PrivacyNow
Hi, would the owner of exit PrivacyNow (reportedly in Denmark) please turn off blacklisting of sites in their OpenDNS account? Thanks, GD _ The New Busy is not the old busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID27925::T:WLMTAGL:ON:WL:en-US:WM_HMP:032010_3
Re: PrivacyNow
downie - wrote, On 2010-03-23 20:27: > Hi, > would the owner of exit PrivacyNow (reportedly in Denmark) please turn off > blacklisting of sites in their OpenDNS account? Or even better, use the resolvers from: http://censurfridns.dk/ -- Regards Georg Sluyterman *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Wed, 14 Apr 2010 13:34:47 +0200 Runa Sandvik wrote: >On Wed, Apr 14, 2010 at 1:31 PM, wrote: >> Hello > >Hi, > >> When you add the exit PrivacyNow to "your" ExcludeExitNodes list, is this >> done automatically inside of the Tor program afterwards, for any or all >> clients,=A0 or is this something I need to do also do in my torrc file? > >This is something that you will have to do in your torrc file as well. > Yes, I guess I kind of botched my first message on this. I should have also added a request that the directory authorities flag PrivacyNow as a "BadExit" because it clearly meets the definition of a bad exit. However, 1) any bad exits that I report I also add to my own torrc's ExcludeExitNodes list because a) I want it to take effect immediately and b) sometimes the authority operators appear to make exceptions for some misconfigured/miscreant nodes, and 2) I wasn't really awake yet when I was composing the alarm. PrivacyNow is a very high-performance node, and it will be a shame to lose it as an exit node. (A few hours ago, it was ranked by torstatus as the #44 node by throughput.) However, its owner/operator clearly does not want to be contacted about problems, so we aren't really left with much choice. In any case, it will still be a good entry or middle node for many, many circuits per second. So now I guess I should make the request. Unless the authorities know how to reach the operator of PrivacyNow to get his/her OpenDNS configuration fixed (or switched to Google's open name servers or something similar), will the authorities please flag PrivacyNow as a BadExit ASAP? Thanks. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
Hello Thanks. This brings up a couple of questions. One, The Onion Router.doc recommends against choosing one's exit nodes. Is your recommendation I exclude these naughty exit nodes, that are determined as such by Tor authorities? The .doc (Section 4.9--Can I control what nodes I use for entry/exit?), says, "We don't actually recommend you use these for normal use--you get the best security that Tor can provide when you leave the route selection to Tor." If you agree, why do you do this? I am assuming that is part of what your post implied or meant, i.e. that you do this in spite of Tor's recommendation. Two, in my Home Folder/Library, I have two (2), torrc files. one is torrc, the other is torrc.orig.1 The first one (torrc), has: # This file was generated by Tor; if youedit it, comments will not be preserved # The old torrc file was renamed totorrc.orig.1 or similar, and Tor will ignore it # If set, Tor will accept connectionsfrom the same machine (localhost only) # on this port, and allow thoseconnections to control the Tor process using # the Tor Control Protocol (described incontrol-spec.txt). ControlPort 9051 # Store working data, state, keys, andcaches here. DataDirectory /Users/zZ/.tor/ # Where to send logging messages. Format is minSeverity[-maxSeverity] # (stderr|stdout|syslog|file FILENAME). Log notice stdout The second (torrc.orig.1), has nothing in it. Which should I use? And, most importantly, what exactly do I write or enter into this file? I really don't understand this: entry nodes nickname, nickname,... This is where one does this, is it not? Please be exact, detailed and clear. Unfortunately, what is clear to most of you goes way over my head :() Do I go to Tor's list of naughty exit nodes for the addresses to input? I need lots of help here so I'm asking for your patience too. Thanks very much. -Original Message- From: Scott Bennett To: or-talk@freehaven.net; Runa Sandvik Sent: Wed, Apr 14, 2010 9:51 pm Subject: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account) On Wed, 14 Apr 2010 13:34:47 +0200 Runa Sandvik wrote: >On Wed, Apr 14, 2010 at 1:31 PM, wrote: >> Hello > >Hi, > >> When you add the exit PrivacyNow to "your" ExcludeExitNodes list, is this >> done automatically inside of the Tor program afterwards, for any or all >> clients,=A0 or is this something I need to do also do in my torrc file? > >This is something that you will have to do in your torrc file as well. > Yes, I guess I kind of botched my first message on this. I should have also added a request that the directory authorities flag PrivacyNow as a "BadExit" because it clearly meets the definition of a bad exit. However, 1) any bad exits that I report I also add to my own torrc's ExcludeExitNodes list because a) I want it to take effect immediately and b) sometimes the authority operators appear to make exceptions for some misconfigured/miscreant nodes, and 2) I wasn't really awake yet when I was composing the alarm. PrivacyNow is a very high-performance node, and it will be a shame to lose it as an exit node. (A few hours ago, it was ranked by torstatus as the #44 node by throughput.) However, its owner/operator clearly does not want to be contacted about problems, so we aren't really left with much choice. In any case, it will still be a good entry or middle node for many, many circuits per second. So now I guess I should make the request. Unless the authorities know how to reach the operator of PrivacyNow to get his/her OpenDNS configuration fixed (or switched to Google's open name servers or something similar), will the authorities please flag PrivacyNow as a BadExit ASAP? Thanks. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Wed, 14 Apr 2010 21:14:49 -0400 zzzjethro...@email2me.net wrote: >Thanks. This brings up a couple of questions. One, The Onion Router.doc re= >commends against choosing one's exit nodes. Is your recommendation I exclu= >de these naughty exit nodes, that are determined as such by Tor authoritie= >s? You may have missed a distinction there. ExcludeExitNodes does not choose your exit nodes, but rather tells your client which nodes *not* to use. > >The .doc (Section 4.9--Can I control what nodes I use for entry/exit?), sa= >ys,=20 >"We don't actually recommend you use these for normal use--you get the bes= >t security that Tor can provide when you leave the route selection to Tor.= >" If you agree, why do you do this? I am assuming that is part of what you= >r post implied or meant, i.e. that you do this in spite of Tor's recommend= >ation. There are two cases here to discuss. The first is when one is testing a particular exit that one suspects may be corrupted or dysfunctional in some other way that you find unacceptable. Until the most recent versions of tor, one could perform such a test by choosing the exit with the .exit notation in a host+domainname (e.g., some.website.com.privacynow.exit), which tells the client to build a circuit that uses PrivacyNow as the exit node. Unfortunate (IMO), the latest versions have the support for .exit either disabled or deleted, apparently leaving us no easy way to perform such tests. I've asked recently on this list whether some other easy way were available, but have been met with silence, so I assume that there still is none. The second case is when a malfunctioning exit has been affirmatively identified. In such a case, one should post a message either here or on tor-rel...@torproject.org to notify all subscribers to the selected list. The directory authority operators read these lists, and if they are in agreement about your complaint, they will assign a BadExit flag to the offending node. While you and others wait for them to notice your message and decide what, if anything, to do about it, you and others need a way to enforce exclusion of that node from the circuit route selection process for use as an exit node. The ExcludeExitNodes statements in torrc are used to accomplish that exclusion. Also, sometimes the authority operators may disagree with your evaluation of a particular case and therefore refuse to flag the exit node with a BadExit flag in the directory. You can still force your own client to abide by your evaluation and decision through use of the ExcludeExitNodes statement in torrc. W.r.t. the documentation you cite, it is worth noting that being far more reluctant to exclude misbehaving nodes from use as exits was a bigger issue in the days when the tor network only had, say, 200 or fewer exits running at any one time. Now that there are usually 400 - 700 exits running at any given time, there isn't much anonymity to be preserved by allowing the use of such exits, and there may be much to be lost, depending upon the situation. I've accumulated a fairly lengthy list of excluded exits, but I do go through it every year or two to see which excluded exit nodes a) are still around and running and b) have corrected whatever I had found objectionable, as well as c) which are no longer around and can be eliminated from the list anyway. When I find nodes that are no longer a problem, I remove them from my exclusions. > >Two, in my Home Folder/Library, I have two (2), torrc files. one is torrc,= > the other is torrc.orig.1 > >The first one (torrc), has: > ># This file was generated by Tor; if youedit it, comments will not be pres= I think the comment may be a lie. It's most likely a torrc produced by vidalia, not tor. (Someone please correct me if I've forgotten some special case in which tor does rewrite a torrc.) >erved ># The old torrc file was renamed totorrc.orig.1 or similar, and Tor will= > ignore it > # If set, Tor will accept connectionsfrom the same machine (localhost onl= >y) ># on this port, and allow thoseconnections to control the Tor process usin= >g ># the Tor Control Protocol (described incontrol-spec.txt). >ControlPort 9051 ># Store working data, state, keys, andcaches here. >DataDirectory /Users/zZ/.tor/ ># Where to send logging messages. Format is minSeverity[-maxSeverity] ># (stderr|stdout|syslog|file FILENAME). >Log notice stdout > > >The second (torrc.orig.1), has nothing in it.=20 >Which should I use? And, most importantly, what exactly do I write or ente= Not the empty one, obviously. :-) >r into this file?=20 >I really don't understand this: entry nodes nickname, nickname,... >This is where one does this, is it not? Please be exact, detailed and clea= >r. Unfortunately, what is clear to most of you g
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Apr 15, 2010, at 8:17 AM, Scott Bennett wrote: Unfortunate (IMO), the latest versions have the support for .exit either disabled or deleted, apparently leaving us no easy way to perform such tests. I've asked recently on this list whether some other easy way were available, but have been met with silence, so I assume that there still is none. If you want the functionality, feel free to set the AllowDotExit config option to 1. Note that this can't be recommended, because it opens you up for attacks where the exit node can choose who your exit is going to be, unless you use encrypted protocols when webbrowsing only. # This file was generated by Tor; if youedit it, comments will not be pres= I think the comment may be a lie. It's most likely a torrc produced by vidalia, not tor. (Someone please correct me if I've forgotten some special case in which tor does rewrite a torrc.) I think it is more likely that the file was written by Tor, via the SAFECONF torctl command. Sebastian *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Thu, 15 Apr 2010 08:25:07 +0200 Sebastian Hahn wrote: >On Apr 15, 2010, at 8:17 AM, Scott Bennett wrote: >> Unfortunate (IMO), the latest versions have the support for .exit >> either disabled or deleted, apparently leaving us no easy way to >> perform >> such tests. I've asked recently on this list whether some other >> easy way >> were available, but have been met with silence, so I assume that there >> still is none. > >If you want the functionality, feel free to set the AllowDotExit >config option >to 1. Note that this can't be recommended, because it opens you up for That is what I have been doing in order to be able to test for exit misbehavior. However, the ChangeLog notes under "Minor bugfixes" for 0.2.2.9-alpha the following: - Resume handling .exit hostnames in a special way: originally we stripped the .exit part and used the requested exit relay. In 0.2.2.1-alpha we stopped treating them in any special way, meaning if you use a .exit address then Tor will pass it on to the exit relay. Now we reject the .exit stream outright, since that behavior ^^^ might be more expected by the user. Found and diagnosed by Scott ?? Bennett and Downie on or-talk. I understood the "Now we reject" part as meaning that the .exit support had been completely removed. I do not understand why that behavior "might be more expected by the user." In any case, the above note is why I've paused at 0.2.2.7-alpha while waiting to discover some fairly easy-to-use alternative method of testing exit behavior. >attacks where the exit node can choose who your exit is going to be, >unless you use encrypted protocols when webbrowsing only. > Regarding the attack route you mention, I have some firefox plug-ins like NoRedirect and RefreshBlocker installed in addition to the recommended plug-ins (including QuickJava, NoScript, and Torbutton especially) that should help with automated stuff, and I'm in the habit of checking the actual URLs in links before using the links manually. In many cases, I don't even use firefox to get stuff from the links, but rather do a copy-and-paste to a wget(1) or some other downloader command in an xterm(1), so I have plenty of opportunity to notice that sort of interference. If those strategies still miss something, please do let me know. >>> # This file was generated by Tor; if youedit it, comments will not >>> be pres= >> >> I think the comment may be a lie. It's most likely a torrc >> produced by >> vidalia, not tor. (Someone please correct me if I've forgotten some >> special >> case in which tor does rewrite a torrc.) > >I think it is more likely that the file was written by Tor, via the >SAFECONF >torctl command. > Okay, I guess I had forgotten tor implemented such a command, but who is issuing the command? Vidalia? Thanks for the information, Sebastian. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Apr 15, 2010, at 9:11 AM, Scott Bennett wrote: On Thu, 15 Apr 2010 08:25:07 +0200 Sebastian Hahn > wrote: On Apr 15, 2010, at 8:17 AM, Scott Bennett wrote: Unfortunate (IMO), the latest versions have the support for .exit either disabled or deleted, apparently leaving us no easy way to perform such tests. I've asked recently on this list whether some other easy way were available, but have been met with silence, so I assume that there still is none. If you want the functionality, feel free to set the AllowDotExit config option to 1. Note that this can't be recommended, because it opens you up for That is what I have been doing in order to be able to test for exit misbehavior. However, the ChangeLog notes under "Minor bugfixes" for 0.2.2.9-alpha the following: - Resume handling .exit hostnames in a special way: originally we stripped the .exit part and used the requested exit relay. In 0.2.2.1-alpha we stopped treating them in any special way, meaning if you use a .exit address then Tor will pass it on to the exit relay. Now we reject the .exit stream outright, since that behavior ^^^ might be more expected by the user. Found and diagnosed by Scott ?? Bennett and Downie on or-talk. I understood the "Now we reject" part as meaning that the .exit support had been completely removed. I do not understand why that behavior "might be more expected by the user." In any case, the above note is why I've paused at 0.2.2.7-alpha while waiting to discover some fairly easy-to-use alternative method of testing exit behavior. Ah no, that's not what is meant here. The idea is that when .exit is disabled, we reject connections to some domain ending in .exit, instead of passing that URL to the exit node. This is more expected behaviour because there is no .exit tld currently, so people telling to to go to xyz.exit are most likely thinking that they are talking to a tor with the .exit functionality enabled. attacks where the exit node can choose who your exit is going to be, unless you use encrypted protocols when webbrowsing only. Regarding the attack route you mention, I have some firefox plug- ins like NoRedirect and RefreshBlocker installed in addition to the recommended plug-ins (including QuickJava, NoScript, and Torbutton especially) that should help with automated stuff, and I'm in the habit of checking the actual URLs in links before using the links manually. In many cases, I don't even use firefox to get stuff from the links, but rather do a copy-and-paste to a wget(1) or some other downloader command in an xterm(1), so I have plenty of opportunity to notice that sort of interference. If those strategies still miss something, please do let me know. I suppose you still load images and possibly other resources, too; those can be fetched from arbitrary locations unless disabled via special-purpose addons like RequestPolicy. # This file was generated by Tor; if youedit it, comments will not be pres= I think the comment may be a lie. It's most likely a torrc produced by vidalia, not tor. (Someone please correct me if I've forgotten some special case in which tor does rewrite a torrc.) I think it is more likely that the file was written by Tor, via the SAFECONF torctl command. Okay, I guess I had forgotten tor implemented such a command, but who is issuing the command? Vidalia? Thanks for the information, Sebastian. Yes, Vidalia as the only Tor controller in a typical setup would be issuing the saveconf command. Sebastian *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Thu, 15 Apr 2010 09:17:39 +0200 Sebastian Hahn wrote: >On Apr 15, 2010, at 9:11 AM, Scott Bennett wrote: > >> On Thu, 15 Apr 2010 08:25:07 +0200 Sebastian Hahn >> > > >> wrote: >>> On Apr 15, 2010, at 8:17 AM, Scott Bennett wrote: Unfortunate (IMO), the latest versions have the support for .exit either disabled or deleted, apparently leaving us no easy way to perform such tests. I've asked recently on this list whether some other easy way were available, but have been met with silence, so I assume that there still is none. >>> >>> If you want the functionality, feel free to set the AllowDotExit >>> config option >>> to 1. Note that this can't be recommended, because it opens you up >>> for >> >> That is what I have been doing in order to be able to test for >> exit >> misbehavior. However, the ChangeLog notes under "Minor bugfixes" for >> 0.2.2.9-alpha the following: >> >> - Resume handling .exit hostnames in a special way: originally we >> stripped the .exit part and used the requested exit relay. In >> 0.2.2.1-alpha we stopped treating them in any special way, meaning >> if you use a .exit address then Tor will pass it on to the exit >> relay. Now we reject the .exit stream outright, since that behavior >> ^^^ >> might be more expected by the user. Found and diagnosed by Scott >> ?? >> Bennett and Downie on or-talk. >> >> I understood the "Now we reject" part as meaning that the .exit >> support had >> been completely removed. I do not understand why that behavior >> "might be >> more expected by the user." In any case, the above note is why I've >> paused >> at 0.2.2.7-alpha while waiting to discover some fairly easy-to-use >> alternative >> method of testing exit behavior. > >Ah no, that's not what is meant here. The idea is that when .exit is >disabled, >we reject connections to some domain ending in .exit, instead of passing >that URL to the exit node. This is more expected behaviour because there >is no .exit tld currently, so people telling to to go to xyz.exit are >most likely >thinking that they are talking to a tor with the .exit functionality >enabled. > Great! Thanks for the clarification. I'll go ahead and upgrade soon. >> >>> attacks where the exit node can choose who your exit is going to be, >>> unless you use encrypted protocols when webbrowsing only. >>> >> Regarding the attack route you mention, I have some firefox plug- >> ins >> like NoRedirect and RefreshBlocker installed in addition to the >> recommended >> plug-ins (including QuickJava, NoScript, and Torbutton especially) >> that should >> help with automated stuff, and I'm in the habit of checking the >> actual URLs >> in links before using the links manually. In many cases, I don't >> even use >> firefox to get stuff from the links, but rather do a copy-and-paste >> to a >> wget(1) or some other downloader command in an xterm(1), so I have >> plenty of >> opportunity to notice that sort of interference. If those >> strategies still >> miss something, please do let me know. > >I suppose you still load images and possibly other resources, too; >those can be fetched from arbitrary locations unless disabled via >special-purpose addons like RequestPolicy. Hmmm...yes, some images load without intervention, although many do not. Okay, I'll change my habits, so that torrc will have it turned off by default, and I'll only turn it on (and send tor a SIGHUP) when I really need it. OTOH, thanks very much for the tip about RequestPolicy. I didn't know about that one, so I'll check into it. > > # This file was generated by Tor; if youedit it, comments will not > be pres= I think the comment may be a lie. It's most likely a torrc produced by vidalia, not tor. (Someone please correct me if I've forgotten some special case in which tor does rewrite a torrc.) >>> >>> I think it is more likely that the file was written by Tor, via the >>> SAFECONF >>> torctl command. >>> >> Okay, I guess I had forgotten tor implemented such a command, >> but who >> is issuing the command? Vidalia? >> Thanks for the information, Sebastian. > >Yes, Vidalia as the only Tor controller in a typical setup would be >issuing >the saveconf command. > Okay, so tor does the actual (re)write, but Vidalia is still the perpetrator as far as the OP should be concerned. :-) Thanks again. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all
Re: PrivacyNow is a BadExit (was Re: PrivacyNow node has misconfigured OpenDNS account)
On Fri, 16 Apr 2010 00:04:06 -0400 zzzjethro...@email2me.net top-posted (again, please stop doing that): > Scott Bennett wrote: > > > "That is why tor is distributed with a complete set of documentation." > >Okay, great. I will read it but all I have in my Home Folder, in Library,= > is Vidalia. In earlier versions, there used to be folders for Tor, Privox= >y and Vidalia,=20 >so where do I find this documentation? I kept assuming you were referring= > to The Onion Router.doc but now I'm guessing you're not. > In your tor distribution, there should be a "doc" directory. The stuff you're looking for is all in the subdirectories called "design-paper", "spec", and "website", although there are also three man pages and a couple of .txt files in the doc directory itself. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
PrivacyNow node has misconfigured OpenDNS account
I just found my weather information being blocked, giving me the OpenDNS "access blocked" web page. After some checking, I found the culprit exit: PrivacyNow. There is no contact information in its descriptor in the current directory, so I'm adding it to my ExcludeExitNodes list. :-( Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
BadExit flag still needed for PrivacyNow...
My weather satellite images got blocked again, due to the PrivacyNow exit using OpenDNS with a misconfigured account and the fact that ExcludeExitNodes still doesn't work reliably. Will the the authority operators *please* stick a BadExit flag onto that router's entry in the consensus? Thanks! Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow node has misconfigured OpenDNS account
Hello When you add the exit PrivacyNow to "your" ExcludeExitNodes list, is this done automatically inside of the Tor program afterwards, for any or all clients, or is this something I need to do also do in my torrc file? Thanks -Original Message- From: Scott Bennett To: or-t...@seul.org Sent: Wed, Apr 14, 2010 4:52 pm Subject: PrivacyNow node has misconfigured OpenDNS account I just found my weather information being blocked, giving me the OpenDNS "access blocked" web page. After some checking, I found the culprit exit: PrivacyNow. There is no contact information in its descriptor in the current directory, so I'm adding it to my ExcludeExitNodes list. :-( Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: PrivacyNow node has misconfigured OpenDNS account
On Wed, Apr 14, 2010 at 1:31 PM, wrote: > Hello Hi, > When you add the exit PrivacyNow to "your" ExcludeExitNodes list, is this > done automatically inside of the Tor program afterwards, for any or all > clients, or is this something I need to do also do in my torrc file? This is something that you will have to do in your torrc file as well. -- Runa Sandvik *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BadExit flag still needed for PrivacyNow...
On 04/16/2010 12:59 AM, Scott Bennett wrote: > My weather satellite images got blocked again, due to the PrivacyNow > exit using OpenDNS with a misconfigured account and the fact that > ExcludeExitNodes still doesn't work reliably. Will the the authority > operators *please* stick a BadExit flag onto that router's entry in the > consensus? Thanks! I think it's time for a baddns attribute, rather than solely bad exit. The nxdomain test is fairly binary, either your local nameserver is lying to you or not. I may be misunderstanding the "using opendns with a misconfigured account" statement. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BadExit flag still needed for PrivacyNow...
On Sat, 17 Apr 2010 21:54:16 -0400 Andrew Lewman wrote: >On 04/16/2010 12:59 AM, Scott Bennett wrote: >> My weather satellite images got blocked again, due to the PrivacyNow >> exit using OpenDNS with a misconfigured account and the fact that >> ExcludeExitNodes still doesn't work reliably. Will the the authority >> operators *please* stick a BadExit flag onto that router's entry in the >> consensus? Thanks! > >I think it's time for a baddns attribute, rather than solely bad exit. >The nxdomain test is fairly binary, either your local nameserver is >lying to you or not. No objection occurs to me on first reading. Give it shot, and see whether it stops this recurrent problem, which has been griped about on this list by people encountering many instances of it at different exits. Of course, there is the inertial resistance to changes to the directory and consensus specifications, but I doubt most of us have much influence on the development in such cases. In the meantime, however, WE *STILL* NEED A BadExit FLAG FOR PrivacyNow. *PLEASE* *DO* *IT*, and stop stalling! Unless your point in not doing so is that you don't want us to report bad exit behavior so that it can be prevented from messing up the validity of clients' circuit route selections. It is a very high throughput exit node, so it gets to censor *many* streams. > >I may be misunderstanding the "using opendns with a misconfigured >account" statement. > Probably not. The OpenDNS servers, AFAIK, require a free account be established before they will answer queries about domains other than OpenDNS's own domain(s). That can be accomplished via their web site, which also allows the account holder to select various options, one of which determines whether the account holder wishes to have queries about certain domains be hijacked by OpenDNS in accordance with some list OpenDNS maintains. OpenDNS defaults to the censorship option, so an account holder has to make the effort of turning the censorship off. (Apparently, A RR queries for the ghcc.msfc.nasa.gov. domain are hijacked in that way.) The account holder can turn off all hijacking, supposedly, to get the same response they would get from a fully honest name server. tor exit operators are obligated to use name servers that give true answers, so an exit that is querying an OpenDNS name server and that has the highjacking "feature"--again, a Micro$lop usage of the word--enabled is therefore a BadExit. Even though I no longer run an exit, I had been truly fed up with Comcast's hijacking name servers for a long time, so when Google started offering free and open access to honest, though logging, name servers at 8.8.4.4 and 8.8.8.8, I switched to them immediately. I'm not too worried about the logging, because very few name server queries leave my machine anyway, mainly thanks to tor. And if I were running an exit, it still wouldn't bother me much because nearly all queries leaving my machine would have nothing to do with anything I was doing at the time. I've procrastinated so far about setting up a small name server here, basically for cacheing, and I've gotten away with it, I suspect, largely because I discovered nscd(8) on my system and configured it for use. nscd can be configured to cache results in caches for hosts, passwd, group, services, protocols, and RPCs. Additional, system-particular caches can also be defined if one has the need to do so. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BadExit flag still needed for PrivacyNow...
Scott Bennett(benn...@cs.niu.edu)@Sun, Apr 18, 2010 at 03:18:47AM -0500: > On Sat, 17 Apr 2010 21:54:16 -0400 Andrew Lewman > wrote: > >I may be misunderstanding the "using opendns with a misconfigured > >account" statement. > > > Probably not. The OpenDNS servers, AFAIK, require a free account > be established before they will answer queries about domains other than > OpenDNS's own domain(s). That can be accomplished via their web site, > which also allows the account holder to select various options, one of > which determines whether the account holder wishes to have queries about > certain domains be hijacked by OpenDNS in accordance with some list > OpenDNS maintains. OpenDNS defaults to the censorship option, so an > account holder has to make the effort of turning the censorship off. > (Apparently, A RR queries for the ghcc.msfc.nasa.gov. domain are hijacked > in that way.) The account holder can turn off all hijacking, supposedly, > to get the same response they would get from a fully honest name server. > tor exit operators are obligated to use name servers that give true > answers, so an exit that is querying an OpenDNS name server and that has > the highjacking "feature"--again, a Micro$lop usage of the word--enabled > is therefore a BadExit. I'm not weighing in on the BadExit issue, just the technical details. Anyone can use the OpenDNS resolvers without having an account with them. You just don't get to toggle any of the options without doing so. I think that, without an account, you get everything under "OpenDNS Basic" on their website[1] ("Web content filtering", "Proxy/anonymizer blocking", "Phishing protection" and "Botnet protection" being the ones we probably care about here). Scott: if the current owner doesn't have an account set up, _you_ could go to the OpenDNS page (via Tor so it come from that IP) and fix their settings :) [1] http://www.opendns.com/start/ > Even though I no longer run an exit, I had been truly fed up with > Comcast's hijacking name servers for a long time, so when Google started > offering free and open access to honest, though logging, name servers > at 8.8.4.4 and 8.8.8.8, I switched to them immediately. I'm not too > worried about the logging, because very few name server queries leave > my machine anyway, mainly thanks to tor. And if I were running an exit, > it still wouldn't bother me much because nearly all queries leaving my > machine would have nothing to do with anything I was doing at the time. > I've procrastinated so far about setting up a small name server here, > basically for cacheing, and I've gotten away with it, I suspect, largely > because I discovered nscd(8) on my system and configured it for use. > nscd can be configured to cache results in caches for hosts, passwd, > group, services, protocols, and RPCs. Additional, system-particular > caches can also be defined if one has the need to do so. Assuming your ISP doesn't damage your queries for you or redirect outgoing port 53 activity to their servers, setting up Bind as a local resolver is super easy. I'd be glad to help you out with a config if you'd like. -- Bill Weiss The exit code is useful when you want to know if your child grew up and had a good life or it got run over by a truck or something. -- Thu Nguyen, Operating Systems Rutgers University, New Brunswick, New Jersey *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BadExit flag still needed for PrivacyNow...
On Sun, 18 Apr 2010 09:54:31 -0500 Bill Weiss wrote: >Scott Bennett(benn...@cs.niu.edu)@Sun, Apr 18, 2010 at 03:18:47AM -0500: >> On Sat, 17 Apr 2010 21:54:16 -0400 Andrew Lewman >> wrote: >> >I may be misunderstanding the "using opendns with a misconfigured >> >account" statement. >> > >> Probably not. The OpenDNS servers, AFAIK, require a free account >> be established before they will answer queries about domains other than >> OpenDNS's own domain(s). That can be accomplished via their web site, >> which also allows the account holder to select various options, one of >> which determines whether the account holder wishes to have queries about >> certain domains be hijacked by OpenDNS in accordance with some list >> OpenDNS maintains. OpenDNS defaults to the censorship option, so an >> account holder has to make the effort of turning the censorship off. >> (Apparently, A RR queries for the ghcc.msfc.nasa.gov. domain are hijacked >> in that way.) The account holder can turn off all hijacking, supposedly, >> to get the same response they would get from a fully honest name server. >> tor exit operators are obligated to use name servers that give true >> answers, so an exit that is querying an OpenDNS name server and that has >> the highjacking "feature"--again, a Micro$lop usage of the word--enabled >> is therefore a BadExit. > >I'm not weighing in on the BadExit issue, just the technical details. >Anyone can use the OpenDNS resolvers without having an account with them. >You just don't get to toggle any of the options without doing so. I think Oh. Okay. Thanks for the correction. >that, without an account, you get everything under "OpenDNS Basic" on >their website[1] ("Web content filtering", "Proxy/anonymizer blocking", >"Phishing protection" and "Botnet protection" being the ones we probably >care about here). Looks about right. > >Scott: if the current owner doesn't have an account set up, _you_ could go >to the OpenDNS page (via Tor so it come from that IP) and fix their >settings :) > >[1] http://www.opendns.com/start/ Tsk, tsk. Although I suspect that that would not actually violate the criminal statute about unauthorized access, it would nevertheless be quite unethical. Consider the possibility that, laying tor out of view for a moment, there are other uses being made of that computer and/or network for which such blocking might be desired by the owner, e.g., content blocking for a household full of children with several computers available to them on their home network. Granted, an exit should *not* be run in such an environment, but it is not anyone's business to muck with the configuration of someone else's computer or network. > >> Even though I no longer run an exit, I had been truly fed up with >> Comcast's hijacking name servers for a long time, so when Google started >> offering free and open access to honest, though logging, name servers >> at 8.8.4.4 and 8.8.8.8, I switched to them immediately. I'm not too >> worried about the logging, because very few name server queries leave >> my machine anyway, mainly thanks to tor. And if I were running an exit, >> it still wouldn't bother me much because nearly all queries leaving my >> machine would have nothing to do with anything I was doing at the time. >> I've procrastinated so far about setting up a small name server here, >> basically for cacheing, and I've gotten away with it, I suspect, largely >> because I discovered nscd(8) on my system and configured it for use. >> nscd can be configured to cache results in caches for hosts, passwd, >> group, services, protocols, and RPCs. Additional, system-particular >> caches can also be defined if one has the need to do so. > >Assuming your ISP doesn't damage your queries for you or redirect outgoing >port 53 activity to their servers, setting up Bind as a local resolver is >super easy. I'd be glad to help you out with a config if you'd like. > Thanks, but I used to run the primary for the local university long ago, as well as a few unofficial secondaries around the campus. I've just been lazy about setting one up because I haven't really needed one. And, as I wrote before, nscd has been a blessing, not only for A RR queries, but for several other data sets as well. I appreciate the offer, though. FWIW, most of the situations in which my current setup fails involve being disconnected from the ISP due to some outage or modem screwup, so having a name server running wouldn't really help anyway. I just che
Re: BadExit flag still needed for PrivacyNow...
Scott Bennett(benn...@cs.niu.edu)@Sun, Apr 18, 2010 at 10:24:56AM -0500: > On Sun, 18 Apr 2010 09:54:31 -0500 Bill Weiss > wrote: > >Scott: if the current owner doesn't have an account set up, _you_ could go > >to the OpenDNS page (via Tor so it come from that IP) and fix their > >settings :) > > > >[1] http://www.opendns.com/start/ > > Tsk, tsk. Although I suspect that that would not actually violate the > criminal statute about unauthorized access, it would nevertheless be quite > unethical. Consider the possibility that, laying tor out of view for a > moment, there are other uses being made of that computer and/or network for > which such blocking might be desired by the owner, e.g., content blocking > for a household full of children with several computers available to them > on their home network. Granted, an exit should *not* be run in such an > environment, but it is not anyone's business to muck with the configuration > of someone else's computer or network. I considered adding something to that like "It isn't what I would do, but it's up to you to say if you'd be ok with it or not". I strongly doubt there's anything illegal about configuring OpenDNS for an unclaimed IP (which is different than if the IP is attached to an account there). I'll leave my commentary about the wisdom of outsourcing your content filtering for your children to a company you have no actual relationship with unsaid. -- Bill Weiss *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BadExit flag still needed for PrivacyNow...
On Thu, Apr 15, 2010 at 11:59:31PM -0500, Scott Bennett wrote: > My weather satellite images got blocked again, due to the PrivacyNow > exit using OpenDNS with a misconfigured account and the fact that > ExcludeExitNodes still doesn't work reliably. Will the the authority > operators *please* stick a BadExit flag onto that router's entry in the > consensus? Thanks! Sebastian just confirmed for me that it was really happening, so I've set the BadExit flag for moria1. I agree that dns filtering is a good reason for earning the BadExit flag. Once tor26 or ides set it also, it should take effect. Sorry for the delay in response. As usual, we're all overbusy over here. I was supposed to be on an airplane over the Atlantic now -- but it looks instead like I can catch up on my email. :) On the bright side though, it's looking good that we'll be able to get a google summer of code student to revive Mike Perry's "Snakes on a Tor" project, and hopefully that means we will a) have some automated scans looking for really obviously broken relays, and b) build a clearer policy about what counts as badexit and what doesn't, so we can react faster next time. Thanks! --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BadExit flag still needed for PrivacyNow...
Hello, That's a great news and about scanner, i would like set one but so far i wasn't able to do right and doesn't worked. I hope that more complete doc about Torflow will be done to can help with starting scanner.. Any help welcome :D Best Regards SwissTorExit signature.asc Description: This is a digitally signed message part.
Re: BadExit flag still needed for PrivacyNow...
Roger Dingledine wrote: > On Thu, Apr 15, 2010 at 11:59:31PM -0500, Scott Bennett wrote: >> My weather satellite images got blocked again, due to the PrivacyNow >> exit using OpenDNS with a misconfigured account and the fact that >> ExcludeExitNodes still doesn't work reliably. Will the the authority >> operators *please* stick a BadExit flag onto that router's entry in the >> consensus? Thanks! > > Sebastian just confirmed for me that it was really happening, so I've > set the BadExit flag for moria1. I agree that dns filtering is a good > reason for earning the BadExit flag. > > Once tor26 or ides set it also, it should take effect. I've also set the authdirbadexit on urras for the PrivacyNow node. It seems like we should make a baddns flag at some point. All the best, Jake signature.asc Description: OpenPGP digital signature
Re: BadExit flag still needed for PrivacyNow...
On Sun, 18 Apr 2010 13:21:33 -0400 Roger Dingledine wrote: >On Thu, Apr 15, 2010 at 11:59:31PM -0500, Scott Bennett wrote: >> My weather satellite images got blocked again, due to the PrivacyNow >> exit using OpenDNS with a misconfigured account and the fact that >> ExcludeExitNodes still doesn't work reliably. Will the the authority >> operators *please* stick a BadExit flag onto that router's entry in the >> consensus? Thanks! > >Sebastian just confirmed for me that it was really happening, so I've >set the BadExit flag for moria1. I agree that dns filtering is a good >reason for earning the BadExit flag. > >Once tor26 or ides set it also, it should take effect. Thanks much, Roger. Since the flag appeared, I've had no further failures of that sort. > >Sorry for the delay in response. As usual, we're all overbusy over >here. I was supposed to be on an airplane over the Atlantic now -- Bummer. I hope whatever you were going to attend can be rescheduled. >but it looks instead like I can catch up on my email. :) > >On the bright side though, it's looking good that we'll be able to get a >google summer of code student to revive Mike Perry's "Snakes on a Tor" >project, and hopefully that means we will a) have some automated scans >looking for really obviously broken relays, and b) build a clearer policy >about what counts as badexit and what doesn't, so we can react faster >next time. Both would be Very Good Things (tm). Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BadExit flag still needed for PrivacyNow...
On Sun, 18 Apr 2010 21:29:04 -0700 Jacob Appelbaum wrote: >Roger Dingledine wrote: >> On Thu, Apr 15, 2010 at 11:59:31PM -0500, Scott Bennett wrote: >>> My weather satellite images got blocked again, due to the Privacy= >Now >>> exit using OpenDNS with a misconfigured account and the fact that >>> ExcludeExitNodes still doesn't work reliably. Will the the authority >>> operators *please* stick a BadExit flag onto that router's entry in th= >e >>> consensus? Thanks! >>=20 >> Sebastian just confirmed for me that it was really happening, so I've >> set the BadExit flag for moria1. I agree that dns filtering is a good >> reason for earning the BadExit flag. >>=20 >> Once tor26 or ides set it also, it should take effect. > >I've also set the authdirbadexit on urras for the PrivacyNow node. Thanks, Jake. > >It seems like we should make a baddns flag at some point. I've been turning that over in my mind for day or two now, and I'm still trying to think of why we would need it. What the authorities would communicate to clients is basically, "Don't use this node as an exit." Well, we already have a flag for that. We also have a flag ("Invalid") that says, "Don't use this node at all", which could have been used to deal with the "throughput capacity exaggeration" attack-- which the tor network is *not* known to have ever experienced--quite easily, rather than the frankly ham-handed method that was implemented instead. If you're worried about a NORDO relay operator like PrivacyNow's operator who discovers his/her node has been assigned a BadExit flag and wants to know why, that operator can always write to tor-ops@ to find out. Perhaps a note to that effect regarding all cautionary flags-- is there still a bad directory flag, as referenced on the torstatus page?--(e.g., BadExit, Invalid) could be added to the torproject.org web pages somewhere. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/