Re: court trial against me - the outcome
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew Del Vecchio wrote: > Mark, > In absentia was always there, it just wasn't SOP like it is now. BTW, > are you familiar with jury nullification? It was a victim of the last > round of substance prohibition in the 20s and 30s. Essentially, jurors > have the (no longer honored) right to find a defendant 'not guilty' if > they feel that the law he is accused of breaking is BS. See > http://fija.org/ for more details. > > ~Andrew (much snippage) It's a shame they don't have that right any more. Laws have a purpose IMO, but they should go only as far as is absolutely necessary. - -- F. Fox CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHS2jLbgkxCAzYBCMRAlSOAJ4/jZkKq90Vf1N/4wkVA5ouDMK6hQCePLhA wiVmnptp8rO/kjp1IDdjPy4= =ItIV -END PGP SIGNATURE-
Re: court trial against me - the outcome
Patrick Hooker wrote: > Hi Mark, everyone, (much snippage) > While there are > plenty of us who are still alert and doing what we can, the vast bulk > of of US population reminds me of the sheep in Orwell's "Animal Farm". > Concerning Tor and the Internet,I think it's extremely important that > we find and maintain secure, private means to communicate and make use > of the Web. My hat is off to the developers of Tor and other software > aimed to keep us free. Hehe - interesting that I've used the "sheep" analogy before myself. It's the whole idea that most people are simply sheep, following blindly the guidance of a few (at least semi-) charismatic "shepherds." -- F. Fox Owner of node "kitsune" CompTIA A+, Net+, Security+
[Politics/Legal] Re: German Tor Legal Fund
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Onion wrote: > Alexander W. Janssen wrote: (snip) > > (ignore at will) > > First of all, I'm not fond of political discussions in tech groups, > but in this specific case of an aid, that was developed not least for > sociopolitical reasons, motivating statements can't be misplaced. (snip) Here's an idea: Perhaps we could voluntarily tag the subject lines of sociopolitical/legal-type messages, so people who want to ignore or filter them can. My proposition is in the subject of this email. - -- F. Fox CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHUxcEbgkxCAzYBCMRAjjKAJ4/53vwclaanVlyXEkiOanctv2IewCfcOBz v4waOhebilkXY/Y5SeOVkIU= =83n4 -END PGP SIGNATURE-
Re: Nice quiet, private, anonymous life??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: > Not a professional techie, since running an exit node this fall I am > being habitually banned from Google, Charter has asked me to stop > spamming, and now today the police are at my door looking for Tobias. (snip) > > Hope this post goes to list, can't find list post commands. > It made it to the list. =:o) In any case, I set my node up as "middleman" from the beginning. Given that I'm just running from my home, I wouldn't have a whole lot of backing to defend from legal or police troubles; running as a middleman allows me to provide capacity to the network, while avoiding most of the liability (potentially) carried by exit nodes. As others have suggested, I strongly recommend trying "going middleman" before leaving the network completely. Taking an occasional peek at my Tor service via TCPView (shouldn't be a problem, since I'm only connected to other nodes), you'd be surprised how much utilization I get even as a middleman! =:oD Every little bit of bandwidth helps. - -- F. Fox CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHUxmLbgkxCAzYBCMRAkmKAKCOIqmLACMxAckS5UusOLF7fGgNHACgkVaK doirLmxSDOzuFRlpId0nVSI= =+7/B -END PGP SIGNATURE-
[Political/Legal] Passing ideas on German Tor nodes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Just a couple ideas I had, regarding the issue of German Tor nodes and the upcoming data retention policies; keep in mind that my own knowledge regarding the Tor network isn't all that deep, so these may be flawed. However, let's suppose that we're in a time when German Tor nodes are now actively keeping logs of all connections. What would be the best way to: 1.) Protect the anonymity of Tor users as much as possible, while 2.) Attempting to allow some way for German Tor nodes to contribute to the overall capacity of the network. If I read things right, there are two things - barring client misconfigurations or other SNAFUs - that are likely to reveal the identity of a client: * An adversary owning all three Tor nodes in a circuit, in which case the client is *definitely* screwed; * An adversary owning the entry guard and exit node in a circuit, which may allow an end-to-end attack. So, what if a maximum of one German Tor node were allowed in a circuit? Would that achieve both numbered goals? Given the logging, it might be wise to not allow the German node to be the exit node; I'm not sure about the entry guard. I would think that a German middleman node would be safe, though, right? - -- F. Fox CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHUyYtbgkxCAzYBCMRAq+hAJ4rDJLsXT+L6EYDK+jms+skZhotrwCdExnx 3zO/PlzAaT+4+uJu4GWAWks= =wJKO -END PGP SIGNATURE-
Re: Nice quiet, private, anonymous life??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eugen Leitl wrote: > On Sat, Dec 01, 2007 at 02:06:22PM -0700, [EMAIL PROTECTED] wrote: > >> If I was in your position I might consider putting some bulk >> demagnetizers near my hard drives with a panic switch, with backups to a > > Doesn't work, you'd need too many Teslas. Plastique or thermite would work. > Cryptographic filesystem would work, since you only would have to lose > power for a couple seconds. > It might be a bit late for buying and placing explosives or incindieries. =:oD In any case, I'm not about to give advice on explosives, etc. - I'm not anonymized from here, forgetting the fact that it's a moot idea. A cryptographic filesystem is a day late and a dollar short... however, he might be able to start overwriting with something like Darik's Boot & Nuke: http://dban.sourceforge.net To finish would take forever, but IIRC, the Gutmann-style wipe starts with a pseudorandom stream - and if even a single one of those were to complete before they got the drive, they'd need to stick the thing in a cleanroom to get anything (again, IIRC). They don't always do that... software usually comes first. I guess it depends on the value of the data. If something really, really nasty got relayed through your node - like an [alleged] "terrorist threat" or similar hogwash - they might use such a method. But, DBAN's a free, practical, and non-violent idea. - -- F. Fox CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHUyhabgkxCAzYBCMRAsRVAJ9qTRxiTe8iCT2ntp/4WQ6HST6hpgCfYFMD 3GFNNSinPPreEFdMUKfS2qQ= =Z6VG -END PGP SIGNATURE-
Re: Nice quiet, private, anonymous life??
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alexander W. Janssen wrote: > [EMAIL PROTECTED] wrote: >> If I was in your position I might consider putting some bulk >> demagnetizers near my hard drives with a panic switch, with backups to a >> secure unknown location. > > Now this is definitively a bizarre idea... :-) > > That reminds me of the "nuke gateway"-function in the game Uplink[1]. (snip) Although bizarre, this thread is not the first where I've heard of non-electronic panic-button-triggered data destruction mechanisms. Some I've heard of, at least purportedly: * Magnetism; * Incindieries (I can't spell that word worth crap); * Microwaves (the "Firedrive"); * Explosives (the plastique idea from earlier - I don't recommend it). I still think the best idea is a few scrubs of pseudorandom data, and then a sledgehammer to disable the physical mechanism (if you want extra security, and have no intentions of reusing the drive); of course, for the ultra-paranoid, this method will require a while for the PR streams to finish. =:oD - -- F. Fox CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHUzDObgkxCAzYBCMRAo/7AJ9j17R/zzQdzmO+GY1g/Yg7b48fxgCeKdGx 1Q+Asn6zHyb/Z2ujAz5zwVU= =hAMe -END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 coderman wrote: > apologies in advance for veering this far off topic... > > On Dec 2, 2007 2:25 PM, F. Fox <[EMAIL PROTECTED]> wrote: >> [ strange, dangerous, and likely to fail methods for destroying drives ] > > use full disk encryption, even the latest ubuntu supports this. > > destroy the disk keys and you've got platters full of entropy. > > anything else is just a bad idea. > (snip) I don't think much of the aforementioned physical "destruction" methods; I also agree in that full disk encryption is the best way to go, if at all possible. However, given that a system has already been deployed without such encryption, wouldn't secure overwriting be a reasonable way of destroying such data? It'd be slow, and maybe not effective against the most determined (and well-funded) attackers - but at least it wouldn't be dangerous, weird, and violent... =:oD - -- F. Fox CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHU2HfbgkxCAzYBCMRAj0dAJ92NHfJqZVVcK/u99gbWTo0jsSnFACeOSJW EmV8OG+cGBSMlWBGXfqvh1M= =hc2d -END PGP SIGNATURE-
Re: storage privacy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Alexander W. Janssen wrote:
> [EMAIL PROTECTED] schrieb:
(snip)
>> I have not run a tor server, so I do not know the exact requirements.
>> Can it be done from a ram drive?
>
> It could, but you'd need to make sure it doesn't swap/page down to disk,
> which would be bad.
(snip)
This is where ephemeral ("random-key") encryption of swap is *so* much
fun. In that case, not even the owner can decrypt the swap, once the
machine has been shut down, rebooted, or lost power. =:oD
- --
F. Fox
Owner of node "kitsune"
CompTIA A+, Net+, Security+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHVgCUbgkxCAzYBCMRArB/AJ9iObT7LH7JDgEDKYqxAekD5SJvrgCeOv4u
QBV5ruxXMWIEYMevVBcxp40=
=RSmj
-END PGP SIGNATURE-
Re: storage privacy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eugen Leitl wrote: > On Tue, Dec 04, 2007 at 01:35:49PM -0700, [EMAIL PROTECTED] wrote: (snip) >> Most data overwrite programs take too long-you do not have that time >> when they are knocking down your door. > > You have to power down the servers before confiscating them. > You can use a smartcard along with a PIN for a login, or at > least purge the passphrase after N failed login attempts. > > Don't assume Mallory is omniscient and omnipotent. Knuckledragger > forensics won't even find anything out of ordinary. > IIRC, if you have a TrueCrypt volume and you want to permanently disable access to it (instead of relying on its plausible deniability mechanisms) - in a hurry - there are two possible ways: 1.) Securely overwrite the first 1024KB of the volume; IIRC, this contains the actual, fixed volume keys, encrypted with the credentials you've chosen to use. Without this, even the proper credentials will fail to open the drive. 2.) TrueCrypt offers the use of keyfiles as credentials, in addition to (or even in lieu of) a passphrase; these can be kept exclusively on a removable medium of some kind (e.g., USB drive, CD-R). Destroy the medium with the keyfiles, and decryption becomes (basically) impossible. >> A strong magnetic field close to the hard drive will completely destroy >> the data making it impossible to recover. I will also probably fuckup > > Have you any idea how strong the field would have to be? Look it up. > (snip) He should look it up. IIRC, Gutmann's famous paper, "Secure Deletion of Data From Magnetic and Solid-State Memory," dealt with degaussing/demagnetizing as a possible method of data destruction. In short, the strength of the magnetic field would have to be enormous - far more than even most industrial magnets can provide - to properly destroy data on a modern hard drive. (Now, maybe if you could get access to the experimental U.S. Navy magnet that was mentioned... =xoD ) > > I am saying you're talking out of /dev/ass > LOL! =xoD I'll have to remember that one! =:oD - -- F. Fox Owner of node "kitsune" CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHVgOBbgkxCAzYBCMRAqznAJ9g6q6aJXFLFUJikq7rHjuADa76fgCgiqJX yvl/9GIQUkmy4qIi+e6/R/s= =RNcX -END PGP SIGNATURE-
Re: storage privacy (was: Nice quiet, private, anonymous life??)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Scott Bennett wrote:
(snip)
> I'm not a LINUX user, but I would be surprised if there were not some
> similar facility in LINUX, but I haven't the foggiest notion how one would get
> Windows XP to encrypt its swapping/paging file or even whether Windows XP has
> that capability.
(snip)
There are indeed facilities for ephemeral swap encryption in Linux; I've
actually done it by three different methods to date (you'll have to look
up the exact docs used, though):
* Loop-AES module in Fedora Core 4-6 (AES-256, CBC);
* Dm-crypt in Fedora 7 (AES-256, LRW);
* Persistent (passphrase-based) root filesystem encryption from
install-time, via Dm-crypt (AES-256, CBC:ESSIV-SHA256), and ephemeral
("random-key") swap area encryption via the same method (and identical
module, cipher, and mode-of-op), in Debian 4.0.
The first two were before installers included this kind of stuff
(AFAIK), and so I sort of hacked it together using some scripts I wrote;
in the third, the functionality had been integrated into the installer. =:oD
- --
F. Fox
Owner of node "kitsune"
CompTIA A+, Net+, Security+
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHVgWObgkxCAzYBCMRAtD/AJ9k8v9inAREHNkSLzEcf53KzZ3b7gCePOxE
pi54oGaCX5L5sMnoFmAmwlI=
=6LO7
-END PGP SIGNATURE-
Re: storage privacy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 coderman wrote: > On Dec 5, 2007 4:05 PM, <[EMAIL PROTECTED]> wrote: >> ... Have you actually tested using a magnetic field for this ... > > despite the rudeness of some of this thread, (snip) You sure aren't kidding... sheesh! =:o\ > > see http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html > Ah, there's the paper I mentioned earlier. =:o) > this is why full disk encryption is preferable. (snip) "Mmm, strong crypto." - --a playful, likely apocryphal Bruce Schneier quote. =:oD - -- F. Fox Owner of node "kitsune" CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHWJ+pbgkxCAzYBCMRAuKSAKCSaWajd53WzZxlCMLx/JN26YCJ8wCghNSV +si/+HzWm7UZgK7pH6twfPk= =yK6F -END PGP SIGNATURE-
Re: boingboing does tor
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eugen Leitl wrote: > http://www.unwiredshow.tv/2007/12/10/31-using-the-onion-router-network/ > Haha! I love the part where Google goes, "WTF?! Okay." =xoD - -- F. Fox Owner of node "kitsune" CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXbvCbgkxCAzYBCMRAreLAJ4iZsFKxC3pkBMRDLkv1M9vhFWy/gCgjcKJ Ke36hFbAJYPxo1ByDb7Dwok= =nEjO -END PGP SIGNATURE-
Re: Proxies anyone
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric C wrote: (snip) > Does anybody know of any free, public (or semi-public) proxies that I can use? (snip) Hmm... I think there's a bunch of proxies in a place called "Tor..." =;o) *g* - -- F. Fox Owner of node "kitsune" CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXb4WbgkxCAzYBCMRAvdZAJ9DJQAZL2Grv0KkjZfjWA/4cNc+EgCfT5Qu JRIeaFVeDuRTrDUSvyXM3Gw= =EXN3 -END PGP SIGNATURE-
Re: possible DoS attack?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Bennett wrote: (snip) > What I > found that seemed out of the ordinary was many dozens of connections to my > directory mirror port from 83.103.38.65 (fastweb65.ietnet.net) (snip) > 83.103.38.65 does not appear in my cached-consensus or > cached-descriptors* > files, so these are not simply tunneled directory connections from random > sites getting funneled through one tor server in Italy. > Can anyone tell me whether this is legitimate activity or whether I > should > begin blocking it at my router to encourage it to go away? (snip) It sounds mighty suspicious, in my opinion. If I recall correctly, directory mirroring is based on HTTP (hence, why it's encouraged to host it on port 80 for "fascist firewalled" folks, if at all possible). Therefore, it would be vulnerable to any "fundamental" attack (i.e., based on the nature of TCP or HTTP) that any Web server would be. Given that the system you mention doesn't seem to be a Tor node, I say that if it's not an attack, then something's pretty weird. I'm no expert, but I say block the offending system. Does anyone else concur? - -- F. Fox Owner of Tor node "kitsune" CompTIA A+, Net+, Security+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXzJobgkxCAzYBCMRArCRAJ0Xv7oRjoXcnHuETZ7vn6k4IpsaGwCfcJ9t sfTLWKVAzbOMtURdnEswPW0= =F8zz -END PGP SIGNATURE-
Re: Why does TOR stream data when it’s not in use?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MORTEN HAGEN wrote: > Hi, > > I’m new to TOR. I’ve been using it for some weeks for online privacy. > > I’ve installed TOR and Privoxy from the latest Windows Vidalia Bundle > and configured my Internet Explorer 7 manually. Everything seems to work > fine when I test my connection on such testing sites on the internet. > > My question is: When I start Privoxy and TOR, my computer starts > immediately to stream data over the internet. It mostly downloads, and > sometimes it downloads 1MB of data each minute, or more, for a long > while. It also sends data, but in a much lower rate. (snip) AFAIK, when activated, Tor will: 1.) Download some directory information - this can be quite a bit, if it's the first time Tor's been run on a particular install; 2.) Send some data for the purpose of opening up a few circuits, so it's ready for use when an application wants it. If by "a long while" you mean more than a couple of minutes, I'd say that's pretty odd - that's much more than is needed for a directory download (IIRC). > Is every TOR user a TOR Server or Exit Node as well? (snip) By default, Tor will act only as a client; it will not relay data, nor act as an exit node. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHXzbFbgkxCAzYBCMRAs3NAJ4pKP3bfyZ33mxLYGc61TrdKINUOQCfZ6iR KqdImPJTy/ch46FoTiLAI3w= =T8az -END PGP SIGNATURE-
Re: tor26 missing certificate messages today
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Roger Dingledine wrote: > On Sun, Dec 09, 2007 at 11:42:22PM -0600, Scott Bennett wrote: >> Dec 09 16:03:08.509 [notice] We're missing a certificate from authority >> tor26 with signing key : launching >> request. >> >> Does anyone know the reason for these messages? And the reason why they >> eventually stopped appearing 53 minutes later? > > This is a bug (either with logging or some deeper confusion) that was > triggered by adding a fourth v3 directory authority. I still don't know > what the bug is, which means it's a good bet it'll show up when we add > the fifth. :) > > But it seems to have resolved itself after one voting period, so I am > not too worried. > > --Roger > Thank God for self-resolving bugs/errors that don't (or at least don't seem to) have security implications. =:o) Now if only more were like that... =;o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHYyVqbgkxCAzYBCMRAtmMAKCCI14HC3MCeWYghE6s7kXZXzIFQQCdFmwg aZ6OUr6JuaTNLA8W19iHENY= =d1we -END PGP SIGNATURE-
Re: Best Hardware for TOR server..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Bennett wrote: > On Thu, 13 Dec 2007 08:31:43 +0100 Eugen Leitl <[EMAIL PROTECTED]> > wrote: >> On Wed, Dec 12, 2007 at 10:44:17PM -0800, algenon flower wrote: >> (snip) >> >>>behind a Linksys Firewall Router. >> Make sure this is not your weak spot. OpenWRT is a good firmware here. >> In general, it is always a good idea to buy a WRAP or ALIX (or its >> Soekris equivalent) piece of kit, and flash it with a decent firewall, >> like m0n0wall or pfSense. > > I've had problems with every Linksys router I've dealt with so far, > but mainly with wireless service. The built-in DHCP server, when presented > with a request from a machine to which it has already issued a lease, fails > to recognize that that machine is a current leaseholder and to issue it a > copy of the existing lease. Instead, it denies the request. This is a > worse problem for Windows than for FreeBSD in that Windows is far more > likely to decide it has lost contact with a Linksys wireless router than > FreeBSD is. (snip) My Linksys router is a wireless one - albeit with a custom firmware. However, the machine running "kitsune" is hard-wired to its Ethernet switches; I'd never run a service over a wireless link. IMHO, it's far too flaky. (Regardless, the WLAN is - of course - running WPA2-PSK/AES with a 63-character pseudorandom key, for my own piece-of-mind...) >>>**Comcast always adds their own modem, I am wondering if the usual > > Not necessarily so. We saved a small amount per month by providing > a modem and router ourselves. Comcast's equipment was returned to them, and > they stopped billing for it. (snip) Good point - I bought a modem outright, and I no longer pay a rental fee (I've owned the router from day one). Well worth the investment, IMHO - it'll pay for itself within a year, under many plans. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHYyvIbgkxCAzYBCMRAl9BAJ0W5AODjCblxidTSmvE/CqgpqUcbACfQNon hBLH9yM+XOq16euR+e2GglA= =GYO7 -END PGP SIGNATURE-
Re: Best Hardware for TOR server..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Holstein wrote: (snip) >> all behind a Linksys Firewall Router. > > This will be a problem. Cheap-o routers don't have enough memory to > manage huge state tables. You'd be better off getting a second NIC card > for the PC and just using the server to firewall/NAT your LAN, in > addition to running TOR. If that scares you, just re-use an old PC and > run Smoothwall on it (or any of the other many "appliance" distros that > do this). > As long as the bandwidth you're passing through is relatively low, you might get by with a custom firmware which lets you increase the size of the conntrack state table. Mine's a Linksys WRT54G v4, running HyperWRT+Thibor; I upped it to the max allowed (8192 connections, 600 second timeout) without any problems (and there's three machines behind it, one of them running virtual machines). Two caveats: 1.) The Linksys WRT54G v4 was the revision of that model with the most CPU and RAM, others had less; 2.) If you're running a high-bandwidth node - and if you're not, it'd be a waste of that nice shiny box of yours (unless you have it do other things) - I doubt 8192 connections would do it, and you probably should take Mr. Holstein's suggestion. >> My service provider will most likely be Comcast cable broadband. >> > > YMMV, but Comcrap will axe you if they know you're running servers, and > they WILL know that if you decide to run an exit, because they'll get > lots of complaints about it. I lost count of the number of complaints > mine generated, but I still have copies of the various subpoenas I got (*). (snip) That sucks. What about if he runs a middleman node? - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHYy7wbgkxCAzYBCMRAnb/AJ4h3Gfk1+b1y/X9KvSwRqqlZ/xM4gCgjBtK XNrbOqd+RIo5VT0dCkcTf4U= =n3h6 -END PGP SIGNATURE-
Re: Best Hardware for TOR server..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 algenon flower wrote: > Hello TOR developers, experienced users > I am planning on getting my TOR server up again using new hardware. If > any of these things won't work well with a TOR server, plz let me know. > Because of difficulty in the past when I was using minimum hardware > specs, I now will be setting up my TOR server on a dedicated machine > with this physical architecture: > P4 processor @ 3GHZ, Intel MB, 2GB DDR2 RAM, 80 GB SATA HD, all behind > a Linksys Firewall Router. (snip) > My main question here is whether or not Comcast's modem will work well > with a TOR server, or, if I need to upgrade *that too* (snip) > The whole thing will be on RedHat Enterprise Linux. (snip) That machine will be more than adequate - mighty nice of you to "donate" the resources of such a nice piece of hardware to Tor! =:o) (I like the OS, too. =xoD *g* ) Your cable modem should work fine; the minimum requirement for a Tor server is only 20 kilobytes per second each way. I'm running "kitsune" over a Cox cable modem, through a Linksys WRT54G (v4, running the Thibor 3rd-party firmware); believe it or not, it's actually a shared machine, not dedicated. I have "kitsune" throttled to 20KB on BandwidthRate, but allow 40KB under BandwidthBurst; those figures aren't solid, as I'm always experimenting with things (I have to balance the usage of the network - with several computers - against services pointed toward the Internet). You might be able to allow more bandwidth; you'll have to play with the values, if your connection dies while leaving them blank (which causes Tor to attempt to automatically judge your bandwidth, IIRC). - --- That all being said, just be sure to forward the OR port you choose from the router, to the server (and if you have enough bandwidth, the DirPort also). (One of the nice things about the router port forward, is it makes it ridiculously easy to offer Tor on port 443, while binding to something non-privileged on the server itself; I know Cox allows listening on 443, so that's what I did.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHYymabgkxCAzYBCMRAixWAJ4iVmMfc2H1SbQgGEwnuB/bcEr8QwCeIDhL boqn6A/CZ6/eVqG94jTMwkw= =vIkd -END PGP SIGNATURE-
Linksys routers in relation to Tor (Was: Re: Best Hardware for TOR server..)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael Holstein wrote: (snip) > Yeah, but the "standard" store-bought WRT54G (ver 6) is only 8mb. (snip) v5+ sucks! I was actually talking with a friend the other day about the issue... and we agreed that we'd rather buy a v4 or lower used, than to buy the v5 or beyond new - regardless of price. Interesting to hear about the GL, though - I'll have to keep it in mind. =:o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHYzCxbgkxCAzYBCMRAq/MAJ9BspRM2j9yRJ6JFbaEAROxCyjCHwCgig+8 uSlIV2jwTjWW5tScVV5xdyI= =UKKV -END PGP SIGNATURE-
Re: Hello, about Best Hardware...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 algenon flower wrote: (snip) > I really don't like the notion of setting up a TOR server > w/out a firewall. It just sounds like an invitation to certain disaster. (snip) I think running *any* system in this modern age without some kind of firewall protection - even if it's just software on the end box itself - is an invitation to disaster; doing it with a server is suicide. =:oD > Does anyone have a favorite distro of Linux to work with .rpm versions > of TOR? I might change to an easier Linux to use than RHEL if other main > OS are better w/TOR. (snip) I've used .rpm packages with Fedora (first 7, and now 8) - they seem to work just fine. However, some of the packages for Debian (see the wiki for where to get them) look a bit better IMHO, particularly from a security standpoint. One site provides modified scripts for running Tor in a chroot() - which can help isolate a security breach (assuming the process sheds its root privileges after chrooting - which the Debian mod does [I've tried it]). In the end, it's up to you - just be sure to keep Tor up-to-date. =:o) PS: My GPG key - obviously - has changed; I wanted a long RSA key, due to the ease of using better hash algorithms. The new key is signed by the old one, and I've updated "kitsune"'s ContactInfo to match the new Key ID, algorithm, and size. (The old key is still valid, though.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHZa47bgkxCAzYBCMRCKgiAJ4rbgZ8PPyjl5znMEePXQ4ZFx9IPwCdGH4z jlx036n/35Fu3mM/DiglrBI= =zdT+ -END PGP SIGNATURE-
