Re: or-talk list migration Feb 19, 2011
A final reminder that this migration occurs today. On Sun, 13 Feb 2011 21:35:14 -0500 Andrew Lewman and...@torproject.org wrote: A reminder that this migration occurs this week. On Mon, 24 Jan 2011 15:05:03 -0500 Andrew Lewman and...@torproject.org wrote: Hello or-talk subscribers, On February 19, 2011, we are migrating or-talk from or-t...@seul.org to tor-t...@lists.torproject.org. We will migrate your e-mail address's subscription to the new list. You will receive a confirmation from the new mailing list software on the 19th. Current or-talk archives will be migrated. Roger plans to leave the current archives in place at seul.org as well. We're using this migration to spread administration out to Tor's sysadmin team rather than making Roger do everything himself. The secondary benefits of having the lists on the torproject.org domain include SSL-enabled login, archives, and easier account management. You can subscribe to the new list at https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk I will send out a reminder on the day of the migration. Please e-mail tor-assista...@torproject.org with any questions. Thank you. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Scroogle and Tor
On Sun, 13 Feb 2011 14:09:56 -0500 (EST) scroo...@lavabit.com wrote: I've been fighting two different Tor users for a week. Each is apparently having a good time trying to see how quickly they can get results from Scroogle searches via Tor exit nodes. I've talked to a few services that do one of the following: - Run a Tor exit enclave, which would only allow exit through Tor to your webservers. There are a few services that run a tor client and simply block every IP in the consensus, except their exit enclave. - Run a hidden service. Due to the current state of hidden services, it'll slow down everything. - Run a tor exit enclave against one, non-load balanced server for tor users. If someone abuses it, the reality of slower response times is a self-enforcing feedback loop. Of course, this sucks for the non-abusers. - Rate limiting queries in the application. The Google solution of CAPTCHA. The Yahoo/Bing solution of throwing up a temporary error page when queries cross some threshold per IP address. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: or-talk list migration Feb 19, 2011
A reminder that this migration occurs this week. On Mon, 24 Jan 2011 15:05:03 -0500 Andrew Lewman and...@torproject.org wrote: Hello or-talk subscribers, On February 19, 2011, we are migrating or-talk from or-t...@seul.org to tor-t...@lists.torproject.org. We will migrate your e-mail address's subscription to the new list. You will receive a confirmation from the new mailing list software on the 19th. Current or-talk archives will be migrated. Roger plans to leave the current archives in place at seul.org as well. We're using this migration to spread administration out to Tor's sysadmin team rather than making Roger do everything himself. The secondary benefits of having the lists on the torproject.org domain include SSL-enabled login, archives, and easier account management. You can subscribe to the new list at https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk I will send out a reminder on the day of the migration. Please e-mail tor-assista...@torproject.org with any questions. Thank you. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Polipo bug reporting
On Mon, 31 Jan 2011 12:20:10 + Geoff Down geoffd...@fastmail.net wrote: Thank you Juliusz, I appreciate your efforts. Clearly Tor needs to ship with a working Polipo, so if this is a real fault would the bundle developers please revert to the version which was in the Vidalia 0.2.9 bundle, which is still working. The difference is that the PPC bundle with vidalia 0.2.9 was built on a 10.3.9 ppc mac. However, the 10.3.9 machine died a smelly, melty death during a build a few months ago. The current bundles are built on a 10.5 ppc mac with backwards compatibility for 10.3.9 (at least according to xcode/gcc). Clearly Apple's backwards compatibility options don't work. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
In my opinion, judging a relay based on exit policy is a slippery slope we don't want to go down. We never claim to make using Tor alone safer than using the Internet at large. Whether the creep is at Starbucks sniffing the wifi or running a relay is irrelevant to me. Encouraging people to use encrypted communications, the https everywhere firefox extension, and learn to be more secure online are some of our goals. The Tor Browser Bundle, while still a work in progress, is the best way to protect novice users and get them safer than they are without Tor. I personally run encrypted services on unencrypted ports, like 25, 80, 143, 110, etc. It's just a port number and only convention says port 80 has to be for http only. If people start doing deep packet inspection to enforce 80 is really http or running filters in some misguided attempt to block bad things through Tor, then those are reasons to 'badexit' relays. There are some obvious ways we can detect traffic manipulation through Tor relays. Today, we do detect them and badexit those relays. If we're going to start censoring Tor exits based on impressions, we might as well start blocking Tor relays that are rumoured to be run by national intelligence agencies, criminal organizations, martians, and other people we might not like. In fact, we might as well go back to the original model of every Tor relay operator has met and gained Roger's trust. I want a diverse set of Tor relays. If people don't want to trust relays based on whatever heuristics they want to use, great, use ExcludeNodes in your torrc. Don't punish everyone based on rumors and impressions. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
On Sun, 30 Jan 2011 23:15:17 + Matthew pump...@cotse.net wrote: I'm still not getting this. My understanding is that you have the data and the header when using TCP. If only the data is encrypted then what happens to the headers? Does this image help at all? https://svn.torproject.org/svn/projects/presentations/images/tor-keys.svg Your original data is tunnelled through tor. Your original packets are wrapped in onionskins and moved about the globe. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
On Sat, 29 Jan 2011 19:46:20 +0100 Jan Weiher j...@buksy.de wrote: This node looks suspicious to me, because there is no contact info given and the exit policy allows only unencrypted traffic: It hasn't shown up in any of the exit scans as suspicious. Lack of contact info isn't a concern. The exit policy is odd, yes. However, arguably those are also very popular ports as well. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor exits in .edu space
On Thu, 27 Jan 2011 11:51:56 -0500 Flamsmark flamsm...@gmail.com wrote: I run a Tor exit node because I support the ubiquitous availability of strong anonymity for anyone who wants it. Tor is one of the strongest, best- researched, and most widely-used online anonymity system, and I want to help keep it running at maximum capacity. First and foremost, thank you. The support that I received from the project was somewhat limited, but I can't really imagine receiving that much more. I spoke with arma on the IRC channel, and he provided me with moral support, and offered to get me in touch with Ed Felten at Princeton's CITP. We're trying to figure this out ourselves. I've personally been the introduction point between exit relay operators and a lawyer in their country to help them when something goes wrong. I've spoken to a number of organizations, such as law enforcement, Internet providers, and schools about what Tor is, who uses it, and how we can help when criminals use tor. In some cases, I've travelled to meet people to spend time with them and help them as best I can. Law enforcement organizations are generally surprised when we show up to talk to them, to educate them, and explain that real people use tor for real reasons. If all you see all day are criminals using a hammer, then clearly hammers are only for criminals. It's the same with Tor. It's frequently the case that their own investigators are using Tor to hide their tracks online too, and are willing to show up to support us and talk about how they use it. I hope this helps stop SWAT teams from kicking down doors when someone exits traffic for a jerk. I've talked to people on the steps of their local police station just after they were released from jail the night before. I've talked to people looking at academic suspension and huge fines because of a DMCA notice. This is why I started contacting law firms in various countries to find resources for people, https://blog.torproject.org/blog/start-tor-legal-support-directory. It needs more work, it needs someone with more legal background to write up a case guide for other lawyers/solicitors/judge advocates. I am always impressed that 95% of those accused of something due to their exit node fight harder to keep running a Tor exit node. It's people like this that help keep your liberties around the world. Once again, thank you. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
or-talk list migration Feb 19, 2011
Hello or-talk subscribers, On February 19, 2011, we are migrating or-talk from or-t...@seul.org to tor-t...@lists.torproject.org. We will migrate your e-mail address's subscription to the new list. You will receive a confirmation from the new mailing list software on the 19th. Current or-talk archives will be migrated. Roger plans to leave the current archives in place at seul.org as well. We're using this migration to spread administration out to Tor's sysadmin team rather than making Roger do everything himself. The secondary benefits of having the lists on the torproject.org domain include SSL-enabled login, archives, and easier account management. You can subscribe to the new list at https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk I will send out a reminder on the day of the migration. Please e-mail tor-assista...@torproject.org with any questions. Thank you. -- Andrew pgp 0x74ED336B signature.asc Description: PGP signature
Re: polipo-tor deb/ubuntu native package
On Mon, 17 Jan 2011 12:21:56 -0800 travis+ml-tor-t...@subspacefield.org wrote: The real answer is to fix firefox so it doesn't need a proxy between it and Tor. We patch firefox to do just this in the osx and linux tor browser bundles. Polipo was a fine kludge until either we started patching firefox or mozilla fixed their many-years-old socks bug. Hmm, I had no idea this was even available for Linux. It looks like a tarball - it's unclear how this will interact with a package manager, which likes to know which packages installed which files, and updates them automatically, etc. Tor Browser Bundle isn't something to install, you extract and run. I've seen a few linux users just double click the tar.gz file and run from inside their archive extractor. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: geeez...
