Re: BetterPrivacy - necessary?
grarpamp wrote: As usual, it would be awesome to have a tool that could de and re encapsulate https so that proxies and caches could do their thing with it. I am very far from an expert in these matters, but it would seem to me that the ability to do so without the explicit cooperation of the browser (or other client) would indicate that your attempt at end-to-end encryption was hopelessly broken. If you could de/re-encapsulate then so could any other man-in-the-middle, and you would never be the wiser. But I do understand the usefulness of what you suggest. The only way I can see of doing it that had any possibility of being secure would be if A) your proxy/cache handled the real end-to-end encryption/authentication with the website, and B) there was a plugin (or built-in functionality) on the browser that maintained a secure AND AUTHENTICATED connection with the proxy/cache. I.e. the browser would have to be aware of what was going on and would suspend its verification of the website's certificate while insisting that it authenticate that it was talking to the approved proxy/cache which is tasked with the secure communication to the website. If the proxy/cache detected a problem with the website's certificate, then it would have to have a way of signalling this, perhaps just by serving up its own page with the relevant information. That's the best I can come up with. Comments? Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torbutton 1.3.0-alpha: Community Edition!
Quoth Mike Perry mikepe...@fscked.org, on 2010-10-01 18:51:07 -0700: Intuition also tells me that tor:// and tors:// urls will be easier to use, understand, and remember by the general public.. Can you give some examples/reasons why just using these schemes actually prevents us from doing this scheme layering idea for other protocols in the future (when it is supported)? In otherwords, why can't we just do both? It doesn't inherently do that, but it leaves a very bad taste in my mouth. If the HTTP form is that much shorter, now it's implicitly the first-class one: it gets the premium name that people will actually use, and every other protocol is stuck with the leftovers. This is the same layer violation, just enforced fuzzily by hordes of humans acting on their baseline psychology instead of by software, so I still consider it pollution of the URI space: it's supposed to be Universal Resource Identifiers, not A Pup Called HTTP. Other possible points, all somewhat weak in isolation: - There are potential future uses of the tor: schema that would be more generic to Tor as a whole, such as URI references for relays. Imagine registering a schema with a QR code reader for more conveniently transmitting a bridge descriptor on paper. - The schema doesn't make it clear what protocol is actually in use. If I've never seen one of these before, I have to guess what that URI actually means, as opposed to it being a clear variant on the underlying HTTP URI. The fuzzy URI-matching you mentioned is something I hadn't considered, and is an unfortunate practical constraint in this case. That would lead me to consider, say, prefixing schemas with or instead, to keep the whole thing alphabetic. orhttp:, orhttps:, orirc:, ... ? (I can say on a personal level that I am hardly unbiased, and that I will refuse to accept or produce tor: URIs if non-HTTP protocols get the short/long end of the stick/schema, not that that particularly matters.) --- Drake Wilson *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torbutton 1.3.0-alpha: Community Edition!
On 10/01/2010 08:51 PM, Mike Perry wrote: Intuition also tells me that tor:// and tors:// urls will be easier to use, understand, and remember by the general public.. Can you give some examples/reasons why just using these schemes actually prevents us from doing this scheme layering idea for other protocols in the future (when it is supported)? In otherwords, why can't we just do both? There is no reason why not. As long as there are no obvious risks with a user clicking on a public tor:// URL and initiating the proxy layer. My understanding of the implementation is that all traffic occurring in the host browser after a tor:// request is initiated would be re-routed unless the 'tor' schema handler launched a separate host browser. This may not be the intention of the user and may conflict with accessing IP whitelisted services (FTP hosts, etc...) I haven't tried the new version yet, is there a descriptive popup that explains what's happening when a user clicks a tor:// or tors:// ? --Dave *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
beneficia versus maleficia
I am facing a moral dilemma in regards to joining the tor proxy network. I am hoping a discussion may alleviate some of my concerns. On the pro side we have a group of individuals whose intentions for using the technology are consistent with common values. These include uses such as researching medical conditions and accessing/providing knowledge forbidden by an authoritarian presence. On the con side, the technology can be used for diabolical purposes such as predatory and violent behavior (for example; pedophilia and bomb making). The technical challenges of discriminating between these uses are elusive at best. One facebook session may be noble while another may be predaceous. Although risk associated with enabling an individual to overcome obstacles in the quest for knowledge is acceptable to me, the thought of enabling a devious mind to harm other individuals is hard to swallow. I'd like to hear other thoughts and comments about this. --Dave *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torbutton 1.3.0-alpha: Community Edition!
On Sat, 02 Oct 2010 14:59:42 -0500 David Bennett dbennett...@gmail.com wrote: I haven't tried the new version yet, is there a descriptive popup that explains what's happening when a user clicks a tor:// or tors:// ? Yes. Robert Ransom signature.asc Description: PGP signature
Re: beneficia versus maleficia
On Sat, 02 Oct 2010 15:58:15 -0500 David Bennett dbennett...@gmail.com wrote: I am facing a moral dilemma in regards to joining the tor proxy network. I am hoping a discussion may alleviate some of my concerns. On the pro side we have a group of individuals whose intentions for using the technology are consistent with common values. These include uses such as researching medical conditions and accessing/providing knowledge forbidden by an authoritarian presence. On the con side, the technology can be used for diabolical purposes such as predatory and violent behavior (for example; pedophilia and bomb making). The technical challenges of discriminating between these uses are elusive at best. One facebook session may be noble while another may be predaceous. Although risk associated with enabling an individual to overcome obstacles in the quest for knowledge is acceptable to me, the thought of enabling a devious mind to harm other individuals is hard to swallow. People who are already willing to commit crimes can already get anonymity -- they can use unsecured wireless access points, they can break into poorly secured computers on the Internet and relay their traffic through those, they can steal phones to make anonymous phone calls, they can send letters through the U.S. Postal Service anonymously, etc.. Tor is for people who do not want to break the law in order to keep advertisers (http://online.wsj.com/article/SB10001424052748703294904575385532109190198.html) and evil governments (https://www.eff.org/deeplinks/2010/09/government-seeks, https://www.eff.org/deeplinks/2010/08/open-letter-verizon, etc.) from tracking what they read on the Internet. I'd like to hear other thoughts and comments about this. Read https://www.torproject.org/faq-abuse.html.en. Robert Ransom signature.asc Description: PGP signature
Corrupt state file?
Hi, just installed Tor 0.2.2.15-alpha (git-eba3f37f17a2af4f) PPC, got the following 'Oct 02 22:11:19.841 [warn] Corrupt state file? Build times count mismatch. Read 29 times, but file says 1900544 Oct 02 22:11:19.850 [warn] or_state_save_broken(): Bug: Unable to parse state in [tor data dir]/state. Moving it aside to [tor data dir]/state.0. This could be a bug in Tor; please tell the developers.' Client function seems to be fine, and it looks like relay connections are being made. I did a quick search of the archives, apologies if this has come up before. GD -- http://www.fastmail.fm - Choose from over 50 domains or use your own *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: beneficia versus maleficia
On Sat, 02 Oct 2010 15:58:15 -0500 David Bennett dbennett...@gmail.com wrote: I am facing a moral dilemma in regards to joining the tor proxy network. I am hoping a discussion may alleviate some of my concerns. It seems what you are wrestling with is the dual use nature of any technology. Some easy examples are: highways are used to transport pregnant mothers to hospitals to deliver cuddly babies and to transport kidnappers and their victims across the country. The phone system is used to let you keep in touch with your friends and family and to stalk and harass domestic violence victims. Firewalls are used by companies to keep their employees protected by outside threats and used by governments to repress their citizenry. From my work with victims of domestic violence, abusers and survivors use technology in surprising ways. From cooking pots to butter knives to pre-paid anonymous cellphones, I've seen the technologies used to abuse and used to help. It comes down to if you believe the good uses outweigh the bad uses. Technologies are generally introduced with a narrow use case in mind. Seldom to these technologies stick to their original use case over time. We have real situations in which tor is used at https://www.torproject.org/torusers. For every bad thing some jerk does over tor, there are likely 50-100 more using tor for good reasons. Think about all of the bandwidth tor relays push and how many of the connections result in complaints or abuse. The bad uses are more public but still the vast minority. In the end, tor is a technology. It can be used for both good and bad. We develop, advocate, and continue to work on tor for the positive outcomes; whatever that may mean for your morals and locale. -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/