[tor-talk] Problem with TransPort etc.
I am trying to route all traffic from one specific user on one machine on my LAN through Tor, but I am having difficulties. There is probably something I have neglected to configure. What is special with my setup is that I run Tor on one of my servers (debian). I would like to keep doing this. I am aware that my traffic is flowing in cleartext over my LAN. On this server, Tor is running fine, with the following in torrc: TransPort 10.x.x.x:19050 DNSPort 10.x.x.x:19053 VirtualAddrNetwork 10.192.0.0/10 10.x.x.x is that server's address on the LAN. 'netstat' shows that Tor is listening on these ports. On my client machine, I have created a user called 'torvm'. I have added these two iptables rules: # iptables -A OUTPUT -t nat -p tcp -m owner –-uid-owner torvm -j DNAT --to 10.x.x.x:19050 # iptables -A OUTPUT -t nat -p udp --dport 53 -mowner --uid-owner torvm -j DNAT --to 10.x.x.x:19053 The client is running Ubuntu. I doubt this is relevant at the moment. Now I test this setup on my client: $ w3m -dump_head www.sunet.se What happens is this: 1. The client sends the packets to the server on the correct address and port. This can be seen from a tcpdump trace [1]. 2. I do not get any output from my test command on the client. Without the iptables rules, I do get the expected output. 3. The Tor log shows a warning message: "getsockopt() failed: Protocol not available". I don't know if this is the root of the problem. Googling for this in relation to Tor does not show anything that seemed relevant. Nothing relevant shows up in syslog that is not also in Tor's log. I hope someone here can help me. I'm using Tor 0.2.3.13-alpha-dev (git-627c37ad6a06e3aa) // Anders [1] Trace of tcpdump on the server: IP client.domain.39585 > server.domain.19053: UDP, length 30 IP server.domain.19053 > client.domain.39585: UDP, length 30 IP client.domain.51077 > server.domain.19053: UDP, length 30 IP server.domain.19053 > client.domain.51077: UDP, length 30 IP server.domain.49591 > gateway.domain.domain: 6+ PTR? x.x.x.10.in-addr.arpa. (41) IP client.domain.58550 > server.domain.19053: UDP, length 43 IP server.domain.19053 > client.domain.58550: UDP, length 43 IP gateway.domain.domain > server.domain.49591: 6* 1/0/0 PTR client.domain. (76) IP client.domain.35406 > server.domain.19053: UDP, length 43 IP server.domain.19053 > client.domain.35406: UDP, length 43 IP server.domain.55162 > gateway.domain.domain: 33538+ PTR? x.x.x.10.in-addr.arpa. (41) IP client.domain.41624 > server.domain.19053: UDP, length 30 IP server.domain.19053 > client.domain.41624: UDP, length 46 IP gateway.domain.domain > server.domain.55162: 33538* 1/0/0 PTR gateway.domain. (75) IP client.domain.46034 > server.domain.19050: Flags [S], seq 3208505086, win 14600, options [mss 1460,sackOK,TS val 4208312 ecr 0,nop,wscale 7], length 0 IP server.domain.19050 > client.domain.46034: Flags [S.], seq 1175066879, ack 3208505087, win 5792, options [mss 1460,sackOK,TS val 13096141 ecr 4208312,nop,wscale 4], length 0 IP client.domain.46034 > server.domain.19050: Flags [.], ack 1, win 115, options [nop,nop,TS val 4208312 ecr 13096141], length 0 IP client.domain.46034 > server.domain.19050: Flags [P.], seq 1:233, ack 1, win 115, options [nop,nop,TS val 4208312 ecr 13096141], length 232 IP server.domain.19050 > client.domain.46034: Flags [.], ack 233, win 429, options [nop,nop,TS val 13096141 ecr 4208312], length 0 IP server.domain.19050 > client.domain.46034: Flags [R.], seq 1, ack 233, win 429, options [nop,nop,TS val 13096141 ecr 4208312], length 0 [2] Tor log: [info] evdns_server_callback(): Got a new DNS request! [info] evdns_server_callback(): None of the questions we got were ones we're willing to support. Sending NOTIMPL. [info] evdns_server_callback(): Got a new DNS request! [info] evdns_server_callback(): None of the questions we got were ones we're willing to support. Sending NOTIMPL. [info] evdns_server_callback(): Got a new DNS request! [info] evdns_server_callback(): None of the questions we got were ones we're willing to support. Sending NOTIMPL. [info] evdns_server_callback(): Got a new DNS request! [info] evdns_server_callback(): None of the questions we got were ones we're willing to support. Sending NOTIMPL. [info] evdns_server_callback(): Got a new DNS request! [debug] connection_add_impl(): new conn type Socks, socket -1, address 10.x.x.x, n_conns 7. [info] evdns_server_callback(): Passing request for [scrubbed] to rewrite_and_attach. [debug] connection_ap_handshake_rewrite_and_attach(): Client asked for [scrubbed]:0 [info] addressmap_rewrite(): Addressmap: rewriting [scrubbed] to [scrubbed] [info] evdns_server_callback(): Passed request for [scrubbed] to rewrite_and_attach_if_allowed. [debug] conn_read_callback(): socket 53 wants to read. [debug] connection_handle_listener_read(): Connection accepted on socket 12 (child of fd 53). [debug] connection_add_impl(): new conn type Socks, socket 12, address 10.x.x.x, n_conns 8. [debug] connect
Re: [tor-talk] How to protect a hidden service from DoS attacks?
On Fri, Mar 4, 2011 at 11:09 PM, wrote: > Is it even possible? Since everyone is your entry node's IP, if you block it, > no one will be able to connect to your service. > > Some people DoS hidden services to moderate you, making them unreadable. DoS on the "external" internet seems to be 99% overloading the server CPU that have badly written and bloated server-side scripts. To protect from this, don't use badly written and bloated server-side scripts. Depending on what you use the service for, you can try to rate-limit everything to something that is just above usable. I suppose this wouldn't tax your server CPU with unnecessary encryption. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] torrc consistency
On Wed, Mar 9, 2011 at 2:56 PM, wrote: > Seems that there are already kind of a convention in the way it is > written : > > - Lines starting with '## ' are descriptions of a block of items > - Lines starting with '#' are commented items. > - Items are in the form of 'Item value' > - Items sometimes have short descriptions/examples following them on the > same line, beginning by a # > > The last point is the one that lacks consistency. Sometimes items > descriptions/examples are on top of the concerned item, sometimes on the > same line, right after the item. > > That would make the job easier if there was a clear convention for this > file, and if it was applied correctly everywhere. > > What do you think? What would be the best way to write this file? Sounds to me that everything after a '#' is a comment, like in pretty much every other config file or scripting language. How can this be a problem? Why should Config::Model even bother about comments? Also, "if it was applied correctly everywhere" will obviously break if one allows the user to modify the file, and if the user modifications are valid syntax. It seems that I have missed something that you find important. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On Mon, Mar 21, 2011 at 4:32 AM, Ali-Reza Anghaie wrote: > I find it curious that ~credibility~ of tor is being called into > question by some. The source is readily available, the libraries it > compiles against are readily available, the change logs, code control > records, etc. are all readily available. Certain contributors to tor > have come under fire from various Governments and private > institutions. For bloody sin sake EVERYTHING has had Uncle Sam > involved in some variable way at this point. Linux, GCC, sendmail, > bind, etc. etc. > > FUD is an energy stealer and if you can afford that energy loss then > at least put it to good use auditing and tracking down bugs or any > backdoors you suppose. -Ali I think that it's more curious that someone used Tor and didn't know that it used to be a military research project. Like the internet. But to be honest, if you don't know anything about programming it doesn't matter that the source code is available, how are you supposed to check? Pay someone a ridiculous amount of money to check it for you? And there's no way to know how many independent programmers have validated the source code. In a scenario where the military actually would hide something in the source, all programmers working on the project would of course be in on it together. There are only a handful of them. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Iran cracks down on web dissident technology
On Mon, Mar 21, 2011 at 1:59 PM, Joe Btfsplk wrote: > I've never known Sam to get involved in, or fund something - especially like > this - * w/o wanting something in return.* Ever. WHETHER or not they make > known, to anyone, what they want or intend to do. It's been shown for over > 50 - 60 yrs (probably much longer) that even people in charge of entire govt > projects (or govt funded ones), often don't know the *full* extent of > what's being done w/ the research, technology, info, etc. If you want to > ignore history, go ahead. What they have gained with the Tor project, and I'm just brainstorming here because I'm from Sweden and don't know much about the internals of DoD, is this: They need a project like Tor as much as "we" do, if not more. They need ways to communicate with spies and dissidents located all over the world, they need a system that let their people do this without causing any suspicion. With Tor, they have such a tool, and the openess of the software and source code means that it's more thoroughly tested than they could ever have done in secret. It is likely that they have a highly modified version of Tor and that they are watching the Tor project very carefully as a research project to see the strengths and weaknesses with such a project. Planting backdoors in software like this is pretty useless and ineffective, because you can only use it once. As soon as you act on information received, there is a very big chance that the backdoor will be uncovered, Tor will lose all credibility, and no one will ever again use it for anything that the US would seem interesting. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] To Toggle, or not to Toggle: The End of Torbutton
On Tue, Apr 12, 2011 at 1:33 AM, Mike Perry wrote: > (blah blah) > The reason I am discussing this in so much detail here is because I > believe there is a chance that there are users out there who rely on > the toggle model and/or their OS Firefox build, and may be confused or > enraged by the new model. I'm asking this list to get an idea of how > many of those users there are, and to try to understand what the > overall costs of this sort of migration are. > > I also ask this because I am a heavy user of the toggle model myself, > and abandoning it is sort of a leap of faith for me, too. > > So can anyone bring up any specific issues that may be caused by the > change? I consider myself a rather technical user with a lot of knowledge about the pitfalls of using Tor and security products in general, and I'm scared shit whenever I want to use torbutton in firefox because I'm afraid I will forget to toggle it, or toggle it at the wrong time, or simply do anything wrong. I have created a separate firefox profile with torbutton always on, and one profile without it, and separating these is the only sane way. Thus, I can only agree to 100% that this is a good idea. The only problem I can come up with at 2 AM is that maintaining a separate firefox can be a little messy in various linux distributions unless you happen to have someone build a nice binary for you. I suppose most of the common distributions will be covered with a tor-repository and the minor distributions will generally have more knowledgable users so they can take care of the evenutal mess. // pipe ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] detecting harmful relays
On Wed, Jun 1, 2011 at 1:46 PM, wrote: > On Wed, Jun 01, 2011 at 05:31:41AM +, krak...@googlemail.com wrote 1.9K > bytes in 45 lines about: > : A few weeks ago, there was one that tried to give me a .bin file > : whenever I tried to visit a non-SSL website, but I haven't had a > : problem like that since. I always rejected the .bin file. > > I don't think this is a malicious relay, as I get these from time to > time as well. It only happens with firefox and only when going through > really busy exit relays. I think it's firefox misinterpreting a partial > stream of data as a binary file. Not to mention there are thousands of better and easier ways to run a malicious relay than to replace everyones data with unnamed binary downloads. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] help!!
On Sat, Aug 20, 2011 at 4:53 PM, Aditya Sharma wrote: > My university has blocked many sites that i think ought not to be blocked.. > This made me install the tor > At first it worked and would easily open the blocked sites but then after 2 > days the tor would not connect to its server as if the tor itself has been > blocked... > Please help me out of this problem. > Regards > Aditya If you're paying a tuition fee to your school, you could ask them what they are doing and why they are blocking the internet. Then demand that they open up the sites they have blocked. You should easily be able to get a lot of students to back you up. This would probably make your internet experience better than if you all install Tor. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] ISP surveillance.
They will know that you are using Tor, but not what you are doing with Tor. Check this nice overview: https://www.eff.org/pages/tor-and-https You can click the buttons and see what everyone knows about you. On Thu, Jul 24, 2014 at 7:24 PM, Marcos Eugenio Kehl wrote: > > > > Hello experts! > TAILS, running by usb stick, protect me against forensics tecnics in my pc. > Ok. > TOR, running as a client only or as a relay, protect (theoretically) my > privacy. Ok. > But... if my static IP, provided by my ISP, is under surveillance by a legal > requirement, what kind of data they can sniff? > > I mean, my connection looks like a simple HTTPS, or they know I am diving > into the Deep Web, "hacking the world"? Could the ISP capture the downloads > dropping into my pc when running TAILS? > If so, TOR Socks (proxy + TOR) is the pathway to deceive and blindfold my ISP? > > https://www.torproject.org/docs/proxychain.html.en > > Thanks. > > Marcos Kehl (Brazil) > > > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Why make bad-relays a closed mailing list?
And since it's not possible to do this right without any leaks due to software bugs, planted flaws and insiders, the only thing it will lead to is to make it impossible for the users to verify the decisions leading up to which servers are bad. The NSA will still get your precious warnings. On Thu, Jul 31, 2014 at 1:44 PM, wrote: > Actually... > > A bad-relays mailing list would IMO take a degree of care to do right, > considering that email gets gathered at the packet level by intelligence > agencies who are expected to be initiating attacks. Sensitive stuff would > belong as GPG or PGP emails or similar. Juicy details regarding bad-relays > discussion should be tighter than even a closed mailing list, is my thought. > > > > > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Cause of drops in network congestion on 2013-10-09 and 2014-06-06
Why do you think they belong to different groups? It's absolutely not obvious if the colorization is removed. All of your "groups" have a preceding slope indicating that something started before your limits, and they seem to be normal variations of a general down slope that started in 2013. On Fri, Aug 8, 2014 at 12:54 AM, Virgil Griffith wrote: > I've been looking through the various historical data from > metrics.torproject.org. > > If you plot the 'used bandwidth' divided by the 'advertised bandwidth' > (meant to be a rough measure of network congestion), you get three distinct > groups, seen here: > > http://dl.dropbox.com/u/3308162/three_groups.png > What happened on the dates 2013-10-09 and 2014-06-06 which could have > resulted in these striking drops in network congestion? > > -V > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
On Wed, Aug 13, 2014 at 12:06 PM, wrote: > If it's possible for the owner of a hidden service (whether the FBI or a > regular person) to install malware which grabs visitors' IPs, then what is > stopping any hidden service owner from doing this? Nothing is stopping a hidden service owner from doing anything that an operator on the open net can do. > Considering the number of individuals that must have visited the hidden > service, this doesn't seem to be very many people. Why were so few > identified? Were the 25 using outdated browsers (TBB)? > > How, in this case, was it possible for the FBI to learn the IP addresses of > visitors to this hidden service? The Tor hidden server page states that "In > general, the complete connection between client and hidden service consists > of 6 relays: 3 of them were picked by the client with the third being the > rendezvous point and the other 3 were picked by the hidden service." > > Can someone knowledgeable please explain how visitors to a Tor hidden > service can have their real IPs detected? AFAIK the malware used javascript to break the users' browsers. As someone who argues against using javascript in any context, I can only say "told you so", but that doesn't really help anyone. :) Because they managed to get in to the client browser, they could learn the real IP address and MAC address, they didn't learn this through Tor. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Wired Story on Uncovering Users of Hidden Services.
On Wed, Aug 13, 2014 at 11:56 PM, Aymeric Vitte wrote: >> As >> someone who argues against using javascript in any context, I can only >> say "told you so", but that doesn't really help anyone. :) > > No and you are wrong >From >https://lists.torproject.org/pipermail/tor-announce/2013-August/89.html "An attack that exploits a Firefox vulnerability in JavaScript has been observed in the wild." People who didn't allow javascript were safe. >> Because they managed to get in to the client browser, they could learn >> the real IP address and MAC address > > and the color of your shirt Why are you so defensive? Is it your code they broke? They could learn the color of my shirt if the browser user has access to a webcam, which is not uncommon. This is however highly irrelevant. >> , they didn't learn this through >> Tor. > > Are you serious in your answer? Very much so. If you don't believe me, then maybe you'll believe these sources: https://lists.torproject.org/pipermail/tor-announce/2013-August/89.html https://www.mozilla.org/security/announce/2013/mfsa2013-53.html Nothing was exploited through Tor. In fact, they couldn't find out who was using the server *because* people used Tor. So they had to resort to javascript exploits. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Pattern In Tor Addresses
On Fri, Aug 15, 2014 at 5:07 AM, Ben Healey wrote: > Below is they address changed into numbers. > Letters changed into numbers starting with a-1 through z-26. > The numbers are the numbers 1.2.3.. > > I then added all them together. > > Then divided the totals by 2. > > Results: > - > 8 2 4 2 13 23 19 20 18 6 11 12 2 19 9 6174 /2 87 /2 43.5 > 2 7 9 3 2 7 7 8 21 8 18 5 7 2 4 4 114 /2 57 /2 28.5 > 26 17 11 20 8 3 21 9 13 22 24 7 12 6 18 9 226 /2 113 /2 56.5 > 16 7 10 1 6 3 6 26 15 5 1 18 10 15 6 9 154 /2 77 /2 38.5 > 5 8 1 2 11 8 14 20 17 10 4 20 3 11 10 17 161 /2 80.5 > 11 4 10 13 4 5 3 3 16 14 19 6 5 4 3 3 123 /2 61.5 > 2 7 9 3 2 7 7 8 21 8 18 5 7 2 4 4 114 /2 57 /2 28.5 > 2 12 3 10 7 3 20 1 12 21 8 23 9 4 24 5 164 /2 82 /2 41 /2 20.5 > > They all seem to at some point end in a half number??? I continued on your research to see if I could find a pattern, and I found something very interesting. I took all the numbers you found, put them next to each other, like "8 2 4 ... 2 7 9 3 ... 4 24 5". Then I removed the duplicates and sorted this list so I got them in a better order, like "1 2 ... 24 26". If I print a line for every number which has the same width as the actual number, I got a triangle like this: 1: # 2: ## 3: ### 4: 5: # 6: ## ... Just like the triangle associated with the Illuminati. I think the Tor developers have a lot to explain here. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Help test a new RBG
> We have placed MKRAND - A Digital Random Bit Generator, on GitHub, and it > would be helpful to receive some feedback regarding its potential use in > the TOR project. What benefit would it give? What would it replace? This seems to me to solve a problem that has already solved, but in an obfuscated way filled with new age buzzwords. "Syntropic Randomness is a co-creative act between Man, Machine, and Universe." - exactly how high do you have to be to write such things? > This RBG does not use mathematical methods, and thus does not suffer from > wraparound issues or dependency on ALU architectures. Has this ever been an issue? You mention dependency on ALU architectures while still talking about clock cycles in your comments - are these some kind of virtual clock cycles then? > The RBG can be considered alpha-quality at this stage and is not ready for > production use, however it is appropriate for research into new kinds of > obfuscation protocols and key generation schemes. what kind of obfuscation protocols? Yeah, I think a paper is necessary here.. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Third-parties tracking me on Tor
> After using Tor for some years I realized that third-parties can determine > what sites I visit when watching my internet activity. What do you mean by third-parties? > When I visit hidden services how can they know what site it is or know what > site I visit that's not on Tor? Why do you think they know? > How did they know I was using TorMail when it was available and the content > of the e-mail I sent? Who are "they"? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TOR tried to take a snapshot of my screen
On Mon, Aug 25, 2014 at 8:22 PM, wrote: > I did a new upload to a popular JPG hosting service. Here they are: > http://i.imgur.com/QAKp7k1.jpg (Zemana log) > http://i.imgur.com/nJkCQJp.jpg (Zemana version) > http://i.imgur.com/06ZW0IK.jpg > http://i.imgur.com/XsbpQ4X.jpg > http://i.imgur.com/eikxgpe.jpg > http://i.imgur.com/jWjAq5N.jpg > http://i.imgur.com/iuqltM0.jpg > http://i.imgur.com/01cuLYd.jpg > http://i.imgur.com/ijnZwGs.jpg Seriously, you're running Tor in a 12 year operating system that haven't seen any security updates for several months, and you blame it on Tor? If you think Tor is shady because it's received government funding, you should perhaps investigate Microsoft's deals with the NSA. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Copyright troll trying to shake down a Pirate Party member
On Fri, Aug 29, 2014 at 3:44 PM, Sebastian Mäki wrote: > Someone had been downloading a torrent "This Ain't Game Of Thrones > XXX" via TOR or my wireless network. The law firm Hedman Partners, who > represent Hustler in Finland seemed to have made the assumption that > it's ok hustle some money from me based on the IP-address alone. Hi! You mention in the letter that you reported the threat to the police. How did they respond? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] ICANN and .onion
A few years ago, ICANN started to accept suggestions for new top-level domain names. A friend recently posted a .onion link to me, and it made me realize that there might be a big problem if a company or organization other than Tor actually registered .onion and made it work in any browser. 1) Has there been any discussions regarding the severity of the problem if it should eventually happen? If so, are the discussions or the result of them available online for reading? 2) Has Tor applied to ICANN about the .onion domain, or discussed the pro and con of doing this? I have been out of the Tor loop for a couple of years, so I'm sorry if this topic has come up in previous discussions - regardless, I could not find an answer. // Anders -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] ICANN and .onion
On Mon, May 19, 2014 at 7:06 AM, grarpamp wrote: > Users leaking dns / failing to redirect dns into tor is not a tor problem. > I think that's a rather arrogant point of view. If it was not a Tor problem, .onion would not be needed in the first place. Tor developers do seem to work hard on making it difficult for a user to accidentally leak information, so simply saying that users "failing to redirect dns into tor is not a tor problem" is a little counterproductive. If someone would register .onion I see two problems: 1) A malevolent registrar could redirect all .onion lookups to their own proxy, essentially routing all "hidden" traffic through their own machine. At the moment, clicking a .onion link means that it either routes through Tor, or it fails loudly: there's no risk clicking such a link. This behaviour would change to something that either routes through Tor and you're safe, or you think it routes through Tor but it's actually decoded by a third part. I think that's a usability issue, and not something that should simply be ignored. Maybe it's not something that can easily be solved, but that is why there must be a discussion about it. Maybe the only solution is to strongly warn users. 2) Useful websites could actually pop up under .onion, making a plugin that takes over that domain seem intrusive and less attractive. This is less of a problem I think. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Ad Blocking Software
On Mon, Jun 9, 2014 at 9:18 PM, Antonio Z wrote: > I understand that it is not necessary, but I believe that making your > own ad blocking software would bring more people to tor. It does not > even have to come with the bundle. It could just be an optional add on > called, Tor Ad blocker. > > Inappropriate ads are the main reason why I would just shift back to a > browser in which I can maneuver easier. What's wrong with any of the ad blockers already out there, like, adblock? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Running an exit node which exits on a different IP than it listens to
I have been sorting through my mailbox the last few days and stumbled upon an email from 2012, from this mailing list. A worried user got a false negative from check.torproject.org because an exit relay sent exit traffic out on an IP that's different from what was advertised. However, this made me think that it is perhaps not such a bad idea if more exit relays did that, even slower ones. I have access to a couple of IP numbers that I could easily configure in this way. Basically: Use one IP for Tor traffic, and one IP for exit traffic. The Tor traffic IP:Port is what would be advertised to the Tor network, and only that. The reason would be to minimize the chances of the exit IP ending up in some overzealous blacklist. I'm pretty sure that a lot of the blacklist operators just scrape the public list of relays and then they end up in a lot of places where the customer is not even aware what is being blocked. This is painfully obvious to people running a non-exit relay from home, when trying to use IRC or other services. Is this a good idea to do if you have the resources? Will it cause any non-obvious problems? I guess one problem is that check.torproject.org will show that you're not using Tor, unless it's been modified since 2012 to check this in another way. I'm not sure if I'm making myself clear here, please ask me to clarify if this is the case. // Anders -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
Unfortunately he doesn't seem to want to take this further, so the ruling will stand. It's his choice, but it could be a very bad deterrent to other potential exit node operators in Austria. On Wed, Jul 2, 2014 at 10:54 PM, Moritz Bartl wrote: > On 07/02/2014 12:42 AM, ba...@clovermail.net wrote: >> There are little details on this case: >> https://network23.org/blackoutaustria/2014/07/01/to-whom-it-may-concern-english-version/ >> >> >> Does the Tor project has a defense support fund or a list of committed >> pro bono lawyers in different countries for such cases? > > If any Tor operator has any trouble, please contact Tor and > Torservers.net immediately so we help. > > This particular case went bad because of multiple reasons. We strongly > believe that it can be easily challenged. While certainly shocking, > lower court ruling should not be taken too seriously, and this won't > necessarily mean that all Tor relays in Austria are now automatically > illegal. The ruling only happened two days ago, there is no written > statement from the court yet, so we should all be patient and wait for > that before we make any assumptions. We will definitely try and find > some legal expert in Austria and see what we can do to fight this. > > -- > Moritz Bartl > https://www.torservers.net/ > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On Thu, Jul 3, 2014 at 5:53 AM, Moritz Bartl wrote: > On 07/02/2014 11:00 PM, Anders Andersson wrote: >> Unfortunately he doesn't seem to want to take this further, so the >> ruling will stand. It's his choice, but it could be a very bad >> deterrent to other potential exit node operators in Austria. > > We are in contact with William, and quite possibly there is the option > of following this further with another Austrian operator who > self-reports himself, with our help. Please everyone give us time to > look into this together with some lawyers. Thank you! That's amazing! I'm quite sure that the support you get from the Tor community when running an exit node really helps in giving people the courage to do so. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Exit Operator convicted in Austrian lower court
On Tue, Jul 8, 2014 at 2:32 AM, Joe Btfsplk wrote: > On 7/7/2014 6:04 PM, I wrote: >> As for freedom of speech Australia has none legislated and does have >> severe laws against sedition. >> What other developed country can match that for discouraging speech? > > Well, 'Stralia is a penal colony, after all. :D They have to keep all the > prisoners on a short leash. > Aussies don't have "freedom of speech" guaranteed in their constitution (or > the equivalent)? Did I miss the discussions when this changed from Austria to Australia? Those two countries are bound to have very different legal systems. I'm not sure Australia is on-topic for this thread. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor Project is sued
Wait.. what.. He's suing Tor because it's possible to reach a clearnet website through Tor2web? Talk about publicity stunt. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Letsencrypt and Tor Hidden Services
On Wed, Aug 19, 2015 at 8:43 PM, Alec Muffett wrote: > > Hi, I'm Alec, and I am co-author of the Onion RFC draft with Jacob Appelbaum. > > Reports of the bogging-down have been greatly exaggerated, and I wish people > would stop repeating them. > > The status of the Onion RFC draft is viewable at: > > https://datatracker.ietf.org/doc/draft-ietf-dnsop-onion-tld/ > > ...and this afternoon I created some amendments to the draft to address IETF > and IANA concerns, and have circulated them amongst the team (me, Jake, Mark) > to see if I've goofed. > > We will merge them, soon, in good time for the next review. > > In the most recent review IANA in particular were very helpful, offering to > rewrite some of their stuff in order to make it abundantly clear to > CA/B-Forum that: > > 1) onion will be a special case > 2) onion should never be delegated > 3) but nonetheless SSL certificates should be issued for it > > ...which proactively addresses a concern from a few months back re: whether > CA/B-Forum would nitpick a "Special Use" designation. > > TL;DR - we are not past the finish line yet, and there is work to be done and > challenge, but we're not down nor are we out. > -- > Alec Muffett > Security Infrastructure > Facebook Engineering > London Just wanted to thank you for this work, I hope you succeed! / Anders -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] What's to be Done
On Mon, Aug 24, 2015 at 10:08 AM, Apple Apple wrote: > The problem is most users and developers (including the likes of Linus) do > not care at all about security but will hit the roof in rage if the system > is 0.1% slower or this buggy 30 year old Unix application does not work > anymore. > > Is it realistic to incorporate real security into such a mainstream distro > Debian or do we need to build/ fork a separate distro? There's a lot of hyperbole here. Do you have anything to back this up? Did someone actually try to improve the security but had to back down? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] IBM says Block Tor
I couldn't find what they mean with "the Netherlands is home to the largest number of non-malicious and malicious nodes combined" in Figure 1 on page 8. What differentiate a "malicious node" from a "non-malicious node"? Otherwise it wasn't that bad, but the last paragraph is quite offensive: "In general, networks should be configured to deny access to websites such as www.torproject.org" On Thu, Aug 27, 2015 at 12:51 AM, grarpamp wrote: > http://public.dhe.ibm.com/common/ssi/ecm/wg/en/wgl03086usen/WGL03086USEN.PDF > > IBM Advises Businesses To Block Tor > > With Tor-based attacks on the rise, IBM says it's time to stop Tor in > the enterprise. > > New data from IBM's X-Force research team shows steady increase in SQL > injection and distributed denial-of-service attacks as well as > vulnerability reconnaissance activity via the Tor anonymizing service. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] IBM says Block Tor
On Thu, Aug 27, 2015 at 8:08 AM, CJ wrote: > > People using Tor for "bad things" just don't realize how they fuck up > the whole thing. Not even mentioning "weird contents", just the script > kiddies running metasploit/other through Tor. If the realize or not is irrelevant. They don't care about Tor, most people don't. They will of course use Tor for whatever purpose they want, as long as they can do it. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] New Ahmia search released
On Sun, Jan 3, 2016 at 5:52 PM, Nurmi, Juha wrote: > I released refactored new version of Ahmia search engine :) > > It's not finished yet but the main parts are working. Be patient, it's far > from perfect. It has some performance issues etc. Seems to work well, except for the annoying "Unfortunately we have not deployd non-JavaScript version of Ahmia yet." message which doesn't seem to actually do anything. :) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Metrics shows drop of users
On Tue, Jan 5, 2016 at 8:50 AM, Chris & Julie Forever wrote: > Well, if they've had the kind of luck that i've had with the tor nework:; > then they've made "quiting the tor net", their New Years " resolution". As > I have. Is it addictive? Why can't you just quit using it? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Escape NSA just to enter commercial surveillance?
On Fri, Jan 15, 2016 at 9:11 PM, juan wrote: > something considered a 'crime' by the criminal mafia knonw as > 'government' - and yet the identity of those people isn't > compromised. I'm sorry, but it's difficult to take you seriously. If you actually want anyone to take your words seriously and in the long run effect a change, you need to start working on your debating skills. Find sources that backs up your standpoints. Don't go into needless rants. Those sorts of things. On the other hand, if you want to look like a screaming child with no other agenda than wanting to be at the center of attention, you're doing a good job. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Danish data retention on steroids
On Fri, Jan 29, 2016 at 4:57 PM, Niels Elgaard Larsen wrote: > I come from a meeting in the Danish ministry of Justice this afternoon, Why? :) > 3. How many Danish Tor nodes in a circuit would you be comfortable with? I can assure you that a lot of countries will have worse data logging place, the main difference being that making it official makes it easier for a bad guy to get hold of. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Is it possible to use Tor without showing a Tor IP to the destination?
On Sun, Feb 21, 2016 at 7:17 PM, Scfith Rise up wrote: > I can point you in a direction that I took to accomplish this without having > to resort to a third party VPN. I am running my own VPN from a VPS and added > it to my proxychains file. Here is the github for proxychains-ng that I > highly recommend. This setup accomplishes what you ask, a list of ip > addresses that it chains through to the final destination. Your tor > connection can be one of them or not as you wish. Enjoy. So basically they see that someone signs up using the VPS that you've paid for using your real name and account? Why do you even use Tor to connect to the VPS? If they want to know who's behind the account they'll just send a threatening enough letter to the VPS owner. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Is it possible to use Tor without showing a Tor IP to the destination?
On Sun, Feb 21, 2016 at 9:30 PM, Scfith Rise up wrote: > Mr. Andersson is assuming a lot. There are definitely tried and true methods > to make purchases online and setup identities for these types of things. At > the end of the day, yes the VPS provider is the weakest link. But you can use > one that has no logs, carries a warrant canary, etc. and you can burn your > VPS IP address as often as you need or spin up new ones as often as you need > too. This is just one of many approaches and requires you to know what you > are doing in locking down the VPS besides knowing how to buy it the right > way, etc. All of this boils down to a single point of failure: You have to trust your VPS. "Has no logs" - you don't know that. "Burn your VPS IP" - All IP<->VPS history might be logged. "Spin up new ones" - from the outside this is exactly like changing the IP, you have to trust that the VPS provider does not keep the logs. However, if you do manage to get an anonymous VPS, I agree that it is beneficial to only connect to it through Tor if you want it to remain anonymous. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB users, please give 1 minute of your time for science
On 25 April 2017 at 13:12, Lolint wrote: > I've been making those tests on your website multiple times with the TBB but > most of the > time I get a unique fingerprint even when re-doing the test at different > times with the same > browser. This is something worth pointing out. How does the current browser-identification websites handle that? If you always show up as "unique", even when returning, it means that you are not really that unique or identifiable after all. This also applies if you end up in small groups. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor and PCP (Port Control Protocol)
Since my ISP implements carrier-grade NAT[1] (with an opt-out system) I read a little about it and found something called the "Port Control Protocol"[2] (PCP). Unless I am mistaken, and *if* my ISP implements it, it seems that it could enable me to run a Tor relay on one of the shared IP numbers. From what I understand it would make it possible for me to send a message to my ISPs router saying something like "I want an external port bound to this ip:port on my network", and it would either assign a port on the external IP and return it to me, or deny the request. If accepted, I could have my Tor announce that external ip:port and everything should work as expected. Now, before I dig in to this, I wonder if someone else has experience with it? Any flaws with this hypothetical setup? [1]: https://en.wikipedia.org/wiki/Carrier-grade_NAT [2]:https://en.wikipedia.org/wiki/Port_Control_Protocol -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor ban discussion at Russian state Duma
On Wed, Jul 5, 2017 at 1:35 PM, Leonid Evdokimov wrote: > On Tue, Jun 27, 2017 at 02:37:02PM +0300, Leonid Evdokimov wrote: > > there is ~120 days gap after 3rd draft approval before Tor being > outlawed. > > Small update. I consider that statement it technically wrong now :) > > Russian Federal Tax Service (the one that banned www.google.ru for a > couple of hours) got sort of a right to ban websites distributing > network censorship circumvention tools if the tools can be used to > access illegal gambling sites. > Could you elaborate on "sort of a right"? From your summary it seems that they do have the right to ban for example https://www.torproject.org/ but running a Tor exit node or using Tor should be safe? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Mimix, an operating system inside the main OS
On Thu, Nov 9, 2017 at 11:23 PM, George wrote: > Franps: >> https://www.networkworld.com/article/3236064/servers/minix-the-most-popular-os-in-the-world-thanks-to-intel.amp.html >> >> You might not know it, but inside your Intel system, you have an >> operating system running in addition to your main OS, MINIX. And it’s >> raising eyebrows and concerns > > Without question, the revelations about Intel ME are shocking. Sort of > like we've known has existed on smart phones for a long while. > > The article seems to note that it's only an issue for the "last few > years" when I believe it's been found as far back as the Thinkpad x200 > (~year 2000), at least. Not sure how "shocking" this is. The people behind libreboot has been trying to inform about this for a long time: https://libreboot.org/faq.html#intel https://libreboot.org/faq.html#amd But obviously they are tinfoil-wearing conspiracy theorists, right? This is what has stopped me from spending any money on a new CPU from Intel or AMD the past years. Sadly, I don't have a practical alternative right now. Even though some shady "fixes" exists, I prefer to vote with my wallet. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Curious about the Zwiebelfreunde incident - are there any updates?
I recently went through the mailing list archive to catch up on events in the Tor world, and one thing that worried me a lot was the June 20 police raid on Zwiebelfreunde[1]. According to the blog entry, the initial request for returning the equipment was denied. Are there any further updates to the case that you can share to those of us who are overly curious? [1] https://blog.torservers.net/20180704/coordinated-raids-of-zwiebelfreunde-at-various-locations-in-germany.html -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [New report] Uganda's Social Media Tax through the lens of network measurements
On Mon, Nov 12, 2018 at 1:09 PM Maria Xynou wrote: > As of 1st July 2018, Uganda has introduced a new OTT (Over The Top) tax > - commonly referred to as the Social Media Tax - which requires people > in Uganda to pay taxes to the government in order to access several > online social media platforms. Unless this tax is paid, access to these > specific social media platforms is blocked. > ... > * Ugandan ISPs primarily implement internet censorship by means of HTTP > blocking, resetting connections to taxed and banned sites. > I don't understand how they figure out who to block. Do the government really keep a detailed register that the ISPs must synchronize with their customer database? Sounds like a lot of overhead. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tor project website change
On Wed, Apr 3, 2019 at 10:47 AM grarpamp wrote: > Anyhow... > > The last actual use case warning or disclaimer on torproject.org > was removed by or on October 10 2010. Some historical bisects.. > > Site v1 > first, domain 1998-01-29 > http://web.archive.org/web/19981212031609/http://www.onion-router.net/ > > same content actually to "circa" 2006 > http://web.archive.org/web/20061023145713/http://www.onion-router.net/ > > http://web.archive.org/web/20130120133213/http://www.onion-router.net/ > except for the gov diff > http://web.archive.org/web/20130420093515/http://www.onion-router.net/ > > curr > http://web.archive.org/web/20190228035625/http://www.onion-router.net/ > > Site v2 > first, domain 2006-10-17 > http://web.archive.org/web/20071011223019/http://www.torproject.org/ > last > http://web.archive.org/web/20101003133226/http://www.torproject.org/ > > Site v3 > first > http://web.archive.org/web/20101010191937/http://www.torproject.org/ > last > http://web.archive.org/web/20190326100059/https://www.torproject.org/ > > Site v4 > first > http://web.archive.org/web/20190327033924/https://www.torproject.org/ Thanks for these links! Amazing how much better the initial v1 site looks compared to the later versions. Web 2.0 and 3.0 was really a step back in usability from the actual *WEB* of hyperlinks. Today every website looks like an advertisement meant to be viewed in the couch on your iPad, carefully planned so that you have to scroll through the content. Gotta get those "user engagement" advertisement revenue statistics. Too bad it has spread to a lot of open source projects. I have a difficult time trusting the sincerity of a project that needs to overwhelm me with catchy slogans the first thing they do, without even linking to the details. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] How can an external observer detect if a malicious relay does excessive logging?
Having had little luck with my question posted on tor.stackexchange.com[1] I will try here, perhaps there are more "eyes" on the mailing list. Under "Criteria for rejecting bad relays" on the Network Health Team's wiki[2] there is a list of things that makes a relay be "malicious". Everything there seems possible to find out (with some effort) except this: "- Excessive logging (over notice) during normal operation" I've tried to figure out how this can be probed from the outside, but can't come up with anything realistic. How can it be probed? [1] https://tor.stackexchange.com/questions/22430/how-can-an-external-observer-detect-if-a-malicious-relay-does-excessive-logging [2] https://gitlab.torproject.org/tpo/network-health/team/-/wikis/Criteria-for-rejecting-bad-relays -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
