Re: [tor-talk] large increase in .onion domains

[Collin Anderson]

Last time there was such a large rate of growth in the Tor network, wasn't
it the result of a botnet?

On Thu, Feb 18, 2016 at 12:15 PM, Nathaniel Suchy  wrote:

> Could new people be using Onionchat/Torchat I can't remember the name. But
> new addresses are generated for each client.
> On Thu, Feb 18, 2016 at 11:49 AM Alexandre Guillioud <
> guillioud.alexan...@gmail.com> wrote:
>
> > Not correlated (i'm too small in that pool), but i have workd on software
> > to maintain a HS pool. During dev, and at one point, i was emitting
> > thousands of registration a day.
> >
> > 2016-02-18 16:51 GMT+01:00 Roger Dingledine :
> >
> > > On Thu, Feb 18, 2016 at 05:45:26AM -0500, Scfith Rise up wrote:
> > > > Here is the exact link:
> > > https://metrics.torproject.org/hidserv-dir-onions-seen.html
> > > >
> > > > it jumped from 4 to 6 in the past day or two.
> > > >
> > > > Since the metrics are based on the number of relays acting as hidden
> > > >services with the assumption that at least 1% are reporting in, the
> > > >numbers are correlated directly with the number of relays running as
> > well.
> > >
> > > Yep. Also, because each reporting relay adds noise, sometimes, due to
> > > the math involved, more than half of the relays end up inflating their
> > > number, so we end up with a higher number on that graph than is
> actually
> > > true in reality.
> > >
> > > Still, that is a large jump.
> > >
> > > Let's wait a few days and see if it settles down.
> > >
> > > If it doesn't, I'll guess that it's a real effect. But even then,
> > > we don't know why this (daily!) number is so much larger than the
> > > (total!) number of onion addresses that e.g. Ahmia knows about. Maybe
> > > it's Onionshare users, who generate one onion address per document they
> > > transfer? Maybe it's Ricochet users? Maybe it's measurement error? We
> > need
> > > to see more improvements in the field of privacy-preserving statistics
> > > and measurements before we'll feel comfortable trying to get answers to
> > > this question.
> > >
> > > --Roger
> > >
> > > --
> > > tor-talk mailing list - tor-talk@lists.torproject.org
> > > To unsubscribe or change other settings go to
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > >
> > --
> > tor-talk mailing list - tor-talk@lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Question about something said about Tor in the Der Spiegel data dump

[Collin Anderson]

I think it means private bridges.

On Mon, Dec 29, 2014 at 7:57 AM, Cypher cyp...@cpunk.us wrote:



 On 12/29/2014 09:52 AM, Lars Luthman wrote:
  On Mon, 2014-12-29 at 09:11 -0600, Cypher wrote:
  So I'm looking through the Der Spiegel data dump and noticed the
  following statement on document 35543:
 
  The client must not be running a Tor router of their own...
 
  That made me thing of a few questions but I'm specifically wondering
  what they mean here.
 
  1. Do they mean that it is confusing to them if I am connecting to the
  Tor network from a computer that also runs a relay but I do not have my
  client configured to use my relay
 
  or
 
  2. Do they mean that it is confusing to them if I am connecting to the
  Tor network through a relay running on my own machine?
 
  That depends on whether they can distinguish between connections made by
  different Tor processes coming from the same network. Hopefully they
  can't, in which case it's both 1 and 2, but if the two Tor processes are
  different versions of Tor or use different versions of libraries such as
  OpenSSL it might be possible to tell the connections apart, in which
  case it's only 2.

 Interesting. Could that mean then that it might be advisable to always
 enter the Tor network from the node running on my PC instead of allowing
 Tor to select it? I know that is against best practices but, in light of
 this new info, might that be the case?

 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsubscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor and solidarity against online harassment

[Collin Anderson]

On Thu, Dec 11, 2014 at 5:33 PM, Soul Plane soulplan...@gmail.com wrote:

 I think if you have any ideals you're going to end up
 harassed at some point.


If a community is going to be subject to harassment for its positions, then
there is a reciprocal need for colleagues to support other members and
assert what the community's norms are. Consider it outreach for those who
might not always have had positive influences in their lives, as well as a
moment of reflection for even those who aren't necessarily intolerant
people to examine their own behavior.
-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Non-free country law preventing Tor from getting donations

[Collin Anderson]

On Sat, Jun 14, 2014 at 10:07 AM, Joe Btfsplk joebtfs...@gmx.com wrote:

 I'm not a legal or embargo rules expert, but I wonder if an embargoed
 country or individuals in it, giving money to a non-profit for which they
 receive nothing valuable, or that benefits the country financially,
 militarily or politically, actually violates the spirit of embargo laws.


Not only the spirit but the actual law. I would not touch the money no
matter how substantial.

-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor companies

[Collin Anderson]

On Mon, Sep 23, 2013 at 4:27 PM, Roger Dingledine a...@mit.edu wrote:

 I don't think there's any such thing as the Tor Solutions Group.


The origin of EPIC's FOIA on Tor seems to be largely based on BBG
promotional material. I suspect the origin of 'Tor Solutions Group' in the
request was this year's factsheet, a well-designed, annual loveletter to
Congressional funders.

[1]
http://www.bbg.gov/wp-content/media/sites/1/2013/03/AntiCensorshipFactSheet_Revised_3_2013.pdf


 --Roger

 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsusbscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Many more Tor users in the past week?

[Collin Anderson]

On Tue, Sep 3, 2013 at 9:39 PM, mirimir miri...@riseup.net wrote:

 I wonder what it might mean.


I don't believe much, Syria's increase was relatively marginal and
potentially related to normal trends of weekly or holiday use. For the most
party, suspect countries have increased orders of magnitude in users --
Syria is only a few percent and it's decreased since.

Seems like the start of a dangerous rumor.

-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Iranian users cannot download Orbot from Google play store

[Collin Anderson]

It seems I was wrong about the initial request for the apk being HTTPS,
however, this is a general issue with the Play Store and not Orbot specific
I believe. Here is the transaction in question.

GET
/market/download/Download?packageName=org.thoughtcrime.securesmsversionCode=56token=AOTCm0QNlhXjrw5kiahs1Onr7JlVKsem-_ZcCnF9J5dy3DOKlIZ9_aVCTOMJgrFcqEMYF4Q0p9sHOHy2w7yvTF826bOBds9reMaPjU2ln94downloadId=4767185409281152338
HTTP/1.1
Cookie: MarketDA=09494618516075014141
Host: android.clients.google.com
Connection: Keep-Alive
User-Agent: AndroidDownloadManager/4.2.2 (Linux; U; Android 4.2.2;
skz_tenderloin Build/JDQ39E)

HTTP/1.1 403 Access is forbidden.
Content-Type: text/html; charset=UTF-8
Date: Sat, 31 Aug 2013 06:19:05 GMT
Expires: Sat, 31 Aug 2013 06:19:05 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alternate-Protocol: 80:quic
Transfer-Encoding: chunked

a3
HTML
HEAD
TITLEAccess is forbidden./TITLE
/HEAD
BODY BGCOLOR=#FF TEXT=#00
H1Access is forbidden./H1
H2Error 403/H2
/BODY
/HTML

0

By the way, this is what government blocking looks like (different from
above):

htmlheadmeta http-equiv=Content-Type content=text/html;
charset=windows-1256titleM6-8
/title/headbodyiframe
src=http://10.10.34.34?type=Invalidhttp://10.10.34.34/?type=Invalid
Sitepolicy=MainPolicy
 style=width: 100%; height: 100% scrolling=no marginwidth=0
marginheight=0 frameborder=0 vspace=0
hspace=0/iframe/body/html

I offered the people I knew at Google a shell, if there is any other Google
engineer that would be the proper person to connect with, feel free to put
them in touch.



On Fri, Aug 30, 2013 at 7:59 AM, Nathan Freitas nat...@freitas.net wrote:



 Sherief Alaa sheriefala...@gmail.com wrote:
 Hello,
 
 Over the past couple of days Iranian users have been complaining about
 not
 being able to download Orbot from Google's play store (error 403).
 
 To solve the problem we at help desk send the official direct download
 link
 that GP provides[0] but it's only a matter of time before that get
 blocked
 too.
 
 I think GP will need to provide more download options in the future to
 avoid this problem.
 
 [0]: https://guardianproject.info/releases/orbot-latest.apk

 Just to point out something, it was only recently that Google Play was
 made available at all directly in Iran. The fact that users can find the
 app without filtering is a big step forward.

 We are working with Google and others to understand why the 403 error is
 happening, because the download should be using HTTPS.

 Otherwise, you can also find Orbot in the Amazon App Store and via
 f-droid.org.

 Thanks for the note.

 +n

 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsusbscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Iranian users cannot download Orbot from Google play store

[Collin Anderson]

 Are all APK downloads blocked with the 403, or just some? Curious to
figure out what the app black/whitelist looks like, and how it is bring
done.

All application that I tried and others are reporting the same on the
Developer notice. Recall though that error is being triggered by Google's
side, so it's unclear. I have a few theories about network interference
causing this, but it's out of my domain.

 Is the shell you have on an actual Android device in Iran?

No, I set up an SSH SOCKS connection to a host inside from an external
Android device.


On Mon, Sep 2, 2013 at 8:29 PM, Nathan Freitas nat...@freitas.net wrote:



 Collin Anderson col...@averysmallbird.com wrote:
 It seems I was wrong about the initial request for the apk being HTTPS,
 however, this is a general issue with the Play Store and not Orbot
 specific
 I believe. Here is the transaction in question.
 
 GET

 /market/download/Download?packageName=org.thoughtcrime.securesmsversionCode=56token=AOTCm0QNlhXjrw5kiahs1Onr7JlVKsem-_ZcCnF9J5dy3DOKlIZ9_aVCTOMJgrFcqEMYF4Q0p9sHOHy2w7yvTF826bOBds9reMaPjU2ln94downloadId=4767185409281152338
 HTTP/1.1
 Cookie: MarketDA=09494618516075014141
 Host: android.clients.google.com
 Connection: Keep-Alive
 User-Agent: AndroidDownloadManager/4.2.2 (Linux; U; Android 4.2.2;
 skz_tenderloin Build/JDQ39E)
 
 HTTP/1.1 403 Access is forbidden.
 Content-Type: text/html; charset=UTF-8
 Date: Sat, 31 Aug 2013 06:19:05 GMT
 Expires: Sat, 31 Aug 2013 06:19:05 GMT
 Cache-Control: private, max-age=0
 X-Content-Type-Options: nosniff
 X-Frame-Options: SAMEORIGIN
 X-XSS-Protection: 1; mode=block
 Server: GSE
 Alternate-Protocol: 80:quic
 Transfer-Encoding: chunked
 
 a3
 HTML
 HEAD
 TITLEAccess is forbidden./TITLE
 /HEAD
 BODY BGCOLOR=#FF TEXT=#00
 H1Access is forbidden./H1
 H2Error 403/H2
 /BODY
 /HTML
 
 0
 
 By the way, this is what government blocking looks like (different from
 above):
 
 htmlheadmeta http-equiv=Content-Type content=text/html;
 charset=windows-1256titleM6-8
 /title/headbodyiframe
 src=http://10.10.34.34?type=Invalidhttp://10.10.34.34/?type=Invalid
 Sitepolicy=MainPolicy
  style=width: 100%; height: 100% scrolling=no marginwidth=0
 marginheight=0 frameborder=0 vspace=0
 hspace=0/iframe/body/html
 
 I offered the people I knew at Google a shell, if there is any other
 Google
 engineer that would be the proper person to connect with, feel free to
 put
 them in touch.

 Are all APK downloads blocked with the 403, or just some? Curious to
 figure out what the app black/whitelist looks like, and how it is bring
 done.

 Is the shell you have on an actual Android device in Iran?




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Many more Tor users in the past week?

[Collin Anderson]

In every case the growth begins on the 19th/20th and the rate seems is
susceptible to the local weekend.


On Fri, Aug 30, 2013 at 12:41 AM, Griffin Boyce grif...@cryptolab.netwrote:


 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 08/30/2013 12:16 AM, Runa A. Sandvik wrote:
  Hm, there are high spikes in a lot of different countries (countries you
 may not expect to see spikes
 in...), such as Albania, Fiji, Costa Rica, Barbados, Bermuda, the Faroe
 Islands... the list goes on.

   There's some pretty serious unrest in Colombia right now.  Dairy
 supplies ran out last week and according to a friend who lives in
 Bogota, 3/4s of the city is unusable.  That's probably why Tor users
 have gone from ~2000 to ~14000 since the 19th.  Stuff is pretty intense
 right now.

 ~Griffin
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (GNU/Linux)

 iQIcBAEBAgAGBQJSICJoAAoJEOMx/SmueSyXyOIQALsHjgHxQNPzmOkprOZDtazA
 /Zoy2mVjaTuGYZYKnRGkHm1G12KwUKGYp07v0J1+2RdoX0SJJgQE4a7OihYy39oB
 MpFkNQKMV8MvO/BHkxmupxpvpFRN41D0GElLbNLSmEua8uN/M18Xwwq5LuBp+BiS
 CNaf1Y7vHeGQHVyS3cwa3qHtC7HASR5vF9nuZ2MXgGaWI6/whA9R9OLFmMoYlFb/
 GriLnS07BaD29iecbXrb/VTylVuHA6vxfmINO2RNlw08JnYB4hBzyvtykCtXfx5I
 R2gdO++tOjwglpv0Qk231h1kjlnCBagQEmM4q30B9Qp49R+IV49saaNDEEUT9sZ9
 kgEa3Bivy46pxwLyzU2a53YTn+R3Qqzl38uaJir8qyaks+pmVYwqucmGO/Ogq+hs
 1Y5rEwA2RsQw/d2mIS3wb7sAgbPABa/ACIB/4c0kNSIi5hkjadCd9Vh/5PveL32C
 YFyLumu/Cx5ImyWK0uWcWCjGSET+oUApH18+mIq/Yuye4+gnUxUx9epDnGkOz6kP
 hGlwNPF1QAdFlJ8SDi+91mQmXXPavW5j1z1dASfCOdD0dUYL2vm9iVUvn4n5zhS2
 NE0syO5mGJ783YIZB2K8sd8Ov9ZhFZBQCKQaOfBdPXkAl44eJNsbO09iT6JbNXTw
 EibJ7gXuzOflS/jbIDSq
 =KGx9
 -END PGP SIGNATURE-

 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsusbscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Many more Tor users in the past week?

[Collin Anderson]

Hi Mike,

On Fri, Aug 30, 2013 at 3:14 AM, Mike Perry mikepe...@torproject.orgwrote:

 Dude I love math and whatnot. Maybe science too, but this isn't exactly
 a controlled experiment. So whatnot it is, then! (Also plus one to you
 Collin, for being awesome).

 Can someone with more free time than me try to investigate one or more
 of the following ideas.. You know, in the interest of whatnot?


Embarrassingly, I went straight to the most romantic hypothesis and then
worked my way back elsewhere, IRC and Twitter. A few of these prospects
could be reasonably addressed through the trends of the top fifty
countries, illustrated here: http://cda.io/r/tor_mystery_2013.png

From the outset, this seems to suggest that the catalyst occurred between
August 19-20.

Few other points of conjecture that came up:

   - I would infer based on no increase occurring in Iran that the Tor
   version being run by the agent is pre-2.4; Iran continues to implement
   countrywide DPI against Tor's SSL handshake, which was fixed for the moment
   in ticket #8443. Whether it's circumvention or malware, I would trust it
   would hit Iran.
   - As Runa notes, attempting to correlate with censorship is not strong,
   I would propose however that based on relative growth, a better indicator
   is level of development (ehem, piracy) and geography. I might be passing
   over someone, but it isn't until you get to Japan (40th) that you run into
   what is traditionally called a highly-developed state (all apologies for
   the terrible phrasing of this).
   - Pirate Browser with Tor was released when, August 11th or 12th? I
   would expect we would see a more gradual and less synchronous incline if it
   were natural adoption patterns (short of an autoupdater).

  A) The change in user counts for each country should be proportional
  to the installation base of some infectable software population
  for that country. Can we start with the easy ones with lots of
  public data on them, such as Windows, Flash, or Java?


I would also look for piracy and software update rates.


   B) Weird that we saw no new countries. Why? Is this just a canary
  test to see if we'd fall over? Can we check for correlations
  between our change in userbase per-country and the current number
  of Internet users per-country too, to see if that matches?


I culled the list at 1,000 users on either dates, there were a few
countries that cropped up with new users, like Anguilla. Macedonia and
Bosnia are also interesting toward this, regionally and going from a
hundred to a thousand.


   C) People on IRC have suggested there is correlation to work hours.
  Does this actually apply to countries with atypical work weeks
  and holidays? (Is some popular corporate/work-group software the
  target here?)


Look for Muslim countries in the chart.


 2. If this was Pirate Browser:


It's not.



 3. If this is widespread local censorship/unrest:

   A) No level of censorship/social unrest happens across 91 countries at
  once. Justify your existence, meme.


Like, Hack the planet, bro.

So I think we are left with one unfortunate, not Israeli conclusion. Is
there an example of such fine grain statistics of botnet growth tagged with
date and country? Seems like a pretty solid research dataset for someone.

Cordially,
Collin





 P.S. To the bot-herders who are totally not Israeli: Our network can't
 scale as well as anything you can infect this fast. It will fall over,
 and when it does, the whole Internet will be looking for you. Maybe you
 should chillax a bit and consider running your own mix network. Good
 luck! ;)

   I downloaded the direct connecting users csv and created a
   spreadsheet between the start of the month and the end. It seems that
 it
   was the confluence of many states increasing their censorship of the
   Internet, especially instances like Vietnam and Facebook. Here is the
 raw
   data:
  
  
  
 https://docs.google.com/spreadsheet/ccc?key=0Amq69Ncu9Fp_dDlFYWhDZlNCTkdfWGhFWGlCOWFFNWcusp=sharing

 --
 Mike Perry

 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsusbscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor relay activity from Antarctica

[Collin Anderson]

MaxMind, the database that powers the location tracker is far from perfect
and will accept IP prefix registration information blindly. For example on
my throttling work I found Iranian hosts with orders of magnitude faster
connections than anything else, only to realize they were actually web
servers in the Netherlands but registered to people inside Iran. I'd bet if
you found the actual IP address it would be in some place decidedly more
banal.
On Aug 28, 2013 12:56 PM, lee colleton l...@colleton.net wrote:

 There is an indication that computers are connecting to the Tor
 anonymizing proxy network from Antarctica. This information is anonymously
 self-reported by the connecting client computers and it's entirely possible
 that the locations are inaccurate. However, there is also a possibility
 that malicious software has been installed on computers in one of your
 research stations which is using the Tor network for command-and-control
 purposes, unbeknownst to the owners. I would encourage you to investigate
 this matter.

 I'm an operator of Tor relays and take an interest in the activity on the
 network, but I'm not directly affiliated with the Tor
 Projecthttps://torproject.orgnor do I claim to represent them.
 Please refer to their website for further
 information and official contact addresses. I've also sent this message to
 their mailing list should you wish to follow up, there.

 Kind regards,
 Lee Colleton

 [image: Inline image
 1]
 https://metrics.torproject.org/direct-users.png?start=2013-05-29events=offend=2013-08-27country=aq
 
 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsusbscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor and Financial Transparency

[Collin Anderson]

Hi Juan,

On Thu, Aug 29, 2013 at 2:46 PM, Juan Garofalo juan@gmail.com wrote:

 You seriously think people are going to believe that?  I mean the
 bit

 parts of the US and Swedish Governments...want to see strong
 privacy
 and anonymity exist on the Internet


So, this is perhaps a privilege (or corruption) of perspective, but
governments are not monolithic. The best description about this is a
statement by Gen. Hayden, former Dir. of the NSA and CIA:

*“We need to pull the rest of American thinking into this in a relevant
way.  Secretary Clinton gave two speeches on cyber stuff while she was
secretary.  And if you’re you know you think of the world as security and
liberty she broke left literally both times in both of her speeches she
came down on on cyber freedom.  Society at the same time cyber communities
out there are trying to crack the nut on anonymity on the net because you
realize that’s the root of many many dangers out there as cyber communities
just chugging away at that. The secretary of state is laundering money
through NGOs to populate software throughout the Arab world to prevent the
people in the Arab street from being tracked by their government.  Alright
so on the one hand we’re fighting anonymity on the other hand we’re
chucking products out there to protect anonymity on the net.”*

http://b.averysmallbird.com/entries/hayden-comments

Imagine that, the former director of the NSA accusing the former Secretary
of State of working against US interests by promoting anonymity. Even the
US Government is a large beast with competing interests, some parts are
bent on security and intelligence, some are just science research oriented,
and some have a material stake in the Internet privacy.

-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Many more Tor users in the past week?

[Collin Anderson]

Firstly congratulations Tor; secondly this seems pretty solvable with math
and what not. I downloaded the direct connecting users csv and created a
spreadsheet between the start of the month and the end. It seems that it
was the confluence of many states increasing their censorship of the
Internet, especially instances like Vietnam and Facebook. Here is the raw
data:

https://docs.google.com/spreadsheet/ccc?key=0Amq69Ncu9Fp_dDlFYWhDZlNCTkdfWGhFWGlCOWFFNWcusp=sharing


On Tue, Aug 27, 2013 at 10:03 PM, lee colleton l...@colleton.net wrote:

 I've started the Pirate Browser and it does start Tor through Vidalia. The
 browser component doesn't make an effort to anonymize the user, as I
 understand it.
 On Aug 27, 2013 6:56 PM, mirimir miri...@riseup.net wrote:

  On 08/28/2013 12:35 AM, Nathan Suchy wrote:
 
   The Pirate Browser does not use Tor. Anyone who did any reading would
   realize this. I feel that the more usage of Tor the better. The Pirate
   Browser needs to have some warning on extraction...
 
  It doesn't use Tor at all? For anything?
 
  Their FAQ now says: No, it's not inteneded [sic] to be a TOR Browser,
  while it uses the Tor network, which is designed for anonymous surfing,
  this browser is ONLY intended to circumvent censorship.
 
   On Tue, Aug 27, 2013 at 6:53 PM, mirimir miri...@riseup.net wrote:
  
   On 08/27/2013 10:40 PM, mirimir wrote:
  
   On 08/27/2013 04:26 PM, grarpamp wrote:
  
   On Tue, Aug 27, 2013 at 11:56 AM, Missouri Anglers
   missouri.angl...@gmail.com wrote:
   PirateBay is pushing the Pirate browser on their website.
   People are not searching for it. They are discovering it while
   downloading torrents.
  
   Oh, seems there's a bolded link on the bottom of piratebay.sx ...
   now that might actually do it. It went up on Aug 9/10 I think.
  
   Try asking piratebrowser.com for usage stats. 500k?
  
   In Alexa's top sites list, their global rank is currently 73. It was
   about 90 yesterday.
  
   By comparison:
  
   wordpress.org  -  66
   flickr.com  -  67
   adobe.com  -  68
   vube.com  -  72
   thepiratebay.sx  -  73
   blogspot.in  -  75
   godaddy.com  -  77
   huffingtonpost.com  -  79
   about.com  -  82
  
   Is that consistent with 500k?
  
   That was stupid of me.
  
   In Alexa's top sites list, it's thepiratebay.sx that currently has a
   global rank of 73. Alexa shows piratebrowser.com at about 35,000.
  
   --
   tor-talk mailing list - tor-talk@lists.torproject.org
   To unsusbscribe or change other settings go to
   https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
  
  
  
  
 
  --
  tor-talk mailing list - tor-talk@lists.torproject.org
  To unsusbscribe or change other settings go to
  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
 
 --
 tor-talk mailing list - tor-talk@lists.torproject.org
 To unsusbscribe or change other settings go to
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsusbscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] News from Iran

[Collin Anderson]

Karsten,

This was the fifth explanation for the blocking in as many days. Iran has
blocked YouTube permanently since the June 2009 election. It is important
to note, however, that Iran has begun DNS injection today at the DCI
gateway (AS12880) for the requests on at least youtube.com.

Pastebin: http://pastebin.com/VNDEJReP http://pastebin.com/VNDEJReP

Also, my paper on the weird use of 10.0.0.0/8 addresses within the country,
which now has to be updated after only twenty-four hours...
arxiv.org/abs/1209.6398

Cordially,
Collin

On Mon, Oct 1, 2012 at 10:23 AM, Karsten N. k...@awxcnx.de wrote:

 We wanted to block YouTube, and Gmail was also blocked, which was
 involuntary. (Iran's telecommunications ministry committee)

   http://www.bbc.com/news/technology-19784409


 Karsten N.

 On 10/01/2012 10:06 AM, Collin Anderson wrote:
  Just a notice, it appears that the rules blocking SSL to the IPs in
  Google/Gmail's DNS round robin have been removed for the two
 international
  gateways, outages are still occurring because a few of the local ISPs
  decided to get clever and filter it themselves.
 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] News from Iran

[Collin Anderson]

Just a notice, it appears that the rules blocking SSL to the IPs in
Google/Gmail's DNS round robin have been removed for the two international
gateways, outages are still occurring because a few of the local ISPs
decided to get clever and filter it themselves.

On Mon, Sep 24, 2012 at 6:29 AM, Mansour Moufid mansourmou...@gmail.comwrote:

 On 2012-09-24, at 2:10 AM, Runa A. Sandvik wrote:

  On Sun, Sep 23, 2012 at 11:36 PM, SiNA Rabbani s...@redteam.io wrote:
  Next phase is to do the same with the entire population of Iran. It is
  hard for me to imagine the Internet getting completely shutdown. I
  suspect they will make SSL traffic very slow to a point that users would
  give up and look for other alternatives
 
  Isn't this something they have been doing for a while?

 Apparently VPNs were made illegal, but I don't think that was enforced.

 Personally, I wish I had to go to the other side of the planet to find
 this kind of thing. Bell, a Canadian ISP, does it too. Not SSL but VPN
 and other traffic their DPI can't identify, is steadily throttled down
 to zero. OTOH, Rogers, the only other ISP, has always messed with DNS.

 Iran must be doing this with Canadian tech -- it sounds so familiar.

 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] News from Iran

[Collin Anderson]

To be historically accurate, Youtube has been blocked in Iran for at least
three years. Last week, I had compiled a list of open HTTP proxies within
country, and iterating requests for Google, Gmail, and Youtube now,
everything appears to be the way they have been for some time. Somewhat
relatedly, this week, I will be posting a working paper to arXiv on how
Iran has set up a hidden Internet using RFC 10/8 IP addresses.


On Sun, Sep 23, 2012 at 6:36 PM, SiNA Rabbani s...@redteam.io wrote:

 Finally after years of waiting we will get to see what a so called
 Halal Internet looks like. So far they have completed Phase One
 which is to disconnect all the governmental entities from Gmail and
 other foreign services.

 Next phase is to do the same with the entire population of Iran. It is
 hard for me to imagine the Internet getting completely shutdown. I
 suspect they will make SSL traffic very slow to a point that users would
 give up and look for other alternatives

 Today, Iran started to block Gmail at different ISP and cities all over
 Iran. The head of the unit that is in charge of blocking said that

 Because of the release of an anti-islam videos about prophet Muhammad
 on Youtube, which is owned by Google, *The People* have asked for these
 sites to be blocked! So we have decided to Block Google and Gmail
 service until further notice.

 --SiNA

 On 09/23/2012 03:19 PM, HardKor wrote:
  Hello,
 
  I just read in an online newspaper that Iran will block Google (and
  Youtube) very soon. The article also say that the whole network will be
  disconnected from the internet soon.
 
  Does any one have more detailed informations about what's going on over
  threre ?
 
  HardKor
 
  5845 16EB 0589 B89A 5E6E  98DE 74F5 F875 6D34 45F9
  ___
  tor-talk mailing list
  tor-talk@lists.torproject.org
  https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
 

 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] News from Iran

[Collin Anderson]

I spoke too soon, my host that routes through the DCI (AS12880) is unable
to access Google sites through SSL. HTTP seems to still work though.

On Sun, Sep 23, 2012 at 9:04 PM, Chris Smart csma...@cogeco.ca wrote:

 They won't be online much after the EMP :)
 --**
 CTS MASTERING, affordable and professional mixing and mastering:
 http://www.ctsmastering.com
 Twitter: 
 https://twitter.com/#!/**CTSMASTERINGhttps://twitter.com/#!/CTSMASTERING
 BLOG: www.ctsmastering.com/blog
 Linked In: 
 http://ca.linkedin.com/pub/**chris-smart/46/824/536http://ca.linkedin.com/pub/chris-smart/46/824/536


 __**_
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talkhttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] News from Iran

[Collin Anderson]

Apologies for flooding, Pastebin: http://pastebin.com/xbeQcVNa

On Sun, Sep 23, 2012 at 9:39 PM, Collin Anderson
col...@averysmallbird.comwrote:

 I spoke too soon, my host that routes through the DCI (AS12880) is unable
 to access Google sites through SSL. HTTP seems to still work though.


 On Sun, Sep 23, 2012 at 9:04 PM, Chris Smart csma...@cogeco.ca wrote:

 They won't be online much after the EMP :)
 --**
 CTS MASTERING, affordable and professional mixing and mastering:
 http://www.ctsmastering.com
 Twitter: 
 https://twitter.com/#!/**CTSMASTERINGhttps://twitter.com/#!/CTSMASTERING
 BLOG: www.ctsmastering.com/blog
 Linked In: 
 http://ca.linkedin.com/pub/**chris-smart/46/824/536http://ca.linkedin.com/pub/chris-smart/46/824/536


 __**_
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/**cgi-bin/mailman/listinfo/tor-**talkhttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




 --
 *Collin David Anderson*
 averysmallbird.com | @cda | Washington, D.C.




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] TorBirdy suggestion: block subject header when encrypting email

[Collin Anderson]

On Fri, Aug 31, 2012 at 9:32 PM, Shew shew09...@rambler.ru wrote:

 However, Enigmail does not block or even warn the
 user if they are sending an encrypted email with something in the
 subject header.


Yes, I agree that is bad policy, however, TorBirdy is not Enigmail and
neither require each other to work properly. I, for one, do not use PGP for
every outgoing email, although I would still prefer to use Tor for my
Thunderbird traffic. I would suggest the proper remedy for this completely
legitimate issue would be to file a bug ticket with Enigmail.



 --
 Shew


 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] 'Iran plans to unplug the Internet, launch its own clean alternative'

[Collin Anderson]

This latest 'Iran is going to disconnect the Internet' paroxysm originated
from a year-old April Fools joke that was resubmitted to a popular social
media aggregator last week. The meme exploded across Persian-language blogs
within the day.

Not only is it not posturing, it is factually incorrect.

On Tue, Apr 10, 2012 at 3:46 AM, Zebro kojos zebro.ko...@gmail.com wrote:


 http://arstechnica.com/tech-policy/news/2012/04/iran-plans-to-unplug-the-internet-launch-its-own-clean-alternative.ars

 Perhaps there are more sources with more detailed/sourced info.

 Thought this was relevant.

 I wonder whether they plan / the idea would be to completely detach from
 any foreign communications, save for some 'approved' nodes for banks and
 such.

 I suppose if the Dark net plan were more mature at this point, it would be
 possible to theorize the creation of a mediating cluster of nodes connected
 to the internet via wifi-darknet / whatnot, that would rebroadcast to the
 local darknet via wifi etc.

 But holy damn. (I suppose the Iranian plan is premature etc., but still.)
 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Cannot finish handshake with directory server (Kazakhstan)

[Collin Anderson]

 For Kazakhstan specifically, I don't know which company they use, or maybe
 they're building their own like Iran.


While it is important in being good stewards of the Internet to recognize
where Western companies are facilitating the repression of speech, there
are other actors in this space that need to be recognized. Vendors such as
Huawei face less onerous export restrictions than most American and
European counterparts, often provided/subsidized by governments as
soft-power initiatives and are certainly equipped[1] to do the level of
mass surveillance and filtering that we see in countries such as Iran.

Please forgive this comment in being tangental; I am increasingly
interested in how Kazakhstan is moving and hope to be involved in bringing
more to light on the matter.

[1] http://www.huawei.com/products/datacomm/catalog.do?id=1219

Collin

On Tue, Feb 28, 2012 at 10:15 AM, Andrew Lewman and...@torproject.orgwrote:

 On Tue, 28 Feb 2012 13:51:21 +0200
 Maxim Kammerer m...@dee.su wrote:
  As asked by a commenter, is it known which companies supply the
  Tor-focused DPI blocking technology to governments, universities, and
  the like? I see two possible directions where such information might
  be helpful:

 Yes, there are many, many companies. Bluecoat, Narus, Cisco, Fortinet,
 Nokia/Siemens, come to mind. For Kazakhstan specifically, I don't know
 which company they use, or maybe they're building their own like Iran.

 See

 https://www.eff.org/deeplinks/2012/02/upcoming-supreme-court-case-may-hold-key-holding-spy-tech-companies-responsible

 and

 https://www.eff.org/deeplinks/2012/02/not-a-hoax-pakistan-requests-proposals-national-filtering-and-blocking-system

 and

 https://www.eff.org/deeplinks/2012/02/spy-tech-companies-their-authoritarian-customers-part-ii-trovicor-and-area-spa

 Or just look at http://spyfiles.org/ for a list of possible companies.

 --
 Andrew
 http://tpo.is/contact
 pgp 0x74ED336B
 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Sonic Firewall, Iran related?

[Collin Anderson]

Malaysia or Singapore?

On Mon, Feb 13, 2012 at 1:32 PM, Nathan Freitas nat...@freitas.net wrote:


 I have been in touch with an Orbot user at a university somewhere in a
 relatively free country in Asia, who just a week or so ago found that it
 no longer worked for him. He was unable to connect to the Tor network
 either directly or with bridges, and it seemed like SSL related errors
 were occuring.

 He wrote me today saying this:
 Today I had a talk with the head of computer department, he said that
 the sonic wall blocking policies are automatically updated and they
 can't do anything with that.

 While I do not know who automatically updated their firewall rules, it
 is interesting that this wasn't a targeted Tor thing by the local admin,
 but some wider deployment, perhaps directly from Sonic corporate
 themselves.

 On a hunch, I sent him the new Orbot+OBFS bundle to test out, and it
 worked like a charm. He was very excited, and has promised to be a loyal
 tester. It indeed seems like they were doing a similar SSL/TLS DPI
 block/filter as what is happening in Iran.

 Now the timing of all of this, and the similar approach to filtering
 made me curious if this could perhaps be related... could some ISP or
 national NOC in Iran be running the same product as this university in
 Asia?

 Regardless, it seems like the SSL/TLS DPI might become a standard
 tactic, and the needs for obfsproxy will be growing rapidly.

 +n
 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Sonic Firewall, Iran related?

[Collin Anderson]

Nathan,


 I see, and so on Android, where the CA was not installed, it was
 throwing the proper error perhaps?


If the SonicWall was proxying SSL with its own CA, wouldn't all HTTPS pages
be broken? More narrowly, if it was interfering with suspicious/aberrant
traffic, wouldn't Tor die with an error logged about an invalid cert?

Haha, well, I decided not to say, so I will not.


One should bear in mind then that particular countries have direct
connections to Iran. I would also add from observation that for some
unknown reason, a number of universities in South East Asia appear to be
unexpected sources of traffic to Persian-language websites.

I think a lot could be learned from a traceroute, looking at logs and
noting what certificates are being seen by the user.

Collin

On Mon, Feb 13, 2012 at 10:41 PM, Nathan Freitas nat...@freitas.net wrote:

 On 02/13/2012 01:53 PM, Andrew Lewman wrote:
  The CA
  was installed by the university on their mandated laptops, so students
  would never know they were mitm'd the entire time.

 I see, and so on Android, where the CA was not installed, it was
 throwing the proper error perhaps?

 Anyhow, +1 for obfsproxy for working in this context.

 I am still curious of the possibility that Iran is running the same
 Sonic solution, or the timing is just a coincidence.

 +n
 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] How to make 100.000 bridge?

[Collin Anderson]

On Fri, Jan 13, 2012 at 12:26 PM, Runa A. Sandvik runa.sand...@gmail.comwrote:

 Or just https://cloud.torproject.org/


Runa, could you speak to the expectations of the bridge strategy regarding
the stability and lifespan of nodes? More specifically, to ensure a healthy
and stable network, how long should a volunteer attempt to maintain a
bridge (days, weeks or months)?

In the case of Amazon Web Services, there is the additional option of being
able to cycle address quickly -- this is helpful against blocking but
creates frustration with end-users unaffected by country-specific action.
Should a user maintain the bridge as long as there is traffic, for the good
of the network, or is changing addresses in response to external events
reasonable.

While Fabio's suggestion is novel, I suspect any volunteer using an shared
host would quickly find themselves facing the wrath of administrators.
Given the number of well-meaning, but unprepared people, I would be
cautious as it would potentially introduce a large number of unstable
bridges.

Cordially,
Collin

-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Implement JSONP interface for check.torproject.org

[Collin Anderson]

Tor would not be validating the nature or security of the hosted site,
rather the JSON would be confirming attributes of the visitor. I cannot
imagine many scenarios where a malicious party stands to benefit from
forging these credentials -- or for that matter a manner where they could
not fake a confirmation themselves without using the API.

On Sun, Nov 6, 2011 at 9:13 PM, Andrew Lewman and...@torproject.org wrote:

 On Sunday, November 06, 2011 11:00:08 Fabio Pietrosanti (naif) wrote:
  Let's support that AccessNow https://www.accessnow.org/ would like to
  implement the privacybadge web widget, they have several options:

 A word of caution about privacy badges, learning the history of TRUSTe is
 relevant, https://secure.wikimedia.org/wikipedia/en/wiki/TRUSTe#History.

 Research shows that sites with the TRUSTe seal are the least likely to
 honor
 what you think of as privacy, http://www.benedelman.org/news/092506-1.html
 .

 --
 Andrew
 pgp 0x74ED336B
 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor files

[Collin Anderson]

Correct, PPTP VPNs have been blocked for the past four days. People have
reported issues with Tor to me, however, I was able to connect from a
machine inside the country just fine. Aaron's suggestion of gettor is the
best approach, please don't trust any other methods of retrieving files.
Best of luck Daniel.

- CDA

On Sat, Oct 1, 2011 at 3:23 AM, Daniel Samani artailic...@gmail.com wrote:

 Dear Philip,

 The attempts my friends have done in the university have been unsuccessful
 in this regard. Tunneling via a proxy seams not to work, as with VPN.

 Cheero Daniel



 Hello Daniel,

 Can you use a proxy server from the uni?

 Phillip



 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Dutch CA issues fake *.torproject.org cert (among many others)

[Collin Anderson]

According to a number of bloggers(1), torproject.org was include among those
domains targeted in the certificate breach. In at least the case of Google,
these certificates have been offered to Iranian Internet users by a number
of ISPs, in a number of city.

Risk is a product of situation, and if you are in Iran, Syria, Belarus, et
al, I would exercise at least that level of caution.

(1)
http://www.nu.nl/internet/2603449/mogelijk-nepsoftware-verspreid-naast-aftappen-gmail.html

On Fri, Sep 2, 2011 at 1:11 PM, Seth David Schoen sch...@eff.org wrote:

 Joe Btfsplk writes:

  Is it really a risk, d/l  Tor or TBB directly from Tor Project's
  site, that verifying signatures is necessary?  What is the reasoning
  here - if getting files from Tor Project server?

 How do you know it was really the Tor Project server?

 --
 Seth Schoen  sch...@eff.org
 Senior Staff Technologist   https://www.eff.org/
 Electronic Frontier Foundation  https://www.eff.org/join
 454 Shotwell Street, San Francisco, CA  94110   +1 415 436 9333 x107
 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Usage Statistics for Iran

[Collin Anderson]

Joe - I may be of some help, as I am working on an ongoing project tracking
the methods and behaviors of Iranian circumvention tool users. Between May
and August, I independently noticed something of a similar trajectory of
adoption numbers by Iranian users. What I've found in part is there are a
number of concurrent threads that likely contribute to the increase in
traffic, but don't account directly. These include:

*Increase of public awareness of Tor:* There are number of organizations and
individuals that have been promoting Tor in the country to political
audiences.

*Less competition:* A number of services such as freegate and gtunnel have
reduced their availability to Iranians. Users have moved from HTTP proxies
to Ultrasurf and VPNs chiefly, but Tor has also benefited. This is probably
the biggest cause.

During the initial results of our research, it appears that there is a
meaningful correlation between political activism and specific tool use.
However, that's deserves a deeper explanation off list.

Cordially,

Collin David Anderson
averysmallbird.com | @cda | Washington, D.C.
--
On Aug 31, 2011 10:29 AM, Andrew Lewman and...@torproject.org wrote:
On Wednesday, August 31, 2011 09:10:03 Joe Galvin wrote:
 Well I'm not presuming that any of them are from the opposition. I don't
 know what they're doing, which is the point. As I said there's no
political
 OR social reason, as far as I'm aware, for the number have users to have
 multiplied x5 since last August. Just interested in why it has happened,
if
 there is any particular reason. Maybe there isn't. It's a pretty
 astonishing jump though.

The Persian News Network has been promoting Tor to their viewership in
August.
This is likely the cause of the jump in usage from Iran. However, this is
just
a correlation.

-- 
Andrew
pgp 0x74ED336B
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Hijacking Advertising to give a Tor Exit node economic sustainability?

[Collin Anderson]

For whatever it's worth, this seems to be a common model for a number of
free VPN and Glype-style Web-based providers, who cater to clients
attempting to get around content filtering. I've been interested in the
mechanics and economics of the approach, but haven't yet had time to do any
investigation.

*CDA*

On Sat, Aug 6, 2011 at 5:14 PM, Jim jimmy...@copper.net wrote:

 Fabio Pietrosanti (naif) wrote:
  Ok, modifying user traffic it's a tabu', but let's just consider for a
  moment how many useful things for the user and for the tor project could
  be done.

 Perhaps the user doesn't *want* those useful things done for him.
 Perhaps he knows what he is doing and is already doing *exactly* what he
 wants to do.  Very slippery slope!

 (Not that I think there is a remote chance that such an exit node would
 not be marked as a bad exit just on general principles.  I just wanted
 to point out that I find this nanny state attitude of we know better
 than you offensive.  It's bad enough when ISPs break NXDOMAIN, etc.
 Although I doubt that you meant any harm.  :-)

 Jim


 ___
 tor-talk mailing list
 tor-talk@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk




-- 
*Collin David Anderson*
averysmallbird.com | @cda | Washington, D.C.
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk