Re: My ISP block Tor Servers

[Mike Perry]

Thus spake Koh Choon Lin ([EMAIL PROTECTED]):

> >> If you can't or don't want to switch ISP you could
> >> rent a server with uncensored net access and use
> >> it as proxy.
> 
> I am working in Singapore and the government branded Tor as "criminal
> skills". Thus, I have to go through a proxy even to get the Tor
> client!

Heh. This reminds me of a lawfirm one of my friends used to work at.
They told me when they tried to visit my website the content filter
denied them with that same message: "Criminal skills". Never did get a
copy of the censor page though. This was in the USA.

Content filters are awesome.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs

Re: Importance of HTTP connection keep-alive

[Juliusz Chroboczek]

>> Polipo/tor was still 13% faster?

> To which numbers are you referring here?

Sorry, I got confused.

> However if I understand you correctly, you're saying that
> I intentionally...

My apologies, I got carried away.

Juliusz

Re: Importance of HTTP connection keep-alive

[Juliusz Chroboczek]

[CC-ing polipo-users again]

>> this is an HTTP/1.0 site.  There are fortunately very few of these
>> left nowadays.

> What exactly is the problem with the site?  Watching the circuits in
> Vidalia I had the impression that Polipo used keep-alive.

HTTP/1.0 keepalives and HTTP/1.1 persistent connections are not quite
the same thing.  From memory, the limitations of HTTP/1.0 are

 - HTTP/1.0 kept-alive connections must be broken after every dynamic
   object;
 - pipelining is not allowed in HTTP/1.0;
 - HTTP/1.0 keepalives are not allowed when speaking to a proxy.

Polipo respects the first two limitations.  It doesn't respect the
third limitation, but instead plays a number of tricks that ensure
that it works with common HTTP/1.0 proxies (Squid, WWWOFFLE, Privoxy).

In order to be nice to the network, Polipo limits itself to
2 connections when speaking to a server that can do persistent
connections or keepalives.  This works fine when there are
opportunities for pipelining, but results in poor performance
otherwise.

You can customise the magic value 2 with the variable serverSlots.
I'd actually be very curious to see the results for your previous test
with serverSlots set to 5.  (I guess I should be more aggressive with
HTTP/1.0 servers by default; ideally, I'd like to work-out a scheme
to tune serverSlots automatically depending on our traffic patters.)

There's a paper about the tradeoffs involved on

  http://www.w3.org/Protocols/HTTP/Performance/Pipeline.html

> Can you name some other sites that you consider valid targets then?

There's no good answer to that, unfortunately, as there are so many
variables involved; I don't think there's a typical web site, there
are a few classes of web sites that I believe are typical, and that
Polipo should deal with pretty well.

The easiest case is an HTTP/1.1 web server with purely static content,
or dynamic content generated by people who knew what they were doing.
Unfortunately, such servers have been becoming rare as most sites have
moved to dynamic content generation.

The KDE site is what I believe is quite typical of a modern web site:
on the one hand the content is dynamically generated by crufty PHP
scripts (no useful validators are provided), but the HTTP is generated
by a fully HTTP/1.1 web server (Apache 2).  Polipo is slightly
suboptimal in such a case, but it should be reasonably good.

Another fairly common case is that of a mis-configured server that
doesn't do persistent connections at all -- for example
http://www.gnome.org/.  Polipo will notice that after a few requests,
and switch to using up to 8 connections to that server.  Unless
there's something really wrong in either Polipo or Privoxy,
performance should be roughly identical in the two implementations
(except for the effects of caching and range requests, of course).

The Spiegel.de web site that you tested against is actually an
interesting case.  It appears to be a bunch of typical PHP scripts (no
ETags) running on an HTTP/1.0 web server hidden behind no less than
two HTTP/1.0 front-end proxies (somebody is probably trying to do
load-balancing with a total budget of 12 pf. and an old button).
While such interesting configurations are uncommon, single HTTP/1.0
front-end proxies do happen sometimes, so I'll increase serverSlots
when speaking to such a site in the next version of Polipo.

Juliusz

Re: [Fwd: High-traffic Colluding Tor Routers in Washington, D.C. Confirmed]

[Karsten Loesing]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi Karsten, (strange to write that *g*)

> do you run a TOR server on a virtual server without connection faults?
> A year ago, I tested a tor server on virtual hardware (Virtuozzo) and I
> got many TCP connection faults in "/proc/user_beancounters".
> 
> Is a TOR server now ready to run with less then 1024 TCP connections?
> Or do you have a virtual server, which does not have low limits for TCP
> connections? In this case the offer of 1blu is very nice for TOR.

At the moment I count 630 TCP connections using netstat. And I don't
know about /proc/user_beancounters, but that file is empty.

I don't have any long-term experience with 1blu so far. Maybe they shut
down my node as soon as they find out why it produces so much traffic.
And maybe they change their contracts as soon as everybody is running
Tor servers at them from now on. Let's wait and see.

> - - Begin Off-Topic ---
> I know, it is a Tor list. But please let me write this:
> What do you think about a remailer (Mixmaster or Mixminion), something
> like TOR for emails. Emails are more private than surfing in my opinion.
> If you did have the power to admin a few tor server, you may run a
> remailer too. It may share a server together with TOR. The traffic is
> not very high: 5.000 mails per day. It uses at max. 16 TCP connections.
> And it can act as a middle-man like TOR. For Mixmaster a working MTA
> ("exim4" or something else) is required, for a Mixminion middle-man nothing.
> 
> The size of the remailer networks decreases in the last 6 month down to
> 35 nodes for Mixminion and less than 30 nodes for Mixmaster. Hope, we
> can stop this trend. Large networks for high anonymity are needed.
> 
> I am ready for help, if somebody needed any docs. (in German too)

Personally, I don't know so much about e-mail anonymizers, yet. So, if
you have information that I cannot find in a two-minutes Google session,
yes, please send it to me.

> - -- End Off-Topic --

- --Karsten
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGJnGz0M+WPffBEmURAg0+AKDUnONqZSlnhxxb/29QWIevsg1tbgCgza10
9NGVDrMDsAxIVj5oDGswbbE=
=9zMm
-END PGP SIGNATURE-

Re: Importance of HTTP connection keep-alive

[Fabian Keil]

Juliusz Chroboczek <[EMAIL PROTECTED]> wrote:

> > With http://www.kde.org/screenshots/:
> 
> So according to this test, this page downloads roughly two times
> faster through Polipo/tor than through Privoxy/tor, right?

It certainly did for the five samples I took.
 
> > I also tested with another website (http://www.spiegel.de/):
> 
> This test is not representative: this is an HTTP/1.0 site.  There are
> fortunately very few of these left nowadays.

What exactly is the problem with the site?
Watching the circuits in Vidalia I had the impression
that Polipo used keep-alive.

> > Privoxy may have had a slight advantage here, because by removing
> > three tracking pixels it had to do three requests less.
> 
> And notwithstanding the fact that you so carefully crafted this test
> to advantage Privoxy, Polipo/tor was still 13% faster?

To which numbers are you referring here? Repeating my results:

Firefox + Privoxy + Tor:
110.619s, 78.505s, 20.397s, 36.926s, 73,442s
63.983s
62,956s
43,588s

Firefox + Polipo + Tor:
93.979s, 33.102s, 34.242s, 123.365s, 99.740s
76.886s
75.987s
53,774s

So Polipo+Tor were slightly slower, while the reason seems
to be bad luck with the speed of the Tor circuits.

However if I understand you correctly, you're saying
that I intentionally chose a site where Polipo has
problems?

Can you name some other sites that you consider valid targets then?
I can test again with Privoxy's actions disabled.

Fabian


signature.asc
Description: PGP signature

Re: Importance of HTTP connection keep-alive

[Juliusz Chroboczek]

> With http://www.kde.org/screenshots/:

So according to this test, this page downloads roughly two times
faster through Polipo/tor than through Privoxy/tor, right?

> I also tested with another website (http://www.spiegel.de/):

This test is not representative: this is an HTTP/1.0 site.  There are
fortunately very few of these left nowadays.

