solution is xB Browser:

http://xerobank.com/xB_Browser.html


Rochester TOR Admin wrote:

Not a helpful response but I wanted to second that request.

Re: xB Browser 2.0.0.12b pre

[Arrakis]

I haven't seen anything back from you yet, so I'll just pre-empt
some things you may want to know about the upcoming release.

Currently XeroBank is officially scheduled to release their
personal privacy services at the end of March. For personal
services, we are going to offer VPN access into our
high-speed network. There are no third parties allowed to
participate in our network, so there is no easy opportunity
for adversaries to sniff our exit node traffic.

We will also be offering anonymous IMAP mail service, so you
can set up a single email address on all your computers, PDA,
iPhone, or whatever device, and the email will all be same
mail box, stored encrypted on our servers.

The next month, everyone will get free encrypted offshore
storage access with their account.

Later in the year, we will be introducing more services for
you to access with your XeroBank account.

The way it works is like this:

You get a monthly balance of x GB / month. You can spend that
balance with VPN, email, storage, or any of our services, in
any amount you like. If you just want to store your files on
our network, that's fine. Just want anonymous email? No problem.
Want to set up not only your home computer on our VPN, but also
your notebook, and to protect your parents or give access to
your lawyer? Go right ahead. Want to do all three at the same
time? We're happy to help. You can have virtually unlimited
connections to our network that simply debit your bandwidth
balance.

We will include ready to use OVPN software to anonymize your
entire computer traffic. Additionally, you will be able to
select your exit node country of choice, right from the GUI. I
believe the first set of countries to be available for exit are
USA, Canada, Switzerland, Netherlands, Germany, and Jamaica. We
have been building nice entry nodes. Just yesterday we opened up
a 16 core Xeon, with 16GB ram, and Gigabit uplink.
Because we are using a relay network, meaning that the country
you enter our network from is never the same as the node you exit
from, that P2P users can't use UPNP. So additionally we are adding
a setting in addition to the country selection, for P2P users,
that DOES use UPNP on an unmetered server. So bandwidth hogs can
select our P2P setting and download torrents quickly, and as much
as they like. I think the P2P node is going to be in Sweden.

To go indepth a little more, you get 2 plastic XeroBank cards
that use our VAULTS system. The first card is your Deposit card
and that has your identity/payment information on it. That is
how you get funds into your account or deposit them automatically.
The second card is the Access card, which is how you access your
services It looks just like a credit card, with embossed numbers
and all. You simply type in your Access card number into any of our
software and it automatically downloads your access credentials for
the network. The reason we use two cards is because the Access card
separates your traffic from the identity of the account, meaning you
are anonymous to us or anyone who asks us. We don't know which
Deposit card is linked to which Access card, thanks to VAULTS.
Additionally by having cards, you don't have to carry a USB stick
around. Just keep your xerobank card in your wallet, and
download/install your XeroBank VPN software to the host computer.
Of course, we've also made our software portable so you could carry
it with you if you like, preconfigured to your account. In the event
of loss or theft of your access card, your account won't be
compromised, neither will your identity. The worst is that you lose
your bandwidth for that month.

You may also be pleased to know we have a new version of xB Machine
coming out sometime this month. It will be bootable/liveCD, and no
longer require VMWare. It is the most advanced anonymous pre-buit
operating system ever designed, and hooks right up to XeroBank or
Tor. Kyle Williams has joined our development team to help build
this new tighter, faster, more featured version, which will also
include a torrent client and easy sharing services for moving
downloaded files out of the VM.

As for the windows software developments, xB is about to release
a software suite installer that incorporates xB Browser, xB VPN,
and xB Mail. From the installer, just input your Access card number
and it will handle the rest of the configuration for you. This will
also be the first official unveiling of xB Mail, the anonymous email
client with built-in GPG functionality, and GPG signature verified
auto-updater.

And this is just for personal services. In the next few months we
will be releasing our corporate and government level services.

Oh, did I mention we will be giving away 30-day free trials?

Get excited,
Steve Topletz
XeroBank

Re: xB Browser 2.0.0.12b pre

[Arrakis]

RTA,

  Yes, I have lots of information about the project. What would you like to
  to know?

Steve

Rochester TOR Admin wrote:

Good to see some updates on the xb browser.  I don't know if it's
appropriate for this discussion and I'm just assuming that you have some
affiliation with xerobank but do you know what the status of the xerobank
project/company is?

On Wed, Mar 5, 2008 at 5:26 PM, Arrakis <[EMAIL PROTECTED]> wrote:


Moved throbber into splash screen
Automatic flash cookie removal
Auto-updater with gpg signature verification
Latest Tor build
Minor bug fixes
Enhanced firefox control
Flush Tor Circuit button bugfix

http://update.xerobank.com/beta/xB Browser 2.0.0.12b Setup.exe
http://update.xerobank.com/beta/xB Browser 2.0.0.12b Setup.exe.sig

xB Browser 2.0.0.12b pre

[Arrakis]

Moved throbber into splash screen
Automatic flash cookie removal
Auto-updater with gpg signature verification
Latest Tor build
Minor bug fixes
Enhanced firefox control
Flush Tor Circuit button bugfix

http://update.xerobank.com/beta/xB Browser 2.0.0.12b Setup.exe
http://update.xerobank.com/beta/xB Browser 2.0.0.12b Setup.exe.sig

correction

[Arrakis]

Download Installer here:
http://update.xerobank.com/distro/XeroBank/xB-Browser_latest.exe
http://update.xerobank.com/distro/XeroBank/xB-Browser_2.0.0.11a.exe.sig

Source:
http://update.xerobank.com/distro/XeroBank/source/xBB_source_2.0.0.11a.zip
http://update.xerobank.com/distro/XeroBank/source/xBB_source_2.0.0.11a.zip.sig 

xB Browser 2.0.0.11a released

[Arrakis]

The latest XeroBank standalone edition of xB Browser has been 
released. It now includes an Uninstaller and can still be installed to 
USB.


- Added popup warning & anonymity diagram on Install
- Seek & Destroy all Flash cookies
- TorCircuitStatus replaced by custom DLL
- Advanced registration dialogs
- HTTP/SOCKS local proxy support for SSH
- Uninstaller & Debug Mode
- "xB Modern" Firefox Theme for concurrent running with Firefox.
- Minor bug fixes & Tighter code

Will shortly be integrating with OpenVPN and reverting SSH as a legacy 
method for connection, should the user not have administrative privs 
or there is some error with the ovpn connection, and doesn't want to 
run Tor. Next version should have an auto-updater with signature 
verification.


Download Installer here:
http://update.xerobank.com/distro/XeroBank/xB-Browser_latest.exe
http://update.xerobank.com/distro/XeroBank/xB-Browser_2.0.0.10a.exe.sig

Source:
http://update.xerobank.com/distro/XeroBank/source/xBB_source_2.0.0.10a.zip
http://update.xerobank.com/distro/XeroBank/source/xBB_source_2.0.0.10a.zip.sig

xB Browser automated build process

[Arrakis]

Now anyone can run the automated build process and build an xB Browser
installation pack themselves. I wrote the make script in batch language.

This current make automatically downloads the latest firefox from mozilla,
verifies the signatures, and unpacks it. In the future, when the tor win32
binaries use the new installer I wrote a patch for, we'll then be able to
extract the executables just like we currently can with firefox. It would sure
be easier if Tor Projects had a "latest" build directory for automatic
downloading. My thoughts are if that if people really want to be able to drop in
and build an install themselves, let them be able to grab the latest packages
online too. We've already got the code in the makefile that would do the
download and verification if such a directory was available. As it stands, we've
just instead put the latest build locally in the xbbrowser/Library/Tor directory
on the SVN as there is no point in rsyncing it if you've already got the SVN in
front of you.

So, without further adieu...

svn://support.xerobank.com/xbbrowser/

Enjoy,
Steve

Re: Reducing java leakage in windows

[Arrakis]

In the latest build of xB Browser, if you foolishly trust metasploit to allow
scripts, you get the following results:

External Address206.57.47.50Browser (CONTROL)
Internal Host   192.168.0.4 Java(SUCCESS)
Internal Address192.168.0.4 Java(SUCCESS)
DNS Server (Java)   unknown Java(FAIL)
DNS Server (HTTP)   unknown Browser (FAIL)
External NAT (Java) x.x.x.x Java(SUCCESS)
External NAT (Flash)unknown Flash   (FAIL)



icmp30 wrote:
> How's it do against the decloak tests at metasploit?
> http://metasploit.com/research/misc/decloak/
> 
> 
> --- Arrakis <[EMAIL PROTECTED]> wrote:
> 
>> It appears that Java attacks for causing external IP data to be leaked
>> can be mitigated to some good degree. The upshot is that you can now run
>> Java applets that even when attempting to phone home directly (revealing
>> your IP), they are routed through the socks port and thus Tor or any
>> other socks speaking application. What we are doing is changing the
>> proxy settings of the Java Control Panel in windows. The following will
>> shortly be applied to xB Browser after testing, and I highly suggest it
>> for other proxy programs. Needs lots of testing of course, and I would
>> also like to know if Java applets can acquire the authority to modify
>> that file as well. May require administrative access, but I imagine
>> Vista will popup a priv escalation window. There are probably variations
>> in the directories and syntax if you are running JRE <1.4. A good
>> indicator of old versioning is to see if your shoes employ the use of
>> velcro, you have a pair of 'jams' in your closet, or you've found
>> yourself to be too legitimate to quit.
>>
>> Regards,
>> Steve Topletz
>>
>>
>> -
>>
>>
>> 1. Look for $APPDATA\Sun\Java\Deployment\deployment.properties
>> If there is no deployment.properties file there, try all administrative
>> usernames we can enumerate until we find the file. This is not a certianty.
>>
>> 2. Back up deployment.properties to a new file name.
>> 3. Open it up
>> 4. Read and store all lines beginning with "deployment.version"
>> 5. Read and store all lines beginning with "deployment.javapi"
>> 6. Close the file
>> 7. Create a new file deployment.properties where the old one was.
>> 8. Open the file
>> 9. Insert the following lines
>>
>>  #deployment.properties
>>  deployment.system.tray.icon=false
>>  deployment.browser.vm.iexplorer=false
>>  deployment.proxy.socks.host=localhost
>>  deployment.proxy.type=1
>>  deployment.proxy.same=true
>>  deployment.browser.vm.mozilla=false
>>  deployment.capture.mime.types=true
>>  deployment.proxy.socks.port=8080
>>
>> (where port 8080 is your socks port. in Tor, use 9050 by default)
>>
>> 10. Write all previously stored lines from old opened file.
>> 11. Close the new deployment.properties
>>
>> Continue starting your proxy program
>> On program exit...
>>
>> 12. Delete the deployment.properties file we created.
>> 13. Restore the deployment.properties file we backed up.
>>
> 
> 
> 
>   
> 
> Be a better pen pal. 
> Text or chat with friends inside Yahoo! Mail. See how.  
> http://overview.mail.yahoo.com/
> 

Re: Reducing java leakage in windows

[Arrakis]

I can confirm that this code does indeed expose the external IP address,
despite the setting in JCP/deployment.properties.

James Muir wrote:
> [EMAIL PROTECTED] wrote:
>> On Sun, Dec 02, 2007 at 11:35:49PM -0800, [EMAIL PROTECTED] wrote
>> 0.9K bytes in 21 lines about:
>> : I remember these tests. I can't seem to find a copy of the applets you
>> : used. Are you willing to publish them? Or point me in the right
>> : direction should I want to try implementing them?
>>
>> http://exitthematrix.dod.net/matrixmirror/ar01s05.html  Jump down to the
>> "Web bugs" section.  It references
>> http://exitthematrix.dod.net/matrixmirror/misc/superipbug.java from
>> http://www.inet-police.com/cgi-bin/env.cgi
>>
>> There is another more thorough test of a java applet completely ignoring
>> the jvm proxy configuration.  However, my google-fu is weak.
> 
> When I read that example it seems to indicate that the applet reads your
> IP address locally and then submits it back to the originating web site
> through the proxy.  The applet does not seem to ignore proxy settings
> (i.e. it does not seem to open a non-proxied connnection); it just
> submits identifying information through the proxied connection.
> 
> Jacob, Steve: I don't want to publish my complete ready-to-run code on
> the list, but here is an excerpt:
> 
> /***/
> 
> Socket socket_to_originating_host = null;
> int tcp_port = 80;
> InetSocketAddress originating_host =
>   new InetSocketAddress(getCodeBase().getHost(), tcp_port);
> 
> try {
>   socket_to_originating_host = new Socket(Proxy.NO_PROXY);
>   // timeout is in milliseconds
>   socket_to_originating_host.connect(originating_host, 1);
>   System.out.println(
>"Socket Local Address = " +
>socket_to_originating_host.getLocalAddress().getHostAddress());
> }
> 
> catch (Exception e) {
>   System.out.println("EXCEPTION THROWN:  " + e);
>   System.exit(1);
> 
> }
> 
> //
> 
> More details can be found in the paper "Internet Geolocation" on my web
> site.
> 
> -James
> 
> 
> 
> 
> 

Re: Reducing java leakage in windows

[Arrakis]

Okay pause.

We need to distinguish here because ya'll are talking about different
terms. Internal network IP (192.168.x.x, etc), external IP (your public
IP address), and DNS requests (locally vs remote through socks). The
internal network IP probably isn't a terribly valuable piece of
information to most snoops. The local DNS is an issue because you're
telling your local network/ISP or whomever what addresses  you're
looking at. The big issue is the external network IP, which is what the
public sees and identifies the home user's specific computer.

So what we want to see is an applet running around the
deployment.properties setting, exposing the external network IP. The DNS
leakage should also be investigate of course.

Steve



James Muir wrote:
> [EMAIL PROTECTED] wrote:
>> On Sun, Dec 02, 2007 at 11:35:49PM -0800, [EMAIL PROTECTED] wrote
>> 0.9K bytes in 21 lines about:
>> : I remember these tests. I can't seem to find a copy of the applets you
>> : used. Are you willing to publish them? Or point me in the right
>> : direction should I want to try implementing them?
>>
>> http://exitthematrix.dod.net/matrixmirror/ar01s05.html  Jump down to the
>> "Web bugs" section.  It references
>> http://exitthematrix.dod.net/matrixmirror/misc/superipbug.java from
>> http://www.inet-police.com/cgi-bin/env.cgi
>>
>> There is another more thorough test of a java applet completely ignoring
>> the jvm proxy configuration.  However, my google-fu is weak.
> 
> When I read that example it seems to indicate that the applet reads your
> IP address locally and then submits it back to the originating web site
> through the proxy.  The applet does not seem to ignore proxy settings
> (i.e. it does not seem to open a non-proxied connnection); it just
> submits identifying information through the proxied connection.
> 
> Jacob, Steve: I don't want to publish my complete ready-to-run code on
> the list, but here is an excerpt:
> 
> /***/
> 
> Socket socket_to_originating_host = null;
> int tcp_port = 80;
> InetSocketAddress originating_host =
>   new InetSocketAddress(getCodeBase().getHost(), tcp_port);
> 
> try {
>   socket_to_originating_host = new Socket(Proxy.NO_PROXY);
>   // timeout is in milliseconds
>   socket_to_originating_host.connect(originating_host, 1);
>   System.out.println(
>"Socket Local Address = " +
>socket_to_originating_host.getLocalAddress().getHostAddress());
> }
> 
> catch (Exception e) {
>   System.out.println("EXCEPTION THROWN:  " + e);
>   System.exit(1);
> 
> }
> 
> //
> 
> More details can be found in the paper "Internet Geolocation" on my web
> site.
> 
> -James
> 
> 
> 
> 
> 

Re: Reducing java leakage in windows

[Arrakis]

James,

  Do you have a copy of these tests? I'm definitely interested in seeing
it. However, I am NOT posing this as a solution to java issues, just
another defense layer. This effectively keeps non-malicious applets from
surreptitious leakage. I highly doubt a determined application would be
cornered in, but most seem to be. Regarding DNS, well that is again
another issue to be looked at, unfortunately.

Steve

James Muir wrote:
> Arrakis wrote:
>> It appears that Java attacks for causing external IP data to be leaked
>> can be mitigated to some good degree. The upshot is that you can now run
>> Java applets that even when attempting to phone home directly (revealing
>> your IP), they are routed through the socks port and thus Tor or any
>> other socks speaking application. What we are doing is changing the
>> proxy settings of the Java Control Panel in windows.
> 
> Some time ago, I conducted several tests that demonstrated that Java
> Applets have the ability to disregard proxy settings in the Java Control
> and open direct non-proxied connections.  I do not think what you have
> described will work.
> 
> -James
> 

Reducing java leakage in windows

[Arrakis]

It appears that Java attacks for causing external IP data to be leaked
can be mitigated to some good degree. The upshot is that you can now run
Java applets that even when attempting to phone home directly (revealing
your IP), they are routed through the socks port and thus Tor or any
other socks speaking application. What we are doing is changing the
proxy settings of the Java Control Panel in windows. The following will
shortly be applied to xB Browser after testing, and I highly suggest it
for other proxy programs. Needs lots of testing of course, and I would
also like to know if Java applets can acquire the authority to modify
that file as well. May require administrative access, but I imagine
Vista will popup a priv escalation window. There are probably variations
in the directories and syntax if you are running JRE <1.4. A good
indicator of old versioning is to see if your shoes employ the use of
velcro, you have a pair of 'jams' in your closet, or you've found
yourself to be too legitimate to quit.

Regards,
Steve Topletz


-


1. Look for $APPDATA\Sun\Java\Deployment\deployment.properties
If there is no deployment.properties file there, try all administrative
usernames we can enumerate until we find the file. This is not a certianty.

2. Back up deployment.properties to a new file name.
3. Open it up
4. Read and store all lines beginning with "deployment.version"
5. Read and store all lines beginning with "deployment.javapi"
6. Close the file
7. Create a new file deployment.properties where the old one was.
8. Open the file
9. Insert the following lines

 #deployment.properties
 deployment.system.tray.icon=false
 deployment.browser.vm.iexplorer=false
 deployment.proxy.socks.host=localhost
 deployment.proxy.type=1
 deployment.proxy.same=true
 deployment.browser.vm.mozilla=false
 deployment.capture.mime.types=true
 deployment.proxy.socks.port=8080

(where port 8080 is your socks port. in Tor, use 9050 by default)

10. Write all previously stored lines from old opened file.
11. Close the new deployment.properties

Continue starting your proxy program
On program exit...

12. Delete the deployment.properties file we created.
13. Restore the deployment.properties file we backed up.

Re: Soliciting Opinions on xB Browser "How To Build" doc

[Arrakis]

How about instead of Make, we use Scons? It should be easier for people
to read and modify.

Additionally, for the list of tor 3rd party devs...

I figured out how to implement the (more) secure persistent settings in
firefox. This will be useful for others trying a similar approach to xB
Browser.

1. Keep prefs.js with the normal user settings.
2. Load this user.js on top of it, to keep the network settings persistent.

This way the user can change their settings like cache, saving
passwords, etc, but not risk messing up their network settings.

Tested and it works.

Files below, including settings.

