Re: [tor-relays] Node Operators Web Of Trust
On Fri, Nov 7, 2014 at 8:26 PM, grarpamp grarp...@gmail.com wrote: Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem. I had an idea for this a little while ago; https://tortbv.link/ using the published GPG signature in the contact info to sign the node fingerprint, if you trust the GPG key then you can _possibly_ trust that the node is run by the named operator. Never got round to actually doing anything with it though... ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] iptables / dump
Dear list members, My iptables dump, as promised (v4). Updated every hour and available as long as my relay is alive ;-) I run a pretty tight ship, just one ssh user and harsh fail2ban settings. All these listed IP's are considered to be the usual suspects. Please feel free to use it, should give you a jump start. It is getting pretty quiet now since i passed the 300+ ip's milestone. Download: https://www.urbach.org/~sebastian/rules.v4 -- Mit freundlichen Grüssen / Sincerely yours Sebastian Urbach - Definition of TOR: 10% luck, 20% skill, 15% concentrated power of will, 5% pleasure, 50% pain and 100% reason to remember the name! - ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Node Operators Web Of Trust (Spencer Rhodes)
From: Gareth Llewellyn gar...@networksaremadeofstring.co.uk To: tor-relays@lists.torproject.org Date: November 10, 2014 at 5:58:12 AM EST Reply-To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Node Operators Web Of Trust On Fri, Nov 7, 2014 at 8:26 PM, grarpamp grarp...@gmail.com mailto:grarp...@gmail.com wrote: Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem. I had an idea for this a little while ago; https://tortbv.link/ https://tortbv.link/ using the published GPG signature in the contact info to sign the node fingerprint, if you trust the GPG key then you can _possibly_ trust that the node is run by the named operator. Never got round to actually doing anything with it though... ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Strikes me as a very good idea. Perhaps lawyers wielding attorney-client privilege could be used to protect the identities of those node operators who wish to remain anonymous. -- Spencer Rhodes, Esq. 126 East Jefferson Street, Orlando, Florida USA 32801-1830 t: +1.321.332.0407 | f: +1.321.332.0409 | m: +1.407.796.8282___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Windows Tor Server Guide
That's indeed pretty handy. Now we just need to put a guide together somewhere and point to that download section. I do not mind writing a step by step guide with screenshots. Only if we had a section in the Tor Project where to post it. I'm planning to write it up in one of my old blogs in the mean time and maybe someone shows interest in copying it over to the Tor Project? Anyone? On 2014-11-05 11:13, Roger Dingledine wrote: On Tue, Nov 04, 2014 at 05:25:28PM -0500, Nick Mathewson wrote: I'd suggest that you start by posting your process to this mailing list, so that other folks can add improvements for it. (Though I hope that expert packages in some form will return soon.) The expert packages have indeed returned, albeit in a slightly different form. See https://dist.torproject.org/torbrowser/4.0.1/ [1] and scroll down to tor-win32-tor-0.2.5.10.zip But nobody has linked to them from the download page; and I think it might require a bit of thought to make our links on the download page auto update to the new location of this zip after future Tor Browser releases. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays [2] Links: -- [1] https://dist.torproject.org/torbrowser/4.0.1/ [2] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Bwauths Measures question, friends.
Julien, Everything is going well now. I've seen spikes going as high as 8MB/s. Atlas shows 1.x MB/s measured already and the consensus weight has picked up a little too. It's been improving slowly. The problem was my iptables (embarrassing). I had (by mistake) blacklisted Tor IPs :-| Thanks again. On 2014-11-05 07:10, Julien ROBIN wrote: Wow, it's not very good With an advertised bandwidth raising 1,03MB your consensus weight is now updated to 13 (it's far too low). It means that somethings goes bad when bwauth is testing your relay, so even with a very good advertised bandwidth, your final score keeps ultra-low, and with such a consensus wieght, your relay keeps unused by clients. I have no idea from where can be the problem (and the solution), technically it could be the ISP that blocks bw auth, but in real facts it would be pretty strange. Try to transport your relay (/var/lib/tor/keys and /etc/tor/torrc) to another computer on the same connection (the more different, the better), if it still doesn't works, it means something at your connection make a problem. Double check your upload rate is good (since everything have to be transmitted, the lowest bandwidth (generally upload) applies to the relay). If your relay appears to be online it means that it means that port redirections is well configured, so I'm not sure that something else could be misconfigured into it (if you have several ones, test a different one) Let us know when you find the solution ! This problem is surprising but it cannot be nowhere ;) - Mail original - De: Rafael Rodriguez rafa...