On Wed, 12 Jan 2011 02:29:49 +0100 Dirk noi...@gmx.net wrote: But I wan't a legally binding statement from a lawyer or an official (BSI) that running TOR exit nodes in germany is legal. Ask the CCC for a start. They have defended many Germans already. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Index of hidden services?
On Fri, 7 Jan 2011 13:22:58 -0600 Peter McCann mc...@freeovernetfoundation.org wrote: On the website describing how to set up a hidden service I saw a mention of a (hypothetical?) Hidden Services Wiki where pointers to hidden services are stored. Does such a wiki exist? If so, where can I find it? Years ago, there was a popular place called The hidden wiki which was the only one in existence, that anyone knew about. It was then beseiged by child porn links and images and went away. Since then, many different services claiming to be the hidden wiki have come and gone. Someone also tried to setup a google search appliance to crawl all of .onion space. It didn't get very far for the obvious reason of most hidden service sites don't want to be found by the general population. The services don't link to each other, and they may be on random ports. It's possible one could create a search engine that crawls every possible .onion hostname on common tcp ports (80, 443, 8080, 8443). Over long periods of time, this may find many hidden services. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Home Internet with Anonymity Built In
On Fri, 7 Jan 2011 00:55:32 +0800 Trystero Lot lo...@callout.me wrote: will this work with linksys ata specially 3102? We're just adding a correct tor configuration to openwrt. If openwrt supports your device, then our tor mods should as well. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor and google groups
On Wed, 05 Jan 2011 19:18:09 + Orionjur Tor-admin tor-ad...@orionjurinform.com wrote: Is it very difficult to buy a SIM without showing ID in the USA or countries of Western Europe? Sorry for such off topic but it is very interesting to know are there any countries in Western Europe or states of the USA when it is possible to buy a SIM without showing your ID with accordance to local law? My $0.02 from buying SIM cards all over the world, I show them my CostCo Club photo id. In Hong Kong they wrote down my first/last name as cost co. No one has photocopied the ID yet. Many shops ask for it and then do nothing with it. As explained to me in Belgium, the law says they have to see an ID, not record, write down, and register the sim in your name. Maybe I just found a cool shop by accident. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Email?
On Wed, 29 Dec 2010 14:02:34 -0500 grarpamp grarp...@gmail.com wrote: We've generally suggested gmail because their bulk account creation process was good. It seems this is not the case any more. What is this bulk account creation you speak of? Gmail used to have the ability to stop bots from creating accounts en masse. gmail doesn't have this ability any more. This is false. I just created a gmail account via tor without needing a phone number or any other information. Hmm, you mean just, as in today? What exit were you using? Want to sell the account for bitcoins? Kidding :-) As in around 08:45 AM EST. I didn't look to see which exit, it just worked, just a captcha required. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor-node failed
On Fri, 03 Dec 2010 00:29:58 + Orionjur Tor-admin tor-ad...@orionjurinform.com wrote: Last time my tor-node regularry fails. How can I debug causes of it? https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#MyTorkeepscrashing. The text at that url is a fine start. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor 0.2.2.19-alpha is out
On Tue, 30 Nov 2010 16:25:25 + Matthew pump...@cotse.net wrote: In System / Administration / Software Sources / Authentication there is an deb.torproject.org archive signing key dated 2009-09-04 with the value 886DDD89. This is correct. Am I correct to think that this key sufficient to verify updates when using sources.list. This is correct. Also, who exactly owns 886DDD89? Is it a specific person or for torproject.org as a whole? If you gpg --list-sigs 0x886DDD89 You can see who signed the key. It is a role key that the packagers use to sign the builds, rather than using their own personal keys. It is up to you if you trust the key and those who signed it implying validity. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor 0.2.2.18-alpha is out
On Wed, 17 Nov 2010 20:11:44 -0500 Justin Aplin jmap...@ufl.edu wrote: I agree that dropping the expert packages might be a good idea, but I don't see a reason that the Vidalia bundles should fall behind. The reason for the delay in packages is the powerpc build machine died a melting death when the internal fan died over a weekend. A donor gave us a powerpc mac mini for a build machine running 10.5. It's in process of being turned into the powerpc build machine. Alternatively, building from source is very easy once the dependencies are installed. I'm not sure how well 10.5 binaries work on 10.3 and 10.4 (even with osx compiles set for 10.3 and 10.4 compatibility). I guess we'll find out. -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Scalability and fairness [was: P2P over Tor [was: Anomos - anonBT]]
On Wed, 17 Nov 2010 20:03:58 -0500 grarpamp grarp...@gmail.com wrote: Wish the mbox or maildir archives were available/mirrored for easy search, reading, reference and reply using native mail clients :) ...I wish people would stop cross-posting between -dev and -talk...;) -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: can I only use 3 bridges in torrc ? thx
On Tue, 16 Nov 2010 17:59:47 +0800 waterloo waterloo2...@gmail.com wrote: can I only use 3 bridges in torrc ? thx You can use many more than 3. Tor will see if they are reachable and use those that are working. I've seen people with 50 configured in vidalia. -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
On Wed, 27 Oct 2010 19:19:02 +0100 Matthew pump...@cotse.net wrote: There is a Hints and Tips for Whistleblowers Guide available at http://ht4w.co.uk/. The first problem is the content is actually served up by hostingprod.com and not ht4w.co.uk. As far as the content in question, it is dangerously wrong. -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: vidalia source tarball is missing
On Tue, 12 Oct 2010 01:21:30 +0300 Erdem Bayer eba...@bayer.gen.tr wrote: Hi After last website update, vidalia source tarball link goes missing from this address: http://www.torproject.org/projects/dist/vidalia-0.2.9.tar.gz However it is still referred on this page, but the download link is broken: http://www.torproject.org/projects/vidalia.html.en Thanks for the notice, I fixed it this morning, http://archives.seul.org/or/cvs/Oct-2010/msg00293.html -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: beneficia versus maleficia
On Sat, 02 Oct 2010 15:58:15 -0500 David Bennett dbennett...@gmail.com wrote: I am facing a moral dilemma in regards to joining the tor proxy network. I am hoping a discussion may alleviate some of my concerns. It seems what you are wrestling with is the dual use nature of any technology. Some easy examples are: highways are used to transport pregnant mothers to hospitals to deliver cuddly babies and to transport kidnappers and their victims across the country. The phone system is used to let you keep in touch with your friends and family and to stalk and harass domestic violence victims. Firewalls are used by companies to keep their employees protected by outside threats and used by governments to repress their citizenry. From my work with victims of domestic violence, abusers and survivors use technology in surprising ways. From cooking pots to butter knives to pre-paid anonymous cellphones, I've seen the technologies used to abuse and used to help. It comes down to if you believe the good uses outweigh the bad uses. Technologies are generally introduced with a narrow use case in mind. Seldom to these technologies stick to their original use case over time. We have real situations in which tor is used at https://www.torproject.org/torusers. For every bad thing some jerk does over tor, there are likely 50-100 more using tor for good reasons. Think about all of the bandwidth tor relays push and how many of the connections result in complaints or abuse. The bad uses are more public but still the vast minority. In the end, tor is a technology. It can be used for both good and bad. We develop, advocate, and continue to work on tor for the positive outcomes; whatever that may mean for your morals and locale. -- Andrew pgp 0x31B0974B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Vatlator 1.1. released
On Tue, 21 Sep 2010 11:32:13 +0200 emanuele incremona emanuele.increm...@gmail.com wrote: I write to present the new release of Vatlator, a live cd for anonymous browsing. Hi, I tried this out today and have some feedback. It looks like a stock ubuntu mini mix with tor, polipo, and firefox w/torbutton installed. As a result, it leaks traffic and information on the network. This is bad. For example, the iptables config is wide open and set to accept all both outbound and inbound. At a minimum, vatlator should transparently proxy everything through Tor, and otherwise deny any traffic that isn't going through Tor, like udp, icmp, etc. iptables should deny or drop all inbound traffic from outside the OS. You may want to look at what the TAILS people have been doing do harden their livecd, https://amnesia.boum.org/. Someone started to write this as a guide to help others, https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/LiveCDBestPractices. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Why does this happen?