Regards,
Steve

-- BEGIN PREFS.JS --
# Mozilla User Preferences

/* Do not edit this file.
 * XEROBANK BROWSER CONFIGURATION SOFTCODE SETTINGS
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL
about:config
 * For more information, see
http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.auto", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer",
1195327847);
user_pref("app.update.lastUpdateTime.background-update-timer", 1195327847);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer",
1195327847);
user_pref("app.update.lastUpdateTime.search-engine-update-timer",
1195327853);
user_pref("app.update.url.override",
"https://aus2.mozilla.org/update/2/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/en-US/%CHANNEL%/%OS_VERSION%/update.xml";);
user_pref("browser.cache.disk.capacity", 0);
user_pref("browser.download.lastDir", "C:\\Documents and
Settings\\Administrator\\Desktop");
user_pref("browser.download.manager.retention", 0);
user_pref("browser.formfill.enable", false);
user_pref("browser.history_expire_days", 0);
user_pref("browser.history_expire_days.mirror", 9);
user_pref("browser.preferences.advanced.selectedTabIndex", 1);
user_pref("browser.send_pings", false);
user_pref("browser.sessionstore.enabled", false);
user_pref("browser.shell.checkDefaultBrowser", false);
user_pref("browser.startup.homepage", "https://support.xerobank.com/IPSpy";);
user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1.8");
user_pref("browser.tabs.warnOnClose", false);
user_pref("dom.storage.enabled", false);
user_pref("intl.accept_languages",
"en-US,en,chrome://global/locale/intl.properties");
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, UTF-8");
user_pref("layout.css.report_errors", false);
user_pref("network.cookie.lifetime.days", 0);
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.dns.disableIPv6", true);
user_pref("network.http.keep-alive.timeout", 1000);
user_pref("network.http.max-connections-per-server", 16);
user_pref("network.http.max-persistent-connections-per-proxy", 24);
user_pref("network.http.max-persistent-connections-per-server", 16);
user_pref("network.http.pipelining", true);
user_pref("network.http.pipelining.maxrequests", 8);
user_pref("network.http.proxy.pipelining", true);
user_pref("network.http.use-cache", false);
user_pref("network.proxy.backup.ftp", "");
user_pref("network.proxy.backup.ftp_port", 0);
user_pref("network.proxy.backup.gopher", "");
user_pref("network.proxy.backup.gopher_port", 0);
user_pref("network.proxy.backup.socks", "localhost");
user_pref("network.proxy.backup.socks_port", 9050);
user_pref("network.proxy.backup.ssl", "");
user_pref("network.proxy.backup.ssl_port", 0);
user_pref("network.proxy.failover_timeout", 0);
user_pref("network.proxy.no_proxies_on", "");
user_pref("network.proxy.share_proxy_settings", true);
user_pref("network.proxy.socks", "localhost");
user_pref("network.proxy.socks_port", 9050);
user_pref("network.proxy.socks_remote_dns", true);
user_pref("network.proxy.type", 1);
user_pref("pref.privacy.disable_button.view_cookies", false);
user_pref("privacy.item.cookies", true);
user_pref("privacy.item.passwords", true);
user_pref("privacy.sanitize.didShutdownSanitize", true);
user_pref("privacy.sanitize.promptOnSanitize", false);
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("security.disable_button.openDeviceManager", false);
user_pref("security.warn_entering_secure", false);
user_pref("security.warn_entering_secure.show_once", false);
user_pref("security.warn_leaving_secure.show_once", false);
user_pref("security.warn_submit_insecure", false);
user_pref("security.xpconnect.plugin.unrestricted", false);
user_pref("signon.rememberSignons", false);
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.103", "");
-- END PREFS.JS --

-- BEGIN USER.JS --

# Mozilla User Preferences

/* Do not edit this file.
 * XEROBANK TOR CONFIGURATION HARDCODE SETTINGS
 *
 * If you make changes to this file while the application is running,
 * the

Re: Soliciting Opinions on xB Browser "How To Build" doc

[Arrakis]

Jacob,

  It is a little out of the way to take a win32 program and put the
build environment in something that isn't convenient for the end-user
who would be doing the build and verification process. So changing
operating systems or requiring cygwin installation isn't conducive. I'll
see if we can keep it win32. But if we had to, we could probably build
in in nix.

And you're right about the default file issue. Just a method of
preference but it would be nice if our distro hash was the same as our
build hash.

Steve


Jacob Appelbaum wrote:
> Arrakis wrote:
>> Jacob,
>>
>> This might be able to work, assuming we figure out if there are any
>> dependencies for win32 Make.
>>
>> Actually, I could probably even have Make curl, verify, and unpack the
>> latest Tor, Firefox, etc.
>>
>> Still doesn't solve all the GUI settings issues, but I guess it is a
>> general step in the right direction.
>>
> 
> Every successful software project I can think of uses an automated build
> process of sorts. If you make UI changes, they will eventually find
> their way into a file. How to modify these things isn't something you'd
> need to place into an automated build process. It's something you'd want
> to put into another document. Your default settings are the files left
> after tweaking things to fit your desires. Build your project in an
> automated way around files that are already created properly. What you
> ship is what needs to be automated. This allows someone to take your
> shipped binary and validate your claims.
> 
> If you're using subversion, you can easily make a single subversion
> server that uses external subversion repositories. This means that you
> can have Tor and other projects automatically pulled for a specific
> given revision. It should result in something stable without having to
> specifically release any code from those projects. This is useful
> because it means that users would be getting the source of those
> projects from their main distribution points and not you.
> 
> Make is very useful though it might not fit your needs because of your
> desire to build the software on windows. However, it seems that you're
> using lots of software that depends on it for building anyway.
> 
> Have you considered trying to make this work with cygwin and automating
> everything in simple terms? Once you have something simple, you can
> build something more complex.
> 
> Regards,
> Jacob
> 

Re: Soliciting Opinions on xB Browser "How To Build" doc

[Arrakis]

Jacob,

This might be able to work, assuming we figure out if there are any
dependencies for win32 Make.

Actually, I could probably even have Make curl, verify, and unpack the
latest Tor, Firefox, etc.

Still doesn't solve all the GUI settings issues, but I guess it is a
general step in the right direction.

Steve





Jacob Appelbaum wrote:
> Arrakis wrote:
>> Greetings,
>>
>> We've rewritten xB Browser to version 2.0.0.9/10 and are about to
>> introduce some new functionality to it. I thought this would be a lovely
>> time to take a step back and acquiesce to some prior requests for a doc
>> on how to build xB Browser from scratch. I've got some questions, and
>> hopefully you've got some opinions and maybe requests of your own.
>>
>> 1. Given the somewhat complicated layout mechanisms in Mozilla, would
>> you be willing to have instructions that say to the effect "Go to
>> View|Toolbar|Customize and drag button xyz to the toolbar where desired"
>> or do we demand to see a file-based placement?
>>
>> 2. Given the above, you will get users placing the toolbar items or
>> buttons in slightly different order, or editing a file with an editor
>> that may not have the same /$r/$n EOL functions, thus we will end up
>> with different hashes/sizes from one user to the other, despite them
>> being the same build. Is that acceptable? What is an acceptable
>> alternative if not?
>>
> 
> I suggest you use an automated build system. Make[0] should do the job.
> 
> Basically all modern software projects are built with some sort of build
> system, it's probably a good idea to use something that everyone can
> acquire and use for free.
> 
> Regards,
> Jacob
> 
> [0] http://www.gnu.org/software/make/
> 

Re: court trial against me - the outcome

[Arrakis]

I actually know of such a company that is interested in supplying tor
legal insurance in DE. Is anyone interested?

Steve

linux wrote:
> There is already a thread about this organization/fund.
> I am watching it carefully because I am interested.
> 
> It looks for like like we need a legal costs insurance 
> (Rechtschutzversicherung)  for tor admins.
> 
> Gruesse
> Robert
> 
> 
> On Wednesday 14 November 2007 22:16, Robert Hogan wrote:
>> On Wednesday 14 November 2007 20:47:50 you wrote:
>>> This country needs an revolution!
>> Maybe! ;)
>>
>> In the meantime, solidarity among Tor operators would go a long way. If
>> that case had been for 100,000 euro you might now find yourself with a date
>> in court. Who would you turn to in such a situation?
>>
>> We need to create a body that we can all turn to, and only we as a group
>> can create it. Would you be willing to contribute time to creating such an
>> organization? Do you have any contacts who could advise on how to establish
>> it?
>>
>> If so, let me know. And apologies in advance for contacting you directly if
>> it is unwelcome.
> 

A question of preferences

[Arrakis]

I'm writing the preferences for the xB Browser, and I've been thinking
about the problem of users who are smart enough to be dangerous to
themselves. I'm talking about those that jump into the proxy settings
and think they are speeding things up by changing to a direct connection
or auto-detect.

Well, yeah, they're speeding up alright, but at the cost of breaking
their anonymity.

So it occurs to me I can keep those settings from being persistent
(nothing can stop someone who is determined to wreck their privacy). I
can do this by employing the user.js, which over-rides whatever the
users sets in their prefs.js files.

Therefore, I am thinking about what settings should be hard-coded on
browser/client startup.

The goal was "The purpose of user.js is to hardcode browser settings to
keep users from compromising their network anonymity beyond preferences."

That means for Tor/SSH usage, the browser needs to block plugins.
That means for VPN usage, the browser doesn't need to block plugins.

So now we're talking about two different user.js files entirely.
OK fine. But we get to a new point where we have to decide what things
should and shouldn't be blocked from being persistent from one session
to the next.

Of the following, beyond proxy settings, I'm thinking we should keep
persistent:

network.dns.disableIPv6 = true ; ipv6 addresses fail through tor.
network.proxy.socks_remote_dns = true
network.proxy.failover_timeout = 0 ;always retry the proxy, never revert.
layout.css.report_errors = false ;get rid of java console errors

There are other privacy related settings such as DOM and session info
that are a grey area, but I am thinking those don't meet the above goal,
and thus should be left as preferences for the user.

Comments and suggestions welcome,
Steve

Soliciting Opinions on xB Browser "How To Build" doc

[Arrakis]

Greetings,

We've rewritten xB Browser to version 2.0.0.9/10 and are about to
introduce some new functionality to it. I thought this would be a lovely
time to take a step back and acquiesce to some prior requests for a doc
on how to build xB Browser from scratch. I've got some questions, and
hopefully you've got some opinions and maybe requests of your own.

1. Given the somewhat complicated layout mechanisms in Mozilla, would
you be willing to have instructions that say to the effect "Go to
View|Toolbar|Customize and drag button xyz to the toolbar where desired"
or do we demand to see a file-based placement?

2. Given the above, you will get users placing the toolbar items or
buttons in slightly different order, or editing a file with an editor
that may not have the same /$r/$n EOL functions, thus we will end up
with different hashes/sizes from one user to the other, despite them
being the same build. Is that acceptable? What is an acceptable
alternative if not?

Regards,
Steve

Re: Firefox IPv6 Anonymity bypass

[Arrakis]

Greetings and welcome to 2006!