@icctek.com À: tor-relays@lists.torproject.org Envoyé: Mercredi 5 Novembre 2014 00:13:37 Objet: Re: [tor-relays] Bwauths Measures question, friends. Indeed, Julien. As a matter of fact I saw the server (using the Tor network) pushing up to 8.8MB/s at some point while I was using it as a proxy in my setup. That was yesterday. As soon as I closed the SocksListenAddress I was connecting to, it went back to almost not existent cos' it is weighted 10. Even the Fast flag isn't there. As I said, I'm waiting to see if it picks up relevance in the next day or so. On 2014-11-04 14:26, Julien ROBIN wrote: Hi Rafael, On Tor Atlas after a little time offset, your download seems now to appear into your server stats. https://atlas.torproject.org/#details/48ADFCC561402D7EBB1CDE233F206B01D8FA0765 [1] Your Advertised Bandwidth seems now to be better : 866.83 KB/s But the consensus weight is still at 10 (it's like zero) for now (let's wait less that one day) In the following hours, we will see if the consensus weight value can be better thanks to that (so then true clients will start using the bandwidth and nourish your advertised bandwith). If I remember well what I read before, the consensus weight, when recalculated, is the result of your Advertised Bandwidth multiplied by a coefficient obtained by bw authorites (when periodically testing your server). If it's congestionned, the test gives low result and your consensus weight is reduced. If it's really good, your consensus weight is increased (and your server usage too). If your consensus weight is stuck at 10 and doesn't increase, it would mean that bw authorities cannot test your server and always gives zero as coefficient (if so, you will have to check everything on your network : router, softwares, etc) The answer is near :) - Mail original - De: Rafael Rodriguez rafa...@icctek.com À: tor-relays@lists.torproject.org Envoyé: Lundi 3 Novembre 2014 22:04:24 Objet: Re: [tor-relays] Bwauths Measures question, friends. Hi Julien, Thanks for the tip. I did ssh'd tunnel into my Tor server and I can pull downloads at 1-2MB/s as expected. I do not see my server getting any better in measurements though. After 4 days running my Advertised Bandwidth is barely 62kb/s and its Consensus Weight is 10. I wouldn't mind as long as it serves our Tor community but I'm under the impression that something is just not quite right. This box was put in place specifically to put all its bandwidth to good use and help the network. I have the feeling that a Relay measured at such low speeds does more harm than good to the network. I will keep it up there running as it is since I cannot pinpoint a problem at this time and maybe it just needs to stay online for a longer period of time. --- On 2014-11-02 07:29, Julien ROBIN wrote: It strange you still haven't any used bandwidth https://atlas.torproject.org/#details/48ADFCC561402D7EBB1CDE233F206B01D8FA0765 [1] I cannot explain you why but I have an idea for you in order to kickstart your bandwidth usage. A tor process used to relay traffic also have the possibility to be used as client. If it's at home, it's easy (socks v5 at 127.0.0.1:9050 if you haven't changed anything), if your relay isn't at
Re: [tor-relays] Node Operators Web Of Trust
On Mon, Nov 10, 2014 at 5:58 AM, Gareth Llewellyn gar...@networksaremadeofstring.co.uk wrote: I had an idea for this a little while ago; https://tortbv.link/ using the published GPG signature in the contact info to sign the node fingerprint, if you trust the GPG key then you can _possibly_ trust that the node is run by the named operator. As an operator you would either - sign with your key a statement of node fingerprint into a notary service - create a subkey of your key holding said statement in comment - sign your key by node key if security of node key was better https://trac.torproject.org/projects/tor/ticket/9478 But since the trust desired is from the [real]world down into and over the nodes, this one isn't really useful. You then still have to use your key to form [real]world WOT among operators. Tying nodes to some [nym] identities is the first part... in a way, making sybil harder. Then users opting to route paths through tor via trust metrics need to configure their client with whichever various trusted wot/root keys they like or subscribe to, which then uses them to score fingerprints for pathing. Doing this with them is second part. Degree of freedom from some crossing of trusted key people is probably sufficient to score things. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Node Operators Web Of Trust
On Mon, Nov 10, 2014 at 8:36 AM, Julien ROBIN julien.robi...@free.fr wrote: I'm interested but, we must agree on that, it probably shouldn't be used for adding privilege to people in this list. It's up to the user to use or trust any assertions and/or the wot, there is not force there. Though yes, I'd never blacklist nodes in the directories just for nodes not being part of the wot. If one successfully got an invitation code, an evil attacker The user is evaluating and doing the inviting as they see fit. For example, I might be inclined to route my traffic only over nodes run by those posting to this list, as opposed to also over the thousands of nodes that are nothing to me but an IP address. The closest analogy is subscribing to adblocker subscriptions. If they subscribe to one that blocks torproject.org, that's their problem. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays