Re: [tor-dev] anonbib
On 04.11.2017 19:54, Roger Dingledine wrote: >> our plan with the bibliography collection of GNUnet is to >> implement something similar to your/freehaven's anonbib. > Great. > See also the censorbib, for another example. There's also a mixnet bibliography at https://bib.mixnetworks.org/ / https://github.com/applied-mixnetworks/mixbib . If you come across papers related to mixnets, please submit a patch! Also, we should add highlights like the anonbib has. ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Questions regarding the future of families
Hi, Maybe this is better taken to tor-relays. On 03/05/2016 10:31 PM, Brian "redbeard" Harrington wrote: > "Lets say you are about to deploy 100 relays within the next week." - > Take this an order of magnitude greater and we're on the right track > with the correct scale. It is a regular occurrence for our users to > deploy 500 to 5000 nodes at a time. Interesting. What is the use case for doing that? And why would you want to apply the same strategy to Tor relays? There are about 7000 relays in total, with over 1000 of them (almost 40% of the capacity) at only three ASes. https://metrics.torproject.org/relayflags.html https://compass.torproject.org/ -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Proposal: Stop giving Exit flags when only unencrypted traffic can exit
On 01/05/2016 01:29 AM, Tom van der Woerdt wrote: > communities on the internet. Other popular ports have been considered, > such as 22 (SSH), 465 (SMTP), or 995 (POP3), but these are unlikely to be > good > candidates because of wide spread bruteforce attacks on these ports. Just as a data point, I don't see much scanning/abuse regarding SMTPS (465) or IMAPS (993). -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Just releasted : haskell-tor
On 11/18/2015 08:33 PM, z...@manian.org wrote: >>> Galois Inc has just released an implementation of the Tor protocol >>> implemented in the Haskell programming langauge: >>> https://github.com/GaloisInc/haskell-tor >> What other implementations of Tor (with links) are out there >> besides mainline? I could wiki them. > There is this one as well. > https://github.com/tvdw/gotor NodeJS: https://github.com/Ayms/node-Tor Java: https://silvertunnel.org/doc/netlib.html , https://subgraph.com/orchid/ -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Proposal: HTTP header distinguish TBB users
On 10/03/2015 02:10 PM, Virgil Griffith wrote: > Now the trouble starts. If the TBB user gets to the tor2web backend I > check if they're coming from an Exit relay and redirect them---all > good. But a CDN (Fastly.com) sits in front of my backends and right now > it's unclear how to detect TBB at the CDN level. The CDN should forward the client IP address as X-Forwarded-For or something? -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] tor#16518: Read-Only Filesystem Error opening tor lockfile in 0.2.6.9 but not 0.2.5.12
On 07/09/2015 03:24 PM, aexlfow...@web.de wrote: > Correct. I edited /lib/systemd/system/tor.service and added > ReadWriteDirectories=-/media/cRAID/Tor > and now 0.2.6.9 is running. > I'm not entirely sure how to create my own > /etc/systemd/system/tor.service so I leave it at that. > (Trying out 'systemctl edit' I get "Unknown operation 'edit'." BTW.) Just copy the /lib/systemd/system/tor.service file to /etc/systemd/system and edit it there -- it will take precedence over the one in /lib . You don't want to edit the one in /lib directly, since it is meant to be for distribution files that can/should be replaced on upgrades. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Relay Web Dashboard - Summer of Privacy
On 07/07/2015 09:26 PM, Cristobal wrote: > This summer I'll be working on a Relay Web Dashboard as part of Tor's > Summer of Privacy [1]. The goal of this project is to develop a web > application to monitor Tor relays. A good part of the back-end code > will be based on what nyx [2] currently does (using stem [3]). Cool. Nice to see this project picked up. It can be a great component for a standalone 'plug-and-play' relay. Arlo did a small prototype a while ago. You should talk to him some time soon to exchange ideas, he may have some. https://github.com/arlolra/bulb Enjoy your time with Tor! May it be long and prosperous ;-) -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Draft of proposal "Direct Onion Services: Fast-but-not-hidden services"
Thanks George! On 04/09/2015 08:58 PM, George Kadianakis wrote: > - We really really need a better name for this feature. I decided to > go with "Direct Onion Services" which is the one [...] Why not simply "onion service"? -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] compass: new group by options: by-contact, by-OS, by-version
On 03/19/2015 10:11 PM, Nusenu wrote: >> The MyFamily lookup is also broken > It actually works, I just expected to see more then an empty set when > entering a torservers FP. Our MyFamily statements have been broken for quite a while; it is not clear whether the statement actually provides any benefit. I believe it does, see also https://trac.torproject.org/projects/tor/ticket/6676 . -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] [RESEARCH] Student of University of Verona, Thesis about TOR
On 02/02/2015 10:08 AM, Diego Sempreboni wrote: > By consulting several documents have not been able to obtain [...] Are you aware of http://freehaven.net/anonbib/ and https://gitweb.torproject.org/torspec.git/tree/ ? -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Scaling tor for a global population
On 09/30/2014 06:28 AM, AFO-Admin wrote: > E.g. you have a Server with 2x E5-2683 v3 v3 and a 10 Gbit/s pipe you > would need atleast 14 IP's to use most of the CPU. Multicore support is hard and needs developers. Raising the limit from 2 relays per IP to x per IP has been discussed in the past and would be an easy change. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Hidden service policies
On 07/21/2014 12:34 AM, Mike Hearn wrote: > Tor provides exit policies to let exit relay operators restrict traffic > they consider to be unwanted or abusive. In this way a kind of > international group consensus emerges about what is and is not > acceptable usage of Tor. For instance, SMTP out is widely restricted. As Andrea said, the exit policies are there mostly to have a small knob to stop complaints. In that sense, participation as a hidden service is "opt-in": You're willing to lose the ability to use IP address as a rough method of identifying users. A network provider should in an ideal world _never_ [be able to] interfere with any of the traffic they transport. I already feel very uncomfortable limiting "arbitrary" destinations based on IP and port. A network provider is a neutral channel. Remember, data payload is just protocol overhead. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] I have a group at internet archive that are interested in buying a lot of OnionPi's
On 06/27/2014 09:44 PM, Virgil Griffith wrote: > What is the current state of the art on this, and if it is ready for > larger deployment want to buy about 50-100 of them. In my eyes, an access point that has a captive portal that teaches people about Tor and facilitates the download of Tor Browser etc is much better than transparent proxying. There's been discussions around that regularly on tor-talk, recently again on libtech. You might remember the prototype at the last dev meeting that hosts a bridge and announces the bridge address via DHCP as well (iirc). -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] [Tor2web] Proposal for improving social incentives for relay operators
Hi Virgil, I think a modified atlas that has a better top relay list and plays with various (non-financial) gamification concepts is long due. When you look at BOINC/SETI, it can work well. I agree that by simply interfacing with onionoo (plus probably some aggregation of data), you can generate a nice set of views that "give back warm and fuzzy feelings" and "encourage competition". Diversity should be factored in, something that we already do partly for the Torservers reimbursements. I guess $someone should just go ahead and implement something. Hosting it on some third party domain doesn't hurt, and if it is great, we can still discuss moving it to something.tpo.org. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Projects to combat/defeat data correlation
On 01/16/2014 04:16 AM, Jim Rucker wrote: > There was a story in the news recently of a Harvard student who used Tor > to send a bomb threat to Harvard in order to cancel classes so he > wouldn't have to take a test. He was apprehended within a day, which > puts into question the anonymity of Tor. The way I understand it is that they did not exploit a weakness in any system, they just (more or less) performed regular police work. See https://www.schneier.com/crypto-gram-1401.html#3 > From my understanding (please correct me if I'm wrong) Tor has a > weakness in that if someone can monitor data going into the relays and > going out of the exit nodes then they can defeat the anonymity of tor by > correlating the size and number of packets being sent to relays and > comparing those that the packets leaving the exit nodes. It is not that simple, but in principle you are correct. A good paper to read about this is http://freehaven.net/anonbib/#ccs2013-usersrouted See anonbib also for mitigations that were suggested and investigated over time (which are not that easy either). -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] File verification GUI tool
On 09/24/2013 05:42 AM, Matt Pagan wrote: >> On Mon, Sep 23, 2013 at 05:45:36PM -0400, Sukhbir Singh wrote: >>>> I am starting to work on a small GUI tool for file verification > If you go the browser extension route, there is a now defunct > Firefox add-on called FireGPG that implemented GnuPG in the web > browser. One of the successor projects is WebPG, https://webpg.org/ . There's also Mailvelope, http://www.mailvelope.com/ . I believe both are using OpenPGP.JS, http://openpgpjs.org/ . -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] I have a project that might interest you. OnionMail
On 09/07/2013 04:21 AM, Liste wrote: > The project is named "OnionMail". We should talk. :-) https://lists.torproject.org/pipermail/tor-talk/2013-August/029464.html Best way to reach me is Jabber. JID equals email address. If you prefer IRC, I suggest the #tor2web channel on OFTC. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Draft of proposal "Stop HS address enumeration by HSDirs"
On 17.08.2013 07:34, Matthew Finkel wrote: >> An ed25519 public key is 32 bytes. 32 bytes in base32 encoding is 56 >> characters (or 52 with the '=' padding removed). Do we want a >> different URL encoding or are we happy with addresses like: >> mfrggzdfmztwq2lknnwg23tpobyxe43uov3ho6dzpjaueq2eivda.onion ? > What was the other encoding that Dan tested? Was that one shorter but > with crazier characters, maybe? Y64? "Y64 is a base64 variant used at Yahoo! when base64 information needs to be transmitted as part of a GET request. Regular base64 has three characters that aren’t URL-safe: plus (+), slash (/), and equals (=). Y64 encoding replaces these with dot (.), underscore (_), and dash (-), respectively." Or would case sensitivity be too crazy? -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] atlas.torproject.org question
On 26.06.2013 07:40, m...@rndm.de wrote: > I removed the Tor logo. > It still use "Tor" as part of "Tor Relay Search" because i don't know if > there is another word to describe what it does. > > screenshot: http://i.imgur.com/dYU8IBk.png > > Is it ok like this? I cannot speak for TorProject Inc., but I would say yes, it is. To be even safer, you could add a small disclaimer at the end of the page: Tor Relay Search [or whatever] is not affiliated with the Tor project. "Tor" and the "Onion Logo" are registered trademarks of The Tor Project, Inc. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] atlas.torproject.org question
Hi, Nice work! Please publish it, but better remove the Tor logo: It makes it look like an official project, and Torproject receives a lot of support requests for third-party projects that either use the Tor logo or use "Tor" in the name. Apart from that, legally, using the logo like this is likely a trademark violation. To keep the trademark, no matter how good or well-meant the project is, Torproject /has/ to enforce it -- otherwise it could lose the trademark. :-( -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor over Open Garden mesh network
Hi Paige, I've been aware of OpenGarden for some time. Sounds nice, but without more technical information it is hard to comment on it. Also, you're not planning to release it as open source, right? On 12.06.2013 23:23, Paige Peterson wrote: > he said that Tor would need to > support an upstream proxy - which he can't find any documentation on. I'm not sure what you mean, but maybe the following directives are what you are looking for? HTTPProxy host[:port] Tor will make all its directory requests through this host:port (or host:80 if port is not specified), rather than connecting directly to any directory servers. HTTPSProxy host[:port] Tor will make all its OR (SSL) connections through this host:port (or host:443 if port is not specified), via HTTP CONNECT rather than connecting directly to servers. You may want to set FascistFirewall to restrict the set of ports you might try to connect to, if your HTTPS proxy only allows connecting to certain ports. Socks4Proxy host[:port] Tor will make all OR connections through the SOCKS 4 proxy at host:port (or host:1080 if port is not specified). Socks5Proxy host[:port] Tor will make all OR connections through the SOCKS 5 proxy at host:port (or host:1080 if port is not specified). ( from https://www.torproject.org/docs/tor-manual.html.en ) -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Steganography Browser Addon (Google Summer of Code)
Hi Hareesan, Thank you for taking this on! The crucial parts are the interfaces to the steganography plugins, and how they signal what kind of data they can process (html, image, video, ...). I don't think it will scale if we just dump all data into all plugins for processing. (see comment below) For the user interface, apart from the ability to select local files as carrier, I think it would be neat to be able to select content from websites (like: right click on image, select "embed secret"). Payload is either textual (entered via form), or binary (file selection). To encrypt the payload before embedding, a private/public key scheme was proposed. I prefer ECC over RSA. You mention SJCL, which has an ECC branch. > Once Bob open a web site with web contents which he wants to check if > it contains any messages steganographically hidden, he will click on > the extension icon Figure 5. All the items in the page will be > displayed in the extension with decrypt option. We discussed earlier that the extension, together with its steganography addons, should have the capability to automatically find matching payload while browsing. Depending on the algorithms, this may or may not be feasable, so users may want to disable this for certain types of content, algorithms (plugins), or only enable scanning for specific sites. (which you outline in Figure 6) Personally, for the manual scan/decrypt, I'd like to see an option in the context menu when I right-click an image or other content. I was not able to completely follow the steps you describe in "How Alice's side works" and "How Bob's side works". The charts look neat, but are not ideal to describe the process. The situation of usable javascript steganography libraries does not look too good. For the GSoC project, we should not waste too much time on this, and focus on the surrounding extension and clean interfaces to potential libraries. If we have time left, we can investigate what kind of algorithms we would like to see implemented/ported in Javascript. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Obfsproxy support for Tor Browser Launcher
On 16.04.2013 19:31, Micah Lee wrote: > Do the obfsproxy bundles have the exact same release schedule as normal > TBB? Unfortunately, no. Currently, obfsproxy bundles are built by different people with a different schedule. > At the moment it seems like the current alpha is 2.4.11-alpha-2, and > the obfsproxy bundle is at that same version too. Is it ever > recommended to run the "stable" obfsproxy bundle? The current naming scheme was picked for the last release, releases before that used different schemes. You can only hope future releases follow the current scheme. I believe your best bet here is: Think about how you would want the interface to look like, and make it easy for future build people to follow that. The final goal is to not have separate bundles at all, so you should implement it in a way that separate bundles can easily be dropped (or added) in the future. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Building Tor on OS X with brew fails
On 11.04.2013 21:25, Nick Mathewson wrote: > On Thu, Apr 11, 2013 at 3:21 PM, Bernard Tyers - ei8fdb > wrote: >> I can confirm that https://www.torproject.org/dist/tor-0.2.1.30.tar.gz is >> (to me) a 404. > If that's the version in their ports, their ports are horribly out of date. Hm. https://github.com/mxcl/homebrew/blob/master/Library/Formula/tor.rb points to tor-0.2.3.25.tar.gz, and was last updated 5 days ago. I don't know too much about MacOSX or brew, so I can't help. I did write the instructions on the tpo website though, so I feel kind of guilty. (see https://trac.torproject.org/projects/tor/ticket/7989 ) -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Moving our website to git and splitting it in two
On 06.04.2013 14:09, Andrew Lewman wrote: > Is now a fine time to talk about further splitting dist and media from > the content? > where dist is for moving to dist.torproject.org for all downloadable > software bundles, code, etc. (as in our packages). dist becomes a > mirrored dir on the webservers. Keep in mind that many mirrors (like ours) don't have the money (or don't want) to buy a signed wildcard certificate. You want the site to still be rsync'd easily to arbitrary locations, including /dist. Of course they can be logically separated on tpo.org, with /dist staying the "public" location of packages. I guess that is what you are suggesting. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Using Tor as a library
On 28.03.2013 12:10, Christopher Schmidt wrote: > "Fabio Pietrosanti (naif)" > writes: >> That's the future of Tor, to be integrated as a library just like an >> encryption library into application. > No, it's not. Embedding a Tor client in another application cripples > auditability, configurability, updateability etc. of Tor. Yes. Still, there is "Netlib", https://silvertunnel.org/ , and some people are working on a revived JTor (client and relay), https://github.com/koryk/JTor . Also, Briar showed some interest in embedding Tor. Additional implementations of the Tor protocols help to improve documentation, and code bugs/vulnerabilities won't affect all of Tor. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Tor Exit Images
Hi Griffin, I originally thought it would be nice to go towards this also for torservers.net, but it turned out that I can quickly set up new exists in less than 15 minutes by just following the steps I outline at https://www.torservers.net/wiki/setup/server . The torrc could be (commented) better, but all in all it does not require much knowledge. After the setup, all you need to do is run the 'apt-get update && apt-get upgradE' dance once in a while. Also, they can of course donate to one of the organizations that run exits and let them take care of it. On 24.03.2013 21:39, Griffin Boyce wrote: > Hey all, > > After talking to Wendy Seltzer, I decided to bring this up on the > list. I frequently talk to people who would like to run an exit node, > but who aren't as good a sysadmin as they'd like to be. It would be > great if there were server images that could be fairly easily installed > and then configured. All of these people so far have had the means to > spend $150ish a month on the required hosting, they just felt that > getting it running was a stumbling block. > > Thoughts? > > ~Griffin > > -- > "What do you think Indians are supposed to look like? > What's the real difference between an eagle feather fan > and a pink necktie? Not much." > ~Sherman Alexie > > PGP Key etc: https://www.noisebridge.net/wiki/User:Fontaine > > > ___ > tor-dev mailing list > tor-dev@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev > ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Proposal: Capturing Traffic Statistics from Exit Relays
Hi, On 18.03.2013 12:05, Zack Weinberg wrote: > * TCP port > * "Public suffix" + 1 domain component of destination >(example.com, example.co.uk) I am not sure I like this. Maybe we might want to limit it to popular destinations -- drop sites that only get few hits? And rougher access numbers (50 hits, 100, etc)? -Moritz ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
Re: [tor-dev] Improving the HTTP interface of BridgeDB: bridges.torproject.org
Hi, On 11.03.2013 17:22, Andrew Lewman wrote: > 2. The correct email address is brid...@bridges.torproject.org Huh? Why is that? I think it's a bad idea. Why would you need "bridges" in there two times? You can set up bridges@tpo to forward to the bridges host, done. Same by the way for help/support. They should be help@tpo and support@tpo, and forward mails to the rt host. There is no reason to expose and require the mention of the used backend software. -- Moritz Bartl https://www.torservers.net/ ___ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev