Re: CN's nodes lookin' uncool, do they?
Perhaps the default behavior of clicking the Vidalia Tor server button should be to make the server a middleman and not an exit node. Not only would this help reduce exit nodes in China and other countries where the site being requested might actually be blocked by the ISP, but also it would help to protect novice Tor users who want to contribute some bandwidth but who are unaware of the potential pitfalls of running an exit node.
Re: Problem downloading new Torpark
Downloading Torpark from China has redirected to Google since at least early December 2006: http://kevinsmith.wordpress.com/2006/12/08/torpark-more-gfw-tinkering/ Kevin S. On 2/5/07, Moses <[EMAIL PROTECTED]> wrote: yeah, same problem here... On 12/7/06, Total Privacy <[EMAIL PROTECTED]> wrote: > Hi, is there anyone having the same problem, or only for me? > My setup is now a Torpark with disabled images, cookies and > javascript. I somebody wanna test this, please do the same. > > To check the new Torpark (my is pretty old by now), I´m trying > download it, but faile to success. At one time I get redirect to > a chineese google page (probably because the exit node was from > china) but usually the things going as follow clicking sequence: >
Re: Block directory authorities, is it possible?
I wonder if it's just an oversight that tor.eff.org hasn't been blocked in your case? I don't think it is an oversight that tor.eff.org has not been blocked in my case. I have never heard of the Tor site being blocked anywhere in China. My friends in Beijing, Shanghai and Shandong province are able to access it and I was able to access it continuously for three years in Shandong when I lived there. How does the blocking with your ISP work? Do you get a generic reject page telling you the service is blocked? Do you get TCP resets? When a page is blocked it usually looks like it has timed out. I'm not clear as to how the blocking works. It seems that sensitive keywords in a webpage trigger the firewall to send a TCP reset to both the client and the server(1), but I do not know how specific IP addresses are blocked. I guess the routers at the great firewall just stop the client's request from reaching the server at that specific IP address and that the router at the firewall doesn't send any response back to the client so that it looks like a timeout. Someone please correct me if I'm wrong about this. (1) http://www.andrewlih.com/blog/2006/06/27/great-firewall-filtering-revealed/ Kevin S.
Re: Block directory authorities, is it possible?
I have never heard that the Tor website http://tor.eff.org/ has been blocked in China, nor any URLs under that website. It is currently not blocked by my ISP in Beijing, nor was it blocked by my ISP in Shandong province when I lived there. I was, however, referring to the Tor service itself, not the website, though I did not make that clear. The psiphon website, on the other hand, http://psiphon.civisec.org/ has been blocked, at least by my ISP in Beijing, but the psiphon service has not been and most likely could not be effectively blocked without blocking all encrypted tunnels since the IP addresses of psiphon servers do not have to be publicly known. Tor on the other hand could be blocked without blocking encrypted tunnels by simply blocking the IP addresses of Tor servers, since the IP addresses of Tor servers are and essentially must be publicly known, and furthermore this is exactly how websites are currently being blocked in China, ie., the IP address of the server they are hosted on is blocked. So from the point of view of the Chinese firewall, there really would be no difference between blocking an IP address serving up a website and blocking an IP address routing Tor requests. I think it is very interesting in and of itself that the main Tor website http://tor.eff.org/ has not been blocked. Perhaps it's the Great Firewall's way of saying, "We are knowingly allowing this backdoor." Kevin S. On 1/15/07, John Kimble <[EMAIL PROTECTED]> wrote: On 1/14/07, Kevin Smith <[EMAIL PROTECTED]> wrote: > Why hasn't Tor been blocked in China already? > It depends on what you're referring to - the Tor website, or the Tor service itself. As far as I know, URLs under http://tor.eff.org/ are blocked, just like http://psiphon.civisec.org/ and http://www.torrify.com/ . There may be inter-province or even inter-ISP differences though. If you're referring to the services themselves, neither (Tor or Psiphon) are blocked. If you can get Tor (or Torpark for that matter) to initialise in the first place, or if you already have someone on the outside offering you a Psiphon link, they will just keep running. I guess that's because China is, for now, focusing solely on blocking websites (i.e. readable material served over HTTP). They haven't started worrying about encrypted tunnels yet. - John
Re: Block directory authorities, is it possible?
> Why hasn't Tor been blocked in China already? My guesses, in order of ease-of-explanation: A) There are perhaps 3 people in China running Tor clients right now, according to my rough estimates. That's roughly zero people, in China. B) The general perception of Tor is that it's a tool for experts. So they don't think they need to block it (yet). C) We haven't publically threatened their control. By emphasizing government/military/law enforcement use, and individuals in free countries who need their civil liberties, we don't force them to take action. D) Other? > Could it be that Tor is being used to help identify suspected > dissidents? So yes, they could do what you describe, but there are many things they *could* do, and from talking to people in China, this probably isn't first in line in terms of worries. But let me know if you disagree. :) --Roger I agree with you that it is unlikely that monitoring Tor users plays much if any role in identifying dissidents in China given its relative complexity when compared to other methods, however I am still perplexed as to why Tor has not been blocked. If reasons A) and B) are true, then why does the Torpark download reroute to Google's homepage? Torpark users are a subset of Tor users, and I would imagine that Torpark users in general are more experienced computer users as well, ie., wouldn't Torpark also be perceived as a tool for experts? Furthermore, why has the psiphon homepage been blocked? Users of psiphon in China are likely far fewer than users of Tor, and because psiphon essentially requires Chinese users to have a trusted contact running a psiphon server abroad the likelihood of psiphon ever becoming as popular or as useful as Tor is in China is nil. Reason C) seems pretty reasonable, and also provides a reason as to why both Torpark and psiphon have been blocked. From the Torpark Support page: "Your donation can help bring democracy to those who have no choice, freedom of speech to those who are silenced, and break down the walls of censorship worldwide." http://torrify.com/support.php From the psiphon homepage: "psiphon is a human rights software project ... that allows citizens in uncensored countries to provide unfettered access to the Net through their home computers to friends and family members who live behind firewalls of states that censor." http://psiphon.civisec.org/ On the other hand, the Tor developers have publicly made note of the ability of Tor to circumvent the Chinese firewall, calling China "a global active adversary with a lot of manpower and money, and severe penalties to discourage people from trying." http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#China Given the fact that access to these smaller projects has been blocked, I think the "Tor is small enough to be flying below the radar" argument has some strikes against it. I think there must be some other reason(s) in addition to this one as to why Tor has not been blocked. But what is that reason? Kevin S.
Re: Block directory authorities, is it possible?
Why hasn't Tor been blocked in China already? Torpark is redirecting to the Google homepage (1). The psiphon homepage has been blocked. The Freegate homepage is blocked. Why not Tor? Could it be that Tor is being used to help identify suspected dissidents? Consider the following: I'm sitting at my home in Beijing using Tor. The Chinese internet police see my computer periodically connecting to a Tor directory server or entry node. They know I am using Tor. Ok. Here's someone using Tor. Who is he? Well, his IP address is linked to Beihang University. A quick check with the Beihang University IT department reveals that he is Kevin Smith in building AB apartment XYZ, his passport number is 123456789, he teaches English and has no record of political activity aside from voting in those despicable American national elections. Not too likely that he is a dissident. Wang Guolu is sitting at home using Tor. The Chinese internet police see his computer periodically connecting to a Tor directory server or entry node. They know he is using Tor. Ok. Here's someone using Tor. Who is he? Well, his IP address is linked to China Netcom in Dalian. A quick check with Dalian China Netcom reveals that he is Wang Guolu who lives in building CD apartment UVW on Renmin Lu. His ID number is 987654321, he has a low paying job at a local factory and is suspected of being a member of the FLG. A relatively low paid factory worker using advanced internet anonymizing software? That just screams dissident. The above situation has been suggested before on the mailing list: http://archives.seul.org/or/talk/Aug-2006/msg00089.html http://archives.seul.org/or/talk/Aug-2006/msg00091.html (1) http://archives.seul.org/or/talk/Dec-2006/msg00076.html Kevin S. On 1/13/07, Pei Hanru <[EMAIL PROTECTED]> wrote: On 2007-1-13 4:44 CST(UTC+8), Mike Perry wrote: >> I live in China and was/am having difficulties in using Tor, the problem >> is: it takes quite a long time to build a circuit for the first time I >> start Tor on my Windows machine. >> >> Am I understanding correctly? Are there any actions Tor can take? After >> all, we cannot simply assume this will not happen in the future. > > If the problem right now is just IP blocking you can try the tor > option HttpProxy which will route your dirserver traffic through an > http proxy you specify. Unfortunately, certain areas have begun > blocking by the /tor/ url postfix that dirservers use, independent of > IP. There is an option in 1.2.x/SVN to tunnel this traffic via other > tor nodes (via SSL), but I believe it is prone to exploding at this > point in time. Actually, no IP is blocked at this time, it is due to a natural disaster. :( It's interesting to evaluate whether the option you mentioned will defend the attack (that is, blocking all directory authorities), in that setting, there's no living network-status, how to find "other tor nodes"? Manually importing required files is an idea, but, it's not that elegant and finding up-to-date files is a problem. I'm curious on more details. :) Thanks, Hanru