<3,
Steve

Excerpt from "How To Create Torpark"

Step 31. set as follows:
noscript.notify.hideDelay = 30  
noscript.statusIcon = false
network.dns.disableIPv6 = true ; ipv6 addresses fail through tor.
network.proxy.socks_remote_dns = true
browser.sessionstore.enabled = false
browser.sessionhistory.max_entries = 1
network.cookie.lifetime.days = 0
dom.storage.enabled = false
dom.max_script_run_time = 60 ;script running time
dom.max_chrome_script_run_time = 60;
network.proxy.failover_timeout = 0 ;always retry the proxy, never
revert.
plugin.scan.plid.all = false ;Do not allow plugin scanning.
security.xpconnect.plugin.unrestricted = false; do not allow
unlimited access to XPConnect
layout.css.report_errors = false ;get rid of java console errors
network.http.keep-alive.timeout:1000
network.http.max-persistent-connections-per-proxy:16
network.http.pipelining:true
network.http.pipelining.maxrequests:8
network.http.proxy.pipelining:true



Kyle Williams wrote:
> Nice find!
> 
> Thanks for reporting it.
> 
> On 10/25/07, Nick 'Zaf' Clifford <[EMAIL PROTECTED]> wrote:
>> Hey ya,
>>
>> Just noticed one small problem with Tor + Firefox + IPv6.
>> I'm aware that Tor doesn't yet support IPv6, but I found an interesting
>> development with respect to a system that has IPv6 configured and working.
>>
>> If you are using Tor (and have Firefox configured to use the HTTP
>> proxy), Firefox will not use the proxy for IPv6 traffic. This means that
>> if you visit a website using Tor, and it has a img, href, etc to a ipv6
>> hostname, Firefox will happily connect with your native IPv6 connection
>> (bypassing Tor).
>>
>> The work around for this is to disable Ipv6 (about:config,
>> network.dns.disableIPv6 = true)
>>
>> I guess this is a bug with Firefox rather than Tor, but it should be
>> noted in a wiki somewhere, as IPv6 is becoming more and more prevalent
>> and networks are becoming connected. It is of great concern for those in
>> China, where IPv6 is being rolled out at a great rate of knots.
>>
>> Nick
>>
>>
>>
>>
>>
> 

xB Browser 2.0.0.8a push

[Arrakis]

- New Installer for Windows
  - Creates Desktop/Start Menu Icons
  - <10MB including archives
  - Can Register for free xB account
  - xB Members can upgrade via their Trans ID
- Enhanced Windows Vista compatibility
- Firefox 2.0.0.8
- Tor 0.1.2.17
- Addons all updated
- New Password Addon
- xBBNuker included, returns xB Browser to virgin state.

https://update.xerobank.com/beta/xB%20Browser%20Installer.exe
https://update.xerobank.com/beta/xB%20Browser%20Installer.exe.sig

Re: About HTTP 1.1 Cache

[Arrakis]

Andy,

So maybe a very subtle theme and icon change. I'll give it some thought
tonight as I finish xB Browser 2.0.0.7a

Regards,
Steve

Andy Schaumberg wrote:
> Steve-
> 
> Side-by-side would be good.
> 
> I'm often switching my proxy settings around between port 8118 (use
> Privoxy+Tor) and port 8119 (use Privoxy w/o Tor). I don't like the
> Firefox "Tor button" plugin because it's too global. I'd like one
> session that I know will use Tor, and another that won't. I was
> considering installing Seamonkey with different proxy settings for this
> reason alone. It's good to be able to use the full speed of my
> connection, while still keeping the anonymous option open for some traffic.
> 
> I think themes may be a bit distracting too, but that depends on the
> theme. Having a different process name would be nice, or a little icon
> somewhere would be enough. Just so long as I can tell the two apart and
> have them be separate processes with separate configurations.
> 
> Cheers-
> -Andy
> 
> Arrakis wrote:
>> Kyle
>>
>> You could if you want to recompile. Now I'm about to release xBB
>> 2.0.0.7, and my concern about that is if the user can't tell the
>> difference, visually, between Firefox and xB Browser. I can use themes
>> and that is a little distracting, but xB Browser is geared towards tor
>> novice and mid-levels. If they are advanced users, they can always edit
>> the head section to use a different process name rather than Firefox.exe.
>>
>> Now, I *could* edit it to use something else entirely, and then you
>> wouldn't have the problem. Would anyone else like to be able to run
>> Firefox and xB Browser side-by side; and if so would you want a
>> different theme so you could tell them apart?
>>
>> Steve
>>
>>
>> Kyle Williams wrote:
>>> Doesn't xB Browser require me to close my existing firefox first,
>>> before it
>>> can start?
>>> Can I run both xB-Browser (using Tor) and my Firefox (not using Tor)
>>> at the
>>> same time somehow?
>>>
>>>
>>> On 9/21/07, Arrakis <[EMAIL PROTECTED]> wrote:
>>>> We call this xB Browser.
>>>>
>>>> <3 Steve
>>>>
>>>> Alexander W. Janssen wrote:
>>>>> The easiest solution would be just using different browser-profiles
>>>>> and run them simultaneously. One for Tor, one for everything else.
>>>>>
>>>>> Cheers, Alex.
>>>>>
>>
> 

Re: About HTTP 1.1 Cache

[Arrakis]

Kyle

You could if you want to recompile. Now I'm about to release xBB
2.0.0.7, and my concern about that is if the user can't tell the
difference, visually, between Firefox and xB Browser. I can use themes
and that is a little distracting, but xB Browser is geared towards tor
novice and mid-levels. If they are advanced users, they can always edit
the head section to use a different process name rather than Firefox.exe.

Now, I *could* edit it to use something else entirely, and then you
wouldn't have the problem. Would anyone else like to be able to run
Firefox and xB Browser side-by side; and if so would you want a
different theme so you could tell them apart?

Steve


Kyle Williams wrote:
> Doesn't xB Browser require me to close my existing firefox first, before it
> can start?
> Can I run both xB-Browser (using Tor) and my Firefox (not using Tor) at the
> same time somehow?
> 
> 
> On 9/21/07, Arrakis <[EMAIL PROTECTED]> wrote:
>> We call this xB Browser.
>>
>> <3 Steve
>>
>> Alexander W. Janssen wrote:
>>> The easiest solution would be just using different browser-profiles
>>> and run them simultaneously. One for Tor, one for everything else.
>>>
>>> Cheers, Alex.
>>>
> 

Re: Load Balancing

[Arrakis]

Alex,

That is exactly the distinction I am looking for.

Does Tor care about the destination of the TCP request, when deciding to
make a new circuit, and thus will use one because it is already dirtied
by that domain?

Steve

Alexander W. Janssen wrote:
> However, considering your question... It doesn't sound too efficient
> to me... The slides say "If the user wants to access a different site,
> Alice's Tor client selects a different path."
> I'm curious how strict I should read that...
> 
> Site vs. TCP-connections?
> 
> Alex.

Load Balancing

[Arrakis]

Hey guys, quick question.

If I have Tor process running, and request a url that has 10 images to
load from the same domain, do all the requests go through the same
circuit, or does the tor process split up the requests across all the
circuits?

Regards,
Steve

Re: About HTTP 1.1 Cache

[Arrakis]

We call this xB Browser.

<3 Steve

Alexander W. Janssen wrote:
> The easiest solution would be just using different browser-profiles
> and run them simultaneously. One for Tor, one for everything else.
> 
> Cheers, Alex.
> 

Re: Careful, you.re being watched.

[Arrakis]

Ran it against a bunch more scanners and came up with a suspicious
payload. F-Secure refers to it as "Tibs.gen134", Sophos as "Mal/Dorf-E",
etc, but just because it is suspicious doesn't mean anything definitive.
Other than, it probably isn't tor since it is 1/20th the size.

http://www.virustotal.com/resultado.html?f63f10cc10953a005a9683b875eac2dd

Steve

Re: Careful, you.re being watched.

[Arrakis]

Report comes back that this is hosted from Taipei, Taiwan.

Comes back negative for viruses, scanned against 13 popular virus
scanners. Time to run it in a VM and capture the activity, if it even
executes...

Steve

Kyle Williams wrote:
> I just found this myself and am digging into it now.needless to say,
> this is not Tor.
> 
> 
> On 9/6/07, loki der quaeler <[EMAIL PROTECTED]> wrote:
>>
>> new trojan mask variant: (105% evil)
>>
>> Begin forwarded message:
>>
>>> Return-Path: <[EMAIL PROTECTED]>
>>> Delivered-To: [EMAIL PROTECTED]
>>> Received: (qmail 18515 invoked from network); 6 Sep 2007 05:49:08
>>> -0700
>>> Received: from 103-134-124-91.pool.ukrtel.net (91.124.134.103)
>>>   by www.weltschmerz.org with SMTP; 6 Sep 2007 05:49:08 -0700
>>> Received: from zbcdphd by 103-134-124-91.pool.ukrtel.net with local
>>> (Exim 4.66 (FreeBSD))
>>> id 1ITH-000LCI-41
>>> for [EMAIL PROTECTED]; Thu, 6 Sep 2007 15:48:54 +0300
>>> To: <[EMAIL PROTECTED]>
>>> Subject: Careful, you.re being watched.
>>> From: <[EMAIL PROTECTED]>
>>> Content-Type: text/html;charset=iso-8859-1
>>> Content-Transfer-Encoding: 7BIT
>>> Message-Id: <[EMAIL PROTECTED]>
>>> Sender: User zbcdphd <[EMAIL PROTECTED]>
>>> Date: Thu, 6 Sep 2007 15:48:54 +0300
>>>
>>> 
>>> 
>>> 
>>> Everyone who is doing file trading is at risk. Read the news on
>>> RIAA and what they are doing to everyone they find. Your privacy
>>> can be safe again with our new technology. Save yourself from an
>>> attack and use this free software now. Download Tor
>>> 
>>> 
>>>
>>
> 

Re: what's with Torpark?

[Arrakis]

Eugen,

Torpark was rebranded to xB Browser. It is still free and "open source"
as per usual. In addition, we have released a new free software called
xB Machine, a secure virtual workstation.

This should explain it:
http://xerobank.com/torrify.html

Steve

Eugen Leitl wrote:
> I've been out of the loop for a while -- Torpark seems to have
> gone closed source/commercial. What are viable alternatives?
> 

Re: FireGPG

[Arrakis]

When do you use it? On what websites?

Kyle Williams wrote:
> I use it, and I like it.
> 
> On 8/15/07, Arrakis <[EMAIL PROTECTED]> wrote:
>> Saw it. Thought about it.
>>
>> Matej Kovacic wrote:
>>> Hi,
>>>
>>> check this out: http://firegpg.tuxfamily.org/
>>>
>>> Useful in cobination with Tor button.
>>>
>>> bye, Matej
>>>
>>>
> 

Re: FireGPG

[Arrakis]

Saw it. Thought about it.

Matej Kovacic wrote:
> Hi,
> 
> check this out: http://firegpg.tuxfamily.org/
> 
> Useful in cobination with Tor button.
> 
> bye, Matej
> 
> 

Introducing xB Machine - The Secure Virtual Workstation

[Arrakis]

xB Machine v0.2.2 DEVELOPMENT PRE-RELEASE(370MB)

DOWNLOAD HERE:
http://update.xerobank.com/beta/xBVM-0.02.2.zip

xB Machine is a virtual machine built on the Gentoo platform, and is
designed to provide a strong IP leak-resistant system and network
design, hardened security against local attacks, and access to the Tor
network and XeroBank network. The functional use of the software is for
secure and anonymous communications and financial transactions.

The effect for the end user is that they can use the internet
anonymously and view rich media such as Flash, in addition to the
protection of a relatively hardened and well-featured operating system.

xB Machine can run on VMWare and QEMU.

xB Machine conforms to the Portable Privacy framework:

- Portability
- Trustworthiness
X - Source Code
  - License
  - Fail Securely
  - Imputed Privacy
- Elegance
  - Appealing
  - Intuitive
  - Easy to Use
  - Self-Contained
X - Informative of Status
  - Transparency

Source-code, design spec, and security spec is forthcoming. The license
is currently TESLA, but it is expected to become HESSLA or GPL as the
project develops.

The following list is inclusive, not exhaustive.

The current features are as follows:

- Firewalled NIC
- Segmented program partition from userdata filesystem
- Loop AES encrypted userdata filesystem
- Host system integrity check
- Remote encrypted filesystem mounting via WebDavFS/SSHFS
- Proxy autoconfiguration script for selecting the network used.
- Self-Destruct sequence to destroy AES key, and then data wipe of
encrypted user partition.
- Local Exploit Protections (GrSecurity, stack protection, few suids,
and more)
- Support for Tor, xB Plus, xB Pro/Premium. Future support for xB Onion
- Firefox, customized with addons and configurations for speed and
security options. (PrefBar, AdBlock Plus, DOM disabled, Pipelining, etc)
- Thunderbird customized with addons and configurations for speed and
security options. (Enigmail, DOM disabled, Pipelining, etc)
- Pidgin w/ OTR plugin for access to SILC, AIM, MSN, Y!, ICQ, etc. OTR
plugin secures the chat with AES encryption, and uses DH key exchanges
for perfect forward secrecy.
- Generic text editor and image viewer. These will likely be upgraded in
future releases.

Future features:
- PGP keysigned auto-update system
- LiveCD functionality
- xdm to be respected
- Mac Address changing (broken under VMWare)

Risks:
- Programs spying on network setup
- Programs sending rogue packets

Main Threat Vectors:
- OpenVPN
- Firefox
- Thunderbird
- Pidgin
- etc

Questions, comments, and suggestions are appreciated.

Regards,
Steve Topletz

Re: flash in a (hello xB Machine)

[Arrakis]

Roger, just how much documentation would you like? You won't have to
romance me to give docs, it just isn't priority 1. I mean, I could spend
hundreds of hours documenting what is going on or you could ask
questions. Most of it is built on pre-existing software, and all the
source is available. The system will auto-update, and check the package
signatures.

Here is a diagram of what is going on:
http://www.xerobank.com/images/xBVM_diagram.png

That should answer most of the questions.

Here is a current screenshot:
http://www.xerobank.com/images/xBVM_dev_screenshot.jpg

And here are the basics of what is going on:
Basic features:
- Designed to run within VMWare (Workstation, Server, Player), Qemu,
others may follow in second release only private network information, no
public.
- Firewall only allows anonymity client outgoing/incoming traffic
from/to external interfaces. No outgoing traffic without anonymity
- Some hardening to make local exploits less easy (GrSecurity,
stackprotection, minimal suids, etc)

Anonymity clients:
- Tor
- Jap
- xB Plus
- xB Pro / Premium

Usability features:
- Firefox with privacy extensions and settings
- Thunderbird with privacy extensions and settings
- GPG and Enigmail
- Pidgin w/ OTR Chat client
- Text editor, image viewer
- Filemanager
- Autoconfiguration of anonymity clients
- Proxy autoconfiguration of clients (Firefox, Thunderbird without
restart of program)
- Remote filesystem via WebDavFS/SSHFS with encfs
- Local user filesystem with loop-aes
- Userdir with dmcrypt/pam_mount
- Console (command line text thing, green characters on black background )

Windowmanager: Enlightenment

Additional features:
- Easy updating without destroying userdir
- Integrity check from host system

Future features:
- LiveCD to boot Qemu and xBVM

Details on firewall:
- Each outgoing software runs under it's own userID
- Firewall only allows those userIDs
- LSM SecLVL to keep router/firewall from being changed if system got
hacked locally (maybe, not sure on that yet)


Regards,
Steve

Roger Dingledine wrote:
> On Fri, Jul 27, 2007 at 12:39:59AM -0500, Arrakis wrote:
>> The question is if the stand-alone player, just like regular flash
>> player, phones home without regard to your proxy settings.
>>
>> Or you could just wait till xB Machine is released on August 3rd and
>> never worry about it again.
> 
> Unless you have to switch to worrying about how xB Machine works and
> whether it addresses all the problems correctly and doesn't add new
> ones. :)
> 
> I look forward to my conversation with you on Aug 3 where I try to
> convince you to document and publish what you intend it to be doing,
> so we have something to compare against. :)
> 
> --Roger
> 
> 

Re: flash in a stand-alone player

[Arrakis]

The question is if the stand-alone player, just like regular flash
player, phones home without regard to your proxy settings.

Or you could just wait till xB Machine is released on August 3rd and
never worry about it again.

Steve Topletz

scar wrote:
> OK, we all know the threats of watching flash .swf in the browser.  but, what 
> about downloading the .swf via Tor and watching it in a stand-alone player?  
> no more threat to anonymity, or not? thanks.
> 

Re: Blocking child pornography exits

[Arrakis]

> If tor can't be designed in a way that strongly
> discourages or prevents people from using it for evil, it shouldn't exist.
> 

In democratic societies, the freedoms that exist are tools without
regard to their use. Freedom of speech, as well as all other liberties,
can be exercised for good or evil. These tools enrich a democratic
society by adding tools to the toolbox, and help bring democracy where
there is none, anti-censorship technology in particular.

What you propose is analogous to "if you can't say something nice, don't
say anything at all;" which is merely another form of censorship. ie,
Someone said something mean to me when I was a child, so I don't think
we should allow people to speak unless it isn't hurtful.

Let us step back. Say we blocked "child porn"... What constitutes child
pornography? How young is a child? A minor? By what standard of what
country or culture? Yours? Greek? Russian? American? French? German? Is
it pornographic because you derive sexual pleasure from viewing it, and
thus we should ban all photos of children because you could look at a
gymnastics or bathing photo and receive gratification? Is it art, or
erotica, or is it pornography? Is it a "child" expressing themselves who
took a photo, and thus we are censoring their speech? Who is going to
define these standards, and how will they be implemented? All of these
are hairy questions, and simply not what Tor does or is designed to do.
Tor is a freedom-enabling technology, not a censorship technology. There
are far too few of the former, and a deluge of the latter.

The bottom line is that freedom is inherently exciting, and can be used
for good or evil; but once you try to limit it to being used for "good",
it ceases to be freedom.

Regards,
Steve Topletz
http://xerobank.com

P.S. If you believe that something shouldn't be designed that it
prevents/discourages people from using it for evil, I hope you don't
have any forks or knives in your home.

Re: End of ROCKate soon

[Arrakis]

Benjamin,

Sorry to hear you won't be keeping up on the ROCKate and
have been forced to succumb to Germany's turn. I expect
more such tor-related shutdowns among fear and legislation.
I'll be picking up the slack shortly, so no worries.
A development release of xB Machine will be available
August 3rd. It will likely be hosted from Germany, but
I think we will stand the heat. If Germany doesn't like
it we will host it elsewhere. If you want, we could probably
host it for you, but I don't know how much you want
it still available, if Germany will punish you for it.

Steve



Benjamin Schieder wrote:
> Hi people.
> 
> In response to a law that passed the german legislative today, I will cease
> production, development and distribution of ROCKate binaries and - maybe -
> even source code soon.
> The reasen is §202c StGB which states (IANAL translation):
> 
> "Producing, acquiring, selling, giving, distributing or making-accessible of
> passwords or other access codes as well as computer programs whose aim it is
> to commi a crime ... will be punished with up to one year in jail or a fine."
> 
> See also: http://www.phenoelit.de/202/202.html
> 
> Basically, these waters are too hot for me to tread in. Though the official
> reading of the wall - reading from politicians that is - says that they only
> target 'criminals' and there is no need to worry with the wording, nobody
> knows when some underworked lawyer thinks he might go on to sue the ass off
> of everyone in IT.
> 
> If someone wants to mirror/host/develop ROCKate further, be my guest. If you
> need technical assistance, I can offer guidance, but I probably won't write
> a single line of code anymore. Sorry.
> 
> 
> Greetings,
>   Benjamin

Re: Tor Privacy Live CD by the Tor Team

[Arrakis]

JT

It will be released August 3rd. If you want to get on the beta list,
you'll have it by July 15.

Regards,
Steve

JT wrote:
> Hi,
> 
>> XeroBank has such a VM that will be released August 3rd, called xB
>> Machine. The system is encrypted, except for the kernel, and it is
>> incapable of leaking true IP data. It can also remotely mount encrypted
>> filesystems.
> 
> URL?

Re: Tor Privacy Live CD by the Tor Team

[Arrakis]

JT,

XeroBank has such a VM that will be released August 3rd, called xB
Machine. The system is encrypted, except for the kernel, and it is
incapable of leaking true IP data. It can also remotely mount encrypted
filesystems.

Regards,
Steve


JT wrote:
> Hi,
> 
> is it now possible to offer an openBSD live CD that includes Tor,
> Privoxy, Torbutton, NoScript and Truecypt in one package with everything
> configured just as we would love to see the users configure it?

Re: What will happen to Tor after the new German data retention law takes effect?

[Arrakis]

JT

Expect crickets. The fines will be 500,000 Euro + 2 years prison for
disobeying, I've heard. Pretty outrageous, considering Germany is such a
strong proponent for privacy.

XeroBank has a solution we are hoping we won't have to implement, but it
will allow Tor nodes to continue to operate in Germany.

Regards,
Steve Topletz


JT wrote:
> Under the proposed new data retention law which will take effect 01/2008
> anonymizing services will be either banned or tor server operators will
> be required to log data which would render the tor software useless as
> an anonymizing tool.
> 
> Other European countries will surely follow once the law is in effect.
> 
> If all European Tor nodes stop to operate will tor still be useful only
> using American and Asian nodes? Will European users be allowed to
> connect to the Tor network or will that already be a criminal act?
> Anybody knows?

Re[2]: [ANNOUNCE] ROCKate Tor LiveCD V0.3.1

[Arrakis]

I'm excited. I'll check this out tonight.

Last time I tried to download the link was dead.


Regards,
Arrakis

> Hi List.

> I fully expect everyone to ridicule me for the ChangeLog of the just
> released ROCKate 0.3.1:

> ChangeLog:
> * added various fixes to make the nifty 0.3 features work in the small
> version

> ISO Images are available here:
> http://isos.rocklinux.org/

> Greetings,
> Benjamin
> -- 
> Benjamin 'blindCoder' Schieder
> Registered Linux User #289529: http://counter.li.org
> finger [EMAIL PROTECTED] | gpg --import

Re: Please add to "download" section of homepage

[Arrakis]

JT,

1) This could potentially break some websites that rely on ref link.
I've let users decide by putting in an extension that allows them to
play with this.

2) Why?

3) Torpark users can already set what they want their useragent to be, via
an extension.


Regards,
Arrakis

> Hi,

> could you please add the following info to the download section of the
> homepage (you really want tor to work)?

> 1) firefox users please disable the "send referer information" and set
> it to 0 in about:config

> network.http.sendRefererHeader

> 2) remove all languages under advanced the "language preferences" menu
> in firefox
> 3) spoof the firefox user agent to be the "english version":

> general.useragent.locale = en

> English is used worlwide and doesn't reveal a user who is using an
> uncommon language.
> -- 
>   JT
>   [EMAIL PROTECTED]

Re[4]: Ultimate solution

[Arrakis]

JT,

Security is NOT binary, it is a process, and it is a gradient. We only
desire the illusion of it being binary. There is compromise in every
design, take tor for example using 128bit crypto because it is pretty
secure and fast enough to encrypt on the fly. I'm sure there are
people that wish it was doing 512bit elliptic curve or some other
thing out there.

However,  it  is  possible we could come up with some secure-only mode
which   locks  out  most  features,  virtually  all  the  plugins  and
functionality, and puts the user in a rigid framework in order to give
a  little  more  security  and  a stronger impression of anonymity. Of
course,  this  makes  it a significantly unpleasant experience and one
might as well use lynx at that point.

Regards,
Arrakis

>> As I said it is possible, but when you treat the user like a child it
>> is going to be an issue to get them to keep using it.

> Why? Surfing anonymously is a binary. Either 1) everything is set
> perfectly to be secure and anonymous or 2) it is not.
> There are two types of Tor users. Tor literate and Tor illiterate users.
> The thing that both have in common is that they could accidentally
> enable scripting or forget to turn in off. Both types would be greatful
> for a mechanism that would force them to turn things off and not allow
> them to use Tor otherwise.

> After all they can choose to use Tor or not. Be anonymous or not be
> anonymous. There is nothing third "state". Nobody would feel "being
> treated as a child".
> -- 
>   JT
>   [EMAIL PROTECTED]

Re[2]: Ultimate solution

[Arrakis]

Well it is possible, but as was stated before I don't think that
active content is the culprit.

It would work like this: Tor button is on automatically, meaning tor
is selected. In this mode noscript preferences are locked to global
deny. When Tor button is off, noscript prefs are unlocked, but block
by default.

As I said it is possible, but when you treat the user like a child it
is going to be an issue to get them to keep using it.

Regards,
Arrakis

> Is it really that difficult to test if active content is disabled?
> The Tor software should not work(i.e. the "start tor" button should not
> be clickable) if the user hasn't deactivated Javascript, Flash, Java,
> etc.
> Is this difficult do implement? There are not too many browsers.
> -- 
>   JT
>   [EMAIL PROTECTED]

Re[2]: Ultimate solution

[Arrakis]

1. People may not want to use it if it starts sharing their IP for
the network. Although, acting as a middleman may be a good compromise.
In Torpark 3.0, we can probably do most of these.

2. Where will this be displayed, and who is going to read it?

3. Why keep any cookies at all after a session?

4. Sure. We can do this with Torpark 3.0

5. Already covered

6. I especially like #6, now how to we get the tor network to route this
as an exit node? Well... it would be great that instead of hashes we
could name the onion addresses fully. So if you wanted to check if
torrify.com had an exit node you could use to access it, you could
simply do torrify.com.onion... a simple naming convention.


Regards,
Arrakis

> It sounds to me like we need:
> 1. Absolutely easy to use client software that automatically acts as a
> router/server
> -- Needs to determine the lower (upstream) bandwidth, and not clog it
> -- Needs to be able to prioritize local originating connections to
> eliminate the desire to run separate client and server tor processes
> -- -- This includes using as much upstream as the local origination
> needs, even if it means nearly starving all "through me" traffic
> -- -- This means getting flow control working inside Tor, unless I
> missed something.
> -- Needs to be able to work with dynamic IP transparantly
> -- -- Tor currently does this if NO Address line is in the config
> file, but Vidallia insists on putting one in there anyways.

> 2. Simple instructions to end users
> -- Anonimity != privacy
> -- Things like flash, etc, can break privacy and reveal who you are
> -- Some sort of 'This is known to be safe, this is most likely unsafe,
> this is "maybe" ' list.

> 3. A preconfigured set of cookies for the major known cookie tracking
> sites (ads, etc), so that every Tor user looks the same.

> 4. Ideally a patch for Firefox. IE allows you to say "Accept 1st party
> cookies, reject 3rd party cookies." Safari allows you to say "Only
> accept cookies from sites I navigate to, but not from sites linked to
> them (Advertisements)". Firefox doesn't have that.

> 5. (Privoxy already strips referrer information, so that's not leaking
> your search history, etc, to third parties).

> ** 6 **. Since Tor will route to an exit node on the same machine as
> your target, giving end-to-end transparent encryption, some sort of
> push to get the major web sites to run at least a "local exit" tor
> node. In particular, we need an absolutely trivial, out of the box,
> "Local only, any port" tor exit config.


> On 3/27/07, Freemor <[EMAIL PROTECTED]> wrote:
>> On Mon, 2007-26-03 at 23:53 -0700, JT wrote:
>> > You are making a very big mistake! In theory your are correct with what
>> > you are saying but you are assuming the total noob can learn how to safe
>> > anonymously but also give grandma a chance to surf anonymously. Grandma
>> > knows what a browser is but has never heard about encryption or TCP/IP.
>> >
>>
>> I think that if the information is geared to the new user that they will
>> be able to pick it up. You don't need to get all technical to explain
>> everything. you could just say "if your browser doesn't display the lock
>> icon, like when using a banking site, your communication is anonymous
>> but not confidential, and may reveal identifying information."
>>
>> I also think there is a real problem with the "a new user could never
>> understand this" thinking. One should never assume that ones audience is
>> less intelligent then you are. Also, even if the effort manages to only
>> educate 30% of the new users this is far superior to not making the
>> effort and having only the very enthusiastic users who have the skills
>> to dig up the documentation they need being educated.
>>
>> Freemor

Tor project images

[Arrakis]

Does anyone here know if these photos are licensed or who owns the
copyright?

http://tor.eff.org/images/htw1.png
http://tor.eff.org/images/htw2.png
http://tor.eff.org/images/htw3.png

Regards,
Steve

Re[4]: Ultimate solution

[Arrakis]

> How can the ratio of router/clients be improved? Every client must
> become a router. There is no other way. There must be a simple button
> "Yes, I want to be  an exit." or "No, I don't want to be an exit". I
> know this will take many, many hours of coding and I am not criticizing
> but wishful thinking won't get this great project anywhere. Yes, there
> are many nice people that run servers but the network will soon suffer a
> heart attack as the number of clients grows much faster than the number
> of routers.

I could add this function to Torpark, if:
1) A lot of people want it
2) TOR project implements directory distribution that can use these
temporary middleman and exit nodes as a positive, rather than
depending on long-lived nodes.

> Here is some really great idea. How about some function in Tor into
> which users can enter their .onion bookmarks along with a description!
> 99.9% of the Tor users have no idea that there are hidden services. No
> Tor user I ever met knew about the hidden wiki and all its links.

You can do this with Torpark right now. You can reach .onion addresses
right from the address bar. If people would like to compile a list of
services, I could publish that list as browser bookmarks in the next
release of Torpark.

Regards,
Steve

Re: Anonymity through decentralization (was Re: Ultimate solution)

[Arrakis]

Roger,

We have produced a commercial that should help explain the service we
are offering. I have no intention of holding it out as onion routing
unless we switch to onion routing, and I will elaborate on our website
as to how the network works.

Would you be interested in a video that depicts how onion routing
works? I've been toying with the idea of putting one together.

Regards,
Arrakis

> On Sun, Mar 25, 2007 at 09:57:20AM -0600, Arrakis wrote:
>> 2) Torpark is not commercial, it is totally free and open source. We
>> simply offer an upgrade to get higher speeds than the tor network can
>> provide.
>> 
>> 3)  The  fact  that  trust  isn't  distributed  is  a  positive, not a
>> negative,  because you don't have to trust everyone with your outgoing
>> plaintext traffic. We have independent security auditors make sure our
>> admins  are  not tracking anyone or doing anything malicious.

> I'm leaving the licensing discussion alone for now, but I wanted to
> respond to this technical point. Tor's security [1] comes from two
> components. The first is its large and diverse user base -- as the user
> base expands, the mere use of Tor doesn't narrow you down to a specific
> user community or specific few people who are known to have fetched the
> program [2]. The second is the diversity of the relays -- as the Tor
> network expands, fewer adversaries are able to be in enough places on
> the network to succeed at linking senders to recipients.

> Now, it's still an open research question what metrics we should use
> for these components (that is, how exactly we measure the security we
> get from them), but my intuition is that after a certain point the first
> component doesn't contribute much more to security -- meaning in Tor's
> current state, its security grows primarily as the network grows.

> And remember that by "being in enough places", I mean being in a position
> to watch (or otherwise measure [3]) the traffic; the best attacks we know
> right now only look at characteristics of the traffic flow [4], because
> any sort of coordinated compromise of many relays is probably harder.

> I'm not saying Tor's design is perfect. We are still grappling with
> Sybil attack questions, and as you say we need to encourage our users to
> employ end-to-end encryption and authentication when appropriate. And
> we're still not happy that a widely dispersed attacker can probably do
> very well against Tor.

> But a central organization that administers all the relays, even if it
> puts them in different places geographically, and even if it promises to
> do perfect audits and employ only perfect people, aims for a fundamentally
> different sort of security than Tor aims to provide. The traffic analysis
> attacks above are still just as much of a concern, but insider attacks and
> other attacks on/by the organization are now a significant question too.

> You can launch a new single-hop proxy service, commercial or not,
> proprietary or not. You can also launch a multi-hop service where you
> control every hop. And the license of the Tor software lets you use it
> if you find it useful for your purposes. But please don't deceive your
> users by changing the security context and then encouraging them to think
> that just because the Tor software is present somewhere in the picture,
> they are benefitting from the type of security that Tor aims to provide.

> --Roger

> [1] By "security", I'm talking primarily about unlinkability here;
> but that's a different thread.
> [2] http://freehaven.net/anonbib/#usability:weis2006
> [3] http://freehaven.net/anonbib/#torta05
> [4] http://freehaven.net/anonbib/#danezis:pet2004

Re[2]: Ultimate solution

[Arrakis]

Paul and Michael,

Correct.  Apparently  when  something  is free of charge whatever, and
yours  to do with what you wish unless you are unethical, we call that
"arrakis-free" or "free as in arrakis".

And  to  Kasimir,  the  license  has been updated, and definitions are
forthcoming.

Regards,
Steve

> So the "Torpark" controversy comes down to:
> "Free" == "Yours to do with as you wish" versus
> "Free" == "No charge to use"?

> What are the "official" terms for these two cases?

> And, what's the terms for
> "Source code is available, but usage is restricted" versus
> "Source code is available, usage unrestricted" (same as free #1 above)

Re[2]: Free Software and Torpark (was: Ultimate solution)

[Arrakis]

I'll address these issues since you didn't feel it was
necessary to read the followups on the thread you posted:

1) tor devs are not qualified to review the code. Shava Nerad of the
Tor project  asked me to refer someone to do QA on 3rd party win32 apps for the 
Tor
project, which I did. Will it ever happen? Who knows.

2) Those are not issues with Torpark but the windows operating system.
However, in a future release of Torpark we are working on even the
faults of the win os will be addressed. Those issues are 1) the way
windows treats memory, and 2) the way windows treats applications and
may cache them. Since then I have removed the section about it not
leaving traces, because it simply does as that is the nature of
windows.

3)  I have a step by step for building Torpark. Further, If you bother
to read the code, you will see it is well documented.

Regards,
Steve


> TorPark is not recommended by any Tor devs or others
> working with/on Tor.

> TorPark has some unresolved issues:
> .

> And it is not documented well.

> Regards,



>  
> 
> Now that's room service!  Choose from over 150,000 hotels
> in 45,000 destinations on Yahoo! Travel to find your fit.
> http://farechase.yahoo.com/promo-generic-14795097

Re[4]: Free Software and Torpark (was: Ultimate solution)

[Arrakis]

Kasimir,

You are right, I think that is too broad and I will ask that the
license give more precise definitions. It was to include
anonymity/proxy services, I'll make sure it gets revised.

Regards,
Arrakis

> It would be good if I could read, I am sorry for posting that I saw
> the license as free.  Reading through it fully, it definitely is not.

> The terms of the license are way too broad.  Trying to exclude malware
> and spyware by licensing the program under a license which states that
> it cannot be used to anything that restricts the rights of the user
> will not work.  First of all, malware does not restrict the rights of
> the user.  Second of all, malware doesn't care about licenses, and the
> creators of much of the spyware and malware are not known to the
> world, so even if they break this license nothing will happen to them.

> Another thing that doesn't really make sense to me about the license
> is that it restricts the right to modify the program if it uses a
> commercial "connectivity service".  I am not a lawyer, but isn't my
> ISP a commercial "connectivity service"?  It seems to me that this
> program cannot be redistributed at all, because it can only be used
> with a commercial "connectivity service", and therefore any
> modification will break the license.

> I take back what I said earlier, and I am sorry for causing so many
> people to stare at their monitor in disbelief from what they just
> read.

> My most humble apologies,
> Kasimir

> On 3/25/07, Arrakis <[EMAIL PROTECTED]> wrote:
>> Fabian et al,
>>
>> > The terms "free software" and "open source software" have been
>> > around for a while and so has there meaning. No one said Torpark
>> > wasn't delivered free of charge or that its source wasn't open for
>> > review.
>>
>> > Torpark's license just doesn't give the user enough rights to
>> > call Torpark either free software or open source software
>> > without causing confusion, raised eyebrows or being laughed at.
>>
>> Let  us  not be ambigious about the "users" you are talking about. The
>> specific  "users"  you  are talking about are limited by definition to
>> only  be  the ones wanting to modify it to include malware/trojans, or
>> someone  trying  to  turn it into a commercial application, or an evil
>> government  that  does not abide by the universal declaration of human
>> rights.  Anyone  who  falls  under  one of those three definitions who
>> can't consider it free, I'm not concerned about. To _all_ other users,
>> it  is  free  and open source, and they can do what they want with it,
>> and modify and distribute it how they please.
>>
>> The  distinction you are attempting to make anti-thetical to security.
>> Somehow I just can't see my way clear to advocating modification of my
>> software  for the use of spyware and commercial competitors. I fail to
>> see  what  legitimate  interest  you  or  anyone  else have in keeping
>> software  from  being  legally  protected  against  having trojans and
>> malware inject into them, and still considering it free.
>>
>> Instead of attacking my usage of free because it causes some cognitive
>> dissonance,  you  may  consider  asking  why  other  licenses  haven't
>> restricted  use  of  their terms from having malware injected into it.
>> Especially  a  project like Tor. Personally, I don't mind if a license
>> causes  a  little  more  confusion  to big brother, xyz proxy corp, or
>> spyware inc, or anyone, if I and my users get more protection. I would
>> certainly like to see that in the Tor license.
>>
>> > So  it's  totally free, except that it isn't. You're also not giving
>> > it  away  to the public, you're only giving it to those parts of the
>> > public you don't discriminate against.
>>
>> No, it is free to the public, we aren't discriminating against who can
>> use it. We ARE restricting how it can be MODIFIED.
>>
>> > ... and the people who currently don't use Torpark because it isn't
>> > free software and the people who don't care about Torpark itself but
>> > would appreciate it if the term "free software" wouldn't be watered
>> > down.
>>
>> Fabian,  if  there  really are legitimate potential users out there in
>> the  cosmos,  waiting  for  me to open it up to malware and trojans so
>> they  can  feel  the  universal  definition of "Free" is consistent to
>> whatever  culture  they happen to be from, they can keep holding their
>> breath.  And  to  the  others  who  don't care enough except to make a
>> pedantic  distinction,  I'll  be  expecting  a  letter  from  the  FSF
>> regarding how they own the trademark "Free".
>>
>> Once  again,  would  anyone else like to see Tor's license add that it
>> can't  be  modified  to  have malware, trojans, spyware, etc. injected
>> into it?
>>
>>
>> Regards,
>> Steve
>>
>>

Re[2]: Free Software and Torpark

[Arrakis]

Paolo,

Just because there are laws against murder doesn't mean that people
don't do it. However, the law does make it actionable if they do
commit murder.

Regards,
Arrakis

>> Let  us  not be ambigious about the "users" you are talking about. The
>> specific  "users"  you  are talking about are limited by definition to
>> only  be  the ones wanting to modify it to include malware/trojans, or
>> someone  trying  to  turn it into a commercial application, or an evil
>> government  that  does not abide by the universal declaration of human
>> rights.  Anyone  who  falls  under  one of those three definitions who
>> can't consider it free, I'm not concerned about. To _all_ other users,
>> it  is  free  and open source, and they can do what they want with it,
>> and modify and distribute it how they please.

> It just makes no sense to say "it's free except for..." if you intend 
> free as in freedom. It's the same kind of idea of those who think that
> "Tor should be working for everyone except for criminals...".

> About the "malware" problem, i just report this quote from the OS 
> Definition page on wikipedia:
> "Back in the 1980s, some software which was given away had license terms
> that specifically prohibited the police or military of the Government of
> South Africa from using the program because of objections to apartheid.
> While this is a laudable goal, it's not relevant to include it in a 
> software license. Beyond which, such organizations might simply ignore
> the restrictions anyway."

>> The  distinction you are attempting to make anti-thetical to security.
>> Somehow I just can't see my way clear to advocating modification of my
>> software  for the use of spyware and commercial competitors. I fail to
>> see  what  legitimate  interest  you  or  anyone  else have in keeping
>> software  from  being  legally  protected  against  having trojans and
>> malware inject into them, and still considering it free.

> What if the license was to block criminals from using the program? Would
> you still consider it free? What if the license was to block people that
> commited a crime in the past? What if the license was to block people 
> that are more likely to commit a crime for their personal psychological
> background?
> Would you still consider it "free"?

>> Once  again,  would  anyone else like to see Tor's license add that it
>> can't  be  modified  to  have malware, trojans, spyware, etc. injected
>> into it?

> No.

> Paolo

Re[2]: Ultimate solution

[Arrakis]

Michael,

Well that sounds good in theory, and admittedly I don't know enough
about scripting languages to say it can't be done. But it does occur
to me that the SM would have to be very intelligent to know that the
harmless X, Y, and Z parts of the script form a dangerous whole. I
think that starts entering into heuristics. Surely someone here knows
way more about this and will comment. I would love to see such a tool.

Regards,
Steve


>>   In my experience many users will, and do, go out of their way to
>> circumvent their own protection unless very aware of the consequences,
>> and sometimes even then. If they really want to see that funny flash
>> animation on a certain site, they will find a way to do it and then
>> often forget to undo the changes they made there by leaving they selves
>> vulnerable.

> There are some aspects of Flash, Javascript, etc, that are safe, and
> do not reveal any information. There are other aspects that are
> unsafe.

> This gets back to the whole issue I raised earlier, in another thread.
> Why try to sell people on "OK, but you need to use a completely
> stripped down browser that can't display most modern sites at all
> because all scripting systems are disabled"? Why not use a "security
> manager" model, where the browser commands are verified by a separate
> security manager, configured by the user? Then Tor can just distribute
> a security manager file.

> This would require some sort of system for "I'm the browser, this is
> the file I just downloaded, tell me what I can safely execute". "I'm
> the javascript parser, this is what I've just parsed and written via
> document.write but not yet executed. Tell me what I can safely
> execute". "I'm the browser, this is the full document after fetching
> all the embedded references. I know I've asked you on each of those
> parts separately, now here's the whole shebang. Tell me what I can
> safely execute." Etc.

