Re: Web-page of Tor-status
Hello, TorStatus is still in the SVN repository. You can find the latest release with SVN at https://svn.torproject.org/svn/torstatus/tags/REL4_0/ If you download this (or the trunk version), then you should be able to follow the INSTALL file to setup a TorStatus page. Let me know if you have any problems! Thanks, Kasimir On Wed, Dec 8, 2010 at 4:32 PM, Orionjur Tor-admin wrote: > How can I set up a web-page of Tor-status like this: > http://torstatus.blutmagie.de/ ? > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ > -- Kasimir Gabert *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Restricted Exit Policy Port Suggestions?
(sorry for the top posting, I do not believe my phone can bottom post.) Slightly OT but in response to the US ISP comment: Until recently (my motherboard gave out) the ISP Xmission was great about my server and dmca. I let them know about my tor node and the several dozen takedowns I received afterwards were ignored by them---not to mention everyone I have interacted with there has been very friendly and knowledgeable (and my residental speed was $60/month for 50 Mbps full duplex with fiber!) :) I figure there are still a few small ISPs out there which haven't had the chilling effect take hold. Kasimir Gabert On Aug 11, 2010 7:09 AM, "Harry Hoffman" wrote: In my opinion, more often then not DMCA takedown requests center around file-sharing and also more often then not the takedown requests actually have validity to them. There are certainly instances where takedown requests are incorrect but the frequency of them isn't high (again, my opinion). My $0.02, after having processed many a takedown request. If you want to exclude p2p, then I would bet that the amount of abuse reports would plummet. Cheers, Harry On Wed, 2010-08-11 at 08:44 -0400, and...@torproject.org wrote: > On Wed, Aug 11, 2010 at 03:05:2... *** To unsubscribe, send an e-ma...
Re: Tor-network-status wishlist (was Re: [or-talk] where are the exit nodes gone?)
On Sun, Apr 11, 2010 at 10:04 AM, Roger Dingledine wrote: > On Sun, Apr 11, 2010 at 03:23:16PM +0200, Olaf Selke wrote: >> maybe I take your advice and add php code at blutmagie tns to sum up the >> extra-info average rate data and print the so calculated bandwidth >> instead of max observed one. > > Here's my chance to remind people about > http://archives.seul.org/or/talk/Jan-2008/msg00300.html > :) > > I think #1 and #4 have been done, but #2 and #3 remain. > > --Roger > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ > Hi Roger, #2 and #3 are implemented in the current trunk version. #1, however, is only partially implemented. Thanks, Kasimir -- Kasimir Gabert *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [or-talk] where are the exit nodes gone?
On Sun, Apr 11, 2010 at 10:05 AM, Kasimir Gabert wrote: > On Sun, Apr 11, 2010 at 9:01 AM, Scott Bennett wrote: >> On Sun, 11 Apr 2010 15:23:16 +0200 Olaf Selke >> wrote: > [snipped] >>> >>>maybe I take your advice and add php code at blutmagie tns to sum up the >>>extra-info average rate data and print the so calculated bandwidth >>>instead of max observed one. >> >> You might communicate with Kasimir Gabert about that. I think he said >> some months ago that he was going to do that for his torstatus stuff, so >> what you want might already be written. > > I've been really busy these past numerous months, but that code is > written. You can find it in the trunk version of TorStatus. I'm > giving myself two weeks at the end of this semester to get a new > interface that was designed for me implemented, redo the PHP frontend > code base, and push out a new version. :) > > You can get the "actual" bandwidth code already, however. I used a > moving average to calculate it. > > Thanks, > Kasimir > > > > -- > Kasimir Gabert > Hello again, I believe you're bandwidth is being calculated to be 14523 KB/s -- impressive! http://trunk.torstatus.kgprog.com/index.php?SR=Bandwidth&SO=Desc Thanks, Kasimir -- Kasimir Gabert *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [or-talk] where are the exit nodes gone?
On Sun, Apr 11, 2010 at 9:01 AM, Scott Bennett wrote: > On Sun, 11 Apr 2010 15:23:16 +0200 Olaf Selke > wrote: [snipped] >> >>maybe I take your advice and add php code at blutmagie tns to sum up the >>extra-info average rate data and print the so calculated bandwidth >>instead of max observed one. > > You might communicate with Kasimir Gabert about that. I think he said > some months ago that he was going to do that for his torstatus stuff, so > what you want might already be written. I've been really busy these past numerous months, but that code is written. You can find it in the trunk version of TorStatus. I'm giving myself two weeks at the end of this semester to get a new interface that was designed for me implemented, redo the PHP frontend code base, and push out a new version. :) You can get the "actual" bandwidth code already, however. I used a moving average to calculate it. Thanks, Kasimir -- Kasimir Gabert *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is it desirable to prevent users from choosing their own circuits?
On Fri, Oct 2, 2009 at 10:50 AM, Brian Mearns wrote: > On Fri, Oct 2, 2009 at 12:26 PM, Martin Fick wrote: >> --- On Fri, 10/2/09, Brian Mearns wrote: >> >>> > Perhaps I don't understand your suggestion, but how >>> > would a hash translate to a relay address? The >>> > maximum possible strength of a hash is related to the >>> > size of its address space, if this is limited to the >>> > number of relays available, it would be pretty weak. >>> > I would imagine that an 8 bit cpu is likely to be >>> > able to easily run through enough hash input >>> > combinations to get the address of any tor relay in >>> > the network, wouldn't they? >>> > >>> > -Martin >> ... >> > > Thank you very much for the additional feedback. I hadn't really > considered that this was a criteria of a hashing function, but I guess > it makes sense: if it's biased when fairly mapped to a smaller domain, > it would be biased in the full domain as well. For what it's worth, I > was using SHA-512. Hello Brian, I believe that if you would have used a prime number of "buckets" then your hash result would have been greatly improved with respect to an even distribution. > > Interestingly, "Applied Cryptography" (by Bruce Schneier) briefly > discusses a distributed timestamping protocol that uses a hash of the > content to be stamped in order to select which nodes will provide the > stamp, the idea being that the requester can't simply choose to use > nodes he controls in order to forge the timestamp. The details are not > given, but it is mentioned that the hash is used to seed a PRNG, the > output of which is used to pick the nodes. I suppose this would suffer > from the same weakening effects of mapping the output into a smaller > domain. If there are only 2^N nodes to choose from, an attacker should > be able to get the one he wants by enumerating through about that many > different inputs. Of course, if he needs to choose 2 nodes, then I > guess he would need to enumerate through 2^(2N) input values to be > almost-guaranteed a hit (or maybe 2^(2N-1), since order doesn't > matter?) I suppose that's where the security comes from in that case. > > Regards, > -Brian > > -- > Feel free to contact me using PGP Encryption: > Key Id: 0x3AA70848 > Available from: http://keys.gnupg.net > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ > Kasimir Gabert -- Kasimir Gabert *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TorStatus tells me I shouldn't be there?
On Sat, Jul 11, 2009 at 2:40 AM, Ringo<2600den...@gmail.com> wrote: > Got this message on torstatus.kprog.com > > It appears that you are using the Tor network > Your OR is: 64.252.207.99 > Server name: Unnamed > -This Tor server would NOT allow exiting to this page- > > Any ideas as to what might cause this? > > Ringo > Hi Ringo, Does it say that you are using the Tor network at http://trunk.torstatus.kgprog.com ? I am not sure if the previous Tor port detection code is correct. Kasimir -- Kasimir Gabert
Re: SSH and Telnet ports
On Sun, Dec 14, 2008 at 12:48 PM, Dominik Schaefer wrote: > Kasimir Gabert schrieb: >> On Sun, Dec 14, 2008 at 11:36 AM, Christopher Davis >> wrote: >>> How practical is SSH password cracking over Tor? Wouldn't the latency >>> deter attackers? >> I have received about 70 brute force ssh attempts on my Tor node in the >> past month from other exit nodes. I'm not sure what the pay off is, but >> the attacks are occurring. > Three servers I maintain receive about 60 of those dumb and ridiculous login > attempts per hour. They are not running any Tor relay und are not especially > 'big' in terms of number of users or publicity. Clearly, the originator does > not target Tor nodes specifically. ;-) As these logins are coordinated (same > username on 3 machines within the same second), it seems to be some botnet. > Concerning the aspect of using Tor to target others: I would be very surprised > if anyone actually tries to use Tor for this, ordinary botnets of owned > machines are completely sufficient. > > Dominik > > > Hello Dominik, Thanks for the information. I run denyhosts, and receive ridiculous numbers of these connections to my servers as well. I ran a quick script to grab what denyhosts had blocked, and determined how many of those connections were from Tor exit nodes. Quite a large number! On my other boxes I seem to get less of the Tor exit node attacks for some reason, although I do still receive roughly the same number from botnets. Kasimir -- Kasimir Gabert
Re: SSH and Telnet ports
On Sun, Dec 14, 2008 at 11:36 AM, Christopher Davis wrote: > On Sun, Dec 14, 2008 at 07:15:18PM +0100, Mitar wrote: >> Hi! >> >> I am wondering why should I allow SSH and Telnet ports to be open on a >> relay? Is there really a usage case where a Tor user would need them >> (because connecting with SSH to a server does somehow go against >> anonymity)? Because otherwise it could be used for dictionary attacks >> against SSH hosts. >> >> >> Mitar > > How practical is SSH password cracking over Tor? Wouldn't the latency > deter attackers? > > -- > Christopher Davis > I have received about 70 brute force ssh attempts on my Tor node in the past month from other exit nodes. I'm not sure what the pay off is, but the attacks are occurring. Kasimir -- Kasimir Gabert
Re: simple user question - someone please reply!
On Sun, Oct 26, 2008 at 5:53 AM, Karsten N. <[EMAIL PROTECTED]> wrote: > Hi Pat, > > what is your configuration. Are you using Firefox with Torbutton? How > did you configure your proxy in firefox? > > > [EMAIL PROTECTED] schrieb: >> Hello TOR community members, >> >> this question might seem stupid to you, but it is essential for TOR >> usage, and with my knowledge as a user-only, I couldn't answer it with >> the TOR documentation/FAQ. >> >> Why is it that when I enter a non-existant URL in Firefox/TOR (e.g. >> http://www.krachunddonner.de/ ), I receive a screen >> (http://alicesuche-de.aol.de/suche/alice_afe_landing.jsp?invocationType=500error_alice&q=www.krachunddonner.de/) >> from MY internet provider saying the requested site couldn't be found >> AND containing the requested URL in a search field? >> >> This means that whether I'm using TOR or not, my provider always knows >> the URLs of the sites I access (or try to access), right? >> >> TORs "exit node" is a step in front of my provider, so my provider can >> log which sites I access, and, in case I don't use encrypted >> connections, even all content I access. And he knows WHO's accessing it. >> Correct? >> >> How else can it be that I receive that screen containing the URL I tried >> to access? >> >> Please answer or tell where I can find an answer I can understand >> without a lot of technical knowledge. >> >> Thank you!! >> >> Pat >> >> > > Hello, It sounds like your DNS queries are not going through the Tor network. Do you have privoxy or polipo installed, and are they being used? Are you using TorButton? Are you receiving any warnings in your Tor log file? Kasimir -- Kasimir Gabert
Re: torstatus sites aren't updating
On Wed, Sep 24, 2008 at 8:59 PM, Kasimir Gabert <[EMAIL PROTECTED]> wrote: > On Wed, Sep 24, 2008 at 8:55 PM, Scott Bennett <[EMAIL PROTECTED]> wrote: >> I confess that I've only checked three of the torstatus sites, but it >> appears that they have stopped being updated. torstatus.kgprog.com hasn't >> been updated in many hours, and at least two others appear not to have been >> for several days. Does anyone know why? And when the updates will begin >> again? >> Thanks in advance for any news. > > Hello Scott, > > I am not sure why the updating script suddenly failed, however the > fall back measures for the upcoming version kept it updating. I > started the updating script again for the main site, but the trunk > version should still be up to date > (http://trunk.torstatus.kgprog.com). > > Sorry about these issues, > Kasimir Actually, I take that back. It appears that I can not add properly! Neither site was updating. https://torstatus.blutmagie.de/ is still current, however. Thanks again! Kasimir > >> >> >> Scott Bennett, Comm. ASMELG, CFIAG >> ** >> * Internet: bennett at cs.niu.edu * >> ** >> * "A well regulated and disciplined militia, is at all times a good * >> * objection to the introduction of that bane of all free governments * >> * -- a standing army." * >> * -- Gov. John Hancock, New York Journal, 28 January 1790 * >> ** >> > > > > -- > Kasimir Gabert > -- Kasimir Gabert
Re: torstatus sites aren't updating
On Wed, Sep 24, 2008 at 8:55 PM, Scott Bennett <[EMAIL PROTECTED]> wrote: > I confess that I've only checked three of the torstatus sites, but it > appears that they have stopped being updated. torstatus.kgprog.com hasn't > been updated in many hours, and at least two others appear not to have been > for several days. Does anyone know why? And when the updates will begin > again? > Thanks in advance for any news. Hello Scott, I am not sure why the updating script suddenly failed, however the fall back measures for the upcoming version kept it updating. I started the updating script again for the main site, but the trunk version should still be up to date (http://trunk.torstatus.kgprog.com). Sorry about these issues, Kasimir > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ********** > -- Kasimir Gabert
Re: peculiar server "bandwidth" posted by server "mnl" and possible new type of attack
On Wed, Sep 10, 2008 at 7:28 AM, Scott Bennett <[EMAIL PROTECTED]> wrote: >> >>The fact of not being an exit node would make it a better corruped >>relay? I mean, if I would like to DOS the Tor network I would be better > > No, or at least I don't think so. What I was referring to is that most > of the trouble we've had from bad operators has taken the form of corrupted > exit servers, where what goes into or comes out of the exit is in the clear > and can be altered before it is sent where it is going. > >>to set the trojan node as internal? >> > For this kind of attack, I suppose there might be some sort of advantage > to being only a relay and not an exit because route selection often prefers > non-exit relays for non-exit positions in a route, and a typical route has > two non-exit positions but only one exit position. So the chances to bog > down performance might be a bit higher if the attacker focused on non-exit > usage. > But Roger has already said that clients believe that no server really > handles more than 5 MB/s, so they trim any figures greater than that back to > 5 MB/s. If you had a dozen or two tor servers falsely reporting high usages, > each at 5 MB/s or more, it might make a mess of things because they would > distort the networkwide statistics, especially if those servers did not > identify themselves as all being members of the same Family. For reference, the reported bandwidth values from mnl hover around 2000 KB/s, but are very flaky (I'll assume this is caused by the connection issues Domenico was talking about). http://trunk.torstatus.kgprog.com/router_detail.php?FP=abd38668d3f476f50232fec0b6db6550ea43edd0 Kasimir > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ** > -- Kasimir Gabert
Re: peculiar server "bandwidth" posted by server "mnl" and possible new type of attack
On Tue, Sep 9, 2008 at 8:10 AM, Olaf Selke <[EMAIL PROTECTED]> wrote: > Scott Bennett wrote: >> >> Nearly 49 MB/s seems a bit of a stretch. The server's operator sent me >> a note saying that the server is attached to the 1 GB/s campus backbone net, >> but it is attached via a 100 Mb/s router, so the reported data rate is four >> to five times the rate physically possible due to the router's limitation. >> The server, according to its operator, is running on a 2.6 GHz P4, and its >> descriptor says the machine is running LINUX. Based upon postings quite a >> while back from blutmagie's operator and from a few other operators of very >> high-data-rate servers, it seems to me that a 2.6 GHz P4 (Northwood?) running >> LINUX would not be capable of handling a load eight to ten times that of >> blutmagie, regardless of its network connection's capacity. > > blutmagie tor node is running on a pair of the old Prestonia P4 NetBurst Xeon > DP > 3200MHz processors. Over the last four weeks mrtg monitoring is showing an > average interface throughput of 32 MBit/s in and 33 MBit/s out. Throughput is > limited by cpu power rather than by available network bandwidth. Since Tor > doesn't scale very well with the number of cores, one core is loaded with > 100%, > leaving the other three cores almost idle. Compiling the openssl library with > Intel's C compiler icc improved performance by about 20-25% compared with gcc > (compiling tor with icc doesn't change very much). That's the reason > blutmagie's > observed data rate increased from about 5500 to nearly 7000 KByte/s some > weeks ago. > > regards Olaf > Hello Olaf, For the upcoming version of TorStatus, I followed Roger's suggestion of calculating the observed bandwidth using the read and write history instead of the given observed bandwidth rate. After doing this, and what seems to follow the graphs relatively accurately, your bandwidth rate has dropped to 3463.39 KB/s. I'm using a linear moving average to calculate the bandwidth. Would you mind looking over the new router detail page and seeing if it looks reasonable to you? You can view it at http://trunk.torstatus.kgprog.com/router_detail.php?FP=795513a52e5155af5e36937d5a7c76d3bf20d0c4 Also, with regards to mnl, it is down now but I can remember that when it was running I noticed how it was the lead by a large margin on the current TorStatus page, but was at something like 200 on the trunk page. It seems like it never received the amount of traffic that it could handle, or something similar. Kasimir -- Kasimir Gabert
Re: flash won't work with Tor enabled
On Mon, Sep 1, 2008 at 1:53 PM, Tom Hek <[EMAIL PROTECTED]> wrote: > Torbutton blocks Flash because Flash doesn't use Tor and would destroy your > anonimity. > > Tom > > sean darcy wrote: >> >> I have firefox 3.0.1, tor button 1.2, tor-0.1.2.19-1.fc9.i386 , >> privoxy-3.0.8-2.fc9.i386 >> >> flash won't play with tor enabled. tor disabled it works fine. >> >> For instance, http://www.adobe.com/shockwave/welcome/ >> >> Do I need some new setting? >> >> Thanks for any help. >> >> sean >> > > If you really need to access a flash script you could set up CGIProxy (http://www.jmarshall.com/tools/cgiproxy/) to route through Tor, and then connect to a local CGIProxy proxy with it's settings enabled for rewriting scripts. This will not, of course, guarantee your anonymity. I would combine it by putting the CGIProxy on another machine (or virtual machine), then set your firewall to block any/all requests that are not to that machine or localhost. This should help protect against failed rewrites by CGIProxy, and potentially retain the anonymity provided by Tor. Please correct me if I am wrong! Kasimir -- Kasimir Gabert
Re: Comcast DNS servers returning bogus information
On Sun, Aug 24, 2008 at 12:23 PM, Scott Bennett <[EMAIL PROTECTED]> wrote: > On Sun, 24 Aug 2008 12:10:27 -0500 Drake Wilson <[EMAIL PROTECTED]> > wrote: >>Quoth Scott Bennett <[EMAIL PROTECTED]>, on 2008-08-24 12:03:13 -0500: >>> The only problem is that that explanation doesn't explain why their >>> name servers give out the identically wrong information to computers >>> elsewhere on the Internet. >> >>Those name servers may only be shown by DHCP to users who are placed >>in this bogus state; other users may be directed to other nameservers. > > Yes, I understood your point the first time. The problem is that > that explanation doesn't cover the responses to queries coming from > elsewhere. > >>Possibly nobody should or would be querying those ones normally, and >>those ones (and only those ones) are configured to always respond that >>way. >> > I guess I don't understand. The name server data are supposed to > be accurate in order for the Internet to function properly. I found that > the two servers in question respond with the same address for every A RR > that is requested, without regard to whether the name and domain should > resolve to a Comcast IP address, an NIU IP address, or a UW Madison IP > address. Further, they both give out that same wrong IP address on the > Comcast net for each of those queries, and they give them out that way > without regard to the source address of the query. If they didn't want > to respond to such queries, they should do that by either forwarding the > query to an appropriate server for the domain queried or returning a no > answer response. Hello Scott, I believe that you might have missed Drake's second explanation: that your DNS servers are the default bad servers for Comcast, and that when your DNS servers were delivered to your router via DHCP, the DNS servers changed from being the correct ones to being the incorrect ones. Of course, this is only possible if you use DHCP (or something similar), and can easily be checked if you remember your previous DNS settings, or if this occurred after initiating a new DHCP session, or by asking a neighbor using Comcast what their DNS values are and assuming that they would be the same for that area. Hopefully this will clear things up! Kasimir > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ** > -- Kasimir Gabert
Re: The pirate bay, torrent and TOR
On Fri, Aug 15, 2008 at 12:29 PM, Teddy Smith <[EMAIL PROTECTED]> wrote: > On Fri, 2008-08-15 at 20:18 +0200, Noiano wrote: >> Hello everybody, >> as you may know The Pirate Bay is being blocked in Italy for legal >> issues. It's just a matter of time before all connection to all the TPB >> servers will be blocked. Many people are suggesting to use tor+vidalia >> in order to bypass the block. It's a good suggestion but, IMHO, people >> care very little about just surfing thepiratebay.org. They want to >> access the tracker and download ;-) . >> Since I do not know the torrent protocol I wander: is it possible to use >> tor as a "proxy" to access the tracker and get the data connections not >> passing through tor? This would be possible if the request a client >> makes to a tracker contains the non-tor ip of the client, I guess. >> >> Any idea is welcome. >> >> Noiano (from italy :-P ) >> >> > IIRC, a few months ago someone set up a tracker as a hidden service, > specifically for this kind of thing. I didn't test it myself, but some > people reported success. > Hello, I think what is being talked about is something far simpler: accessing TPB through Tor, but have the P2P connections not being blocked. This is actually the recommended way of using Tor with P2P, and is easily possible in most clients. I only know about deluge, seeing that is what I use on my Ubuntu box, and all I had to do was check "Tracker Proxy" in the settings, and type in my Tor SOCKS proxy. Let me know if this helps, and good luck! Kasimir -- Kasimir Gabert
Re: You are not safe anymore on TOR
On Sat, Jul 19, 2008 at 2:24 PM, Marc Erickson <[EMAIL PROTECTED]> wrote: > http://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf > > Has anyone read this? Opinions? > > > Marc >From the paper: Conclusions We have NOT found any weaknesses in Tor - but instead demonstrated that weakness / features of the software that uses Tor can be exploited to take away people's privacy / anonymity. -- Kasimir Gabert
Re: Tor Desktop
On Fri, Jun 6, 2008 at 8:58 PM, defcon <[EMAIL PROTECTED]> wrote: > why would u need a seperate tor machine, when all you need is tor and some > firefox extensions? The idea is to prevent any unknown security breeches from compromising your anonymity. If, say, Firefox has a zero day exploit that will, even with Torbutton, leak the saved sites, usernames, and passwords to a script (this is unlikely, but an example) they having an entirely separate Firefox installation would save your anonymity. The same idea applies outwards to the operating system. Kasimir -- Kasimir Gabert
Re: Ports 443 & 80
On Sun, May 18, 2008 at 2:38 PM, Scott Bennett <[EMAIL PROTECTED]> wrote: > On Sat, 17 May 2008 18:53:35 -0500 Nathaniel Dube <[EMAIL PROTECTED]> > wrote: [snipped] >>DirPort 80 >>DirListenAddress 0.0.0.0:9091 > > No, no, no. You've misunderstood the documentation pretty thoroughly. > First, the firewall referred to is not your "software firewall" for Windows. > The final image file you list above shows that your router is allowing packets > through with address redirection but not port redirection. Use the following > in torrc: > > Address [whatever your router's external IP address is] > ORPort 443 > ORListenAddress 0.0.0.0:443 > DirPort 80 > DirListenAddress 0.0.0.0:80 > > Undo all the stuff you did in your Windows firewall that is displayed in the > other image files you mention above. Now make sure that your Windows firewall > allows tor to receive packets on ports 443 and 80 and to transmit packets on > any port. > That's all you need to do for the way you have your router configured. >> >>Also, here's the log when I run tor in Konsole as root. =A0I know, don't ru= >>n Tor=20 >>as root. =A0I'm just doing that to test it to make sure it's working before= >> I=20 >>set it to start on boot under the "tor" user. > > Why would you run something as root *before* you test it? In any case, > if you're running Windows, "root" is sort of meaningless. > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ********** > I'm not too sure where you are getting the Windows argument from. All of the pictures I can find appear to be on a Linux distribution, and it is mentioned above that this set is on OpenSUSE. Kasimir -- Kasimir Gabert
Re: [GSoC] Overall Network Status ...
Hello Martin Mulazzani, I am glad that you have decided to help working on the overall network status. Something that you might want to consider, however, would be to implement your idea directly into TorStatus. This will help keep the display of the routers and information about them in one form, even though it is mirrored enough to keep the redundancy. TorStatus is completely open source, and can be checked out through Freehaven's svn: https://tor-svn.freehaven.net/svn/torstatus/trunk/ This will also remove any delay between updating the stats and retrieving them, and will not put an unnecessary strain on one of the, or even several of the mirrors, as well as start you out with a mirror base. Let me know what your thoughts are! Kasimir On Sun, Apr 6, 2008 at 8:17 AM, Martin Mulazzani <[EMAIL PROTECTED]> wrote: > Hi all! > > I want to take care of the "Overall Network Status" project for the > Google Summer of Code 2008. By automated collecting & merging the > available information related to the network health I would like to > calculate statistical values of importance, like arithmetic mean of > uptime, bandwith, number of exit nodes, and many more ... > > The full proposal can be found here: > http://stud4.tuwien.ac.at/~e0225055/OverallNetworkStatus.pdf > > I'm open for feedback & comments on my proposal. > > Kind regards, Martin Mulazzani > > -- Kasimir Gabert
Re: I am at my wits end, I cant register for account at digg.com using tor
On Thu, Mar 6, 2008 at 1:15 PM, defcon <[EMAIL PROTECTED]> wrote: > I completely agree, the purpose for tor is to keep your browsing > private, I dont think using digg anywhere is a privacy concern unless > you are digging illegal content that can be used against you. The > only reason I use tor is to bypass company firewalls and to anonymize > my browsing when I am surfing on sites that could be used against me > or sites that nobody has business in knowing I went to. Tor can be > used to expose governments to wrong doings and exercising free speech > when others may not grasp that concept and use what you do against > you. If you are a blogger and you may offend the government or > organizations and these gov's/org's decide to get a court order to get > your ip address you are screwed without using tor, at least using tor > you can safely do things without too much scrutiny. Now the > government has 90% of the worlds dns servers logged and isp's > backbones building up browsing habits like they do at libraries. > Every time you go to a public library everything you read is recorded > and the fbi/cia/nsa/and other nations gov's have access to that > information. It is very possible and very probable that the > government is doing these things. So if you want to exclude yourself > from these databases use tor. > -defcon This is not the case with all libraries. There are several libraries (granted, smaller libraries) through which I have discussed this thoroughly with the managers. They take special care to destroy all records of books that were checked out after they have been successfully checked back in, and any fines have been paid. I do not feel that it this is uncommon practice. Also, logging a DNS server is potentially not what you mean. ISPs keep logs, and will turn them over to the government more freely than I feel comfortable with. Of course, I have heard stories that the NSA logs lots and lots of Internet traffic. All I can contribute here is speculation, however. :) > > > > On Thu, Mar 6, 2008 at 9:25 AM, Dieter Zinke <[EMAIL PROTECTED]> wrote: > > > Enabling javascript may display the CAPTCHA, but > > > exposes you to attacks > > > and lowers your anonimity chances. > > > > > > > Right. But be realistic, even if you are surfing the > > CIA' s website or to top it the FBI (have more VEDA if > > you know what that is), they wouldn' t sniff you. Why > > should they? And if, what are the sniffed infos worth? > > In most cases nearly NULL! > > > > To me it is pure nonsense to use tor and try to > > register with digg. That is idiotic to me! > > > > > > > > > ________ > > Be a better friend, newshound, and > > know-it-all with Yahoo! Mobile. Try it now. > http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ > > > > > -- Kasimir Gabert
Re: Is http://serifos.eecs.harvard.edu dead?
On Thu, Feb 14, 2008 at 2:32 PM, Marco Bonetti <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > > Jens Kubieziel wrote: > > * Dieter Zinke schrieb am 2008-02-14 um 18:39 Uhr: > >> http://torstatus.kgprog.com/ > >> http://kgprog.com/ > >> unable to connect says my browser. > odd :) > it was online when I wrote the mail. kgprog should also host the source > code repository of the torstatus application. > > > > There are a few others mentioned at > > http://www.torproject.org/documentation#NeatLinks> > and http://torstatus.all.de/ (not written here), it's actually working > (for me :-p ). > > ciao > > - -- > > Marco Bonetti > Slackintosh Linux Project Developer: http://workaround.ch/ > Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ > My webstuff: http://sidbox.homelinux.org/ > > My GnuPG key id: 0x86A91047 > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHtLNvE3eWALCzdGwRAiKLAJ4rTWnKgTxt6PwmigauFDysfqnsfgCfaq9X > N03h4FgWWjqTbSGHv8X6KPU= > =Z139 > -END PGP SIGNATURE- > Hello All, torstatus.kgprog.com should normally work, however in the last three days I have been having lots of issues with it's router. This should [hopefully] now be fixed, and I apologize for its flapping over the last while. Kasimir -- Kasimir Gabert
TorStatus version 4 has been released
Hello all [especially TorStatus mirror operators], A new version of TorStatus (http://torstatus.kgprog.com) has been released. More information can be found at http://project.torstatus.kgprog.com, and any comments are greatly welcome. Thanks, Kasimir -- Kasimir Gabert
Re: suspicions Chinese node name piracy
Olaf, Would you prefer to have the opinion source be specified by fingerprint by default instead of by name? And did the script break, or return an incorrect value? Thank you, Kasimir On Jan 19, 2008 11:43 AM, Olaf Selke <[EMAIL PROTECTED]> wrote: > Scott Bennett wrote: > > > I would have assumed that an extraordinarily high-capacity server like > > your blutmagie would have been flagged "Named" in the status documents and > > consensus document. Did you never send in the information about it to get > > the name reserved for your server? > > no, I didn't > > Olaf > -- Kasimir Gabert
Re: Best Hardware for TOR server..
On Dec 13, 2007 9:33 AM, Scott Bennett <[EMAIL PROTECTED]> wrote: > > On Thu, 13 Dec 2007 06:38:02 -0800 (PST) "Eric H. Jung" > <[EMAIL PROTECTED]> wrote: > >--- Scott Bennett <[EMAIL PROTECTED]> wrote: > > > >> The providers in the U.S. are not at the forefront, obviously. Unlike > >> France, Japan, etc., an intermediate-speed, asymmetric model is used for > >> residential service in the U.S. If you have, say, $1200/month to blow, you > >> can get a T3 line and call yourself a business, but then you need a much > >> classier modem+router to deal with it. > > > >That information is a little dated. I've been getting Verizon fiber optic > >service to the home for > >$40/month, which provides 5 Mbps up and 15-20 Mbps down. There are other > >plans for another $5-10 > >which provide 15/15 and other options. > > > Then perhaps Verizon at last is trying to catch up with the state of > things in those other countries, but it is decidedly not there yet. I have > an ADSL line, whose speeds vary from 5.5 to 6.9 Mb/s receive and from 0.9 to > 1.0 Mb/s transmit. That's the best available for home users in a Chicago > suburb housing the second largest university in Illinois. > > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ** > At my home I have UTOPIA fiber optic, with 15Mbps up down, and which will switch in the next month or so to 50Mbps up and down. The situation *is* improving in the United States, even if it is nothing compared with Japan, where there are plans ongoing to provide every household with fiber optic. Kasimir -- Kasimir Gabert
Re: Help me understand tor with SSL?
On Dec 1, 2007 8:23 PM, Martin Fick <[EMAIL PROTECTED]> wrote: > Hi, > > After reading the docs I am very confused about how > tor/privoxy deals with https(SSL) connections. It > sounds like if I use SSL that I will be basically > bypassing privoxy and therefor could leak personal > info? So what is the alternative if I want to access > a web site that requires https for logging in > anonymously? > > Also, what prevents tor users form being susceptible > to simple attacks where an html page embeds an image > that has an https url as its source effectively > bypassing any privacy? > > -Martin > > > > > > Be a better pen pal. > Text or chat with friends inside Yahoo! Mail. See how. > http://overview.mail.yahoo.com/ > Hello Martin, What Privoxy will be unable to do is modify the contents of HTTPS packets. The packets will still be sent anonymously, so HTTPS communications can be anonymous (and are preferred because exit nodes can not steal information), just the ads and scripts will not be filtered from them through Privoxy. This filtering should still occur at some level from your browse (Noscript, Ad blocking extensions, etc). Let me know if that clarifies things a bit, Kasimir -- Kasimir Gabert
Re: Questions about a TOR server
Hello, I'm glad to hear you are running a router! Just change your policy to: accept *:443 reject *:* There are many popular tools for viewing statistics about connections on UNIX systems. If you want to see a list of the connections that your server is making without logging them, you can use iftop. For bandwidth usage, you might want to look into MRTG. Kasimir On Nov 24, 2007 9:49 AM, <[EMAIL PROTECTED]> wrote: > Hi, > > So finally I am running "research36" :) To begin I decided to not be an exit > mode, but will change this soon. > > Which policy must I put in the log file if I want to be an "exit node" but > ONLY on the port 443? Yes, I don't want to allow the port 80, non-encrypted... > > Other question: What can I do to see the traffic of the Tor server? I don't > know a lot about unix systems. > > Thank you! > -- Kasimir Gabert
Re: Tor blocking german nodes
On Nov 24, 2007 5:19 AM, Marco A. Calamari <[EMAIL PROTECTED]> wrote: > But I strongly suggest to discuss more and warn about using the > 600+ router from China. > > Consider two facts: > > 1) mout are born in few weeks > 2) all of them are exit router, no other > country has more than 50% > > Add them and add a very small quantity of paranoy. You might be interested in reading http://www.heise-security.co.uk/news/99333 With multiple problems existing, any that can be dealt with should be dealt with. There are large groups of Tor users in Germany who are frustrated with these horrendous laws, and that means that it will be much easier to deal with escaping data retention laws in Germany than dealing with the numerous issues which you are presenting about ORs in China. This does not mean that they should not be dealt with, it just means that when there is a movement to fix a certain problem it might hurt rather than helps to claim that a similar but not necessarily worse problem should be dealt with first. > > German situation is that of a nation full > of crypto hacktivist that mus face a new > law in two year > > China (and another country maybe) are > a Big Brother with certificate of authenticy. > Kasimir -- Kasimir Gabert
Re: Tor blocking german nodes
On Nov 22, 2007 12:20 PM, kazaam <[EMAIL PROTECTED]> wrote: > Hi > > On Thu, 22 Nov 2007 19:36:31 +0100 > "Michael Schmidt" <[EMAIL PROTECTED]> wrote: > > > please do not attach germany to fascism, this shows only our broen view. > > Thats my opinion of someone who has to do with law and as a german. > > > blocking nodes in the EU from ourside EU is nonsense and does not help the > > network, e.g. you are destroying the network by itself, i tis only a risk, > > if someone is in the EU an Exitnode. > > Forwarding nodes are needed and if there is no logging, this is the own risk > > of the mantainer. > > First this is a german problem and not one of the EU. The EU-guideline > doesn't contain anything about the logging of anonymising services. This is > just and only in the german implementation of this guideline into national > law. Other EU-countries like NL didn't do this. So far as said only germany > took hands on anonymisers and they are definitly not forced to do so by the > EU. Second the problem is not only with Exit-nodes. All german nodes > (entry,middle and exit) are forced to log who connected to them and what they > manipulated on the packet. So if you are accidently just connected to german > nodes they got you. There's afaik no way in tor to prevent that this happens. > Maybe blocking all german nodes would be too much and as you said destroying > the network but at least there have to be taken care that not more than 1 > node comes from germany. > > > -- > kazaam <[EMAIL PROTECTED]> > A potential solution to this problem, which was brought up by another person, would be to have something similar to a family option for all of the German Tor nodes. Care would have to be taken to do this on an IP level, however, and not to expect every German Tor operator to write into their configuration that they are part of this "family". Kasimir -- Kasimir Gabert
Re: 20090101 (log data)
On Nov 12, 2007 1:26 PM, Eugen Leitl <[EMAIL PROTECTED]> wrote: > On Mon, Nov 12, 2007 at 01:13:23PM -0700, Kasimir Gabert wrote: > > > The Overnet idea seems a tad silly. If connections in between servers > > I don't know how well hidden services and current Tor codebase scales, > but having an anonymous communication space is certainly worthwhile, > even if read-only. Do hidden wikis see much defacement, currently? > > > need to be logged, I do not think the requirement of logging would > > change were the connections to be for the Overnet or for the Internet. > > Not all Tor hosts log, and cooperation between different legal compartments > is much less than within e.g. US and EU. The average network bandwidth > and latency are likely to get much better in future, so the number of > hops in a circuit can be adaptively increased to make attack much more > difficult, logs or no. You are definitely correct, I apologize. Only when data is retained across the world will hidden services not continue to provide the anonymity that is currently provided... assuming of course that the Tor servers are not all German. It would be easily possible for the government if the hidden server is German to track the connection from a German user to it, however (after this law). > > > And I honestly do not see a problem with engaging in illegal > > activities to ensure the anonymity of Tor users. What the government > > is doing is illegal by any decent rational standards, and it will > > I agree -- but so far there's no need for it yet. As others have correctly > stated we need to stay in full compliance of the law (as long as that law > is not unconstitutional), to not put public support into jeopardy. > Once however such illegal retention laws have been passed, then only outlaws > will have anonymity. That is true, and we all do have until 20090101 to produce a solution. It would be bad, however, to lose anonymity for Germans for even a few days after that date, especially because Germans, as a whole, seem to be requiring it more and more lately. > > > [hopefully] never come to the level of abuse against us that Ghandi > > and other active peaceful resistors were subjected to in order to > > achieve their ends, so it is unlikely that standing on the sidelines > > and shouting that more people need to join Tor will accomplish much. > > As your attorney, I advise you to to rent a very fast car with no top, and to > not discuss such issues with anybody else you don't trust absolutely. Thank you. Or I should start using Tor... let's see... I need a good name :) > > > -- > Eugen* Leitl http://leitl.org";>leitl http://leitl.org > ______ > ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org > 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE > -- Kasimir Gabert
Re: 20090101 (log data)
On Nov 12, 2007 12:13 PM, linux <[EMAIL PROTECTED]> wrote: > Timing attacs can be done only with accurate data. > What if my server has a wrong time or its clock is changing speed randomly > or ... > > > I think some more clever people then me will come up with an idea soon. > I am sure tor developers will soon improve tor. We should of course do a lot > in fighting this law but we should do more in improving tor. > > Promote tor or the idea of anonymous web access in universities. Why should it > not be "cool" to make a masters degree in improving anonymity? > > Why not create a "overnet" where your IP address is only seen when you log in > to the "overnet" but what you do inside is hidden. > > > I have big hope in the smart guys and girls around us :) (I do not talk about > the a***oles in the government) > > > Gruesse > The Overnet idea seems a tad silly. If connections in between servers need to be logged, I do not think the requirement of logging would change were the connections to be for the Overnet or for the Internet. And I honestly do not see a problem with engaging in illegal activities to ensure the anonymity of Tor users. What the government is doing is illegal by any decent rational standards, and it will [hopefully] never come to the level of abuse against us that Ghandi and other active peaceful resistors were subjected to in order to achieve their ends, so it is unlikely that standing on the sidelines and shouting that more people need to join Tor will accomplish much. Kasimir -- Kasimir Gabert
Re: 20090101 (log data)
On Nov 12, 2007 3:15 AM, algenon flower <[EMAIL PROTECTED]> wrote: > Hello > I just hardly can't believe it what I am hearing about this. From what I > get, it sounds like a full on assault on privacy and free speech, the things > that make the internet good, has begun. > I am very sorry to hear the news and am very upset for everybody, > especially those in Europe where this seems to be starting. > Am I to believe from the foregoing that potentially having to surrender a > Tor servers logs (that do not compromise much) will actually make Tor server > operators criminals because they don't "reveal" enough? > > Algenon > Another issue here is that surrendering the logs will actually have the potential to compromise much. It was allow timing attacks to become very trivial for the government to carry out. And the Tor operators will only be criminals if they do not have the data to surrender to the government when it is requested. Kasimir -- Kasimir Gabert
Re: GETINFO desc/all-recent output from 0.2.0.9 differ from 0.2.0.7
On Nov 3, 2007 2:48 PM, Kasimir Gabert <[EMAIL PROTECTED]> wrote: > > On 11/1/07, Olaf Selke <[EMAIL PROTECTED]> wrote: > > hi folks, > > > > the control port command "GETINFO desc/all-recent" provides only 355 > > routers on v0.2.0.9-alpha. 2199 items are returned as expected after > > downgrading to v0.2.0.7-alpha. Since my 0.2.0.9 bandwidth graph looked > > sane, I don't suppose a general problem with v0.2.0.9. > > > > Output of both versions can be found here: > > http://torstatus.blutmagie.de/GETINFO-desc-all-recent-ouput-0.2.0.7.txt > > http://torstatus.blutmagie.de/GETINFO-desc-all-recent-ouput-0.2.0.9.txt > > > > I didn't check v0.2.0.8-alpha. Is there a known bug regarding this > > issue? A couple of tor network status sites rely on "GETINFO > > desc/all-recent" control port output. > > > > regards, Olaf > > > > Hello, > > This has occurred with my installation of Tor as well > (v0.2.0.9-alpha), however for the network status as opposed to the > descriptors. I restarted Tor (stopping and starting, not a HUP), and > it seemed to correct the problems. > > Kasimir > > -- > Kasimir Gabert > This problem has continued to occur, and looking through the logs it seems to be directly connected with the error in 0.2.0.9 which writes to the log file: Nov 08 05:58:16.430 [notice] I learned some more directory information, but not enough to build a circuit. Nov 08 06:04:37.384 [notice] I learned some more directory information, but not enough to build a circuit. Nov 08 06:04:37.649 [notice] I learned some more directory information, but not enough to build a circuit. Nov 08 06:13:10.643 [notice] I learned some more directory information, but not enough to build a circuit. Nov 08 06:13:14.761 [notice] I learned some more directory information, but not enough to build a circuit. Nov 08 06:13:14.819 [notice] I learned some more directory information, but not enough to build a circuit. Nov 08 06:13:16.770 [notice] I learned some more directory information, but not enough to build a circuit. Nov 08 06:13:21.855 [notice] I learned some more directory information, but not enough to build a circuit. -- Kasimir Gabert
Re: GETINFO desc/all-recent output from 0.2.0.9 differ from 0.2.0.7
On 11/1/07, Olaf Selke <[EMAIL PROTECTED]> wrote: > hi folks, > > the control port command "GETINFO desc/all-recent" provides only 355 > routers on v0.2.0.9-alpha. 2199 items are returned as expected after > downgrading to v0.2.0.7-alpha. Since my 0.2.0.9 bandwidth graph looked > sane, I don't suppose a general problem with v0.2.0.9. > > Output of both versions can be found here: > http://torstatus.blutmagie.de/GETINFO-desc-all-recent-ouput-0.2.0.7.txt > http://torstatus.blutmagie.de/GETINFO-desc-all-recent-ouput-0.2.0.9.txt > > I didn't check v0.2.0.8-alpha. Is there a known bug regarding this > issue? A couple of tor network status sites rely on "GETINFO > desc/all-recent" control port output. > > regards, Olaf > Hello, This has occurred with my installation of Tor as well (v0.2.0.9-alpha), however for the network status as opposed to the descriptors. I restarted Tor (stopping and starting, not a HUP), and it seemed to correct the problems. Kasimir -- Kasimir Gabert
Re: Attn TorStatus folks! We are about to break your bandwidth measures!
Hello Roger, Thanks for letting me know about this problem. I had "fixed" TorStatus by just changing the method for retrieving the description to 'GETINFO desc/all-recent-extrainfo-hack'. This does not appear to be working anymore! Should I modify TorStatus so it first finds the fingerprint of the router, and the retrieves the extra information based on that fingerprint? I will try to get this fixed as soon as possible, and thanks again, Kasimir On 10/15/07, Roger Dingledine <[EMAIL PROTECTED]> wrote: > On Mon, Aug 27, 2007 at 05:11:53PM -0600, Kasimir Gabert wrote: > > On 8/27/07, Nick Mathewson <[EMAIL PROTECTED]> wrote: > > > Tor 0.2.0.x has a feature called "extra-info" documents. This is an > > > adjunct descriptor that gets published along side the main server > > > descriptor. Clients don't download it by default. We now put > > > bandwidth history information there. Soon, extra-info documents will > > > be the _only_ place to find bandwidth history information, once > > > routers start omitting it from their regular descriptors.] > > > > I will get TorStatus to work with this new version, and release an > > update, within the next few days. > > > > 2-4 weeks should be enough time to get most of the servers running the > > new version of Tor and TorStatus. > > Hi Kasimir, > > It looks like something still isn't right, at least with > http://torstatus.kgprog.com/ > > The 0.1.2.x Tor servers have fine bandwidth graphs, e.g. > http://torstatus.kgprog.com/router_detail.php?FP=bbb19e844a7b726bddac19ba706ca21397a2046a > > But the 0.2.0.x Tor servers have flatlined graphs, e.g. > http://torstatus.kgprog.com/router_detail.php?FP=ffcb46db1339da84674c70d7cb586434c4370441 > > Is torstatus.kgprog.com still running an old version, or is it > not asking for extra-info docs correctly, or are the authorities > not serving them correctly, or what? :) > > Thanks, > --Roger > > -- Kasimir Gabert
Re: Browser dos/don'ts ( was Re: Incognito Live CD using Polipo)
> On 10/15/07, Robert Hogan <[EMAIL PROTECTED]> wrote: > > On Sunday 14 October 2007 19:50:38 [EMAIL PROTECTED] wrote: > > > On Sat, Oct 13, 2007 at 09:21:40AM +0100, [EMAIL PROTECTED] wrote 0.9K > > bytes in 30 lines about: > > > : Do: > > > : Spoof user-agent (is this necessary even with javascript disabled?) > > > : (browser) > > > > > > Arguably, unless you're using BobnJoe's browser, any of the popular ones > > > should provide sufficient numbers (firefox, safari, opera, ie). > > > > > konqueror, a bobnjoe browser if ever there was one, can only turn off > > sending > > the user-agent and spoof it for selected websites. it doesn't even support > > regexes. > > > > > : Spoof http-headers as though a US english browser (browser/privacy > > > : proxy?) > > > > > > Only if you want to appear as coming from the US, and if you read > > > English. If you're in UAE and spoofing US English, then you may stand > > > out for being different. > > > > > > > But no-one should know you're in the UAE because you're using tor. Or have I > > missed your point? > > > > > : Do not: > > > : Use tabs (enforced/recommended by controller?) > > > > > > Why? > > > > > > : Keep the browser open when finished 'using tor' (enforced/recommended by > > > : controller?) > > > > > > If your browser properly cleans up and you've disabled everything, > > > chances are this isn't that big of a deal. > > > > for both, javascript timers apparently. a separate browser or open-and-close > > browser session seems to be the thing. > > > > > On 10/15/07, Kasimir Gabert <[EMAIL PROTECTED]> wrote: > People will know that you are in the UAE if you are browsing websites > that are only for people and used by people in the UAE. > > Kasimir Gabert > Unfortunately, I top posted! I am sorry, this is where my message should end up. Reason: Too hasty typing with GMail at a library. My most ernest apologies. -- Kasimir Gabert
Re: Browser dos/don'ts ( was Re: Incognito Live CD using Polipo)
People will know that you are in the UAE if you are browsing websites that are only for people and used by people in the UAE. Kasimir Gabert On 10/15/07, Robert Hogan <[EMAIL PROTECTED]> wrote: > On Sunday 14 October 2007 19:50:38 [EMAIL PROTECTED] wrote: > > On Sat, Oct 13, 2007 at 09:21:40AM +0100, [EMAIL PROTECTED] wrote 0.9K > bytes in 30 lines about: > > : Do: > > : Spoof user-agent (is this necessary even with javascript disabled?) > > : (browser) > > > > Arguably, unless you're using BobnJoe's browser, any of the popular ones > > should provide sufficient numbers (firefox, safari, opera, ie). > > > konqueror, a bobnjoe browser if ever there was one, can only turn off sending > the user-agent and spoof it for selected websites. it doesn't even support > regexes. > > > : Spoof http-headers as though a US english browser (browser/privacy > > : proxy?) > > > > Only if you want to appear as coming from the US, and if you read > > English. If you're in UAE and spoofing US English, then you may stand > > out for being different. > > > > But no-one should know you're in the UAE because you're using tor. Or have I > missed your point? > > > : Do not: > > : Use tabs (enforced/recommended by controller?) > > > > Why? > > > > : Keep the browser open when finished 'using tor' (enforced/recommended by > > : controller?) > > > > If your browser properly cleans up and you've disabled everything, > > chances are this isn't that big of a deal. > > for both, javascript timers apparently. a separate browser or open-and-close > browser session seems to be the thing. > > -- Kasimir Gabert
Re: Unsubscribe
subscribe wait On 10/1/07, j xd <[EMAIL PROTECTED]> wrote: > Unsubscribe > > -- Kasimir Gabert
Re: time needed to register a serve
Hello, I must add that I have also tried to register kgabertgoldmine2 *twice* since around the end of June, 2007, and seeing that it has not happened I assumed that servers which are trying to be named are not even being looked at. When I registered kgabertgoldmine (which is now offline, and I registered it quite awhile back), I received a response within two days. Kasimir Gabert On 9/23/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > On Tue, Sep 18, 2007 at 10:38:14PM -0700, [EMAIL PROTECTED] wrote 1.8K bytes > in 53 lines about: > > I'm trying to find the details, but essentially the "named" flag isn't > as valuable as it was in the past. Perhaps Roger or Nick can weigh in > with more info. > > We do receive all of the emails to tor-ops with your server info sent in > via https://tor.eff.org/docs/tor-doc-server.html.en#email. > > -- > Andrew > -- Kasimir Gabert
Re: I break the silence: My arrest
On 9/16/07, Scott Bennett <[EMAIL PROTECTED]> wrote: > On Sun, 16 Sep 2007 09:44:21 -0400 "Ringo Kamens" <[EMAIL PROTECTED]> > claimed: > > >I'm using gmail which doesn't give me an option unless I'm using a pop3 > >client. > >Comrade Ringo Kamens > > See evidence that others manage somehow below. And couldn't you use a > pop3s client instead? Encrypted links are the way, you know. > > > >On 9/16/07, Scott Bennett <[EMAIL PROTECTED]> wrote: > >> On Sun, 16 Sep 2007 09:06:25 -0400 "Ringo Kamens" <[EMAIL PROTECTED]> > >> still didn't get it: > >> > >> >I know they aren't directly related, but it could also help to involve > >> >*the unions* because they have a lot of power. At least in the US. > >> >Unfortunately I just started school and I have very little time on my > >> >hands so I can't directly help with this project much, even though I > >> >was working 10 hours a day with them before, but you should make a > >> >post to Binary Freedom (the discussion list). People there will > >> >certainly help you. They are an advocacy group for binary freedoms > >> >that participate in a lot of direct action and they can certainly help > >> >your cause. We have troops on the ground in the UK, but not sure about > >> >Germany. > >> >Comrade Ringo Kamens > >> > [snipped] > ] > [EMAIL PROTECTED] /etc]$ /usr/local/diablo-jdk1.5.0/jre/bin/java -version > ]/libexec/ld-elf.so.1: /usr/lib/libthr.so: version LIBTHREAD_1_0 > ]required by /usr/local/diablo-jdk1.5.0/jre/bin/java not found > ] > ]I am not sure what is the correct way to fix this. > ] > ]Jiawei > ] > ]-- > ]"If it looks like a duck, walks like a duck, and quacks like a duck, > ]then to the end user it's a duck, and end users have made it pretty > ]clear they want a duck; whether the duck drinks hot chocolate or > ]coffee is irrelevant." > ] > ] > ]-- > > So apparently others with gmail.com accounts manage to post correctly. > Unless there is something unusual about your individual account, please > learn to use your email interface and editor(s). Up until now, it has > been a pain to follow any thread to which you have posted a followup. > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ** > Hello Scott Bennett, I feel that any public ridiculing should be taken off this list. There are far more important things to talk about here, such as the safety of all of the German Tor exit node operators. Kasimir Gabert -- Kasimir Gabert
Re: Attn TorStatus folks! We are about to break your bandwidth measures!
Hello Nick Mathewson, Thank you very much for letting me know about this upcoming change. I will get TorStatus to work with this new version, and release an update, within the next few days. 2-4 weeks should be enough time to get most of the servers running the new version of Tor and TorStatus. Thanks again, Kasimir Gabert On 8/27/07, Nick Mathewson <[EMAIL PROTECTED]> wrote: > Hi! > > So, for a long time, Tor servers put information in server descriptors > that Tor clients didn't actually use. The biggest offenders were the > read-history and write-history lines: they account for around 60% of > the size of a big set of compressed servers. By removing these lines, > we can save an enormous proportion of directory bandwidth, and (I > hope) support more clients at a time. > > But what about the tools that use this information? > > Tor 0.2.0.x has a feature called "extra-info" documents. This is an > adjunct descriptor that gets published along side the main server > descriptor. Clients don't download it by default. We now put > bandwidth history information there. Soon, extra-info documents will > be the _only_ place to find bandwidth history information, once > routers start omitting it from their regular descriptors.] > > [For the full details of the decisions involved above, see proposal > 104 at > http://tor.eff.org/svn/trunk/doc/spec/proposals/104-short-descriptors.txt > ] > > I'd like to get torstatus updated to handle extra-info before it starts > getting bandwidth history. To make this easier, I've added a GETINFO > item: > GETINFO desc/all-recent-extrainfo-hack > > It gives the same result as desc/all-recent, except that it looks into > any appropriate locally available extrainfo documents and adds > bandwidth history lines that it found there. (The signature is no > longer valid, of course, but parsing should still work.) > > So, to keep torstatus's bandwidth history info from breaking, here's > the procedure to follow: > > 1) Use Tor 0.2.0.6-alpha or later. > > 2) Switch GETINFO desc/all-recent to >GETINFO desc/all-recent-extrainfo-hack > > 3) Set "DownloadExtraInfo 1" in the tor process's configuration. > > (Later, it would be better to go back to GETINFO desc/all-recent, look > at the extra-info-digest line in the original descriptor, and then > GETINFO extra-info/ to get the bandwidth information. But I > wanted to provide something fast so that updating the code would be > easy.) > > In all likelihood, servers will start dropping bandwidth history > information from their descriptors in about 2-4 weeks from now. Is > that enough time? We'd really like to get the directory bandwidth > savings on the 0.2.0.x timeframe, but we don't want to break existing > code in doing so if we can possibly help it. > > yrs, > -- > Nick Mathewson > > -- Kasimir Gabert
Re: nighteffect.us gone
Hello Roger, I am going to maintain it after roughly two months of being away, but during that time there are only a few users who have asked for SVN commit permissions. If you want them, I would be more than happy to give them to you, but developement is/will be happening after that time. On 6/17/07, Olaf Selke <[EMAIL PROTECTED]> wrote: Roger Dingledine wrote: > > Great. I have just changed https://tor.eff.org/documentation#NeatLinks > to point to both of these. hi, one can use http://torstatus.blutmagie.de/ instead of http://anonymizer.blutmagie.de:2505/. It's the same content and might be more easy to remember. anonymizer:~# cat /etc/apache2/ports.conf Listen 195.71.90.10:2505 Listen 195.71.90.20:80 regards, Olaf -- Kasimir Gabert
Re: nighteffect.us gone
As of now there are two primary mirrors (kgprog and blutmagie, which are both stable and being updated), and two secondary mirrors (day of defeat, which is currently not being updated, and grepular, which is outdated). Production on the TorStatus software is currently taking place at project.torstatus.kgprog.com, but I will be unable to contribute for two months because I am about to "migrate" to an area with poor Internet access. This also means that if kgprog goes down for some reason, there will be a delay in bringing it back up. On 6/16/07, Roger Dingledine <[EMAIL PROTECTED]> wrote: On Sat, May 19, 2007 at 02:44:08PM +0200, Olaf Selke wrote: > Since port 80/tcp > is already used by the tor application's DirPort, I'll need second ip > address for this machine in order to have the Apache process listen at > port 80. Maybe next week... Actually, you can have Apache listen for Tor requests on port 80 and pass them to the actual DirPort. See the middle of http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ServerForFirewalledClients for how to configure ProxyPass for your Apache. --Roger -- Kasimir Gabert
Re: Cisco firewall filtering Tor?
Hello Jay, I am not sure what the problem is, but I operate kgabertgoldmine2 and recently saw in my logs (only a few of these, but more than one, and only from a few days ago, nothing in the last three days): [notice] We stalled too much while trying to write 2775410 bytes to addr [scrubbed]. If this happens a lot, either something is wrong with your network connection, or something is wrong with theirs. (fd 394, type Control, state 2, marked at control.c:2733). I'm not sure if it is related, but I have not seen those before. If this means that something is set up wrong on my side, then I will be happy to fix it, but because you need 3 unique entry points I don't think this [potential] issue would be causing these problems for you. I hope that you can figure this out soon! Kasimir On 6/15/07, Roger Dingledine <[EMAIL PROTECTED]> wrote: On Fri, Jun 15, 2007 at 06:11:39PM -0400, Jay Goodman Tamboli wrote: > >Try sending "GET /tor/status/all". (Some filters look for the "/tor/" > >string.) > > That also seems to work. > > >And if that works, try sending the same thing to 128.31.0.34 port 9031. > > Connection refused. I don't think that 9031 is allowed for outgoing > connections. Ok. Go look at add_default_trusted_dirservers() in src/or/config.c and try each of those, then. :) (I think dizum is down right now, but the rest should work.) --Roger -- Kasimir Gabert
Re: [ANNOUNCE] Incognito CD r142 released
Same here, but with upload at roughly 2MB/sec... I think I gave it back to you Pat :) HTTP might be a better option because the demand seems rather small, and I don't think that people want to seed constantly. Pat, is your server configured to seed, or are you doing it manually? Kasimir On 6/15/07, Ringo Kamens <[EMAIL PROTECTED]> wrote: I'll be seeding all day if people want the file. I can upload at like 500kbps Comrade Ringo Kamens On 6/15/07, Pat Double <[EMAIL PROTECTED]> wrote: > On Friday 15 June 2007, Pat Double wrote: > > On Friday 15 June 2007, [EMAIL PROTECTED] wrote: > > > No problem. Is there anything we can to help? > > > > Yes, help seed the torrents :) > > Blah, I switched from bittorrent-curses to rtorrent and got an option wrong, > so I wasn't seeding anything. I see someone else started seeding, and so my > rtorrent downloaded it. > > Sorry all, but I'm sure the seeding is working now as I tried downloading both > the files. :p > > -- > Pat Double, [EMAIL PROTECTED] > "Ye must be born again." - John 3:7 > > -- Kasimir Gabert
Re: nighteffect.us gone
Thanks Joe! I have set up a subversion project at: http://project.torstatus.kgprog.com/ Feel free to contribute! Write acces has been given to anonymous users in SVN. This will probably begin to change when people begin to contribute, but I just wanted to get something up right now. Hopefully this will allow for the best of all network status programs to be merged together. Regards, Kasimir On 5/19/07, Some Guy <[EMAIL PROTECTED]> wrote: Olaf Selke <[EMAIL PROTECTED]> wrote: Kasimir Gabert wrote: > For redundancy I have set up another script at > http://torstatus.kgprog.com/ hi Kasimir, do you know what's the difference between your v3.4.1 and my v3.2? > And Olaf, I believe that we should set up an opensource project for > this so that changes will not be made downstream. Let me know what > you think. basically this is a good idea. I know how to install Joe's code together with LAMP. But so far I didn't try to understand how Joe's scripts work in detail. I would like to hear Joe's opinion about the idea of an opensource project since it's his work we are talking about. regards, Olaf Hi guys, You are free to do as you wish with the code, whether using it as is, using parts of it, modifying it, or organizing an opensource project around it to maintain. Best regards, Joe Kowalski Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. -- Kasimir Gabert
Re: nighteffect.us gone
For redundancy I have set up another script at http://torstatus.kgprog.com/ It is load balanced with Squid, so if there are problems with any of IPs of the clients it could be that I configured it incorrectly, but it seemed to work with my limited tests. I think that a central repository should be built (is there one already at the wiki?) which lists the different status servers so that we do not run into a problem where one disappears and there is no clear way to determine if any others exist. I also modified the footer to remove the NightEffect.us, but I am keeping the (c) statement with Joe's consent. Let me know if there are any other problems. And Olaf, I believe that we should set up an opensource project for this so that changes will not be made downstream. Let me know what you think. Kasimir On 5/19/07, Olaf Selke <[EMAIL PROTECTED]> wrote: Some Guy wrote: > > It's Joe Kowalski. I saw this thread and saw that there was some concern > about me, and I just wanted to let everyone know that I am fine. Nothing > 'bad' happened to me. Taking down the site was intentional, and my > reasons are varied and personal. last night I did the trick http://anonymizer.blutmagie.de:2505/ Besides the broken links to nighteffect.us on the bottom of the page it looks like it's working fine. Pls drop me a note there's still something wrong with this implementation of Joe's php scripts. Since port 80/tcp is already used by the tor application's DirPort, I'll need second ip address for this machine in order to have the Apache process listen at port 80. Maybe next week... regards, Olaf -- Kasimir Gabert
Re: Re[4]: Ultimate solution
Hello Arrakis, I believe that JT was saying that there are binary options regarding whether you are properly using TOR, or not properly using TOR. You are arguing that TOR itself is not considered "Security". He is saying that people who have deemed TOR to be secure and anonymous can either be using TOR properly or could have scripting, or other similar things enabled, and thus compromising what they have deemed as secure. And there is a *huge* difference between disabling all scripting and using Lynx. Lynx has no scripts, but also no images, not frames, no color choices, and a very small screen size. You can browse just as "securely" with a properly configured Mozilla client as you can with Lynx. The security does not come from not downloading pictures, which is the main distinguishing factor when compared with Lynx, it comes from disabling scripting. Just my two cents, Kasimir On 3/29/07, Arrakis <[EMAIL PROTECTED]> wrote: JT, Security is NOT binary, it is a process, and it is a gradient. We only desire the illusion of it being binary. There is compromise in every design, take tor for example using 128bit crypto because it is pretty secure and fast enough to encrypt on the fly. I'm sure there are people that wish it was doing 512bit elliptic curve or some other thing out there. However, it is possible we could come up with some secure-only mode which locks out most features, virtually all the plugins and functionality, and puts the user in a rigid framework in order to give a little more security and a stronger impression of anonymity. Of course, this makes it a significantly unpleasant experience and one might as well use lynx at that point. Regards, Arrakis >> As I said it is possible, but when you treat the user like a child it >> is going to be an issue to get them to keep using it. > Why? Surfing anonymously is a binary. Either 1) everything is set > perfectly to be secure and anonymous or 2) it is not. > There are two types of Tor users. Tor literate and Tor illiterate users. > The thing that both have in common is that they could accidentally > enable scripting or forget to turn in off. Both types would be greatful > for a mechanism that would force them to turn things off and not allow > them to use Tor otherwise. > After all they can choose to use Tor or not. Be anonymous or not be > anonymous. There is nothing third "state". Nobody would feel "being > treated as a child". > -- > JT > [EMAIL PROTECTED] -- Kasimir Gabert
Re: Re[2]: Free Software and Torpark (was: Ultimate solution)
It would be good if I could read, I am sorry for posting that I saw the license as free. Reading through it fully, it definitely is not. The terms of the license are way too broad. Trying to exclude malware and spyware by licensing the program under a license which states that it cannot be used to anything that restricts the rights of the user will not work. First of all, malware does not restrict the rights of the user. Second of all, malware doesn't care about licenses, and the creators of much of the spyware and malware are not known to the world, so even if they break this license nothing will happen to them. Another thing that doesn't really make sense to me about the license is that it restricts the right to modify the program if it uses a commercial "connectivity service". I am not a lawyer, but isn't my ISP a commercial "connectivity service"? It seems to me that this program cannot be redistributed at all, because it can only be used with a commercial "connectivity service", and therefore any modification will break the license. I take back what I said earlier, and I am sorry for causing so many people to stare at their monitor in disbelief from what they just read. My most humble apologies, Kasimir On 3/25/07, Arrakis <[EMAIL PROTECTED]> wrote: Fabian et al, > The terms "free software" and "open source software" have been > around for a while and so has there meaning. No one said Torpark > wasn't delivered free of charge or that its source wasn't open for > review. > Torpark's license just doesn't give the user enough rights to > call Torpark either free software or open source software > without causing confusion, raised eyebrows or being laughed at. Let us not be ambigious about the "users" you are talking about. The specific "users" you are talking about are limited by definition to only be the ones wanting to modify it to include malware/trojans, or someone trying to turn it into a commercial application, or an evil government that does not abide by the universal declaration of human rights. Anyone who falls under one of those three definitions who can't consider it free, I'm not concerned about. To _all_ other users, it is free and open source, and they can do what they want with it, and modify and distribute it how they please. The distinction you are attempting to make anti-thetical to security. Somehow I just can't see my way clear to advocating modification of my software for the use of spyware and commercial competitors. I fail to see what legitimate interest you or anyone else have in keeping software from being legally protected against having trojans and malware inject into them, and still considering it free. Instead of attacking my usage of free because it causes some cognitive dissonance, you may consider asking why other licenses haven't restricted use of their terms from having malware injected into it. Especially a project like Tor. Personally, I don't mind if a license causes a little more confusion to big brother, xyz proxy corp, or spyware inc, or anyone, if I and my users get more protection. I would certainly like to see that in the Tor license. > So it's totally free, except that it isn't. You're also not giving > it away to the public, you're only giving it to those parts of the > public you don't discriminate against. No, it is free to the public, we aren't discriminating against who can use it. We ARE restricting how it can be MODIFIED. > ... and the people who currently don't use Torpark because it isn't > free software and the people who don't care about Torpark itself but > would appreciate it if the term "free software" wouldn't be watered > down. Fabian, if there really are legitimate potential users out there in the cosmos, waiting for me to open it up to malware and trojans so they can feel the universal definition of "Free" is consistent to whatever culture they happen to be from, they can keep holding their breath. And to the others who don't care enough except to make a pedantic distinction, I'll be expecting a letter from the FSF regarding how they own the trademark "Free". Once again, would anyone else like to see Tor's license add that it can't be modified to have malware, trojans, spyware, etc. injected into it? Regards, Steve -- Kasimir Gabert
Re: Re[2]: Ultimate solution
http://update.torrify.com/distro/torpark/Torpark_latest.zip http://www.torrify.com/tesla.html === · You have the freedom to distribute unmodified copies of the software (and charge for this service if You wish); · You have the freedom of access to the source code, to inspect and verify (and even to improve, if You can) the integrity and functionality of the software; · So long as You do not subvert or infringe the freedoms of end-users by doing so, You have the freedom to change the software or to use parts of it in new Programs; However, these softwares are not allowed to be modified to use any commercial proxy or connectivity service or product other than those offered by Torrify LLC or the Tor Project, without written permission of Torrify LLC. · You have the freedom to know You can do these things. === Sounds rather free to me... Kasimir On 3/25/07, Koh Choon Lin <[EMAIL PROTECTED]> wrote: > 2) Torpark is not commercial, it is totally free and open source. > And lastly, TORPARK IS FREE. It just isn't released under the GPL, it > is released under the TESLA license, which is similar to the HESSLA > license. Because the way it is written GPL can have malware inserted, > the TESLA makes a legally actionable violation if malware is inserted. Torpark is not free software. -- Kasimir Gabert
Re: Talks of hidden services and DNS
Hello HD, I think that the only way it would work would be a first come, first serve basis. I do not think that authentication would be required, although we could limit the amount of domains per onion address so that we do not have one user taking up 500,000 domains or something. The registrar could also run a program to make sure that there actually is a website (or server) running at the hidden onion address. I think this way it would be too much hassle without any gain for someone to destroy the DNS network. The way that I see it would be all of the current hidden servers would quickly get a name that they choose, and then as new servers come on names should be readily available. This all depends on how .onion addresses are assigned. For example, could one server have more than one .onion address? Could it have 500? And also, should the registrar servers drop .hidden.int. or .hidden. domains after a week or so of not being able to contact the .onion.? On 3/11/07, H D Moore <[EMAIL PROTECTED]> wrote: The tricky part will be deciding who is authoritative for the DNS records. If any user can submit a name, what if its already taken? Does it overwrite, or is it first-come, first-serve? If its distributed, then a rogue operator could serve false responses for a target name. If this is something that the tor "core" would operate, it still needs some form of authentication to manage/update/remove/etc and authentication seems to be the exact opposite of what tor is supposed to provide. -HD On Sunday 11 March 2007 21:10, Kasimir Gabert wrote: > I do not see any major security holes that this would bring up. It > seems to me like it would be the same as accessing google.com through > Tor -- the DNS is looked up through Tor and so it would not be > overridden by a malicious ISP or country. -- Kasimir Gabert
Re: Talks of hidden services and DNS
Hello, This definitely sounds like it will work, and I cannot see it really taking any extra or special coding. I think it would work "out of the box". The DNS would work both in and out of Tor. It would be running outside of Tor, so users not using Tor would get back the CNAME pointing to 1234abcd.onion and realize that they need Tor to use .hidden. domains (or .hidden.int.). It really seems to me like it should all work well and integrate smoothly into the current system. Then again, I am very new to Tor, so I could be overseeing something. I do not see any major security holes that this would bring up. It seems to me like it would be the same as accessing google.com through Tor -- the DNS is looked up through Tor and so it would not be overridden by a malicious ISP or country. Kasimir On 3/11/07, Michael_google gmail_Gersten <[EMAIL PROTECTED]> wrote: Cnames to convert something like .hidden to .onion is a decent idea. If nothing else, when people start clicking on links, and getting "unresolvable"/"No such host", that might give more exposure to tor to other people. We could set up a DNS system entirely within Tor. Just have cnames from host.hidden.onion to somelongkey.onion, and it is never seen by the rest of the DNS world. The mappings would be registered with the directory servers, who would track known, registered mappings from host.hidden.onion to key.onion, and key.onion's would be registered as they currently are. We could even do a combo. Get a special TLD now, or add to an existing special, like .int. (approval time? About a week). Start putting in names, registrar being the Tor central directory servers. In about 3 months time, when the code is written and tested, move to Tor served names. -- Kasimir Gabert
Talks of hidden services and DNS
Hello everybody, I am new to this list (and Tor in general), but I have been wanting to contribute for awhile. As I understand it (correct me if I am wrong -- I am very new), the .onion TLDs are built up from two hexadecimal parts, so they are cannot be something that is easy to remember (such as hiddenwiki.onion). I am wondering whether there have been any talks of running a DNS system (outside of Tor) that would convert something like .hidden TLDs into .onion. This would allow server administrators to pick domains that make sense, and would allow publishing things as hidden services to become more broadly used. It would not have to run inside of Tor, but would have to be accessible to Tor. I think most of the current tools for DNS (BIND and such) would work relatively well, and might require only a few hacks (we could even have everything just be CNAMEs instead of A records). Am I missing something big? I think this would make running hidden services much easier if Tor gets larger -- and they will be much more enticing to use for the Tor users. -- Kasimir Gabert