Re: Hello, about Best Hardware...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Gregory Maxwell wrote: > On Dec 16, 2007 6:01 PM, F. Fox <[EMAIL PROTECTED]> wrote: >> I think running *any* system in this modern age without some kind of >> firewall protection - even if it's just software on the end box itself - >> is an invitation to disaster; doing it with a server is suicide. =:oD > > This is WindowsPC thinking. > (snip) > > Can firewalling be useful even in this situation, yes, but to call it > "suicide" is non-sense. I suppose old habits die hard. =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHZdprbgkxCAzYBCMRCEp0AJ9JVDYRJG+SirPTErDcc3AaWLfe3ACfc/Si hWXrERh1jaViSV3JwbZ0Des= =KQqP -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael Holstein wrote: (snip) > I'm not a mathematician, but it can't be wise to store multiple copies > of the same plaintext encrypted by the same cipher using different keys > .. much crypto has historically been broken that way. (snip) Historically, this is very true; also, the greater the amount of such material available to an attacker, the more likely such an attack would be successful. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2cbGuj8TXmm2ggwAQg8xA//ZNoJOyGDGHLf0hDu2TGwHOEI2oo4nSUk OH4BANuRH6niLMXjjpv/ZMtzmCjZSCJpQNJcvNdN48mFEYprfuJZzN86jxAvMaji BChKwspK4BtzuYxTs2MOcetjLXboY/dLgzSj+Fh6DRbz93ouRzOyVM8xu8gxQcuO +67fT/FoXzK/y/X93NkfHPdJ+w/Dgi0QYxECm7GdzY9Dhz9g7eet30ghK5qWy+HO s6jzSqvVJnUxFUt3Hn/zCrlK/h8HjwSvAuhW/X6JskpGZ4t/RvamVJ2BB2MQasCY oD1MaQgVNqaePh/E14HTk53HxDU2NgJIchlZC7DUtpgP3vGsZ4piLYB9BjnwLFto sYGA62StYOgb4Uj0FpV2uNsmuOuJQNiK+y9oT9MU1kDYteo/dMe9q3BpZT1kr/M6 jsH7kIBKFHmSqmNQX89ccGSaFi39threfL1arS6H9Q9MuVqrXJnPZlTssBA1v2iy QJi8Q5rZioXbx2QA5NB2Oafs0MjRl48WqTiWXp+wqWiq3xSClR7PABLlXoFyGm0z fYOVnCqrFCuVFcMD2mBgbA5fQwRatfxtJnov358cERQA64EaYpkiZ+Aemqg8GJdk HXwmPOkFTVgJhf7wxLZ2JjzJAG6HrkDyspwSD/oOI20z1DhuS99h46sKJSSl+GDc SSbMdoaVZn0= =v23/ -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 The threat model we're talking about is hostile-server, in addition to our "old friend" man-in-the-middle, right? (Just trying to get my brain straight...) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2cbtOj8TXmm2ggwAQiJww/+PTif29i5UkYuLsrPk6ZZKpMNPOFr7ZYg uWF1otT2VkErPlF3cTLXuV24iKb6vyVJupEvxcTWVXqxiCTPCXIfpk0W4cu9VQ9y rIX7RJfRXInOUgwx7q/YRYbTWNWaPC6ghNf7D4sBKxELdeYU44Cn+x0BY0COYRKa TCj0GnhlBkTzeVEZtj62Be9eDkZuwDmPs66lXCTi+vmzVwX3m3BJQKFwE2SjADNr 0BNUHz2rpoI5a0GQw2crWsiN8YHDGcyC503wboyQDOPa4Ogj2ExMP6XC6xNlJyaB i28sbsz890xHpIZ6THFnl29Zif7u4urseassjd8au9TCcU6dLuAmRe04THAgPC3W f0FVCGjKPXD/IYOm8d1622Co2X6trUyYC1opTZAWRwDf7SMd+9lpxvfSj670uf8v 88ZPmzZgr9t+0bt+j51I64eI/4ONqx6czCYgg1p0BTTQVWAS/H8TxZZBt14soEeM SlvEreUEUaoRJx4J89TqrvlSlfWPIFw/cCzwTh/iCY5E1b84kZ7nvq5xv2T6jiSI O41Ac1cEsdAAV+vxoZQ7QDz9/Rk6eWj8TdUA330NNvb4tpbrVdmTmEngAGMKTONg puhIqjnmau16MpevVOMtZY9rsVDNREe8qKvmWeWg6MJ+stbsSDJWkFP/2xPAufj0 G7ZnGy8jPyU= =UoJs -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin Fick wrote: (snipped a litany of requirements, all of which talking about one-to-one communications) To me, it seems that it'd be better to try to modify something SMTP/POP-like for this, than to modify HTTP for it. It sounds just like what a standalone mail server would be suited to. (Of course, if it's not a hidden service, the SMTP server would have to use a non-default port.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2cdIOj8TXmm2ggwAQh0uA//Rg23MuzjlIDoQqsFwcENyDwiIxMbwJcd iCvcPQsDlqhX6Ap3Hjvp5eEth7aiSS41CpmwpHV86j//5dMIdvYUyhnbaRBVyR5E 77NZTE5PuR7UgxSDdees52Z1voi6tHpN538lehUetgJbt+0Le20fxx8lf37A/K+Z SMEsSXDqWRq37ZJQ4OJmCtFtHSvM0WJ0Q4OugJSaritXkXFM5k9T2z9JQq7jZHaG CwVY/gS3PkzIg3BG3CRUPS0VTzOg1ZzPGCIJffuyNDjJMchTixODbYa0RRZv6g+W fr2l16K32/tvJGxrc/YOsE6TDd8jqDbXmxYi7ELFU9M5Lq0F+rehRKOEwsqBPXWc 58GY12KhpD4+PK4LQwkT+QZaPeCo7G/0rtaQamVYHy5Df5QqQEEPkOG1LgoGhguM 7+p1aRj0A4EibQkgoI32WftoOmEFQ05aXCK41/mUJwoE4kXD9O45dXKXdCdEmzgo HWKWQdrCv5UJlRHFjbRKehc3iMYhTGGcwu+hmUU3T5ntIVvIM6CIumOj1J36piiS RK1GKLE1oB7relDKU2N9isgZoNLxF0YaukNYU/Tlqlo5jvv4n828a1fzcrrNqGqO t55OH6T6ORvkxfq1sOX4mVtjykoYVcXMZ6OZoPmUQoRH4jk5hPmDJHduOkmxJdjS IExC1MWJWc4= =c7v9 -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin Fick wrote: > --- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote: > >> On Mon, Dec 17, 2007 at 09:25:13AM -0800, Martin >> Fick wrote: (snip) >> HTTP is a publishing mechanisim in which you >> usually want people to see it, or restrict >> viewing to a group and is thus centered >> around one to many (or in "web2.0" land >> many to many) communication lines. > > Yes, but I really am just talking about a > more secure version of the one to many > scenario where you don't trust the server! > The many, of course, can always be one. > (snip) This is a good point. Since crypto is being used to enforce access rights, read permissions can be wide open, as can be file creation (but not modify, or delete). Only the intended recipient would be able to read the message, anyway. So, maybe an HTTP-based solution would work, after all... it could be as simple as having a script on the server, which would allow file upload according to the permissions in the previous paragraph. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2celuj8TXmm2ggwAQgb1A//Xj5RhcnmSyJ5WBtx7lSk8hxAFquc4tB7 E0ge/cgHUehfQjGaCxVD6+iOJY9pjBeMZtjzWLbGqhq1t/xVMPKDcuLtyom37Qj3 vhqt96P8JvUL5/WZ2HynhXDL3At+40SB5pyRn7P4PrzaZaqdLYvPn8mu9K7RImAl qJ4IWZjG34gRm1pyQe9yQZwk5wjmdh7riecaruwOnsP3KfE5pdqT7xzt1f47KID1 EEen/WboRyqCnkryYxC8YxwjGmCNgHtzbRstd3UW0jlcqa1BwGAljGJIyNKPA2ep AYdm38BFfCAZjk37uzgygkdqQykk5As4svbXibLbqSa5QWIOU1vxEmMMcqIOaTFK CVAPNPtZoqdxoPCvnugNKE0covfiCDanomexodSvZ/KROFNlBsL33r+gb52Wtobe wfkCNUAsOSf+77Uy9PB6LGperQfp2a5cnAVr6AMXNPono5EA3ruNB6uWGHtOXnB6 4QQ54qaii/D6Ho+EhqKfSGX+IveKBcfDEmpAM/km/jbgFkeLoHFOZHM60Gf2zOLS /g7lteG4W6LvvFLHc/3XKoDtlMyfpeDE4ZxK3lEwMSddV0yzNMFXnNi2t4P4zP/q 6iMmz4SvP1lHeeAPXcp4fQrl8kX42+5R8jA5sRhHa9kOLG4R5Sggu8KonaCO3OoU t9O+awnShjY= =1Kln -END PGP SIGNATURE-
Re: Encrypted Web Pages?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin Fick wrote: (snip) > > Well, I think that is exactly what you will get > if you use pgp or gpg to send an encrypted email > to multiple recipients. > (snip) IIRC, a GPG message in encrypted only once - even if there's multiple recipients. It goes like this: 1.) A random key is generated. 2.) The message is encrypted with that random key, plugged into a symmetric cipher. 3.) That random key is encrypted with the public key of each recipient, and appended to the message itself. So, the recipient would reverse that process: Use their private key to decrypt the random key, and use that in the appropriate symmetric cipher to decrypt the message. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR2cfuej8TXmm2ggwAQhcmg/+OkAyGUcd9+Z/IEZBXKo37aU5417iv6BD 5EhrPpuvENXzNRksgMIrbaLE86LxEc3rMlMEo3hk/fsU8LjmDOFYZiGtNucOmCJs iblhWt9O3RrpehnSGamBrbuwRwp22cJA/jKdCzDX5UINy+8IT2u99ngTCy1SpXpr lqSeRJXFkpjIn4LsFu0lNdAZRDrBo3i38FkNQ/1MR5Ko+OmhsBnMpWoa+EzZD8eq pMyGsRNMAHel+/cHcmcCwZSU884FlO1I5HPPFq5lujFnUW4ZNWi3g//1iTG3FGJI P0cNsLFqdBoUDKRnK+WpD5kqmMd1JMcsgH0oT45RE96MpdjXcKTape52VVEW6FpD aUbX3T7e15iykj0Oqh/qF/jlpq6ex/LLcfeaCsDkJR9D+X3LyfTsn/K8Xf/qrh/x MKLKtDkZen3dmYRvG0JJ3pp9IzRQvyJGeU/d8f8QarUpJ9OEb7luHHnqKZOzT/fw ns6TbnZEJOA9FTFhez9krm2BZ86b+sJiXm0lbRsBQ8oyKS7ZJKdT0uWkm9f2R1cv kevKc6gBdMEVRNVZFFRJ3QoHx/KrpJ3oenqyGg+7EPA4ilNiDDZKKTwirxpN+rbs 8215Gm7q5n9Ob0NbXPxX1XSE0VNBwgezZf3O5xDrFmXNIjUninPqmd5TNGQCwTY+ HERZoDanGpI= =0M1T -END PGP SIGNATURE-
[Part OT] Traffic shaping [Was: another seeming attack on my server's DirPort]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I know on HyperWRT/Thibor, it has QoS functions for port ranges and Ethernet ports. I recently moved "kitsune" to an older machine (still enough for the small amount of bandwidth I'm relaying anyway - and at least it's a dedicated Linux box now!). "Kitsune" got the farthest Ethernet port (#4) on the router's switch for a reason. Why? Because I was able to set port-based QoS on #4 to "Low." Doing that, I've actually been able to turn off manual bandwidth limiting on "kitsune;" I let it do its own estimating, and attempt to carry as much as it can handle. I've had no problem, since my other computers get "first dibs" on bandwidth, so to say. =:o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHaWAkbgkxCAzYBCMRCMGcAJ9BcCI4UYeGJh/H0V2RWCZG9LJBFwCfSjsv hhCt7iBJ20FV25wyt6Y+gGU= =vsww -END PGP SIGNATURE-
Re: another seeming attack on my server's DirPort
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger Dingledine wrote: (snip) > My first guess is that it's a runaway Tor client, or a runaway cache > between the Tor client and you, rather than any intentionally abusive > behavior. (It's amazing what can go wrong on the Internet when you have > enough participants.) True. If you think about it conceptually - that Tor is an extra layer (or two) on top of the normal Internet, with routers of its own - it would very likely be subject to many of the pitfalls of normal routing. And of course, the larger a set of routers gets, the more likely something's going to go wrong. =:o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHaWJ1bgkxCAzYBCMRCKQsAJ0SVy44IwoA4y4MDIW9zKvjOBCD+wCgj+cY 46QfVMxjhfr2t3qp+PMZcPc= =JLQR -END PGP SIGNATURE-
Re: Tor gives "resolve failed" errors even when IP address is supplied
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Roger Dingledine wrote:
> On Mon, Dec 17, 2007 at 02:09:59PM -0800, Jared Hansen wrote:
>> Anyway, I seem to be unable to get any webpages through Tor. I am
>> using privoxy as a SOCK4a proxy to send traffic through Tor, and Tor
>
> Hopefully you mean using privoxy as an http proxy.
(snip)
I think he's referring to how his Privoxy is set to use Tor, as opposed
to how his apps are set to use Privoxy. =:oD
('Cause I doubt he'd be so specific about the SOCKS version, if he were
trying to use Privoxy as a SOCKS proxy. =;o) )
- --
F. Fox: A+, Network+, Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHaWPObgkxCAzYBCMRCKooAJ4mVldz9IZs/aodNOm5Xv+1LuVuYwCfVpOj
Rl6kPJGmXSxb8h6/lizqla4=
=Xsao
-END PGP SIGNATURE-
Re: Please run a bridge relay! (was Re: Tor 0.2.0.13-alpha is out)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ricky Fitz wrote: (snip) >> Bridge relays (or "bridges" for short) are Tor relays that aren't listed >> in the main directory. > > If I am running TOR as a server, and I add the option "bridge relay", > than my server wouldn't be available in the main directory. Doesn't that > necessarrily results in only running a bridge, and not a server any > more, because nobody knows that I am running a server? (snip) What's more, from a theoretical point-of-view, one would need (at least) two public IP addresses to run both a public server, and a bridge server. Since the point of a bridge server is to not have it in the main Tor directory, a server trying to server both functions on a single public IP, would end up blocked by that IP. Of course, this kind of defeats the purpose. =;o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHcFkNbgkxCAzYBCMRCH9NAJ94Em+oxRhjgkK36Tm5GN/mEoDsvACfRpKa BrgYb+JnwQUZlrrSWvG8WKo= =611T -END PGP SIGNATURE-
Re: [OT] more from Cryptome on NSA, Windows firewals, mail services
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Scott Bennett wrote: > The article is at > > http://www.theinquirer.net/gb/inquirer/news/2007/12/20/nsa-0wnz-popular-firewalls > > (Beware of linewrap in URL above.) Because it's from Cryptome, the same folks > who think the NSA controls large banks of IP addresses in places like Red > China, perhaps the article should be taken with a hefty grain of salt. (snip) I've seen this URL floating around in cyberspace, particularly among cipherpunks and hackers. IMO, it's primarily a threat for those who lack common sense - and all the technology or services in the world couldn't protect such people. I'm sorry, but if I'm going to use encryption, digisigs, etc., I want the cryptosystem engine to be on my machine, if at all possible. The less trust I can place in "black boxes" (whether running on third-party servers, or in the form of closed-source/proprietary software running on my machine), the better. (This, BTW, is why I like so many of the basic concepts of Tor - it distributes the total trust for providing a high degree of anonymity among multiple parties.) My US$0.02. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHcFkWbgkxCAzYBCMRCKKqAJ4vmpS3Ynl5dALUyzABdAfSvKXFlwCdHQlQ opuiHk49C4+0UHV4ro1VmcE= =6jrO -END PGP SIGNATURE-
Re: [OT] more from Cryptome on NSA, Windows firewals, mail services
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Scott Bennett wrote: > The article is at > > http://www.theinquirer.net/gb/inquirer/news/2007/12/20/nsa-0wnz-popular-firewalls > > (Beware of linewrap in URL above.) Because it's from Cryptome, the same folks > who think the NSA controls large banks of IP addresses in places like Red > China, perhaps the article should be taken with a hefty grain of salt. (snip) I've seen this URL floating around in cyberspace, particularly among cipherpunks and hackers. IMO, it's primarily a threat for those who lack common sense - and all the technology or services in the world couldn't protect such people. I'm sorry, but if I'm going to use encryption, digisigs, etc., I want the cryptosystem engine to be on my machine, if at all possible. The less trust I can place in "black boxes" (whether running on third-party servers, or in the form of closed-source/proprietary software running on my machine), the better. (This, BTW, is why I like so many of the basic concepts of Tor. While, of course, one must trust others to increase their degree of anonymity, it distributes that trust among multiple parties.) My US$0.02. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHcFkdbgkxCAzYBCMRCLmSAJ0UIGBaOyjQUiWxFdAboQmTemqG7QCffSFE YVskFKiFZZy1OwuxfmVlVak= =ke34 -END PGP SIGNATURE-
Re: Please run a bridge relay! (was Re: Tor 0.2.0.13-alpha is out)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Drake Wilson wrote: > Quoth Andrew Del Vecchio <[EMAIL PROTECTED]>, on 2007-12-23 13:36:45 -0800: >> Roger, I'm good to go except for one thing: The permissions issue with >> the port being 443 (less than 1024). Is there an easy way around this >> without having to create a chroot jail, etc? I'm using the latest Ubuntu >> 7.10. I can change file permissions but I don't want to create a >> security vulnerability. > > The obvious way to handle this, if you have iptables available, is > probably to run the Tor server on some other port (say, 1443) and then > use iptables to redirect incoming connections on port 443 to port 1443 > instead. I actually take both approaches. "Kitsune" (a regular node, not a bridge) listens on a non-privileged port, having my network's public port 443 redirected to that port. I also use northernsecurity.net's Debian scripts, which allow easy chrooting of Tor. =:o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHcFknbgkxCAzYBCMRCBcMAJ0SQ/jHufnhE+CHVGHO7Li8cW53OACdETSE r+8JhtGGU1xfMi981Biksd0= =0v4X -END PGP SIGNATURE-
Kitsune's recent technical difficulties
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 If anyone wants to read, take a look at: http://fenrisfox.livejournal.com/86854.html No need to clutter the list with the full report. =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHcWUzbgkxCAzYBCMRCNuDAJ4vtnSHUAy/TIJjHKuZe3nel6+ndQCfUYLm DEbVrNlroWy0bjy/yLWei9E= =5eZY -END PGP SIGNATURE-
Re: Your computer is too slow to handle this many creation requests!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Olaf Selke wrote: > morphium wrote: >> Tor is only using about 80 MBits, so that aren't even 10% of the Bandwith I >> want to give for tor. > > eeh? Wanna give Tor 800 MBits/s? (snip) 800 *MEGA*bits a second? Holy Jeebus... - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdgyBbgkxCAzYBCMRCOI3AJ9254Lu9qbF08NLh/wWlcrcrvVEpQCcCTSr rSkI/mC0TENumCzXH1HqWTs= =HSvH -END PGP SIGNATURE-
Re: Testing bridge capabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andrew Del Vecchio wrote: > How do I go about > testing my functionality? Also, if I can't use 443, are there other > typically not blocked ports that it would be worth using? AFAIK, Cox doesn't block port 443 - at least not here. I have "kitsune" listening on 443 (via redirect, of course). As far as testing ports (assuming all you want to know is if it's open)... other than having other users Telnet to you, I've used "Shields Up" to see if its listening: http://grc.com - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdg33bgkxCAzYBCMRCK7LAJ96XI1bmJJq7f58rbwzDAmO4SrCtwCfXHGT QP2KZGrqdGflZgqN7fxewmI= =nsyh -END PGP SIGNATURE-
Re: Your computer is too slow to handle this many creation requests!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 morphium wrote: (snip) > Yes, I wanted to use a Server with GBit-Link dedicated for tor. > (When) will multi-cpu-support be implemented? (So that I could provide > at least 320 MBit instead of 80). (snip) I think if you want to do that amount of processing, a Tor server "family" may be in order... you can spread it over multiple machines. You'd have to be sure to put the server handles in the "MyFamily" area of their torrc's; that way it would be declared as a server group operated by a single admin, and not throw up a ton of red flags at the directory authorities... - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdhB8bgkxCAzYBCMRCLOYAJ0W3vDtANLCLlwenl/Oay2uK5FNXQCfaZ+J qcNa8s9nfbvk0w2CY5nVNwk= =CjJU -END PGP SIGNATURE-
Re: Can Tor run WITHOUT Pivoxy ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I tend to use polipo on my machines (physical and virtual), which act as clients. Polipo's optimized support for HTTP 1.1's nifty features are just utter win. =:oD If polipo is as fast as a car, by comparison, Privoxy looks like molasses being poured after idling in a snowbank for eight hours at the South Pole. (Well, maybe that's exaggerating a bit. But like the Gecko says, "You get my point." =:oD ) "Kitsune," on the other hand, has no proxy at all - and its SocksPort is set to zero. No sense in wasting resources on that old dinosaur... =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdhLAbgkxCAzYBCMRCDCdAJ4s8pUTUjeLggmPCTVJ3kVW7SqWsgCghjhB NEJw1UXwy0fKcOpy168KjUY= =Q5o8 -END PGP SIGNATURE-
Re: virtues of middlemen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 blau wrote: (snip) > If you run a service on the public net, say a website, it > makes sense to run a Tor middleman node on the same host. This way users > can reach your service anonymously - without the risks of passing > through an exit relay. (snip) This is something like Noreply's keyserver; it's offered as both a normal site, and as a Tor hidden service. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdxELbgkxCAzYBCMRCDvFAJ4+qRBjxH/RJKkrtZotW3C1D0g5bgCeOc7I NleZPdNhcqd+g0gpHZOkUS0= =mBI8 -END PGP SIGNATURE-
Re: j0ryeqmd
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 scar wrote: > when using IRC over Tor, very often my ident is munged into that string. > once is understandable. the peculiar part is how, if i change Tor circuits > (exit node also) and reconnect, i'm connected with that same ident. it's not > constrained to just one IRC network either: it appears to happen across > various networks. anyone else noticing this? > > what is even more peculiar to me is that this has still happened (at least > once) even when i first connect to an IRC bouncer via SSL connection (using > Tor) and then initiate an insecure connection to an IRC network through the > bouncer. the connection between the bouncer and the IRC network is not > through Tor, just the connection between me and the bouncer and that is via > SSL anyway. > That's rather odd... Dumb question: Have you tried changing your ident by hand? I know it's ridiculously obvious - but that's when I discovered the disconnected power cord. =;o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHdxQ1bgkxCAzYBCMRCMrJAJ9n7BGLeOG5tKc9tLsJ9mnoS1R0jwCePVHv 7uL3LazyfdMwgSy/C5T41uI= =x6Vc -END PGP SIGNATURE-
Re: TOR and non-contineous internet connections
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 9teen wrote: > Georg Sluyterman wrote: (snip) >> Why? > > worst case: you might get your home searched or computers taken away > (for some time). > > At least you may need to write letters again and again explaining to > some officials, that you run a TOR server and hope they believe you. (snip) This is why I chose to forbid exits from "kitsune;" IMO, exit nodes are best left for things like schools, companies, etc. which have the resources to deal with abuse fallout. Such institutions tend to have some sort of legal contact. Let's face it - the cops are unlikely to rush in and seize every computer in a college. However, home users are far easier to steamroll. (Although somewhat unrelated, the idea of someone doing something illegal via some home user's open wireless network came to mind; both that person and a Tor exit node op would be in a similar situation, I think.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHeaBubgkxCAzYBCMRCCYwAJsFLQe7gnDd7gWHr/HzoqEA5ffjYACfTL9I dzoqABIjAJvK56rEwzDTUww= =6eWf -END PGP SIGNATURE-
Darknetting and hidden services [Was: Re: virtues of middlemen]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jo wrote: (snip) > There were/are some sites which I think you could only see from Tor - > Secret Diary, forums, file sharing ... a quick scan of core.onion show > some more that may exist only inside the network. (snip) These are Tor's hidden services: Servers accessible anonymously, where both client and server are unknown to each other. =:o) Since such services are visible only via Tor, they would fall under the darknet definition, I believe. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHeaIrbgkxCAzYBCMRCB09AJ40P0f1rDF3gnNZhfHj4mvE4i1ytQCgiBA/ qOAiuEg9Buh7+KmzCPrDSMw= =r172 -END PGP SIGNATURE-
Re: Passing another,second,individual "torrc" on command line to Tor possible ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ben Stover wrote: > Can I start Tor with a second, individual "torrrc" configuration file? > > In general I want to use the original torrc. But occasionally I want to use > e.g. specific exit nodes. > So I must use a modified torrc. Instead of always having to manually edit the > one and only torrc > I would appreciate to have a second torrc which I can pass to Tor as starting > parameter on command line. Yes. I've done it before in order to launch two instances of Tor, to keep their streams from being correlated. However, it certainly can be done with a single instance. The command line option you want is -f , like this: tor -f [path-to-modified-torrc] =:o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHea49bgkxCAzYBCMRCKZHAJ4w9qP1adfzhaxC89vThcGXlSGGMgCfTsYc N3XUdlD0xH1iapTDz1u3AWE= =kbq8 -END PGP SIGNATURE-
Re: Is there something similar like "Torbutton" FF plugin for the Internet Explorer ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Ben Stover wrote: > Is there something similar like "Torbutton" FF plugin for the Internet > Explorer ? @ pushes his eyeballs back into his head, after they pop out in surprise, and tries not to bust his duodenum laughing @ Please, please, please, avoid using IE to browse over Tor, if at all possible. Better yet, avoid using IE to browse by any method, if at all possible! I still haven't gotten the comparisons of IE to Swiss cheese out of my head yet... - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHea74bgkxCAzYBCMRCK7qAJ4kmngA3lybOiqrkzrN3EGoRWsJGwCeJNaK uMHJJXOtsLpb1qQVVLtvjb4= =5iXx -END PGP SIGNATURE-
Re: Lefkada authority missing certs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Geoffrey Goodell wrote: > On Sun, Dec 30, 2007 at 07:08:24PM -0800, Andrew Del Vecchio wrote: (snipped broken signature header) >> >> here's a new error I've never seen before. It just started this >> afternoon, and I'm using the latest alpha on Ubuntu 7.10: >> >> Dec 30 19:06:39.816 [notice] We're missing a certificate from authority >> lefkada with signing key : >> launching request. >> >> Anyone else had this lately? I think someone wrote to the list with a similar problem a week or two ago - a weird error involving a signing key of all zeroes. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHea96bgkxCAzYBCMRCAxBAJwO0C13dxJrWQi4W8nfa9eEpoTZiACcCufw 1YijMl4OXMtvog1xWNV1DDQ= =OZZH -END PGP SIGNATURE-
Re: Is there something similar like "Torbutton" FF plugin for the Internet Explorer ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kyle Williams wrote: > I have to agree with Ringo on this one. > I have two zero-days for Internet Explorer that can reveal your true IP, > so be safe and don't use it. (snip) And you haven't told Microslop? Billy boy won't be happy about that. =;o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHebGsbgkxCAzYBCMRCK1LAJ0RT3qKMifIEE2RTn1Zcl/Il4f/TQCeJBnd 3j45psLNaEyYfEi+tzQVpAw= =4Jhu -END PGP SIGNATURE-
Re: How to get the smallest OS possible to run Icecat(firefox)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 kazaam wrote: > On Mon, 31 Dec 2007 15:37:01 -0800 > "Kyle Williams" <[EMAIL PROTECTED]> wrote: > >> Like JanusVM? > > No JanusVM gives me an VPN to tunnel through. I wanna have an easy parallel > system. Like using my normal linux system as ever and using my secured one > just for surfing but this really secure. It's not hard to set up the kind of transparently-redirecting VM I think you're describing; I've done it with Fedora 7, but I've never tried to optimize it for size. You'll need: * A development-branch copy of Tor (stable doesn't have the transparent redirection port implemented; * The script and directions on this page: https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy If you do that, though, be very careful with software downloads and updates inside the VM. Anything that's not digitally signed, could potentially be backdoored by an exit node. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHebMabgkxCAzYBCMRCFjOAJ9iOvr+HVYgltx9wmfpghn9/So+2gCffLmk XHz64+xqwuOsGe6vwhaftb8= =nzIO -END PGP SIGNATURE-
[Long!] Re: Darknetting and hidden services [Was: Re: virtues of middlemen]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jo wrote: > On 01/01/2008, F. Fox <[EMAIL PROTECTED]> wrote: >> These are Tor's hidden services: Servers accessible anonymously, where >> both client and server are unknown to each other. =:o) >> >> Since such services are visible only via Tor, they would fall under the >> darknet definition, I believe. >> > > This is what I was getting at ... just didn't say it right :( > It's okay. =:o) After all, the hidden service side of things is quite a bit more obscure than the (likely) most common use of Tor - an anonymity layer and inherent outproxy to the normal Web. (About that anonymity layer... Although I've never seen it formally described as such, I could see it being considered as a separate logic layer in the TCP/IP stack, since it is such a general-use TCP conduit. It'd look something like this: * [Application] | [Anonymity] | [Transport] | [Internet] | [Network Access] * Just for kicks...) > I have often wondered just how big the network could get, and what > impact this has on the Internet. There are many Internet resources > that will always be needed - e.g. email will need to be accessible > from / routed to Tor; Google, Wikipedia, Universities, etc are not > going to be replicated, ... > > At the moment the rest of the Internet can ignore Tor (except for > those who want to block it) but - if big enough - one could imagine > the need for ubiquitous gateway services to allow simple > (transparent?) access to resources within the network. > If it became mainstream and massive, yes. However, I don't have much hope for that, if history is a guide for the most likely development of the future [1]. Such a ubiquitous deployment will most likely (though sadly) remain the "wet dream" of hackers, civil libertarians, crypto-anarchists, and cipherpunks. The network has - though far from ubiquitous - grown quite a bit over the few years. Around 2005, the paper "Low-Cost Traffic Analysis of Tor"[2] mentioned there being around 50 Tor nodes; IIRC, that's mushroomed to around 1,600. (I suppose that such a mushrooming effect could cause someone to look Tor through another historical POV, though - that of the Internet itself. It did something similar... =:oD ) [1]: This is one reason why I try to study as much history as I can, BTW; many mistakes are made in the present, which could have been avoided if the one who made them had learned about certain aspects of the past. [2]: http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf > Of course it has to get big enough first. PGP is still struggling (I > don't even have a signing key for this email address) and services > such as Usenet which were huge in their time are now rapidly being > replaced. (This one really irks me - a fantastic idea with some basic > privacy elements built in, being replaced by lesser technologies). > SSL, OTOH, has become pretty much mainstream and is still developing > ... the challenge to be able to grow Tor will be to do the same - make > it mainstream. > True, it's a shame some of these things aren't more mainstream. That thing about Usenet also strikes a chord with me; when a technology with many years of history behind it ends up circling the drain, it's just sad. Old doesn't always mean inferior, or even obsolete/superceded; a good example are the Unices, which started way back in the 1970s (IIRC). Sure, things have changed a lot since then, but the basic model is still there. The core of the Net runs on it (and if more of the users did, we might not have half the bedlam going on right now! =xoD ). > Of course to become mainstream it needs to be REAL easy. And if Tor > gets to the point where it is so simple that you don't really need to > understand it, there is a distinct possibility that many of the > benefits may no longer be realised (how do you know you've got a > secure, private connection if you don't understand WHY it is secure > and private - particularly what *isn't* provided). (snip) This is one reason why malicious Tor exit nodes and scripts/applets/etc. on servers have had such success in de-masking Tor users - it's not a silver bullet. Users have to configure their applications carefully, as well as be careful what they let pass through Tor (either explicitly entered, or implicitly leaked). As it stands right now, Tor is for people who have a decent knowledge of how to secure themselves - and I don't see that changing anytime soon. I'm glad to see the warnings that have been put on the front page of the Tor Project site - but the fact remains, sheep will be sheep. Not everyone will pay attention to it - and they very well could suffer the con
Re: Is there something similar like "Torbutton" FF plugin for the Internet Explorer ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Fabian Keil wrote: (snip) > Note that nowadays the Torbutton extension is also supposed > to protect you against some JavaScript-based attacks. > Privoxy doesn't do that. (snip) AFAIK, folks will want the development-branch of Torbutton if they want the shiny JavaScript-hooking and other nice privacy-enhancing features. I don't think the stable-branch has it yet. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHepcXbgkxCAzYBCMRCCTPAJ9SFH+ZSoZ+E8b+DpNg7kjEbDhk3gCfW1sV uTGSY7sSGaj+VaVIByj0QE0= =99yR -END PGP SIGNATURE-
Re: Google becomes usefull for us again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [I was going to leave your quoted message in... but my Lord, is your monitor as wide as a football field?! =xoD ] Sadly, my experience with Google offering CAPTCHAs, is that it's hit-and-miss; sometimes they'll give a CAPTCHA, more often they won't. Yahoo, up until recently, didn't seem to pull this nonsense; recently, though, I finally got a query returned in a Google-esque manner. I suppose if they can't log the source, they don't want it. Maybe they don't get all the ad money they want, from kludging people's life stories together? =:oD (I still have a bad taste in my mouth from the AOL Search fiasco; in fact, that was one of the original reasons why I became a vehement proponent of Tor, spreading the word OFF- as well as online.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHepkrbgkxCAzYBCMRCFxlAJsEoifyRhF6GWP+ursqujRMEn9xBwCfYAE0 rGjNr7NskZRH6vyuOn7qhWc= =0eXY -END PGP SIGNATURE-
Re: We're missing a certificate from authority lefkada with signing key 0000000000000000000000000000000000000000: launching request.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andrew Del Vecchio wrote: > I've been having this for a few days now as well. I'm in the western US > if that helps at all... > But Tor has no geography! =;o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHepnWbgkxCAzYBCMRCAdoAJ9aev3TrVhj1hBXi5h4uJvAcvO6kQCfTSY3 xmvStcz0KNDv3STTWPYUM24= =1puP -END PGP SIGNATURE-
Re: Google becomes usefull for us again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alexander W. Janssen wrote: > F. Fox schrieb: >> [I was going to leave your quoted message in... but my Lord, is your >> monitor as wide as a football field?! =xoD ] > > Since you're using Icedove, a little hint: If you go to the "Edit"-menu, > you'll find a nice "rewrap message" function... :-) (snip) LOL, thank you. =:o) That will come in handy in the future... I can't get over how wide that message was, though; usually, things are too *narrow* to be efficient for this monitor. It's a 1280x768 LCD panel... =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHeqG/bgkxCAzYBCMRCEmyAJ9Y34bbf6A6VwijVzePWwW2VfronQCdF/55 pTOHEktNlxGbD8db+71L5nw= =NyRm -END PGP SIGNATURE-
Re: Google becomes usefull for us again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andraž 'ruskie' Levstik wrote: (snip) > Hmm why not just use http://www.scroogle.org > > That's what I use... the power of google but without all it's badness :) > Hmm, privacy-protecting measures, and SSL support - win! =:o) The SSL thing is especially good, since SSL (as long as the user pays attention to any certificate warnings) protects against exit node shenanigans. =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHfYHMbgkxCAzYBCMRCBRSAJ4ukOdnDpqHjp0HKSEyNMD5H3tglgCfRb3h FOdOVjnLiXVQdZZTa089dKI= =/mAa -END PGP SIGNATURE-
Re: Your computer is too slow to handle this many creation requests!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 coderman wrote: > On Jan 2, 2008 2:10 PM, Eugen Leitl <[EMAIL PROTECTED]> wrote: >> ... >> Don't tell me AES is the bottleneck on a Padlock system. VIA C7 >> can process way more AES blocks than the (typically crappy) NIC >> can handle. > > compression (zlib) is the Tor bottleneck on a 1.5Ghz C7. (snip) I find it amusing that compression would be more CPU-intensive than encryption, given the complexity of recent ciphers. =:o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHfYOCbgkxCAzYBCMRCEaEAJ9ypJedr4DelKo4kJZ17IiBsOa92QCfcK/W Egs6rx/9ylwc8P15Qycnp7Y= =c1Kz -END PGP SIGNATURE-
Re: [OT] more from Cryptome on NSA, Windows firewals, mail services
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Eugene Y. Vasserman wrote: (snip) > Personally (and god help me), I believe Microsoft when they say the key > is not a key back door key. If it was, I wonder if they would name it > "NSA". Or is that what they want us to think? :) (snip) If the key really had something to do with the U.S. NSA or another equally cloak-and-dagger-type organization, believe me, they wouldn't be dumb enough to call it "NSAKey." They'd probably give it either a totally innocuous name, or something that sounds warm and fuzzy... Make it sound like they're gaining security from it. People seem to be willing to sell their souls for "security" *coughchoke*bull*chokechokecough*... - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHfYRTbgkxCAzYBCMRCD4PAJ0Z37D4Igcpesuh/Iv8hiY8rfotKACfYusk pYEUoTEpzcJJ0sckVjU5aHc= =WBBC -END PGP SIGNATURE-
Re: shinjiru closed exit node acceptnolimits
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sorry to hear about your problems; sad to see such a node go. If you find another provider, it'll be great when you return; if you don't, thank you for your contribution to Tor. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHfYYCbgkxCAzYBCMRCGInAKCBE7tc3HFPYL824d/gbSSUeuAigACggywp HA86gu30eKbxPRU5pJp6Aa4= =BTlP -END PGP SIGNATURE-
Re: What to do at IP number change?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] wrote: (snip) | | it's because a moving target is harder to hit; it's more safe to | change the IP number often. Another point is that states like germany | do like IP numbers so much that they do data retention and therefore | i give them what they want - many IP numbers ;-) ~From a purely theoretical idea, I can see why you're doing this; however, it's very bad for the people who are routing their data through your node. Every time the IP changes - or the relay even goes down and up (instead of doing a -SIGHUP) - it breaks all the circuits running through your node. If security is a big concern - and you have a dedicated machine for running Tor (which is a must, if you're paranoid about it) - you should set up a DMZ. Oh, and as far as the German data retention law, that doesn't take effect until next year - and I don't know if it's even been passed. (snip) |>> Tor will detect it and republish his server descriptor with the |>> new IP in it. |>> |> That is true iff the Address line in torrc contains a host+domain |> name, not an IP address, and the name server data base in question |> has been updated to reflect the changed address. | | So i should use a DynDNS host+domain name? | (snip) You could, but a better way is to comment out the address line entirely. This will cause Tor's IP detection to be fully automatic. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHgtx3bgkxCAzYBCMRCK2eAJwIkK+JLNAYC13iHM6UUaBBSZU/VwCdGsf1 FDOc3WdxyZoCBfxhIegYiNk= =uK8f -END PGP SIGNATURE-
Re: What to do at IP number change?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Olaf Selke wrote: | Hans Schnehl wrote: (snip) | yes, they can't! At least for an exit gateway they receive | potentially tons of abuse complaints. Very true. This is one reason why I suggest only organizations (as opposed to residential users) - who have the money, manpower, and other resources to deal with legal issues - allow exits from any node they run. As far as a middleman node, I would think that the more bandwidth it relays, the more likely it is to be noticed; it probably wouldn't draw too much attention on a large ISP other than its bandwidth use. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHgt18bgkxCAzYBCMRCCKcAJ9GfqJKaw+gs4lidyqckj+JmU5o2QCeO2w5 KJ75dVJzRof/NPg1dv3FXIk= =RlkQ -END PGP SIGNATURE-
Re: What to do at IP number change?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] wrote: (snip) | i got only a snail mail with a complaint about much spam, because i started with no closed port. | Since i closed port 25 i had no complaint since more than a year :-) | And with the proxy chaining of port 80 it should be fine for the next years. (snip) Odd; the default exit policy nowadays doesn't allow port 25 exits, specifically to prevent Torland from become Spamland. I don't know that it was back a year or two ago, though... - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHgt9PbgkxCAzYBCMRCBUfAJ9KpmW4kAUbh/EV/Ayhqx7QVj8GcACfXGwq 3pJO2e84jbmyZEW6CoNpsL0= =RAUy -END PGP SIGNATURE-
Re: SORBS vs Tor and the world
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 TOR-Admin (gpfTOR1) wrote: (snip) | I changed the ExitPolicity of my node and it was delisted half a year | ago. The ports 465 and 587 were open since Dez. 2007 and SORBS did | not list my server again. So it *is* selective, and not carte blanche? Encrypted and authenticated SMTP (as used on Google, through port 587) are an example of a *good* way to use email through Tor. :-) I just hope they don't start requiring widgets to sign up... - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHguAZbgkxCAzYBCMRCMxWAJ4obyJ8nnTUWGr0bZQZ62PE+CE1KwCfX63X R1hG2p94o/uBIMlNPqss/dE= =3i3c -END PGP SIGNATURE-
Re: Restrict relay to internet2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nathaniel Fairfield wrote: | Folks, | | I run a tor relay node (no exits) on my school's network. Due to their | bandwidth policy, I have to limit traffic to about 1 Gb per day. Weak, | I know. Weak? Not really. I'm sure home users don't contribute too much, either - - and every little bit helps. :-) | | HOWEVER, my school is also connected to the Abilene/Internet2 backbone, | and they DON'T limit bandwidth usage over Internet2! (snip) I'd check into whether Internet2 has policies relating to how it's used, first... I get the impression it's a research network mainly at universities. If that's the case, they may not want people fooling with it casually. However, I could be wrong. Another thing: How would the PKI work over Internet2? AFAIK, Tor needs to be able to talk to an authoritative directory server; also, the directory it gets would be full of Internet1 (as I'll refer to the "normal" Internet here) nodes. Clearly, an entirely new PKI would have to be set up, via forcing options in copies of Tor (including, among other things, forcing a few copies into authoritative directory mode). It would be an interesting project, but it would take quite a bit of work. One thing to remember is, even if Internet2 gets its own Tor PKI, Tor needs a decent userbase in order to provide a respectable degree of anonymity (and preferably a distributed geography, including as many foreign jurisdictions as possible). Could you get enough Tor users on Internet2? Remember, anonymity loves company. Interesting "pet project" idea, though... :-D - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHguMAbgkxCAzYBCMRCEI7AJ0UIkMGMlUeZfqo8jP2+F/mllQg0wCfU4lL a7fSJpfeYwQFNgBtLczLmU4= =Y/9Z -END PGP SIGNATURE-
Re: What to do at IP number change?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] wrote: (snip) |> Very true. This is one reason why I suggest only organizations (as |> opposed to residential users) - who have the money, manpower, and other |> resources to deal with legal issues - allow exits from any node they run. | | I think that's a bad idea because many people think that you can identify a person | by using the IP number and i don't want to support that myth. If everyone would | use tor, the only sure thing about IP numbers and identification would be that if you | find an IP number in an log file, you can be sure that this person (the one who pays | for that internet access) was NOT there! | Another point is that without a tor server my home would be vulnerable to traffic | analysis and a further point is that a tor server is more safe than only a client. (snip) Running a middleman node can provide some level of plausible deniability, since all strongly encrypted traffic basically looks a pseudorandom stream. However, running an exit node can bring quite a bit of liability. Even if it's technically legal, it takes forever to get it cleared up; a home user would likely get all of their equipment seized for quite some time. Also, it's easier to steamroll a home user legally. Therefore, I think it's quite unwise for home users to allow exits, at least at the present time. This is just my opinion, though - and the one I choose to use in the running of Kitsune-OR. If others want to take the risk, they're welcome to; YMMV. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHhY8ebgkxCAzYBCMRCGXWAJ9dlbNc21xwsn6XFhDRCdiNjcNoJgCfenh5 7RVqZKLZReA3uh+kQe5fCm0= =am+X -END PGP SIGNATURE-
Kitsune-OR downtime public log
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 For anyone interested: http://fenrisfox.livejournal.com/89256.html Anonymous commenting allowed, of course. =;o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFHhY+RbgkxCAzYBCMRCPCsAJj96P9bZEfRfDhuwp+ShY17WlWRAJ9DeJEn JE9YDB3eFuqJ9y3INYgpyA== =lnFh -END PGP SIGNATURE-
Re: What to do at IP number change?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Roger Dingledine wrote: (snip) | Even if you hup your Tor rather than restarting it, you're still killing | all the circuits going through you... (snip) I didn't know this; since I'm using Kitsune-OR experimentally in part, I've SIGHUP'ed it quite often after tweaking it. I thought that SIGHUP didn't harm circuits like a restart obviously would, but I guess I was wrong. I'll need to keep this in mind - thank you, Roger. =:o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHhZF1bgkxCAzYBCMRCPg4AJ9XTLmARqdb2nmtuCUyeYH0y23cGQCeOiqz 8jZ6ybZGZ0kIybdtdKjNaTA= =ly1m -END PGP SIGNATURE-
Re: virtues of middlemen
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jan Reister wrote: (snip) | No, in blau's case it's just a normal site, reachable with an end-to-end | tor circuit. If you're talking about the Noreply.org keyserver - which I'm not sure of - then indeed, it has a hidden service gateway. Check the Hidden Wiki. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHhZQMbgkxCAzYBCMRCL/3AJ9+WWxr9JjgJ9b/f8i6Q01IwfK00ACffShf 0KXel/jHXhAoqdx+wD/GLtE= =9LaN -END PGP SIGNATURE-
Re: Restrict relay to internet2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Peter Palfrader wrote: (snip) | You are right, currently Tor requires each node be able to talk to every | other node. For servers there is no way to say they only want to talk | to some other servers. | | Also, you can't configure different bandwidth limits based on | destination or source IP address, AS, or AS path, and I doubt that will | be added any time soon. (snip) There might be a way - create a separate autonomous Tor network on I2. However, I don't know if it'd be practical, or if it would potentially cause problems for I1's Tor (which would suck majorly!). - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHhZSybgkxCAzYBCMRCBcsAJ9J5GKojctQL+UcRaOfoiWRDKFguwCfTZpj oL4BxoVNzEZyMwrbfSVypyA= =led7 -END PGP SIGNATURE-
Re: Input required on Secure Wiki project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Heavy redundancy, geographic distribution, and some censorship-resistant features would certainly be nice. However, don't take this the wrong way, but... in my mind, "wiki" and "security" are oxymoronic concepts. Maybe it could be done with, as you said, public-key authentication; however, it would have to have a moderated membership. If signups were automatic, random/disposable keys could be used to raise hell. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR4wZwuj8TXmm2ggwAQjOrw/+M4dZgt+E6aRsCzzdyQzPydD4xiOYqtWz EIBAvS7YZ0gujWhDQEL9HVGZ3NDx5nnsxduXqt9GVbttIqKwz8AwcJJOTr8jZrzZ U5FNBrmQD9vz0+t8HyRh88y3rQAwFBA1e36ZGBzDLU8gUqBHQ2PFAXOcJkQe2Zsi 4thLQVPZQHpyAomDJ8sntQI4IhDkAC27b8S0teMvBrbqI5dExQZ+4sndd+WEfj1m nk7iKwcbTJtZc1f+wWgIqqyXyADgfd9bc7rvSc2PkikUmH6jrKmAe+VY5l2a1IEE 8zFiwswEp83B3fcKC8dBj1/jqs2CaQZfzF5EV6keIFgYc+1TIISuYHNLcBjGYsOo MrfKdp8nbFPsP54175Y8UbyS88gP6z5p/YrRo9HMh0QNyL7KlmG9pwAE5jAmJV0m gE367+HuMEinbcdWS1ABc62ffAmx1P3b6i1Ag5m+n2HCYMEGPad6PcBDG/JE/bGB W9boA/WZ8N3DWmH/zS1q9LiG5IrnA3RTbN9pQLPrDHWTTLHY4VEjk5Z265mhtvek ysRvLiNBAkLo2Zkg2SuQx+X836GiS0zXAIxZdEMWZsaVyO8XjYXtuESe/CxY0kTE ND0b/cgxu3Q8e7IG6XT1XBA6sh/jvpuvOqVU0zxbRxNWEdBM/C6bAwoMB6FlrDYz XTXJmeNsKC8= =q+GX -END PGP SIGNATURE-
Re: Input required on Secure Wiki project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin Fick wrote: (snip) > Somewhere in tor land I read about a project which > would do much of what you describe, but I can't > remember what it was called. It used regular accounts > on various services, free email accounts, open wikis, > newsgroups, freenet... to store encrypted data so that > no one would even know what was stored in these > accounts and it automatically made these copies > redundant. The data was only accessible to those with > the proper keys (a lot like in "The Lodging of > Wayfearing Men"). Anyone recall the name of the > system that I am referring to? (snip) I believe you're referring to Syndie: http://syndie.i2p.net Syndie seems to be associated with the I2P project, although as you say, it uses many systems for its storage and transport. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR4wa9uj8TXmm2ggwAQiUTQ//Vh5+5zZ2S9BkMldnDbZYoXKDDE6aaTI8 YLDrxA5EASFoXDx+5Y/K68pANUMZNZdP4vKjaPbDWTLjwFQuRkEswxcuA7IO36WJ zMfDMsyvB5GXZypTw6piPzCrFjNHyfbD1y2a+nRE78Vy8G+N+HeEDgEMRN1e6Xqa 9ULNobE0KEX26bQqblPGwC7lXUb44E0cB/EmZ1gGGYLkw/qc+Axjfw9czhQQaO3E tI36wGzRoJoIEBm5VzYXuGruM2hCAgFVoLbJRm7twLlpG+d2QiEIuHhULlXTFt+I z/e5x0P8JOc71tdJ0Bqw2Yj1grMNKbOCZHCbpQ/oInTVScFeLT6LdxcRpH/lkRRH TXidJSlRaojqiSrp52M67pjEh94WsATvj7feOghUfaUVqJ6z+XGYv1vkH757mJjZ H2Wa1iUafVoh6qZGwiBjs5GhTdcfv1rr2pjQk7CSC9WlSzrTp7oWt+2G+cHmp+Hv zLcGRAQa5wNuIU6lucviFClXkRuVxJ4vexkW+jRLDmJYXSpb9ES4wxe75X1D1+q1 qMLfbLu91FH9E6Tq8033XFDpKw1qYevYLbG4fpIykrXbpRuvnQNWrCciOs9zOekZ tu+k9dX2Yv10I5GRwGDqYim8DAnPLI4T9ccWjo4SgL3jpFdY78+1mAyoL37IsUWk yQthmZXvnuU= =QFgu -END PGP SIGNATURE-
Re: Input required on Secure Wiki project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 孙超 wrote: > Is there any censorship of internet in your country? otherwise you need > not use tor. (snip) *Need?* Maybe not, at least to hide from the government (so far...). Maybe from corporate monitoring, profiling, etc., though. *Want?* Heck yes! I want my tinfoil tools! =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR41Oaej8TXmm2ggwAQiMkxAAgGOn/SjpsPJenzJYrOirR24M7c3BqkES 8kFLuaqW4GH1Xf9slYKNOpKmD1J1xyd0qNlQhMXTGbkLVQOA3+k68n2Hv7mSfWfD +B9KKXPP4QWGad2bM0U7jk+HoY213nn6nmhlMH92aHtrJV9StYskkYu4E19D/d0x oFNqpCb+jVidHgadhkGpyAJIXjm8dOwb+VmOqo3RwaIXdZNMU5Vexsng+ieBxW26 UDXecESwjVriJAygAvp2bQrAIx0DErhOG+V0AnHB7kyJGg022QaWPJ6z/IWclQZc EwvTjO59DT98LXg9xy0BQZGmhNmkIvLwlNzR19fjaYNt6kccijjGWwzlAQZw/vw5 mPpoyZfM5pII+X1UhkFMf7oTMbEhiGszEj6lYlnL16q3rSq+cZvNcuHhunzbxicB 1vbQvMMtK63gqA4e4oCTymY++It9P+TDjVsgY/wkzq9AnV2LPSkKfNnEqLlq5mC3 /hdpq5r9AsfACOmT4UC/SO8iZlAZubYLd6TyyoGZkGj6bot4n4zQ2T7Pzqx3Njp5 Fu5gKaRaZJ4MKcufGugX0qP0cJkESZ1/nAbYscwX/rNzAm+Q8lL2stpLcc+q4RdO 5GcQScSacP7DUjTfRA+snd91JYGqLmziNHCtc6qbd/T32nDpVEQaRxSNm9GnBmUV Tymb9SCl+oQ= =fdCj -END PGP SIGNATURE-
Re: Input required on Secure Wiki project
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin Fick wrote: (snip) > Afterall, a true criminal is not going use his own > IP! (snip) A black-hat wardriver comes to mind here: 1.) Randomize MAC. 2.) Find an open WLAN in another neighborhood. 3.) ??? 4.) Profit! 5.) Drive away. 6.) Randomize MAC again. 7.) Find an open WLAN in another neighborhood. 8.) ??? 9.) Moar profit! =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR4/GJOj8TXmm2ggwAQjf+A//TcV2nIcgex+sojhVWNZQtn61zP14PsCB jyQaUFmX/YCO1MNI5iVyT+qGF4/MOb3D8d2Cva1U2E/vqkIqlV5sDsX4SVnWG8q/ 2uiBzqzJJXNxwCxN2CgtvnJ9DnjlrF2LPlnpfF43g6ty+KiKCbudENDV6yzSXMcn 2NrFPPUGx5Q/w4/pzfCHgfLSkAtK5XmDU2roDytfRRwyQale/9CJ1zgs0cGGABoB 9NO4rM4KG2Ot47lbAp+a1VOv0mLhx2DlM80koFJoaK0IlDOHD1JIEfrZikco44oV 9lnDh4uH3kuXIX/b6TKmZFTuHWC8YMHNegnGxjpzmQEei/5uZ1dc07Y0eDtLK8wi NVvHVC1c3cW2AR1Hy0orbQDWIyT/QXOLULY0EqVufLzWLaLs6LuQGyvPYliiB9lb GDcHPvNCBCdnA8zz6abf7FWER5efMLaHqiBqSzlkuAkohLp1XM9nTxMGlx7SDP++ CW79P+sruZxjlo6bSG66tU+XJRArkEJQvw7KSwnpVI6uSP+qevgQ/iNK5Gn8M8Vp 13rtOMTzKtJQjPnMdwBTx0bDWvnR0UGyN9j6KT4NmqOA2DdcDO2A7ZBaSFNAmZDr WUcPcXaAfGQw1BNq/PLq6ZJoBISkHM02YTQlsvIdFVfKMfxlguoup6+6R7mwqbvB A7ol5xPzeBE= =ZVBM -END PGP SIGNATURE-
Re: Hostname
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Khaled Moussa wrote: | Is there a way for hiding the IP of host and ISP name from Tor network | and TorStatus for security reasons? | Clients do not show up in TorStatus, that's for servers; however, an observer could tell you're connecting to the Tor network. They could not, however, tell what you're doing through your connection to the Tor network (that's the whole idea). Servers cannot hide from the Tor network or TorStatus, with the exception of the bridge servers mentioned by Hans Schnehl (these are not listed in TorStatus, but can be determined by looking at your connection). - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHlovrbgkxCAzYBCMRCFxhAJ9uNry5zIAFwqFJajGboBpUDMMHsQCfZNWx ORDAodC9A9sJDjAYyDRkavM= =k1G7 -END PGP SIGNATURE-
Re: Hostname
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] wrote: > Hi, > > it's possible to use e. g. an open WLAN from a neighbor for your > TOR server and in most countries that's be legal, e. g. in > Germany. (snip) For the record: I'm not going to get involved in the subject of legality/ethics of using open WLANs; it's a long-time and well-known ethical and philosophical minefield that causes massive flamefests. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR5fMA+j8TXmm2ggwAQjU6w/8CQTmU7gWalCW6sRIhIfN6qD/oTRMpJeY TDs2SdDkwKFwqKy1Gwxk7OYqoDSInof14u13TBjbVVycHNFVshLNa14RX3xxIug8 XcMX9PMXEseCNtGr+VTJrEtuVBPcbX9oy9N6QHIBAF43yhp+XAcFOdL+PcWm/UDV hALXI4yZ8YCi8bqp3lmyDh9cb5ZiQPAxjmMVTt/jiRj1oSOEcpWWQ39Lu/xG+zus ZkoKKNfbGBdhPObViiI/Me6YCjESVinWHSPYZuH/L6bc5rZMr7t0xuLFn/FYl3T4 G79dcrS1Re4nUOdRL9k+R6W3VrkeUShvp93iHERyypN8GwznT/125bnKsPn55XRJ n9RcL7yV2aSEKdUuuiY5hOaTmNOV3f8LqQAUsHYmJihxicSROiQ7nmcomKB9OY8f DIl/5u0Oyg43Nvb/DWQJOzA+SAU91UZshjSxHDHtBuYx8c7Cow+Sa+2bRXfdLw5R tg5aDjSgtVulZOa7avDWKxjJRX+LllgenL+qBFokBneglW5iZKXquTbcNeKL2OxU EC1oeDD/PVQMUdHtRWwi/hzGMY1coqS7YPWk7pJF1u9pDHVFTHF1GathYVypr5pX ZSP41TBNlQLYUvLLO3GlkTY6pCy5hsDT4y2FcrBLg9Sf4xGOxFcUQIjbjyEohMoc 6bZ72yPeSEg= =qTAn -END PGP SIGNATURE-
Re: Child pornography blocking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Nils Vogels wrote: (snip) | * Who would be the authority to decide what goes in the list and what | doesn't? (snip) Moreover, who could be such an authority, without risking serious felony jailtime? - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmS/ebgkxCAzYBCMRCEnPAJoDDjrOeY65oQ4Saifv69WX5sSrMwCfbKIG sDs0mf4w9NZI4WO4kmnaV/8= =0XQQ -END PGP SIGNATURE-
Re: Child pornography blocking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Paul Henning wrote: (snip) | Kraktus: Disable Tor if you don't like the Wild West it was meant to be. (snip) Heh, this reminds me of a joke from a while back: WWW doesn't mean World Wide Web. It means Wild Wild West. =xoD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmTEubgkxCAzYBCMRCOPdAJ4l5An+tWA4ZUbm0otW6h8CcdvB0gCeLU7i 9C+lfTf1lFdo8qOJXZZ/xmQ= =+7wU -END PGP SIGNATURE-
Re: Child pornography blocking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Karsten N. wrote: (snip) | Child porn is very very bad, but is it not a task for tor, to remove | this kind of stuff. If someone would to do something against this | stuff, please help the justice. (snip) If he wants to find a place to help: http://www.perverted-justice.com - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmTGTbgkxCAzYBCMRCLWQAJ4tm6KAdgKtNSPwrG7HhuVxBhc36ACfZE7Z EsWwdJUdkkd3heaXszdsK4U= =JF7N -END PGP SIGNATURE-
Re: Child pornography blocking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Oh, for the love of God, no! My position: 1.) Filters don't work; ask any teenager. 2.) I loathe filters of any kind, purely on principle; once you start filtering for one thing, filtering for others becomes an easier jump. 3.) If filtering is done on anything other than port numbers (which have no connection to content, per se), I think it could open up node operators to legal liability. 4.) I'm very, very leery about the whole buzz about child porn and pedophiles in general; like terrorism, I worry about it become a carte blanche to destroy civil liberties. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmS2hbgkxCAzYBCMRCPW3AJ4ra/vxGHBC1RtAbyfZmeRfawMcEwCeO37N Q71POFM0s40EsgGpTKlwiXg= =vMBb -END PGP SIGNATURE-
Re: Child pornography blocking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Gregory Maxwell wrote: (snip) | I'd also argue that the ability of people to use tor to access those | kinds of sites is actually beneficial. It allows private individuals | to seek them out in order to report them with reduced risk of being | mistakenly identified as a pervert themselves. Tor also enables law | enforcement to evade blocks of obvious law enforcement IP space and | potentially penetrate deep into underground groups creating and | circulating the stuff. (snip) You know, I never thought of this before... Interesting point. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHmWtQbgkxCAzYBCMRCNoXAJ0QdIIH7UiKjg8rX9CtPZtMPs5S0gCfcdvZ 66nRSn6ZHhnTSqAR22VGamY= =3IAI -END PGP SIGNATURE-
Re: Child pornography blocking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kraktus wrote: > On 25/01/2008, Eugen Leitl <[EMAIL PROTECTED]> wrote: >>> I just want to know if there is a technically feasible way of >> Use your brain. Packets have no EVIL bit to test for. > > I'm pretty sure my suggestion is better than an RFC April Fools' Joke. > Hehe, I like that: RFC for the EVIL bit. Designed to stop all manner of online crime. =xoD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR5pn1ej8TXmm2ggwAQikuA//UlDlTwIEljIj45gAvNqoC0DFxEfn70P1 Vto1hZxK8o+fgLj7lHXmGvpGO3CPgsxHtFNoJfumjh+Y3taRyEjY8165aoA/tNW7 M2KYRTeABVR9q0jggYPUhRLMnKDJvmT0LnlgLO0tbtDjfag6F8/if4T2hyZwjLru SBYOmliR6LIp+gxSKSiDCM5u98JHVkhZXfZJQO1JElcVUoMtWXlRcb5BpOM5fPU8 qUCbPetk9bJ+AEqWyacNnn4CoOOz0MjhpvQC2NaofV1LcQwD4GdRshhtbmniJ7uw rqgrvqEcaq5S5AqL0rJfYhlq3ZwWsjRUYdW4wzvL+JeyPBy5FhH7YcCDplqw6wlr SGdgTZQkUDDgxYwHhkDFDbniaWgILo33bIyS2EJjvM6Se/oh5whcf/ZPo3apwau2 gktKmCzPDdjw320JFyoLn4Lc3hOn6P/eJgDMTfle5K6mrcXxotAKU33YMAliEg7z OGNoxThWuqYJZUBADVJ3nq9oWUby4LjIw4OYttS/aDRAFHbuS1sGMFUuGLTWxqkN byhssiEHhHVTFDy6dBbLHwQv69bUv7SnbTcQfVyAGo+k66a8PREUmXTW0Un7fGCF 0V7aJg/vYqIPYQP20K1nfW44FpzixDzfWGCZjk5zoBEUAQPxgjUr6tlE2lhUb5xz r5H002IVPZM= =s0xk -END PGP SIGNATURE-
Re: Child pornography blocking again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kraktus wrote: > On 25/01/2008, F. Fox <[EMAIL PROTECTED]> wrote: >> Kraktus wrote: >>> On 25/01/2008, Eugen Leitl <[EMAIL PROTECTED]> wrote: >>>>> I just want to know if there is a technically feasible way of >>>> Use your brain. Packets have no EVIL bit to test for. >>> I'm pretty sure my suggestion is better than an RFC April Fools' Joke. >> Hehe, I like that: RFC for the EVIL bit. Designed to stop all manner of >> online crime. =xoD > > Really, if I'd known my message was going to evoke this sort of response, > I'd have entitled it 'Directory-distributed variables for exit lists'. > Oh come on... you can't tell me you didn't get a chuckle at the idea of an EVIL bit. =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR5urduj8TXmm2ggwAQiN2RAAk0IIwS4G3tRq1vw7+TRTX80RYKYBiZnC 7U6vpUXZoqKAe5Jl41N9/KIPVwPwU7txpN+GkBBXb1oEszi4/qv0rI0M8b7vNv7G 7zHAr0SMQLA9WbnCjsoPR9f9AIDZkgFYZni9Zd+NaZSYV/j82czEkhsyOwh3CoQM vJMel24qWUpIdkvqxo0rKwFSUlWwfZf1KJeqtWqy7Jko3/5qL+uTNRYkVtyavDP5 I25bfrTxJbzIQUUvGVCv5ZGPpXjB1h+wcmUjyAQ53AV9xfDB1+4PytE6eJsHvJ5/ PC6uASiJ8gnmxk4F0o3m5SF7yhb1nxa5Y7bF+mw5I7B24huSMWWZoCuwqv7FYUqf 5gN4dRegx9xKJS/pPGasEPHM/X1waoY8e3Z1yNX6/7aQUJ4nOKt0Ke2BA88cNtcV OjaBFbELXVM7nvqrpMPOKGXZYOu23J4USwRMvKnOgjtWZkPwJ+T4TFGGp9FF6l2+ Vy9DEIEX6/TSN8AryRbn0S17+TPcVn29XsJhjJlpkEqeelomh/FiiU8GnM5mbWkS DcqEaq0Ba4LcXIeHD/odRxEKHiTcWRNUFQ0t2sVrLnyhY6dTkiXpUfsFoINqNghV 2InGHSW3Nu08T/69oLuyZnkaIeakiQoQ8wY9KVzG1SznhEX0ID2DV/z2XqVor8fx pify9TFWsNk= =aQ46 -END PGP SIGNATURE-
Re: Tor operator raided in Finland
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 maillist wrote: (snip) > They took all my computers and tried > to take my UPS before I convinced them that it's not a computer. No offense, but... LMAO! That's just sad; they can't tell a computer from a UPS... ** In any case, I'm sorry to hear this. I offer you my condolences, prayers, and moral support; unfortunately, I'm afraid that's all I can offer. (This, BTW, is exactly why I run my node as middleman-only; it's just too risky for a home user, IMO.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR5utBuj8TXmm2ggwAQgMHA/9G4bZmGH0oWy803CGeNA5SiouIRx4sUiB ih4Ulw/H7T6KjEJE67WcVf0eLL4O93TrcymNCH8o+TLELsI4PLZjsTGJOJN35/8n wz2iwp+q6LEOLbpnaQW8EoMTNOQcOXplpVIa6v4Bkpxezmb6KPmw6uWqkXWPWON8 3/gVcmv4zu31Si0oOLLIWg7xeN/q9z0H5j4AHYZEV7YWW5U/WikzAAYBt4K9Qy5/ 9CBYwUzqSqEyevafEFktc5xmQ8bMj+n5vT9C5eRcC76dKNeWP0PQOonAphlJbKAw Mi+GUd3ZhR4mmOfQFze3pnbIZ2DALvs3yRAB7gLfiSV1I2pNY+A6tSKT/2t6N85q bsS4janubXc5AjYztU6cJCC0bmKegX+jAINrm8GO68pzuo89mMP3dmcyLvxc7lq9 qGpMOLpIhjRIakhc67mb+H3j0ZSSULtrKQhSDIDRRDuG9mfY3mH1fEqv4K+5XPz3 MJSH4GQHDcbDHtomXebHMoSL6Nc+Io908VuBTZvi5TuJE5l2ybYjECv943yaThQb //KZQj/OLrYh5TEZfPSSF6kCU25gzpe46bTC0r7uT6h16NJMgsmd37kJMGnuIT/y 3gNrOn+32jJNgcOaRG21T8T05PNT3tS8KM7fLPNkdTwDAqhsyK86sPcP9jmFGy/j MdnfV4CbvRM= =Exo9 -END PGP SIGNATURE-
Scripted exclusion of nodes? [Was: How to remove some useless nodes]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kraktus wrote: > You can add > ExcludeNodes NodeName1, NodeName2 > to your torrc, where the NodeName1, etc. are the names of Chinese exit > nodes that you are aware of. However, you much disallow each Chinese > node separately; you can't exclude by country. (snip) Sadly, China's government would likely spend the resources to constantly "randomize" their nodes, one way or the other. Perhaps a script (set as a cron job?) could be used to find Chinese nodes in the Tor directory on a regular basis, update the ExcludeNodes section of the torrc, and do a "sudo killall -s SIGHUP tor" to load it. I'll have to think it over... perhaps I could use it to get some scripting practice? =;o) (Do note that this is UNIX-centric; if you're using Vidalia [as the original poster said], I don't think it would be that easy.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54k/ej8TXmm2ggwAQjm+BAAlUJyyj8yDbcN35wFxdmG4eVp0wrsCpSK 84ZdDcZJI3DbTCOH8Utok5caPKoDnorM5y+Vm1IM7xLf6fS+iY8X5dBF1Bg+9Yk2 sClrPRpqVxj6PNmbvMUG7HIrreXcYlTGX/yzy9zpx2afuxt15JVDinT6mN8xSAwa 41Jpbywh0EEKFitZcLYmpxoW2sXDZi1iAA69JXQ5btj+HIBmn8ayZ6JSXWU4ynn1 bEXz7MIO2ZOYrQSHJPChRwYJnQG75cUZWGoFv6u0oTIWBh2n3FsboVHWdZOU7mBK DQ7O0WffwI3ZvzQp9Pr77Y/s+RGgJB6ORUm3oVxz4TteEGyz7f3NJT5LHoNYwsi7 3XDaTvpM+zsfV7Jw9h4vLHvJ93l9AKkKn+W+MnHfmQAju3jmPQ0wK5MA+6nDUqCi h0S/UAV8tQu7NIlRqWaVVMRejmIixnd5xPgwtJKaj7FPuZovMF3VqpsnSAeFEti+ eheOp8Pc25wmblkqV5MZHLECiBaOgSjVVkH1foY920CTHw0rPvqyPXjQVPFlJmq4 LBb/tqR6hjmm7+tH2FMaPmc18T253a8hhMUEINqF8uiZoOqTYLc28TjJOmXcG7H1 7sWEyx6QxL2FwHPExYVW+e4Qy40QDTeAP3WC71itmTIsUX/XIqrb0E84is8CVxng ckubjQ74+CQ= =1amc -END PGP SIGNATURE-
Re: Tor operator raided in Finland
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] wrote: (snip) > If someone would ask me for a password, i would spam, tell wrong > passwords, to waste his time, which could be used to ask others for > passwords ;-) (snip) If the authorities tried to get encryption passphrases out of me - and I didn't want them to have them - I would go for the "I forgot" alternative. They are pretty huge, after all. I just don't trust the state of the law, as for trying to group not divulging passphrases with the 5th Amendment and similar laws. There's a good chance, IMO, it'll end up being put with the 4th and not the 5th, unfortunately. My passphrasses are humongous, so it's quite plausible that they could be forgotten. It's happened before... - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54iCOj8TXmm2ggwAQi2Iw/+LfTccCAbJhyqSgQZa1Ea9UGkFkzuxJK/ h6kvYzSrPGww0UKQi2l+g6XHsQTqqG5jrz3NcwYDWCj9unsVLrPDmWXBYey5USjC c7/BDLFrO3+J0DU4BSZyWCQVdYvYez5Z9VfRsHvG+bj4w8kmkSww2o+4Ol1lnup3 P7Ab47ybdHmb7bLF6u8KcdvxHXSaXPS/MKjJSsJCf0WdF/c1gwweUgU6R9+NnsgH gmRDfFFLEwCADDSOjuOrIBfLX/HteVft9C+EdPPBa7QvoOAZxf+iIIIZTzwVjrhc R6Tbwj0vdrDgpTbDqea6qcq77C/wuzEMZgfN1geI7QzbcMJK1ey7S/HgQb8ZunYe ekjTu5E146KfF8tWxTXp3StBjH3ic3j7gg8nLI9PIq+1GFWyDKAPafnB3GZ33Qca LU/ZD/J4Eziyx8T4Lv9TVZ5+QCoqNSj4518oEOFAxwumamWyHTn9bqa6Sxb8CACL AwTy51EFWdy0BpTBMQ5apt4iFm+DJIvbZ2qYR2lwiNg5xJJAdCCk0RmQDzXAgTA2 mNMODavHOX9nya0jaRHitA3hkauISNa+oKBqY3sjCHXt36I3yuatxlSOQ37s2Ox0 moMU/gEftYdYOx6PV5rHfwdwVGFpRj6glBNEkcHkTru7GxHjaCyVB+OpQ1ausv3P xZA4qCkZiwQ= =ikEI -END PGP SIGNATURE-
Re: How to remove some useless nodes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 孙超 wrote: > We in China use tor mainly for avoiding Great Fire Wall, which is a very > strong internet censorship software operated by the government. So, if > linkage with nodes within China is completely useless for us to break > the censorship. Usually, we can cut off such connection in tor's graphic > window vidalia manually, but it very bothering, we must keep an eye on > whether there is linkage within China. I wonder if there is some way to > remove nodes located in China. Although I'm not in a country like China, nor do I know a solution, do know that I support any effort which makes Tor a better tool for circumventing the Great Firewall. The ability to exclude nodes by [approximate] geography would be a nice feature; taking a look at TorStatus, I notice that the nodes (including my own) are already identified with their country of origin. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54gS+j8TXmm2ggwAQiVpRAAvk36odM1GPfOiHQ7bAyzaly4IFyqogDB 79BtSzPKwLBCJR0hU/vmgOJHYxw3x+hAki6Q6rYFFk3MWO1m1e6u+vTgTc1L4EO1 rzuZSW/Q3+W1g9ynSeqwupgi30OL5wnOQMl8LhgSm9uVqnHa22F91fviOapbC9Na +G+y4HFdNyvLMY2rAc9FGOHXlWHldZpV16jf2BFhe6M4t6uYUpXIaR6NZ7ssuciO XeIiWjAxMo/7aGt1ps2QwaEpCi3DsDE/gCKZaJ4j80Mq5Obd5kOKlovuxlRualeq nCEJn8DS9R35mLmoH6UVZe9agJ8vyq3HRl4iqox7fVTqLliLrA5aK7orI9mrjFbs E2Ml/0C3p0rhSzUxSzrys0yY04DrKdQE4T30vVAP+A9fdXkBWGboB+rgW1ZyvzTZ Vk/o5uSYjf0sEymkNXJjC2CpuTc2DjfLL+hBNQB1ReQEmRUglce11RHw6ObTPy5P 7z/K7NOiRFIOApxwil1mgXQrnK49gOExxgZHLTdoBYLLQwA+7ZzkVbmTOPLAAe9k pxtCwvvOvf61zEKVPRFVUpWWa5n2rTAUDQN8ZjvpR+KIOXz1Hhf0TM21aUqzresF 92FC8ZDf5O7aCySpnsEAv0ITGyrSmEAdwXCs4YeC5fySiLi90q4g/N5LTqpdtizN vE+0g5zk63M= =S5FI -END PGP SIGNATURE-
Re: [OT] NSA to spy on rest of government, launch counterattacks at crackers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Scott Bennett wrote: > Although this is off topic, it is closely related to the interests of > many on the list: > > http://www.theregister.co.uk/2008/01/27/bush_nsa_internal/ (snip) I don't think I really need to mention how high a degree of f---ed up-ness this notion presents, given the general mindset of people who subscribe to this list. I do find the part about "cyberwar" interesting, though - indeed, what *would* the rules of such a "conflict" be? It reminds me of some of the stuff out of the Matrix... hackers casing damage by manipulating the code of the Matrix, Machines moving in and out of everything... It sounds almost as cool, as does scary. =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54w+uj8TXmm2ggwAQh7Yw/9HGSGaVVz2xfrSTiBFG1IuDQ3TJazzFCI sllV8kwnTaGI3R18osERD31lnpTNEsEL2zcY+wapQI7rKOV0XI/0925XYuwZzqcH 2/fAYbscq/dZXzHigult31gsabsBa/4fop5/3TydRenjJXbcGD5nwp2zoz3wRGK2 6l/7N2mqKB5bhRG+tC7A0GEs7GmEZo3osybwM/ipn/1AczkvkNSzIuQwkl4ksA2Z BtxM0ttICTY/1pN2ZaPOgJlSJWREdZxzbrA3i+tv8F28e0kllyCD4L8Ivyni4gD3 7nTB9vQi+vDZ82MCoa+MJPTPN6sdyXKw7wz/TlYxKQjd10L9EHxcEz/CHQzrqn9b ILeClE5izbVSWtatDLP+TdYkmXaoyA/5JWzEAti1fbdK8VDHC0nR5kaMglp2kr+7 XW7BSBCDiDaCSvrq0uXW/8ikemlC7SB8K/1VSZM4Slku7svOLhT7HLysPyWGGNFV HgNHR1bIUxxjrF7tpPODYY2+r6k+TS1ktm7oLUIbCzxzJkyfthddZ67zpOuugDV0 nrqaxe0FY4Q9PXebY3Uni2rUsGZFPpOioPbQ43AtevorE5mkhPX3E32KH9/mKXj6 Y8lP/L3jdTRg9Jd1CA0troSql6ggQYewAHqabAS7GkD65r4zqBlJIsOj9EgPfPYP 5Zs4K8bXB8Y= =YT3d -END PGP SIGNATURE-
Re: How does tor encrypt my data?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 孙超 wrote: (snip) > We know that there is an entrance node and an exit node in a path, > cleartext is sent out from the exit node to the destination that we are > aimed at. If so, my original cleartext could be revealed to the exit > node? If my data is encrypted on my PC by the tor I runned, how does the > exit node decrypt the ciphered text? How does it get the decrypt key? > You should read the Tor FAQ; these questions are answered there: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-75d5f6d474527a80fc370d208252b4dfd2ea2efd I will answer the most important one in short here, though: Unless you're using something that provides end-to-end encryption (HTTPS, encrypting email with PGP/GPG, using SSH for logging into things, etc.), exit nodes can - and have been known to - spy on cleartext. They can also alter things being passed through; this is how Torment and similar tools attempt to "demask" those who haven't properly secured their browser. > Another question is what kind of cryptology algorithm tor uses, RSA? or > others? A bit about the public-key side of Tor: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#head-808ed17a2519e7851b33bcc620b67b97cac76511 I do know that AES is used on the symmetric-key side (although I don't know what key length is used). - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54vp+j8TXmm2ggwAQgc/A//UiAnqn45VEan0ucqmP5YhkvNr2vsph4D TO2fG38VBlSDXiHnMqYJ49eWxPj0SqlbCvLpxyJkgPpXAmXgN6QtrPN7WmlVCWmX qvoC14K8n8dbV00A/VL+1pbxA40OeLR8MKi4dABqA0422V2Ig+zj695bKECjrBWv aPWB99JktAaKAl4I4xTNDDe2mXz4Sc6zb4IkgwGmDJIkQzxvEoo2E7CUPDEhlEM8 DUKRHFyYySu7IT4wgKWluP0TWBHmhBofW0WEAH93usfjqom2atxe92Xn2aNldze5 LIAtuN1bHpq0kw7NGXqBX//mx3n7/lPis+vTRoEPWzR5w791hoE9Lrq20lGZYQfa jCwV8rpZxPWbb+y0qlDx9HwSslBgzozJaR7E4x3vLkz1ysVHm0AdY+0IudhYR+Qf m9jInj0Exg4vR/QThwbhQrqaMyijxxcA55Jd+3M++CWknUnxzEyot0pwVkXEvTNZ FoH91TocOO6suOlPWI36SuX8mlsdsky7BUh0O7FlEwfBRpPT2H6+TPrqNWB/6lzO +M1RB5kPamQa+9fhuMw32J/dxNzcR2n0SETND5d0nIzgu/zDL5T9d6RKGlySp9XY HJ1HX2W3XWvkeo/56NJigiCcgxYkocUe2b7unfNnh4BUUvk/YmqNBnGQE0J8dRqZ MX7aflbz49I= =W3nX -END PGP SIGNATURE-
Ethical considerations about parent proxies for Tor exit nodes [Was: Tor operator raided in Finland]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [EMAIL PROTECTED] wrote: > Hi, > >> Sometimes, when a Tor user does something illegal with Tor, the exit >> node operator of the exit node the Tor user was using is blamed. > > if you use a transparent proxy plus a provider proxy as parent proxy > for your TOR server, you can simply avoid that ;-) (snip) While that's a wonderful solution from a practical standpoint, I'm sure it's going to bother some people on an ethical one. Three things to consider: 1.) What kind of parent proxy is being used? Is it a misconfigured system, or deliberately left open? 2.) Basically, all this does is make the parent proxy admin take the fall, instead of you; that in itself may cause ethical problems with some people. 3.) Also, if it's a misconfigured machine, they may not even realize they could get in trouble; at least Tor node admins know what they're providing, and are likely to take proactive steps in protecting their privacy and legal situation. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR54m/+j8TXmm2ggwAQixoA/+PFhVgncQQcOnPCg3GVO8e5yD/2CtaYNz tLAc9uGSLbqlJY+zg5JlU0RxEbP1MCNNHo+NnXyLq/Q3B+10bqzkhk9+j9YKTTYK 0anZAcEBVT2VxbKPHxtd8GdTsubHd1QnAfMuRDD9YN0RLfwsAhJZXS/tmSShtc/y 3wN7RYeFoVf18cmBUaBhXmeeIDnad/7O04Wu+2BQoiNXcwtmxIN7AAPCH0xsu5Ro nyqt6S4aCq1P4QtRL3cOyh2acDWoKDpsRpEN52oQ8WGewAz3Cxjle6itThVdVxZZ j1DuQK/v09Yghv1JfByzgjzivOTtECXMC1EeVQ9PM4XoYwKj2ef4y1F/GB/BOnVq d6FAtArlnt3LOkEzXwxVa7MR0bjrd6WEtmjUqS1cq0IIMkca3VPkmG+fUgm0n0Hm yJNBvRRmEsrAQt8ck9QyGl5SoQRF3/IdSz9kO9WeOHbS7QBh+RYqW5XFNi+9WRRB Ytz5SF2CJtr3Ch9Tys80K2Ptp9WJEMa9Ix4A0qVIgTT7Th1clO7uCiFYVaW/Wds8 te3YY4fW9As5ThjJWsNRs4JMvOPJZdxqn7r+Tc1yAglF1ll6dhhRpBEW9ipDPzdp M+puNSBOyde4vxmITkOo/HmDDa9zhkIkBr6w/O5E6UHyqQXzeUCZ+AcgknHDqcxW ZGq0uU9WRmM= =HFeF -END PGP SIGNATURE-
Re: Can nickname be duplicate?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Florian Reitmeir wrote: (snip) > FAQ: > https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ > "4.10. Can I control what nodes I use for entry/exit?" > ... We don't actually recommend you use these for normal use -- you get the > best security that Tor can provide when you leave the route selection to > Tor ... (snip) I seriously question this - at least in the context of evading totalitarian censorship technology. I think in such a situation, one would want to exclude nodes from their own country; at the very least, they'd want to exclude such exit nodes. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR6DQI+j8TXmm2ggwAQhgMQ//RMXRtbdXQ4Ekh6XdojQtnKQfUVuW+mwD IjPJAlGG53e+PrIa3RWChQ2GXWWnQMJHhyaSypTdNSwjAwEpSvo3ABsvsQWLpWoN gqrYklkjgc4d5D5o/z35EOIhrwBIoOi7Niq8oSUOylviYRwD6kKXDlFxOmPKiY5F M6+BSNFRoRlaYS8JulcHJ26x7RgCkbOJllNKB6Zk3Kun024/hoS/k1J9t5T/rqVx B4nN1ZGthHXBJMryQImSlMMUgdYo9yirnZUbIWWjcgqpuRtk6NIWwJQf4X1X6fqg hXoVd6iEG/+dzkO4pKawnc00wc+dUVlTO9UijAHWars7NRiGch9ZG+409Yr/Yf3q T/U/aqUE2L6lnTK8JeiZ8i9xdN/g5GluGRlxKPCBQ4YcZU+i5fYP9D8T7gx/ZAEo 3zr264IzOoGnMPPLrgSlSJiR7cX6MpLkylTWqlezkqxZgc2UlblD6Yh0LdFDYx0w EjKCrArhsYM4Zr9Gl98wCUiE1nD/V4Js/0pM3ZoBq4U15eJfp+tRRRXEVi3yS1TR arZLu+Hc9+JS7YQzN2W1N82nUc/oOdp70Z5ntFcxQX4Gy6bZuI77ZE7sMF7AlTiw 6Ua5q6Pmo/6EmM5ObMKVOoN/zBtgNG8JfwFwFRerkneog5b3n3JAdMzp7Bqjr+Tx V6xSEm5O7Hk= =FVfB -END PGP SIGNATURE-
Re: Question about some files' function in tor????
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jackie schrieb: (snip) >(My OS is windows vista)... (snip) If at all possible, I'd suggest switching to a UNIX-type OS, like Linux or one of the BSDs. There are many concerns over security and any version of Windows - particularly where a security breach could cost you your life. Also, a UNIX-type OS would allow some advanced options to help protect you, like transparent proxying of all traffic (an option which seems VERY attractive in a totalitarian regime). This can act as a safety net; your computer can't determine its true IP, and anything which tries to reveal your identity by circumventing the normal proxy settings, would "get caught" by the transparent proxy, or dropped. For more info, see: https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR6DRu+j8TXmm2ggwAQiOHA//ZSRybmHuFbfQObxz5kOujMvmRiDLXQEQ CBzQ/snL95WK4ee6CTuHQ2CPwcB39YkmT6rd0yyLRLAXtgwupZmYjl1w3XE5IJ+h 55q5JJLCD7/RIC73f7kqtZugrJt2xIqHxWajQWtNyFUEwGzlpkgnJnTlz8HE7HMx G1QTTxKQ5AMO0UQkbnMisPiUdb+ZvAOVigegYDPlol3Gj29a2siQScq0tZH80ayX PvijfVfrN0bOgCTXApuWpO0DAQyAhvTKpUt9Sxd+6EN62ps8o00AFS0pQVZfKN+I s1AaNqc0/4ikncMksNuGSrfm/963sL012efJGISRIB8c+WbAiqLiiZ1GjzzEicqQ rXlW2CpAVsQxsWAwchJar0ZtO2h6gPY+IUHQqcKrBVkLRg+AaSYGP2JU7UV4Zvsw AUrPGkchMAfuUjfmE+IkMTi5ETiS/N5hvC3f+rkTrn6yCDKN3rHacYg086kAAH4o YvM0S0vTxKifty2HDewY806mbZNpxw2dU+4v4ZCKTknnLhnvNaIbCGH4rjJugOXr xytVcf/i3CDvvbF+rqMf5E7KmPlX4RPgpXjQySZAO4mSQdP13cdSbzwWyyiWx+Bx UTi6OJRVOOu1YB489lPTWkW2d/ORziaoLLnVuE7h9U277Imkr+1/20IO+mjltP8B Y/6lrL1inHE= =EPIy -END PGP SIGNATURE-
Re: Can nickname be duplicate?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jon McLachlan wrote: (much snippage) >> Part of what makes Tor anonymous is a that it has a large # of relays >> that may or may not be supporting any particular anonymous stream. When >> one indefinitely restricts, for instance, the exit relays (or entry >> relays) that one uses to construct anonymous tunnels, then this does >> hurt one's anonymity simply because the "cloud" of used relays of what >> it could have been, is reduced to less than what it could have been. >> This is of course assuming that the trust of any particular relay is >> uniformly distributed over all relays... so, of course if there's a >> totalitarian censorship somewhere, then yeah, don't trust those >> relays... otherwise... might not be in the best interest of anonymity... > I think in such a situation, one would want to exclude nodes from their > own country; at the very least, they'd want to exclude such exit nodes. > All things being equal, I agree: The larger the potential cloud, the higher the degree of anonymity. Certainly, restricting the node pool isn't something that should be done unnecessarily. However, in a totalitarian situation, it's wise to make the trade-off of "shallowing" the node pool, to gain the much larger benefit of greatly reducing the chance of the government censoring the exit - or worse, breaking your anonymity. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR6DvVej8TXmm2ggwAQhDvBAAwU2kTO/02yObdTvzo9f3FqR4ANCeC7sm pO3EaSxF/eSQ7G8FKMOxRVFVGXCBrzWpW009WFpRcybEg6IPAm+b9AL8GT3M79Qy zD20qX/wXBdSnhhz8pRdMlUAx9M6SfiLS/DCBHCIrBtwE8wU2u87P6xZSU2mIuMW yPQA2mZDqVyj/yBOEb9ZKC6G6d/MkmMpSAi0MM3+nAqSbZpYOV276eXuuVR8GAe7 m0CzkWTIYqkgN63N5kqhiPkqGCTfHK+hdruJ7q2i90elLBckK+sa+CP/X5vttNlq GgLP09gQ2P3l6kRG8e8xtP/K+ZeBGrdpK4uQ0IEuDzVd4zgkebvYXtDcVYrvAnCY ghoxHOOub/TaNaJeFLZpecXRkG02YIghlvCqkyhpXTqkVXrIj7fr+ZR3q6lWz+wn e6BvLY2kfij1dpE+eVuvxEgXEdq06w8bSXtF5EIlKA4YTNDuuTzTf9+Gc41N3I15 vLbb6Dq7PKVXAvcnSoMewZ5FQCHvSUhkZUsRmyEFzbJHyLxSKqT/svabhDTvyfgl LUe7+St5ci73LnCL06vseDB5MGQXWw3egwIJWFjO0j7oIKspg7PNmtHmvfpjGNL1 CUuQfWJEvye5hz1pHfqa+JZOZ8tVQDrBwRDh97i6lOeH6uxCeuca81evaMQYXb3Q +x80NHIBcRQ= =wYpl -END PGP SIGNATURE-
Hypothetical: Totalitarian regimes & virtual servers abroad?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've been thinking about the recent threads involving our recent contributor from China, and the idea of excluding nodes by country - in this case, excluding Chinese nodes, for the purposes of circumventing the Great Firewall. However, such an approach relies on the ability to tie an IP address to geography. This led me to something that while simple, could break this entire approach: What if the Chinese government were to open virtual server accounts in other countries? Assuming they had massive connectivity (which some locations do - there's such a place near me, which hosts among other things, Google), malicious Tor nodes could be run on them. Since excluding by geography would be useless, they'd only need to sit back and wait. Any thoughts? - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR6DxcOj8TXmm2ggwAQi/QxAAuUhgsUcV44HyhpRNfJF1kbM6iFVPHmmd FtWYqnPCDoc7qMnA/BFXYxjDply1WbWIanVoMDY8Cg7pw5F7prktGq8H4aYeHxc7 meoNEef35PP6qzLpe59uv25C6b6I4S8V1BBRVlZsVbElMGUMRClFbWndWNjStLue TnwSZq2sVu0wB6iVtB4UhTkqvAFAcXSwYxP1+kKHCd/PLE3Hpwi5jEFmtw+2H+Vf 19HmUvbNqKnuBHHeX178EBqW78+bVst1phm4lI745YViWTb7I/4DgTS0+WqAo0x/ e1g9vsHJQoTiEWg/+8sprBtLhIR2HE+PobTce+3nEvjb7SfdBUVwspG1hemqDDpE NLNWAsAzMFYnAdmEMfEEHCVf7BoFXVqkqs5KMKxsWE0X4+6QbXLxR+PS9b4Ev/1Q PsE8HVO43jxS0/alMGUFWqwTdbFn/qNqK1GKGMEYecFukZSNwViFeA5ufkSPdVHS N/EK0ILedcA8XYRRBttJRlPzYGSI0EuD3XBuc4sK0QtzB/IYCh71RyJn1KDdk8Um HUkw0aLS5+b/Ok9ULxWsWQpjsjRdeWp2ZPsym/5UQcWSoE+rqEDQE4OKaSeDVFbx fWLYZ4OQUwDX/OI0pSsEW2dVDc3Zr51vF3VapC+GuM/IID2WOEwbB9nzcVIlcGIg 2FXBdN/b9H0= =Y74V -END PGP SIGNATURE-
Re: 答复: Can nickname be duplicate?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jackie wrote: (snip) | The solution is a proxy without fixed IP and can also encrypt data, Tor is a | good tool! But we just need such a proxy, thus so many relays is not needed, | and such relays will slow down the speed of communication. | | So, my idea is to find a way to get rid of relays, what I need is just exit | nodes abroad my country and other totalitarian governed regions, I've found | that generally one circuit contains three nodes when tor is used to browse | website, that is to say my data is encrypted for three times. In fact, to | me, one exit node with a high bandwidth abroad is enough. (snip) It sounds like what you're looking for, is an encrypted proxy - a simple, one-hop proxy that you can browse through using HTTPS, but where it comes out the "far end" unencrypted. I know such proxies exist; however, I know very little else. Maybe someone else here can help? - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHom86bgkxCAzYBCMRCNudAJ0bEYFcOH66eJeMzWl6fOcwJ5TnhQCeODJY FQ5TCvw+143RGG+QCRrSzi8= =uKYE -END PGP SIGNATURE-
Re: How does tor identify router nodes?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jackie wrote: (snip) | If | I add "ExcludeNodes unnamed" to my torrc, which node on earth would be | excluded ??? My guess is that all the nodes named "unnamed" would be excluded. IMO, it's just plain lazy for them to have set it up like that; but nicknames are not unique. As another person said earlier, only the cryptographic fingerprint of a node is. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHom+7bgkxCAzYBCMRCN8oAJ47lLkrWljNUldnbQOFUs2BFSfgUwCeNWtk A+nqapUIXBk7ifrJ55PZXRo= =/uxg -END PGP SIGNATURE-
Re: About WLAN and monitoring..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 algenon flower wrote: | I run a Tor client on a laptop at easy to access pub wifi access points. | What I need to know is, assuming I have disallowed file sharing, ect | what info could a wifi host be able to access on my computer? I have | heard they could only log my MAC address, the unique code identifying my | wifi card. Is more available to an attacker? (snip) I've also used Tor for this purpose, as long as I'm not doing personal stuff (or only encrypted personal stuff) through it (otherwise, there's the risk of exit eavesdropping problems). AFAIK, the only other piece of info that'd be available, is they could determine that you're using Tor. Tor should obscure everything else. =:o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHonDbbgkxCAzYBCMRCM78AJwOZ1IBKUTVzt+85uaoqMb3ZE3DAQCeIaL4 +eTGUNbuP1E+oJ3axSVHOhY= =E1fe -END PGP SIGNATURE-
Re: One hop proxy [Re: Can nickname be duplicate?]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pei Hanru wrote: (snip) |> Of course what I have said above does not necessarily fit every |> country. In |> my country, as long as you do not spread out those banned information, |> the |> police would not bother you just for the reason that you browse them |> personally. | | I'm also from China, haven't investigated such "browsing unsuitable | material but not spreading" issue you described. How do you draw the | above conclusion? Is it written somewhere? (snip) If true, it would seem that they're more interested in preventing news from the inside from getting out, than information from the outside getting in. I would think either one would be a "threat," from a totalitarian's POV. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHoncgbgkxCAzYBCMRCNg1AJ994LYektTAxi7TqCYC8F4V8xm7IQCeOXug kFyJ0ULjWzUROXDe/C5q5iw= =rKrD -END PGP SIGNATURE-
Re: About WLAN and monitoring..
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Michael Holstein wrote: (snip) | So could your web-based email if you've EVER used it from an | identifiable location. (snip) I think he's looking at an observer from the local network as a threat model. If so, such an adversary wouldn't have the benefit of knowing what accounts are being accessed via the Web, if they go over Tor (only an agent of the company who runs the mail service, or law enforcement would have that benefit). Of course, this opens up a whole new can of worms; AFAIK, Gmail is the only major Webmail provider that can be used via SSL on the Web interface (by starting the session with an HTTPS URL, i.e., https://mail.google.com ; if you don't, it'll switch to SSL only for the ~ login, but actually transmit the subsequent pages [and the email they contain] in cleartext). (If you've used the account outside of Tor before, Gmail would - of course - know your identity; however, an observer on the local WLAN would not. Also, since actions over the lifetime of a circuit [~10min] can be potentially linked [from what I've read], you'd want to get a new nym after you're done with Gmail. On *nix, this can be done with a SIGHUP; on Windows, one way is to stop and start Tor via Vidalia.) So unless you're using that one - or using something else to protect your content - my hypothesis in the first paragraph is not a good one to use in practice. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHonnWbgkxCAzYBCMRCNOuAKCEZ6+x1axYmgjoojuU6TnxpmbxdwCdFqnc DBHLYxGG6sCHmnUbieI0OL4= =klPc -END PGP SIGNATURE-
Speeding up Tor [sorry for the new thread]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [Sorry for opening a new thread; I deleted the message this would have been a reply to, before I really read things through.] Someone earlier posted a link to a page with some torrc options, meant to speed up Tor: http://www.blackhatworld.com/blackhat-seo/black-hat-tools/3349-speeding-up-tor.html I just wanted to say, that I've used a similar set of options for quite some time. It's nothing new; in fact, it's listed in the Tor wiki. I personally believe that they do help to speed up browsing through Tor; however, this is purely subjective. I've done no benchmarking. Tor itself seems to have sped up for browsing quite a bit, in my experience, over the past year or so on its own; I suspect this has to do with more relays coming online. =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHontCbgkxCAzYBCMRCAe/AKCG5YDeaT3cTxpfh6X+SoGNvpAR9QCcCRwz m64hC6bF+CIHx+HXPWi63U0= =vZVz -END PGP SIGNATURE-
Re: 答复: Hypothetical: Totalitarian reg imes & virtual servers abroad?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jackie wrote: | First. It is completely impossible for Chinese government to setup | censorship system out of its territory, especially in a democratic country. But they could set up some rogue exit nodes, hoping to do traitor tracing on misconfigured clients. Just because someone *should* have a secure setup, doesn't mean they do. I'm sure many attackers would use this to their advantage. | If they were to do this, it would not only be against the law of country in | which their censor system located, but also seriously destroy their | reputation. (snip) 1.) Why would they care if it broke another country's laws? It's near impossible to enforce laws across sovereign borders, when it comes down to it. 2.) Their reputation has already been destroyed in democratic nations. =;o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHopIIbgkxCAzYBCMRCAkAAJoDsrfE1IvnjPis8eoydy3AVLutfgCfUyXo klSbIMasPVadwrQfEwJPGQY= =r0d5 -END PGP SIGNATURE-
Re: One hop proxy [Re: Can nickname be duplicate?]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jackie wrote: (snip) | My opinion is that to let people use | their Tor more freely, for example, they can free to choose number of | hops (snip) This has been brought up before, and AFAIK, it's a closed subject - the circuit length is hard-coded at 3 hops. End of story. - -- F. Fox: A+, Network+, Security+ Owner of Tor node "kitsune" http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHoqQVbgkxCAzYBCMRCPy6AKCRTgca80MnjomRJz1Fjm0YUcGVBgCfRJfm yZO8U/sXZJY0PzcvpBy8lws= =Yt38 -END PGP SIGNATURE-
