Re: A suggestion to TOR [a proxy server]
emigrant wrote: and i think, this can be a step towards the increasing trend of cloud computing, if i have correctly understood what is cloud computing. :D I guess this is off-topic, but some of us don't think moving toward cloud computing is necessarily a good thing. Since this is OT, I'll leave it at that. Cheers, Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
On Sun, 2010-07-25 at 22:39 -0400, Gregory Maxwell wrote: On Sun, Jul 25, 2010 at 9:31 PM, Kory Kirk kory.k...@gmail.com wrote: Torbutton is just a firefox extension. I have no idea how it could be shipped including tor itself. In my experience with windows machines in computer labs, you are able to install firefox extensions without the permissions to install programs. I mentioned torbutton for automatic checksum verification of the jar, it wouldn't be necessary - just convenient, because it could be done manually as well. Firefox extensions can and do include arbitrary binary native code, e.g. Firefogg includes ffmpeg, and I'm sure many others include native code too. Just an extension is not a great way of thinking about extensions! If people subject to policy restrictions really can't install software but can install extensions then an extension might be an excellent way of getting tor software to people... perhaps a stripped down end user proxy only distribution of Tor. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ guys, also, there should be some sort of solutions, by which Tor should be able to run in all mobile devices. not only in androids. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
Hi, On 26.07.2010 04:39, Gregory Maxwell wrote: In my experience with windows machines in computer labs, you are able to install firefox extensions without the permissions to install programs. If people subject to policy restrictions really can't install software but can install extensions then an extension might be an excellent way of getting tor software to people... perhaps a stripped down end user proxy only distribution of Tor. The main difference here is that most programs try to install to Program Files, which requires administrative privileges for the benefit of protection against later tampering. Firefox extensions (by default) end up in the users home directory. I am not sure if it actually does, but the Tor installer should be able to install and run as user just fine, once you point it to a location where you can actually write to. Moritz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
On Sun, Jul 25, 2010 at 06:07:02PM -0400, gmaxw...@gmail.com wrote 0.5K bytes in 9 lines about: : On Sun, Jul 25, 2010 at 5:58 PM, Moritz Bartl t...@wiredwings.com wrote: : That being said, you should look into the bridge concept. : http://www.torproject.org/bridges.html.en : : Bridge-relays do no good for people who can't load the tor software. : That is specifically what I was responding to. So rename it as powerpoint.exe, it works fine. People in very oppressed environments manage to use tor just fine; sometimes these environments are not companies with an overactive security fetish. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
On Mon, Jul 26, 2010 at 01:03:14PM +0530, arsha...@gmail.com wrote 1.6K bytes in 30 lines about: : also, there should be some sort of solutions, by which Tor should be : able to run in all mobile devices. : not only in androids. It runs on iphone, android, and maemo right now. No one has tried porting it to non-smartphone OSes yet. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
On Sun, Jul 25, 2010 at 05:44:29PM -0400, prae...@yahoo.com wrote 2.0K bytes in 37 lines about: : At work I am unable to run or use tor even from a USB key - they are prevented from working. It might be nice to have a website(s) that act as entry points to tor and that use names that do not immediately scream TOR PROXY SERVER! TOR ENTRY POINT RIGHT HERE! so that it is less likely for IT departments to be able to easily block access to such (I am also prevented from accessing any proxy servers and they often name themselves as proxies to boot so they scream their nature and make it easy to block). Is there any way to create tor entry point servers that provide the benefits of the tor network without the cost of providing the site with user ID AND endpoint site? As someone else said, these are called bridges. I've met people who work on systems that are effectively a dumb terminal since they are so locked down. I've not had any serious time to debug how to either bypass the blocking or get tor working. I've also noted that these environments are also mitm all ssl, which breaks tor too. The employees are prisoners in their own jobs. So they spend most of their time pretending to be busy since they can't do anything else. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
A suggestion to TOR [a proxy server]
hi all, i would like to suggest TOR to build some sort of online system, like a proxy server. where ppl just come and enter the address in the text box and hit 'surf with tor' or something. so that the same objective is achieved as in running the TOR client. its easier for pcs and mobile devices as well (as most mobile devices still don't support TOR). and i think, this can be a step towards the increasing trend of cloud computing, if i have correctly understood what is cloud computing. :D thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
emigrant writes: hi all, i would like to suggest TOR to build some sort of online system, like a proxy server. where ppl just come and enter the address in the text box and hit 'surf with tor' or something. so that the same objective is achieved as in running the TOR client. its easier for pcs and mobile devices as well (as most mobile devices still don't support TOR). and i think, this can be a step towards the increasing trend of cloud computing, if i have correctly understood what is cloud computing. :D The Tor developers don't think that would achieve the same objective as Tor, because the proxy server would be in a position to know both where you are coming from and what you are doing. Tor aims to prevent anyone from being in this position, and in any case the Tor Project wouldn't want to be: https://www.torproject.org/faq#Torisdifferent -- Seth Schoen Senior Staff Technologist sch...@eff.org Electronic Frontier Foundationhttps://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 +1 415 436 9333 x107 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
At work I am unable to run or use tor even from a USB key - they are prevented from working. It might be nice to have a website(s) that act as entry points to tor and that use names that do not immediately scream TOR PROXY SERVER! TOR ENTRY POINT RIGHT HERE! so that it is less likely for IT departments to be able to easily block access to such (I am also prevented from accessing any proxy servers and they often name themselves as proxies to boot so they scream their nature and make it easy to block). Is there any way to create tor entry point servers that provide the benefits of the tor network without the cost of providing the site with user ID AND endpoint site? On Sunday 25 July 2010 04:40:33 pm you wrote: emigrant writes: hi all, i would like to suggest TOR to build some sort of online system, like a proxy server. where ppl just come and enter the address in the text box and hit 'surf with tor' or something. so that the same objective is achieved as in running the TOR client. its easier for pcs and mobile devices as well (as most mobile devices still don't support TOR). and i think, this can be a step towards the increasing trend of cloud computing, if i have correctly understood what is cloud computing. :D The Tor developers don't think that would achieve the same objective as Tor, because the proxy server would be in a position to know both where you are coming from and what you are doing. Tor aims to prevent anyone from being in this position, and in any case the Tor Project wouldn't want to be: https://www.torproject.org/faq#Torisdifferent -- The modern conservative is engaged in one of man's oldest exercises in moral philosophy; that is, the search for a superior moral justification for selfishness. -- John Kenneth Galbraith *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
That being said, you should look into the bridge concept. http://www.torproject.org/bridges.html.en On 25.07.2010 23:50, Gregory Maxwell wrote: On Sun, Jul 25, 2010 at 5:44 PM, Praedor Atrebates prae...@yahoo.com wrote: At work I am unable to run or use tor even from a USB key - they are prevented from working. It might be nice to have a website(s) that act as entry points to tor and that use names that do not immediately scream TOR PROXY SERVER! TOR ENTRY POINT RIGHT HERE! so that it is less likely for IT departments to be able to easily block access to such (I am also prevented from accessing any proxy servers and they often name themselves as proxies to boot so they scream their nature and make it easy to block). Is there any way to create tor entry point servers that provide the benefits of the tor network without the cost of providing the site with user ID AND endpoint site? If you do not control the computer you are using then you have already lost the privacy/censorship battle and TOR can't help you. If someone wanted to run an open proxy network which exited via tor there is no way that we could stop them... but they should NOT use the word tor to describe their service because such a service would NOT and could NOT provide the anonymity protection which tor is intended to provide. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
On Sun, Jul 25, 2010 at 5:58 PM, Moritz Bartl t...@wiredwings.com wrote: That being said, you should look into the bridge concept. http://www.torproject.org/bridges.html.en Bridge-relays do no good for people who can't load the tor software. That is specifically what I was responding to. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
emigrant writes: i would like to suggest TOR to build some sort of online system, like a proxy server. where ppl just come and enter the address in the text box and hit 'surf with tor' or something. I think this can be achieved with a Java applet. So maybe when JTor is finished. A relay could host a web server, and have the Java applet on it. The applet would need to be signed, and could be further verified by a checksum, which could be done automatically by Torbutton. The server would act as the entry point for all of your circuits. Since the JVM is running on your machine, the entry point would not see the destination. Imagine if there was a list of relays implementing this method, and you could possibly choose one by location. Seth David Schoen writes: The Tor developers don't think that would achieve the same objective as Tor, because the proxy server would be in a position to know both where you are coming from and what you are doing. I think this would be solved because data going from the client to the proxy server would be the same as normal traffic between client and entry node. Although it would probably bring up all sorts of adversarial issues. I am interested if anyone sees a major flaw in this design. -koryk On Sun, Jul 25, 2010 at 5:07 PM, Gregory Maxwell gmaxw...@gmail.com wrote: On Sun, Jul 25, 2010 at 5:58 PM, Moritz Bartl t...@wiredwings.com wrote: That being said, you should look into the bridge concept. http://www.torproject.org/bridges.html.en Bridge-relays do no good for people who can't load the tor software. That is specifically what I was responding to. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
On Sun, Jul 25, 2010 at 7:33 PM, Kory Kirk kory.k...@gmail.com wrote: I think this can be achieved with a Java applet. So maybe when JTor is finished. A relay could host a web server, and have the Java applet on it. The applet would need to be signed, and could be further verified by a checksum, which could be done automatically by Torbutton. The server would act as the entry point for all of your circuits. Since the JVM is running on your machine, the entry point would not see the destination. Imagine if there was a list of relays implementing this method, and you could possibly choose one by location. Seth David Schoen writes: The Tor developers don't think that would achieve the same objective as Tor, because the proxy server would be in a position to know both where you are coming from and what you are doing. I think this would be solved because data going from the client to the proxy server would be the same as normal traffic between client and entry node. Although it would probably bring up all sorts of adversarial issues. I am interested if anyone sees a major flaw in this design. -koryk (1) If the user can't install the regular tor package that means that someone else has enough control over his system that he can't trust any validation on his system. Short of abusing the treacherous computing for good, there is no real way to have confidence in any validation system running on an untrusted machine. More practically important, (2) If the user can install the torbutton software he either could install tor directly or a version of torbutton can be shipped _including_ tor itself. and (3) If the server in question provides the torbutton it could easily provide a modified copy of it. So this doesn't eliminate the bootstrapping problem. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: A suggestion to TOR [a proxy server]
On Sun, Jul 25, 2010 at 7:02 PM, Gregory Maxwell gmaxw...@gmail.com wrote: (1) If the user can't install the regular tor package that means that someone else has enough control over his system that he can't trust any validation on his system. Short of abusing the treacherous computing for good, there is no real way to have confidence in any validation system running on an untrusted machine. If the user's computer is restricted by some policy (e.g. not allowing installation of applications, not allowing usb drives), it doesn't necessarily mean that the validation systems are untrustworthy. Although I understand the point, it can be applied for most workplace machines, or a machine that have more than one user with admin/root. The browser or JVM would have to be modified to break the validation system on the local machine. It could also be done via MITM because the user would be going through the local network. The main validation system necessary here would be the signed applet, which is handled by Java, which is called by the browser. Could additionally be verified by manually comparing the fingerprint of the public key used to verify the jar. The lookup for the fingerprints of the key would need to be done on an alternative connection. It seems to me that it would be much easier to just block it than compromise the verification mechanisms on the local computer. More practically important, (2) If the user can install the torbutton software he either could install tor directly or a version of torbutton can be shipped _including_ tor itself. Torbutton is just a firefox extension. I have no idea how it could be shipped including tor itself. In my experience with windows machines in computer labs, you are able to install firefox extensions without the permissions to install programs. I mentioned torbutton for automatic checksum verification of the jar, it wouldn't be necessary - just convenient, because it could be done manually as well. and (3) If the server in question provides the torbutton it could easily provide a modified copy of it. So this doesn't eliminate the bootstrapping problem. I don't see a reason for the server/relay to be providing torbutton, it is available through Mozilla and torproject. Also, firefox extensions can be signed and verified (and the pk could be manually verified).
Re: A suggestion to TOR [a proxy server]
On Sun, Jul 25, 2010 at 9:31 PM, Kory Kirk kory.k...@gmail.com wrote: Torbutton is just a firefox extension. I have no idea how it could be shipped including tor itself. In my experience with windows machines in computer labs, you are able to install firefox extensions without the permissions to install programs. I mentioned torbutton for automatic checksum verification of the jar, it wouldn't be necessary - just convenient, because it could be done manually as well. Firefox extensions can and do include arbitrary binary native code, e.g. Firefogg includes ffmpeg, and I'm sure many others include native code too. Just an extension is not a great way of thinking about extensions! If people subject to policy restrictions really can't install software but can install extensions then an extension might be an excellent way of getting tor software to people... perhaps a stripped down end user proxy only distribution of Tor. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/