I denounce the Tor Project's political activism under the new
administration and this attempt to fuel the cancel culture.
I am signing the supporting letter for Richard Stallman and pausing my
relays. I realize that this is largely symbolic, but so is running Tor
relays in the first place. I am
Is there anything Tor can do inside the Tor browser itself?
I would understand and support something as drastic as disabling non-HTTPS,
non-Onion connections altogether. When the user types a URL with no
protocol prefix, the browser will assume HTTPS.
This may break some websites, so a transition
Matt, if you only have 1 host, it may be more beneficial to create 2
relays on it (or more than 2 - if you have more than 1 IPv4 address
available) using tor-instance-create. You could be hitting the limits
of what a single CPU core can do.
On Sun, May 26, 2019 at 4:07 PM Keifer Bly wrote:
>
>
Alison, can you please share a link to the results of 'user testing as
well as research on
usability, accessibility, and localization'? I most definitely welcome
the idea of making Tor look modern (and would like to help if I can)
but it would be good to see what standards the development team is
Hi,
I use tor-instance-create to spawn a number of relay instances.
However, there seems to be one extra instance running - the default
one that reads /etc/tor/torrc (and not
/etc/tor/instances/INSTANCE/torrc).
How do I disable that default tor relay? It opens port 9050 and does
who else knows
I'd like to call out the apparent hidden service performance slowdown:
https://metrics.torproject.org/torperf.html?start=2017-04-23=2018-01-21=all=onion=50kb
I hope the dev team is looking into it.
Thanks,
Igor
___
tor-relays mailing list
Is there a way to inherit a portion of torrc (to avoid copying the
same MyFamily line into every torrc)?
On Thu, Jan 4, 2018 at 11:12 AM, John Ricketts wrote:
> Agreed. All of my 50 relays list all relays including itself.
___
It is safe to assume that both relays and select hidden services are
being scanned 24/7. When your host reboots (say, as a result of an
automatic OS update), both your relay and your hidden service become
unavailable at the same time, instantly revealing the IP of the hidden
service.
On Thu, Jan
to set
MaxMemInQueues without making it too conservative.
On Fri, Dec 22, 2017 at 11:46 AM, r1610091651 <r1610091...@telenet.be> wrote:
> It would expect it to be per instance. Instances are independent of each
> other. Further one can only run 2 instances max / ip.
>
> On Fri, 22 Dec 2017
Hi,
Is MaxMemInQueues parameter per-host (global) or per-instance?
Say, there are 10 relays on the same 24 GB host. Should I set
MaxMemInQueues to 20 GB, or 2 GB in each torrc?
Thanks,
Igor
___
tor-relays mailing list
tor-relays@lists.torproject.org
On Tue, Dec 12, 2017 at 1:17 PM, tor wrote:
>>I am getting this too, I saw this the logs a few months ago and didn't think
>>anything of it.
>
>
> I wouldn't worry about it. Faravahar has a long history of misbehavior:
>
>
After reading every paper and post on sysctl.conf and iptables tuning
I could find, and reading some kernel code, I have come to a
conclusion that, while there are a few settings to tune (can share
mine, but your mileage *will* vary), most of the defaults are actually
not broken in the latest
Atlas definitely looked lighter, more airy. The new UI looks dense and
dated, with that Microsoft Office style table from the 90s. Oh well,
I'll get used to it - at least it is not yet another "Web 2.0"
Bootstrap. The idea of merging Atlas into Metrics is definitely a good
one.
On Tue, Nov 14,
Hi,
It looks like 94.7% of all Running relays have the "Fast" flag now. If
that percentage becomes 100%, the flag will become meaningless.
What were the reasons behind the current definition of "Fast", and are
those still valid? If not, should "Fast" become self-adjusting
("faster than 2 Mbps or
>> # Only listen on loopback
>>
>> interface=lo
>> bind-interfaces
>
> What is your opinion about the config line "listen-address=127.0.0.1" advised
> in https://wiki.debian.org/HowTo/dnsmasq#Local_Caching ?
It should have a similar effect, except that 127.0.0.1 is IPv4 only,
while "interface=lo"
relays sending DNS requests to a
large and diverse number of destinations can make practical
DNS-assisted traffic correlation prohibitively expensive.
On Sun, Oct 8, 2017 at 12:03 PM, Ralph Seichter <m16+...@monksofcool.net> wrote:
> On 08.10.17 20:48, Igor Mitrofanov wrote:
>
>>
ol.net> wrote:
> On 08.10.17 19:48, Igor Mitrofanov wrote:
>
>> My hosting provider runs no DNS servers and recommends using 8.8.x.x,
>> so I have to pick something.
>
> You don't have to pick, and this is not meant to be patronising. Install
> Unbound with the few lines of conf
My hosting provider runs no DNS servers and recommends using 8.8.x.x,
so I have to pick something.
On Sun, Oct 8, 2017 at 10:22 AM, Ralph Seichter <m16+...@monksofcool.net> wrote:
> On 08.10.17 18:34, Igor Mitrofanov wrote:
>
>> Unless configured otherwise, Dnsmasq chooses a se
Toralf, thanks for the data. Has that 10% stabilized, or is it still
growing for your node?
On Sun, Oct 8, 2017 at 9:54 AM, Toralf Förster <toralf.foers...@gmx.de> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 10/08/2017 06:34 PM, Igor Mitrofanov wrote:
>
Unless configured otherwise, Dnsmasq chooses a server from the list
randomly, so the more servers the operator specifies in dnsmasq.conf,
the less traffic each server gets. This increases the diversity of DNS
requests, complicating traffic analysis for any adversary that
controls some, but not
i.debian.org/HowTo/dnsmasq#Local_Caching ).
3) Make sure that the file /etc/dnsmasq.conf contains the line
"listen-address=127.0.0.1" (to restrict dnsmasq to the local system).
4) Set the cache size to 1 by adding or editing this line
"cache-size=1" in the
: [tor-relays] SSH brute force attempts to connect to my Middle
Relay IP address
> On 4 Oct 2017, at 02:26, Igor Mitrofanov <igor.n.mitrofa...@gmail.com>
wrote:
>
> I have setup a (private, key-based) Tor hidden service for SSH
administration. It works well and leaves no extra open
I have setup a (private, key-based) Tor hidden service for SSH administration.
It works well and leaves no extra open ports to attack.
If you also take advantage of package updates over Tor (via the local SOCKS5
proxy that any Tor instance provides) the only non-OR incoming traffic you need
to
If it's important enough to do on a single relay, it's important
enough to do it across the entire network. I bet there are, and will
always be, plenty of exit node operators not reading this email list,
or not planning to do anything, or not configuring everything
properly, etc.
On Tue, Sep 12,
I wonder if these are all half-measures, and Tor needs a first-class solution
to the DNS weakness.
Every Tor relay can have a simple resolver built-in, and/or perhaps all Tor
relays could be running a DHT-style global DNS cache.
In case of a cache miss, the exit relay could build a circuit to
Hi,
I have configured a Tor bridge to go through a particular Tor guard
relay (that I also own), as an experiment.
Upon initialization I am getting this warning:
"Your guard [fingerprint] is failing an extremely large amount of
circuits. This could indicate a route manipulation attack, extreme
The DNS issue is in the "long tail" - rare/unique websites are unlikely to be
cached, yet they likely represent the most interesting targets.
I do agree that running dnsmasq (or a similar caching resolver) is probably
sufficient to make DNS attacks too unreliable to invest in. I am not sure why
Check this list and choose the ones with the lowest ping from your node:
https://www.lifewire.com/free-and-public-dns-servers-2626062
Make sure to avoid DNS servers marketed as "secure" (for example, do
NOT use "Comodo Secure DNS") since they perform arbitrary
censorship/redirection. Also, do not
> Port numbers and TLS ore orthogonal: port 443 can be used for cleartext,
> and port 80 for encrypted traffic. In the case of IRC, it's quite common
> for 6667 to be used with TLS.
When a relay operator uses exit policies, I believe they express an
intent to block certain types of applications,
29 matches
Mail list logo