Re: I can upgrade a Debian HPPA tor node
What i have to do? Changing sources in apt-get? Compile from source? Take a look at deb packages at https://wiki.torproject.org/noreply/TheOnionRouter/TorOnDebian Compile from source (and roll your own deb, take a look at checkinstall) if there isn't a package suitable for your machine. M
How to run an exit node and not getting raided by police?
As far as I know tor operators have been raided in Germany and Finland by ignorant cops who does not know anything about proxies or that one ip does not mean "one person" (ever heard of NAT, proxying or routing for example). How about other countries? How to avoid that nasty raid (at you home) and that oh so sweet paranoid feeling after that? Any ideas? How about following (just my two cents): Running exit node on computer that is physically located at some ISP's server farm? Renting a server from a different country, maybe a whole different continent and running exit node there? If you live in Europe and your country belongs to EU then maybe outside of EU? What would be a "good" country? How about service providers? - Maybe a good idea? PTR records (reverse dns)? Ip that translates to something like proxy.domain.com or tor-proxy.domain.com? Are the cops smart enough? Do they care? (I don't personally think that they care or understand.) Running exit node at local library's poorly secured computer? - That ain't nice and it's illegal - no. Running a exit node on computer owned by some "civilrights group"? Encryption? Is it good or bad if cops take your servers? If you give your keys to cops they can check that there ain't no cp. If your hard drive is not encrypted police can check it easily. What about privacy? Police tends to take all the computers and not just the one(s) running tor. What about encrypted container in encrypted fs's slack space for your private data? Then one can hand the outer volumes keys to police without any worries. And for my poor english.. Hope you all understand what I write =). Good day to you all! M
Re: Child pornography blocking again
Kraktus wrote: > On 26/01/2008, Eugen Leitl <[EMAIL PROTECTED]> wrote: >> On Sat, Jan 26, 2008 at 12:46:46PM -0500, Kraktus wrote: >>> Really, if I'd known my message was going to evoke this sort of response, >> Really, if you want any other sort of response, DON'T SUGGEST IMPLEMENTING >> CENSORSHIP HOOKS IN TOR in future. Thanks so much. > > Tor already has censorship hooks. Tor nodes are already in > control of their own exit policies. Certain ports are already > blocked by default. > > This would simply provide Tor nodes with another tool to > control what leaves their nodes. And if Tor nodes didn't want > to use it, they wouldn't have to. > >>> I'd have entitled it 'Directory-distributed variables for exit lists'. >> It doesn't matter how you call it, it still stinks. >> >> Of course suggesting paedophilia in a anonymity forum is the >> equivalent of Godwin's law. Basically, you lost in the moment >> you mentioned it. >> >> -- >> Eugen* Leitl http://leitl.org";>leitl http://leitl.org > > Wasn't there a child porn hidden service at one point in the past? > So it's not like this was never a real issue. Not that this would > have any impact on the ability to run child porn hidden services, > but still. > > Really, I'm not saying that you, as a Tor user / node operator / > whatever you are, are a paedophile, or personally responsible > for people engaging in paedophilia. If so, then I, as someone > who believes the benefits still outweigh the disadvantages, and > subsequently run an exit node, am just as guilty. But, if I could > prevent my exit node from being used to access CP, without > preventing it from also being used to access a plethora of good > things, surely I would. Some f:ing paedophile is responsible for loosing all my computers and scaring my better half. Thanks a lot. If theres going to be some directory controlled exit-policies then count me in (if I'm going to ever run an exit-node anymore). As for many things one can use Tor for good or for bad but as long as running an exit node means getting busted by some rude cops I'm not going to run one anymore (maybe?). Btw, I changed my other node to middle-man only =(. M
Tor operator raided in Finland
Hello I'm not sure if my last email reached the list but just wanted to let you know. Tor exit-node SpongeBob was raided by local police two days ago. Very rude and ignorant cops, the usual. They took all my computers and tried to take my UPS before I convinced them that it's not a computer. My lawyer said that I should not go in to details but I wanted to let you all know. Gpg keys revoked and so on. M
Re: Problem with bandwidth
Try to set BandwidthBurst to 20 KB. It should help, at least it works for me. One of my exit nodes uses Bandwidthrate 200KB and BandwidthBurst 250KB and other one uses 100KB and 100KB. No problems. "This value should be at least twice your BandwidthRate." That was new to me. What version are you using? I'm using v0.2.0.2-alpha and `man tor` says following (and nothing about that it should be twice as BandwidthRate): BandwidthBurst N bytes|KB|MB|GB|TB Limit the maximum token bucket size (also known as the burst) to the given number of bytes in each direction. (Default: 6 MB) Taken from http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-8defc2c4c3734f2995667fdedd175d507f6094ff 5.17. What bandwidth shaping options are available to Tor servers? There are two options you can add to your torrc file: * BandwidthRate is the maximum long-term bandwidth allowed (bytes per second). For example, you might want to choose "BandwidthRate 2 MB" for 2 megabytes per second (a fast connection), or "BandwidthRate 50 KB" for 50 kilobytes per second (a medium-speed cable connection). The minimum BandwidthRate is 20 kilobytes per second. * BandwidthBurst is a pool of bytes used to fulfill requests during short periods of traffic above BandwidthRate but still keeps the average over a long period to BandwidthRate. A low Rate but a high Burst enforces a long-term average while still allowing more traffic during peak times if the average hasn't been reached lately. For example, if you choose "BandwidthBurst 50 KB" and also use that for your BandwidthRate, then you will never use more than 50 kilobytes per second; but if you choose a higher BandwidthBurst (like 1 MB), it will allow more bytes through until the pool is empty. If you have an asymmetric connection (upload less than download) such as a cable modem, you should set BandwidthRate to less than your smaller bandwidth (Usually that's the upload bandwidth). (Otherwise, you could drop many packets during periods of maximum bandwidth usage -- you may need to experiment with which values make your connection comfortable.) Then set BandwidthBurst to the same as BandwidthRate. Hope this helps... M Michael_google gmail_Gersten wrote: I saw that bandwidthburst is supposed to be the highest traffic that Tor will use. That's not the problem. The first problem is that Tor stays at that level, and does not drop down to the normal level. The second problem is that Tor is advertising the higher rate, rather than the maximum advertised rate. BandwidthRate N bytes|KB|MB|GB|TB A token bucket limits the average incoming bandwidth usage on this node to the specified number of bytes per second, and the average outgoing bandwidth usage to that same value. (Default: 3 MB) BandwidthBurst N bytes|KB|MB|GB|TB Limit the maximum token bucket size (also known as the burst) to the given number of bytes in each direction. This value should be at least twice your BandwidthRate. (Default: 6 MB) MaxAdvertisedBandwidth N bytes|KB|MB|GB|TB If set, we will not advertise more than this amount of bandwidth for our BandwidthRate. Server operators who want to reduce the number of clients who ask to build circuits through them (since this is proportional to advertised bandwidth rate) can thus reduce the CPU demands on their server without impacting network performance. Alright, so my Burst is not twice my Rate. I cannot manage twice the minimum rate. (Minimum rate is 20KB, twice that is larger than my physical upload speed.) And, checking now, the outgoing bandwidth (system wide, but I'm only using Tor and gmail right now) is between 29 and 31 KB/s. On 6/20/07, M <[EMAIL PROTECTED]> wrote: Read the manual and documents from http://tor.eff.org. That is correct and normal behavior. Especially look for Bandwidthburst. M >I'm trying to find out what I'm doing wrong with bandwidth settings. > >In my torrc: >BandwidthBurst 3 >BandwidthRate 22000 >MaxAdvertisedBandwidth 20480 > >However, Vidalia reports that my bandwidth is 27KB/s, ignoring the >MaxAdvertisedBandwidth. > >I'm seeing total outgoing traffic (system wide) of about 28-29KB/s >when the system is idle but full of Tor. My normal upload limit is >around 35KB/s.
Re: A brief response on TRUTHWORTHY
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > I really hate it when Tor servers are chained with squid > and provide modified content without letting me know. > Some of them even provide default addresses for failed > DNS requests, instead of delivering a decent error message. > > I think most of these Tor server operators have no > wrong intentions and wouldn't mind using such an option > if it existed. I would be glad if I could easily exclude > them. I'm running Tor server chained with squid to save valuable bandwidth. It saves about 2GB per day. No content is modified, only some error messages by Squid (host not found etc.) which is default behavior. I dont see anything wrong with that, correct me if I'm wrong. Many ISP:s transparently redirect http traffic to Squid to save their bandwidth. Many websites provide (sadly) provide different content depending your toplevel domain. Do you have any examples of content that has been modified by tor server chained with proxy? I'm intrested. BTW: my tor server is SpongeBob. M -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE5vOL6fSN8IKlpYoRAh8wAKCMhcxtR/Uv92CIOKs50kiAlRj/sQCdGynv JQI6sCxZzD02AgO0kX/T2rU= =b4EZ -END PGP SIGNATURE-
Re: Tor Leaking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This leaking can also be stopped by configuring a Linux router which runs Tor, transparently route outgoing tcp-traffic to Tor and drop _everything_ else. I think there should be more documentation about setting up transparent Tor router with Squid. When I did that I found out that those documents are missing some very important points that brokes transparent routing etc. M Ringo Kamens wrote: > As long as you use the default configuration and set your browser to use a > HTTP proxy, then DNS leaks shouldn't be a problem. The problem occurs when > you tell programs to use tor as a socks proxy and they decide to resolve > their own DNS names. If you block DNS resolving with your firewall the > program might try to resolve the DNS name through tor. If you route a > program through freecap it shouldn't be a problem. DNS leaking was more > of a > problem in the past and if tor is passed an IP address (which is a sign > of a > DNS leak) it will warn you. > Ringo > > > On 6/14/06, Simon Callow <[EMAIL PROTECTED]> wrote: >> >> I came across a privacy blog that says even when you >> set up Tor correctly it still leaks sometimes. It says >> >> >> And you Thought you were Safe!—You've installed that >> proxy chain. You've shooed away the two Jays—those >> attractive, brightly coloured birds that prove just >> that little bit too inquisitive for comfort. You've >> done everything correctly—by the book. So you call up >> your favourite search engine, enter your favourite >> topic, and soon you're clicking away on one link after >> another, sure in the knowledge that Big Brother >> doesn't know what sites you're visiting. Right? … >> Wrong! Some of those clicks will be putting a smile on >> Big Brother's face. And no need to feel so smug, all >> you Tor users—yes, we mean you too! >> >> It's at www.nearlyperfectprivacy.blogspot.com. They >> are not against Tor as they're running a campaign >> supporting it and they seem to know a lot about >> privacy. I had a look through the archives and the >> Wiki and I can't find anything that would cause Tor to >> just leak sometimes. If you've done it by the book >> then that would be with Privoxy so I thought there >> would be no DNS leakage. If you have turned off Java >> and Javascript as they say they I thought you'd be >> okay apart from the sort of attack where someone looks >> at both ends of the line. They seem to be saying that >> DNS leaks sometimes but not always. But if Tor wasn't >> set up properly then it would leak all the time. Am I >> missing something. >> >> >> __ >> Do You Yahoo!? >> Tired of spam? Yahoo! Mail has the best spam protection around >> http://mail.yahoo.com >> > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFEkAHh6fSN8IKlpYoRAuMcAJ9Ic9Y5oOz2btYp7SINf0hTJtZDcACgn7Fg WJ8q8P6PfIq4+i2j7L1yjME= =98Qp -END PGP SIGNATURE-