Re: Tor blocking german nodes
On Sat, Nov 24, 2007 at 10:44:17AM +0100, Andrew wrote: Sadly, what you say is true. Precautions have to be implemented in Tor that no more than one node from Germany is chosen for any connection. We should ask tor development to implement such a feature until 12/2008, and have it activated automatically before the end of next year. Alas, I fear it's more complex than that. There are two anonymity-related issues that people here aren't considering enough: a) Tor's security doesn't come from having any single honest (unobserved) relay on the path. It comes from the adversary not being able to see (measure) traffic on both ends of the circuit. See e.g. http://freehaven.net/anonbib/#danezis:pet2004 So for example if the destination website is in Germany, and it logs all the packets it sees, then a logging entry relay would be sufficient to give away the game. b) If the Tor relay's ISP is logging enough, then it doesn't matter what the Tor relay itself logs. I'm still hoping to hear an answer to Mike Perry's question at http://archives.seul.org/or/talk/Nov-2007/msg00146.html Then see http://freehaven.net/anonbib/#murdoch-pet2007 If sufficient logging becomes pervasive at the ISP or IX level, then it would seem that either we'll need to excise those jurisdictions from the Tor network (and worse, give up on providing anonymity to users there), or work on anonymity designs that tolerate this level of attack while still remaining usable. And that's where the actual definition of traffic headers or traffic data becomes critical -- and as I understand it, nobody yet knows what definitions will be used in practice. So it is premature to start deploying any alternate designs. But yes, if it gets to that point, we will be working hard on ways to avoiding leaving as many tracks in these large central databases. Even if I entirely trusted the authorities to only use the data in critical situations, what scares me most is the poor track record of large organizations at securing huge piles of sensitive data. We don't have to look very far for stunning examples of data leaks. These extra requirements like realtime access just make the task even more impossible. But please, everybody, do not overreact by blocking german tor nodes. The law will only have an effect for tor operators by the beginning of 2009, and I doubt anyone will start logging before that. Right. If you would like to start logging early, please instead turn off your Tor relay. And if the authorities try to force you to start logging early, please also turn off your Tor relay, and then find some lawyers to help you figure out how to notify the world safely. Plus, there's still a chance the german Supreme Court (Bundesverfassungsgericht) will stop this law before the end of next year. The lawsuit is under way... Good luck! --Roger
Re: Tor blocking german nodes
kazaam schrieb: All german nodes (entry,middle and exit) are forced to log who connected to them and what they manipulated on the packet. So if you are accidently just connected to german nodes they got you. There's afaik no way in tor to prevent that this happens. Maybe blocking all german nodes would be too much and as you said destroying the network but at least there have to be taken care that not more than 1 node comes from germany. Sadly, what you say is true. Precautions have to be implemented in Tor that no more than one node from Germany is chosen for any connection. We should ask tor development to implement such a feature until 12/2008, and have it activated automatically before the end of next year. Actually, it might be wise to develop a feature that lets the client choose no more than one node from _any_ country, since other EU countries might use the directive that led to the german law, to pass similar laws. Anonymous communication is something a lot of executive agencies would like very much to get rid of, and this might be their way to achieve that goal. But please, everybody, do not overreact by blocking german tor nodes. The law will only have an effect for tor operators by the beginning of 2009, and I doubt anyone will start logging before that. Blocking german tor nodes on a larger scale will have a very serious impact on tor's network reliability and speed, which is something we don't need. Plus, there's still a chance the german Supreme Court (Bundesverfassungsgericht) will stop this law before the end of next year. The lawsuit is under way... Andrew -- All german tor operators, if you are interested in helping to set up a german tor legal fund, please subscribe to [EMAIL PROTECTED]
Re: Tor blocking german nodes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew wrote: Actually, it might be wise to develop a feature that lets the client choose no more than one node from _any_ country, since other EU countries might use the directive that led to the german law, to pass similar laws. Which means, if you really want to block Tor nodes from countries who make logging mandatory, you should do this for all EU-countries. After all, Germany is only following the EU's demand for such a data retention act. I bet a fiver: If Germany really passes that law and if the Supreme Court doesn't rule against that law, everyone else in the EU will just follow (except maybe Greece...) 'Nuff said. Let's stop the nay saying ;) The law isn't active yet. The law isn't even ratified. And no one even started logging. The lawsuit, which's underway, isn't even filed at the Supreme Court. Yet. We're living in interesting times, but there's no need to overreact. Alex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR0gLORYlVVSQ3uFxAQJz3QP+JzTLsafsqrl3tHnpJX+5qBuLg1nlXFAR 1eZ7a7G6bpJlB/M2/YlBfOuxB57VkDhdTgAfb4oz0S6VR3SCXH8r4JBxjilUNyEB ZM6i2FtxplovNS1TInMb2pxJUn9asF91Xgov+Ju2DS915sCCWEkMpiG8jen7atuZ 5j8xFP4WIuk= =rT3x -END PGP SIGNATURE-
Re: Tor blocking german nodes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Senftleben wrote: Am Samstag, 24. November 2007 schrieb Alexander W. Janssen: Andrew wrote: 'Nuff said. Let's stop the nay saying ;) The law isn't active yet. The law isn't even ratified. And no one even started logging. The latter isn't right. There are quite a few companies which log the data of their customers and keep it for quite a while. Well, I was specifically coining that to Tor... I know that some companies - especially T-Com - are reluctant to follow valid legislation, abusing citizen rights - but it's so convenient for the government or people threatening to start a law-suit, that no one tries to stop them. Remember, the Lex Voss isn't available for everyone... Cheers, Alex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) iQCVAwUBR0gSJxYlVVSQ3uFxAQKR8wQAmBAKxBNe5mKmgJK7k2CWdyHYjAfPCeU0 FUXbEKdUWGiwbZhLt21Xj5PmALO0XdUIZ3fo57QWv+J2vqKIJCQzMdUkxIw/fwmL mq4bJPQWERkCO8ehKLVoKvUBT0L11eFG3QvyxI4PtbPQ85rUic+3R+5/fmit+/AN 7yeSUdRU3hk= =Kxyd -END PGP SIGNATURE-
Re: Tor blocking german nodes
On Sat, 2007-11-24 at 10:44 +0100, Andrew wrote: kazaam schrieb: All german nodes (entry,middle and exit) are forced to log who connected to them and what they manipulated on the packet. So if you are accidently just connected to german nodes they got you. There's afaik no way in tor to prevent that this happens. Maybe blocking all german nodes would be too much and as you said destroying the network but at least there have to be taken care that not more than 1 node comes from germany. Sadly, what you say is true. Precautions have to be implemented in Tor that no more than one node from Germany is chosen for any connection. We should ask tor development to implement such a feature until 12/2008, I agree with your post, both the point of view of implement this new feature in Tor (beware from partitioning issue, however) and the need not to overreact. But I strongly suggest to discuss more and warn about using the 600+ router from China. Consider two facts: 1) mout are born in few weeks 2) all of them are exit router, no other country has more than 50% Add them and add a very small quantity of paranoy. German situation is that of a nation full of crypto hacktivist that mus face a new law in two year China (and another country maybe) are a Big Brother with certificate of authenticy. mMybe a little press coverage on this is due. A lot of naive Tor users think that those are chinese dissidents, reallly! JM2EC. Marco -- +--- http://www.winstonsmith.info ---+ | il Progetto Winston Smith: scolleghiamo il Grande Fratello | | the Winston Smith Project: unplug the Big Brother | | Marco A. Calamari [EMAIL PROTECTED] http://www.marcoc.it | | DSS/DH: 8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B | + PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 --+ signature.asc Description: This is a digitally signed message part
Re: Tor blocking german nodes
I didn't want to spread panic or so. I know that the law is not in action at the moment and many things can happen. The BVerfG and the EuGH, both can stop the data retention law. But maybe it's not unwise not to be unprepared if the law will not be dumped by any court. Anyway it should be a good idea to change Tor in its working so that a connection is always build through three nodes, which all come from different countrys. On Sat, 24 Nov 2007 13:19:33 +0100 Marco A. Calamari [EMAIL PROTECTED] wrote: But I strongly suggest to discuss more and warn about using the 600+ router from China. Consider two facts: 1) mout are born in few weeks 2) all of them are exit router, no other country has more than 50% What wanna Chinese do if they just have exit-routers? Phishing unsecured logins or trying to fake ssl certificates? Just with exit-routers you can't compromise the anonymity of the tor network. If the user doesn't act stupid... -- kazaam [EMAIL PROTECTED] pgpAcOqoWCO1d.pgp Description: PGP signature
Re: Tor blocking german nodes
On Sat, 2007-11-24 at 14:58 +0100, kazaam wrote: 1) mout are born in few weeks 2) all of them are exit router, no other country has more than 50% What wanna Chinese do if they just have exit-routers? Phishing unsecured logins or trying to fake ssl certificates? Just with exit-routers you can't compromise the anonymity of the tor network. If the user doesn't act stupid... The right question is What the Chinese government or TLA's can do controlling at leat the 25% of network? For example, CN has comlete control over 1/64 of Tor network traffic, or abour 2%. I understand that Tor has a lot of crypto in place to defend against rogue nodes, also when they are acting cooperatively. I understand also that too much configurable options in Tor can be problematic, from a programming, a debugging, and a partitioning attack point of view. But I Would be very happy to have a fuckNodeByCountryCode= in the config file. Guess my favorite value ... Ciao. Marco -- +--- http://www.winstonsmith.info ---+ | il Progetto Winston Smith: scolleghiamo il Grande Fratello | | the Winston Smith Project: unplug the Big Brother | | Marco A. Calamari [EMAIL PROTECTED] http://www.marcoc.it | | DSS/DH: 8F3E 5BAE 906F B416 9242 1C10 8661 24A9 BFCE 822B | + PGP RSA: ED84 3839 6C4D 3FFE 389F 209E 3128 5698 --+ signature.asc Description: This is a digitally signed message part
Re: Tor blocking german nodes
Marco A. Calamari ha scritto: The right question is What the Chinese government or TLA's can do controlling at leat the 25% of network? Most of the Internet links wordlwide go through the US, so it makes sense for US intelligence to tap it there (see recent ATT taps with Narus equipment). As a Tor exit relay is an opportunity for tapping traffic, it makes perfetc sense for China to setup Tor exit relays and gain competitive advantage in analyzing that part of the network traffic. China does not route a significant portion of internet traffic, it has no foothold in any of the key data exchanges worldwide. Setting up a few hundred exit relays in mainland China gets you instant insigth into sensitive traffic worldwide. (by the way, China could also set up exit relays in the US and everywere, it's cheap) Let's see if the design of Tor can cope with a challenge of such a scale. My guess is that countries like China would rather be better served by not disrupting the Tor network (with misleading exit policies, connection timeouts etc) so that they can analyze the traffic that goes through. Of course, they would make sure their own citizen could not reach the Tor network themselves. I would like the torproject website to be more explicit warning users about privacy issues: don't do any cleartext authentication, don't do any ssl authentication if you are not able to check the authenticity of the certificates. As for Germany, let's see what the german citizens do about this law, there is still plenty of room for optimism. Blau
Re: Tor relays in China (was Re: Tor blocking german nodes)
On Sat, Nov 24, 2007 at 01:19:33PM +0100, Marco A. Calamari wrote: But I strongly suggest to discuss more and warn about using the 600+ router from China. Consider two facts: 1) mout are born in few weeks 2) all of them are exit router, no other country has more than 50% Add them and add a very small quantity of paranoy. German situation is that of a nation full of crypto hacktivist that mus face a new law in two year China (and another country maybe) are a Big Brother with certificate of authenticy. mMybe a little press coverage on this is due. A lot of naive Tor users think that those are chinese dissidents, reallly! I still think this is normal behavior. See e.g. http://archives.seul.org/or/talk/Sep-2007/msg00273.html for the last time this discussion came up. Seriously, the Vidalia interface is making it really easy these days to become a Tor relay, and by default Vidalia relays are exit relays (then see http://archives.seul.org/or/talk/Sep-2007/msg00287.html). From very informal studies of what's hitting my directory cache, Germany, US, and China make up about 20% of the Tor user base each. So it is not surprising to me that in BlueStar's stats (https://torstat.xenobite.eu/showstatistics.php) they represent the top three countries by relays too. I don't think they're Chinese dissidents. I think they're Chinese Tor users. Most German Tor users aren't German dissidents either. Once you start talking about hundreds of thousands of users, most of them are just ordinary people hoping to get a bit more privacy. Press coverage about the increasing use of Tor in China would actually harm our goals -- right now Tor works well in China because we're not threatening them, making them look bad in the media, etc. Let's keep it that way as long as we can. Thanks, --Roger
Re: Tor blocking german nodes
On Thu, 22 Nov 2007 12:22:42 -0700 Kasimir Gabert [EMAIL PROTECTED] wrote: A potential solution to this problem, which was brought up by another person, would be to have something similar to a family option for all of the German Tor nodes. Care would have to be taken to do this on an IP level, however, and not to expect every German Tor operator to write into their configuration that they are part of this family. Yes an IP-based solution which identifys a node of a certain country would be a good solution to this. On Thu, 22 Nov 2007 22:09:11 +0100 TOR Admin (gpfTOR1) [EMAIL PROTECTED] wrote: I believe, the GUI TorK can blog all nodes of a country, but this way is not a solution. TorK allows you to choose the Country where the exitnode is. But its KDE-based and uses many of the KDE-libs... so I as fluxbox user am not happy with it. bye pgpxUutnrUPVP.pgp Description: PGP signature
Tor blocking german nodes
Hi, because in germany fascist laws will force tor-nodes to log their connections I'm looking for a way to blog german tor-nodes. Is there any way to do this with Tor? I found ExcludeNodes just taking nicknames and no IP-ranges which is pretty bad. Couldn't this be implemented? I mean Tor knows the IP of the nodes so why not making it possible to blog IP-ranges with wildcards like 145.253.*.* ? Then I found this old post: http://archives.seul.org/or/talk/Jul-2006/msg00079.html which has a script which grabbs the nicks of nodes from a website and puts it into ExclueNodes. But first the website it takes this info from is down: http://serifos.eecs.harvard.edu/ and second this is just a messy solution to the problem. So why not implementing an IP-based ExcludeNodes? Much would be won with it and nothing loosed.. Is there any other workaround known at the moment to block german IP's? greets kazaam [EMAIL PROTECTED] pgpHPTxFJ4ALU.pgp Description: PGP signature
Re: Tor blocking german nodes
please do not attach germany to fascism, this shows only our broen view. blocking nodes in the EU from ourside EU is nonsense and does not help the network, e.g. you are destroying the network by itself, i tis only a risk, if someone is in the EU an Exitnode. Forwarding nodes are needed and if there is no logging, this is the own risk of the mantainer. regards Mike PS: from which country are you? 2007/11/22, kazaam [EMAIL PROTECTED]: Hi, because in germany fascist laws will force tor-nodes to log their connections I'm looking for a way to blog german tor-nodes. Is there any way to do this with Tor? I found ExcludeNodes just taking nicknames and no IP-ranges which is pretty bad. Couldn't this be implemented? I mean Tor knows the IP of the nodes so why not making it possible to blog IP-ranges with wildcards like 145.253.*.* ? Then I found this old post: http://archives.seul.org/or/talk/Jul-2006/msg00079.html which has a script which grabbs the nicks of nodes from a website and puts it into ExclueNodes. But first the website it takes this info from is down: http://serifos.eecs.harvard.edu/ and second this is just a messy solution to the problem. So why not implementing an IP-based ExcludeNodes? Much would be won with it and nothing loosed.. Is there any other workaround known at the moment to block german IP's? greets kazaam [EMAIL PROTECTED]
Re: Tor blocking german nodes
Hi On Thu, 22 Nov 2007 19:36:31 +0100 Michael Schmidt [EMAIL PROTECTED] wrote: please do not attach germany to fascism, this shows only our broen view. Thats my opinion of someone who has to do with law and as a german. blocking nodes in the EU from ourside EU is nonsense and does not help the network, e.g. you are destroying the network by itself, i tis only a risk, if someone is in the EU an Exitnode. Forwarding nodes are needed and if there is no logging, this is the own risk of the mantainer. First this is a german problem and not one of the EU. The EU-guideline doesn't contain anything about the logging of anonymising services. This is just and only in the german implementation of this guideline into national law. Other EU-countries like NL didn't do this. So far as said only germany took hands on anonymisers and they are definitly not forced to do so by the EU. Second the problem is not only with Exit-nodes. All german nodes (entry,middle and exit) are forced to log who connected to them and what they manipulated on the packet. So if you are accidently just connected to german nodes they got you. There's afaik no way in tor to prevent that this happens. Maybe blocking all german nodes would be too much and as you said destroying the network but at least there have to be taken care that not more than 1 node comes from germany. -- kazaam [EMAIL PROTECTED] pgptGXmfwKOjQ.pgp Description: PGP signature
Re: Tor blocking german nodes
kazaam schrieb: Hi, because in germany fascist laws will force tor-nodes to log their connections I'm looking for a way to blog german tor-nodes. I believe, the GUI TorK can blog all nodes of a country, but this way is not a solution.