RE: Wanted feature / option
Spammers use other peoples hacked PCs to send messages and the 'reply to' addresses are faked. So all in all, rather pointless... Regards, Tony. From: [EMAIL PROTECTED] on behalf of Kyle Williams Sent: Wed 30/05/2007 04:54 To: or-talk@freehaven.net Subject: Re: Wanted feature / option I was testing a spam-reply script and or-talk@freehaven.net got into it somehow. My bad, sorry. On 5/29/07, Kyle Williams [EMAIL PROTECTED] wrote: FIRST AND FINAL WARNING You have 48 hours to remove me from your mailing list. If you do NOT remove me, I will DDOS (Distributed Denial of Service) your server until you are broke. Try me, I got 10 OC192's, 15 OC48's, and 8 OC12's just waiting for shit like this...and I'm getting pissed. If you are working for yourself or some spam king, either way the customer who is paying you to advertise will NOT be happy when they spent their money to be only be attacked in return. Remove me or else I remove your source of revenue. Again, FIRST AND FINAL WARNING Have a nice day and get a real fucking job. On 5/26/07, Michael_google gmail_Gersten [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I finally realized what feature I'd like to see. CircuitMinimumBandwidth. Have a config option to tell Tor how much CPU time it can expect to give to processing onions (which will tell it how many active connections it can handle) (Or tell it directly how many active ones it can handle). Tor knows the total bandwidth it has to use. There's good heuristics for telling how much bandwidth a connection will need. (Most will need a high initial push, and then occasional, intermittent spikes; if a connection needs a lot for more than N seconds, it's likely to need a lot for a while longer. Etc.) There's a way to tell when the CPU limit will prevent any more data transmission. Combined, this would allow a node to refuse non-specific node requests (normal circuits would be blocked if the tor server is busy, but a .node.exit would still be allowed). This would also eliminate any perceived slowness of tor -- no longer would I see 22 MB nodes in my path, yet dialup users could still use them. If I have a 1300 MB node in my path, I know it can handle my 150 request, and not be either so swamped that I'm only seeing 15, or so overloaded that it's past it's CPU limit. Equally, I know that I can tell tor (without having to use nice) not to steal all my CPU while I'm using my computer. Potential problems? What would we do if we could not find a viable circuit? What if every node is asked and reports Busy -- how do we tell the user that Tor is full, or should a lowspeed connection be made anyways? winmail.dat
RE: Sampled Traffic Analysis by Internet-Exchange-Level Adversaries
Windows has offered over 10 Gigabit throughput on a workstation (running Windows Server 2003) since 2005... http://www.amd.com/us-en/assets/content_type/DownloadableAssets/AMD_10_GbE_Performance_Paper_August05.pdf Regards, Tony. From: [EMAIL PROTECTED] on behalf of Eugen Leitl Sent: Mon 28/05/2007 21:22 To: or-talk@freehaven.net Subject: Re: Sampled Traffic Analysis by Internet-Exchange-Level Adversaries On Mon, May 28, 2007 at 04:23:51AM -0700, coderman wrote: ah, agreed; i was unaware of such a myth, and the thought of someone trying to inspect 10GigE with a workstation and wireshark is comical. Solaris 10 TCP/IP stack rewrite claims 10 GBit/s throughput, but I have not seen this independentaly corroborated yet. I presume capture is possible, but just how deep an analysis could you do on a current quad-core box? -- Eugen* Leitl a href=http://leitl.org http://leitl.org/ leitl/a http://leitl.org http://leitl.org/ __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://www.ativel.com/ http://postbiota.org http://postbiota.org/ 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE winmail.dat
RE: Tor nodes blocked by e-gold
No, its just SORBS, thay havnt got a clue. Avoid with long bargepole Tony. From: [EMAIL PROTECTED] on behalf of Karsten N. Sent: Fri 27/04/2007 09:03 To: or-talk@freehaven.net Subject: Re: Tor nodes blocked by e-gold Hi, I have checked a few long-runnig TOR nodes in the Sorbs SPAM blacklist: http://www.au.sorbs.net/lookup.shtml Many of this servers are blacklisted in the database of vulnerable/hacked servers: Likely Trojaned Machine, host running unknown trojan The nodes I checked are mostly well administrated and run actually software over a time of 1 year. It may be, they are listed in other SPAM blacklists too. Karsten N. [EMAIL PROTECTED] schrieb: Hi, Since 24 hours, e-gold has decided to block all TOR nodes, and not only. In fact they check 3 spam databases and if the user's IP is in one of them, e-gold just declines any operation, people cannot even login into their accounts. There are a few things here: It is the first time I see a website blocking IP that appear in SPAM databases! Spam is, as far as I know, an EMAIL problem, so why would a domain block surfing from these IP? About TOR particularly, I feel very strange that all exit nodes would be listed in spam databases, as most of them (if not all) don't accept sending mail requests. That is why I rather believe that e-gold in fact fetches the TOR exit nodes list, and directly block their IP addresses. A friend, connecting from his home in Germany without TOR, without any proxy, cannot enter his account as his IP address (a dynamic one from a dialup provider) was listed 2 months ago for spam!!! A few people are already complaining that they cannot get into their accounts, and so their money seems to be lost! E-gold was already known to block accounts without any warning and explanations, recently blocked accounts of all Iranian people and KEPT their funds, now they automatize the scam process! E-gold seems to be the next (or TODAY'S) major scam of the internet! F44 winmail.dat
RE: Tor nodes blocked by e-gold
SORBS marks TOR servers as zombie spammers I believe. Regards, Tony. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Cardwell Sent: 27 April 2007 16:23 To: or-talk@freehaven.net Subject: Re: Tor nodes blocked by e-gold Really? In which one of the following lists does Sorbs list Tor servers? And in what way does the description mislead the user as to the purpose of the listing? 1.) http.dnsbl.sorbs.net 2.) socks.dnsbl.sorbs.net 3.) misc.dnsbl.sorbs.net 4.) smtp.dnsbl.sorbs.net 5.) web.dnsbl.sorbs.net 6.) new.spam.dnsbl.sorbs.net 7.) recent.spam.dnsbl.sorbs.net 8.) old.spam.dnsbl.sorbs.net 9.) spam.dnsbl.sorbs.net 10.) escalations.dnsbl.sorbs.net 11.) block.dnsbl.sorbs.net 12.) zombie.dnsbl.sorbs.net 13.) dul.dnsbl.sorbs.net They each have very specific listing criteria, but none of them specify Tor exit node... Mike * on the Fri, Apr 27, 2007 at 03:53:31PM +0100, Tony wrote: SORBS lists TOR servers as being SPAM related. Which is rather unlikely to be the case. Regards, Tony. From: [EMAIL PROTECTED] on behalf of Mike Cardwell Sent: Fri 27/04/2007 14:42 To: or-talk@freehaven.net Subject: Re: Tor nodes blocked by e-gold Sorbs have *many* different lists. They do not just list sources of spam, and nor do they claim to. See http://www.au.sorbs.net/using.shtml If someone ignorantly decides to start blocking mail or http requests based on an IP being listed on the aggregate of all sorbs zones, ie dnsbl.sorbs.net then it is they who are at fault, not Sorbs. Sorbs does not tell you what to do with their lists. Examples: http.dnsbl.sorbs.net - List of Open HTTP Proxy Servers. socks.dnsbl.sorbs.net - List of Open SOCKS Proxy Servers. misc.dnsbl.sorbs.net - List of open Proxy Servers not listed in the SOCKS or HTTP lists. So... If you're listed in http.dnsbl.sorbs.net, sorbs are saying, Last time we checked. There's an open HTTP proxy at IP x. Do what you want with this free information. What they're *not* saying is Block IP x or you'll get hacked and spammed!!! So there are three main possibilities as far as E-Golds actions go as far as I can see. 1.) They're ignorantly blocking Tor users without realising. 2.) They're blocking them on purpose because the collatoral damage is worth it to protect their other customers. 3.) They're ignorantly blocking Tor users without realising, but if they knew about Tor they'd do it on purpose anyway to protect their service and customers. Sorbs are not doing anything evil, or scamming anyone. They are publicly expressing their opinion and observations of behaviour from IP addresses, and letting people do what they want to with that information. The only solution to this problem is to contact E-Gold and try to get them to whitelist TOR exit nodes, perhaps using ip-port.torhosts.nighteffect.us. They might say yes, they might so no, or they might ignore you. You're free to take your business elsewhere of course. Mike * on the Fri, Apr 27, 2007 at 04:17:29PM +0300, M wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yeah, SORBS suck a big time. My Tor exit-node was a couple of years ago listed in SORBS db. Once I changed Tor servers ip to another and closed ports that are commonly used to connect to irc servers I got off the list and havent gotten relisted since. What irc has to do with email / smtp? Some ISP's block all incoming mail if smtp server is listed in SORBS. I have contacted couple of finnish ISP's and they all we're very uncooperative. M No, its just SORBS, thay havnt got a clue. Avoid with long bargepole Tony. From: [EMAIL PROTECTED] on behalf of Karsten N. Sent: Fri 27/04/2007 09:03 To: or-talk@freehaven.net Subject: Re: Tor nodes blocked by e-gold Hi, I have checked a few long-runnig TOR nodes in the Sorbs SPAM blacklist: http://www.au.sorbs.net/lookup.shtml Many of this servers are blacklisted in the database of vulnerable/hacked servers: Likely Trojaned Machine, host running unknown trojan The nodes I checked are mostly well administrated and run actually software over a time of 1 year. It may be, they are listed in other SPAM blacklists too. Karsten N. [EMAIL PROTECTED] schrieb: Hi, Since 24 hours, e-gold has decided to block all TOR nodes, and not only. In fact they check 3 spam databases and if the user's IP is in one of them, e-gold just declines any operation, people cannot even login into their accounts. There are a few things here: It is the first time I see a website blocking IP that appear in SPAM databases! Spam is, as far as I know, an EMAIL problem, so why would a domain block surfing from these IP? About TOR particularly, I feel very strange
RE: Tor nodes blocked by e-gold
It has changed since SORBS blacklisted my TOR node then. It said it was
Trojan infected or a zombie host at the time. I was told that this was
triggered by just connecting to certain IRC networks.
Maybe they have finally fixed their system.
Regards,
Tony.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Michael Holstein
Sent: 27 April 2007 19:47
To: or-talk@freehaven.net
Subject: Re: Tor nodes blocked by e-gold
SORBS marks TOR servers as zombie spammers I believe.
Um, in the interest of settling this argument :
grep router cached-routers |grep -v signature |awk -F '{print host
$3.dnsbl.sorbs.net}' |sh
(most return NXDOMAIN, meaning not listed by SORBS). The ones that do,
return the database in which they're listed as the last octet.
http.dnsbl.sorbs.net127.0.0.2
socks.dnsbl.sorbs.net127.0.0.3
misc.dnsbl.sorbs.net127.0.0.4
smtp.dnsbl.sorbs.net127.0.0.5
new.spam.dnsbl.sorbs.net127.0.0.6
recent.spam.dnsbl.sorbs.net127.0.0.6
old.spam.dnsbl.sorbs.net127.0.0.6
spam.dnsbl.sorbs.net127.0.0.6
escalations.dnsbl.sorbs.net127.0.0.6
web.dnsbl.sorbs.net127.0.0.7
block.dnsbl.sorbs.net127.0.0.8
zombie.dnsbl.sorbs.net127.0.0.9
dul.dnsbl.sorbs.net127.0.0.10
badconf.rhsbl.sorbs.net127.0.0.11
nomail.rhsbl.sorbs.net127.0.0.12
Of the 887 IPs I have in my cached-routers file, 709 return NXDOMAIN.
The others :
0 http.dnsbl.sorbs.net
0 socks.dnsbl.sorbs.net
0 misc.dnsbl.sorbs.net
0 smtp.dnsbl.sorbs.net
2 *.spam.dnsbl.sorbs.net
0 web.dnsbl.sorbs.net
0 block.dnsbl.sorbs.net
0 zombie.dnsbl.sorbs.net
46 dul.dnsbl.sorbs.net
0 badconf.rhsbl.sorbs.net
0 nomail.rhsbl.sorbs.net
So, according to SORBS, they're blacklisted because they're in dynamic
IP ranges
Cheers,
Michael Holstein CISSP GCIA
Information Security Administrator
Cleveland State University
RE: Tor server web page?
Or http://83.245.15.87/ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian C Sent: 02 March 2007 16:11 To: or-talk@freehaven.net Subject: Re: Tor server web page? Another example of what you're looking for: http://74.0.33.114/ Sam Creasey wrote: I know I've seen this discussed on here, and it's pretty much just a FAQ at this point, but somehow my google skills are failing me... Does anyone have a link to some example text to reply to HTTP queries for the / page of an ip which runs *only* a tor exit server? (http://torserver/) Something along the lines of Any traffic you've seen from this IP was generated by a tor server. there is nothing to see here. Thanks. -- Sam
RE: Norwegian DNS compromized
Erm - isn't that censorship? Surely that defeats one of the main objectives of TOR. Once you add the capability to do that the Chinese will be blocking BBC.COM via TOR From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mr. Blue Sent: 27 February 2007 20:05 To: or-talk@freehaven.net Subject: Re: Norwegian DNS compromized I would just like to say that we should report that alolita.com because it is connected to bunch of PEDOPHILES!!! Is must be banned from Tor netowork and it should also be reported to authorities. Michael_google gmail_Gersten [EMAIL PROTECTED] wrote: The first test, where alolita.com resolves to different addresses, is concerning. Did the site just change addresses in the last day or so? (Those timeout values are one hour, and one-half hour.) Don't pick lemons. See all the new 2007 cars http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE0OGRsc3F2BF9TAzk3MTA3M Dc2BHNlYwNtYWlsdGFncwRzbGsDbmV3Y2Fycw-- at Yahoo! Autos. http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE0OGRsc3F2BF9TAzk3MTA3M Dc2BHNlYwNtYWlsdGFncwRzbGsDbmV3Y2Fycw--
RE: ISP controlling entry/exti (Low-Resource Routing Attacks Against Anonymous Systems)
http://www.brainfuel.tv/wp-content/uploads/2006/06/argue.jpg winmail.dat
RE: Security concerning Tor, BitTorrent and Firewall
For basic anonymity for bit torrent leeching try this https://www.relakks.com/ TOR doesn't have the bandwidth to spare. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of a a Sent: 19 February 2007 19:49 To: [EMAIL PROTECTED] Subject: Security concerning Tor, BitTorrent and Firewall USING: Tor Privoxy Vidalia bundle 0.1.1.26 Windows XP Home µTorrent 3com firewall HAPPENINGS: I am using Tor behind a 3com firewall, in connection with µTorrent. Before using Tor I -naturally, having not opened any ports on the firewall- experienced low connection (updown) rates in µTorrent. However, after installing the Tor bundle and configuring µTorrent for use with the Tor proxy server (as described at http://wiki.noreply.org/noreply/TheOnionRouter/TorifyHOWTO#head-0d047b05e9b 93c23cec9198550816a114012bde0), I suddenly experienced connection speeds which would equal those, had I used a normal port forward on my firewall. QUESTIONS: Firstly, how does this work? Secondly -on account of a port forward always being a security risk- Is this a similar security risk? And lastly, if it is indeed a security risk (no matter how small), does this apply to other programs than BitTorrent clients, using the Tor proxy server? __ I first inquired with the Privoxy about this issue (presuming that it was related to Privoxy) and I recieved the following response: --- Date: 2007-02-19 13:17 Sender: fabiankeil /users/fabiankeil/ --- Are you sure that your provider doesn't throttle BitTorrent traffic? By using Tor you prevent your ISP from knowing which services (other than Tor itself) you're using and this could explain why using Tor speeds up your BitTorrent traffic (it's no longer rate limited by your ISP). Privoxy itself is unlikely to have anything to do with it and I don't think port forwarding has anything to do with it either, but I'm not familiar with BitTorrent. The short answer to your last questions is No, but as it has nothing to do with Privoxy you should checkout the Tor documentation for details and ask again on the or-talk mailing list if you have further questions. I am fairly certain that my ISP is not the issue here, so I remain puzzled... And I've so far not found any answers in the Tor documentation. Anybody got something on this? - Arand
RE: Re: PHP coder needs Tor details
Actually Windows does exactly the same thing. e.g. the 'Network Service' and 'Local Service' accounts. See http://www.microsoft.com/technet/security/midsizebusiness/topics/networksecurity/securingaccounts.mspx People seem to forget that the original and worst worm outbreak ever - that efffectively shut down the internet for days was on UNIX... Windows might have its problems but they are not unique. From: [EMAIL PROTECTED] on behalf of Juliusz Chroboczek Sent: Tue 13/02/2007 06:53 To: or-talk@freehaven.net Subject: Re: PHP coder needs Tor details To shorten... How do I allow nobody to utilize Tor (It can already do that but I must start it like a root and stop it like a root) Please don't. The very reason Unix is more secure than Windows is that Unix actively uses the permission system to prevent insecure things like PHP from munging the networking daemons. By running PHP with higher privileges, you'll make your Unix system just as insecure as Windows. Juliusz winmail.dat
RE: Re: PHP coder needs Tor details
Windows hasn't rendered active content by default since XP SP2. It has never rendered it by default in Vista or Windows 2003. Windows also no longer runs as administrator by default (I guess you havnt used Vista yet). Its not just in theory. For instance IIS is now so improved that many sites fed up with the constant hacking, exploits, defacements and patching regime dependency compatibility issues that they experience on Linux are migrating over to Windows server 2003. This has been a consistent trend for some time now and Apache just dropped below 60% market share for the first time since 2002 as a direct result of cumulative migrations from Linux to Windows. As you say 'most installations are now secure by default'. Touché. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eugen Leitl Sent: 13 February 2007 10:34 To: or-talk@freehaven.net Subject: Re: Re: PHP coder needs Tor details On Tue, Feb 13, 2007 at 10:25:54AM -, Tony wrote: This is offtopic, but... Actually Windows does exactly the same thing. e.g. the 'Network Service' and 'Local Service' accounts. See http://www.microsoft.com/technet/security/midsizebusiness/topics/netwo rksecurity/securingaccounts.mspx The point is that rendering active content is default, and running everything as administrator is default (in fact, most Windows userland software needs to be installed and run as administrator) -- the technology and the culture conspire to give us the 250 Mzombie Internet experience we love. People seem to forget that the original and worst worm outbreak ever - that efffectively shut down the internet for days was on UNIX... That was a long time ago. Unix is diverse, and most installations are now secure by default. The technology and the culture work together, and lower profile is one of the key points that diversity is good, monoculture is bad. Windows might have its problems but they are not unique. You're correct only in theory. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820http://www.ativel.com 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
RE: Some networking questions
1. a) Approx 50 metres. Depends on the environment, the cards, the transmission power and the wireless band / standard being used. b) No it wont extend it. You need a customised router or software that behaves as a wireless extender to do that. 2. See www.sveasoft.com for firmware for routers that will do this. 3. a)That would depend on the size of the directory and the load. b) Windows XP is not optimised to perform as a server and comes by default with lots of extra processes and services running. However, If it is an option then Windows Server usually outperforms Linux at network, application and fileserver benchmarks on the same hardware. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leelanau Underground Press Sent: 02 February 2007 00:25 To: or-talk@freehaven.net Subject: Re: Some networking questions First off, number 5 should be identities not identitied. I have some more questions: 1. Does anybody know the range of an ad-hoc wireless network for an average wireless card? If an ad-hoc network is run and another laptop connects near the edge of it, does he extend the network range? For example, Laptop A and B are on a network. Laptop C joins off laptop B's connection. Laptop A is normally too far away to see laptop C, does the connection go through B to get there? Will it get there? 2. Has anybody done anything similar? What experiences did you have? 3. How much memory/CPU on average would a all-purpose server and authoritative directory server take on an XP or Linux box? Is tor more efficient in XP or Linux (excluding that linux is more efficient in and of itself) Thanks for any help you can give. Original Message From: Leelanau Underground Press [EMAIL PROTECTED] Apparently from: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Some networking questions Date: Thu, 1 Feb 2007 19:10:30 -0500 I have a lot of questions here so please be patient with me. I have been using and promoting tor for a long time and I'm working on a new project to create a ready-to-go LAN package of tor (for running tor on a LAN). Here are my questions. Example one: I am distributing tor to all the users on a LAN that has a restrictive firewall blocking access to some internet sites. SOME tor servers are blocked, others not. 1. If I make an authoritative directory server on the LAN that excludes non-local IPs from connecting and doesn't advertise to other directory servers, would it mess with tor connections? The reason I ask is I think if I have a local directory server it could do all the work of finding out that certain tor servers are blocked so that the user doesn't have to go through all the trouble. I'm aware this would lessen people's anonymity. Is there a way to improve that? Example two: I am distributing tor to users on a wireless managed or ad-hoc network. Inside the cache file is a list of lots of IPs where servers on the network *might* (since IPs are semi-dynamic) be located. All tor installs by default run servers (middleman, exit, rond. etc.) as well as an authoritative directory server. Nothing ever exits the wireless network as it would only serve to help people use hidden-services. 1. Once connected, how fast will tor transfer data from a hidden service with unlimited CPU/bandwidth/etc. (assuming normal end-user machines are all clients and servers and wireless network speed is around 56 mbps) 2. If the default servers list in the torrc contains the entire IP subnet (let's say for example's sake, this means 1000 IPs), how many times will tor try each IP in the list before it is deleted, and will it be put there again if a local authoiritative directory server suggests it. 3. How long will an authoritative directory server consider a node down before it is removed from the list? 4. What would be the best way to make this network work on the managed wireless network in example one but have a local-only tor network as in example two in case the filter starts blocking ALL the tor servers on the external internet. 5. Since we are working on an extremely high-speed link, would it hurt to run a tor client inside of a tor client to stop adversaries from finding user identitied (since on a wireless network all data can be seen by anybody) I will probably have some more questions once some of these get clarified. Any other related suggestions are helpful. Any help you can offer on any of these questions is appreciated. Thank you, A true tor fan
RE: Relakks
I think you are mistaken. Going via an encrypted pipe to a foreign proxy certainly does not make it easier. It is obviously much easier for the US government to observe an unencrypted USA internet connection and all traffic to and from it than to observe an encrypted connection that terminates in Sweden - together with tens of thousands of other similar connections from the same server. Sure with analysis and a fair bit of processing power they could eventually match your output from Relakks to your source IP by a timing attack. Assuming they can monitor a Swedish ISP at source. However, I doubt that they have that capability - certainly the Swedish government is very unlikely to give it to them. Anyway, the next time that you connect and get a new IP then they have to work from scratch again. It certainly makes it more difficult and probably out of reach of for instance the RIAA, MPAA and other such rights restriction organisations to go after file sharers, DRM hackers and the like. Possibly if you are a terrorist and the NSA is able to bring all its resources to bear then it is not enough, but it is probably good enough for the vast majority that want privacy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of coderman Sent: 30 November 2006 18:29 To: or-talk@freehaven.net Subject: Re: Relakks On 11/30/06, Tony [EMAIL PROTECTED] wrote: If they use Relakks they they can make it much harder for the US governement to watch them - and get decent speed too - unlike with TOR! let me make this really clear: Relakks and other single hop proxies are trivial to observe for an adversary correlating traffic. Such services make it MUCH EASIER, not harder, for governments to watch. they also introduce a single point of failure and require full trust in this third party. Tor is slower than Relakks because it provides stronger anonymity, which is a feature, not a bug. best regards,
RE: Could i use tor to login Paypal?
Hi, Paypal evaluate the fraud risks of user transactions for obvious reasons. Using anonymous proxies will be more likely to flag you as a potential fraudulent transaction or stolen account. I had the same issue as the below - once cleared they don't seem to flag it again for the same reason. This seems a sensible policy to protect users bearing in mind the volume of fraud attempts via Paypal. This is the same way as most online credit card processing gateway fraud systems will flag connections via TOR or other known proxies as higher risk. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of BlueStar88 Sent: 31 August 2006 22:43 To: or-talk@freehaven.net Subject: Re: Could i use tor to login Paypal? Fabian Keil schrieb: A month ago PayPal took my account hostage because they fantasised to have reason to believe a third person had access to it. There were no unauthorised transactions, therefore I'm sure it's a false alarm. Of course they didn't tell me their reason, but I assume it's a stupid one. I wouldn't be surprised if it was because a change of exit nodes while I was logged in. Fabian My business paypal account is locked to reduced functionality too directly after loggin in via tor. Now i have to bring additional papers to proof identity again. I think they're checking the source ip against the registered home country. So if i call from Australia (i.e. Exit Node), but i'm registered to be living in France, they do like this. On one hand a cool security thing, on the other hand a bad side effect of tor... Currently i stuck at reduced paypal account. (There were no transactions in this time) Greets Manuel
RE: SHTTPD: Windows web-server, light-weight, stand-alone and multi-platform (Unix, etc)
Hi, If you have already paid to use Windows server, then it is effectively a 'free product'. However you need to be specially licensed to see the source code. You also get IIS5 with XP, but I would not recommend using that as it is not as secure. From: [EMAIL PROTECTED] on behalf of Anothony Georgeo Sent: Thu 08/06/2006 12:02 To: or-talk@freehaven.net Subject: RE: SHTTPD: Windows web-server, light-weight, stand-alone and multi-platform (Unix, etc) Hi, --- Tony [EMAIL PROTECTED] wrote: Windows Server 2003 already comes with IIS6 The Tor team wants 'free software' not Microsoft products. Access to source code and ability to modifity source code is one of the main legs of 'free software' and not allowed by Microsoft. Please read this page for a great definition of 'free software': http://www.fsf.org/licensing/essays/free-sw.html From the site: --- Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software: * The freedom to run the program, for any purpose (freedom 0). * The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this. * The freedom to redistribute copies so you can help your neighbor (freedom 2). * The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this. --- __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com http://mail.yahoo.com/ winmail.dat
RE: SHTTPD: Windows web-server, light-weight, stand-alone and multi-platform (Unix, etc)
That is simply not true - many people can check and review the source code for Microsoft products. You just have to be licenced and have a valid reason to do so. e.g. the Chinese government did so to check for backdoors, etc., and so have many others including many software developers. See http://www.microsoft.com/resources/sharedsource/Licensing/default.mspx From: [EMAIL PROTECTED] on behalf of Kenneth Loafman Sent: Thu 08/06/2006 14:05 To: or-talk@freehaven.net Subject: Re: SHTTPD: Windows web-server, light-weight, stand-alone and multi-platform (Unix, etc) The other freedom that they don't mention is freedom from backdoors. Since no one can see the MS code and verify that it is free from government intrusion, there is good reason not to use it in an environment where such government intrusion could be detrimental. ...Ken Tony wrote: Hi, If you have already paid to use Windows server, then it is effectively a 'free product'. However you need to be specially licensed to see the source code. You also get IIS5 with XP, but I would not recommend using that as it is not as secure. From: [EMAIL PROTECTED] on behalf of Anothony Georgeo Sent: Thu 08/06/2006 12:02 To: or-talk@freehaven.net Subject: RE: SHTTPD: Windows web-server, light-weight, stand-alone and multi-platform (Unix, etc) Hi, --- Tony [EMAIL PROTECTED] wrote: Windows Server 2003 already comes with IIS6 The Tor team wants 'free software' not Microsoft products. Access to source code and ability to modifity source code is one of the main legs of 'free software' and not allowed by Microsoft. Please read this page for a great definition of 'free software': http://www.fsf.org/licensing/essays/free-sw.html From the site: --- Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software: * The freedom to run the program, for any purpose (freedom 0). * The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this. * The freedom to redistribute copies so you can help your neighbor (freedom 2). * The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this. --- __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com http://mail.yahoo.com/ http://mail.yahoo.com/ winmail.dat
RE: SHTTPD: Windows web-server, light-weight, stand-alone and multi-platform (Unix, etc)
Hi, What has Code Red to do with this? That was a different webserver version on a different operating system (IIS5 on Windows 2000 and earlier). I was recommending the option of IIS6 for those running Windows server 2003. I remind you that the worst worm infestation in the history of the internet was actually on UNIX based systems as the 'Great Worm' of 1988... Should we avoid using Linux because of that? Microsoft current OS's are certainly not perfect but they are much improved as regards security from previous versions. If you check recent defacement statistics or the recent report on the subject from Mi2g you will see that the most commonly hacked server OS platform on the internet is currently systems based on Linux by a very wide and growing margin, even allowing for the fact that there are currently more Linux based servers out there. As regards the source code comment - I cant recall anyone being sued as you describe anywhere, ever, except where the person concerned was an ex-employee of the company in question. Perhaps you could provide a few examples? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Watson Ladd Sent: 09 June 2006 00:08 To: or-talk@freehaven.net Subject: Re: SHTTPD: Windows web-server, light-weight, stand-alone and multi-platform (Unix, etc) And so Code Red never existed? On Jun 8, 2006, at 10:23 AM, Tony wrote: That is simply not true - many people can check and review the source code for Microsoft products. You just have to be licenced and have a valid reason to do so. e.g. the Chinese government did so to check for backdoors, etc., and so have many others including many software developers. See http://www.microsoft.com/resources/sharedsource/Licensing/ default.mspx And never work on GPL code ever again because a lawsuit might be made. This is why open source projects should create shell corporations that own all the code: When a lawsuit comes, declare bankruptcy, give them the rights to the code. Then fork off another project and repeat. When they come after you, point out that the previous owners waived the rights to prevent a fork. From: [EMAIL PROTECTED] on behalf of Kenneth Loafman Sent: Thu 08/06/2006 14:05 To: or-talk@freehaven.net Subject: Re: SHTTPD: Windows web-server, light-weight, stand- alone and multi-platform (Unix, etc) The other freedom that they don't mention is freedom from backdoors. Since no one can see the MS code and verify that it is free from government intrusion, there is good reason not to use it in an environment where such government intrusion could be detrimental. ...Ken Tony wrote: Hi, If you have already paid to use Windows server, then it is effectively a 'free product'. However you need to be specially licensed to see the source code. You also get IIS5 with XP, but I would not recommend using that as it is not as secure. From: [EMAIL PROTECTED] on behalf of Anothony Georgeo Sent: Thu 08/06/2006 12:02 To: or-talk@freehaven.net Subject: RE: SHTTPD: Windows web-server, light-weight, stand- alone and multi-platform (Unix, etc) Hi, --- Tony [EMAIL PROTECTED] wrote: Windows Server 2003 already comes with IIS6 The Tor team wants 'free software' not Microsoft products. Access to source code and ability to modifity source code is one of the main legs of 'free software' and not allowed by Microsoft. Please read this page for a great definition of 'free software': http://www.fsf.org/licensing/essays/free-sw.html From the site: --- Free software is a matter of the users' freedom to run, copy, distribute, study, change and improve the software. More precisely, it refers to four kinds of freedom, for the users of the software: * The freedom to run the program, for any purpose (freedom 0). * The freedom to study how the program works, and adapt it to your needs (freedom 1). Access to the source code is a precondition for this. * The freedom to redistribute copies so you can help your neighbor (freedom 2). * The freedom to improve the program, and release your improvements to the public, so that the whole community benefits (freedom 3). Access to the source code is a precondition for this. --- __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com http://mail.yahoo.com/ http:// mail.yahoo.com/ winmail.dat Sincerely, Watson Ladd --- Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety. -- Benjamin Franklin
RE: Did you see this?
Hi. As the RIPA 3 is currently written there seem to be two big holes. 1. Destroy the key and retain proof that you destroyed it - eg microwave the USB key. It seems that the law is only really designed to cope with keys (passphrases) that you can remember. Therefore if you have a physical 'key file' and can destroy it then there doesnt seem to be a penalty for that if I read it correctly. You can prove that you no longer posess the key - and therefore cant be penalised for refusing to reveal it! 2. Keep multiple keys (e.g. a dummy volume). The act specifies that if there is more than one key, you can choose which key to give up! From: [EMAIL PROTECTED] on behalf of Steve Crook Sent: Fri 19/05/2006 12:41 To: tor talk Subject: Re: Did you see this? On Thu, May 18, 2006 at 07:16:49PM -0700, Eric H. Jung wrote: U.K. Government to force handover of encryption keys http://news.zdnet.co.uk/0,39020330,39269746,00.htm Yes, once this is passed encrypting storage with a passphrase becomes a pointless exercise in the UK unless you are prepared to spend time at Her Majesty's pleasure in order to protect your data. I think the best solution is to run privacy services in a different jurisdiction from where the operator resides. For example, my Tor node is located in Texas and runs from encrypted volumes that I manually mount from the UK after a reboot. I don't think the special agreements between these countries currently stretch to international demands for passphrases. No doubt this would rapidly change if the accusation was related to terrorism or possibly one of the other horsemen of the infocalypse. I'd be interested to hear other suggestions for circumventing RIPA. winmail.dat
RE: Did you see this?
