Re: [tor-talk] Fwd: ANONdroid
On 01/25/2012 10:29 PM, Maxim Kammerer wrote: Can any of you clarify this please? JonDonym's Wikipedia page [1] claims that no backdoor was ever installed in running MIX routers. What is a backdoor: A backdoor offers unrestricted access to the law enforcement agencies and intelleigence services without support of the service operators. Such a backdoor was built into the Greek Vodafone network for law enforcement wiretapping capabilities and was requested by FBI director Robert Mueller from US companies. If Mueller’s wish were granted, the FBI would gain undetected real-time access to suspects’ Skype calls, Facebook chats, and other online communications and in clear text. Such a backdoor is not part of JonDonym. JonDonym law enforcement: It is possible, to deanonymize a single user by some features (user IP address, website monitoring or user account). The idedentify feature for the malicious user has to be provided by the law enforcement agency and all operators have to get an official order in their country. The deanonymisation can only be done by collecting all log together (usually done by the law enforcement agency), it can not be done by a single mix operator. All other user of JonDonym will use the mix cascades without logging. An scientific paper about the Revocable Anonymity impleneted by JonDonym you may find the publications list at: https://anonymous-proxy-servers.net/wiki/index.php/Publications_about_JonDonym Best regards Karsten N. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: ANONdroid
On Thu, Jan 26, 2012 at 10:05, Karsten N. k...@awxcnx.de wrote: Such a backdoor was built into the Greek Vodafone network for law enforcement wiretapping capabilities and was requested by FBI director Robert Mueller from US companies. If Mueller’s wish were granted, the FBI would gain undetected real-time access to suspects’ Skype calls, Facebook chats, and other online communications and in clear text. If the Greek wiretapping case, switches were backdoored, so Skype calls wouldn't be intercepted, as they are encrypted end-to-end (discounting special cases where Skype struck a wiretapping deal with some government — was it Pakistan?). It is possible, to deanonymize a single user by some features (user IP address, website monitoring or user account). The idedentify feature for the malicious user has to be provided by the law enforcement agency and all operators have to get an official order in their country. So there is no difference from Tor? An scientific paper about the Revocable Anonymity impleneted by JonDonym I see, so is that an optional feature that can be turned on by a MIX router operator once served by a surveillance order? It seems to me that it's an advantage over Tor, where relay operators can be served with an order and some Tor patches that they wouldn't be able to turn down to to the absence of a similar feature in Tor. Revocable Anonymity seems to be designed to provide the minimum necessary information to law enforcement. -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: ANONdroid
On Thu, Jan 26, 2012 at 03:07, Mike Perry mikepe...@torproject.org wrote: Please see other replies, but the backdoor in question is: https://anonymous-proxy-servers.net/en/law_enforcement.html I read the replies and that page — guessed that “backdoor” is meant metaphorically, but thought that perhaps there was an additional technical aspect. What's written there is quite obvious — law enforcement can serve anyone in its jurisdiction a surveillance order. The IPs of Tor relays are known, so the owners of the relays in question can be served with an order just the same. I don't see the principal difference. This property also prevents JonDos entry and middle nodes from being hassle free, as is the case with Tor. Do you mean the added legal liability of being a certified MIX operator? -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Aurora only build
On Thu, Jan 26, 2012, at 12:26 PM, cgp 3cg wrote: Hi list, is it possible to build just the Aurora/Torbutton part of TorBrowserBundle? If so, is it likely to be remotely possible on OSX 10.4? Not sure about OSX, but under Linux you can edit the 'start-tor-browser' script and change the line: ./App/vidalia --datadir Data/Vidalia/ to be: ./App/Firefox/firefox -profile ./Data/profile This just starts Aurora. Obviously you will need a running Tor instance for it to connect to. -C TBB isn't available for OSX PPC, so I'd have to build it - a mammoth task, but since I already have the latest Tor running and a working Vidalia, building Aurora would be a sensible step if possible, to get away from my outdated browser. GD -- http://www.fastmail.fm - Access your email from home and the web ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Aurora only build
- Original Message - TBB isn't available for OSX PPC, so I'd have to build it - a mammoth task, but since I already have the latest Tor running and a working Vidalia, building Aurora would be a sensible step if possible, to get away from my outdated browser. Mozilla moved away from the PPC platform around version 5.x and the code base has grown incompatible since then. You should take a look at http://www.floodgap.com/software/tenfourfox/ if you need something which looks like recent Firefox versions without all the hassle of building it up yourself. HTH, Marco -- Marco Bonetti Tor research and other stuff: http://sid77.slackware.it/ Slackintosh Linux Project Developer: http://workaround.ch/ Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/ My GnuPG key id: 0x0B60BC5F ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Mail through Tor
On Thu, 26 Jan 2012 14:41:06 +0100 superpl...@gmx.de wrote: Hi, are there any issues in controlling email-boxes through the provider- webfrontends (gmail, gmx, etc.) using tor? I read for example about referers in between entering account information and being redirected to mail-provider-http-sites for a short moment so that session hijacking by the exit node operator is possible (intercepting auth- cookies etc.). Any behavior suggestions here? I didn't find much on the web. Thanks! Tor-User Gmail works with SSL-webfrontends. In TBB by default HTTPS-everywhere plugin redirect your HTTP to HTTPS for Gmail profile. Intercepting SSL (HTTPS) is not so easy if you will be carefull with browser messages. Another mail and webservice providers may (or not) provide https-login and theyr https-profiles may (or not) be missing in https-everywhere. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] tor_autocircuit script
Hi, I am playing around with the tor_autocircuit script (http://www.thesprawl.org/projects/tor-autocircuit/). When I start it, it always aborts with an error from torctl lib: [...] INFO [ Thu Jan 26 16:05:18 2012 ]: kznx: Country code not found INFO [ Thu Jan 26 16:05:18 2012 ]: Pakalolo1984: Country code not found INFO [ Thu Jan 26 16:05:18 2012 ]: noiseexit01b: Country code not found INFO [ Thu Jan 26 16:05:18 2012 ]: Zwiebelschale: Country code not found DEBUG [ Thu Jan 26 16:05:18 2012 ]: Reconfigure ERROR [ Thu Jan 26 16:05:18 2012 ]: No routers left after restrictions applied! Traceback (most recent call last): File ./tor-autocircuit.py, line 108, in module handler = PathSupport.StreamHandler(c, selmgr, num_circs, GeoIPSupport.GeoIPRouter) File /home/d023868/make/tor-autocircuit/TorCtl/PathSupport.py, line 1381, in __init__ CircuitHandler.__init__(self, c, selmgr, num_circs, RouterClass) File /home/d023868/make/tor-autocircuit/TorCtl/PathSupport.py, line 1270, in __init__ PathBuilder.__init__(self, c, selmgr, RouterClass) File /home/d023868/make/tor-autocircuit/TorCtl/PathSupport.py, line 967, in __init__ self.selmgr.reconfigure(self.sorted_r) File /home/d023868/make/tor-autocircuit/TorCtl/PathSupport.py, line 855, in reconfigure exitgen = BwWeightedGenerator(sorted_r, self.exit_rstr, self.pathlen, exit=True) File /home/d023868/make/tor-autocircuit/TorCtl/PathSupport.py, line 580, in __init__ NodeGenerator.__init__(self, sorted_r, rstr_list) File /home/d023868/make/tor-autocircuit/TorCtl/PathSupport.py, line 142, in __init__ self.rewind() File /home/d023868/make/tor-autocircuit/TorCtl/PathSupport.py, line 583, in rewind NodeGenerator.rewind(self) File /home/d023868/make/tor-autocircuit/TorCtl/PathSupport.py, line 157, in rewind raise RestrictionError() TorCtl.PathSupport.RestrictionError I played around with the parameter, but the error always seems to happen even if I left the script unchanged with the default values. Can someone give me a hint what I have to do to avoid this error. Thanks, Klaus signature.asc Description: This is a digitally signed message part. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Fwd: ANONdroid
On Thu, Jan 26, 2012 at 10:35:20AM +0200, Maxim Kammerer wrote: I see, so is that an optional feature that can be turned on by a MIX router operator once served by a surveillance order? It seems to me that it's an advantage over Tor, where relay operators can be served with an order and some Tor patches that they wouldn't be able to turn down to to the absence of a similar feature in Tor. On Thu, Jan 26, 2012 at 06:07:39PM +0100, Moritz Bartl wrote: I would very much fight against authorities trying to force me into logging anything. There is no basis in German law for them to do so, and I don't see what properties they could specify to me other than retain all connection data. There is no such thing as an order and some Tor patches that they wouldn't be able to turn down. You always have the option of stopping your relay. If you fail to fight the request, you should shut down your relay, and then tell the world. Backdoored Tor relays will hurt the network -- and hurt the general fight to legitimize anonymous communication around the world -- more than they help it. This was the trap that the JAP and Anon folks fell into -- and at the time their network was small enough that they basically had the choice of shutting down the network or deploying the backdoor. They reasoned that it was better to have a service that provided anonymity to some people than to have no service at all. The exact details made the decision even messier (for example, it involved the police basically threatening a university official at his house on a weekend; and the lawyers who had signed up to fight such requests were not thrilled that the backdoor was deployed without giving the lawyers enough time or warning to fight it). Unfortunately, while never install a backdoor; turn it off instead is an easy heuristic to follow, it's not enough by itself to ensure Tor's anonymity. Remember that the best way to beat Tor is to observe both the traffic flow going into the Tor network and also the traffic flow leaving the Tor network, and then use statistics to realize they're correlated. So people with bad orders can just go a hop upstream from your relay, where your ISP generally cares more about its business than its users. And if you somehow have a better ISP than that, just go to *its* upstream. The traffic confirmation attack is the best way to beat the mix cascade topology too -- and in that case there are fewer places to watch, and you know exactly which exit point to watch for a given entry point. Bad news. But don't lose sight of the really big picture: the differences in philosophy and threat model between Tor and JonDoNym are much smaller than the differences between distributed-trust anonymity designs and a single-hop centralized proxy like hidemyass.com. --Roger ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Bad performance in private tor network
Hi, Hi, I have set up a private tor network of around 25 relays and am stress testing it. The stress test first starts all the relays, waits for around 10 mins for the tor network to stabilize and then starts clients that bombard the network with traffic. Its performance is very low, around 60 http request response transactions per second node. Some diagnosis reveals that there is a big skew in usage of the relays with some relays running lightly and others very loaded. Is this acceptable performance. Any ideas for improving performance? -- Regards, Ishan Chhabra 4th year, B.tech Computer Science and engineering IIT Ropar ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Aurora only build
On Thu, Jan 26, 2012, at 03:54 PM, Marco Bonetti wrote: - Original Message - TBB isn't available for OSX PPC, so I'd have to build it - a mammoth task, but since I already have the latest Tor running and a working Vidalia, building Aurora would be a sensible step if possible, to get away from my outdated browser. Mozilla moved away from the PPC platform around version 5.x and the code base has grown incompatible since then. You should take a look at http://www.floodgap.com/software/tenfourfox/ if you need something which looks like recent Firefox versions without all the hassle of building it up yourself. Hi Marco, that's certainly a worthwhile project, and it even supports addons so I imagine Torbutton would install, though perhaps it would not provide as strong anonymity as Aurora - any views? GD -- http://www.fastmail.fm - The way an email service should be ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Mail through Tor
GMX does HTTPS. My current connection uses AES-256. It's authenticated by Thawte Consulting cc. - Original Message - From: unknown Sent: 01/26/12 11:06 AM To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] Mail through Tor On Thu, 26 Jan 2012 14:41:06 +0100 superpl...@gmx.de wrote: Hi, are there any issues in controlling email-boxes through the provider- webfrontends (gmail, gmx, etc.) using tor? I read for example about referers in between entering account information and being redirected to mail-provider-http-sites for a short moment so that session hijacking by the exit node operator is possible (intercepting auth- cookies etc.). Any behavior suggestions here? I didn't find much on the web. Thanks! Tor-User Gmail works with SSL-webfrontends. In TBB by default HTTPS-everywhere plugin redirect your HTTP to HTTPS for Gmail profile. Intercepting SSL (HTTPS) is not so easy if you will be carefull with browser messages. Another mail and webservice providers may (or not) provide https-login and theyr https-profiles may (or not) be missing in https-everywhere. ___ tor-talk mailing list tor-talk@lists.torproject.org https://list s.torproject.org/cgi-bin/mailman/listinfo/tor-talk ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk