Re: Prebuilding circuits?
F. Fox wrote: Kees Vonk wrote: F. Fox wrote: I'm assuming that the site you mention is a normal, unencrypted Web site - i.e., port 80; let's call that site, Site X. It is an encrypted site on a none standard port, would that make a difference? The non-standard port does, since it may not be part of the default exit policy. That would greatly reduce the number of potential exits - and your Tor client would likely have to start a circuit just for that site. So if I understand this correctly you could say that Tor builds circuits for ports, not for sites? If that is correct, can I tell Tor to prebuild a circuit for a certain port?
Prebuilding circuits?
I have found that while using Tor the first connection to a site always times out. As I understand it, this is because Tor is still building a circuit to the site in question. Now there are certain sites I access a lot, and it would be good if I could tell Tor to build a circuit to the site at start up time, that way I would always have an available circuit. Can someone please tell me if and how this is possible. If I have totally misunderstood what is going on, please let me know as well. Thanks
Re: Prebuilding circuits?
F. Fox wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kees Vonk wrote: I have found that while using Tor the first connection to a site always times out. As I understand it, this is because Tor is still building a circuit to the site in question. (snip) First, a bit about Tor's circuitry: Tor doesn't build circuits to sites - it builds circuits from a user to an exit node. That exit node then makes normal (i.e., unencrypted) connections to sites on the user's behalf (along with many other users). (The exception to this are hidden services, which connect two circuits together at a rendezvous point.) I'm assuming that the site you mention is a normal, unencrypted Web site - i.e., port 80; let's call that site, Site X. It is an encrypted site on a none standard port, would that make a difference? For a fixed amount of time - by default, 10 minutes - Tor will re-use circuits. So, if you go to Site X, and then go to another site - let's call it Site Y - before that time is up, then Site X and Site Y will use the same circuit, come out the same exit, and have the same virtual identity (the IP you take on from the point of view of the sites). Next, a plausible explanation of what's going on: Depending on the nodes that Tor chooses to build a circuit through - usually chosen randomly - it may take a bit to build them. Overloaded or slow nodes might be part of the cause of this. If it's really a problem - or if you want to get some extra speed - you might add this to your torrc: CircuitBuildTimeout 5 That tends to favor fast nodes that aren't overloaded, at the tradeoff of some of the added anonymity that an unlimited Tor cloud would provide. That seems to improve things a little, but how bad would this trade off be (I mean what percentage of Tor servers would be ignored because of this). Thanks, Kees
Vista and Thunderbird
I had a problem with a friends new Vista machine yesterday. When trying to check email via Tor the connection failed instantly, not like the normal time out messages you get from time to time. Firefox was working fine though. The way I managed to 'fix' it, eventually, is by uninstalling Tor button and manually input the proxy setting, but instead of 'localhost' I had to use '127.0.0.1'. The only possible reason I could find for this was that in the command line 'localhost' resolves to the IPV6 address :::1 instead of the IPV4 address 127.0.0.1, I am not 100% sure if this is the problem, but if anyone could shine some light on it, please let me know.
Tor on DMZ
Just a quick question, which probably shows my ignorance. I would like to put a Tor hidden service on a VM in a IPCop DMZ, do I have to open any incoming ports on the firewall? (It is not running as a relay or exit because of the bandwidth limitations of my friend who is providing me this service.) Thanks, Kees
Re: Torbutton 1.1.6-alpha
Mike Perry wrote: Thus spake Kees Vonk ([EMAIL PROTECTED]): I just installed torbutton 1.1.6, restarted firefox (2.0.0.5 on Kubuntu). Clicked on 'Tor Disabled', which changed to 'Tor Enabled'. Then went to janusvm.peertech.org (which told me I was not using Tor), then hit the back button and got a dialogue box with said: False doc hooking. Please report bug+website! (my initial page was: file:///usr/share/ubuntu-artwork/home/index.html). After that I seem to get that error on every page, even when just switching tabs (just opened the above URL in a second tab). Just closed firefox and clicked on the above URL to restart firefox, it restarts with 'Tor Enabled', but no error. Then opened an new empty tab, and then switch back to the initial one and straight away get the error again. (Toggling Tor to disabled stops this behaviour, enabling it again starts it again.) Is this bug reproducible? Does it happen every time for this website even after successive restarts of the browser? I am having difficulties reproducing this... Happens every single time, at least with the janusvm link. Also when I look at my extensions they don't seem to be disabled. I am using the following extensions: FoxyProxy - 2.5.3 NoScript - 1.1.5 At a glance, I would suspect NoScript may be the culprit. If you disable that thing, does the issue persist? Disabling NoScript does fix the problem, however it still did not use Tor (according to janusvm.peertech.org). I had to disable FoxyProxy to get Tor to work. I normally make heavy use of those two extensions (when not using Tor), does this mean I can't have Tor button and these two installed at the same time? Kees
Re: Torbutton 1.1.6-alpha
Mike Perry wrote: http://torbutton.torproject.org/dev/ 1.1.6 30 Jul 2007 * bugfix: Fix an exception that may have messed up cookie/cache clearing if you allowed Tor to write history URLs (possibly kills bug #457) * bugfix: Use only sub-browsers for tagging. Could fix some Date hooking misses (possibly kills bug #460) * misc: Clean up annoying false positives with date hooking checks I've been running this version for a week or so now, and I have not seen any alerts about missing Javascript hooking. It is possible the bug has been fixed by those other fixes, plus I cut down on the false positives for those alerts. As always, please keep an eye on Torbutton to make sure it is actually properly blocking plugins, always properly clearing/isolating cookies+cache, disabling javascript for pages loaded in an opposite Tor state, and blocking CSS popups for the same. I just installed torbutton 1.1.6, restarted firefox (2.0.0.5 on Kubuntu). Clicked on 'Tor Disabled', which changed to 'Tor Enabled'. Then went to janusvm.peertech.org (which told me I was not using Tor), then hit the back button and got a dialogue box with said: False doc hooking. Please report bug+website! (my initial page was: file:///usr/share/ubuntu-artwork/home/index.html). After that I seem to get that error on every page, even when just switching tabs (just opened the above URL in a second tab). Just closed firefox and clicked on the above URL to restart firefox, it restarts with 'Tor Enabled', but no error. Then opened an new empty tab, and then switch back to the initial one and straight away get the error again. (Toggling Tor to disabled stops this behaviour, enabling it again starts it again.) Also when I look at my extensions they don't seem to be disabled. I am using the following extensions: Adblock Filterset.G Updater - 0.3.1.0 Adblock Plus - 0.7.5.1 CookieSafe - 2.0.6 Fasterfox - 2.0.0 Forecastfox - 0.9.5.2 FoxyProxy - 2.5.3 Konquefox - 1.3 NoScript - 1.1.5 Tab Mix Plus - 0.3.6 Torbutton - 1.1.6-alpha View Cookies CS - 1.0.7
Re: Importance of HTTP connection keep-alive
Paul Syverson wrote: On Fri, Apr 20, 2007 at 01:43:28PM -0400, Paul Syverson wrote: It's a reference to Marvin the Paranoid Android in H2GG. Err that's HG2G. Where's control-T when I need it. -Paul Shall we make that H2G2 (Hitch Hikers Guide to the Galaxy).
Re: pop3 and smtp over ssl [was: ssh]
Michael_google gmail_Gersten wrote: It is my understanding (please correct me if I'm wrong) that Tor will open a new connection as needed when you ask for an exit port that the current connections do not support. I would like to connect to a pop3 and smtp server over ssl (ports 995 and 465) via tor, but I seems that a lot of exit nodes do not allow connections to these ports (even though they are always authenticated). Is there a way of specifying that I only want exit nodes that allow these ports? Should be automatic Then why do my connections always time out? It is virtually impossible to send or receive via those two ports via Tor. I am very willing to try other things, but even with a connection time out of 10 minutes it still times out. It might eventually find one that works, but if I can test that before hand, I could limit the exit servers to once that work and that would save me lot of waiting around.
Re: pop3 and smtp over ssl [was: ssh]
Freemor wrote: If you use the port forwarding feature of ssh then you don't need to worry about the exit nodes (other then that they allow ssh). once the ports have been forwarded by ssh you'd connect to them on localhost and they would get tunnelled through the ssh connection so all the tor network would see is the ssh connection going on. hope this helps Freemor My fault it should have read ssl not ssh. I knew what I meant, just wrote it wrong, sorry. Corrected the subject line. On Mon, 2007-05-03 at 12:58 +0800, Kees Vonk wrote: I would like to connect to a pop3 and smtp server over ssh server (ports 995 and 465) via tor, but I seems that a lot of exit nodes do not allow connections to these ports (even though they are always authenticated). Is there a way of specifying that I only want exit nodes that allow these ports. If not, can I create a list of exit nodes that allow these ports and tell tor to only use the nodes on that list (or the reverse of course: a list of nodes not allowing these ports and tell tor not to use them). Kees -- Freemor [EMAIL PROTECTED] Freemor [EMAIL PROTECTED] This e-mail has been digitally signed with GnuPG
pop3 and smtp over ssl [was: ssh]
OK, same message again, this time with the correct protocol (ssl instead of ssh). I would like to connect to a pop3 and smtp server over ssl (ports 995 and 465) via tor, but I seems that a lot of exit nodes do not allow connections to these ports (even though they are always authenticated). Is there a way of specifying that I only want exit nodes that allow these ports. If not, can I create a list of exit nodes that allow these ports and tell tor to only use the nodes on that list (or the reverse of course: a list of nodes not allowing these ports and tell tor not to use them). Kees
Re: Tor crashes ZoneAlarm
Hideki Saito wrote: For those of your experiencing the problem with ZoneAlarm, you might want participate in ZoneAlarm 7 beta testing program. It seems like they would want to know about those crashes. http://download.zonelabs.com/bin/free/beta/index.html I have long since given up on ZoneAlarm, they are not interested in bug/crash reports from FreeZoneAlarm users. I am now using Comodo firewall, with was the only decent alternative I could find, and am very happy with it.
Re: Anonymous Blogging
Paul Syverson wrote: On Mon, Nov 13, 2006 at 06:55:06PM +0800, RMS wrote: I am a political blogger in a sensitive country and I would like to try out TOR to make my blogging anonymous, as recommended by Reporter Without Borders (RSF) in their handbook. I understand that with TOR, there is little chance of the government tracing my original IP address when blogging. However, I have reasons to believe that my Internet connection is under constant surveillance and since my blogging from my PC to blogger.com is sent in clear text, what would TOR help me in this case? Is RSF assuming that the government has no access to its citizen's connection? Note that your protection depends on what you mean by surveillance. I realize you may not know, but here is a quick description of the cases. [ .. snip .. ] - If an adversary monitors the traffic pattern of your traffic where you connect to the internet, and monitors the traffic pattern where you exit the Tor network, e.g., is observing the internet link of blogger.com or the internet link of the last node in your Tor connection to blogger.com, and if the adversary does simple analysis on those patterns, it is likely to confirm that this is indeed your traffic. (That is, with high probability, you are the source of that post to blogger.com. I have no idea what sort of official deniability remains. IANAL in any country.) This reminded me of question I was toying with the other day: If the exit node of a circuit was in the same country as the computer of origin, it would seemingly be relatively easy to match traffic send to the circuit entry node with the traffic emerging from the exit node (I realise that the amount of traffic would still make this very hard). Is it therefore possible to exclude exit nodes in certain countries? Kees
Re: Problem: Enigmail Thunderbird Extension Tor
Andrew Del Vecchio wrote: Dear fellow Torizens, I use the Enigmail Thunderbird extension (enigmail.mozdev.org) for my GPG encryption needs. I've followed the directions on http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#head-33bccb11670a9c8e0e4c08fa6f0b94716627bdb0, but have the following problem: I can use gpg --refresh-keys and get an update on the status of all the keys already in my official keyring, but if I try to verify some random person's (perhaps even your) key from within Thunderbird/Enigmail I get an error message saying that no key info can be retrieved from the server. Could this be a latency issue? It seems to work fine if I connect directly rather than through Tor. This is very important to my business (see signature link below if curious), so any aid would be most appreciated! Thanks, Andrew -- Frivolous lawsuits. Unlawful government seizures. It's a scary world out there! Protect your privacy, keep what you earn, and even earn more income at: http://www.mpassetprotection.com/ I often find that my first few attempts to use Tor time out. I seems that Tor needs some time to build up its initial connection, after that it works fine. Give it half a minute to a minute and try it again. Usually works for me. Kees
Re: unsubscribe
Laurel Fitzhugh wrote: When you subscribed you were told how to unsubscribe: - Welcome to the or-talk mailing list! Please save this message for future reference. Thank you. If you ever want to remove yourself from this mailing list, you can send mail to [EMAIL PROTECTED] with the following command in the body of your email message: unsubscribe or-talk
Re: Tor crashes ZoneAlarm
Arrakistor wrote: 'real firewall' as in something physical and external to your computer. Such as a router. even one of those cheap linksys wrt54g where you can load up custom firmware, and schedule QoS so all your cool traffic speeds right over your encrypted porn downloads, all the while blocking icmp and other useless traffic. wish i had QoS... I am using IPCop for that, but that does not give me the control over which programs can access the internet, so I prefer to use both. Kees Regards, Arrakistor Thursday, September 14, 2006, 12:09:58 AM, you wrote: Arrakistor wrote: Kees, I see this problem all the time. To avoid this, you must uninstall zone alarm and get a real firewall. Then contact zone alarm, tell them they make a crappy product and why. I posted my message on the zonealarm forum as well, so I hope to find out what is going on soon. http://forum.zonelabs.org/zonelabs/board/message?board.id=genmessage.id=37070 Kees PS. Can you expand on 'real firewall' please.