On Thu, 02 Sep 2010 21:03:16 +0100 Matthew pump...@cotse.net wrote: [17:50:35] Your Computer's Clock is Potentially Incorrect - Tor has determined that your computer's clock may be set to 7285 seconds in the future compared to the source DIRSERV:80.239.147.21:443. If your clock is not correct, Tor will not be able to function. Please verify your computer displays the correct time. Either your clock or the directory server's clock is wrong. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: IP-tables and TOR
On Tue, 24 Aug 2010 13:54:14 -0400 Michael Gomboc michael.gom...@gmail.com wrote: Could some net filter expert give me some advise how to use iptables with TOR? For your specific question, https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/BlockNonTorTrafficDebian For the larger question of pushing traffic through tor: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TransparentProxy -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: The team of PayPal is a band of pigs and cads!
On Mon, 23 Aug 2010 16:48:13 + James Brown jbrownfi...@gmail.com wrote: They block accounts of their user if users ised the Tor or another anonymous proxy!!! I think the answer here is more complex. I've used tor's paypal-based donation account through Tor without issue for years. Possibly, Paypal has a bot detection program looking for many users logging in from the same IP address. This is similar to what Google, Yahoo, and others have done. If you happen to exit from a popular exit node, Paypal flags you as potentially compromised. I've attempted to have conversations with Paypal to no avail. Getting an actual human to talk to you with a clue about their security measures is incredibly difficult. Just try asking them for their SSL fingerprint because you're worried about phishing. When I tried, I was sent to their abuse dept who were thoroughly unhappy I was asking suspicious questions about ssl. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: The team of PayPal is a band of pigs and cads!
On Mon, 23 Aug 2010 18:52:17 + James Brown jbrownfi...@gmail.com wrote: Our records indicate that your password may have been shared with another person, or that an anonymising proxy to access your PayPal Account may be in use. Should this be the case, it would mean a violation of our User Agreement. They are correct, https://cms.paypal.com/us/cgi-bin/?cmd=_render-contentcontent_ID=ua/UserAgreement_fulllocale.x=en_US Section 9.1, j. Apparently they don't want you as a customer if you want to protect yourself from unscrupulous marketing or local ISP surveillance. I'll start a conversation with them. Thanks for bringing this up. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Why does Gmail claim Tor IPs are located in one country when blutmagie.de claims they are located in a different country?
On Wed, 18 Aug 2010 16:59:40 +0100 Matthew pump...@cotse.net wrote: Hello, I don't understand this. I go to http://torstatus.blutmagie.de/ and have a look at the exit node gigatux called emohawk2.gigatux.com and located at 78.129.201.189. This appears to be located in the UK according to blutmagie.de. whois and RIPE agree with blutmagie. Gmail is wrong. Perhaps they use different geoip databases. If you look at your circuits, are you exiting from the UK or do you have split circuits where some may be going to gstatic.com through another place? -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: $keyid of my server
On Wed, 18 Aug 2010 01:20:25 + Orionjur Tor-admin tor-ad...@orionjurinform.com wrote: Where I can find it for pointing out MyFamily in /etc/torrc ? I find only my node fingerprint. That's your keyid, or look for the log message on start: [notice] Your Tor server's identity key fingerprint is Or here, https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#Iwanttorunmorethanonerelay -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
them to do so. I want them to use Tor because they understand the risks and realize they need it. This is the way to solve the US-centric perception, the fear of big government - get everyone to be funding your work. This is a very US/Canadian value. There are plenty of countries out there where the general population trusts and believes in their governments. The average Chinese citizen appreciates that their government protects them from bad things on the Internet with the GFW. However, they fear human flesh search or corporate espionage and want protection. The point is that the world is a complex place, and privacy/anonymity mean different things to different cultures. Trying to figure this out is the challenge. And keep it all open source so no one needs to be fearful of anyone else controlling it. Get 100,000 servers and relays and bridges out there - why aren't Google and Amazon and Microsoft and IBM and others throwing serious weight behind you? There are anonymity and security issues to iron out, a few of which Paul addresses later in this thread. We are talking to the ISPs and cloud providers. They are large organizations scared of change and what others may think about them if someone does something bad with Tor through their IP space. Everyone focuses on the exceptions of bad behavior over Tor, very few focus on the vast majority of traffic that helps someone. However, we have bridges, exit policies, and lots of other technologies they could sponsor just as easily. This is a long answer to your questions and suggestions. However, I encourage the debate. Even more so, I encourage action to help us. Thanks! -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
On Sat, 14 Aug 2010 01:20:28 -0400 Jimmy Dioxin jimmydioxi...@gmx.com wrote: Cryptome has posted the Tor Project 2008 Tax Return available at: http://cryptome.org/0002/tor-2008.zip As many know, all US non-profit corporation returns are available upon request by the public. In fact, these documents are already public. They are available through us on request, as required by US tax laws. Or, generally through GuideStar or Charity Navigator. There's nothing secret here, it's all public. Every 501c3 has to file these every year. Tor develops in public, meets in public, and is generally approachable for questions, comments, or concerns. We specifically chose to be a 501c3 for the transparency factor. We could easily have been a for-profit entity with many willing investors to create black box software. We believe in the right to online anonymity and developing and improving it with Tor. The adversaries to online anonymity are vastly better funded to the tune of trillions of dollars, and in some cases, can tax their populace to better oppress them. Firstly, people need to look through these returns in the same way we audit code. Looking at funding sources and expenditures is important to insuring Tor is a useful anonymity tool for years to come. There are two points in that statement. First, we've repeatedly stated that you should evaluate our designs, the code, and to verify the binaries we produce. Second, many organizations want anonymity online. These organizations need Tor and/or our advice to accomplish their goals. Our examples of Tor users gives you an idea of who wants their anonymity online, https://www.torproject.org/torusers. We will accept funding from people who understand our mission, our goals, and generally our research and development model of progress. We don't take funding we don't feel comfortable handling. We generally work along two paths at once: 1) Research, attack, and improve the Tor design. Low-latency anonymity and the general field of anonymous Internet communications are still relatively young. Research into these fields takes anywhere from 3 to 10 years to solidify designs, develop attacks, and then develop defenses to attacks; 2) Turn the research into code. Improving the codebase and the growing number of accessory programs for Tor is a growing challenge. We have a live Tor network that is used by half a million people a day. We want to make sure that Tor works for those putting their life on the line. Therefore, we must make sure Tor is the strongest we can make it to provide anonymity online. The US and European Governments are large entities. They feed people, protect citizens, save lives, make bombs, and get involved in wars. They do not speak with one voice and one mission. For all of the people who publicly state anonymity should disappear, there are just as many who want to see anonymity strengthened. Secondly, can the Tor project release these returns on the site for the above purpose? I don't think there needs to be some onerous accounting process for reporting to the public (ya'll have better things to do anyways), but these returns would be nice to have in the interest of transparency. We are finishing up the 2009 audits and filings this month. We will announce our first ever annual report soon, and post the 2007 through 2009 IRS 990 forms, financial statements, and reviews. This is what you want to watch for progress on this front, https://trac.torproject.org/projects/tor/milestone/2009%20Financial%20%26%20Compliance%20Audit The best way we know to combat conspiracy theories and cranks is for the organization to be as transparent as possible. We hope you'll join us in protecting, providing, and strengthening anonymity online. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
On Sat, 14 Aug 2010 12:26:57 +0100 Anon Mus my.green.lant...@googlemail.com wrote: It looks like 90% of the funding is from the US, nearly all US government. Internews Europe - France $183,180 (35.6%) (http://www.sourcewatch.org/index.php?title=Internews) Stichting Nlnet - Netherlands $42,931 International Broadcasting $260,000 (50.5%)) (http://en.wikipedia.org/wiki/International_Broadcasting_Bureau) Google US $28,500 (5.5%) Total $514,611 Last I checked, France and the Netherlands aren't under US Government rule. Internews Europe is different from Internews, and funded completely differently. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Vulnerability in OpenSSL 1.0.x Firefox 4 Silent Updates
On Wed, 11 Aug 2010 02:42:15 -0400 whowatchesthewatcherswatc...@safe-mail.net wrote: Vulnerability in OpenSSL 1.0.x http://marc.info/?t=12811816911r=1w=2 http://archives.neohapsis.com/archives/fulldisclosure/2010-08/0085.html Tor server/client use vuln? Unknown, the real bug seems to be explained here, http://marc.info/?l=openssl-devm=128128256314328w=2 I'll let Nick or someone more familiar with openssl explain the risk better. Firefox 4 Silent Updates http://news.slashdot.org/story/10/08/07/1239224/Like-Googles-Chrome-Mozilla-To-Silently-Update-Firefox-4 This is why we repeatedly say to stick with the firefox versions we have analyzed. New features aren't analyzed and/or mitigated with torbutton yet. Something like this should be caught and stopped by future versions of torbutton. We've only analyzed the Firefox 3.5.x codebase. 3.6 is next, or maybe we just skip and go to 4.x. There is exactly one person working on this, so if people want faster updates to torbutton, more help is needed. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: An asking concirning the TB
On Thu, 12 Aug 2010 09:16:14 + James Brown jbrownfi...@gmail.com wrote: 1. What is the bug in the TB which lets that test define that I use Mozilla under Windows but not IE under Windows? Or the TB masqueradge only the OS not the type of browser? (I thought that it masqueradge the type of browser too, am I not right?). Torbutton sets a common user agent to make all users look alike. See https://www.torproject.org/torbutton/design/#id2935059 for details. 2. It defined that by the browser characteristic HTTP_ACCEPT Headers those are only one in about 7000 browsers have that value. Why? What could mean the above value of that characterisrics? Maybe Seth or Peter can answer this question based on the code logic in panopticlick. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor notice
On Mon, 09 Aug 2010 22:35:50 -0600 Jim jimmy...@copper.net wrote: Would it make sense to add that link, or some other link, to the message Tor prints out so the casual user can get some idea of what the message means? Perhaps more relevant is this, http://dud.inf.tu-dresden.de/Anon_Terminology.shtml -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Could somebody comment that information?
On Sun, 01 Aug 2010 20:50:57 + James Brown jbrownfi...@gmail.com wrote: http://www.boingboing.net/2010/07/31/wikileaks-volunteer.html Are those a new activity of the President Obama administration against Internet anonymity and against the Tor-network? It's unclear. The simplest explanation is this detainment and interrogation are due to Jacob's volunteering with Wikileaks. As far as we know today, the US government still believes in anonymity. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Problem with the TB automatically usage of an alternative search engine
On Fri, 30 Jul 2010 06:27:45 + James Brown jbrownfi...@gmail.com wrote: Today I have the next problem when the TB automatically use the ixquick.com-engine instead the Google: We have recently received a large number of searches coming from your computer or others on your local network in a very short time frame. In order to protect our service against automated screen scraping software programs, your access to Ixquick's search has been paused for approximately one hour. If you were using Ixquick normally, we apologize for the inconvenience and will be able to lift this pause if you phone us at (212) 447-1100 (USA). Alternately, if you were operating a screen scraping program, you may phone us to work out an arrangement. You can also contact us at: autoquery @ ixquick.com This appears to be something new from ixquick. In the past they never rate limited queries from individual IP addresses. The problem is not with TBB per se, it's that ixquick is seeing lots of queries per IP address. Before we launched torbutton 1.2.5 with this automatic redirect feature, I asked ixquick if there was any problem in sending them potentially millions of queries per day. They never responded. Now that we have their attention, maybe they will. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: app for each app's tor control?
On Wed, 21 Jul 2010 09:36:08 -0400 Roger Dingledine a...@mit.edu wrote: On Wed, Jul 21, 2010 at 11:37:24AM +0200, Jerzy ??ogiewa wrote: strange, when I type for example tsocks /Applications/Safari.app/Contents/MacOS/Safari the application gui never seems to appear. Looks like you're trying to use tsocks on os x? It doesn't (easily) work on os x, even for non-gui apps. Whatever is in macports works fine for me. I use it daily. There's a program from Dug Song named dsocks that does, I hear. I could never get this working on any version of OS X. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: mac and tor with little snitch
On Tue, 20 Jul 2010 15:22:49 +0200 Jerzy Łogiewa jerz...@interia.eu wrote: when I have the global proxy configured to make everything run through tor, the mac ignores little snitch rules! If I understand what litte snitch does, this behavior should be expected. Little Snitch is just ipfw configuration, I think. If you use tor, little snitch/ipfw won't see the traffic as it's being tunnelled through Tor. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: app for each app's tor control?
On Tue, 20 Jul 2010 15:34:10 +0200 Jerzy Łogiewa jerz...@interia.eu wrote: i have an idea- i would like an app for easily controlling what gui and non-gui apps are using tor, like with little snitch on the mac. You're welcome to try to make the application. Perhaps what you're running into is the system proxy settings and apps that honor those settings versus apps that have their own proxy settings and ignore the system settings. in the best case it should detect like little snitch if an app that is to be proxied is opening and automatically route it the proper way, yes? i can program a little. is there some list member who can help to outline the basic idea? It sounds like you want a gui for tsocks. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: New Tor Relay: Help!!!!!
On Mon, 28 Jun 2010 16:28:31 -0400 torh...@safe-mail.net wrote: Can you explain the DNs hijacking thing? I don't understand what that means/the implications. It means your ISP dns server is giving a response other than NXDOMAIN for invalid domains. You can learn more about nxdomain redirects at http://en.wikipedia.org/wiki/ISP_redirect_page. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Automated threat messages force limitation of Exit Policy (Softlayer)
On Wed, 23 Jun 2010 02:20:16 +0200 Moritz Bartl t...@wiredwings.com wrote: All these complaints list pretty much the same Torrents, have been issued by MediaSentry or BayTSP, and each offers to get back to them on changing email addresses and through a web form. For each single abuse case, I have tried to reach them to tell them about the node and its background, including the offer to block on IP/Port basis and the URL to EFF's legal page, but they didn't get back to me and didn't stop the spamming. I even filed a counter notification with written signature etc. From experience, with SoftLayer even, don't try to explain anything; no one cares. All they see is customer X is costing us a human dealing with all of these complaints, make it stop. I simply had a script that responded to each and every automated complaint with an automated response. Take the template response from https://www.torproject.org/eff/tor-dmca-response.html and change the right variables to whatever you receive in an automated fashion. And then mail it back to whomever. It's their bot versus yours. If you can get SoftLayer to do SWIP on the IP address/range assigned to you, that will offload their complaint person and let you handle everything automatically. BayTSP/MediaSentry/etc have heard all the excuses, including when they tagged my printer as serving up movies; they don't care. I fully expect they don't even read the responses, just check that a response was received. The response is probably then catalogued for some future court case. And to your scary realization, yes, baseless accusations have concrete affects in the real world. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Google language turns depending on tor node...
On Sat, 19 Jun 2010 19:52:56 +0530 emigrant fromwindowstoli...@gmail.com wrote: when i give a keyword to search, in most cases, i get results in languages i cannot read. is there any way to keep it always to english? There is a fine FAQ answer for this: https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#WhydoesGoogleshowupinforeignlanguages -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Technology Preview: Windows client as a bridge by default
We keep hearing from people around the world that clicking the 3 buttons to turn yourself into a bridge is too difficult for most users to do. These people have repeatedly asked for a bridge by default configuration in a package. Here it is: http://archive.torproject.org/tor-package-archive/technology-preview/ When you install and run this package, you are a bridge relay helping censored users around the world access Tor and the uncensored Internet. To understand more about bridges, read https://www.torproject.org/bridges. This is the installable Vidalia bundle configured to be a bridge by default. This is Tor 0.2.2.13-alpha, Vidalia 0.2.9, Polipo 1.0.4.1. The only difference between this bridge-bundle and the vidalia-bundle is the bridge configuration. When started, Vidalia attempts to use UPnP to reconfigure any NAT/router device to open port 9001 for tor and 9030 for a directory mirror. The bandwidth is set to consume greater than 1.5 Mbps. It works just like the vidalia-bundle (because it is the vidalia-bundle) where if UPnP fails, it prompts you to open the correct ports on your NAT/router. None of this is final configuration. It is merely a does it work for you? test package. So far, it's worked on the 4 different networks I've tried. Apologies to the 300 Chinese users who used my bridge on one of the test networks, only to have it go away a day later. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Browser Bundle question
On Fri, 28 May 2010 12:22:00 -0700 a. smith cinephile...@gmail.com wrote: I have been using the Tor Browser Bundle on a usb pen drive on Windows. Will any traces of my data be saved on the host computer or on the pen drive? Yes and yes. The host computer traces are documented at https://svn.torproject.org/svn/torbrowser/trunk/docs/traces.txt And the pen drive will have whatever history, bookmarks, and cookies you told firefox to save. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bridges and China (new thread)
On Thu, 27 May 2010 17:17:51 +0800 代尔欣 daier...@gmail.com wrote: I also have this problem(bridges are blocked) and sent a mail several days ago. Now I know what happened. But how to get a *free* http proxy address? I searched on internet. It seems not easy find a valid one. There are millions of http/https proxies out there. Try http://proxy.org/ as a starting point. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: No fingerprint in Notice level log on Windows
On Wed, 26 May 2010 19:04:17 -0400 Aplin, Justin M jmap...@ufl.edu wrote: Is anyone else as anal as me about noticing things like this? Sounds like a fine bug to report. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Family specifications (was: Re: perfect-privacy.com, Family specifications, etc)
On Thursday May 20 2010 09:39:00 Flamsmark wrote: On 20 May 2010 07:44, and...@torproject.org wrote: If Mallory lists Alice and Bob, but neither Alice nor Bob list Mallory, it's not a valid Family. Otherwise, Mallory could list every node in the network and screw everyone. Why would this screw everyone? If only one side could declare a valid family that clients honored, you can control the paths clients choose. Eventually, some large percent of the network will find your declaration and be unable to build paths because they are all in the one-sided MyFamily declaration. Or, worse off, you run three nodes, let's call them TheMan0, TheMan1, and TheMan2. All three nodes list every other node in the network, except your three TheMan# nodes. Now as clients find your MyFamily declaration, they can only build paths through TheMan0, TheMan1, and TheMan2. Now you've won. This is one reason why the MyFamily declaration has to be the same on both sides in order for clients to honor it. Tor clients do not trust the Tor network by design. There are flaws in the MyFamily scheme, as we're seeing with perfect-privacy. It's a pain in the ass if you run a lot of nodes, so you just don't bother. It also assumes an honest relay operator will list all of all the nodes that should be in a MyFamily declaration. Right now, Tor won't use any relays in a circuit in the same /16 network to try to address network closeness of relays. We saw it was plausible that someone can start up a bunch of relays in the same datacenter in the same netblock and start to see a lot of circuits within that netblock. You can disable this behavior by setting EnforceDistinctSubnets to 0. It is an open and active area of research as to the degree of anonymity (increase or decrease) one receives as you develop trusted paths through the network (pick your own path), or Autonomous System aware paths, or country level aware paths, etc. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: 80%+ Tor network relay locations unknown
On Thursday May 13 2010 07:45:03 Anon Mus wrote: Recently, since the TOR upgrade, have noticed that 80+ of the relay locations in View the Network are missing. Everyone will be seeing this soon. The SSL cert changed/renewed. The forthcoming Vidalia 0.2.9 will fix the issue. See https://trac.vidalia- project.net/changeset/4284 for the details. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to install and start Tor on FreeBSD?
On 05/01/2010 04:30 AM, James Brown wrote: I have installed the Tor on a VDS on the FreeBSD v. 8.0-STABLE, set tor_enable=YES in /etc/rc.conf and reboot my system but the Tor daemon did not start. I see that I have no file torrc in my system, do I need create it manually? If yes, can I simply copy it from my Debian home system (to the FreeBSD on a VDS)? Or I need make some configurations in that file? P.S. I think I don't have to install privoxy if I don't inted to use that VDS as a remote Tor-proxy for my home system, only as a Tor server for public needs for protecting and sponsoring the Tor project? First off, how did you install tor? by port or by source? You probably want to look in /usr/local/etc and set tor_enabled=YES in /usr/local/etc/rc.conf, not /etc/rc.conf. Your torrc should also be in /usr/local/etc/tor/. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to install and start Tor on FreeBSD?
On 05/01/2010 10:39 AM, James Brown wrote: Very thanks, I installed it by port. I yet resolve my problem by discribed you method, thanks again. Now there is yet one exit-node in the World :-) Awesome. Thanks for running an exit node. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor-exit without any exit rejection policies
On Wednesday April 28 2010 01:18:00 James Brown wrote: Because it I want to set up a Tor-exit without any exit rejection policies. Could anything of you advice me such jurisdiction for that or maybe concrete VDS/VPS-providers having servers in such jurisdictions? First off, thanks for offering to run an exit node. As for running with accept *:*, you'll quickly find lots of smtp spam complaints and your node listed on various block lists. However, you may not care so much. Some people have started a list of ISPs at https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/GoodBadISPs -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Consider traffic before setting AccountingStart in the middle of an accounting period.
On 04/17/2010 10:33 AM, Hans Schnehl wrote: Will Tor consider traffic before in its accounting? That information is quite crucial to me. sorry to say so, but Tor it will *NOT* be aware of traffic before it starts accounting, better watch you wallet ;) Hans is correct. If tor wasn't previously told to account for bytes sent and received, it won't do so. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [solved] Full bandwidth is not used.
On 04/17/2010 07:58 AM, Paul Menzel wrote: Since April 13th traffic increased quite a lot [1]. So it looks like it just took longer to get my exit node propagated to the network. It appears to have been in the network, not just utilized to the fullest. We've been trying new things to rebalance and better utilize the relays we have. See the fine thread on tor-relays for the more detailed discussion, http://archives.seul.org/tor/relays/Apr-2010/msg00043.html -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Firefox configurations for tor with Mac ppc
On 04/17/2010 01:45 AM, zzzjethro...@email2me.net wrote: Hello. Around the first of the year I asked about FF configurations, with Tor, for Mac, Power PC. I was given a link to a site that had the Firefox settings used by Tor. The firefox settings are the same across platforms. It shouldn't matter if it's a mac, windows, or gnu/linux. torbutton and the prefs.js from the torbrowser bundles should address them. Again, I say should because we haven't spent much time analyzing os x. As we build the tor browser bundle for os x, we'll figure out which prefs.js settings need to be changed. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Eventdns: All name servers have failed
On 04/16/2010 03:44 PM, Jon wrote: Was there a fix or a solution for it, or was it determined that it was not important enough to worry about at the time, since generally it would correct it self with in less than a second most of the time and continue to work till it happened again? I have had 5 of these warnings now in 12 hrs today. To me that seems kind of excessive, but maybe its just me. The issue is generally a libevent problem, not specific to any one OS that I can see. I've worked around it by setting up a caching nameserver on localhost. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: BadExit flag still needed for PrivacyNow...
On 04/16/2010 12:59 AM, Scott Bennett wrote: My weather satellite images got blocked again, due to the PrivacyNow exit using OpenDNS with a misconfigured account and the fact that ExcludeExitNodes still doesn't work reliably. Will the the authority operators *please* stick a BadExit flag onto that router's entry in the consensus? Thanks! I think it's time for a baddns attribute, rather than solely bad exit. The nxdomain test is fairly binary, either your local nameserver is lying to you or not. I may be misunderstanding the using opendns with a misconfigured account statement. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How does TOR deal with mac addresses
On Fri, 26 Mar 2010 23:20:40 +0530, emigrant fromwindowstoli...@gmail.com wrote: :During ARPs the mac address would get recorded isn't it? :So how does TOR protect anonymity with regard to mac addresses? Tor works at the tcp layer, not the layers below it. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: filling a network with Tor traffic
On Thu, 11 Mar 2010 17:38:25 +0100, Eugen Leitl eu...@leitl.org wrote: :Any suggestions for making Tor filling up 2-3 /24 networks, :so that it doesn't break anything for the users? Do you mean traffic from every IP in a 2-3 /24's? Run a few VMs, set the Family option, and let lots of traffic flow. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Drop Tor users via bridges by over 2/3 in the beginning of March (was: Tor in China)
On Wed, 10 Mar 2010 08:31:06 -0500, Flamsmark flamsm...@gmail.com wrote: :At the beginning of March, the great firewall of China blocked all (then) :known tor exits and relays, and a substantial number of bridges - presumably :enumerated over a prior, somewhat extended period. This is our working theory as well. Pending research involves which set of bridges were blocked; website, email, twitter/qq account, or all of them. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [RFC] Campaign »Buy/Sponsor a relay.«
On Wed, 10 Mar 2010 11:26:00 +0100, Paul Menzel paulepan...@users.sourceforge.net wrote: :on the Tor start page [1] there is a message »Help us reach 5,000 : relays in 2010!« :»I guess for people caring about privacy but not wanting/able to set up :a server themselves can now be told, you can pay 90 pounds a month [for :10 Mbps] and you will improve the connectivity of the Tor network.« [me :on IRC] We turn down funding when organizations ask us to run relays on their behalf. They have the money, but not the technical skills to run relays. The risk to The Tor Project, the non-profit entity, is that we become a target as we could potentially see a large percentage of Tor network traffic. This traffic becomes interesting to law enforcement, criminal organizations, marketers, and others wanting to enumerate Tor users. This same concern is true for the funding organization. A human rights organization wanted to run either hundreds of relays or to see their relay names as the top 10 relays in the Vidalia network map for a year. They almost looked at the network map/relay list as a branding opportunity. However, controlling relays with that much traffic, even if the relays are dispersed around the world, would turn them into a data collection target. I encourage a peer to peer model of getting more relays. Having individuals run a relay and contribute the bandwidth that makes sense seems to be a less risky model. As the risk is spread out amongst hundreds or thousands of individuals. This is a more difficult path than turning lots of money into relays. Ultimately, I believe this path is more sustainable in the long-term. As committed relay operators run them for their own reasons, not for a paycheck. Active areas of research are around everyone as a bridge and everyone as a relay if the tor client finds itself reachable by the outside world. Getting these options correct without screwing users is difficult. However, we are making progress. In the meanwhile, we need more relays, in particular exit relays, to help speed up Tor for everyone. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor documentation
On 03/03/2010 12:18 AM, zzzjethro...@email2me.net wrote: Hope this doesn't rankle anyone's last nerve but I found this on the Onion Forum last night and am wondering how to verify it? I can just ask here, does anyone know if this is true or not and what it might mean to someone's anonymity regarding Tor, and the clients trust of Tor? For the record, we release the source tarball and binary packages before we announce a new version. In the past, people have become very upset when we announce a release but only have source code available. Enough people watch the commits on or-cvs, or in the actual repositories, that they can build their own tor from source without issue. I'll give zzzjethro666 credit for trying to validate what was posted on the Internet. It's better than blindly believing it as fact. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Problem bootstrapping. Stuck at 5%
On 02/28/2010 07:23 AM, zzzjethro...@email2me.net wrote: Hello. Can someone please explain this to me in a way I might be able to follow it? I am not very savvy, I admit but I need something more clear in its detail as to exactly what do I do. On OS X, if you use Vidalia, edit ~/.vidalia/torrc, otherwise open your favorite text editor and load /Library/Tor/torrc Is the file I look for (and where by the way?-I use OS X 10.5.2 ppc), ~/.vidalia/torrc? I really don't know what it means by my favorite text editor. Is that like Text Edit in Mac? and load, how? What are you trying to do that cannot be accomplished in Vidalia? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor v0.2.1.23 dose not work in my windowsXP box and Tor v0.2.1.24 can not work in my Debain
On 02/28/2010 05:30 AM, Scott Bennett wrote: Another alert reader has already commented, but your offense is so egregious that I think it worth making a row about it, so here goes. Before this devolves into personal attacks, we designed the system so that if users divulge a bridge address or three the entire system won't be compromised. If the bridge address system required users never making mistakes and publishing the addresses of the bridges, we could have taken better precautions against accidental disclosure. Another odd point is that most censors aren't blocking bridges. We've been tweeting/qq'ing bridges for 4 months around China and they aren't blocked. (Dear China GFW censors, this is not a challenge.) Commercial firewall vendors also seem to ignore bridges as well. Why? In the grand scheme of things, 95% of a population doesn't use any sort of proxying technology, and so far as we've been able to count, a few million people have downloaded tor. Compared to the roughly 1.7 billion people online, it's an exceedingly small number. We believe the goal of the censors is to maintain the impression of control. Unless you're going to whitelist the internet, which is already happening in some commercial firewall products and in parts of some countries, then someone will find a way through. However, if 95%+ of your population is none the wiser, great, you sure look like you can control the Internet. Publishing lists of bridges is bad, but not the end of the world. I mean, we give them out over unencrypted email and microblogging sites. Effectively, we're publishing them to the world. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Problem bootstrapping. Stuck at 5%
On 02/28/2010 10:58 AM, Tiana Frings wrote: THNX! I've discovered what bridges are and included several bridges already. However, the problem is still the same? Do you have a local firewall or anti-virus that is blocking localhost? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor v0.2.1.23 dose not work in my windowsXP box and Tor v0.2.1.24 can not work in my Debain
On 02/27/2010 05:08 AM, Peng Zhou wrote: This issue looks like caused by my ISP, when I change to another ISP, everything goes well :-) Which ISP blocked Tor? I found the free public wifi sponsored by the HK government did a fine job of blocking the public tor relays, but most bridges worked. They also seemed to mess with ssl in general, which also made tor, https, vpns, and ssh tunnels sad. And running at debug loglevel seems overkill when notice level logs tell you what's going on just fine. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Exclude... options and what about Tor v multi-hop proxies?
On 02/27/2010 01:36 AM, mag...@hushmail.me wrote: Would the designers/developers please extend the comparison FAQs [1][2] to include commercial multi-hop providers, like perfect- privacy.com, xerobank.com, built on top of Tor, or otherwise? Last I checked, none of these are built on top of Tor at all. They may ship the tor source code to claim some relevance to Tor, but in fact, use ssh tunnels or https squid proxies rather than tor to transport your traffic. The FAQ you linked to on the wiki is world-writable. Feel free to update it with your own results. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Could not open C:/msys/1.0/local/share\tor\fallback-consensus
On 02/27/2010 03:46 AM, KT wrote: Tor v0.2.1.24 on XP Pro SP3. I am getting the following, but I don't have a directory C:/msys...?? Feb 27 08:26:46.904 [info] read_file_to_str(): Could not open C:/msys/1.0/local/share\tor\fallback-consensus: No such file or directory How did you install tor? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor v0.2.1.23 dose not work in my windowsXP box and Tor v0.2.1.24 can not work in my Debain
On 02/27/2010 09:41 AM, Peng Zhou wrote: Previously, I use the network from HongKong Polytechnical University (I don't know who is the ISP for HK PolyU), when I try to connect with Tor. via bridge 74.207.232.33:443, I have found its TCP handshaking works fine, but SSL handshaking is blocked (A packet for SSL client Hello is sent to 74.207.232.33, but the bridge never gives me reponse): This could also mean the bridge is offline. If you can openssl s_client -connect IP:port, does this work? Is ssl to say, gmail, or taobao also messed up? -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Multiple warnings from Torbutton
On 02/27/2010 10:43 AM, Jon Cosby wrote: On setting the Torbutton preferences, I get the warning from Torbutton nine times (You need to toggle Tor or restart for your settings to take effect.) Once on opening the preferences, eight more times on saving the settings. I have Firefox 3.5 on an Ubuntu Karmic VM. Is there something I can do to bypass this warning? It's a known bug, https://bugs.torproject.org/flyspray/index.php?do=detailsid=1219. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: why polipo?
On 02/20/2010 03:36 AM, zzzjethro...@email2me.net wrote: How does one, or rather I, do this switch on my Mac 10.5.2 ppc? Thanks and should I? Should you switch? I cannot answer that. How to switch? I can answer that at a high-level. Install privoxy from http://www.privoxy.org/, reconfigure Vidalia to not start a http proxy, and configure privoxy to point at tor as a socks server. Search engines should be able to find you many walkthrough in far greater detail than that. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: why polipo?
On 02/20/2010 12:38 PM, Flamsmark wrote: Once Firefox fixes bug 280661, we don't need a http proxy at all. However, given the current pace of progress on 280661, we may switch to Chrome before the fix occurs. If the switch to Chrome was made, I assume that there'd be a port of the TorButton extension to Chrome? If that does happen, a nice feature for the Tor/!Tor switch would be to have Tor used only in incognito mode. I'm not sure how you make extensions work in incognito mode, but I'm sure that I'm not alone in wanting this feature. I should clarify that by Chrome, I really mean Chromium, the free and open source version of Chrome; http://code.google.com/chromium/. We'd like to stop eviscerating Firefox with Torbutton. Rather, we could integrate torbutton functionality into private/incognito browsing mode. Chromium is relatively new, and we're working with the team to implement the APIs necessary to integration of a truly anonymous/private browsing mode. We'd also like to work with Mozilla on the same pathway, but so far we haven't made the right connections in the organization to have this happen. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: why polipo?
On 02/20/2010 03:58 PM, Marco Bonetti wrote: Andrew Lewman wrote: Chrisd even wrote Mozilla a patch and submitted it on the bug. cool, do you apply the patch to windows tor bundles? if not, it could be worth to be applied :) No, we don't build our own Firefox yet. I've been resisting adding Tor's firefox to the list of software we maintain and build every release. However, yes it may become worthwhile to build our own Firefox, and integrate Chrisd's patch. on the other side, I've mixed feelings regarding the possible switch from firefox to chrome or any other browser but if this will help spreading Tor, I'll more than gladly welcome it I have mixed feelings as well. Chromium/chrome has a nice sandboxing model, is very fast at rendering, and in general is a nice browser. It's new enough that by implementing some api's for us, we can integrate torbutton functionality into it far easier than the current reverse engineering we have to do with firefox. Alternatives could be like torfox and torora, where you just build the browser from the start with Tor in mind. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: why polipo?
On 02/20/2010 04:41 PM, Rich Jones wrote: While we're discussing the bundle, I'd like to mention something that's been on my mind lately. I recently ran a Privacy Tech Workshop at the Students for Free Culture conference in DC - and the general conclusion is that Tor/FF is too hard to use and set up (and I think that this has been the conclusion from the folks at the OpenNetInitiative at Harvard about the real-world usage of censorship resisting tools in Iran and such) and that most people end up using the first result on whatever search engine for get around blocked internet, etc, which ends up using a webproxy. This is why the Tor Browser Bundle exists, http://www.torproject.org/torbrowser/. It's self-contained and pre-configured. Just download, extract, and run. There's no configuration needed. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: What version FF for Mac 10.5.2 ppc
On 02/19/2010 06:41 AM, zzzjethro...@email2me.net wrote: I just downloaded the new Vidalia/Tor bundle for Mac 10.5.2 ppc. This version of Tor is 0.2.1.23-0.2.7 I am using Firefox 3.0.17. Is this a good safe Firefox for this version of Tor? 3.0.18 was just released, otherwise, sure sounds good. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor in China
On 02/19/2010 05:20 AM, onion.s...@nym.hush.com wrote: http://metrics.torproject.org/bridge-users-graphs.html#china if there is no clear explanation account for the doubling of the usage figure in the whole December, i would speculate that this is an error in the estimation. could anyone confirm this? The best person to answer this is Karsten, and he's currently traveling. We await his answer. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: why polipo?
On 02/15/2010 12:09 PM, Michael Gomboc wrote: Why is polipo used and no longer privoxy? The first question is, why a http proxy at all? The answer is, because Firefox SOCKS layer has hard-coded timeouts, and other issues, https://bugzilla.mozilla.org/show_bug.cgi?id=280661. Personally, I don't use an http proxy, I simply let my browser talk to tor via socks directly. The user experience sucks, because you'll receive untold numbers of The connection has timed out warnings, because firefox won't wait for Tor to build a circuit. Chrome, Safari, and Arora (amongst others) don't have this problem. Once Firefox fixes bug 280661, we don't need a http proxy at all. However, given the current pace of progress on 280661, we may switch to Chrome before the fix occurs. The second question is, why switch from privoxy to polipo? Privoxy is fine filtering software that works well for what is it intended to do. However, it's user experience is lacking due to it lacking a few features, namely, http 1.1 pipelining, caching most requested objects, and it needs to see the entire page to parse it, before sending it on to the browser. Lack of these three features is the reason we switched from privoxy to polipo. We've received plenty of feedback that browsing with polipo in place of privoxy feels faster. The feedback indicates that because polipo streams the content to the browser for rendering nearly as fast as it receives it from Tor, the user understands what's going on and will start to read the web page as it loads. Privoxy, necesarily, will load the entire page, parse it for items to be filtered, and then send the page on to the browser. The user experience, especially on a slow circuit, is that nothing happens, the browser activity icon spins forever, and suddenly a page appears many, many seconds later. If Tor was vastly faster, privoxy's mode of operation wouldn't matter. We're working on making Tor faster. However, purposely showing the user how slow tor can be with privoxy was a huge point of complaint, and not what we intended to do. Does polipo have some bugs? Sure. Chrisd primarily, among others, is working on fixing them. At the current rate of progress on firefox bug 280661, we'll have polipo fixed before mozilla releases the SOCKS layer fix. Chrisd even wrote Mozilla a patch and submitted it on the bug. The final point is that this is all free software. You are in control. If you don't like polipo, but do like privoxy, then don't install polipo and use privoxy. The power of choice is yours. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: launch external application warning
On 02/16/2010 02:00 AM, Luis Herrera wrote: This is a UI problem with either otr or pidgin. Naturally you think clikcing Authenticate means you want to authenticate the user. What it really means is that pidgin tries to load your default browser to go to the otr website to explain what authenticate means, like a help file. *** Yes, that is what I thought. Is there a way to tell the portable Tor-enabled Firefox browser, always use me and don't launch any other browser? I agree on the risks. I'll hack at this a bit and see if I can figure it out. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TOR Blocked at Universities
On 02/11/2010 05:58 PM, Peter Farver wrote: I meant clients for TOR were blocked. Yes, for all students and faculty. I believe the attacks were from the TOR exit nodes, but I will try to get more information from network administrators. I have not tried bridges yet, but maybe I will obtain a bridge to connect to test in the future. Welcome to China or Burma. The public list of Tor relays are blocked, so they have to use non-public relays (bridges) to connect to Tor. This appears to be your situation as well. If Auburn's network admins want to talk about their issues, I'm happy to talk to them. I bet with a high probability that by blocking Tor exit nodes, the attacks didn't go away. Now they just originate from other IPs (zombie computers/botnets, open proxies, etc). Blocking tor clients outbound seems overkill to me. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor in China
On 02/09/2010 07:36 PM, onion.s...@nym.hush.com wrote: Does anyone know if China is currently blocking Tor? Does the situation described below persist? https://blog.torproject.org/blog/picturing-tor-censorship-in-china https://blog.torproject.org/blog/tor-partially-blocked-china Yes. China is still blocking public Tor relays by IP address and tcp port combination. It seems the censorship apparatus is updated quarterly. Non-public relays, or bridges, seem to work fine. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: ExcludeNodes setting bypassed when using bridges! Has Tor become self aware?
On 02/02/2010 02:14 AM, twinkletoedtur...@safe-mail.net wrote: Is this a bug? Yes, https://bugs.torproject.org/flyspray/index.php?do=detailsid=1090. We're still working on it. In fact, we're working on rewriting the entire codebase around {Exclude}{Entry|Exit}Nodes options. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torbutton : please offer better user agent choices
On 02/01/2010 01:09 PM, G-Lo ♂ wrote: twinkletoedtur...@safe-mail.net a écrit : In light of the Panopticlick thread and this question being asked in the past with no reasonable answer given via Torbutton's author, I appeal to Torbutton's author: Please provide us with more of a choice in user agents. The user agent in Torbutton is not updated often enough and we should have the choice of defining our own user agent or choosing between more than one which lacks freshness in updates. I've read your reasons for why this stagnant user agent is used and I'm not happy with it. Then uncheck the option and set your own user agent. There are other options to control your user agent, feel free to use those. If you want to partition yourself, by all means, do so. The reason we don't provide more user agents is to make everyone look like one user. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Testing packages for OS X 10.5 and later with broken openssl
Ok, apparently the fixes for ppc didn't work right. Let's try again. I build these new ppc packages on a 10.5.x ppc machine. https://www.torproject.org/dist/osx-old/Tor-0.2.2.8-alpha-i386-10.5-10.6-only-Bundle.dmg and .asc are expert Tor. Just tor, nothing else. https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.2.8-alpha-0.2.7-10.5-10.6-only-ppc.dmg and .asc are the normal vidalia-bundle configuration. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: browser fingerprinting - panopticlick
On 01/29/2010 04:36 PM, Michael Holstein wrote: The main cause was the screen resolution. https://blog.torproject.org/blog/effs-panopticlick-and-torbutton Running TOR and leaving javascript enabled sort of defeats the point, doesn't it? Not really. Most of the websites are useless without javascript enabled. Torbutton protects against known attacks via javascript (yes there's something to be said about unknown attacks...). -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: browser fingerprinting - panopticlick
On 01/29/2010 08:20 PM, 7v5w7go9ub0o wrote: As we slowly transition to web 2.0, probably the next step is putting the TOR browser in a VM full of bogus, randomized userid/sysid/network information - carefully firewalled to allow TOR access only (TOR would be running somewhere outside the browser VM). Already working on that, https://www.torproject.org/torvm/ or pick a live cd with tor integrated into it. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Testing packages for OS X 10.5 and later with broken openssl
What should be the final 0.2.2.8-alpha packages for OS X are now available at https://www.torproject.org/download These should be fully compatible with 10.3 through 10.6 depending upon architecture (per normal constraints before this openssl thing). Please report bugs at https://bugs.torproject.org. And thank you to everyone who has tested the packages this week. The feedback is great. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Testing packages for OS X 10.5 and later with broken openssl
On 01/27/2010 12:25 AM, Andrew Lewman wrote: Packages for testing are available at: https://www.torproject.org/dist/testing/ The 10.5/10.6 powerpc packages are now available at the above url too. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Testing packages for OS X 10.5 and later with broken openssl
Packages for testing are available at: https://www.torproject.org/dist/testing/ READ THIS FINE PRINT: 1) These will only work on OSX 10.5 i386 and newer. The backwards compatible osx 10.4 lib changes stop tor from including the static openssl. Tor fails to compile when using the 10.4 libs. 2) Tor-0.2.2.8-alpha-i386-Bundle.dmg is compiled to replace the tor binaries in /Applications/Vidalia.app/Contents/MacOS only. If your tor is located elsewhere, compile your own for now. 3) I filed a bug with apple about their broken openssl. grml. 4) let us know if they work for you. My testing systems show it works for me. Update https://bugs.torproject.org/flyspray/index.php?do=detailsid=1225 if it doesn't work or you have other issues with these testing packages. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor Browser Bundle 1.3.1 Released
The latest in the Tor Browser series, version 1.3.1 is released. This includes updates to Firefox, Pidgin, and Tor. Tor 0.2.1.22 rotates two of the seven v3 directory authority keys and locations, due to a security breach of some of the Torproject servers: http://archives.seul.org/or/talk/Jan-2010/msg00161.html It also fixes a privacy problem in bridge directory authorities -- it would tell you its whole history of bridge descriptors if you make the right directory request. Everybody should upgrade: https://www.torproject.org/easy-download The changelog is: 1.3.1: Released 2010-01-22 update Firefox to 3.5.7 update Pidgin to 2.6.5 update Tor to 0.2.1.22 -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject signature.asc Description: OpenPGP digital signature
Re: Tor-ramdisk 20100115 is out.
On 01/15/2010 10:13 AM, arshad wrote: is this a project supported/acknowledged by torproject? Yes, it's acknowledged. It's a great way for people with dedicated hardware to run a Tor relay. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor-ramdisk 20100115 is out.
On 01/15/2010 12:50 PM, basile wrote: But all the ramdisk image has in it is a kernel, 3 binaries (tor, ntpd and busybox) and one ash script. You can't run the service there. I guess you could run it on another machine behind tor-ramdisk. You could map the hidden service to another server, but you might as well run the tor client and a hidden service on that other machine itself. The hidden service also wants to write a private key and hostname somewhere. If you write this to a ram disk, it also goes away when the system is rebooted. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AW: QoS and Tor on Ubuntu 9.10
On 01/15/2010 05:14 PM, Matias Meier wrote: Hi Roger. Thank you for the fast reply. But the link to that script isn't working... Does the link work for you? https://git.torproject.org/checkout/tor/master/contrib/linux-tor-prio.sh From Roger's email: Alas, our new https interface for git is still under construction, so in the mean time, an easy place to find the script is contrib/linux-tor-prio.sh in your Tor tarball. You need to either use git://git.torproject.org/checkout/tor/master/contrib/linux-tor-prio.sh to get it, or look in the source tarball for the script. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: exitnodes
On 01/09/2010 10:27 PM, Seth Ness wrote: I always restricted my exitnode to the UK, by setting strictexitnodes and having an exitnodes line followed by a list of UK exit nodes names and that works fine. It should, there are 24 exit nodes in the UK at last check. Also, where exactly is the torrc config file I am suppossed to edit on the Mac with the official installtion package? The one I found and used was blank. Depending upon how you installed, look in ~/Library/Vidalia/torrc. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: how much to use big relays (was Re: bloxortsipt)
On 01/08/2010 09:43 AM, Olaf Selke wrote: is there still any ongoing development to let tor take better advantage from a multi-cpu system than only performing onionskin decryption? Yes, this is on the very-short-term todo list for January. There are some tricky threading issues to resolve, but Nick is planning on tackling better threaded crypto real soon now. The project plan is at https://svn.torproject.org/svn/projects/todo/tracking-gantt.pdf. The task is 12.7.3. It's currently slated for March, but the other bits of 12.7 were done quicker than expected. As soon as svn/git are back online, I'll update the plan accordingly. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor Browser Bundle 1.3.0 Released
On December 31, 2009, I released the latest in the Tor Browser Bundle series, 1.3.0. The version bump from 1.2.10 to 1.3.0 is due to the change to Firefox 3.5.6 (from Firefox 3.0.15). You can get the latest TBB in 12 languages at https://www.torproject.org/torbrowser/ Torbutton 1.2.4 fixes a number of privacy and anonymity issues with the Firefox 3.5.x code base. The official changelog is: - upgrade Firefox to 3.5.6 - update Pidgin to 2.6.4 - update Torbutton to 1.2.4 Feel free to file bugs at https://bugs.torproject.org/flyspray/index.php?tasks=allproject=4. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject signature.asc Description: OpenPGP digital signature
Re: Pidgin with TOR
On 12/31/2009 10:57 AM, Programmer In Training wrote: for some reason i cannot set the proxy setting globally, the button is greyed out (disable) i mean: toolspreferencenetwork and under proxy server and browser it says proxy configuration program was not found and proxy and browser preferences are configured in gnome prefernces. two buttons are there, configure proxy and configure browser, the configure proxy button is disabled. This depends upon which version of pidgin you have. It seems the 2.6 series relies on the GNOME proxy configuration variables, rather than pidgin maintaining its own config. In gnome, if you go to the System menu, and choose Preferences, do you have a Network Proxy option? Depending on what system you have, this may help: http://www.ubuntugeek.com/how-to-configure-ubuntu-desktop-to-use-your-proxy-server.html -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Testing Tor Browser Bundle 1.3, now with Firefox 3.5.6
Now that torbutton 1.2.4 is released, we feel we've managed to contain the anonymity and privacy issues with the Firefox 3.5.x series of browsers. We're working on the 3.6.x series now. I've updated the tor browser bundle to include firefox 3.5.6 with torbutton 1.2.4. If there are no substantial bugs, I'll release it before the end of the year. Thanks! Test builds are at http://freehaven.net/~phobos/tor-browser-1.3.0-dev_en-US.exe and .asc The bundle containing pidgin for instant messaging is at http://freehaven.net/~phobos/tor-im-browser-1.3.0-dev_en-US.exe and .asc The full changelog is: upgrade Firefox to 3.5.6 update Pidgin to 2.6.4 update Torbutton to 1.2.4 -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: New Article Up
On 12/29/2009 04:23 PM, Programmer In Training wrote: I just posted a short article on the settings to use when setting up Pidgin and FF to use Tor. I tried to keep it simple, used screen shots of the settings that I've been suggested to use and have had great success in using to browse and IM across the Internets. Have you seen https://torproject.org/torbrowser? In particular, the Building the Bundle bit, https://www.torproject.org/torbrowser/details.html.en#contents where we document what's changed and why in the various files? Someday I'll write up a summary of all this for non-developers to read. The prefs.js commit log may be helpful too, https://svn.torproject.org/cgi-bin/viewvc.cgi/torbrowser/trunk/build-scripts/config/prefs.js?view=log -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: New Article Up
On 12/29/2009 04:49 PM, Programmer In Training wrote: As for the documentation, it's like the other docs in that I've found them too convoluted for the beginner (like me) to understand and I wind up asking more questions then I really need to. Also, everything is so spread out (wiki here, documentation there, etc.) it can be hard to find any particular piece of information. I'm just aiming to provide a simple starter element that the average user can understand as they become more security conscious (which is the whole point of my privacy series that I started with The Privacy Mandate). Great. I like that you want to write about technical bits for a general audience. Most of Tor's documentation is in the code, in doxygen, or written for developers. We don't have enough cycles to write for a general audience. Feel free to ask for clarifications on confusing points. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/