(Interesting that you should have chosen to test with this particular site.)

> Privoxy may have had a slight advantage here, because by removing
> three tracking pixels it had to do three requests less.

And notwithstanding the fact that you so carefully crafted this test
to advantage Privoxy, Polipo/tor was still 13% faster?

> It certainly looks like keep-alive's effects aren't big enough to
> guarantee faster web browsing through Tor, though.

I guess there's no point in continuing this discussion, then.

Juliusz

Re: Importance of HTTP connection keep-alive

[Juliusz Chroboczek]

[CC-ing the Polipo-users list]

> Speaking of which, it occurred to me a little while ago that
> persistent connections between the http proxy and the website,
> through Tor, can have an impact on anonymity.

> If the user is figuring they're rotating their connections over
> different Tor circuits over time (after all, they're clicking at
> different times, right?), but polipo is holding open the same
> persistent connection [...]

It will certainly facilitate grouping requests into sessions.

I'm not sure it counts as an anonymity threat, since the session
itself is still anonymous; furthermore, there are easier ways to track
requests into sessions (cookies, ``Referer'' headers, unique tokens
embedded into URLs, If-Modified-Since requests, etc.).  But I agree
that it should at the very least be documented somewhere.

> Is it documented anywhere how Polipo does its keepalives and timeouts
> for persistent connections?

Polipo will keep a persistent connection open as long as possible, but
it will shut an idle connection down after its normal timeout (120s by
default).

Additionally, the server's idle timeout will usually come into play;
in my experience, it's usually between 4 and 15 seconds.  But that's
irrelevant, since a malicious server could choose a much larger
timeout.

For people who do believe this is a serious threat, I can think of the
following mitigations:

  (1) use a smaller timeout for idle connections;
  (2) shut down a connection after some number of serviced requets;
  (3) shut down a connection after it's been used for some time.

Trouble is, either of these will harm performance in some cases; the
obvious example being two polipi on the two ends of an ssh or ssl
tunnel, where avoiding the intial handshake helps a lot.  So I guess
I'd have to implement different behaviour for parent proxies and
direct connections.

Roger, I'd like to know whether you think this is worth implementing
for the next version of Polipo (and of course whether you have any
better ideas).  As I've stated, I don't believe this threat is real,
but I'm quite willing to do the work if you disagree.

Juliusz

Re: [Fwd: High-traffic Colluding Tor Routers in Washington, D.C. Confirmed]

[Karsten N.]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> I would like to contribute some more Tor servers running at different
> providers across Germany (probably not in the same /16 network). My
> current server is a virtual server at 1blu that has a bandwidth of 931
> KB/s which makes it the 71st fastest Tor server in the network. Maybe
> other providers are even faster than 1blu. Just as a comparison: the
> fastest Tor server at the moment has 4533 KB/s.

Hi,

do you run a TOR server on a virtual server without connection faults?
A year ago, I tested a tor server on virtual hardware (Virtuozzo) and I
got many TCP connection faults in "/proc/user_beancounters".

Is a TOR server now ready to run with less then 1024 TCP connections?
Or do you have a virtual server, which does not have low limits for TCP
connections? In this case the offer of 1blu is very nice for TOR.

- - - Begin Off-Topic ---
I know, it is a Tor list. But please let me write this:
What do you think about a remailer (Mixmaster or Mixminion), something
like TOR for emails. Emails are more private than surfing in my opinion.
If you did have the power to admin a few tor server, you may run a
remailer too. It may share a server together with TOR. The traffic is
not very high: 5.000 mails per day. It uses at max. 16 TCP connections.
And it can act as a middle-man like TOR. For Mixmaster a working MTA
("exim4" or something else) is required, for a Mixminion middle-man nothing.

The size of the remailer networks decreases in the last 6 month down to
35 nodes for Mixminion and less than 30 nodes for Mixmaster. Hope, we
can stop this trend. Large networks for high anonymity are needed.

I am ready for help, if somebody needed any docs. (in German too)
- - -- End Off-Topic --

Karsten N.
- ---
[EMAIL PROTECTED]
0x1C10A42F
- - -


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2.2 (GNU/Linux)

iQEVAwUBRiYl2XneknocEKQvAQLHewgAkFpzpcZEExkJ/Eydxog9d6czGX9sPYFY
gFVJ32NXO/qNSQR1WQOYMBesjLhd9+DCOEYQ9tkJqBrCCoEQklRcihFMO+ttDHb4
M0Ktqhizi75VJo36IX0060f0GQ4tT184NdferpLicAOuiGGvOkGAqTSgXvEzWPE1
ExLz7vl9BgSqs4P+wddOr1VSK1stxEUE/vwcbTK01o+C0v6peYEG9fplQq4bw48Z
lplBH3Fb/7ASmwR9faVfYoi8gXqLDtnRC1kHK+H+/JzWRPGZU9BKAADmiw+0+kql
9i0iv1yoPb7OWLofBHnbjuyxHC7gTdMmUyLAgSaK/67uOtp6sdbQ1Q==
=8hj5
-END PGP SIGNATURE-

Re: Importance of HTTP connection keep-alive

[Fabian Keil]

Juliusz Chroboczek <[EMAIL PROTECTED]> wrote:

> Michael Gersten:
> 
> > getting keep-alive to work will help a lot with web browsing,
> 
> Fabian Keil:
> 
> > Is this an assumption or did you just forget to show your benchmarks
> > to back this claim up?
> 
> I've just tested this by running
> 
>wget -p http://www.kde.org/screenshots/

No, you tested wget, which doesn't do parallel requests.

The results are certainly interesting and may or may not
show the difference between serialised requests that are
done with and without keep-alive, but the numbers are worthless
to make any assumptions about web browsing.

Any modern browser I'm aware of uses multiple parallel
connections if keep-alive isn't used, Firefox certainly does.

> Please feel free to repeat my tests and report the results on this list.

I have no reason to doubt your results, I just don't
think they are relevant for web browsing.


I just did some tests which I think are more meaningful.

I used Firefox instead of wget, used the Fasterfox plug-in
to time the requests and tried several proxy combinations.

The versions were Tor 0.1.2.9-rc, Firefox 2.0.0.3,
Polipo 0.9.99.1 and Privoxy's CVS version with some
uncommitted modifications which should be irrelevant
for this test.

I didn't change my Privoxy configuration, which means
there were several actions active, some of which effected
the results. http://www.kde.org/screenshots/ contains
no ads or tracking pixels, so filtering the page causes
a delay without any gain.

The test was done on a laptop with FreeBSD's powered(aemon)
running. As a result the CPU frequency wasn't constant,
but I doubt that it mattered for the end results.

I first did five tests for every proxy combination,
switching the proxy combination after each request.

Requests where started with ctrl+F5 so Firefox didn't
use its cache and additionally set the headers
"Pragma: no-cache" and "Cache-Control: no-cache".

I started Polipo with:
polipo diskCacheRoot='' socksParentProxy=10.0.0.2:9050
and restarted it for every test. I kept Tor and Privoxy
running all the time.

Finally the numbers, the format is:
|Proxy combination
|results in the order I got them
|average all
|average without the best and worst result
|average without the two worst results


With http://www.kde.org/screenshots/:
Firefox + Privoxy + Polipo + Tor:
40.950s, 6.100s, 6.294s, 24.290s, 56.680s
26.863s
23.845s
12.228

Firefox + Privoxy + Tor
59.523s, 7.493s, 6.822s, 156.438s, 35.282s
53.112s
34.099s
16.532

Firefox + Polipo + Tor
14.558s, 38.840s, 12.100s, 5.548s, 26.370s
19.483s
17.676s
10.735

I also tested with another website (http://www.spiegel.de/):

Firefox + Privoxy + Polipo + Tor:
155.674s, 46.256s, 141.360, 47.120s, 35.967s
85,275s
78,245s
43,117s

Firefox + Privoxy + Tor:
110.619s, 78.505s, 20.397s, 36.926s, 73,442s
63.983s
62,956s
43,588s

Firefox + Polipo + Tor:
93.979s, 33.102s, 34.242s, 123.365s, 99.740s
76.886s
75.987s
53,774s

Privoxy may have had a slight advantage here,
because by removing three tracking pixels it had
to do three requests less. However I think that
it didn't matter much.

The speed of the underlying Tor circuits seems
to be the most important factor here and five
samples probably aren't enough to prove anything.

It certainly looks like keep-alive's effects aren't
big enough to guarantee faster web browsing through
Tor, though.

Fabian


signature.asc
Description: PGP signature

Re: [Fwd: High-traffic Colluding Tor Routers in Washington, D.C. Confirmed]

[xiando]

> Do you think it's a privacy problem to run 3 to 5 servers? All servers
> would be non-exit servers because of the current habit of the German
> police to collect all exit servers. Of course, I will set the family entry.

Please do run as many servers as you can afford. There is absolutely no 
privacy issue if you set the MyFamily option. Note that you must remember to 
set it on all the servers for it to work (so I can't just claim 99% of the 
Tor-network is my family and therefore you should use my 1% remaining evil 
servers by setting the option in one config file).

There is no issue with you running 100 servers as long as you use MyFamily, 
that would be very good. It's only when you're running 100 servers on 
different /16's and pretend that you have no involvement with any of them 
that I would wonder what you're up to..

Re: [Fwd: High-traffic Colluding Tor Routers in Washington, D.C. Confirmed]

[Karsten Loesing]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

> What kind of traffic plan to you have with 1blu, and how much do you
> pay for it?

They offer "1blu-vServer Unlimited" with unlimited traffic volume for 17
euros per month. I don't know if it's the best offering, so I decided to
give them a try. Are there other good offerings for (virtual) Linux
servers with unlimited traffic?

> FWIW, I don't see any problems in running two middleman servers (shrek, 
> shrek2), 
> with proper family setting, of course.

OK. Does someone else have scruples about it?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGJfBs0M+WPffBEmURAkV0AJ4md2knpz29e0XkXbXd3nWcyL8G6QCfTVNl
s5eGtelrtzBi2Z2UpiNc9m0=
=lzMy
-END PGP SIGNATURE-

Re: [Fwd: High-traffic Colluding Tor Routers in Washington, D.C. Confirmed]

[Eugen Leitl]

On Wed, Apr 18, 2007 at 11:45:15AM +0200, Karsten Loesing wrote:

> I would like to contribute some more Tor servers running at different
> providers across Germany (probably not in the same /16 network). My
> current server is a virtual server at 1blu that has a bandwidth of 931

What kind of traffic plan to you have with 1blu, and how much do you
pay for it?

> KB/s which makes it the 71st fastest Tor server in the network. Maybe
> other providers are even faster than 1blu. Just as a comparison: the
> fastest Tor server at the moment has 4533 KB/s.
> 
> Do you think it's a privacy problem to run 3 to 5 servers? All servers
> would be non-exit servers because of the current habit of the German
> police to collect all exit servers. Of course, I will set the family entry.

FWIW, I don't see any problems in running two middleman servers (shrek, 
shrek2), 
with proper family setting, of course.
 
> Just want to ask in advance.

-- 
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Re: [Fwd: High-traffic Colluding Tor Routers in Washington, D.C. Confirmed]

[Karsten Loesing]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,

this question is not directly related to the described case.

I would like to contribute some more Tor servers running at different
providers across Germany (probably not in the same /16 network). My
current server is a virtual server at 1blu that has a bandwidth of 931
KB/s which makes it the 71st fastest Tor server in the network. Maybe
other providers are even faster than 1blu. Just as a comparison: the
fastest Tor server at the moment has 4533 KB/s.

Do you think it's a privacy problem to run 3 to 5 servers? All servers
would be non-exit servers because of the current habit of the German
police to collect all exit servers. Of course, I will set the family entry.

Just want to ask in advance.

- --Karsten
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGJeir0M+WPffBEmURAt8wAKCvxrHh2adEKZwkTkcMuKEzstGTZgCg0Sai
3Q5QfDp6+Nv8JDhffwBUUGs=
=ahDa
-END PGP SIGNATURE-