I didn't say a false key, I said a dummy key. One that will work, but would unlock a dummy outer volume - but not all data within it. There is no way of telling the inner contents of such a drive from random data. There are several products that can do that. The act specifically says that if there are multiple keys then you can choose which one to release. Destroying a false key and claiming you didn't have the key would be illegal if you still possessed the real key. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jonathan D. Proulx Sent: 19 May 2006 17:28 To: or-talk@freehaven.net Subject: Re: Did you see this? On Fri, May 19, 2006 at 03:11:20PM +0100, Tony wrote: :2. Keep multiple keys (e.g. a dummy volume). : :The act specifies that if there is more than one key, you can choose which key to give up! That just means you can revoke the key when they're done. Giving a false key is not giving a key. You can play whatever games you want (ie microwave a different USB frob while shipping the real key to a trusted associate in a country without an extradition tready), but that isn't a loop hole in the law that can be legally exploited, it's a dodge that can land you in heaps more trouble if you're caught. -Jon
RE: Some legal trouble with TOR in France
They send you to prison if you don't give up the information. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matej Kovacic Sent: 15 May 2006 07:57 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France Hi, Under the British Regulation of Investigatory Powers Act, they would simply confiscate the entire machine, demand any authentication tokens required to access it, and lock you up if you refused to surrender them. I believe similar laws exist in most EU jurisdictions now. What about the priviledge of non self-accusation? It is expensive, but you can just piss 'em off and buy new hardware... bye, Matej
RE: Some legal trouble with TOR in France
Yes apparently it's not in force yet. I'm sure its coming though. Although as currently written there seem to be a few loop holes - e.g. you can give up 'any' key and you can choose which key just so long it meets stated the requirements of the request. There isn't a requirement to give up 'all keys'. You can also destroy the key before receiving the request if you think a request is coming. Giving up dummy keys that unlock dummy volumes would make it very hard to prove you didn't meet the request unless the specific information that they were looking for was already named on the request. Or as I read it, you can destroy a key even after the request is received if you can prove you no longer have it in your 'possession' -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike Perry Sent: 15 May 2006 00:16 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France Thus spake Eric H. Jung ([EMAIL PROTECTED]): Tony's point was that you could arrange not to have the authentication tokens anymore. You better hope they believe you when you say you don't have it, though. Not having the authentication tokens counts as refusing to surrender them. Per US law, if a judge subpoenas you to hand them over and you refuse and/or remain silent, it means indefinite jail time (until you hand over the tokens) and/or fines. Where is your source on this? As I understand it, there are a few fundamental principles of the US legal system that should render this statement completely false. One is Habeas Corpus.. You can't just throw someone in jail indefinitely without a criminal charge and a trial. http://en.wikipedia.org/wiki/Writ_of_habeas_corpus Though it seems BushCo are violating it with enemy combatant charges, I do not think they have the political power (at least anymore) to name an anonymity provider as an enemy combatant (especially if they are a natural born US citizen). The same applies to the 72 hour warrant deal, at least as far as I can tell from http://www.fff.org/comment/com0601c.asp Second, if it is a criminal charge, you are not under any obligation to testify against yourself in a criminal court of law (5th ammendment). There are various exceptions to this, main one being if you are not the person charged of the crime (though I think you can still claim that such testimony may incriminate you for unrelated matters). I suppose it could also be argued that the passphrase does not count as testimony, but it sure seems like it is. Finally, some googling on subpoena compliance seems to indicate that punishment for subpoena non-compliance is 'contempt of court' charge and fines. http://www.rcfp.org/cgi-local/privilege/item.cgi?i=questions That page advises you not to answer any subpoenas without challenging them first, among other things (ie one state's court cannot usually subpoena someone from another state). Contempt of court charges for non-compliance may be repeated, but any contempt law I can find on the web has some form of maximum limit. The longest I've seen so far is North Carolina, which is a max of 1yr in 90 day increments: http://www.rosen.com/ppf/cat/statco/laws.asp Also, dunno how accurate it is, but Wikipedia seems to claim that the key disclosure provisions of the RIPA (Part III) are not yet in force in the UK: http://en.wikipedia.org/wiki/Regulation_of_Investigatory_Powers_Act_2000 We seriously have to watch our paranoia on this one. This is one of those situations that if we believe we have no rights, it will be very easy to knock us over, simply by playing off our fears and demanding keys without any legitimate basis to do so. If any Tor operator is arrested/detained in the US, they would do well to refuse to surrender any passphrase until they are actually in court and ordered to do so by a Judge (and then only after voicing protest, to allow for clear appeal to a higher court). Cops will probably just lie to you and try to convince you that you are required on the spot. Ask for a lawyer immediately. This is not just to protect the Tor network either. With computer laws as crazy as they are, and with the IPPA coming down the road, soon simply having something like an Open Source DVD player or archiver on your machine will be enough to land you in jail for a while, if it's not already... -- Mike Perry Mad Computer Scientist fscked.org evil labs
RE: Some legal trouble with TOR in France +
Please define 'evil activities' -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Mathewson Sent: 15 May 2006 23:59 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France + On Mon, May 15, 2006 at 03:36:59PM -0700, Ben Wilhelm wrote: [...] The line is drawn. The line is that Tor does not censor. That's the only line that makes sense, because everything else requires subjective judgement that many would not be able to agree on. I typically argue this from the can't point of view, not the won't. If it were possible detect block evil activities through programmatic means, I *would* be in favor of blocking them. Unfortunately, evil-detection isn't automatable (RFC3514 notwithstanding), and most schemes for blocking are both over-broad _and_ easy to circumvent. Non-automated schemes, as you say, fall for different reasons: you can't make one without putting human judgment in the loop, and once you've done that, you've appointed somebody as a censor, and you've created a mechanism for someone else to take the reigns of censorship in the future. Also, there's the jurisdictional arbitrage problem: which local standards does your hypothetical censor try to comply with? China's? France's? If you don't want your internet connection to be used anonymously, for *anything*, then don't run a Tor exit node. Rather, if you're not willing to accept that people may use your Internet connection to do stuff you don't like, don't run an exit node. You don't have to like everything that people do. I don't *want* people to use my software for any number of things, but I believe that the benefits it provides do outweigh the problems. It's impossible to block subjects on a case-by-case basis anyway - the exact thing Tor was built to prove! - and I'd rather not waste our coders' time on that. Hm? I don't think Tor was built to prove anything; I think it was built to further usable online privacy for everyone. :) As for wasting the coders' time, don't worry. We have a long history of ignoring bad ideas. wink yrs, -- Nick Mathewson
RE: Some legal trouble with TOR in France
Not to mention that under Bush, meeting the requirements of US law is not required either. And they have certainly never worried about other countries laws. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric H. Jung Sent: 14 May 2006 03:33 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France --- Mike Perry [EMAIL PROTECTED] wrote: A US judge exercising proper dilligence should be able to realize that the search was not likely to produce relevant evidence to the case in question, or so one would hope. LOL. Where have you been for the past 6 months with regards to the Bush administration. Warrants in the US are no longer required.
RE: Some legal trouble with TOR in France
Talking of Microsoft; it is a claimed advantage of the new OS versions coming out such as Longhorn server - they include 'Bitlocker' encryption that is apparently highly secure and integrates with motherboard chipsets (TPM modules) to provide end to end code authentication and hardware security. If any one thing required to unlock it is missing - e.g. original hardware, TPM or pass code, USB dongle, etc. then no one is going to reading your data unless a compromise is found in 256 bit AES encryption. So if for instance they take your disks away as per the French TOR node, then you could destroy your hardware key (wipe TPM module, destroy motherboard chipset or USB dongle) and they are not going to be reading anything, ever. Even if they do take the whole system away then they wont be able to login to access your data even if they can boot unless they have your password (and biometrics or USB token, etc.) You can login using a USB token and then store the token away from the PC. If the PC is taken then you can destroy the token (one minute in a microwave oven is pretty effective). Then even if you are later required by law to give up your 'passwords' you can show that is no longer possible. See http://www.microsoft.com/technet/windowsvista/security/bittech.mspx and http://www.microsoft.com/technet/windowsvista/security/bitlockr.mspx Another advantage of this is that they can't easily trojan or root kit your OS at a low level - it would fail the signed code integrity checks and would not boot. I recommend not securing it with your finger prints though. http://news.bbc.co.uk/1/hi/world/asia-pacific/4396831.stm I wonder how law enforcement organisations and even organisations that don't care about international (or even their own) laws such as the US government will react to the increasing future common use of secure encryption. Even our phone calls can now be secured from their monitoring: http://www.philzimmermann.com/EN/zfone/index.html -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Landorin Sent: 14 May 2006 01:45 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I'd say if you can register a server with the required data given you can unregister it the same way imho. Just contact the adress for registering. Speaking of cloned hard drives and having his keys... that's where Truecrypt kicks in. ;) Nicely encrypted files with hidden volumes within the file. ;) By the way, if you even want to melt the hardisk then you need to go to the Mount Doom and drop it there, that's the safest way and since you're already on it, that way you can make the Microsoft Tower of Evil and its virtual armies collapse, too. ;) I doubt the normal police has such good programs that survive melting and formating. ;) In the end, it's up to you to decide what is necessary to trust your hardisks again. Yet if I were the police I wouldn't waste my time on someone who obviously had nothing to do with the crime, I'd rather concentrate on finding criminals that can be traced back (and if they listened to you then they know it's a waste of time in any case because they can't track anyone back with your PC). Sincerely, Landorin Anthony DiPierro schrieb: On 5/13/06, Ringo Kamens [EMAIL PROTECTED] wrote: He has a good point. They surely have a clone of your drive which means they have the private keys to the server which could destroy the user's anonymity. If I understand things correctly then the name of the node should be told to someone who can permanently take it out of the directory servers. Is this possible/necessary? Or does everyone have to add an excludenodes? Anthony - -- Accelerate cancer research with your PC: http://www.chem.ox.ac.uk/curecancer.html GPG key ID: 4096R/E9FD5518 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBRGZ9ni4XdI7p/VUYAQJ7nRAA23sfYnBQ5kka8PtX5ubnKz784KS+MoY0 Dl3GbcNHuIxGRUPVrPlsg5kmYLXocuUPHzUBiHsl20bWMNn6BWE4/rjPaZZaEz6I KgxMUx9PmQhZQOH9r+1gNoJnfB2VM2J8coms1g0O3zlwK6H9bTwCc0DPgGVcLkWI BhaS6YWuPPLgIUMi+DVYGJar6Lj/Ke1i/nYnVCc0u+F5MIi8vweuTui0tDQOg29E 9mMX1FhQTsEIeb2G4VsFt04Ye3voMVHXhf4kyOaI77PwLAm1grA4Dg2uHo4Lspb0 RbLoKxQBnExQCkPHWadxwqEyb6tOBibWaF/OA5mEsW27Dh0SlpW351uJ90Jxiun6 IPbIRx3KkE+5W3hppXqIPKMezIrubX4sxJ2P6ONTHwm3il9qRBMB8eUJzBZMbx4F UsB1Wt6y9wVoeCwkc4uaUpnNozbhlyWMQxIr5fpjJ0f8QYgJ/BsqWoxmoaGJ6kSA ukdN93g5mxhQ4R3D5zBU/jpAvv3zLEcNoFlg9HnotYBYK/x3u6n/d03B0TeKd1s8 nM4iOTDvIc2jISNtV1hMxzd9tX4CkIsVSz7aCUiTJnHFnngeGdqCu+7x6sDQB6t5 4vPUpfJFnGp+P/TnTu0diOaYCdiCkeyVhisCZX7+cy6z+7UIHZEtkGTZD4NC3ugd FKjerbzR/kg= =J51j -END PGP SIGNATURE-
RE: Some legal trouble with TOR in France
Unfortunately you no longer have a right to remain silent in the UK. Even for general offences they can interpret it as evidence of guilt in court. Hopefully EU / Human Rights legislation will resolve that at some point. You could however find other ways to get round the requirement. For instance you could provide a USB token that contained the keys, but also contained a bootable image that on inserting into your PC wiped your TPM and then wiped the key. You have then met your requirement to provide the key... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lionel Elie Mamane Sent: 14 May 2006 14:58 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France On Sun, May 14, 2006 at 02:32:50PM +0100, Dave Page wrote: On Sun, May 14, 2006 at 01:34:51PM +0100, Tony wrote: So if for instance they take your disks away as per the French TOR node, then you could destroy your hardware key (wipe TPM module, destroy motherboard chipset or USB dongle) and they are not going to be reading anything, ever. Even if they do take the whole system away then they wont be able to login to access your data even if they can boot unless they have your password (and biometrics or USB token, etc.) Under the British Regulation of Investigatory Powers Act, they would simply confiscate the entire machine, demand any authentication tokens required to access it, and lock you up if you refused to surrender them. I believe similar laws exist in most EU jurisdictions now. Tony's point was that you could arrange not to have the authentication tokens anymore. You better hope they believe you when you say you don't have it, though. And under at least some EU registrations, some people have a right to remain silent. Like the accused person, for example. And people that have a right to remain silent can refuse to hand over cryptographic keys. Not that some powers haven't been known to first interrogate you as unrelated witness (neither you, nor your family, is accused), where remaining silent is obstruction of justice and punishable, and _then_ charge you with the information thus gleaned. -- Lionel
RE: Some legal trouble with TOR in France
Not if you didn't have them prior to receiving the notice and can prove it. e.g. after taking away your PC and realising it is encrypted they return with a notice. You then hand over token and say by the way I previously destroyed the data on it so I don't have the keys. You have met your legal obligations. There is no offence of 'suspecting a notice might be served and destroying the keys in advance of receipt' that I am aware of. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Page Sent: 14 May 2006 15:00 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France On Sun, May 14, 2006 at 03:58:06PM +0200, Lionel Elie Mamane wrote: On Sun, May 14, 2006 at 02:32:50PM +0100, Dave Page wrote: Under the British Regulation of Investigatory Powers Act, they would simply confiscate the entire machine, demand any authentication tokens required to access it, and lock you up if you refused to surrender them. I believe similar laws exist in most EU jurisdictions now. Tony's point was that you could arrange not to have the authentication tokens anymore. You better hope they believe you when you say you don't have it, though. Not having the authentication tokens counts as refusing to surrender them. Dave -- Dave Page [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED]
RE: Some legal trouble with TOR in France
