Re: [tor-relays] tor relay and syslog logging
On Fri, 07 Oct 2016 09:46:54 +0200 "Dr. Who" wrote: > What facility is used by tor when logging to syslog? I didn't find that > information. It looks like the default is 'daemon', as you expected. It is changeable via a ./configure option, but debian doesn't seem to touch it. > System is a standard current debian 8.6 with tor Tor 0.2.8.8 > (git-8d8a099454d994bd), the two Log-Lines are: > > Log notice file /var/log/tor/notices.log > Log notice syslog > > Any idea what might be missing? Those lines work for me. You could try sharing a minimal example syslog config that doesn't seem to be working; maybe something's weird with that? You could also maybe 'strace' tor during startup to see if it looks like some log-related syscalls are failing. But be careful with retaining or sharing any such trace, since I assume there can be some sensitive info in there. -- Andrew Deason adea...@dson.org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Politically correct?
torser...@datakanja.de: > From the information, i can gather on my own personal computer, i can > see, that almost every operating system sends out greetings to servers > in akamai's reach, a company that happens to have contracts with > microsoft and whatnot. > Reading about their business, i find every reason to believe, that the > time to fight for anonymity on the net is long gone, that security - > even from their perspective - needs more resources than any individual > will ever be able to have at its disposal. > Also, i am aware of the possibility to get tracked by the > telecommunication provider anytime and without me noticing it. The entire point of tor is that (in theory) anyone who can see who you are, can't see what you're doing, and anyone who can see what you're doing, won't know who you are. But: tor works at a routing level, and you can be deanonymized through applications leaking data; this is why things like Tor Browser exist, to mitigate a large portion of this leakage. tor as a network seems to do a good job, probably the best form of internet anonyminity, much focus is on deanonymization on the application layer, simply because it has a wider attack surface and is more likely to return a better idea of the user's identity, than say, a potential IP address. > My conclusion has been, that i am maybe 30 years too late in my activity > to support tor - as a simple relay -. And the companies that seem to > have most control over the internet (like google, akamai, and others) > are in the process to control more and more of it, and only for that > reason are fighting against malware like viruses and bots, and of course > also fighting tor (by using honeypots as well as intrusion into the > community to get as much information as possible about the people trying > to hide in anonymity). Facebook, Akamai, Google, and others have all helped tor in some manner. Again, their tracking takes place at an application layer, and Tor Browser takes steps to lower their ability to do so. > This seems to be so true to me, that i begin to feel _guilty of > nourishing false hopes_, that any individual could feel safe by using > tor, irrespective of where and how legitimate/needed their requests are > originating from. You seem to be suffering from "Privacy fatigue." > Seriously, i am beginning to think, that tor may be somewhat outdated > nowadays, basically operating on old assumptions, about how the net was > organised merely a decade ago. And not taking into account the reality > of today, where our little community may not be all too useful any > longer. Hard to hide some disappointment, as i used to be a developer > many years ago, and find that no one - apart from myself - refuses to > cooperate in the process of accumulating data, which provides the basis > for semi-automated analysis later, and help some authorities to excert > power and control over the population living on this planet. Push for the turn: Many are complaining modern webpages are bloated, causing everything from browser slowdowns, to unneeded data usage on mobile networks and spreading malware. If something like 'Flattr' can become popular as a way of supporting websites' income, it would pave the way to kick ads off. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] ISP, Abuses , Intrusion Prevention etc.
