Re: How are German Tor server people doing?
On Mon, Dec 31, 2007 at 11:56:45PM -0800, algenon flower wrote: I am just curious to hear how the people are doing out Germany way who are being impacted as per the oft After the federal president signed the law, 30 kPeople submitted their suit against it in the court at Karlsruhe on 31. Dec (the largest constitutional suit ever by a large margin). AFAIK the plan is to achieve a preliminary injunction first. In any case the relevant date is 20090101, not 20080101. Only telecommunication providers (cellular, telephony, possibly VoIP) are/would be affected at this time -- but, let's see what Karlsruhe will say to that. If the law is not repealed as unconstitutional, it would be another major building stone for the new machtergreifung laws. http://de.wikipedia.org/wiki/Machtergreifung discussed new repression law. I am hoping they having a good nice time, it must be 6am '08 there right now... Happy new year to you and don't cave in to the creeping repressionism. We are all we have to fight It is quite interesting how global this is. I think it looks like a silent collusion. If it is indeed that, it's time to get seriously scared. We need to maintain untrackable uncensorable communication to any political or activist group, whatever it takes. to be free. -- Eugen* Leitl a href=http://leitl.org;leitl/a http://leitl.org __ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
We're missing a certificate from authority tor26
Jan 01 13:21:15.069 [notice] We're missing a certificate from authority tor26 with signing key : launching request. Repeating... What could that be? morphium
Re: Proper TOR DNS Configuration Testing Help
Mark Manning wrote: That's awesome! That's exactly how I was thinking but to be honest I wasn't sure how to implement the background service that ties the query logs to the web server. If it wouldn't take too long, do you think you could talk about the specifics a little bit more? 1.) You visit http://clayman.tor.grepular.com/torcheck.cgi 2.) The cgi generates a unique code. In this case, a 32 character alphanumeric string. It then spits out some html containing several triggers to try and make the web browser do a dns lookup on $code.tordnscheck.grepular.com where $code is replaced by the unique id it just generated. The triggers are inside the head/head and are: link rel=stylesheet type=text/css href=http://$code.tordnscheck.grepular.com/style.css; / link rel=shortcut icon type=image/x-icon href=http://$code.tordnscheck.grepular.com/favicon.ico; / script type=text/javascript src=http://$code.tordnscheck.grepular.com/script.js;/script 3.) A meta refresh then refreshes the page and adds ?code=$code to the uri arguments. 4.) When the page is reloaded it asks a separate process that I will describe in a moment, whether or not it knows the IP that did the lookup of $code.tordnscheck.grepular.com, and if so it displays it. 5.) There is a separate process written in perl, which uses File::Tail to monitor the bind query log. It's a threaded application. One thread tails the log looking for entries like $code.tordnscheck.grepular.com. When it comes across any, it stores the code and the ip together in a shared variable, for up to 10 minutes 6.) The second thread accepts incoming socket connections. Basically, the torcheck.cgi script makes a tcp connection to the app tailing the log file and writes $code to it, and the app then returns the IP address and closes the connection. The gopher request works in a similar fashion. The trigger is: img src=gopher://grepular.com/torgophertest/$code; width=0 height=0 / Then I have another application listening on the gopher port looking for requests like /torgophertest/$code and then linking $code with the client IP. Then it makes the information available to the cgi via the same socket method. I hope that all makes sense. Mike
Re: Is there something similar like Torbutton FF plugin for the Internet Explorer ?
[EMAIL PROTECTED] wrote: On Mon, Dec 31, 2007 at 10:28:21AM +0100, Ben Stover wrote: Is there something similar like Torbutton FF plugin for the Internet Explorer ? Or do I really have to change manually proxy settings each time I want to switch from Tor enabled to Tor disabled mode? If you're using Privoxy, it has such a function build in already. Just go to the special 'website' p.p which will be intercepted by privoxy and you can click on 'Toggle Privoxy on or off'. There you can switch it off and it also offers bookmarklets, which you can add as buttons (bookmarks) to your IE. Easy as that. I don't think Privoxy's toggle option does what you think it does. However not all is lost: using Privoxy 3.0.7 beta or later you can combine the user-agent client-header tagger, the forward-override action and a browser-plugin that changes the User-Agent header to build your own Tor toggle. For details see: http://www.privoxy.org/3.0.7/user-manual/actions-file.html#CLIENT-HEADER-TAGGER and: http://www.privoxy.org/3.0.7/user-manual/actions-file.html#FORWARD-OVERRIDE Be sure to read the warning before doing it, though. Note that nowadays the Torbutton extension is also supposed to protect you against some JavaScript-based attacks. Privoxy doesn't do that. Fabian signature.asc Description: PGP signature
Re: How are German Tor server people doing?
Hi, nothing really changes here in Germany yet. There are, as sufficiently discussed, some more or less promising attempts to stop the new law. But for the year 2008 there is no change for torizens yet, and actually some people including me do not believe there will be an obligation to log anything for us in the time after. If, then it might happen in one year from now, and in that case I will close my German node and move somewhere else. But that is, as mentioned, in one year from now. How are German Tor server people doing? I think Germany has the highest density of Tornodes in the world if you use the number of citizens and the number of nodes as parameters. At present the number of nodes (maybe also because of 24c3, which I missed) is increasing. It's still going... The raids on Tor operators are afaik not a part of a larger strategy against Tor, but a pretty sad picture of the local policeforce and their massive lack of adaptive capabilities. One side effect though is the diminishing number of exit-nodes here. Doesn't help those raided during the last year, but the vast majority here did not encounter any raids. I am hoping they having a good nice time, it must be 6am '08 there right now... Don't you worry, afaik most, here in Berlin (as of 15:00), are still not very responsive, yet. silent collusion. If it is indeed that, it's time to get seriously scared. Disagree. Not scared, but consequent ;) Last not least, there is no better occasion than now: Happy new year everyone.
Google becomes usefull for us again
Normally I'm using ixquick or seekz but I didn't found something I was looking for so I went on to google. Of course there came this message telling me that my question looks like an automated request blabla.., you know what I mean. But what's new to me was the captcha box which was shown and didn't need js or cookies or anything bad. And after typing in the captcha I could proceed. So I don't know since when google offers this feature, but finally it becomes usefull for privers again :) greets pgpjDUomDnDaD.pgp Description: PGP signature
Problems understanding and using Vidalia Network Map
Ok I established a Tor connection successfully. Now I open in Vidalia the Tor network map. On the left side there are the available Tor servers. But what connections are in the mid column (below the worldmap) ? Currently I can see approx 12 lines like atari,blutorserver,croesoOpen As far as I know I use only 1 connection at a time. Why are there 12 listed ? Can I choose one of these connections ? If yes: How ? I did not found a select this connection button/context menu Is the rightmost server always the exitnode of a connection line? Ben
Version 0.1.2.18 does not like http proxy?
Hi, i tried to upgrade from version 0.1.2.16 to 0.1.2.18 but i see that my TOR server does not use the limit of 90 KB; it's only about 10 % (about 9 KB). I put HttpProxy 127.0.0.1:3128 into the torrc but that changed nothing and for the 0.1.2.16 version this was not necessary because it works fine with the transparent and non-transparent squid. How can i get the 0.1.2.18 version using the full BandwidthRate? And how can i get a faster increase of the traffic up to the limit? I'm changing my IP every metric hour and i see that my TOR server needs about half an hour to increase the traffic up to the limit. greets
Re: Problems understanding and using Vidalia Network Map
On Tue, 01 Jan 2008 19:13:31 +0100 Ben Stover [EMAIL PROTECTED] wrote: On the left side there are the available Tor servers. correct But what connections are in the mid column (below the worldmap) ? These are the opened and opening connections. Tor is always trying to open new circuits and jumps to them if the old circuit-connection has timed out (I guess by default ~10min) Can I choose one of these connections ? If yes: How ? I did not found a select this connection button/context menu no Is the rightmost server always the exitnode of a connection line? exactly -- kazaam [EMAIL PROTECTED] pgpNI8YRDajc6.pgp Description: PGP signature
[Long!] Re: Darknetting and hidden services [Was: Re: virtues of middlemen]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jo wrote: On 01/01/2008, F. Fox [EMAIL PROTECTED] wrote: These are Tor's hidden services: Servers accessible anonymously, where both client and server are unknown to each other. =:o) Since such services are visible only via Tor, they would fall under the darknet definition, I believe. This is what I was getting at ... just didn't say it right :( It's okay. =:o) After all, the hidden service side of things is quite a bit more obscure than the (likely) most common use of Tor - an anonymity layer and inherent outproxy to the normal Web. (About that anonymity layer... Although I've never seen it formally described as such, I could see it being considered as a separate logic layer in the TCP/IP stack, since it is such a general-use TCP conduit. It'd look something like this: * [Application] | [Anonymity] | [Transport] | [Internet] | [Network Access] * Just for kicks...) I have often wondered just how big the network could get, and what impact this has on the Internet. There are many Internet resources that will always be needed - e.g. email will need to be accessible from / routed to Tor; Google, Wikipedia, Universities, etc are not going to be replicated, ... At the moment the rest of the Internet can ignore Tor (except for those who want to block it) but - if big enough - one could imagine the need for ubiquitous gateway services to allow simple (transparent?) access to resources within the network. If it became mainstream and massive, yes. However, I don't have much hope for that, if history is a guide for the most likely development of the future [1]. Such a ubiquitous deployment will most likely (though sadly) remain the wet dream of hackers, civil libertarians, crypto-anarchists, and cipherpunks. The network has - though far from ubiquitous - grown quite a bit over the few years. Around 2005, the paper Low-Cost Traffic Analysis of Tor[2] mentioned there being around 50 Tor nodes; IIRC, that's mushroomed to around 1,600. (I suppose that such a mushrooming effect could cause someone to look Tor through another historical POV, though - that of the Internet itself. It did something similar... =:oD ) [1]: This is one reason why I try to study as much history as I can, BTW; many mistakes are made in the present, which could have been avoided if the one who made them had learned about certain aspects of the past. [2]: http://www.cl.cam.ac.uk/users/sjm217/papers/oakland05torta.pdf Of course it has to get big enough first. PGP is still struggling (I don't even have a signing key for this email address) and services such as Usenet which were huge in their time are now rapidly being replaced. (This one really irks me - a fantastic idea with some basic privacy elements built in, being replaced by lesser technologies). SSL, OTOH, has become pretty much mainstream and is still developing ... the challenge to be able to grow Tor will be to do the same - make it mainstream. True, it's a shame some of these things aren't more mainstream. That thing about Usenet also strikes a chord with me; when a technology with many years of history behind it ends up circling the drain, it's just sad. Old doesn't always mean inferior, or even obsolete/superceded; a good example are the Unices, which started way back in the 1970s (IIRC). Sure, things have changed a lot since then, but the basic model is still there. The core of the Net runs on it (and if more of the users did, we might not have half the bedlam going on right now! =xoD ). Of course to become mainstream it needs to be REAL easy. And if Tor gets to the point where it is so simple that you don't really need to understand it, there is a distinct possibility that many of the benefits may no longer be realised (how do you know you've got a secure, private connection if you don't understand WHY it is secure and private - particularly what *isn't* provided). (snip) This is one reason why malicious Tor exit nodes and scripts/applets/etc. on servers have had such success in de-masking Tor users - it's not a silver bullet. Users have to configure their applications carefully, as well as be careful what they let pass through Tor (either explicitly entered, or implicitly leaked). As it stands right now, Tor is for people who have a decent knowledge of how to secure themselves - and I don't see that changing anytime soon. I'm glad to see the warnings that have been put on the front page of the Tor Project site - but the fact remains, sheep will be sheep. Not everyone will pay attention to it - and they very well could suffer the consequences. (Amazingly, a lot of the sheep they found, I would think belong in the wolf category! =xoD ) The exits and servers I mentioned previously were those I read about as proof-of-concept - but most of them are so feasible (requiring so little effort), that a teenager could probably do it
Re: Is there something similar like Torbutton FF plugin for the Internet Explorer ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Fabian Keil wrote: (snip) Note that nowadays the Torbutton extension is also supposed to protect you against some JavaScript-based attacks. Privoxy doesn't do that. (snip) AFAIK, folks will want the development-branch of Torbutton if they want the shiny JavaScript-hooking and other nice privacy-enhancing features. I don't think the stable-branch has it yet. - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHepcXbgkxCAzYBCMRCCTPAJ9SFH+ZSoZ+E8b+DpNg7kjEbDhk3gCfW1sV uTGSY7sSGaj+VaVIByj0QE0= =99yR -END PGP SIGNATURE-
Re: Google becomes usefull for us again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 [I was going to leave your quoted message in... but my Lord, is your monitor as wide as a football field?! =xoD ] Sadly, my experience with Google offering CAPTCHAs, is that it's hit-and-miss; sometimes they'll give a CAPTCHA, more often they won't. Yahoo, up until recently, didn't seem to pull this nonsense; recently, though, I finally got a query returned in a Google-esque manner. I suppose if they can't log the source, they don't want it. Maybe they don't get all the ad money they want, from kludging people's life stories together? =:oD (I still have a bad taste in my mouth from the AOL Search fiasco; in fact, that was one of the original reasons why I became a vehement proponent of Tor, spreading the word OFF- as well as online.) - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHepkrbgkxCAzYBCMRCFxlAJsEoifyRhF6GWP+ursqujRMEn9xBwCfYAE0 rGjNr7NskZRH6vyuOn7qhWc= =0eXY -END PGP SIGNATURE-
Re: We're missing a certificate from authority lefkada with signing key 0000000000000000000000000000000000000000: launching request.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Andrew Del Vecchio wrote: I've been having this for a few days now as well. I'm in the western US if that helps at all... But Tor has no geography! =;o) - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHepnWbgkxCAzYBCMRCAdoAJ9aev3TrVhj1hBXi5h4uJvAcvO6kQCfTSY3 xmvStcz0KNDv3STTWPYUM24= =1puP -END PGP SIGNATURE-
Re: Google becomes usefull for us again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 F. Fox schrieb: [I was going to leave your quoted message in... but my Lord, is your monitor as wide as a football field?! =xoD ] Since you're using Icedove, a little hint: If you go to the Edit-menu, you'll find a nice rewrap message function... :-) Alex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQCVAwUBR3qenRYlVVSQ3uFxAQIIGQP8C9iAP54NzW2VWLwTT2usIhGGVMzB1084 VTb6S+AzzLn8mNyGuhuJRdj7toHdZJUUkOBkJ1oomSu1xz1ZMvTVUd+wDArF+vkd fLKor2XzK/nu/xo+C4SMrwBdYwbOHhCdA8heoAzyhoYTq4Wqer2q31dx/P0GfCju CWcmf8vhZNc= =x+yj -END PGP SIGNATURE-
Re: Google becomes usefull for us again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Alexander W. Janssen wrote: F. Fox schrieb: [I was going to leave your quoted message in... but my Lord, is your monitor as wide as a football field?! =xoD ] Since you're using Icedove, a little hint: If you go to the Edit-menu, you'll find a nice rewrap message function... :-) (snip) LOL, thank you. =:o) That will come in handy in the future... I can't get over how wide that message was, though; usually, things are too *narrow* to be efficient for this monitor. It's a 1280x768 LCD panel... =:oD - -- F. Fox: A+, Network+, Security+ Owner of Tor node kitsune http://fenrisfox.livejournal.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHeqG/bgkxCAzYBCMRCEmyAJ9Y34bbf6A6VwijVzePWwW2VfronQCdF/55 pTOHEktNlxGbD8db+71L5nw= =NyRm -END PGP SIGNATURE-
Re: Google becomes usefull for us again
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 F. Fox schrieb: Alexander W. Janssen wrote: F. Fox schrieb: [I was going to leave your quoted message in... but my Lord, is your monitor as wide as a football field?! =xoD ] Since you're using Icedove, a little hint: If you go to the Edit-menu, you'll find a nice rewrap message function... :-) (snip) LOL, thank you. =:o) That will come in handy in the future... Sure! It works surprisingly well! Though I'd like to see a whitespace between the thingies... But I'm sure you can configure that elsewhere. I can't get over how wide that message was, though; usually, things are too *narrow* to be efficient for this monitor. It's a 1280x768 LCD panel... =:oD If you look at MUAs like Outlook - they just don't wrap correct, so the user has to type Enter just to make it look right. Blargh. So users just tend to write without pressing Enter, hoping that the receiver's MUA wraps it correctly. Not true for Thunderbird and derivates though. But actually it's correct - from a typographic point of view - that a paragraph is written without individual linefeeds, but that collides with best practise when it comes to plaintext-emails... But I'm just being a smartass there :) Back to topic now. And happy new year! Alex. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQCVAwUBR3qkfBYlVVSQ3uFxAQJAuwP+J0r+p2tj+qccUYwI5irtbJqSOyVGHVYQ IKL/Q9toEi8aqHrbTZcDDdy26SkiB+5lGtEBtpWzj6FJoU1toX8vYVNYq6Vr1YPr DPfqPpc+C/KtFTYhOGBnzbiuqA1Aq0zQKtW3Ah2GAGID9LkZ4CTCqR/lP+dEI7xX Hn8Slc5Iw8Y= =Pie9 -END PGP SIGNATURE-
setting the minimum number of routers used in the network
Hi, Does anyone out there know whether there is a way within the torrc file to specify the minimum number of nodes to route through? I note that the default appears to be 3 (as the number of nodes / relays used on the network map show as 3). Is there a benefit in using more than 3? Other than a drain on the network, is there a downside to using more than 3? Thanks
RE: setting the minimum number of routers used in the network
Ta for that Drake -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drake Wilson Sent: Wednesday, 2 January 2008 9:29 AM To: or-talk@freehaven.net Subject: Re: setting the minimum number of routers used in the network Quoth Cameorn Burns [EMAIL PROTECTED], on 2008-01-02 09:17:53 +1100: Does anyone out there know whether there is a way within the torrc file to specify the minimum number of nodes to route through? I note that the default appears to be 3 Hum. https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#VariablePathLength --- Drake Wilson !DSPAM:477abeaa129861527717022!
Re: Please run a bridge relay!
Andrew Del Vecchio wrote: Gitano, you rock. It finally works without any error messages! Now one final thing: It seems that iptables configs are lost when the computer is shut down. Can I just add this to /etc/rc.d/rc.local, or should it be initiated earlier in the boot sequence given that iptables is kernel related? It depends on the distribution you have installed. Under Debian I put my script in '/etc/init.d/' and made a softlink in '/etc/rcS.d/' starting iptables just after 'S40networking'.
Re: Proper TOR DNS Configuration Testing Help
Thanks so much. That makes perfect sense. On Jan 1, 2008 7:52 AM, Mike Cardwell [EMAIL PROTECTED] wrote: Mark Manning wrote: That's awesome! That's exactly how I was thinking but to be honest I wasn't sure how to implement the background service that ties the query logs to the web server. If it wouldn't take too long, do you think you could talk about the specifics a little bit more? 1.) You visit http://clayman.tor.grepular.com/torcheck.cgi 2.) The cgi generates a unique code. In this case, a 32 character alphanumeric string. It then spits out some html containing several triggers to try and make the web browser do a dns lookup on $code.tordnscheck.grepular.com where $code is replaced by the unique id it just generated. The triggers are inside the head/head and are: link rel=stylesheet type=text/css href=http://$code.tordnscheck.grepular.com/style.css; / link rel=shortcut icon type=image/x-icon href=http://$code.tordnscheck.grepular.com/favicon.ico; / script type=text/javascript src=http://$code.tordnscheck.grepular.com/script.js;/script 3.) A meta refresh then refreshes the page and adds ?code=$code to the uri arguments. 4.) When the page is reloaded it asks a separate process that I will describe in a moment, whether or not it knows the IP that did the lookup of $code.tordnscheck.grepular.com, and if so it displays it. 5.) There is a separate process written in perl, which uses File::Tail to monitor the bind query log. It's a threaded application. One thread tails the log looking for entries like $code.tordnscheck.grepular.com. When it comes across any, it stores the code and the ip together in a shared variable, for up to 10 minutes 6.) The second thread accepts incoming socket connections. Basically, the torcheck.cgi script makes a tcp connection to the app tailing the log file and writes $code to it, and the app then returns the IP address and closes the connection. The gopher request works in a similar fashion. The trigger is: img src=gopher://grepular.com/torgophertest/$code; width=0 height=0 / Then I have another application listening on the gopher port looking for requests like /torgophertest/$code and then linking $code with the client IP. Then it makes the information available to the cgi via the same socket method. I hope that all makes sense. Mike
Re: Lefkada authority missing certs
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It seems to be gone now, at least for the time being. Others have had this problem too though just fyi. ~Andrew - -- People just like you lose untold millions in personal wealth due to frivolous lawsuits and unfair government seizures. Are you protected? Read the Asset Protection Crash Course at http://www.keepyourassets.net?andrew to find out how to protecort your hard-earned assets. Geoffrey Goodell wrote: On Sun, Dec 30, 2007 at 07:08:24PM -0800, Andrew Del Vecchio wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 here's a new error I've never seen before. It just started this afternoon, and I'm using the latest alpha on Ubuntu 7.10: Dec 30 19:06:39.816 [notice] We're missing a certificate from authority lefkada with signing key : launching request. Anyone else had this lately? Is this still a problem? I accidentally used the wrong torrc briefly yesterday afternoon. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHevE3gwZR2XMkZmQRAhGrAJ980IOLm58BPk1E22K9tx9Sgk+mCACgk6CP d8vMSrXOtFYYCauKvmkrCvs= =sRtZ -END PGP SIGNATURE-
Re: Google becomes usefull for us again
kazaam wrote: Normally I'm using ixquick or seekz but I didn't found something I was looking for so I went on to google. Of course there came this message telling me that my question looks like an automated request blabla.., you know what I mean. But what's new to me was the captcha box which was shown and didn't need js or cookies or anything bad. And after typing in the captcha I could proceed. So I don't know since when google offers this feature, but finally it becomes usefull for privers again :) Since I use 'http://www.scroogle.org/scraper.html' in front of Google, I've never seen their CAPTCHAs anymore. :)