Re: Vidalia Bundle and RSS in Thunderbird 3.0
* on the Mon, Dec 28, 2009 at 09:12:10PM -0600, Scott Bennett wrote: Actually, no. The default exit policy blocks smtp ports. Sometimes, you can find exit nodes that allow smtp. These are times are typically few and far between. I thought that, pursuant to a discussion here last year or the year before, the default exit policy was changed to allow the smtps port. Did that change not get made after all? It did. Port 25 is rejected in the default policy, but 587 and 465 are not any longer: r...@esse:~# grep '\*:465' /var/lib/tor/cached-descriptors|wc -l 296 r...@esse:~# grep '\*:587' /var/lib/tor/cached-descriptors|wc -l 297 r...@esse:~# grep '\*:25' /var/lib/tor/cached-descriptors|wc -l 1127 r...@esse:~# If you're using TLS on port 587 then some information will be sent in plain text for the exit node to sniff. The welcome banner, and the EHLO request/response. If you can use SSL on connect on port 465, then nothing is sent in plain text. Other than DNS leaks, you need to make sure Thunderbird doesn't leak any other information in the EHLO or the headers when sending mail. -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Vidalia Bundle and RSS in Thunderbird 3.0
* on the Tue, Dec 29, 2009 at 09:54:33AM -0600, Programmer In Training wrote: r...@esse:~# grep '\*:465' /var/lib/tor/cached-descriptors|wc -l 296 snip God I hope you're not using your root account as your normal user account. I don't, no. I just su'd to root to get access to /var/lib/tor drwx--S--- 3 debian-tor debian-tor 4096 2009-12-29 12:09 /var/lib/tor/ -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Google DNS
Google launched a free recursive DNS resolver service today: http://googleblog.blogspot.com/2009/12/introducing-google-public-dns.html It doesn't hijack NXDOMAIN or do any other sort of filtering. Just thought I would mention it as the topic of countries blocking DNS lookups or Exits using OpenDNS comes up every so often. -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reduce hops when privacy level allows to save Tor network bandwidth
* on the Wed, Nov 18, 2009 at 12:08:10PM -0500, Marcus Griep wrote: Yes, they should. However, just because people shouldn't be doing something doesn't mean you should ignore the fact that they are. Responding to a deficiency in an area which Tor does not attempt to solve is a poor use of resources. That's fine, as long as you're assuming that people only use Tor when they need strong anonymity. As soon as you realise that people who don't need strong anonymity are using it as well, your point fails. Whether or not they *should* be doing so is irrelevant. The options are: 1.) Ignore that they're doing it 2.) Prevent them from doing it 3.) Make their impact smaller when they are doing it I choose 3. There are many use cases where that level of protection isn't required. -- In that case, use a tool better suited to your goals. Again. Whether or not people *should* be using Tor under these circumstances is irrelevant. The point is, they are, and how to deal with it. Now, if you were interested in coding this piece, and you felt it a good use of your resources, then it might be worthwhile. However, remember that every choice given to the end user is a chance for the end user to make a bad or misinformed decision. Tor has bandwidth issues that come with multiple routing hops. Many users just want Tor faster, but often are not savvy enough to understand that reducing the number of hops, even by one, severely limits the Tor's ability to hamper tracking efforts. As such many may choose to reduce their hops, and get faster usage, but falsely believe that just because it is still Tor, they can't be tracked. I prefer the concept of combining safe defaults with more choice. If people are afraid for their life, they're not going to reduce the number of hops from 3 to 2. -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reduce hops when privacy level allows to save Tor network bandwidth
* on the Thu, Nov 19, 2009 at 07:43:01AM -0500, Andrew Lewman wrote: That's fine, as long as you're assuming that people only use Tor when they need strong anonymity. As soon as you realise that people who don't need strong anonymity are using it as well, your point fails. Whether or not they *should* be doing so is irrelevant. The options are: 1.) Ignore that they're doing it 2.) Prevent them from doing it 3.) Make their impact smaller when they are doing it I choose 3. You are going to BMW asking them to include features from Ford, because you personally like some features found in Ford trucks. If only BMW cars would include these features, then you'd buy a BMW and stop complaining about the lack of Ford features. That is the worse analogy I've ever seen. It's terribly constructed and doesn't bare even the slightest resemblance to what is being discussed. Please try again. Or don't. This is the borderline definition of trolling. No it's not. I've not done anything which would suggest I was trolling. Random claims that somebody is trolling in order to discredit what they're saying ... now *that's* trolling. Until the research shows less than three hops is as safe as the current three hops, we as the Tor Project are not changing the default number of hops. Are you suggesting that I said something about changing the default number of hops? I explicitly stated the *opposite* of that. Your first language is English right? If you want simple circumvention without strong anonymity, there are ten thousand or so open proxies in the world, which are free. If you want strong anonymity, use Tor. The current research on anonymity networks is conveniently collected for you at http://freehaven.net/anonbib/. Cypherpunks write code. Feel free to write code so you can screw your own anonymity with the speed and efficiency you claim to want. Others have already done this; some even got talks at blackhat or defcon for changing a line of code or two. Google search has your answers. You keep talking as though it is *me* who wants this capability. For myself, I want a 3 hop circuit, but I want more bandwidth available to me. In order to get more bandwidth, I want those who *can* use a 2 hop circuit to do so. This is one of those ideal/practical arguments. Idealistically, Tor would only have 3 hop circuits and those who want simple circumvention wouldn't use it. That doesn't make it the practical truth of what is happening though. -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reduce hops when privacy level allows to save Tor network bandwidth
* on the Tue, Nov 17, 2009 at 03:26:10PM +0100, Georg Sluyterman wrote: The following occured to me. Tor is designed to protect users from traffic analysis by very technical adversaries. There are many use cases where that level of protection isn't required. In those cases, if there was a config option to reduce the number of hops in a circuit to 2 (or possibly even 1), then users would be able to get themselves a more responsive circuit, whilst saving the Tor network overall bandwidth. In a three hop circuit, when x contacts y, the Tor network ends up having to transfer 4X the data: x -(1) Entry -(2) Middle -(3) Exit -(4) y In a 2 hop circuit it only has to transfer 75% of that: x -(1) Entry -(2) Exit -(3) y If you send a 1 kByte packet through a Tor node (lets forget the overhead for now), the Tor node has to download the packet and upload it to the next node (or endpoint) which equals 2 kByte traffic on the internetconnection for the specific Tor node. If you send a 1 kByte packet through Tor (again forget about overhead) the traffic used in the network will be ~6 kByte (packetsize * 2 * number_of_hops). If you send through two hops instead of three, you will genereate 4 kByte traffic instead of 6 kByte. Thats 67% not 75%. You are forgetting that between nodes, the packet has to be uploaded _and_ downloaded again (both things cost bandwidth). All of that is wrong. You're assuming that Node1 transmitting to Node2 and Node2 receiving from Node1 are two separate streams. My diagram has numbers where each transfer takes place. The first diagram has 4 transfers and the second diagram has 3 transfers. With regards to reducing the number of hops i agree with Andrew about using something else than Tor. People are going to use Tor even if they don't need strong anonymity because it is free, and because it has certain desirable attributes that other things such as VPNs don't give you. Given that they're going to use Tor, why not minimise the amount of bandwidth they're using in the process of doing so. -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reduce hops when privacy level allows to save Tor network bandwidth
* on the Tue, Nov 17, 2009 at 09:03:42AM -0500, Andrew Lewman wrote: On 11/17/2009 08:57 AM, Erilenz wrote: The following occured to me. Tor is designed to protect users from traffic analysis by very technical adversaries. There are many use cases where that level of protection isn't required. In those cases, if there was a config option to reduce the number of hops in a circuit to 2 (or possibly even 1), then users would be able to get themselves a more responsive circuit, whilst saving the Tor network overall bandwidth. People who don't want strong anonymity should use VPNS, single-hop proxy providers, or setup an ssh tunnel somewhere. Yes, they should. However, just because people shouldn't be doing something doesn't mean you should ignore the fact that they are. -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: all traffic through a VPN on top of tor, done!
* on the Fri, Nov 13, 2009 at 04:28:20PM +, John Case wrote: Second, it sounds like you want to protect against a local attacker from seeing your traffic. If so, go to proxy.org, find an https:// or vpn-based provider and enjoy your encrypted protection against your local ISP seeing your destination. If you actually want anonymity, then use Tor as is, for it's designed to provide anonymity online by default. Yes, but back to my thread hijack :) Let's say my protection model does indeed require Tor, but at the same time requires more speed. Forcing Tor to only use fast nodes probably doesn't work, since those fast nodes are probably inundated just like the slow ones are. This also suggests that organic growth in the Tor network is not going to solve much of the speed problem in the near term... existing users will certainly use more and more traffic. If you're only concerned with hiding where you're connecting to from your neighbour, you can modify the source code fairly easily to make two hop circuits instead of three hop circuits (*). You could then limit the ExitNodes to be fairly local (your own country), and then after a little trial and error, manually pick a group of EntryNodes which are also in your own country, and which perform well for you. High bandwidth University nodes for example. One thing you absolutely don't want to do is use a Hidden Service for your VPN as that doubles the number of hops in the circuit. (*) I can't remember how though. Google it. -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Reduce hops when privacy level allows to save Tor network bandwidth
The following occured to me. Tor is designed to protect users from traffic analysis by very technical adversaries. There are many use cases where that level of protection isn't required. In those cases, if there was a config option to reduce the number of hops in a circuit to 2 (or possibly even 1), then users would be able to get themselves a more responsive circuit, whilst saving the Tor network overall bandwidth. In a three hop circuit, when x contacts y, the Tor network ends up having to transfer 4X the data: x -(1) Entry -(2) Middle -(3) Exit -(4) y In a 2 hop circuit it only has to transfer 75% of that: x -(1) Entry -(2) Exit -(3) y -- Erilenz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor/Iptables Question
* on the Wed, Aug 19, 2009 at 02:00:01AM -0400, Ringo wrote: One problem I've continually run into while trying to setup a secure tor virtual machine for browsing is that I have to allow it access to localhost (to connect to Tor). Is there a way in iptables to say deny localhost access to all local ports except xyz or even better say deny user access to all local ports except xyz Thanks for any help people can offer, I prevent all users other than root from connecting to the Tor Control port with an iptables rule which looks like this: iptables -A OUTPUT -o lo -p tcp --dport 9051 -m owner ! --uid-owner root -j REJECT You should be able to modify that for your own purposes. -- Erilenz
Re: Stable releases - old versions
* on the Thu, Jul 30, 2009 at 11:51:39PM -0400, grarpamp wrote: Related to the blox* thread. When 0.2.0.3x was marked stable, I went through and mailed all the contacts running old versions. Some profusly thanked, some silently updated, some ignored. It would be handy if... Upon marking and releasing a new stable branch, include in the release notes what the minimum recommended versions are and why [security breach, crashing, performance, needing to break backward compat going forward, etc]... only the really major reasons, just a few quotable lines. Some people were like, why bother? Make the contact field more of an encouraged option to use. Maybe only a third of nodes had valid addresses. I like this idea. Perhaps the various package maintainers could be lobbied to update the installation scripts to request a valid contact email address on installation/upgrade? Make Tor emit a logline hourly or at least daily when it notices that it is old. Much more likely to stick out like that. Perhaps graduate the verbosity/capitalization if it detects itself is not in the current stable branch or older. As well as logging, perhaps Tor should make an effort to send an email to the local root account when it detects it is too old. Obviously, that wont work in many instances, eg Windows Tor servers, but it would be an additional contact route... -- Erilenz
Re: Yahoo Mail and Tor
* on the Fri, Jul 10, 2009 at 01:44:22AM -0500, Scott Bennett wrote: A long time ago I think there was a problem with the .exit... in the URL being passed along to the website in the GET (or other) requests, which sometimes caused problems. Somebody correct me if I am wrong, but I believe now something in the tor chain of software (client, relays, exit) filters that out. I should think that such a bug would have had to have been inside tor, not privoxy, if it indeed existed. Consider the process of privoxy making a connection via a tor circuit to a destination IP address and then requesting a page. An unproxied browser will first resolve a name to an IP address and then connect to that IP address. When proxied through privoxy, privoxy passes the entire hostname.domainname.Nickname.exit to tor instead of an IP address when requesting an exit connection to the destination system. The exit node itself then does the name-to-address resolution and establishes the connection to the resulting IP address. Next, privoxy sends an HTTP GET request, which contains no hostname, domainname, Nickname.exit, nor IP address through the connection to the web server at the other end. The web server reads (or has cached) the page contents from the filesystem path given in the GET relative to the base of the server's directory tree (i.e., everything *starting* with the third slash in the URL and continuing to the end of the URL) and then sends the file contents back through the connection toward the requesting system. Of course, some parts of that path may actually be other kinds of arguments that will be processed by the web server, that fact has no bearing on the process described here. That doesn't sound completely accurate to me. Specifically the sentence Next, privoxy sends an HTTP GET request, which contains no hostname, domainname, Nickname.exit, nor IP address through the connection to the web server at the other end. If I'm proxying through Tor and I type this into my browser: www.google.com.example.exit My browser asks the proxy for a connection to www.google.com.example.exit Once my browser receives the connection, it then sends this down it: GET / HTTP/1.1\r\n Host: www.google.com.example.exit\r\n \r\n The problem is that some web servers have multiple websites on the same IP and they decide which website to serve by looking at the HTTP Host header. So you need privoxy/polipo to strip the example.exit from the HTTP Host header before forwarding on the actual HTTP request, so it sends this instead: GET / HTTP/1.1\r\n Host: www.google.com\r\n \r\n -- Erilenz
Re: Firefox video tag
* on the Tue, Jun 30, 2009 at 09:56:05PM -0400, Gregory Maxwell wrote: Firefox 3.5 was released today. Has anyone investigated the new video tag that it supports with regards to whether or not it can cause leaks with Tor? video and audio should have exactly the same attack surface as img has. Thats one of the benefits that firefox's approach of building the codecs internally rather than invoking an external media framework (like safari does) should have. I've been hoping very much that tor would not ultimately need to filter these??? So as long as Firefox doesn't invoke an external media player for any video type it supports, it's safe for Tor? Perhaps it's worth keeping an eye on it in case they introduce a new video type which uses an external player which bypasses the proxy settings? -- Erilenz
Firefox video tag
Hi, Firefox 3.5 was released today. Has anyone investigated the new video tag that it supports with regards to whether or not it can cause leaks with Tor? -- Erilenz
Moxie Marlinspike
http://blog.internetnews.com/skerner/2009/02/black-hat-hacking-ssl-with-ssl.html There's nothing in there that we didn't already know was possible, and I realise it's not a Tor specific flaw. I just read this paragraph and thought I'd pass it on here: Marlinspike also claimed that in a limited 24 hour test case running on the anonymous TOR network (and without actually keeping any personally identifiable information) he intercepted 114 yahoo logins â 50 gmail logins, 9 paypal, 9 inkedin and 3 facebook. So apparently the tool works - and works well. Lots of people simply don't know how to use Tor safely. I wonder if something could/should be built into TorButton to force a list of commonly used services to go entirely over https? Eg any request for ^http://mail\.google\.com/.*$ Also, how feasible would it be to add a popup which says something along the lines of: You are about to post unencrypted data over the Tor network. Are you sure you wish to proceed? -- Erilenz
Perl modules
Hello, I just checked CPAN, and I can't find any modules related to Tor. Not even a module for talking to the control port. Are there really no Perl modules for manipulating Tor, or are they just hidden somewhere else online? -- Erilenz
Re: Limiting hops
* on the Mon, Nov 17, 2008 at 01:05:27PM -0800, Marc Erickson wrote: I use Tor on my laptop to encrypt wireless packets when connecting to an unsecured wireless network. Is there a way to limit the number of hops the packets take through the servers so that I can better the speed? I only need one hop. I'm running Windows XP. By using Tor for that purpose, all you're doing is making it so people running Exit Tor nodes can sniff your traffic, rather than people watching the unsecured wireless network. I wouldn't automatically assume that reduces your chance of having your traffic sniffed. It might even increase the chance of that occuring. -- Erilenz
Re: Hidden service route
* on the Tue, Nov 11, 2008 at 05:50:08PM +0100, Karsten Loesing wrote: If I connect to a Tor hidden service am I right in thinking it goes like: Web browser - Tor client - Entry Node - Middle Node - Hidden Service No, that's not how it works. There are 6 nodes between you and the hidden service, three chosen by the hidden service, three chosen by you. See https://www.torproject.org/hidden-services for a description of the hidden service protocol. Ah, I got that quite wrong. Now I understand, rendevouz, and why hidden services through Tor are so much slower than normal services. Thanks. -- Erilenz
Hidden service route
Hi, If I connect to a Tor hidden service am I right in thinking it goes like: Web browser - Tor client - Entry Node - Middle Node - Hidden Service If I then change routelen to '2' in circuitbuild.c as per http://www.mail-archive.com/or-talk@freehaven.net/msg08747.html does that give me: Web browser - Tor client - Entry Node - Hidden Service -- Erilenz
Re: is tor an email mixmaster?
* on the Sun, Nov 09, 2008 at 10:43:29AM -0800, Christopher Davis wrote: someone has setup an open SMTP relay as hidden service: oogjrxidhkttf6vl.onionport: 587 May be, it works. I did not test it. :-( Unfortunately, this doesn't seem to be running. The idea is interesting, though. It would be prudent to enable spam filtering and/or hashcash for a service like this, of course. Yeah. I've heared that relay mentioned several times before, but I've never been able to connect to it. I can connect to other hidden services fine. You're the first other person I've come across that has either confirmed it working or not working. -- Erilenz
[no subject]
If you run as an exit node, it's my understanding that you also act as a middleman node. Would it be possible, and would it be a good idea, to add an option such that you only act as an exit node? It seems a bit of a waste to use potential exit bandwidth as middleman relaying bandwidth when exit bandwdith is more scarce. -- Erilenz
Re: Google searches
* on the Fri, Oct 24, 2008 at 08:32:23AM -0400, Alessandro Donnini wrote: For the past month or so, I have been unable to consistently run web searches via Google using a Tor-enabled browser. Use https://ssl.scroogle.org/ instead. It's a wrapper around Google. -- Erilenz
Re: Performance
* on the Wed, Oct 22, 2008 at 04:49:35PM +0200, Martin Balvers wrote: I have changed the route length to 2 hops How did you manage to do this? I know you have to edit the source code, but what specifically needs changing in it? I remember attempting this a while ago but haven't looked recently... -- Erilenz
Multiple machines using Tor behind NAT
Hi, I have several local machines behind NAT which I want to use Tor. Would I get better performance by installing Tor on each of them, or by having a single machine with Tor on and then pointing the web browsers on each of them at the proxy on that box? If I were to install Tor on each of them, would it be possible for an observer to see that there are several copies of Tor running from machines on the same IP? I'm guessing that it would be obvious because of the increase in the number of directory requests? If I were to install it on just one box and then point all the other boxes at it, wouldn't I end up putting all the traffic through a smaller number of circuits and thus having a slower network? -- Erilenz
Re: Default ORPort 443 [was: Re: German data rentention law]
* on the Sun, Oct 19, 2008 at 07:14:31AM -0500, Scott Bennett wrote: Besides, opening ports 1024 usually requires root-privileges, which could introduce serious security issues if an exploitable flaw were found in Tor. You can still advertise port 443 as your ORPort and listen on 9001, but this requires some port-forwarding magic, which is not entirely feasible for a default configuration. (But your other reason is sound as well) Also good points. Another is that an unprivileged user on a multi-user system may wish to run a tor relay, which would require a few configuration tricks, but should definitely be doable. However, as you point out, an unprivileged user ought not to be able to open a secured port, so the default should not be a port in the secure ports range. I just took a quick glance and there seem to be at least a couple of hundred nodes running an OR port on 443, so people must be taking note of the documentation at http://www.torproject.org/docs/tor-doc-relay.html.en -- Erilenz
Re: Tor 0.2.1.6-alpha is out
* on the Sat, Oct 11, 2008 at 09:00:05AM -0400, Roger Dingledine wrote: - Allow ports 465 and 587 in the default exit policy again. We had rejected them in 0.1.0.15, because back in 2005 they were commonly misconfigured and ended up as spam targets. We hear they are better locked down these days. Thank you for this one. There already seems to be a lot more hosts exiting on 465/587 spread across many more countries, compared to last time I checked. -- Erilenz
Re: unsubscribe
* on the Fri, Oct 10, 2008 at 02:44:46AM +0200, sigi wrote: unsubscribe me. Please write your Mail to [EMAIL PROTECTED] with mailbody including: unsubscribe or-talk btw: When finally will list-subscribers check their mailheaders for this? It would never have occurred to me to check the headers either, so perhaps you are being too hard on them. Possibly I was too hard on this, but this unsubscribe-question comes so often on all mailinglists, that it bothers a lot nowadays... and it's been answered frequently already - so often... Some people are just too lazy to look into how to unsubscribe from a mailing list properly. I'm sure a 30 second google would have been sufficient, but they'd rather email everyone on a mailing list asking that information instead as it involves engaging less brain cells. -- Erilenz
Re: Geode: some more headaches for TorButton? :-P
* on the Thu, Oct 09, 2008 at 01:11:37PM +0200, Tom Hek wrote: It's really scary when a random website can request your physical location imo.. I really hope you can disable that shit in the new version of Firefox when they include it.. Rather than adding to the speculation, I thought I'd actually test the plugin. Whenever a site requests your location, your browser asks permission to send it, and also allows you to specify how much granularity to provide. You can also tick a box to make your browser remember those settings for a particular website. This is no risk whatsoever. They'll almost certainly include an option to turn it off altogether, but even if they don't you have to explicitly state that the website is allowed to see your location. -- Erilenz