My personal efforts over the last months as well as the recent discussion about Intrusion prevention showed, there are more and more ISP's not giving support any more for running Tor exits, either in not allowing new ones or even shutting down existing ones. Sure there are still chances to find new inexperienced ISP's, which in the willing to increase their customer base give allowance to run an Exit. But only a few weeks later their wish to get rid of you again increases with the same speed as the stack of abuses rises.Finally you are out again and on the back of their terms not even able to get your unused money back. Further doing it that way, is kind of leaving scorched earth behind you and not only yourself, but for Tor as a whole. So there are at least two questions: - what forces drive ISP's to behave like they do with abuses? - maybe Exit volunteers and here especially the big ones could ask some questions to their ISP to get more light on this I do refer to my old questions -still unanswered: -is it just the more work for rather poor money handling(forwarding) those abuses ? - to whom else do ISP's have to report what they are doing with received abuses? - must ISP's answer to the origin of the abuse? - who is getting a copy of all that conversation(if at all)? - can an ISP loose its license (with too many or badly handled abuses)? - are there any regulatory burdens for them - if so which ones? - are ISP's treated different in different parts of the world? - could there in the medium therm changes be made the way Tor operates to bring down the non linear increase of abuses Support terribly needed and appreciated! Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Digital Ocean - running Exit node locked
not that we have a really big pool of providers to choose from ... 2016-10-09 12:03 GMT+02:00 pa011 : > True, about 40 Exits as of my count yesterday... > > The back of that medal - concentration on only a few big providers gets > resolved that way :-) > > Paul > > Am 09.10.2016 um 11:57 schrieb Markus Koch: >> Thats really really bad news. Over 400 Digitalocean relays out there :( >> >> Markus >> >> 2016-10-09 11:44 GMT+02:00 pa011 : >>> OK further bad news, Exit shut down by DO yesterday. >>> Here the latest statement from them: >>> >>> "Additionally, we are not allowing further TOR exit nodes on our >>> infrastructure - they generate a large amount of abuse, are used for >>> various illegal activities, and attract a large number of DDoS attacks. >>> >>> You're more than welcome to run bridges, obfs proxies, and relays, but >>> running an exit node is at your own risk, and sufficient abuse may result >>> in suspension of service." >>> >>> >>> >>> >>> Am 08.10.2016 um 05:00 schrieb Alecks Gates: I'm running on DO as well with the reduced exit policy and have had about five complaints in 2 months. DO certainly appears to be getting less and less happy. I'm glad to know it's not just me, though. Hopefully a curated list of IPs to reject will help a lot. Thanks for the link to tornull. Exit Node fingerprints: E553AC1CA05365EA218D477C2FF4C48986919D07 889550CB9C98CF172CB977AA942B77E9759056C2 Alecks On 10/07/2016 07:04 PM, Matthew Finkel wrote: > On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote: >> 2016-10-08 0:09 GMT+02:00 Tristan : >>> This page has 3 policies: Reduce exit policy, reduced-reduced exit >>> policy, >>> and a lightweight example policy. >>> >>> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy >>> >>> >>> On Oct 7, 2016 5:01 PM, "Markus Koch" wrote: reduced-reduced exit policy. ? Illuminate me, pls. >> Thank you both! >> >> Will try https://tornull.org. Perhaps it helps. >> >> Markus >>> >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Digital Ocean - running Exit node locked
True, about 40 Exits as of my count yesterday... The back of that medal - concentration on only a few big providers gets resolved that way :-) Paul Am 09.10.2016 um 11:57 schrieb Markus Koch: > Thats really really bad news. Over 400 Digitalocean relays out there :( > > Markus > > 2016-10-09 11:44 GMT+02:00 pa011 : >> OK further bad news, Exit shut down by DO yesterday. >> Here the latest statement from them: >> >> "Additionally, we are not allowing further TOR exit nodes on our >> infrastructure - they generate a large amount of abuse, are used for various >> illegal activities, and attract a large number of DDoS attacks. >> >> You're more than welcome to run bridges, obfs proxies, and relays, but >> running an exit node is at your own risk, and sufficient abuse may result in >> suspension of service." >> >> >> >> >> Am 08.10.2016 um 05:00 schrieb Alecks Gates: >>> I'm running on DO as well with the reduced exit policy and have had >>> about five complaints in 2 months. DO certainly appears to be getting >>> less and less happy. I'm glad to know it's not just me, though. >>> >>> Hopefully a curated list of IPs to reject will help a lot. Thanks for >>> the link to tornull. >>> >>> Exit Node fingerprints: >>> E553AC1CA05365EA218D477C2FF4C48986919D07 >>> 889550CB9C98CF172CB977AA942B77E9759056C2 >>> >>> Alecks >>> >>> On 10/07/2016 07:04 PM, Matthew Finkel wrote: On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote: > 2016-10-08 0:09 GMT+02:00 Tristan : >> This page has 3 policies: Reduce exit policy, reduced-reduced exit >> policy, >> and a lightweight example policy. >> >> https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy >> >> >> On Oct 7, 2016 5:01 PM, "Markus Koch" wrote: >>> >>> reduced-reduced exit policy. ? >>> >>> Illuminate me, pls. >>> > Thank you both! > > Will try https://tornull.org. Perhaps it helps. > > Markus >> >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Digital Ocean - running Exit node locked
Thats really really bad news. Over 400 Digitalocean relays out there :( Markus 2016-10-09 11:44 GMT+02:00 pa011 : > OK further bad news, Exit shut down by DO yesterday. > Here the latest statement from them: > > "Additionally, we are not allowing further TOR exit nodes on our > infrastructure - they generate a large amount of abuse, are used for various > illegal activities, and attract a large number of DDoS attacks. > > You're more than welcome to run bridges, obfs proxies, and relays, but > running an exit node is at your own risk, and sufficient abuse may result in > suspension of service." > > > > > Am 08.10.2016 um 05:00 schrieb Alecks Gates: >> I'm running on DO as well with the reduced exit policy and have had >> about five complaints in 2 months. DO certainly appears to be getting >> less and less happy. I'm glad to know it's not just me, though. >> >> Hopefully a curated list of IPs to reject will help a lot. Thanks for >> the link to tornull. >> >> Exit Node fingerprints: >> E553AC1CA05365EA218D477C2FF4C48986919D07 >> 889550CB9C98CF172CB977AA942B77E9759056C2 >> >> Alecks >> >> On 10/07/2016 07:04 PM, Matthew Finkel wrote: >>> On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote: 2016-10-08 0:09 GMT+02:00 Tristan : > This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, > and a lightweight example policy. > > https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy > > > On Oct 7, 2016 5:01 PM, "Markus Koch" wrote: >> >> reduced-reduced exit policy. ? >> >> Illuminate me, pls. >> Thank you both! Will try https://tornull.org. Perhaps it helps. Markus > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Digital Ocean - running Exit node locked
OK further bad news, Exit shut down by DO yesterday. Here the latest statement from them: "Additionally, we are not allowing further TOR exit nodes on our infrastructure - they generate a large amount of abuse, are used for various illegal activities, and attract a large number of DDoS attacks. You're more than welcome to run bridges, obfs proxies, and relays, but running an exit node is at your own risk, and sufficient abuse may result in suspension of service." Am 08.10.2016 um 05:00 schrieb Alecks Gates: > I'm running on DO as well with the reduced exit policy and have had > about five complaints in 2 months. DO certainly appears to be getting > less and less happy. I'm glad to know it's not just me, though. > > Hopefully a curated list of IPs to reject will help a lot. Thanks for > the link to tornull. > > Exit Node fingerprints: > E553AC1CA05365EA218D477C2FF4C48986919D07 > 889550CB9C98CF172CB977AA942B77E9759056C2 > > Alecks > > On 10/07/2016 07:04 PM, Matthew Finkel wrote: >> On Sat, Oct 08, 2016 at 12:16:39AM +0200, Markus Koch wrote: >>> 2016-10-08 0:09 GMT+02:00 Tristan : This page has 3 policies: Reduce exit policy, reduced-reduced exit policy, and a lightweight example policy. https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy On Oct 7, 2016 5:01 PM, "Markus Koch" wrote: > > reduced-reduced exit policy. ? > > Illuminate me, pls. > >>> Thank you both! >>> >>> Will try https://tornull.org. Perhaps it helps. >>> >>> Markus 0xC8C330E7.asc Description: application/pgp-keys ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays