Re: Is this a Tor exit node connecting to me?
On 2007-3-25 2:32 CST(UTC+8), Joseph B. Kowalski wrote: So anyways, I have implemented a Tor DNSBL server interface. The address of the DNSBL is tor.dnsbl.nighteffect.us. Cool! Here are some details on how to use it: == The DNSBL server responds to two different types of 'A' record queries: 1) The first type is to simply provide an answer as to whether a given IP is an active Tor server or not. So, assuming the DNSBL domain name is 'tor.dnsbl.nighteffect.us', and you want to check if IP '1.2.3.4' is a Tor server, you would send the following 'A' record query: 4.3.2.1.tor.dnsbl.nighteffect.us Note that the octets of the IP address have been reversed, like a PTR record, only this is an 'A' request. If '1.2.3.4' is an active Tor server, the DNSBL server will respond with a '127.0.0.2' 'A' record. If '1.2.3.4' is NOT an active Tor server, the DNSBL server will respond with a 'Non-Existent Domain (NXDOMAIN)' error. A small issue. When I query the DNSBL server for my slow, middleman only (reject *:*) server, it returns 127.0.0.2. Is it a good idea to include non-exit Tor servers in this list? Hanru
Re[2]: Ultimate solution
JT, I wrote Torpark, so let me respond to your points. 1) Torpark is only for windows at the moment, it will be available for Mac and Linux shortly. 2) Torpark is not commercial, it is totally free and open source. We simply offer an upgrade to get higher speeds than the tor network can provide. 3) The fact that trust isn't distributed is a positive, not a negative, because you don't have to trust everyone with your outgoing plaintext traffic. We have independent security auditors make sure our admins are not tracking anyone or doing anything malicious. However, we are using a distributed trust internally, so if anyone comes asking for customer info, they won't get them without NSA letters to all our associates in all our jurisdictions. And naurally, free users of torpark we don't have any records of anyway. 4) The online tutorial is only a video for streaming. Perhaps you would prefer to download the 25mb file directly? Or perhaps you know of a way to stream video without using scripting? I'll be happy to listen. 5) Offshore from the USA, UK, etc. We have servers in Germany, Malaysia, and some other hidden places. Currently none in the USA or UK, etc. Unfortunately, it is better to not tell you specifically where they are because that makes it much harder for agencies to attempt to subpoena/court order. If they are guessing jurisdictions, we are all happier. Bottom line is place faith in audits. Further, Torrify is formed as an offshore corp in the country of Saint Kitts, so it is not subject to US laws, only those of UK Commonwealth and the UN. 6) http://www.hacktivismo.com Regarding commercial anonymity, you will eventually realize that it is the only way to go for high speed and low latency, otherwise the network will be abused and suffer the tragedy of the commons. Further, the browser is entirely capable of having no flash, java, javascript, plugins, and all of those are blocked by default. And lastly, TORPARK IS FREE. It just isn't released under the GPL, it is released under the TESLA license, which is similar to the HESSLA license. Because the way it is written GPL can have malware inserted, the TESLA makes a legally actionable violation if malware is inserted. With such sensitive project, I insist that people are not legally able to abuse it. http://www.torrify.com/tesla.html Regards, Steve Topletz
Re: Re[2]: Ultimate solution
Quoth Kasimir Gabert [EMAIL PROTECTED], on 2007-03-25 09:26:09 -0600: [quoting another level] · So long as You do not subvert or infringe the freedoms of end-users by doing so, Who determines what qualifies as subverting or infringing the freedoms of end-users? You have the freedom to change the software or to use parts of it in new Programs; However, these softwares are not allowed to be modified to use any commercial proxy or connectivity service or product other than those offered by Torrify LLC or the Tor Project, without written permission of Torrify LLC. And this is, I gather, derived from the idea of you may not start up a competing service using a modified version of this software. I will remain deliberately silent on the question of whether this is justified, but nonetheless, that clause is non-free in the extreme. So no, if the above clauses are part of the license in the context in which they were indicated in the previous message, then Torpark is not free software. --- Drake Wilson signature.asc Description: Digital signature
Re: Re[2]: Ultimate solution
On Sun, Mar 25, 2007 at 09:26:09AM -0600, Kasimir Gabert wrote: [...] ? So long as You do not subvert or infringe the freedoms of end-users by doing so, You have the freedom to change the software or to use parts of it in new Programs; However, these softwares are not allowed to be modified to use any commercial proxy or connectivity service or product other than those offered by Torrify LLC or the Tor Project, without written permission of Torrify LLC. [...] Sounds rather free to me... When free software people ask is a license free? they usually are asking whether it conforms to the Debian Free Software Guidelines or the Open Source Definition. I'm no lawyer, but the term in the license above seems like a clear violation of the Debian Free Software Guidelines to me. In particular, it violates guideline 5 (No Discrimination Against Persons or Groups) and possibly guideline 6 (No Discrimination Against Fields of Endeavor). The restriction on what you can modify it to do seems to controvert guideline 2 (Derived Works), . These same requirements appear in the Open Source Definition. Thus, the license is neither a Free Software license nor an Open Source license, unless you mean free-as-in-beer. I won't touch on the other issues here. cheers, -- Nick pgpBoLsR6i5uO.pgp Description: PGP signature
Re[4]: Ultimate solution
Nick, You are right. We don't allow governments to subvert our software, commercial competitors, or people to install spyware and redistributed that way. Saying free and open-source software isn't Free and Open Source is giving in to a combination of semantics and snobbery of licensing. It isn't as though any organization owns the definition of Free and Open Source and has the authority to pin it down to their specific hoops we must jump through, nor should anyone assume we have. The source is totally free, and that isn't Free but free, _except_ I don't allow for other commercial services to rip it off and use it for their personal gain since I am giving it away to the public, and you can't install tracking/spyware/malware in it and then redistribute it. Those are pretty much the only restrictions. Perhaps GPL fanatics think I owe it to spyware manufacturers, or I need to give away my intellectual property to every 3rd-rate commercial anonymity service? The bottom line is, everyone benefits by these restrictions, except for malware manufacturers and commercial anonymity services. I'm no lawyer, but the term in the license above seems like a clear violation of the Debian Free Software Guidelines to me. I think your software is a pretty clear violation of the TESLA license because you specifically allow spyware and malware to be inserted into your software due to your licensing terms, but then again, you didn't release yours under TESLA, and nor am I required to conform to DFSG. Because I've seen the light of an ethical software license agreement, I no longer give much credence to Open-Source definition or Free according to hoyle or DFSG. But it definitely is a balance that must be struck. Tor probably has a good license, even if it isn't 3 clause BSD, because it is straight up difficult to use for the average user. But Torpark is too easy for conforming to those definitions, because with convenience it makes to a little too easy for malware and snoopers to reach users because users no longer have to have a techinical understanding or perform due dilligence on their software, so we have to provide some protection for them. The TESLA license is just that. To be quite clear, I am enamoured by the HESSLA. http://www.hacktivismo.com/about/hessla.php Regards, Steve
Re: Re[2]: Ultimate solution
This non-commercial clause prevents it from being Free and Open as the OSI and FSF define it. Metasploit 3 has a similar license. TorPark is still free as in beer, its just not Free as in speech. You can grumble all you like about it, but at the end of the day, its still their time and effort going into the project. Sometimes, a less free license is required to keep your developers happy. I wrote up some slides about this (as it relates to security software): http://metasploit.com/confs/fosdem/economics.pdf -HD On Sunday 25 March 2007 10:26, Kasimir Gabert wrote: · So long as You do not subvert or infringe the freedoms of end-users by doing so, You have the freedom to change the software or to use parts of it in new Programs; However, these softwares are not allowed to be modified to use any commercial proxy or connectivity service or product other than those offered by Torrify LLC or the Tor Project, without written permission of Torrify LLC.
Re: Free Software and Torpark (was: Ultimate solution)
Arrakis [EMAIL PROTECTED] wrote: Saying free and open-source software isn't Free and Open Source is giving in to a combination of semantics and snobbery of licensing. The terms free software and open source software have been around for a while and so has there meaning. No one said Torpark wasn't delivered free of charge or that its source wasn't open for review. Torpark's license just doesn't give the user enough rights to call Torpark either free software or open source software without causing confusion, raised eyebrows or being laughed at. The source is totally free, and that isn't Free but free, _except_ I don't allow for other commercial services to rip it off and use it for their personal gain since I am giving it away to the public, and you can't install tracking/spyware/malware in it and then redistribute it. So it's totally free, except that it isn't. You're also not giving it away to the public, you're only giving it to those parts of the public you don't discriminate against. Those are pretty much the only restrictions. Perhaps GPL fanatics think I owe it to spyware manufacturers, or I need to give away my intellectual property to every 3rd-rate commercial anonymity service? The bottom line is, everyone benefits by these restrictions, except for malware manufacturers and commercial anonymity services. ... and the people who currently don't use Torpark because it isn't free software and the people who don't care about Torpark itself but would appreciate it if the term free software wouldn't be watered down. Fabian signature.asc Description: PGP signature
Re: Ultimate solution
In my experience many users will, and do, go out of their way to circumvent their own protection unless very aware of the consequences, and sometimes even then. If they really want to see that funny flash animation on a certain site, they will find a way to do it and then often forget to undo the changes they made there by leaving they selves vulnerable. There are some aspects of Flash, Javascript, etc, that are safe, and do not reveal any information. There are other aspects that are unsafe. This gets back to the whole issue I raised earlier, in another thread. Why try to sell people on OK, but you need to use a completely stripped down browser that can't display most modern sites at all because all scripting systems are disabled? Why not use a security manager model, where the browser commands are verified by a separate security manager, configured by the user? Then Tor can just distribute a security manager file. This would require some sort of system for I'm the browser, this is the file I just downloaded, tell me what I can safely execute. I'm the javascript parser, this is what I've just parsed and written via document.write but not yet executed. Tell me what I can safely execute. I'm the browser, this is the full document after fetching all the embedded references. I know I've asked you on each of those parts separately, now here's the whole shebang. Tell me what I can safely execute. Etc. The whole Because some aspect of Flash can kill you, all of flash must be junked approach won't work. That's like saying, Because Java could contain an unsafe program, no Java can be used. Sun designed a security manager system into Java specifically to deal with that concern. If the default security manager isn't good enough -- if the default SM permits unproxied connections, for example -- then we need a new SM that does not permit unproxied connections, or forces them to become proxied without the code realizing it. Java does permit changing the SM, doesn't it? Why not implement one for the rest of the browsing experience?
Re: Is this a Tor exit node connecting to me?
On Sun, 25 Mar 2007, Joseph B. Kowalski wrote: On Sun, 25 Mar 2007 03:20:10 -0700 Pei Hanru [EMAIL PROTECTED] wrote: A small issue. When I query the DNSBL server for my slow, middleman only (reject *:*) server, it returns 127.0.0.2. Is it a good idea to include non-exit Tor servers in this list? Yes, since when you are performing the first type of query, you are simply asking whether an IP address is an active Tor server or not, of any kind. Now, if anyone wanted to see if your Tor server would exit to their location or not, they could perform the second type of query (See my original post for details on the two query types, if necessary), which, in your case, would always return NXDOMAIN since you don't allow any exiting. Please consider returning a different A record for the first query type to allow differentiation between exit nodes and middlemen. Returning 127.0.0.2 for exit nodes and 127.0.0.3 for middleman nodes will allow sendmail dnsbl configurations to easily do the 'right' thing. thanks! matto [EMAIL PROTECTED]darwin Moral indignation is a technique to endow the idiot with dignity. - Marshall McLuhan
Re[2]: Free Software and Torpark (was: Ultimate solution)
Fabian et al, The terms free software and open source software have been around for a while and so has there meaning. No one said Torpark wasn't delivered free of charge or that its source wasn't open for review. Torpark's license just doesn't give the user enough rights to call Torpark either free software or open source software without causing confusion, raised eyebrows or being laughed at. Let us not be ambigious about the users you are talking about. The specific users you are talking about are limited by definition to only be the ones wanting to modify it to include malware/trojans, or someone trying to turn it into a commercial application, or an evil government that does not abide by the universal declaration of human rights. Anyone who falls under one of those three definitions who can't consider it free, I'm not concerned about. To _all_ other users, it is free and open source, and they can do what they want with it, and modify and distribute it how they please. The distinction you are attempting to make anti-thetical to security. Somehow I just can't see my way clear to advocating modification of my software for the use of spyware and commercial competitors. I fail to see what legitimate interest you or anyone else have in keeping software from being legally protected against having trojans and malware inject into them, and still considering it free. Instead of attacking my usage of free because it causes some cognitive dissonance, you may consider asking why other licenses haven't restricted use of their terms from having malware injected into it. Especially a project like Tor. Personally, I don't mind if a license causes a little more confusion to big brother, xyz proxy corp, or spyware inc, or anyone, if I and my users get more protection. I would certainly like to see that in the Tor license. So it's totally free, except that it isn't. You're also not giving it away to the public, you're only giving it to those parts of the public you don't discriminate against. No, it is free to the public, we aren't discriminating against who can use it. We ARE restricting how it can be MODIFIED. ... and the people who currently don't use Torpark because it isn't free software and the people who don't care about Torpark itself but would appreciate it if the term free software wouldn't be watered down. Fabian, if there really are legitimate potential users out there in the cosmos, waiting for me to open it up to malware and trojans so they can feel the universal definition of Free is consistent to whatever culture they happen to be from, they can keep holding their breath. And to the others who don't care enough except to make a pedantic distinction, I'll be expecting a letter from the FSF regarding how they own the trademark Free. Once again, would anyone else like to see Tor's license add that it can't be modified to have malware, trojans, spyware, etc. injected into it? Regards, Steve
Re[2]: Ultimate solution
Michael, Well that sounds good in theory, and admittedly I don't know enough about scripting languages to say it can't be done. But it does occur to me that the SM would have to be very intelligent to know that the harmless X, Y, and Z parts of the script form a dangerous whole. I think that starts entering into heuristics. Surely someone here knows way more about this and will comment. I would love to see such a tool. Regards, Steve In my experience many users will, and do, go out of their way to circumvent their own protection unless very aware of the consequences, and sometimes even then. If they really want to see that funny flash animation on a certain site, they will find a way to do it and then often forget to undo the changes they made there by leaving they selves vulnerable. There are some aspects of Flash, Javascript, etc, that are safe, and do not reveal any information. There are other aspects that are unsafe. This gets back to the whole issue I raised earlier, in another thread. Why try to sell people on OK, but you need to use a completely stripped down browser that can't display most modern sites at all because all scripting systems are disabled? Why not use a security manager model, where the browser commands are verified by a separate security manager, configured by the user? Then Tor can just distribute a security manager file. This would require some sort of system for I'm the browser, this is the file I just downloaded, tell me what I can safely execute. I'm the javascript parser, this is what I've just parsed and written via document.write but not yet executed. Tell me what I can safely execute. I'm the browser, this is the full document after fetching all the embedded references. I know I've asked you on each of those parts separately, now here's the whole shebang. Tell me what I can safely execute. Etc. The whole Because some aspect of Flash can kill you, all of flash must be junked approach won't work. That's like saying, Because Java could contain an unsafe program, no Java can be used. Sun designed a security manager system into Java specifically to deal with that concern. If the default security manager isn't good enough -- if the default SM permits unproxied connections, for example -- then we need a new SM that does not permit unproxied connections, or forces them to become proxied without the code realizing it. Java does permit changing the SM, doesn't it? Why not implement one for the rest of the browsing experience?
Secondary ways to preserve Tor anonymity/integrity
-BEGIN PGP SIGNED MESSAGE- Hash: RIPEMD160 Would it be off topic to discuss how various people obtain privacy/security in the real world as a way to better preserve it for the on-line world? I think this is a critical topic that is not widely discussed here, or in the IT security field in general, but I wouldn't want to perturb anyone by starting something seen as off topic. ~Andrew - -- Frivolous lawsuits. Unlawful government seizures. What's YOUR defense? Protect your assets, keep what you earn, and generate more income at the same time! Visit http://www.mpassetprotection.com/ today. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGBtp9gwZR2XMkZmQRA5I2AKCuzbWYCMlVuTPG5DM4UfgYuZSptQCgnLHE tmvMjQSZ4nWkwtGCttldG28= =H255 -END PGP SIGNATURE-
Re: Re[2]: Free Software and Torpark (was: Ultimate solution)
It would be good if I could read, I am sorry for posting that I saw the license as free. Reading through it fully, it definitely is not. The terms of the license are way too broad. Trying to exclude malware and spyware by licensing the program under a license which states that it cannot be used to anything that restricts the rights of the user will not work. First of all, malware does not restrict the rights of the user. Second of all, malware doesn't care about licenses, and the creators of much of the spyware and malware are not known to the world, so even if they break this license nothing will happen to them. Another thing that doesn't really make sense to me about the license is that it restricts the right to modify the program if it uses a commercial connectivity service. I am not a lawyer, but isn't my ISP a commercial connectivity service? It seems to me that this program cannot be redistributed at all, because it can only be used with a commercial connectivity service, and therefore any modification will break the license. I take back what I said earlier, and I am sorry for causing so many people to stare at their monitor in disbelief from what they just read. My most humble apologies, Kasimir On 3/25/07, Arrakis [EMAIL PROTECTED] wrote: Fabian et al, The terms free software and open source software have been around for a while and so has there meaning. No one said Torpark wasn't delivered free of charge or that its source wasn't open for review. Torpark's license just doesn't give the user enough rights to call Torpark either free software or open source software without causing confusion, raised eyebrows or being laughed at. Let us not be ambigious about the users you are talking about. The specific users you are talking about are limited by definition to only be the ones wanting to modify it to include malware/trojans, or someone trying to turn it into a commercial application, or an evil government that does not abide by the universal declaration of human rights. Anyone who falls under one of those three definitions who can't consider it free, I'm not concerned about. To _all_ other users, it is free and open source, and they can do what they want with it, and modify and distribute it how they please. The distinction you are attempting to make anti-thetical to security. Somehow I just can't see my way clear to advocating modification of my software for the use of spyware and commercial competitors. I fail to see what legitimate interest you or anyone else have in keeping software from being legally protected against having trojans and malware inject into them, and still considering it free. Instead of attacking my usage of free because it causes some cognitive dissonance, you may consider asking why other licenses haven't restricted use of their terms from having malware injected into it. Especially a project like Tor. Personally, I don't mind if a license causes a little more confusion to big brother, xyz proxy corp, or spyware inc, or anyone, if I and my users get more protection. I would certainly like to see that in the Tor license. So it's totally free, except that it isn't. You're also not giving it away to the public, you're only giving it to those parts of the public you don't discriminate against. No, it is free to the public, we aren't discriminating against who can use it. We ARE restricting how it can be MODIFIED. ... and the people who currently don't use Torpark because it isn't free software and the people who don't care about Torpark itself but would appreciate it if the term free software wouldn't be watered down. Fabian, if there really are legitimate potential users out there in the cosmos, waiting for me to open it up to malware and trojans so they can feel the universal definition of Free is consistent to whatever culture they happen to be from, they can keep holding their breath. And to the others who don't care enough except to make a pedantic distinction, I'll be expecting a letter from the FSF regarding how they own the trademark Free. Once again, would anyone else like to see Tor's license add that it can't be modified to have malware, trojans, spyware, etc. injected into it? Regards, Steve -- Kasimir Gabert
Re: Free Software and Torpark (was: Ultimate solution)
On Sunday 25 March 2007 14:06, Fabian Keil wrote: ... and the people who currently don't use Torpark because it isn't free software and the people who don't care about Torpark itself but would appreciate it if the term free software wouldn't be watered down. Watered down? C'mon. Do a google search for free software. At least half of the results refer to software that is free as in beer vs free as in speech. If you want to show the difference between free and Free, capitalize it like everyone else. Just because something isn't Free doesn't mean you have to pay for it. Speaking of freedom, what about a giving a software developer the freedom to prevent commercial abuse? Would you prefer to give them the Freedom to stop working on their software because they don't want it ripped off by scumbags? Torpark's license just doesn't give the user enough rights to call Torpark either free software or open source software without causing confusion, raised eyebrows or being laughed at. I argue that anyone trying to redefine the english word free to only mean software licensed according to the FSF guidelines deserves to be laughed at. This is a stupid argument to start with -- ignoring the license, TorPark should be recommended based on the quality of the code and the features of the software. If TorPark LLC does something evil at a later date, stop recommending them. -HD
Re: Free Software and Torpark (was: Ultimate solution)
Once again, would anyone else like to see Tor's license add that it can't be modified to have malware, trojans, spyware, etc. injected into it? -1
Re: Free Software and Torpark (was: Ultimate solution)
--- H D Moore [EMAIL PROTECTED] wrote: On Sunday 25 March 2007 14:06, Fabian Keil wrote: ...TorPark should be recommended based on the quality of the code and the features of the software. If TorPark LLC does something evil at a later date, stop recommending them. -HD TorPark is not recommended by any Tor devs or others working with/on Tor. TorPark has some unresolved issues: http://archives.seul.org/or/talk/Nov-2006/msg00219.html. And it is not documented well. Regards, Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097
Re[2]: Free Software and Torpark (was: Ultimate solution)
I'll address these issues since you didn't feel it was necessary to read the followups on the thread you posted: 1) tor devs are not qualified to review the code. Shava Nerad of the Tor project asked me to refer someone to do QA on 3rd party win32 apps for the Tor project, which I did. Will it ever happen? Who knows. 2) Those are not issues with Torpark but the windows operating system. However, in a future release of Torpark we are working on even the faults of the win os will be addressed. Those issues are 1) the way windows treats memory, and 2) the way windows treats applications and may cache them. Since then I have removed the section about it not leaving traces, because it simply does as that is the nature of windows. 3) I have a step by step for building Torpark. Further, If you bother to read the code, you will see it is well documented. Regards, Steve TorPark is not recommended by any Tor devs or others working with/on Tor. TorPark has some unresolved issues: http://archives.seul.org/or/talk/Nov-2006/msg00219.html. And it is not documented well. Regards, Now that's room service! Choose from over 150,000 hotels in 45,000 destinations on Yahoo! Travel to find your fit. http://farechase.yahoo.com/promo-generic-14795097
Re: Is this a Tor exit node connecting to me?
On Sun, 25 Mar 2007 12:22:12 -0700 Matt Ghali [EMAIL PROTECTED] wrote: On Sun, 25 Mar 2007, Joseph B. Kowalski wrote: On Sun, 25 Mar 2007 03:20:10 -0700 Pei Hanru [EMAIL PROTECTED] wrote: A small issue. When I query the DNSBL server for my slow, middleman only (reject *:*) server, it returns 127.0.0.2. Is it a good idea to include non-exit Tor servers in this list? Yes, since when you are performing the first type of query, you are simply asking whether an IP address is an active Tor server or not, of any kind. Now, if anyone wanted to see if your Tor server would exit to their location or not, they could perform the second type of query (See my original post for details on the two query types, if necessary), which, in your case, would always return NXDOMAIN since you don't allow any exiting. Please consider returning a different A record for the first query type to allow differentiation between exit nodes and middlemen. Returning 127.0.0.2 for exit nodes and 127.0.0.3 for middleman nodes will allow sendmail dnsbl configurations to easily do the 'right' thing. Hi Matto, Differentiation between exit nodes and middlemen is exactly what the first query type is NOT designed to do, and exactly what the second query type IS designed to do since, as the Tor volunteer page I quoted in my original post states ...being an exit server is not a boolean... Saying that Tor server X is an exit server is exactly what we're attempting to get away from here, as that is really not a valid statement unless Tor server X actually allows exit to every IP on every port. Assuming it does not, then Tor server X is an exit from the perspective of some and not an exit from the perspective of others, hence the second query type. As a matter of fact, there really is not much reason to have the first query type at all, I mainly just did it cause I thought it would be a neat feature. In fact, unless I'm misunderstanding your comment, the second query type would be well suited for the example you give, which is allow sendmail dnsbl configurations to easily do the 'right' thing. I'm presuming you are saying that you have a sendmail server running that would like to determine if the machine making a connection to it is a Tor server that would allowing exiting to it. In this case, the second query type will provide exactly that information. Knowing that the machine connecting to you is STRICTLY a Tor 'middleman' node is useless, I would think, since in that case I would imagine it would be getting treated the same as any other Internet machine making a connection (Again, unless I'm missing something here). Hope that helps, and let me know if I'm missing something... Best regards, Joe Kowalski
Re[2]: Free Software and Torpark (was: Ultimate solution)
Perhaps what you are looking for is full support for RFC 3514. Best of luck. matto On Sun, 25 Mar 2007, Arrakis wrote: Let us not be ambigious about the users you are talking about. The specific users you are talking about are limited by definition to only be the ones wanting to modify it to include malware/trojans, or someone trying to turn it into a commercial application, or an evil government that does not abide by the universal declaration of human rights. Anyone who falls under one of those three definitions who can't consider it free, I'm not concerned about. To _all_ other users, it is free and open source, and they can do what they want with it, and modify and distribute it how they please. [EMAIL PROTECTED]darwin Moral indignation is a technique to endow the idiot with dignity. - Marshall McLuhan
Stealing Wheelbarrows and Nazis.. was Re: Secondary ways to preserve Tor anonymity/integrity
Hi Andy, Not only off topic... a lot of real world methods are fragile ie work only as long as the adversary(governments,military,spys) are NOT aware of what is going on, if methods commonly known as tradecraft were published then everyone would know and therein would defeat that practical real life method. (nb cross indexing births and deaths came in to wide practice by governments because of the dead baby birth certificate method of acquiring a new identity, popular in the late 1960s to the early 1980s..) publishing methods would definitely not serve those using same effectively.. a tor user ps think nazis and the stealing wheelbarrows joke.. Andrew Del Vecchio wrote: Would it be off topic to discuss how various people obtain privacy/security in the real world as a way to better preserve it for the on-line world? I think this is a critical topic that is not widely discussed here, or in the IT security field in general, but I wouldn't want to perturb anyone by starting something seen as off topic. ~Andrew
Re: Ultimate solution
On 25 mar 2007, at 21.16, Michael_google gmail_Gersten wrote: The whole Because some aspect of Flash can kill you, all of flash must be junked approach won't work. That's like saying, Because Java could contain an unsafe program, no Java can be used. Or like saying Because SOME people are using Tor for bad things, we need to get rid of Tor. Brad
Re: Free Software and Torpark (was: Ultimate solution)
On 25 mar 2007, at 22.48, H D Moore wrote: This is a stupid argument to start with -- ignoring the license, TorPark should be recommended based on the quality of the code and the features of the software. If TorPark LLC does something evil at a later date, stop recommending them. -HD Amen, Preach it Brother HD! Brad