Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter p...@nymity.ch wrote: On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote: 173 FreeBSD FreeBSD still seems to use globally incrementing IP IDs by default. That's an issue as it leaks fine-grained information about how many packets a relay's networking stack processes. (However, nobody investigated the exact impact on Tor relays so far, which makes this a FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD relays I tested (38%) use global IP IDs. There's a sysctl variable called net.inet.ip.random_id which makes a FreeBSD's IP ID behaviour random. FreeBSD relay operators should set this to 1. Note that this issue was already discussed earlier this year in a thread called Lots of tor relays send out sequential IP IDs; please fix that!. It's been default off since before it was a sysctl over a decade ago. Anyone know what the deal is with that? Some objection, or forgotten flag day, or oversight that really should be set to 1? https://svnweb.freebsd.org/base?view=revisionrevision=133720 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] [tor-talk] Platform diversity in Tor network [was: OpenBSD doc/TUNING]
grarpamp schreef op 07/11/14 08:46: On Thu, Nov 6, 2014 at 2:43 AM, David Serrano t...@dserrano5.es wrote: On 2014-11-05 23:58:43 (-0500), grarpamp wrote: The real problem below is the 96% allocation of opensource to Linux and 4% to Other opensource. Someone should really do an analysis of platform vs. exit bandwidth as well. Anyone? Here ya go. Observed bandwidth per OS in relays having the exit flag: 93.62% 4459816582 Linux 4.51% 214639363 FreeBSD 1.25% 59672066 Windows 0.25% 11754598 Darwin 0.17%7896687 Bitrig 0.15%6964863 OpenBSD 0.06%3091495 SunOS This excessive Linux dominance in both node count and bandwidth really should be balanced out, like why not? I'd expect if some of the big relays switch to any other OS that would flatten out the bandwidth part pretty easily. You'd have to check say the top 10, 25, 50 or so relays to see to what extent they are part of this mess, I'm sure it's similar. Hi, I run a bunch of top50 relays (about 5.5% of global exit traffic), I'll have a look at converting my setup to OpenBSD - preferably without too much downtime. Tom smime.p7s Description: S/MIME-cryptografische ondertekening ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Node Operators Web Of Trust
Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem. NOWoT participation is optional, it is of course infiltratable, and what it proves may be arguable, but it seems a necessary thing to try as a test of that and to develop a good model. Many operators know each other in person. And the node density per geographic region supports getting out to meet operators even if only for the sole purpose of attesting 'I met this blob of flesh who proved ownership of node[s] x'. That's a big start, even against the sybil agents they'd surely send out to meet you. Many know exactly who the other is in the active community such that they can attest at that level. And so on down the line of different classes of trust that may be developed and asserted over each claimed operator. Assuming a NOWoT that actually says something can be established, is traffic then routable by the user over nodes via trust metrics in addition to the usual metrics and randomness? WoT's are an ancient subject... now what are the possibilities and issues when asserting them over physical nodes, not just over virtual nodes such as an email address found in your pubkey? And what about identities that exist only anonymously yet can prove control over various unique resources? If such WoT's cannot be proven to have non-value, then it seems worth doing. This doesn't just apply to Tor, but to any node based system. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
On Fri, Nov 7, 2014 at 11:31 AM, Adrian Chadd adr...@freebsd.org wrote: ... that's .. odd. Let's poke the freebsd crypto and network stack people and ask. I can't imagine why this is a problem anymore and we should default to it being on. I don't think there's a crypto@ list, though security@ might represent. The other thing you could do is have the tor port require it be turned on before tor runs. That would not cover people who compile and use upstream Tor. Ideally, the Tor client could check for any system parameters it feels are critical before running, or simply delegate them and/or any parameters of lesser importance to platform specific guides on the Tor wiki. On 7 November 2014 00:20, grarpamp grarp...@gmail.com wrote: On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter p...@nymity.ch wrote: FreeBSD still seems to use globally incrementing IP IDs by default. That's an issue as it leaks fine-grained information about how many packets a relay's networking stack processes. (However, nobody investigated the exact impact on Tor relays so far, which makes this a FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD relays I tested (38%) use global IP IDs. There's a sysctl variable called net.inet.ip.random_id which makes a FreeBSD's IP ID behaviour random. FreeBSD relay operators should set this to 1. Note that this issue was already discussed earlier this year in a thread called Lots of tor relays send out sequential IP IDs; please fix that!. It's been default off since before it was a sysctl over a decade ago. Anyone know what the deal is with that? Some objection, or forgotten flag day, or oversight that really should be set to 1? https://svnweb.freebsd.org/base?view=revisionrevision=133720 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Node Operators Web Of Trust
How does one establish trust online though? Trust is a very delicate thing. A system such as this simply inherently has these challenges. Pretty sure that is why the tor browser for example always uses https. Op 21:26 vr 7 nov. 2014 schreef grarpamp grarp...@gmail.com: Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem. NOWoT participation is optional, it is of course infiltratable, and what it proves may be arguable, but it seems a necessary thing to try as a test of that and to develop a good model. Many operators know each other in person. And the node density per geographic region supports getting out to meet operators even if only for the sole purpose of attesting 'I met this blob of flesh who proved ownership of node[s] x'. That's a big start, even against the sybil agents they'd surely send out to meet you. Many know exactly who the other is in the active community such that they can attest at that level. And so on down the line of different classes of trust that may be developed and asserted over each claimed operator. Assuming a NOWoT that actually says something can be established, is traffic then routable by the user over nodes via trust metrics in addition to the usual metrics and randomness? WoT's are an ancient subject... now what are the possibilities and issues when asserting them over physical nodes, not just over virtual nodes such as an email address found in your pubkey? And what about identities that exist only anonymously yet can prove control over various unique resources? If such WoT's cannot be proven to have non-value, then it seems worth doing. This doesn't just apply to Tor, but to any node based system. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Node Operators Web Of Trust
I run a pseudonymous exit node and I'm not interested in giving up my pseudonymity by meeting people in real life. I don't want to end up on a special interest watch list. On Fri, Nov 07, 2014 at 03:26:40PM -0500, grarpamp wrote: Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem. NOWoT participation is optional, it is of course infiltratable, and what it proves may be arguable, but it seems a necessary thing to try as a test of that and to develop a good model. Many operators know each other in person. And the node density per geographic region supports getting out to meet operators even if only for the sole purpose of attesting 'I met this blob of flesh who proved ownership of node[s] x'. That's a big start, even against the sybil agents they'd surely send out to meet you. Many know exactly who the other is in the active community such that they can attest at that level. And so on down the line of different classes of trust that may be developed and asserted over each claimed operator. Assuming a NOWoT that actually says something can be established, is traffic then routable by the user over nodes via trust metrics in addition to the usual metrics and randomness? WoT's are an ancient subject... now what are the possibilities and issues when asserting them over physical nodes, not just over virtual nodes such as an email address found in your pubkey? And what about identities that exist only anonymously yet can prove control over various unique resources? If such WoT's cannot be proven to have non-value, then it seems worth doing. This doesn't just apply to Tor, but to any node based system. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] This may be a stupid question to you but how do I unsubscribe from these posts? Graeme.
As above ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Node Operators Web Of Trust
How does one establish trust online though? Trust is a very delicate thing. A system such as this simply inherently has these challenges. Pretty sure that is why the tor browser for example always uses https. Indeed, both the centralised and decentralised systems that are currently in place have major issues. Within centralised systems like the Certificate Authority system we see corruption (have you seen their fees) and we must trust them to actually verify identities and to remain secure, something at least a few CAs have proven that they can't do. Then we also have to trust our vendors to provide default lists of CAs to trust that are in fact worth of our trust. Within decentralised systems like PGP we have to worry about the network effect, and making sure that people understand what they are actually doing, again we worry about whether or not we can trust our friends, and whether or not we can trust their friends. Trust is probably one of the hardest problems facing folks using the Internet. With that in mind, he does raise a valid point. Are there any plans to move to a more decentralised model for the directory authorities? Are their any plans to move the power to blacklist nodes out of the hands of the Tor Project and into the hands of its users somehow. I'm not exactly sure how either of those would be accomplished, but I'm sure there is a clever solution somewhere. Thank you, Derric Atzrott ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] This may be a stupid question to you but how do I unsubscribe from these posts? Graeme.
As above Go here: https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Enter your email address in the form at the very bottom of the page titled Unsubscribe or Edit Options. You should be able to click an unsubscribe button from there. Alternatively a list operator might see your email and just remove you themselves. Thank you, Derric Atzrott ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Node Operators Web Of Trust
On 2014-11-07 16:08, Kevin de Bie wrote: With that in mind, he does raise a valid point. Are there any plans to move to a more decentralised model for the directory authorities? Are their any plans to move the power to blacklist nodes out of the hands of the Tor Project and into the hands of its users somehow. This is pretty interesting point, but then i'm personally not really interested in having any control over the actual blacklist. I'd feel plenty comfortable with just insight into what is blacklisted, for what reason and if possible some evidence to support this reason. Giving control to the people isn't always a good thing either as even in TOR circles there'd be people that can't deal with having power on any level. Transparency is probably the word I was looking for to use. I didn't fill in contact information on my fresh tor relay simply because the app I use doesn't allow me to. (my tor relay runs on an Ouya, therefore android) Regardless of the absence of contact information the reason I run the relay are in line with the reasons why TOR exists. 2014-11-07 22:35 GMT+01:00 Derric Atzrott datzr...@alizeepathology.com: How does one establish trust online though? Trust is a very delicate thing. A system such as this simply inherently has these challenges. Pretty sure that is why the tor browser for example always uses https. Indeed, both the centralised and decentralised systems that are currently in place have major issues. Within centralised systems like the Certificate Authority system we see corruption (have you seen their fees) and we must trust them to actually verify identities and to remain secure, something at least a few CAs have proven that they can't do. Then we also have to trust our vendors to provide default lists of CAs to trust that are in fact worth of our trust. Within decentralised systems like PGP we have to worry about the network effect, and making sure that people understand what they are actually doing, again we worry about whether or not we can trust our friends, and whether or not we can trust their friends. Trust is probably one of the hardest problems facing folks using the Internet. With that in mind, he does raise a valid point. Are there any plans to move to a more decentralised model for the directory authorities? Are their any plans to move the power to blacklist nodes out of the hands of the Tor Project and into the hands of its users somehow. I'm not exactly sure how either of those would be accomplished, but I'm sure there is a clever solution somewhere. Thank you, Derric Atzrott ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1] ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [1] Trust can also be purchased indirectly. The operator you began trusting could hand over the keys for a price. Links: -- [1] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays