Re: Tor-Vidalia communication
On 13 Dec 2008, at 02:02, Jon wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Geoff Down wrote: Should I raise this as a bug at Flyspray? Vidalia can see relay status etc, and shut down Tor without the password being entered. They are both running as the same user however. GD On 8 Dec 2008, at 12:26, Geoff Down wrote: OSX10.3.9 , and yes, I was able to change identity, see the network map etc. GD On 8 Dec 2008, at 06:51, Jon wrote: Geoff Down wrote: Hi, previously, if I started Vidalia when Tor was already running, I would be asked for the password. Has this changed in 0.2.0.32 ? The torrc's I use for Vidalia or for the command line are different (and therefore the passwords are different). GD What operating system, and is vidalia successfully communicating with one instance or the other when you are *not* prompted for the pass? Jon- It might do in the bug system yes, but I'm not actually sure if it goes into trac or flyspray actually. I wanted to help localize it first. Actually, I thought you were running two tor processes at the same time, and I was wondering which one it connected? Jon- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEUEARECAAYFAklDF7EACgkQk8jp5ZVximLgFwCgjAoW7figucer0USMxS46mAPK PMoAmJbt0AvzrpmTSo09NnaeS8CS4BY= =0mgb -END PGP SIGNATURE- No, just the one process, started at the command line. Then starting up Vidalia, it connects to that process and has control over it. It doesn't start a second copy. That was the behaviour before the change to 0.2.0.32 as well, but it did prompt for a password back then. GD
Re: How many hidden service circuits built?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Bernhard, Bernhard Fischer wrote: Sorry, I didn't see this before. I'll read your paper and I appreciate all improvements regarding hidden services. You might also want to read the documents that are linked from the NLnet project page, for example: http://freehaven.net/~karsten/hidserv/perfanalysis-2008-06-15.pdf While TOR is building circuits there's always some kind of randomness involved. As far as I know TOR chooses nodes based on directory flags (like fast, stable, ...) and the randomizes those matching some criteria. Obviously the flag fast is somehow misleading because bandwidth is a local property and does not necessarily mean that it's also fast across the network to any other node. Okay, we didn't change anything about path selection so far. One reason is that this might have serious consequences on anonymity. While it would be great to make Tor and hidden services faster by using only the best nodes available, this largely destroys anonymity. All changes here should be made with extra caution! I'm interested in performance improvements of hidden services, but I'm talking about RTT once the connections are established and not so much on the connection setup time (which of course is also important but this time is only spent once) I did some RTT measurements and my observations are really ugly. It usually is never below 5s. What you can observe is that when the circuit is rotated the RTT also changes signifficant. See the measurements in the analysis linked above. This document contains some data about message transfer times after connections are established. Basically, we excluded message transfer times from the project, because they didn't seem to be a problem of hidden services, but rather of Tor in general. My idea now was to open several circuits to the same hidden service. If they're connected through different nodes (because of the random selection) also the RTT will be different. Then I continuously do RTT measurements on all those circuits and always use that one with the lowest time for user data. Even though this would constitute a local optimization, the effects on overall network load would be seriously bad. There must be ways to improve RTTs which waste less resources than this approach. One solution might be to change path selection for rendezvous circuits, both on client- and server-side. If we knew what relays to pick for these circuits which are likely to deliver good RTTs, we could improve RTTs for the 6-hop circuit from client to server. Again, changing path selection requires caution as stated above. Another solution is to start performing QoS for hidden services. In combination with client authorization (see proposal 121), hidden servers could decide whether to pick an extra-fast circuit to connect to the client's rendezvous point, or not. Having said that, did you look at proposal 121 for OnionCat. I could imagine that OnionCat would make good use of the additional security that client authorization offers for hidden services. See also a Technical Report on that topic: http://petsymposium.org/2008/hotpets/vrtprsvc.pdf - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJQ8hE0M+WPffBEmURAgzYAJ95qU0k+V9Ic9hRVvMsNJWAbf8tSQCfYfnK goWrW1jA183eTsvj5BJfcXo= =5Mur -END PGP SIGNATURE-
OSX - wrong bundle installed
Hej there, this is my first mail to this list, and I didn´t find any manual on how to use it, so I hope this works. I just installed the TOR bundle for OSX, but was stupid enough to not notice that there are two bundles - one for PowerPC only, and one for Universal Binary. Since I have OSX 10.5 running, TOR doesn´t work. It shouldn´t, anyway. My firewall keeps telling me that TOR is trying to establish a connection via ports 9090 and 443, so somehow it seems to be running in the background. However, I cannot uninstall it, since there seem to be absolutely no TOR-related files or folders on my computer. I just freshly installed OSX, so the haystack to look into isn´t too big. Still I don´t find the needle. Has anybody any idea how I can remove this wrong version of TOR from my system? Yours, Thomas
Need help with MPAA threats
Hello- Time Warner shut off my connection again last night due to a complaint from the MPAA. They claim that I downloaded 2 movies and 1 TV show. This traffic, in fact, must have come through my Tor exit node. I explained to the customer service agent that I am running a Tor exit node and that the traffic must have come through the Tor network. He said that because this is the 3rd complaint, the MPAA may take me to court and sue me for $100,000 per violation. He also claimed that others in similar situations have lost in court...whatever that means. Here is where I need your help. First, is there a good way to filter out torrents in my exit policy? Second, have any exit node operators in the US had similar complaints from the MPAA? If so, how did you handle the complaints? Lastly, has anyone in the US gone to court as a result of using Tor? If so, do you have a reference for a good lawyer? At this point, I want to continue running a Tor exit node but also want to investigate my legal options if the MPAA takes me to court. Thank you for your help! -Matt
Re: Need help with MPAA threats
The MPAA still has to prove you realy have the content which they claim you downloaded stored on your computer or any other storage device afaik. On Sat, Dec 13, 2008 at 4:34 PM, Matthew McCabe mate...@mrmccabe.comwrote: Hello- Time Warner shut off my connection again last night due to a complaint from the MPAA. They claim that I downloaded 2 movies and 1 TV show. This traffic, in fact, must have come through my Tor exit node. I explained to the customer service agent that I am running a Tor exit node and that the traffic must have come through the Tor network. He said that because this is the 3rd complaint, the MPAA may take me to court and sue me for $100,000 per violation. He also claimed that others in similar situations have lost in court...whatever that means. Here is where I need your help. First, is there a good way to filter out torrents in my exit policy? Second, have any exit node operators in the US had similar complaints from the MPAA? If so, how did you handle the complaints? Lastly, has anyone in the US gone to court as a result of using Tor? If so, do you have a reference for a good lawyer? At this point, I want to continue running a Tor exit node but also want to investigate my legal options if the MPAA takes me to court. Thank you for your help! -Matt -- Ciphered/Signed email preferred! GnuPG KeyID: 0x42435F30 GnuPG DSA2 KeyID: 0x23286031
Re: Need help with MPAA threats
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nicky van Etten wrote: The MPAA still has to prove you realy have the content which they claim you downloaded stored on your computer or any other storage device afaik. On Sat, Dec 13, 2008 at 4:34 PM, Matthew McCabe mate...@mrmccabe.com mailto:mate...@mrmccabe.com wrote: Hello- Time Warner shut off my connection again last night due to a complaint from the MPAA. They claim that I downloaded 2 movies and 1 TV show. This traffic, in fact, must have come through my Tor exit node. I explained to the customer service agent that I am running a Tor exit node and that the traffic must have come through the Tor network. He said that because this is the 3rd complaint, the MPAA may take me to court and sue me for $100,000 per violation. He also claimed that others in similar situations have lost in court...whatever that means. Here is where I need your help. First, is there a good way to filter out torrents in my exit policy? Second, have any exit node operators in the US had similar complaints from the MPAA? If so, how did you handle the complaints? Lastly, has anyone in the US gone to court as a result of using Tor? If so, do you have a reference for a good lawyer? At this point, I want to continue running a Tor exit node but also want to investigate my legal options if the MPAA takes me to court. Thank you for your help! -Matt -- Ciphered/Signed email preferred! GnuPG KeyID: 0x42435F30 GnuPG DSA2 KeyID: 0x23286031 http://www.torproject.org/eff/tor-legal-faq.html.en -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEUEARECAAYFAklD6RgACgkQk8jp5ZVximJAXACfb1GtHoOwTKdDYG0TVKYZKQh+ PVAAmPpl8vtWXNKo7LPab9115pkev/Y= =s9ZJ -END PGP SIGNATURE-
Re: OSX - wrong bundle installed
On Sat, Dec 13, 2008 at 03:38:14PM +0100, i...@winter-buchverlag.de wrote 0.8K bytes in 23 lines about: I just installed the TOR bundle for OSX, but was stupid enough to not notice that there are two bundles - one for PowerPC only, and one for Universal Binary. Since I have OSX 10.5 running, TOR doesn´t work. It shouldn´t, anyway. It sounds like you installed the expert package. Directions for a full purge of Tor on OSX can be found at https://www.torproject.org/docs/tor-doc-osx.html.en#uninstall My firewall keeps telling me that TOR is trying to establish a connection via ports 9090 and 443, so somehow it seems to be running in the background. However, I cannot uninstall it, since there seem to be There's a tor service that starts up automatically when you install the expert package. You probably wanted the default OS X bundle at https://www.torproject.org/easy-download.html.en -- Andrew
Re: Need help with MPAA threats
On Sat, Dec 13, 2008 at 09:34:05AM -0600, mate...@mrmccabe.com wrote 1.1K bytes in 26 lines about: Time Warner shut off my connection again last night due to a complaint from the MPAA. They claim that I downloaded 2 movies and 1 TV show. This traffic, in fact, must have come through my Tor exit node. Outside of the MPAA problem, read your Terms of Service. If you can run a proxy server, then the MPAA is your only problem here. If you can't run servers on your connection, then Time Warner will bring up the fact you violated the ToS. I explained to the customer service agent that I am running a Tor exit node and that the traffic must have come through the Tor network. He said that because this is the 3rd complaint, the MPAA may take me to court and sue me for $100,000 per violation. He also claimed that others in similar situations have lost in court...whatever that means. We have a fine FAQ with a template you can use for a response. https://www.torproject.org/eff/tor-dmca-response.html From experience, the support people you talk to only have a script to follow, they won't care if you actually did invent the Internet. Second, have any exit node operators in the US had similar complaints from the MPAA? If so, how did you handle the complaints? I've received many DMCA takedown notices. In every case, I sent them a letter based on the template linked above. -- Andrew
Re: Need help with MPAA threats
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Have you thought about contacting www.eff.org Nicky van Etten wrote: The MPAA still has to prove you realy have the content which they claim you downloaded stored on your computer or any other storage device afaik. On Sat, Dec 13, 2008 at 4:34 PM, Matthew McCabe mate...@mrmccabe.com mailto:mate...@mrmccabe.com wrote: Hello- Time Warner shut off my connection again last night due to a complaint from the MPAA. They claim that I downloaded 2 movies and 1 TV show. This traffic, in fact, must have come through my Tor exit node. I explained to the customer service agent that I am running a Tor exit node and that the traffic must have come through the Tor network. He said that because this is the 3rd complaint, the MPAA may take me to court and sue me for $100,000 per violation. He also claimed that others in similar situations have lost in court...whatever that means. Here is where I need your help. First, is there a good way to filter out torrents in my exit policy? Second, have any exit node operators in the US had similar complaints from the MPAA? If so, how did you handle the complaints? Lastly, has anyone in the US gone to court as a result of using Tor? If so, do you have a reference for a good lawyer? At this point, I want to continue running a Tor exit node but also want to investigate my legal options if the MPAA takes me to court. Thank you for your help! -Matt -- Ciphered/Signed email preferred! GnuPG KeyID: 0x42435F30 GnuPG DSA2 KeyID: 0x23286031 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklD+h4ACgkQ3ju7mowpX9XpOQCdHIn7UUJobFjQzUefOBIw0dYY IgoAoKMsVlyWYifcBiNlhpdYawBrVR1w =Hg7Z -END PGP SIGNATURE-
Re: Need help with MPAA threats
On Dec 13, 2008, at 1:08 PM, Alessandro Donnini wrote: Have you thought about contacting www.eff.org Yeah- this is *exactly* up the EFF's alley... Best, .ike
Re: Need help with MPAA threats
It is unlikely that the content in question was ever on your computer at all, because Tor does not transfer UDP packets (used by bittorrent for data) and the default exit policy rejects the common bittorrent ports. The MPAA investigators are likely seeing the Tor users' access to the tracker website which is done via http. However, imo your best legal course in USA is as phobos suggested. I'm in Canada, where the DMCA does not really apply, but my network provider was getting annoyed receiving DMCA notices every day and threatening to cut off my server. The template letter i adapted from Torproject and was sending to the DMCA complainants (cc my network provider) was not enough because it did not stem the tide of notices. I thought about getting a cease-and-desist order against the complainants but i have no idea how (and no money) to go about international legal actions. After looking at several dozen automated DMCA letters, i noticed that all but a few point to tracker websites for ThePirateBay. I decided to add the ip addresses for those tracker websites to my reject list and have not received a DMCA notice for a few weeks now. Although this technically rejects some web (http) traffic, it seems to me just an extension of the exit policy rejecting bittorrent ports because those tracker ip addresses are primarily used for setting up p2p transfers. I'm paying $100 a month in bandwidth fees to facilitate anonymous communication for activists etc - not to subsidize consumption of games and movies. Yes i know p2p can carry all sorts of content; if there is lots of legitimate stuff available via ThePirateBay my attitude could change. Feedback on this is welcome. On Sat, Dec 13, 2008 at 05:17:48PM +0100, Nicky van Etten wrote: The MPAA still has to prove you realy have the content which they claim you downloaded stored on your computer or any other storage device afaik. On Sat, Dec 13, 2008 at 4:34 PM, Matthew McCabe [1]mate...@mrmccabe.com wrote: Hello- Time Warner shut off my connection again last night due to a complaint from the MPAA. They claim that I downloaded 2 movies and 1 TV show. This traffic, in fact, must have come through my Tor exit node. I explained to the customer service agent that I am running a Tor exit node and that the traffic must have come through the Tor network. He said that because this is the 3rd complaint, the MPAA may take me to court and sue me for $100,000 per violation. He also claimed that others in similar situations have lost in court...whatever that means. Here is where I need your help. First, is there a good way to filter out torrents in my exit policy? Second, have any exit node operators in the US had similar complaints from the MPAA? If so, how did you handle the complaints? Lastly, has anyone in the US gone to court as a result of using Tor? If so, do you have a reference for a good lawyer? At this point, I want to continue running a Tor exit node but also want to investigate my legal options if the MPAA takes me to court. Thank you for your help! -Matt -- Ciphered/Signed email preferred! GnuPG KeyID: 0x42435F30 GnuPG DSA2 KeyID: 0x23286031 References Visible links 1. mailto:mate...@mrmccabe.com signature.asc Description: Digital signature
Re: Need help with MPAA threats
I've contacted the EFF about such a case in Europe about a year ago, they still have to answer .. On Sat, Dec 13, 2008 at 8:41 PM, Isaac Levy is...@ceetoneresearch.com wrote: On Dec 13, 2008, at 1:08 PM, Alessandro Donnini wrote: Have you thought about contacting www.eff.org Yeah- this is *exactly* up the EFF's alley... Best, .ike -- Simple guidelines to happiness: Work like you don't need the money, Love like your heart has never been broken and Dance like no one can see you.
Re: Need help with MPAA threats
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew McCabe schrieb: Here is where I need your help. First, is there a good way to filter out torrents in my exit policy? I tried out some different exit policies after getting a big load of DMCA notices. My provider didn't really mind forwarding them to me but it got me started playing with the exit policies as I don't see any reason for me donating (expensive) bandwith for filesharing over Tor. I am currently running the exit policy pasted below on my exit node: ExitPolicy accept *:20-23 # FTP,SSH,TELNET ExitPolicy accept *:53 # DNS ExitPolicy accept *:80-82 # HTTP ExitPolicy accept *:110-119 # POP3/NNTP ExitPolicy accept *:143 # IMAP ExitPolicy accept *:443 # HTTPS ExitPolicy accept *:465 # MAIL ExitPolicy accept *:587 # MAIL ExitPolicy accept *:993 # IMAPS ExitPolicy accept *:1194# OPENVPN ExitPolicy accept *:1720# H.323 ExitPolicy accept *:1731# Netmeeting Audio Control ExitPolicy accept *:5050-5061 # YAHOO MESSENGER, SIP ExitPolicy accept *:5190# ICQ ExitPolicy accept *:5222-5223 # JABBER ExitPolicy accept *:3128# Proxy ExitPolicy accept *:8080# Proxy ExitPolicy reject *:* # Disallow everything else I think most needed protocols are included but I got my copyright infringements down to zero. Maybe redefining your policy would anticipate further problems with your provider but still keep your exit node quite useful to most of the users. YT, David - -- GPG Key Fingerprint: C132 0FA2 C1C9 B5DA 5317 2D89 5402 4721 F092 D334 Key ID: 0xF092D334 Encrypted mails STRONGLY preferred. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJRBtaVAJHIfCS0zQRAkpIAKC14SI8mxvYEl8Nb7HHZxoqYnnbjACfeTQq 3DcoCbzeQgZw4N2f+MCMCGc= =Zvi4 -END PGP SIGNATURE-
Re: Need help with MPAA threats
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 krishna e bera wrote: It is unlikely that the content in question was ever on your computer at all, because Tor does not transfer UDP packets (used by bittorrent for data) and the default exit policy rejects the common bittorrent ports. The MPAA investigators are likely seeing the Tor users' access to the tracker website which is done via http. However, imo your best legal course in USA is as phobos suggested. I'm in Canada, where the DMCA does not really apply, but my network provider was getting annoyed receiving DMCA notices every day and threatening to cut off my server. The template letter i adapted from Torproject and was sending to the DMCA complainants (cc my network provider) was not enough because it did not stem the tide of notices. I thought about getting a cease-and-desist order against the complainants but i have no idea how (and no money) to go about international legal actions. After looking at several dozen automated DMCA letters, i noticed that all but a few point to tracker websites for ThePirateBay. I decided to add the ip addresses for those tracker websites to my reject list and have not received a DMCA notice for a few weeks now. Although this technically rejects some web (http) traffic, it seems to me just an extension of the exit policy rejecting bittorrent ports because those tracker ip addresses are primarily used for setting up p2p transfers. I'm paying $100 a month in bandwidth fees to facilitate anonymous communication for activists etc - not to subsidize consumption of games and movies. Yes i know p2p can carry all sorts of content; if there is lots of legitimate stuff available via ThePirateBay my attitude could change. Feedback on this is welcome. Your attitude I think is correct. I mean to say, yes, your intent for your relay is for censorship frustration, not games, movies, et cetera. I think your implementation is correct also. I run a relay without any exit permitted. The only reason I do this, is because I do not want to deal with any complaints ranging from DMCA, hacking, child exploitation transiting my link. If I ever decide to permit exiting, it will be on a dedicated server that I would pay for, located elsewhere. I just wish there were a better way to inspect the traffic and disallow certain traffic. Don't get me wrong, I'm not advocating that any relay inspect any traffic, just that illegal traffic transiting outside my link could land me in trouble. Perhaps thoughtworthy. Jon- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAklEHw0ACgkQk8jp5ZVximJ5NACeKtO5gwrLs1MkpnY3EDl4Nw9D QxAAoJFMaihbTM8tTb0XEV3kAV3kDFON =Ag5A -END PGP SIGNATURE-
Incoming exit node traffic detection
Hi, I'm wondering if there's any research or existing software system product about automated real-time detection/monitoring on traffic from the TOR network? Thank you!