Re: [tor-relays] Bridge operator iat_mode setting

On Thu, Feb 25, 2021 at 06:30:35PM +0100, Toralf Förster wrote: > SO why is this not the default? The feature introduces a substantial performance penalty for a dubious and poorly understood privacy gain. If I were to write an algorithm to detect obfs4, I wouldn't bother dealing with its flow

Re: [tor-relays] Bridge Setup

On Tue, Jan 12, 2021 at 12:19:28PM -0800, San Shi wrote: > After running tor.exe -f torrc, there is no notice file appearing where it > should be, and Tor still seems to fail to setup. What does your log file say? > I assume either I messed up modifying the text file or that the obsf4 port > I

Re: [tor-relays] Introducing new bridge status page

On Tue, Jan 12, 2021 at 10:03:52PM +0100, li...@for-privacy.net wrote: > On 11.01.2021 21:59, Toralf Förster wrote: > > On 1/11/21 9:03 PM, Philipp Winter wrote: > > > FINGERPRINT is your bridge's fingerprint or its hashed fingerprint -- > > > either works.

[tor-relays] Introducing new bridge status page

As part of our ongoing effort to reimplement BridgeDB, we now have a bridge status page that shows if a bridge's pluggable transports work: https://bridges.torproject.org/status?id=FINGERPRINT FINGERPRINT is your bridge's fingerprint or its hashed fingerprint -- either works. The backend

Re: [tor-relays] Bridges under DDoS

On Wed, Nov 11, 2020 at 09:05:24PM -, Jonas wrote: > Over the past seven days, all of my bridges are under DDoS attack. > Other servers hosted with adjacent IP addresses are not under attack. * What kind of DDoS are you seeing? Is it a lot of network packets? Or network connections? *

Re: [tor-relays] Q: Is my bridge up?

On Wed, Jun 10, 2020 at 10:18:45PM +, to...@protonmail.com wrote: > But when I use the bridge reach-ability test at > https://bridges.torproject.org/scan/ > It fails to find my obfs4 port. Your bridge doesn't seem to run obfs4. What does your torrc look like?

Re: [tor-relays] Trouble with opening ports for a new bridge

On Wed, May 20, 2020 at 03:40:38PM +, nottryingtobel...@protonmail.com wrote: > I have two low-traffic websites hosted on Digital Ocean. Each one is > its own Droplet. I setup a Tor bridge on one and it has been running > successfully (20-80 clients / 6 hours or so average) so I know this is

Re: [tor-relays] Is it wise to continue to allow yahoo email accounts to request bridges?

On Mon, Mar 23, 2020 at 05:27:16PM -0700, Keifer Bly wrote: > So for those who did not know, Yahoo (and as such Yahoo Mail) is now owned > by Verizon. They bought both Yahoo and AOL and combined them into Verizon > Media. For this reason, it seems like allowing Yahoo Mail accounts would in > turn

Re: [tor-relays] Bridge Questions, Best Practices

On Wed, Dec 18, 2019 at 12:12:03PM -0800, Eddie wrote: > I've seen a few comments mentioning the lack of obfs4 bridges using port > 443, so as I don't run any kind of webserver on the VPS I can do this.  I > also wanted to run an obfuscated bridge on port 80, but it seems that you > can only run a

Re: [tor-relays] Tor-bridge list

On Sun, Dec 08, 2019 at 10:13:08PM +0100, li...@for-privacy.net wrote: > I put a bridge on an unused server. Currently listed on Tor-metrics. > https://metrics.torproject.org/rs.html#details/48022B9A9402CB6D9918C03B8AFD2A073110B1BD Thanks for running a bridge! > But the IP per mail will soon

[tor-relays] Version 0.3 of obfs4 bridge docker image released

We recently released version 0.3 of our obfs4 bridge docker image. To upgrade to the new image or deploy a new container from scratch, please take a look at our instructions: Here's what changed in our new version: * We added a new

Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31

On Wed, Sep 18, 2019 at 08:46:53PM -0700, Porcelain Mouse wrote: > I run RPM-base distro and would prefer to stick with packages I can get > easily. But, I could build tor for myself, if it came to that. I was > specifically thinking of obsf4 when I asked this question, but I only looked > into

Re: [tor-relays] Bridge Sees 100x Clients Starting 2019-08-31

On Mon, Sep 16, 2019 at 12:25:03PM -0700, Porcelain Mouse wrote: > 1) Can we be pretty sure the bulk of this sudden increase in users is > abuse traffic? If not, is this a problem? Are most of your new clients from Iran? We believe that some popular third-party software started using our

Re: [tor-relays] Why is my Tor bridge relay not getting any traffic?

On Mon, Aug 26, 2019 at 07:03:22PM -0300, Hikari wrote: > What might be wrong? Or is it normal for a Tor bridge relay be this idle? > This is my torrc removing identifiable data. There may be nothing wrong at all. See the following page for more context:

Re: [tor-relays] Call for setting up new obfs4 bridges

On Sat, Jul 20, 2019 at 04:43:50PM +1000, Ben Riley wrote: > Thanks :) It appears to still be running happily this morning. Low > activity, but that's ok. I could bootstrap an obfs4 connection over your bridge just fine. > Interestingly, the fingerprint is now showing the previous relay one. As

[tor-relays] Running obfs4proxy on ports < 1024 (was: Call for setting up new obfs4 bridges)

On Fri, Jul 19, 2019 at 10:36:07AM +0200, dm...@ziggo.nl wrote: > I ran (and keep running) into the same problem (but on Debian), even > after the fix suggested below. If you are running tor over systemd, you will also need to set NoNewPrivileges=no in /lib/systemd/system/tor@default.service and

Re: [tor-relays] Call for setting up new obfs4 bridges

On Thu, Jul 18, 2019 at 12:50:34PM +1000, Ben Riley wrote: > Then I saw the above email about being a bridge and thought, fine, I'll > configure it to be a bridge and help out someone. > Tried to do it via the docker/script method, but soon realised that was > outside my skill level (hey stop

Re: [tor-relays] Call for setting up new obfs4 bridges

On Fri, Jul 12, 2019 at 04:41:25PM +, j4c4l4 wrote: > I was about to ask the same question. I have been running an obfs4 bridge > for several weeks, and the bandwidth it uses is still around 50KB/s, although > the maximum rates are set much higher than that (2.5MB/s, with a burst of > 5MB/s).

Re: [tor-relays] Call for setting up new obfs4 bridges

On Wed, Jul 03, 2019 at 03:45:23PM +, nottryingtobel...@protonmail.com wrote: > While resetting my bridge, I discovered that setting OR Port to auto > causes the port not to survive restarts. After the OR Port was > randomized, I opened it on my router firewall. Then I restarted the > tor

Re: [tor-relays] Call for setting up new obfs4 bridges

On Wed, Jul 03, 2019 at 02:38:03PM +, nottryingtobel...@protonmail.com wrote: > Is it normal for bridges to see no traffic, and if they're not seeing > any, should I keep them online? A bit of background: When you set up a bridge, by default it reports itself to BridgeDB, our system for

Re: [tor-relays] Testing the accessibility of my obfs4 bridge

On Sat, Jul 06, 2019 at 04:31:10PM +, nottryingtobel...@protonmail.com wrote: > I plugged my bridgeline into Tor Browser on Windows, and connected > successfully. I put it into Orbot on Android and also connected > successfully. But when I put it into the new Tor Browser for Android, > I am

Re: [tor-relays] Call for setting up new obfs4 bridges

On Wed, Jul 03, 2019 at 02:09:02AM +, to...@protonmail.com wrote: > Looking at the new, improved instructions for Debian/Ubuntu obfs4 > bridges, I am confused by the talk about a fixed obfs4 bridge port. > The line to do this is commented out. Does that mean it is optional > to give obfs4 a

Re: [tor-relays] Call for setting up new obfs4 bridges

On Thu, Jun 20, 2019 at 12:22:29PM -0700, Philipp Winter wrote: > We therefore want to encourage volunteers to set up new obfs4 bridges to > help censored users. Over the last few weeks, we have been improving > our obfs4 setup guide which walks you through the process:

Re: [tor-relays] BridgeDB currently up but non-functional?

On Thu, Jun 27, 2019 at 07:00:14AM -0700, Rick Huebner wrote: > I'm not sure how obfs4 bridges being unreachable would have prevented > bridgedb from just giving them out anyway (pretty sure it can't tell on its > own) [...] Correct, these are two orthogonal problems. Both cause significant user

Re: [tor-relays] BridgeDB currently up but non-functional?

On Fri, Jun 21, 2019 at 05:56:21AM -0700, Rick Huebner wrote: > Hi, Phillip. Thanks for the response, and for taking on these issues. I also > sent a more detailed direct report to frontd...@torproject.org. It > apparently crossed with your reply to this thread in the mail, I wasn't > intending to

Re: [tor-relays] BridgeDB currently up but non-functional?

Thanks for reporting this issue, Rick. On Wed, Jun 19, 2019 at 23:30:40 UTC, Rick Huebner wrote: > It looks like bridge 1 (eldritchworld) gave me bad/incomplete relay > info which prevented making circuits [...] For what it's worth, I managed to bootstrap an obfs4 connection over this bridge. >

[tor-relays] Call for setting up new obfs4 bridges

Hi everyone, BridgeDB is running low on obfs4 bridges and often fails to provide users with three bridges per request. Besides, we recently fixed a BridgeDB issue that could get an obfs4 bridge blocked because of its vanilla bridge descriptor: We therefore

Re: [tor-relays] HOW-TO: Simple DNS resolver for tor exit operators

On Sun, Aug 06, 2017 at 04:03:53PM -0400, Dennis Emory Hannon wrote: > Guide is meant for debian/linux users > http://backplanedns.org/TOR_exit_dns_resolver_howto.htm I think the solution to Google seeing so many DNS requests is more nuanced. A single organisation seeing that many request is

Re: [tor-relays] write-history for exit relays only?

On Tue, Sep 06, 2016 at 12:10:06PM -0400, Aaron Johnson wrote: > > I suspect that one could approximate this number by accounting for the > > probability of all exits being selected as guard, middle, and exit, but > > I would prefer a simpler and more reliable approach. > > This doesn’t seem like

[tor-relays] write-history for exit relays only?

I want to learn how many bytes exit relays forwarded. I assume that the write-history that is published in a relay's extra-info document includes bytes that were relayed as part of the exit's guard and middle role? If so, is there a way to learn how many bytes were written by the relay in its

Re: [tor-relays] dns request capitalization, tor and unbound

On Sun, Jul 03, 2016 at 09:51:43AM -0400, Zack Weinberg wrote: > However, I personally think it is inappropriate to run a DNS cache on > an exit node, because that preserves a record on the exit node of what > people are using it for. Are you concerned about the DNS cache logging to disk, or

Re: [tor-relays] 8 universities doing joint HS research? (2016-06-12)

On Wed, Jun 15, 2016 at 02:44:16PM +, nusenu wrote: > This looks interesting, 8 new relays joined together: > > http://article.gmane.org/gmane.network.onion-routing.ornetradar/1373 These are PlanetLab nodes, as their PTR record shows. Still, there's probably a research group behind this as

[tor-relays] Exitmap module to count CloudFlare CAPTCHAs

I wrote an exitmap module [0] that can tell us how many exit relays see a CloudFlare CAPTCHA when connecting to a given site. First, I ran the module for coreos.com because it uses CloudFlare, but the owner configured it to whitelist Tor. Indeed, only one out of 864 exit relays saw a CAPTCHA:

Re: [tor-relays] Running 5000 relays...

On Fri, Mar 11, 2016 at 11:51:23AM +, nusenu wrote: > > This sounds like a great effort. I wanted to point out 2 things: > > 1) I think that GCE IP addresses are blacklisted (due to an earlier sybil > > attack, > > https://lists.torproject.org/pipermail/tor-relays/2015-August/007656.html). >

Re: [tor-relays] Do less-secure pluggable transports on bridges render more-secure types useless?

On Sun, Jan 17, 2016 at 11:34:48AM -0800, Rick Huebner wrote: > I can't imagine the GFW would be so kind as to only block the ORport's > specific port number, I assume it blocks the entire bridge IP address, > making all transports useless if any single one of them is detected. Would > it be

Re: [tor-relays] DirAuths are blocking my node on Amazon EC2. Why?

On Fri, Oct 30, 2015 at 09:46:59PM +0300, Yousif Al Saif wrote: > Was there a particular reason for the block or was this specific to my > router only? Should I consider moving to a different provider or was I > specifically targeted by the block and should not attempt moving > somewhere else.

Re: [tor-relays] Google Compute Engine rejected as relay?

On Wed, Aug 19, 2015 at 10:00:54PM -0700, Greg wrote: I tried to spin up a relay on GCE a few days ago, and I found that it was outright rejected with a message like Authdir is rejecting routers in this range. I don't have the IP handy now, but I could easily get another ephemeral IP. I

Re: [tor-relays] exit policy to reflect country-wide ban

On Thu, Dec 04, 2014 at 05:55:10PM +0300, Vladimir Ivanov wrote: Recently, github was blocked in Russia (see discussion here: https://news.ycombinator.com/item?id=8692584). The ban is executed by all major ISPs (comply with this regulation is necessary to keep the telecom license so no ISP is

[tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)

On Wed, Nov 05, 2014 at 04:04:41AM -0500, grarpamp wrote: 173 FreeBSD FreeBSD still seems to use globally incrementing IP IDs by default. That's an issue as it leaks fine-grained information about how many packets a relay's networking stack processes. (However, nobody investigated the exact

Re: [tor-relays] VPS in China

On Thu, Sep 25, 2014 at 02:18:48PM -0800, I wrote: Does anyone have an idea what might be done with a VPS in China? In most networks in China, it will be difficult to set up a relay. Relays must be able to talk to each other and upload their descriptors to directory authorities. That does not

Re: [tor-relays] exit relay not receiving flag

On Mon, Sep 22, 2014 at 04:52:36AM +, ja...@icetor.is wrote: I'm a bit embarassed here but I don't see what I'm doing wrong. I've recently inherited a VPS donation from an anonymous donor. I've configured it up like the rest of Icetor's exit relays but it never receives the exit flag. The

Re: [tor-relays] badexit D9B6E8F3DC60095F25252A1986E90932454C24D3

On Sun, Jul 13, 2014 at 11:34:21AM +, Nusenu wrote: It hasn't got the badexit flag yet. The relay operator wasn't aware of the problem and said he would look into it on Monday. How long does it usually take for the dirauth operators to agree on that / deploy? It can range from one hour

Re: [tor-relays] badexit D9B6E8F3DC60095F25252A1986E90932454C24D3

On Sat, Jul 12, 2014 at 02:27:53PM -0400, grarpamp wrote: Breaks TLS on check.torproject.org, etc. Confirmed, thanks. Seems to be the relay's ISP. I contacted the operator and hopefully she/he will be able to fix it. Cheers, Philipp ___ tor-relays

Re: [tor-relays] Malicious or crappily configured exit node

On Wed, May 14, 2014 at 11:16:21AM +, u wrote: I'm not quite sure where to report this (that is how this e-mail ends up on tor-relays :) ), nor how to avoid this exit node. Is there a way to do that? There isn't really a well-defined process but sending this to tor-assistants is fine. The

Re: [tor-relays] obfs3 a risk to scramblesuit?

On Fri, Feb 14, 2014 at 01:27:32AM +, Delton Barnes wrote: I am running a bridge with both obfs3 and scramblesuit. obfs3 is vulnerable to active probing. Say someone in China makes the mistake of connecting with obfs3 instead of scramblesuit, and active probing identifies it as a Tor

Re: [tor-relays] Help the Tor Project by running a fast unpublished bridge

On Thu, Aug 16, 2012 at 09:51:03AM +0800, Lorenz Kirchner wrote: Yes, assuming the users would not give up out of frustration before :-) We can actually do the math: According to [0], at the moment the Tor network has an advertised bandwidth of 3000 MiB/s. Let's assume that all Chinese relays

Re: [tor-relays] Notice of disruption of service

Hi Dennis, On Thu, Aug 16, 2012 at 03:07:39PM +0200, Dennis Ljungmark wrote: We are currently being exhorted by our ISP, Bahnhof for a huge amount of money due to excessive traffic in order to sign us up on a new contract. This should serve as a warning call for people who are using or

Re: [tor-relays] Help the Tor Project by running a fast unpublished bridge

On Wed, Aug 15, 2012 at 11:55:55AM +0800, Lorenz Kirchner wrote: I'm not a tor expert but I am in China and have been using tor... I brought this up before and I still feel that tor would benefit from having special (entry)relays inside the GFW that have a reliable link to relays outside the

Re: [tor-relays] Help the Tor Project by running a fast unpublished bridge

Hi Loz, On Wed, Aug 15, 2012 at 11:00:11PM +0800, Lorenz Kirchner wrote: I guess, that would require a modification of the path selection on the clients side. Usually, Tor clients randomly pick relays weighted by bandwidth. Unless the Chinese relays would provide an enormous amount of

Re: [tor-relays] Help the Tor Project by running a fast unpublished bridge

On Wed, Aug 15, 2012 at 11:42:08PM +0800, Lorenz Kirchner wrote: Perhaps it's better to focus on improved bridge distribution strategies [0] and hard-to-block transport protocols [1]. Also, that would be a universal solution which would also help in other countries and not a specific - and