Nb - an interesting question arises with the use of TrueCrypt, etc. that have passkeys that can unlock different levels of data. If you have dummy volumes and provide the passkeys to just those have you met your legal requirements? The implication under the RIP act is that you have. (2) A person subject to a requirement under subsection (1)(b) to make a disclosure of any information in an intelligible form shall be taken to have complied with that requirement if- (a) he makes, instead, a disclosure of any key to the protected information that is in his possession; and (b) that disclosure is made, in accordance with the notice imposing the requirement, to the person to whom, and by the time by which, he was required to provide the information in that form. So unless the notice specified exactly what data they wanted access to (which presumably they would already have a record of to request it), then providing that the notice only requires access to a specified Disk or volume then it would seem you have met those obligations by providing a dummy volume passkey. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Page Sent: 14 May 2006 15:00 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France On Sun, May 14, 2006 at 03:58:06PM +0200, Lionel Elie Mamane wrote: On Sun, May 14, 2006 at 02:32:50PM +0100, Dave Page wrote: Under the British Regulation of Investigatory Powers Act, they would simply confiscate the entire machine, demand any authentication tokens required to access it, and lock you up if you refused to surrender them. I believe similar laws exist in most EU jurisdictions now. Tony's point was that you could arrange not to have the authentication tokens anymore. You better hope they believe you when you say you don't have it, though. Not having the authentication tokens counts as refusing to surrender them. Dave -- Dave Page [EMAIL PROTECTED] Jabber: [EMAIL PROTECTED]
RE: Some legal trouble with TOR in France
The whole point is that you ensure any keys are destroyed before you receive a formal request. It not 'evidence' until its requested by the authorities. It is believed there is code in all major manufacturer colour copiers and high end printers that can identify the printer serial number. It is done via a faint yellow pattern on every print out. The stated target is currency forgery but of course it has many other uses. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric H. Jung Sent: 14 May 2006 16:28 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France Before they realise that they need a key you can microwave the token. You can then surrender it when required and still meet your legal obligations... 'It must have been static damage officer...you need to be more careful with my equipment' Which in the UK at least could land you in prison for up to 10 years. Evidence tampering is a severe crime in the United States, too. I wouldn't be surprised if the US Government at least *mandated* TPM-level access. Don't any of you remember the Xerox scandal? http://www.schneier.com/blog/archives/2005/10/secret_forensic.html There's also code in high-end color Xerox copiers which prevents and/or mangles copying of US currency. This was reported a few years ago IIRC. Do you think Xerox decided to put these measures into their machinery themselves? Or do you think they were asked/coaxed into doing it by The Man Tony's point was that you could arrange not to have the authentication tokens anymore. You better hope they believe you when you say you don't have it, though. Not having the authentication tokens counts as refusing to surrender them. Per US law, if a judge subpoenas you to hand them over and you refuse and/or remain silent, it means indefinite jail time (until you hand over the tokens) and/or fines.
RE: Some legal trouble with TOR in France
2. The restrictions on encryption were removed some years ago. The best encryption software comes from outside the USA anyway so it was always a pointless exercise in futility. Unless a vulnerability is found in 256 bit AES it would take them longer than the ages of the universe to crack a key by brute force no matter how many terraflops of power they have to task on your key (not to mention the many others they might want to crack) 3. Filtering content is not quite the same as signing code and pretending it comes from Microsoft. Such a piece of code would have a changed checksum would likely be spotted and then analysed. I cant see Microsoft doing that unless required by law. 4. TPM is part of the trusted computing concept. It just makes it much harder. Not impossible. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ringo Kamens Sent: 14 May 2006 18:31 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France There are a few key points that you are overlooking. 1. In support of the photocopying money scandal, most printers have yellow dots imprinted on them that track date printed, serial number, etc. 2. By US export law, US companies are not allowed to export encryption larger than 56 bit (although it might have jumped to 128 a few years ago), unless it has been certified by the government. That means unless it has a backdoor. Plus, governments have thousands of teraflops of idle computer cycles waiting to crack your keys. 3. How can you honestly think Microsoft wouldn't bend over for the US government. They bent over for China. Look at PGP. They moved to closed source after version 6.0 with no valid reason. The reason is probably the government. 4. In terms of using checksums to ensure your system hasn't been tampered with, the computer hardware could have a defense system against that such as trusted computing. Ringo Kamens On 5/14/06, Mike Zanker [EMAIL PROTECTED] wrote: On 14/5/06 15:10, Tony wrote: Nb- failure to disclose keys is up to two years in prison. Not 10. (5) A person guilty of an offence under this section shall be liable- (a) on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine, or to both; (b) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum, or to both. Furthermore, that's part III of RIPA which hasn't been enacted yet. Mike. This message has been scanned for viruses by MailController - www.MailController.altohiway.com
RE: Some legal trouble with TOR in France
Again it is very unlikely. There are many options to get the keys - like forcing you to divulge them or wire tapping your keyboard. If such a backdoor was included than it would likely be spotted. Here are some comments on a similar accusation a few years ago: http://www.cnn.com/TECH/computing/9909/13/backdoor.idg/ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ringo Kamens Sent: 14 May 2006 18:43 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France I'm not saying the AES is weak. I'm saying that Microsoft might have implemented a back-door for governments. They could store the private keys and passwords in videocard memory or in the boot sector or something like that. On 5/14/06, Tony [EMAIL PROTECTED] wrote: 2. The restrictions on encryption were removed some years ago. The best encryption software comes from outside the USA anyway so it was always a pointless exercise in futility. Unless a vulnerability is found in 256 bit AES it would take them longer than the ages of the universe to crack a key by brute force no matter how many terraflops of power they have to task on your key (not to mention the many others they might want to crack) 3. Filtering content is not quite the same as signing code and pretending it comes from Microsoft. Such a piece of code would have a changed checksum would likely be spotted and then analysed. I can't see Microsoft doing that unless required by law. 4. TPM is part of the trusted computing concept. It just makes it much harder. Not impossible. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ringo Kamens Sent: 14 May 2006 18:31 To: or-talk@freehaven.net Subject: Re: Some legal trouble with TOR in France There are a few key points that you are overlooking. 1. In support of the photocopying money scandal, most printers have yellow dots imprinted on them that track date printed, serial number, etc. 2. By US export law, US companies are not allowed to export encryption larger than 56 bit (although it might have jumped to 128 a few years ago), unless it has been certified by the government. That means unless it has a backdoor. Plus, governments have thousands of teraflops of idle computer cycles waiting to crack your keys. 3. How can you honestly think Microsoft wouldn't bend over for the US government. They bent over for China. Look at PGP. They moved to closed source after version 6.0 with no valid reason. The reason is probably the government. 4. In terms of using checksums to ensure your system hasn't been tampered with, the computer hardware could have a defense system against that such as trusted computing. Ringo Kamens On 5/14/06, Mike Zanker [EMAIL PROTECTED] wrote: On 14/5/06 15:10, Tony wrote: Nb- failure to disclose keys is up to two years in prison. Not 10. (5) A person guilty of an offence under this section shall be liable- (a) on conviction on indictment, to imprisonment for a term not exceeding two years or to a fine, or to both; (b) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum, or to both. Furthermore, that's part III of RIPA which hasn't been enacted yet. Mike. This message has been scanned for viruses by MailController - www.MailController.altohiway.com
