What does bandwidth mean in cached-routers?
When looking at network maps in Vidalia, we can see the bandwidth of the router denoted as 1286KB/s. But when looking up corresponding records in the cached-routers located in tor data directory, it reads in the form of bandwidth 1024000 2048000 1316902. What does it mean? Does it have any relation with 1286KB/s? Another question about the bandwidth of circuits: I see routers in a circuit having different bandwidth, from xxKB/s to KB/s. Is the bandwidth of the circuit as a whole determined by the router with the lowest bandwidth? For example: a circuit containing 3 nodes whose bandwidth are 4328, 4317, 327KB/s respectively. Can we say that the bandwidth of this circuit is 327KB/s? By adding ExcludeNodes to torrc to remove low-bandwidth routers, can we speed up tor?
答复: Hypothetical: Totalitarian regimes virtual servers abroad?
First. It is completely impossible for Chinese government to setup censorship system out of its territory, especially in a democratic country. If they were to do this, it would not only be against the law of country in which their censor system located, but also seriously destroy their reputation. Second. Even if such nodes exist, only they act as exit node can the censor system works. Even in this situation, they still cannot trace back the original user who breaks the censor rule since tor has so many relays. -邮件原件- 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代 表 F. Fox 发送时间: 2008年1月31日 5:52 收件人: or-talk@freehaven.net 主题: Hypothetical: Totalitarian regimes virtual servers abroad? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 I've been thinking about the recent threads involving our recent contributor from China, and the idea of excluding nodes by country - in this case, excluding Chinese nodes, for the purposes of circumventing the Great Firewall. However, such an approach relies on the ability to tie an IP address to geography. This led me to something that while simple, could break this entire approach: What if the Chinese government were to open virtual server accounts in other countries? Assuming they had massive connectivity (which some locations do - there's such a place near me, which hosts among other things, Google), malicious Tor nodes could be run on them. Since excluding by geography would be useless, they'd only need to sit back and wait. Any thoughts? - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR6DxcOj8TXmm2ggwAQi/QxAAuUhgsUcV44HyhpRNfJF1kbM6iFVPHmmd FtWYqnPCDoc7qMnA/BFXYxjDply1WbWIanVoMDY8Cg7pw5F7prktGq8H4aYeHxc7 meoNEef35PP6qzLpe59uv25C6b6I4S8V1BBRVlZsVbElMGUMRClFbWndWNjStLue TnwSZq2sVu0wB6iVtB4UhTkqvAFAcXSwYxP1+kKHCd/PLE3Hpwi5jEFmtw+2H+Vf 19HmUvbNqKnuBHHeX178EBqW78+bVst1phm4lI745YViWTb7I/4DgTS0+WqAo0x/ e1g9vsHJQoTiEWg/+8sprBtLhIR2HE+PobTce+3nEvjb7SfdBUVwspG1hemqDDpE NLNWAsAzMFYnAdmEMfEEHCVf7BoFXVqkqs5KMKxsWE0X4+6QbXLxR+PS9b4Ev/1Q PsE8HVO43jxS0/alMGUFWqwTdbFn/qNqK1GKGMEYecFukZSNwViFeA5ufkSPdVHS N/EK0ILedcA8XYRRBttJRlPzYGSI0EuD3XBuc4sK0QtzB/IYCh71RyJn1KDdk8Um HUkw0aLS5+b/Ok9ULxWsWQpjsjRdeWp2ZPsym/5UQcWSoE+rqEDQE4OKaSeDVFbx fWLYZ4OQUwDX/OI0pSsEW2dVDc3Zr51vF3VapC+GuM/IID2WOEwbB9nzcVIlcGIg 2FXBdN/b9H0= =Y74V -END PGP SIGNATURE-
Re: One hop proxy [Re: Can nickname be duplicate?]
There will be a lot of problems with one-hop circuit. For example, if bad people know that there are one-hop circuits in the Tor network, they will be more interested in attacking Tor, setting up more malicious nodes, etc., the consequence is a mess. I do not mean to reduce tor to one-hop proxy. There is trade-off between speed and anonymous-preserving. For different user groups have different requirement of safety and anonymous, even one user's needs vary from different conditions he counters, sometimes he prefers speed and sometimes he needs more safety. My opinion is that to let people use their Tor more freely, for example, they can free to choose number of hops, they can choose a fixed exit node if they trust it, or they can let their Tor to choose path ramdomly or they specify a path they consider as reliable.
about Tor in Linux
I want do some programming with Tor, I've heared that Tor is developed on Linux platform, so I want to switch my OS to Linux. But since Linux has so many variations, I don't know which one should I install for programming Tor?
Can nickname be duplicate?
Does Tor identify each node by its nickname? for example, in torrc, a series of commands such as: ExcludeNodes nickname,nickname,... EntryNodes nickname,nickname,... ExitNodes nickname,nickname,... But when we see at http://torstatus.kgprog.com, (sorted by their names) we can find a bundle of nodes with the same nickname unnamed, see following: If I want to remove a node located in China whose nickname also is unnamed, I just add ExcludeNodes unnamed to torrc. How does tor know which node I want to remove, perhaps, it removes a node in Europe which I want to keep. Can anyone explain why? Thanks image001.png
答复: Can nickname be duplicate?
If just for visiting those banned website by local ISP, not too strong anonymous preserving is required. Censor systems is not very high-tech, it adopt mainly two method: first, domain (or IP address) deny, that is to cut off the connection when your HTTP require bound to those banned websites' IP which is listed in ISP's server; second: key-words filter, ISPs keep a set of key-words mainly refer to pornographic, political related subject; when any data stream that contains these key-words pass through ISP, it will be cut off. Seriously, it will reveal your IP to the ISP. Before tor is available, people often used proxy located abroad their own country to visit banned sites, but this was a unstable way, such proxy server was hard to find, once one of these proxy become well-known, it would soon be listed on the banned IP list of censor system. Furthermore, it cannot avoid key-words filter if data streamed from client to proxy (or vice-versa) is not encrypted. The solution is a proxy without fixed IP and can also encrypt data, Tor is a good tool! But we just need such a proxy, thus so many relays is not needed, and such relays will slow down the speed of communication. So, my idea is to find a way to get rid of relays, what I need is just exit nodes abroad my country and other totalitarian governed regions, I've found that generally one circuit contains three nodes when tor is used to browse website, that is to say my data is encrypted for three times. In fact, to me, one exit node with a high bandwidth abroad is enough. Of course what I have said above does not necessarily fit every country. In my country, as long as you do not spread out those banned information, the police would not bother you just for the reason that you browse them personally. To secure your safety, you must be familiar with the law in your country and adopt according safety secure strategy. If anyone knows how to do, please help me. Thanks! Sincerely yours friends -邮件原件- 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代 表 F. Fox 发送时间: 2008年1月31日 3:30 收件人: or-talk@freehaven.net 主题: Re: Can nickname be duplicate? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Florian Reitmeir wrote: (snip) FAQ: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ 4.10. Can I control what nodes I use for entry/exit? ... We don't actually recommend you use these for normal use -- you get the best security that Tor can provide when you leave the route selection to Tor ... (snip) I seriously question this - at least in the context of evading totalitarian censorship technology. I think in such a situation, one would want to exclude nodes from their own country; at the very least, they'd want to exclude such exit nodes. - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR6DQI+j8TXmm2ggwAQhgMQ//RMXRtbdXQ4Ekh6XdojQtnKQfUVuW+mwD IjPJAlGG53e+PrIa3RWChQ2GXWWnQMJHhyaSypTdNSwjAwEpSvo3ABsvsQWLpWoN gqrYklkjgc4d5D5o/z35EOIhrwBIoOi7Niq8oSUOylviYRwD6kKXDlFxOmPKiY5F M6+BSNFRoRlaYS8JulcHJ26x7RgCkbOJllNKB6Zk3Kun024/hoS/k1J9t5T/rqVx B4nN1ZGthHXBJMryQImSlMMUgdYo9yirnZUbIWWjcgqpuRtk6NIWwJQf4X1X6fqg hXoVd6iEG/+dzkO4pKawnc00wc+dUVlTO9UijAHWars7NRiGch9ZG+409Yr/Yf3q T/U/aqUE2L6lnTK8JeiZ8i9xdN/g5GluGRlxKPCBQ4YcZU+i5fYP9D8T7gx/ZAEo 3zr264IzOoGnMPPLrgSlSJiR7cX6MpLkylTWqlezkqxZgc2UlblD6Yh0LdFDYx0w EjKCrArhsYM4Zr9Gl98wCUiE1nD/V4Js/0pM3ZoBq4U15eJfp+tRRRXEVi3yS1TR arZLu+Hc9+JS7YQzN2W1N82nUc/oOdp70Z5ntFcxQX4Gy6bZuI77ZE7sMF7AlTiw 6Ua5q6Pmo/6EmM5ObMKVOoN/zBtgNG8JfwFwFRerkneog5b3n3JAdMzp7Bqjr+Tx V6xSEm5O7Hk= =FVfB -END PGP SIGNATURE-
答复: Can nickname be duplicate?
If just for visiting those banned website by local ISP, not too strong anonymous preserving is required. Censor systems is not very high-tech, it adopt mainly two method: first, domain (or IP address) deny, that is to cut off the connection when your HTTP require bound to those banned websites' IP which is listed in ISP's server; second: key-words filter, ISPs keep a set of key-words mainly refer to pornographic, political related subject; when any data stream that contains these key-words pass through ISP, it will be cut off. Seriously, it will reveal your IP to the ISP. Before tor is available, people often used proxy located abroad their own country to visit banned sites, but this was a unstable way, such proxy server was hard to find, once one of these proxy become well-known, it would soon be listed on the banned IP list of censor system. Furthermore, it cannot avoid key-words filter if data streamed from client to proxy (or vice-versa) is not encrypted. The solution is a proxy without fixed IP and can also encrypt data, Tor is a good tool! But we just need such a proxy, thus so many relays is not needed, and such relays will slow down the speed of communication. So, my idea is to find a way to get rid of relays, what I need is just exit nodes abroad my country and other totalitarian governed regions, I've found that generally one circuit contains three nodes when tor is used to browse website, that is to say my data is encrypted for three times. In fact, to me, one exit node with a high bandwidth abroad is enough. Of course what I have said above does not necessarily fit every country. In my country, as long as you do not spread out those banned information, the police would not bother you just for the reason that you browse them personally. To secure your safety, you must be familiar with the law in your country and adopt according safety secure strategy. If anyone knows how to do, please help me. Thanks! Sincerely yours friends -邮件原件- 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代 表 F. Fox 发送时间: 2008年1月31日 3:30 收件人: or-talk@freehaven.net 主题: Re: Can nickname be duplicate? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Florian Reitmeir wrote: (snip) FAQ: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ 4.10. Can I control what nodes I use for entry/exit? ... We don't actually recommend you use these for normal use -- you get the best security that Tor can provide when you leave the route selection to Tor ... (snip) I seriously question this - at least in the context of evading totalitarian censorship technology. I think in such a situation, one would want to exclude nodes from their own country; at the very least, they'd want to exclude such exit nodes. - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBR6DQI+j8TXmm2ggwAQhgMQ//RMXRtbdXQ4Ekh6XdojQtnKQfUVuW+mwD IjPJAlGG53e+PrIa3RWChQ2GXWWnQMJHhyaSypTdNSwjAwEpSvo3ABsvsQWLpWoN gqrYklkjgc4d5D5o/z35EOIhrwBIoOi7Niq8oSUOylviYRwD6kKXDlFxOmPKiY5F M6+BSNFRoRlaYS8JulcHJ26x7RgCkbOJllNKB6Zk3Kun024/hoS/k1J9t5T/rqVx B4nN1ZGthHXBJMryQImSlMMUgdYo9yirnZUbIWWjcgqpuRtk6NIWwJQf4X1X6fqg hXoVd6iEG/+dzkO4pKawnc00wc+dUVlTO9UijAHWars7NRiGch9ZG+409Yr/Yf3q T/U/aqUE2L6lnTK8JeiZ8i9xdN/g5GluGRlxKPCBQ4YcZU+i5fYP9D8T7gx/ZAEo 3zr264IzOoGnMPPLrgSlSJiR7cX6MpLkylTWqlezkqxZgc2UlblD6Yh0LdFDYx0w EjKCrArhsYM4Zr9Gl98wCUiE1nD/V4Js/0pM3ZoBq4U15eJfp+tRRRXEVi3yS1TR arZLu+Hc9+JS7YQzN2W1N82nUc/oOdp70Z5ntFcxQX4Gy6bZuI77ZE7sMF7AlTiw 6Ua5q6Pmo/6EmM5ObMKVOoN/zBtgNG8JfwFwFRerkneog5b3n3JAdMzp7Bqjr+Tx V6xSEm5O7Hk= =FVfB -END PGP SIGNATURE-
Re: Scripted exclusion of nodes? [Was: How to remove some useless nodes]
Sorry, I am a beginner, I still do not know how to get the whole exit list. I use dig according to this page, but it responses: ; DiG 9.4.1-P1 209.137.169.81.6667.4.3.2.1.ip-port.exitlist.torproject.org ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 51792 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;209.137.169.81.6667.4.3.2.1.ip-port.exitlist.torproject.org. IN A ;; AUTHORITY SECTION: exitlist.torproject.org. 44 IN SOA exitlist-ns.torproject.org. tordnsel.torproject.org. 0 1800 1800 1800 1800 I don't know if there is something wrong? - Original Message - From: Marco Bonetti [EMAIL PROTECTED] To: or-talk@freehaven.net Sent: Tuesday, January 29, 2008 4:30 PM Subject: Re: Scripted exclusion of nodes? [Was: How to remove some useless nodes] On Tue, January 29, 2008 09:20, Pei Hanru wrote: I've long wondered if there is (will be) an option for excluding nodes solely at exit? http://exitlist.torproject.org/ You'll get the whole exit nodes list, then you can filter out unwanted nodes. ciao -- Marco Bonetti Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My webstuff: http://sidbox.homelinux.org/ My GnuPG key id: 0x86A91047
Re: How to remove some useless nodes
To remove these fucking nodes mannually one by one is a boring job!!! I wonder where to get a router list which contains information about country, or just a exit nodes list is much more better! Does Tor keep a copy of router list on my PC? - Original Message - From: Gregory Maxwell [EMAIL PROTECTED] To: or-talk@freehaven.net Sent: Monday, January 28, 2008 9:39 PM Subject: Re: How to remove some useless nodes On Jan 26, 2008 10:08 PM, Kraktus [EMAIL PROTECTED] wrote: On 26/01/2008, 孙超 [EMAIL PROTECTED] wrote: We in China use tor mainly for avoiding Great Fire Wall, which is a very strong internet censorship software operated by the government. So, if You can add ExcludeNodes NodeName1, NodeName2 to your torrc, where the NodeName1, etc. are the names of Chinese exit nodes that you are aware of. However, you much disallow each Chinese node separately; you can't exclude by country. It would be interesting if tor exits used passive connection monitoring to figure out if they are on a content modifying or censoring network, then made a note of it in the directory. Users could then choose to avoid that exit while people interested in censorship or neutrality would have a shortlist to do research from. Some types of censoring are pretty subtle and couldn't easily be detected this way, but the Great Firewall is pretty obvious.
Question about some files' function in tor????
Hi, everyone! I intend to get a router list, so I investigate some temporary files of tor.(My OS is windows vista). Still have some questions needing your help. 1.C:\Users\sunchao\AppData\Roaming\Vidalia\geoip-cache (sunchao is my user name) Content of this file as follows: 91.49.126.183,,,DE,51.,9.:1201672296 84.44.133.225,Cologne,07,DE,50.9333,6.9500:1201568891 84.157.197.178,,,DE,51.,9.:1201412847 77.181.84.222,Bad Salzuflen,07,DE,52.0833,8.7667:1201672296 I think it is not router list for some routers' nickname cannot be found here. What is it? 2. C:\Users\sunchao\AppData\Roaming\tor\cached-routers router Rollstuhlfahrer 77.2.218.125 9001 0 9030 platform Tor 0.1.2.19 on Linux x86_64 published 2008-01-24 06:30:44 opt fingerprint 698E 5B8C 02EA 88A3 4B06 A620 1715 627D 222D BF2D uptime 15 bandwidth 266240 266240 0 onion-key -BEGIN RSA PUBLIC KEY- .. -END RSA PUBLIC KEY- signing-key -BEGIN RSA PUBLIC KEY- .. -END RSA PUBLIC KEY- opt write-history 2008-01-24 06:26:01 (900 s) 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,439296,45056,59392,28672,52224,278528,387072,656384,11433984,4769792,6240256,7165952,6558720,3869696,2808832,4383744,5882880,8153088,18294784,17779712,17754112,17058816,16708608,10882048,13044736,8856576,14049280,5678080,275456,4951040,2467840,5883904,5685248,11428864,8084480,16199680,14009344,3362816,13296640,4254720,7823360,9160704,6640640,1898496,4336640,1848320,5111808,6903808,10358784,6899712,4688896,3534848,11554816,11877376,6761472,14179328,27174912,24527872,0,0,0,0,0,0,0 opt read-history 2008-01-24 06:26:01 (900 s) 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2606080,934912,965632,943104,956416,1185792,1276928,1574912,12655616,5488640,7140352,8066048,7486464,4756480,3623936,5014528,6503424,8686592,18965504,18416640,18398208,17835008,17318912,11626496,13762560,9622528,14750720,6587392,1201152,5795840,3405824,6730752,6656000,12378112,9041920,16799744,14757888,4230144,14323712,5100544,8607744,10014720,7412736,2786304,5193728,2726912,6111232,7654400,11161600,7744512,5659648,4448256,12393472,12717056,7570432,13812736,25420800,21768192,0,0,0,0,0,0,0 contact rafzahn at googlemail dot com reject *:* router-signature -BEGIN SIGNATURE- .. -END SIGNATURE- I think it may be the router list stored locally, Two questions: first, how can I distinguish normal nodes from exit nodes? second, what does reject *:* mean? 3. cached-descriptors (in the same directory as the above one) is similar to cached-routers, I don't know what's difference between them? Others files such as cached-certs, cached-consensus, if anyone knows what's their meanings and functions? plz let me know. Thanks with my best regards!!!