> The whole "Because some aspect of Flash can kill you, all of flash
> must be junked" approach won't work. That's like saying, "Because Java
> could contain an unsafe program, no Java can be used". Sun designed a
> security manager system into Java specifically to deal with that
> concern. If the default security manager isn't good enough -- if the
> default SM permits unproxied connections, for example -- then we need
> a new SM that does not permit unproxied connections, or forces them to
> become proxied without the code realizing it.

> Java does permit changing the SM, doesn't it?

> Why not implement one for the rest of the browsing experience?

Re[2]: Free Software and Torpark (was: Ultimate solution)

[Arrakis]

Fabian et al,

> The terms "free software" and "open source software" have been
> around for a while and so has there meaning. No one said Torpark
> wasn't delivered free of charge or that its source wasn't open for
> review.

> Torpark's license just doesn't give the user enough rights to
> call Torpark either free software or open source software
> without causing confusion, raised eyebrows or being laughed at.

Let  us  not be ambigious about the "users" you are talking about. The
specific  "users"  you  are talking about are limited by definition to
only  be  the ones wanting to modify it to include malware/trojans, or
someone  trying  to  turn it into a commercial application, or an evil
government  that  does not abide by the universal declaration of human
rights.  Anyone  who  falls  under  one of those three definitions who
can't consider it free, I'm not concerned about. To _all_ other users,
it  is  free  and open source, and they can do what they want with it,
and modify and distribute it how they please.

The  distinction you are attempting to make anti-thetical to security.
Somehow I just can't see my way clear to advocating modification of my
software  for the use of spyware and commercial competitors. I fail to
see  what  legitimate  interest  you  or  anyone  else have in keeping
software  from  being  legally  protected  against  having trojans and
malware inject into them, and still considering it free.

Instead of attacking my usage of free because it causes some cognitive
dissonance,  you  may  consider  asking  why  other  licenses  haven't
restricted  use  of  their terms from having malware injected into it.
Especially  a  project like Tor. Personally, I don't mind if a license
causes  a  little  more  confusion  to big brother, xyz proxy corp, or
spyware inc, or anyone, if I and my users get more protection. I would
certainly like to see that in the Tor license.

> So  it's  totally free, except that it isn't. You're also not giving
> it  away  to the public, you're only giving it to those parts of the
> public you don't discriminate against.

No, it is free to the public, we aren't discriminating against who can
use it. We ARE restricting how it can be MODIFIED.

> ... and the people who currently don't use Torpark because it isn't
> free software and the people who don't care about Torpark itself but
> would appreciate it if the term "free software" wouldn't be watered
> down.

Fabian,  if  there  really are legitimate potential users out there in
the  cosmos,  waiting  for  me to open it up to malware and trojans so
they  can  feel  the  universal  definition of "Free" is consistent to
whatever  culture  they happen to be from, they can keep holding their
breath.  And  to  the  others  who  don't care enough except to make a
pedantic  distinction,  I'll  be  expecting  a  letter  from  the  FSF
regarding how they own the trademark "Free".

Once  again,  would  anyone else like to see Tor's license add that it
can't  be  modified  to  have malware, trojans, spyware, etc. injected
into it?


Regards,
Steve

Re[4]: Ultimate solution

[Arrakis]

Nick,

You  are  right.  We  don't allow governments to subvert our software,
commercial competitors, or people to install spyware and redistributed
that way.

Saying free and open-source software isn't "Free" and "Open Source" is
giving  in to a combination of semantics and snobbery of licensing. It
isn't  as  though  any  organization owns the definition of "Free" and
"Open  Source"  and has the authority to pin it down to their specific
hoops we must jump through, nor should anyone assume we have.

The source is totally free, and that isn't "Free" but free, _except_ I
don't allow for other commercial services to rip it off and use it for
their  personal  gain since I am giving it away to the public, and you
can't install tracking/spyware/malware in it and then redistribute it.
Those  are  pretty  much  the  only restrictions. Perhaps GPL fanatics
think  I  owe  it  to spyware manufacturers, or I need to give away my
intellectual  property to every 3rd-rate commercial anonymity service?
The  bottom  line  is, everyone benefits by these restrictions, except
for malware manufacturers and commercial anonymity services.

> I'm no lawyer, but the term in the license above seems like a clear
> violation of the Debian Free Software Guidelines to me.

I think your software is a pretty clear violation of the TESLA license
because you specifically allow spyware and malware to be inserted into
your  software due to your licensing terms, but then again, you didn't
release  yours  under TESLA, and nor am I required to conform to DFSG.
Because  I've seen the light of an ethical software license agreement,
I  no  longer give much credence to "Open-Source" definition or "Free"
according to hoyle or DFSG.

But it definitely is a balance that must be struck. Tor probably has a
good license, even if it isn't 3 clause BSD, because it is straight up
difficult  to  use  for  the average user. But Torpark is too easy for
conforming  to those definitions, because with convenience it makes to
a  little  too  easy  for  malware and snoopers to reach users because
users no longer have to have a techinical understanding or perform due
dilligence  on  their  software, so we have to provide some protection
for them. The TESLA license is just that.

To be quite clear, I am enamoured by the HESSLA.
http://www.hacktivismo.com/about/hessla.php

Regards,
Steve

Re[2]: Ultimate solution

[Arrakis]

JT,

I wrote Torpark, so let me respond to your points.

1) Torpark is only for windows at the moment, it will be available for
Mac and Linux shortly.

2) Torpark is not commercial, it is totally free and open source. We
simply offer an upgrade to get higher speeds than the tor network can
provide.

3)  The  fact  that  trust  isn't  distributed  is  a  positive, not a
negative,  because you don't have to trust everyone with your outgoing
plaintext traffic. We have independent security auditors make sure our
admins  are  not tracking anyone or doing anything malicious. However,
we are using a distributed trust internally, so if anyone comes asking
for  customer info, they won't get them without NSA letters to all our
associates  in  all  our  jurisdictions.  And  naurally, free users of
torpark we don't have any records of anyway.

4)  The  online  tutorial  is  only a video for streaming. Perhaps you
would  prefer  to download the 25mb file directly? Or perhaps you know
of  a  way  to  stream video without using scripting? I'll be happy to
listen.

5)  Offshore  from  the  USA,  UK,  etc.  We  have servers in Germany,
Malaysia,  and  some other hidden places. Currently none in the USA or
UK,  etc.  Unfortunately,  it  is  better to not tell you specifically
where  they  are  because  that  makes  it much harder for agencies to
attempt  to  subpoena/court order. If they are guessing jurisdictions,
we  are  all  happier.  Bottom line is place faith in audits. Further,
Torrify  is  formed as an offshore corp in the country of Saint Kitts,
so it is not subject to US laws, only those of UK Commonwealth and the
UN.

6) http://www.hacktivismo.com

Regarding commercial anonymity, you will eventually realize that it is
the only way to go for high speed and low latency, otherwise the
network will be abused and suffer the tragedy of the commons.

Further, the browser is entirely capable of having no flash, java,
javascript, plugins, and all of those are blocked by default.

And  lastly, TORPARK IS FREE. It just isn't released under the GPL, it
is  released  under  the TESLA license, which is similar to the HESSLA
license.  Because the way it is written GPL can have malware inserted,
the TESLA makes a legally actionable violation if malware is inserted.
With such sensitive project, I insist that people are not legally able
to abuse it.

http://www.torrify.com/tesla.html

Regards,

Steve Topletz

Re: Security concerning Tor, BitTorrent and Firewall

[Arrakis]

Arand,

I doubt you will find anyone who wants to help you steal bandwidth
from tor so you can abuse it by downloading torrents. You would be
better to stick to a commercial service.

Regards,
Arrakis

> USING:

> Tor & Privoxy & Vidalia bundle 0.1.1.26
> Windows XP Home
> µTorrent
> 3com firewall

> HAPPENINGS:

> I am using Tor behind a 3com firewall, in connection with µTorrent.
> Before using Tor I -naturally, having not opened any ports on the
> firewall- experienced low connection (up&down) rates in µTorrent. However,
> after installing the Tor bundle and configuring µTorrent for use with the
> Tor proxy server (as described at
> http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#head-0d047b05e9b
> 93c23cec9198550816a114012bde0), I suddenly experienced connection speeds
> which would equal those, had I used a normal port forward on my firewall.

> QUESTIONS:

> Firstly, how does this work?

> Secondly -on account of a port forward always being a security risk- Is
> this a similar security risk?

> And lastly, if it is indeed a security risk (no matter how small), does
> this apply to other programs than BitTorrent clients, using the Tor proxy
> server?
> __

> I first inquired with the Privoxy about this issue (presuming that it 
> was related to Privoxy) and I recieved the following response: 
>> --- Date: 2007-02-19 13:17 Sender: fabiankeil  --- 
>> Are you sure that your provider doesn't throttle BitTorrent traffic? 
>> By using Tor you prevent your ISP from knowing which services (other 
>> than Tor itself) you're using and this could explain why using Tor 
>> speeds up your BitTorrent traffic (it's no longer rate limited by your 
>> ISP). Privoxy itself is unlikely to have anything to do with it and I 
>> don't think port forwarding has anything to do with it either, but I'm 
>> not familiar with BitTorrent. The short answer to your last questions 
>> is "No", but as it has nothing to do with Privoxy you should checkout 
>> the Tor documentation for details and ask again on the or-talk mailing 
>> list if you have further questions.
> I am fairly certain that my ISP is not the issue here, so I remain 
> puzzled... And I've so far not found any answers in the Tor documentation.

> Anybody got something on this?

> - Arand

Re[2]: tor log file function

[Arrakis]

Roger, Nick, et al

I am pleased to report that `tor log "notice file log.txt"` works
perfectly under Windows XP.

Thank you for your quick response,
Steve

tor log file function

[Arrakis]

Greetings,

I am having a problem with the "log" command for tor. When I execute
the line "tor.exe log notice file log.txt" under win32, tor acts as
though it doesn't recognize the option "file" as written in the tor
manual.

ex:

c:\tor\tor.exe log notice file tor.log
Dec 14 22:45:27.443 [notice] Tor v0.1.1.25. This is experimental software. Do 
not rely on it for strong anonymity.
Dec 14 22:45:27.506 [warn] Failed to parse/validate config: Unknown option 
'file'.  Failing.
Dec 14 22:45:27.506 [err] tor_init(): Reading config failed--see warnings above.
 For usage, try -h.



Any ideas why that is? I have also noticed that the PidFile command
doesn't work either, in that it will run but doesn't create the file.

Seems pretty straight forward according to:  
http://tor.eff.org/tor-manual.html.en

Regards,

Steve Topletz