Re: [tor-relays] What if my favorite online store websiteblacklists all Tor Relay IP addresses?
I run a tor exit node (CulverCityChuck) using my home Internet (Time Warner). I did used to get blacklisted by Yelp and occasionally Google. I started using an anonymous VPN service for my exit node which gives it a different IP than the rest of my home traffic and haven't had a problem since. Costs less than $100 / year and gives me (and my ISP) some measure of protection from DMCA complaints. The other side of the issue would be customers accessing web storefronts via tor and getting blocked because the traffic comes from an exit node. Not sure what the answer to that is. Chuck Bevitt Sent from my iPad On Aug 25, 2013, at 6:46 PM, Gordon Morehouse gor...@morehouse.me wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 t...@t-3.net: Not sure where you live but, I read that these days, USA is photographing the fronts of all postal mail. So, mailed merchandise isn't exactly a win on privacy anyway. That is correct[1]. 1. http://www.nytimes.com/2013/08/03/us/postal-service-confirms-photographing-all-us-mail.html Best, - -Gordon M. -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJSGrNdAAoJED/jpRoe7/uj7ZIH/2tcPxpO0F0G+W0fI3cWu/CC +Igh8j9zpXJkA1Z8YODuiyD26G3VQSg3IILXUjfCpzvLsP3xKzxImD3atocXK7y7 O7tLdgyLg4nPLNtILQtOe26g3W59ljxPJXoHRwGpO0N1g94qkggepxB3qz83UZe/ TPZ3iIhtImvYmzXgU1RHK+3X5ikAlRFShbgPG7IsZrsB9QMFgDL4fGL0x1/ipTLh mfuzdHbfAYqW4zXVgn9wuncWZK/FY1D2e5gMbavrVpR1jRFxuAB81ty230ibOHPC 1DX4+pqHZOWyNpEpADX+aejhpA9F2yLE6ahhnTtv8UBNxpWh2OZwEP4pem+EQJ0= =rbQ3 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] What if my favorite online store websiteblacklists all Tor Relay IP addresses?
Chuck do you run Tor on a separate machine to do that? Or have you found some way to pass only your Tor traffic through the VPN? Cheers. - My full signature with lots of links etc.https://bittit.info/publicDro/signature.html On Mon, Aug 26, 2013 at 10:01 AM, Chuck Bevitt t...@bevitt.ws wrote: I run a tor exit node (CulverCityChuck) using my home Internet (Time Warner). I did used to get blacklisted by Yelp and occasionally Google. I started using an anonymous VPN service for my exit node which gives it a different IP than the rest of my home traffic and haven't had a problem since. Costs less than $100 / year and gives me (and my ISP) some measure of protection from DMCA complaints. The other side of the issue would be customers accessing web storefronts via tor and getting blocked because the traffic comes from an exit node. Not sure what the answer to that is. Chuck Bevitt Sent from my iPad On Aug 25, 2013, at 6:46 PM, Gordon Morehouse gor...@morehouse.me wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 t...@t-3.net: Not sure where you live but, I read that these days, USA is photographing the fronts of all postal mail. So, mailed merchandise isn't exactly a win on privacy anyway. That is correct[1]. 1. http://www.nytimes.com/2013/08/03/us/postal-service-confirms-photographing-all-us-mail.html Best, - -Gordon M. -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJSGrNdAAoJED/jpRoe7/uj7ZIH/2tcPxpO0F0G+W0fI3cWu/CC +Igh8j9zpXJkA1Z8YODuiyD26G3VQSg3IILXUjfCpzvLsP3xKzxImD3atocXK7y7 O7tLdgyLg4nPLNtILQtOe26g3W59ljxPJXoHRwGpO0N1g94qkggepxB3qz83UZe/ TPZ3iIhtImvYmzXgU1RHK+3X5ikAlRFShbgPG7IsZrsB9QMFgDL4fGL0x1/ipTLh mfuzdHbfAYqW4zXVgn9wuncWZK/FY1D2e5gMbavrVpR1jRFxuAB81ty230ibOHPC 1DX4+pqHZOWyNpEpADX+aejhpA9F2yLE6ahhnTtv8UBNxpWh2OZwEP4pem+EQJ0= =rbQ3 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] How to block IP address on exit node relay
I am running an exit node under reduced exit policy on a VPS. My provider requested that I block a specific IP address due to spam issues. I'm guessing I should add a line in the torrc file. Can anyone tell me the exact line I have to add to the torrc file to block the address? Something like: reject 12.34.567.89 ? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Store key files in RAM
Hi, I have been discovering simple and secure way of protecting the Tor key files recently, in order to achieve the safety of the keys on VPS. So I created a folder on Linux called /tor and it is stored in the RAM file system. I put my key file into that folder and link it back to the data directory folder of Tor. I also backed up the key files in case my server need to be restarted and the RAM would be cleaned up. I left the key in RAM for some undesired failures, errors or configuration which need to restart the Tor software. If the server gets down, I would probably do the simple cut and paste in the SSH client to restore my key files. Or in a higher level way if cutpaste is not safe enough. I am not sure whether this is a good way to protect my key files on a VPS. Does anyone have any comment on that or a better way? Tony ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] How to block IP address on exit node relay
On 13-08-26 04:57 PM, Piotrkowska wrote: I am running an exit node under reduced exit policy on a VPS. My provider requested that I block a specific IP address due to spam issues. I'm guessing I should add a line in the torrc file. Can anyone tell me the exact line I have to add to the torrc file to block the address? Something like: reject 12.34.567.89 ? Yes that exit policy would work, assuming that your provider wants to block traffic from your exit node having that ip address as its *destination*. You could specify a specific port as well, to avoid blocking non-spam traffic of different types to that machine. If your provider intends for traffic having that ip address as its *origin* to be blocked, you will not be able to do so at your exit node. I don't know of any such thing as an entry policy nor recommendations for tor relay operators other than using good security practices to fend off attacks. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Store key files in RAM
IMO cut and paste in the situation you're describing is not the perfect way. Better way would be: Have a secure linux machine running an sshd at your home (or another physically-controlled location?). Close off iptables and ip6tables for inbound sshd except for your vserver's IP (hint: ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_4096_key -b 4096 (don't put a password when it asks)) and edit sshd_config to point it to the new key. Also in the config, force your local sshd server to insist upon only using these 2 ciphers (Ciphers aes256-ctr,aes256-cbc). Restart the local sshd (maybe service sshd restart) and verify that you can NOT connect from the vserver to the home box using a different cipher (ssh -l someuser -c aes128-ctr your.home.ip.here). A test ssh connection without the -c aes128-ctr should work, the one with it should fail. You would do transfers of important files to and from the vserver via an 'sftp' session which you start from your vserver, and you are connecting into your home machine (sftp someu...@your.home.ip.here). Don't make the connection in the reverse direction, you can push and pull files with the one. And don't let anyone steal your ssh_host_rsa_4096_key off the home box. (could even shred/delete/regenerate it now and then). In general, turn off the home sshd when you aren't using it. The above setup should be pretty good in terms of the network transfer if the data hasn't already been compromised, of course. The certainty that it hasn't been is not necessarily guaranteed if it's already been thrown through a network card in a less-solid way, such as the contents having been viewed via 'cat', 'nano', etc. via a connection in the 'wrong' direction. If you are deleting files from your vserver's hard drive after copying them out for backup, try doing shred on the file first, and then rm. It may help do the deletion better, depending upon how your vserver hosting is set up. On Monday 26/08/2013 at 10:53 pm, Tony Xue wrote: Hi, I have been discovering simple and secure way of protecting the Tor key files recently, in order to achieve the safety of the keys on VPS. So I created a folder on Linux called /tor and it is stored in the RAM file system. I put my key file into that folder and link it back to the data directory folder of Tor. I also backed up the key files in case my server need to be restarted and the RAM would be cleaned up. I left the key in RAM for some undesired failures, errors or configuration which need to restart the Tor software. If the server gets down, I would probably do the simple cut and paste in the SSH client to restore my key files. Or in a higher level way if cutpaste is not safe enough. I am not sure whether this is a good way to protect my key files on a VPS. Does anyone have any comment on that or a better way? Tony ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays