Re: StrictNodes or StrictExitNodes?
and...@torproject.org wrote: On Fri, Nov 26, 2010 at 10:11:55AM +, my.green.lant...@googlemail.com wrote 2.3K bytes in 61 lines about: : So if Tor is using usual development practice then why does the : stable version manual : (http://www.torproject.org/docs/tor-manual.html.en) have : *WarnUnsafeSocks in it if there has been no stable build since it : was introduced in *0.2.2.14-alpha ? This is because the tor-manual.html.en is really the -alpha manual, not the -stable manual. The long story made short is that the new website removed the ability to do man2html on the -stable man page. Oops. I've removed the links to the -stable man page on the website, linking to the -alpha version instead (and labelled as such). I hope this is only a temporary bodge. The new dev (alpha) version commands are NOT in the stable version and WILL keep on causing confusion if this is not resolved. : Also , I notice the manuals do not have deprecated commands in it : any more (even if they are still supported). It might be wise to add Because they're in the changelog. The man pages only contain what is supported, not what was supported. Well the commands are indeed IN the code and still supported and work, so there should be mention of them in the manual (as was done for the past X years now). Why not put them back in the manual and ONLY remove them in future when, 1. They are no longer supported at ALL in the current stable version and 2. when the older versions are no longer compatible (e.g when from time to time we all have to update our older versions due to incompatible code) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: StrictNodes or StrictExitNodes?
Roger Dingledine wrote: This is interesting. I tried it.. and both seem to work for me on my 0.2.2.10-alpha on win2k. But.. when I tried - WarnUnsafeSocks 0 I get.. Nov 25 17:50:03.015 [Warning] Failed to parse/validate config: Unknown option 'WarnUnsafeSocks'. Failing. Nov 25 17:50:03.015 [Error] Reading config failed--see warnings above. Tor then bombs out.. WarnUnsafeSocks was introduced in Tor 0.2.2.14-alpha. --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Wow, there seems to be some sort of error, I thought (as per usual development practice) that as The current stable version of Tor is 0.2.1.27. then my 0.2.2.10-alpha would contain the code up to and after 0.2.1.27-stable (had 0.2.1.27-alpha been stable enough - as its normal development practice for a stable to be a stable, a field tested, alpha build - with the same version number). So if Tor is using usual development practice then why does the stable version manual (http://www.torproject.org/docs/tor-manual.html.en) have *WarnUnsafeSocks in it if there has been no stable build since it was introduced in *0.2.2.14-alpha ? Also , I notice the manuals do not have deprecated commands in it any more (even if they are still supported). It might be wise to add these old commands particularly if they are still supported and give versions when they were deprecated/removed and versions when new ones were introduced. It shouldn't be too onerous. After all the manuals are going to be used by people who have different versions. It would then be possible to have just one manual covering ALL Tor versions, stable and dev. e.g. StrictExitNodes 0|1 (Added v?.?.?.?-alpha and v?.?.?.?-stable, Deprecated v0.2.2.7-alpha and v?.?.?.?-stable, Removed v0.?.?.?-alpha etc - see replacement command StrictNodes) Blah.. blah .. blah Then we only have to check the ONE manual and all will be clear! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: StrictNodes or StrictExitNodes?
Matthew wrote: I think I am correct to say that StrictExitNodes has been negated in favour of StrictNodes. However, when I use StrictExitNodes 1 I have no problems. When I use StrictNodes 1 and have viable ExitNodes then Vidalia gives the error: Vidalia detected that the Tor software exited unexpectedly. I am using 0.2.1.26 on Ubuntu 10.04. Thanks. This is interesting. I tried it.. and both seem to work for me on my 0.2.2.10-alpha on win2k. But.. when I tried - WarnUnsafeSocks 0 I get.. Nov 25 17:50:03.015 [Warning] Failed to parse/validate config: Unknown option 'WarnUnsafeSocks'. Failing. Nov 25 17:50:03.015 [Error] Reading config failed--see warnings above. Tor then bombs out.. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bitcoin And The Electronic Frontier Foundation
Kyle Williams wrote: Coderman sent this to me, and I'm a little upset because the extra $60.00/month for 0 bitcoins is very annoying. I have since stopped trying to generate bitcoins, because it's just wasting electricity. More comment inline below debating this point. For those who are wondering if it's worth trying to generate bitcoins, here is something to think about. I've had a single Quad-Core (2.6GHz/core, 12MB L2 cache) server crunching on bitcoins for about 6 months now. About 2-3 months ago, it stopped generating bitcoins. Someone is out there with a lot of GPU's, crunching away at the bitcoin network and is hording/generating all the bitcoins. I say this because the amount of chatter on the bitcoin forums in regards to GPUs vs CPUs has exploded, and new GPU clients are being released. -- Forwarded message -- From: Jeffrey Paul sn...@datavibe.net mailto:sn...@datavibe.net Date: Mon, Nov 15, 2010 at 11:22 AM Subject: Re: Bitcoin And The Electronic Frontier Foundation To: coderman coder...@gmail.com mailto:coder...@gmail.com Cc: Sarad AV jtrjtrjtr2...@yahoo.com mailto:jtrjtrjtr2...@yahoo.com, Eugen Leitl eu...@leitl.org mailto:eu...@leitl.org, cypherpu...@al-qaeda.net mailto:cypherpu...@al-qaeda.net -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 15 Nov, 2010, at 19:19 , coderman wrote: the cuda cards are killing bitcoin, why bother? (i suppose it is an interesting footnote...) Nothing could be further from the truth. Mining/Minting operations have little/nothing to do with the viability of the network itself. That's correct, it has to do with the number of operations per second you CPU/GPU can do. The network is based on the number of supporters. Apple's and oranges. It's a novel way of dealing with inflation, but, if anything, the easy availability of cheap and fast GPUs is accelerating adoption. You're twisting facts together here, again apple's and orange's. Inflation aside, GPUs will generate bitcoins much, much faster than a CPU. Opportunists will quickly drive the profit from generating down to almost exactly that of the power costs, but that's to be expected. No, the value of bitcoins starts to be cut in half as the more bitcoins are generated. The number of blocks times the coin value of a block. The coin value is 50 bc per block for the first 210,000 blocks, 25 bc for the next 210,000 blocks, then 12.5 bc, 6.25 bc and so on. -- http://www.bitcoin.org/faq#What-s_the_current_total_amount_of_Bitcoins_in_existence So when the value of BTC's starts to be cut in half, and with INFLATION now at a record high, the cost of electricity is NOT GOING DOWN. Hence, the chance of you generating bitcoins will go down because a CPU can not compete with someone else's GPU, more power/electricity is being used to generate (or not generate) bitcoins, and after the last six month's of running bitcoin, I haven't generated a single block in over two months because someone has already cornered this market with GPU's. They are also the driving force behind a free market. Or do you think they are killing those, too? :) Of course someone quotes the free market when they have a large corner of it. Free market's always FAIL when someone is hording all the (bit)coins, and while it may support free market's, it certainly is not a fair market today. If 2,000,000 bitcoins are spread about a few thousand people, and 19,000,000 coins are held by 1 person, your Free Market goes down the drain because one person could out-buy anyone else. One last point; by looking @ the #bitcoin channel on IRC, it shows that about 600 people are wasting their CPU cycles because someone has most likely has a cluster of GPU's working away at this. This is the wasted cost of TRYING to generate a bitcoin. If only one person can generate the block (ie, 50 Bitcoins right now), then 599 people are wasting their electricity and time. So the ~$60 a month (increase in my electric bill) * 599 = $35,940. Even if we decide to be really conservative (not realistic in this case) and cut this cost down by a tenth, it's still ~$3,594 being wasted per month while someone else get's the coins. How green or eco-friendly is that? Now I ask the community, If your chance of generating a bitcoin block for yourself is slim-to-none, would you want to waste your time and money trying to generate bitcoins? Don't get me wrong, I hate what is happening to the USD, and love the idea of crypto currency, but I see some serious flaws with bitcoin. He who has the biggest cluster will win the day, and leaves the rest of us with next to nothing. - Kyle A few months ago I saw this as well using a dual core 2.666, but I found a little trick which increases the coin production. Just re-boot every 2-3 days, then you usually get a flush of coins.
Re: Vidalia - Country Locations on Tor network map all missing
Geoff Down wrote: On Mon, 15 Nov 2010 12:28 +, Anon Mus my.green.lant...@googlemail.com wrote: Using vidalia 0.2.7, Tor 0.2.2.10-alpha (Qt 4.5.3) I am not seeing any location in the left box (or anywhere else) against Tor relays, just a ? in a white box. Is anyone else seeing this? I asked this on the 8th :) See https://blog.torproject.org/blog/shutting-down-vidalia-geoip-mapping-server GD duoooh, will upgrade, thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Vidalia - Country Locations on Tor network map all missing
Geoff Down wrote: On Mon, 15 Nov 2010 12:28 +, Anon Mus my.green.lant...@googlemail.com wrote: Using vidalia 0.2.7, Tor 0.2.2.10-alpha (Qt 4.5.3) I am not seeing any location in the left box (or anywhere else) against Tor relays, just a ? in a white box. Is anyone else seeing this? I asked this on the 8th :) See https://blog.torproject.org/blog/shutting-down-vidalia-geoip-mapping-server GD Ohh dear, this new version of Vidalia does not work with Windows 2k. It comes up with the error The procedure entry point freeaddrinfo could not be located in ws2_32.dll The problem is seen in win2k not win xp or later... http://msdn.microsoft.com/en-us/library/ms737931(VS.85).aspx u..any ideas ?? coz I like my old win2k, even though I have a win xp lying around somewhere. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
and...@torproject.org wrote: On Thu, Oct 07, 2010 at 05:20:08PM +0100, my.green.lant...@googlemail.com wrote 2.3K bytes in 55 lines about: : Well, well, well suddenly the problem fixes itself... after : 20+ disconnects and 10+ You are using a proxy which is changing : your data... refusing connection.. over the past 3 days. This would be a lot better if it came with logs, bug reports, and data. It could also be the destination site having problems, or the exit relay is overloaded, or sun flares. The Internet is complex, narrowing down the problem to Tor or not Tor is a first step. I have no idea how to log (privoxy or tor??) these, maybe you could explain how its done, just in case they start happening again.. 1. Connection Disconnected: The browser has a little message connection closed on a white background (not a privoxy message). When I watch the exits (using vidalia's network map ) that produce these messages (which are identical to those produced by chinese exits around 2005/6) I see circuit request which then sits there for about a minute, until eventually I get the message (above). Rarely the circuit itself sometimes dies but more often does not. If I ask for another url (e.g. msn.com etc) - this is immediately serviced correctly within a second or so. 2.You are using a proxy which is changing your data... refusing connection.. This is a short html document, with a black background, a title in bold WARNING.., and then the rest in standard font size. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Mike Perry wrote: Thus spake Anon Mus (my.green.lant...@googlemail.com): Well, well, well suddenly the problem fixes itself... after 20+ disconnects and 10+ You are using a proxy which is changing your data... refusing connection.. over the past 3 days. Must be just another co-incidence ..funny though how it was still failing a minute prior to my post being written today. This must be similar to the DNS resolution problem (unable to resolve DNS and so failed page access) to webcrawler.com when using these servers as exits the last 4 weeks... (might be fixed now, but these are all in my exclude as exits list, so I wouldn't know). spfTOR1,spfTOR2,gpfTOR1,gpfTOR2,Amunet1,Amunet2,Amunet3,Amunet4,Amunet5,Amunet6,Amunet7,Amunet8,Amunet9,Amunet10,Amunet11,Amunet12,blutmagie,blutmagie2,blutmagie3,blutmagie4 That's an interesting list. It looks like you just took the top 20 fastest exits and listed them. Yes this makes it very worrying that such high volume exits are bad servers, as they grab all your circuits' exit positions. If they a traffic loggers (ie spies) then Tor users are in trouble. Are you excluding these because of proven malicious activity; because of poor connectivity; because they are banned from most sites; or just because you needed a button to make your Internet as slow as possible, and Tor seemed like the best choice? These were added because, as I already said, they were repeatedly (5+ times on 5 different circuits) unable to resolve DNS and so failed page access,. this is a standard privoxy message. Prior to end August 2010, if this kind of message was received I just used to close the circuit and try again. Usually it would resolve by the 3rd try. I tested these exits to see if they could resolve other urls, they did so with ease, no errors. But at the end August every time I closed the circuit I got one of the blutmagie,blutmagie2,blutmagie3,blutmagie4 exits again and these could not resolve the DNS of webcrawler.com. So I did a little investigation and found that ALL these were not resolving this DNS but simple (web based) one hop proxies put on at the end of tor (globally) could resolve this dns. So I placed them all (the blutmagie ones) in my ExcludeExitNodes this stopped the problem... and I was able to access webcrawler.com via TOR for a while. A week later however the problem re-occurred this time with .. Amunet1,Amunet2,Amunet3,Amunet4,Amunet5,Amunet6,Amunet7,Amunet8,Amunet9,Amunet10,Amunet11,Amunet12 So I put all the Amunet exits on the ExcludeExitNodes as well. The next week the problem re-occurred with spfTOR1,spfTOR2,gpfTOR1,gpfTOR2 so I Excluded them also. And with a few more exits (all German/US) in the following weeks the problem was cured. No problems now for 2 weeks. Web pages are as fast as before I excluded these nodes. I use webcrawler.com because it is multi-search engine and it has low bandwidth pages so its ideal for TOr users. (Maybe another search engine, like google.com, owns/sponsors these exits and is blocking the resolution of its competitor ??) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Jim wrote: Anon Mus wrote: These were added because, as I already said, they were repeatedly (5+ times on 5 different circuits) unable to resolve DNS and so failed page access,. this is a standard privoxy message. FYI, when you get that Privoxy message while using Tor (or any other downstream proxy) it just means that Tor was unable to retrieve the page. Privoxy has no way of knowing whether this was because of a DNS failure or some other reason. (If Privoxy is the final proxy then it knows whether the problem is DNS or not. They should probably use a different failure message when Privoxy passes the request onto another proxy.) Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Sorry Jim, thats what it says, if these are NOT refusing DNS resolution, then they ARE actively blocking access to named urls which are noncriminal in nature (like this one), if so, then thats even worse and for so many - implies ALL these exit nodes have a linked (organized) hidden agenda. Try this... enter into your torrified/privoxyified browser the url cobblers.za and go get it. You'll see the following privoxy message page entitled 404 - No such Domain 404 This is Privoxy http://www.privoxy.org/ 3.0.6 on YourMachineName (127.0.0.1), port 8118, enabled No such domain Your request for *http://www.cobblers.za/* could not be fulfilled, because the domain name *www.cobblers.za* could not be resolved. This is often a temporary failure, so you might just try again http://www.cobblers.za/. More Privoxy: * Privoxy main page http://config.privoxy.org/ * View change the current configuration http://config.privoxy.org/show-status * View the source code version numbers http://config.privoxy.org/show-version * View the request headers. http://config.privoxy.org/show-request * Look up which actions apply to a URL and why http://config.privoxy.org/show-url-info * Toggle Privoxy on or off http://config.privoxy.org/toggle * Documentation http://www.privoxy.org/3.0.6/user-manual/ Support and Service via Sourceforge: We value your feedback. To provide you with the best support, we ask that you: * use the support forum http://sourceforge.net/tracker/?group_id=8atid=28 to get help. * submit ads and configuration related problems with the actions file through the Actionsfile Feedback Tracker. http://sourceforge.net/tracker/?group_id=8atid=460288 * submit bugs only through our bug tracker http://sourceforge.net/tracker/?group_id=8atid=18. Make sure that the bug has not yet been submitted. * submit feature requests only through our feature request tracker http://sourceforge.net/tracker/?atid=361118group_id=8func=browse. Valid HTML 4.01 Strict http://validator.w3.org/ Thats because the domain name *www.cobblers.za* could not be resolved. so it says. When I was doing this with webcrawler.com that was the error that was eventually given, after it sat there for ages (unlike the example above which returns immediately), repeatedly trying numerous circuits with those exits, that I later excluded, and would sit there for 1-2 minutes trying, with my browser active (activity icon whirring), until finally this failed DNS resolution message appeared. But these exits were resolving other urls OK (and plenty of them without any error, in fact, I started using msn.com because of this for a while - whilst still trying to get webcrawler.com to work now and then) and just a simple exclusion of these rogue exits solved the problem. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Geoff Down wrote: On Sat, 09 Oct 2010 13:37 +0200, Olaf Selke olaf.se...@blutmagie.de wrote: On 09.10.2010 11:38, Anon Mus wrote: Prior to end August 2010, if this kind of message was received I just used to close the circuit and try again. Usually it would resolve by the 3rd try. I tested these exits to see if they could resolve other urls, they did so with ease, no errors. But at the end August every time I closed the circuit I got one of the blutmagie,blutmagie2,blutmagie3,blutmagie4 exits again and these could not resolve the DNS of webcrawler.com. So I did a little investigation and found that ALL these were not resolving this DNS but simple (web based) one hop proxies put on at the end of tor (globally) could resolve this dns. hi there, please let me know if there's something wrong with blutmagie's dns resolution. dig webcrawler.com works perfectly from shell. By the way: My employer Telefonica O2 is shutting down the local office end of Q1 2011. Besides my job this might lead to the loss of the special deal for hosting blutmagie exit node. I doubt to get 200 TB traffic each month for free somewhere else. http://www.thelocal.de/money/20101008-30361.html regards Olaf - blutmagie operator Sorry to hear about the loss of your job. I think the OP has not considered that Webcrawler may be blocking some Tor exits after experiencing abuse - the heaviest used exits would be the ones likely to show up. Privoxy's error messages can't be relied on IMO. It would be useful if tor-resolve had a 'choose exit' option. GD Wouldn't that show as connection refused message? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Fabian Keil wrote: Your Privoxy version is from 2006, you might want to consider updating it. With a more recent version I get: | f...@r500 ~ $lynx --dump http://www.cobblers.za/ |503 | |This is [1]Privoxy 3.0.17 on Privoxy-Jail.local (10.0.0.1), port 8118, |enabled | |Warning: | | This Privoxy version is based on UNRELEASED code and not intended for | production systems! | Use at your own risk. See the [2]license for details. | |Forwarding failure | | Privoxy was unable to socks5-forward your request | [3]http://www.cobblers.za/ through tor-jail: SOCKS5 host unreachable | |Just [4]try again to see if this is a temporary problem, or check your |[5]forwarding settings and make sure that all forwarding servers are |working correctly and listening where they are supposed to be |listening. [...] And Tor says: Oct 09 14:00:19.571 [notice] Have tried resolving or connecting to address 'www.cobblers.za' at 3 different places. Giving up. Fabian Yes Fabian, it probably is that old, as old as the last version distributed with Tor. Having gone to www.privoxy.org/ sourceforge.net/projects/ijbswa/files/, the most recent was v3.0.16, which I will try. Does this version differentiate the DNS resolution fails? Where can you get v3.0.17 from? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Fabian Keil wrote: If you are using a Privoxy version more recent than 3.0.9 (released in 2008), you can use SOCKS5 which will allow Tor to provide Privoxy with a more detailed problem description. My mistake, I assume that means that v3.0.16 does indeed do this DNS reporting. With a more recent version I get: | f...@r500 ~ $lynx --dump http://www.cobblers.za/ |503 | |This is [1]Privoxy 3.0.17 on Privoxy-Jail.local (10.0.0.1), port 8118, |enabled | |Warning: | | This Privoxy version is based on UNRELEASED code and not intended for | production systems! | Use at your own risk. See the [2]license for details. | |Forwarding failure | | Privoxy was unable to socks5-forward your request | [3]http://www.cobblers.za/ through tor-jail: SOCKS5 host unreachable | |Just [4]try again to see if this is a temporary problem, or check your |[5]forwarding settings and make sure that all forwarding servers are |working correctly and listening where they are supposed to be |listening. [...] And Tor says: Oct 09 14:00:19.571 [notice] Have tried resolving or connecting to address 'www.cobblers.za' at 3 different places. Giving up. Fabian After reading what you say about this retrying, I assume that the long waits I got while it re-tried other circuits does mean that it was DNS resolution failure and not refusal to serve/connect to a page that we are dealing with here. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Fabian Keil wrote: And Tor says: Oct 09 14:00:19.571 [notice] Have tried resolving or connecting to address 'www.cobblers.za' at 3 different places. Giving up. Fabian Ahh, I have those but they only say, Oct 09 15:31:32.109 [Notice] Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up. [scrubbed] what is this url? What places did it try in? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Fabian Keil wrote: Anon Mus my.green.lant...@googlemail.com wrote: and...@torproject.org wrote: On Thu, Oct 07, 2010 at 05:20:08PM +0100, my.green.lant...@googlemail.com wrote 2.3K bytes in 55 lines about: : Well, well, well suddenly the problem fixes itself... after : 20+ disconnects and 10+ You are using a proxy which is changing : your data... refusing connection.. over the past 3 days. This would be a lot better if it came with logs, bug reports, and data. It could also be the destination site having problems, or the exit relay is overloaded, or sun flares. The Internet is complex, narrowing down the problem to Tor or not Tor is a first step. I have no idea how to log (privoxy or tor??) these, maybe you could explain how its done, just in case they start happening again.. 1. Connection Disconnected: The browser has a little message connection closed on a white background (not a privoxy message). If the server (or proxy) accepts the connection but closes it without sending any data, Privoxy versions before 3.0.7 will send the text 'Connection: close' to the client. This bug was fixed more than three years ago and is yet another reason why you might want to consider updating your Privoxy version. Nowadays you get a proper problem description: |f...@r500 ~ $lynx --dump http://10.0.0.1/empty-response | 502 | | This is [1]Privoxy 3.0.17 on Privoxy-Jail.local (10.0.0.1), port 8118, | enabled | | Warning: | | This Privoxy version is based on UNRELEASED code and not intended for | production systems! | Use at your own risk. See the [2]license for details. | | No server or forwarder data received | | Your request for [3]http://10.0.0.1/empty-response could not be | fulfilled, because the connection to 10.0.0.1 (10.0.0.1) has been | closed before Privoxy received any data for this request. | | This is often a temporary failure, so you might just [4]try again. | | If you get this message very often, consider disabling | [5]connection-sharing (which should be off by default). If that doesn't | help, you may have to additionally disable support for connection | keep-alive by setting [6]keep-alive-timeout to 0. [...] It's still a frequent problem when using Tor. Yesterday it happened for around 1% of my requests (some of them were made without Tor, though): f...@r500 ~ $privoxy-log-parser --statistics /usr/jails/privoxy-jail/var/log/privoxy/privoxy.log.1 Client requests total: 7881 Crunches: 1100 (13.96%) Outgoing requests: 6781 (86.04%) Server keep-alive offers: 2802 (35.55%) New outgoing connections: 5535 (70.23%) Reused connections: 1246 (15.81%) Empty responses: 95 (1.21%) Empty responses on new connections: 1 (0.01%) Empty responses on reused connections: 94 (1.19%) Method distribution: 7052 : GET 753 : CONNECT 46 : POST Client HTTP versions: 7830 : HTTP/1.1 21 : HTTP/1.0 URL statistics are disabled. Increase --url-statistics-threshold to enable them. Note that it isn't necessarily caused by the exit node itself, it can also happen simply because the server closed the connection but the Tor client hasn't noticed it yet and thus still accepts data on an already-dead connection. This would explain the number of Empty responses on reused connections. Fabian Yes Fabian I would think that ordinarily the failure to connect does occur about this frequent, it used to happen very frequently when lots of chinese exits were on-line. But thats not what I saw in the case of this - what I saw was (very nearly - over 3 days) 100% failure (after the 1st day), on all circuits re-used or new on about 50+ attempts (some 20+ on new circuits, after I started closing the failed ones in an attempt to kick the system into proper use). Also, as I said most failed access circuits still survived. I'll have a look using v3.0.16, but I'm not expecting any errors now that the access has been fixed. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
TorOp wrote: On 10/9/2010 11:14 AM, Anon Mus wrote: Fabian Keil wrote: And Tor says: Oct 09 14:00:19.571 [notice] Have tried resolving or connecting to address 'www.cobblers.za' at 3 different places. Giving up. Fabian Ahh, I have those but they only say, Oct 09 15:31:32.109 [Notice] Have tried resolving or connecting to address '[scrubbed]' at 3 different places. Giving up. [scrubbed] what is this url? What places did it try in? Add the below line to your torrc and the scrubbed will be replaced by the domain in question. SafeLogging 0 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Have done this thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
On Sun, Oct 3, 2010 at 2:05 PM, kalitnik...@privatdemail.net wrote: Hello everyone. I found a fork (?) of tor software with GUI named Advanced Tor. I was surprised of its features, but found just nothing about it in web, though it has opened source placed in sf.net. Have you people discussed it? Please give a link to discussion if yes. Otherwise you are welcome (if it won`t break any or-talk rules), especially I`d like to know if someone can get through the code to check it for backdoors or something like that. Description and source: http://nemesis.te-home.net/Projects/AdvTor.html http://sourceforge.net/projects/advtor/ http://nemesis.te-home.net/Projects/AdvTor.html When connecting to this site through Tor either I get a disconnect or a weird message saying I am connecting via a proxy which is changing my data. I have only once had an acutual web page to browse (right after it the first post to OR-TAlk). Is this a TOr problem (e.g. a ban by Tor exits) or a site problem? Jo *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: AdvTor
Nick Mathewson wrote: On Thu, Oct 7, 2010 at 4:32 AM, Anon Mus my.green.lant...@googlemail.com wrote: On Sun, Oct 3, 2010 at 2:05 PM, kalitnik...@privatdemail.net wrote: Hello everyone. I found a fork (?) of tor software with GUI named Advanced Tor. I was surprised of its features, but found just nothing about it in web, though it has opened source placed in sf.net. Have you people discussed it? Please give a link to discussion if yes. Otherwise you are welcome (if it won`t break any or-talk rules), especially I`d like to know if someone can get through the code to check it for backdoors or something like that. Description and source: http://nemesis.te-home.net/Projects/AdvTor.html http://sourceforge.net/projects/advtor/ http://nemesis.te-home.net/Projects/AdvTor.html When connecting to this site through Tor either I get a disconnect or a weird message saying I am connecting via a proxy which is changing my data. I have only once had an acutual web page to browse (right after it the first post to OR-TAlk). Is this a TOr problem (e.g. a ban by Tor exits) or a site problem? Not sure what your trouble is here, but Tor doesn't ban sites. I just tried connecting there, and it worked fine for me. yrs, Well, well, well suddenly the problem fixes itself... after 20+ disconnects and 10+ You are using a proxy which is changing your data... refusing connection.. over the past 3 days. Must be just another co-incidence ..funny though how it was still failing a minute prior to my post being written today. This must be similar to the DNS resolution problem (unable to resolve DNS and so failed page access) to webcrawler.com when using these servers as exits the last 4 weeks... (might be fixed now, but these are all in my exclude as exits list, so I wouldn't know). spfTOR1,spfTOR2,gpfTOR1,gpfTOR2,Amunet1,Amunet2,Amunet3,Amunet4,Amunet5,Amunet6,Amunet7,Amunet8,Amunet9,Amunet10,Amunet11,Amunet12,blutmagie,blutmagie2,blutmagie3,blutmagie4 *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
Jonathan D. Proulx wrote: While I do think it's good to see the funding there are two points that are important to remember. 1) this is a freesoftware project the code is there for all to see, hopefully clueful people other than the US Government are reading it. Unfortunately, whilst there are clueful people watching the software, no one has yet decided to publically produce and share a modified version of this code which protects from a Global Adversary who is analyzing the traffic (real time or.not). I await that day, but believe it will not be soon, because it would be foolish to take on such a task, only to have the Tor project themselves then radically change the code and so as to make the unofficial modification obsolete. 2) no matter who's funding it the US gov't could read the code (see above) and would continue to (potentially) have a near global view of internet traffic. Well its obvious that who funds it get to make the decision as to what anonymity protection gets put in. So if you were the Global Traffic Analysis Adversary then you would distract, delay, deny and defend lack of protection from your analysis. If you also funded the project then that would make that task easier. So whilst there is no protection in Tor (by official policy) from the Global Traffic Analysis Adversary (aka US -GOV) then you can expect to unmasked for every usage you make of Tor. Unless of course, you were the US -GOV in which case you can add that protection into your Tor nodes and Tor clients. For instance if I were US - GOV (i.e. it was my job to spy on your traffic) I would, at the very least, 1. Set up global INTEL network of private and institutional Tor servers. These servers would be .edu, .gov, .net (running at legit ISP's), as well as from the homes of hundreds of operatives (police, CIA, FBI, NSA, Homeland Security), .mil (e.g. force bases overseas) and other .gov officials (embassy staff, trade orgs, propaganda orgs like Voice of America offices) globally. 2. On those INTEL servers, a modified Tor software would be run with modifications to create a supersecure subset of Tor. These servers would either be self identifying (as the supersecure servers - SS) or receive a list of ips from a central server. I'd give some of these SS servers name like anarchist, whacko, anarchist or anti-gov/big brov but their ip's would appear to be from telco's, RD/Ops contractors.. 3. Relatively minor modifications to the Tor code would add this extra protection and priority for the officially supersecure traffic. e.g. i/ Higher/extra layer encription. ii/Protection from Traffic analysis - extra long random length circuits (n = 3..6 variable), chaff traffic (70-90% variable chaff), multiplexed traffic (mixed circuit streams - TOP SECRET) and multiple route traffic (split circuit streams - EXTREME TOP SECRET). iii/Traffic delivery Guarantees 4. Non-supersecure (normal) traffic would be labeled to separate its treatment (as well as logged with the identity ip of the originating Tor user. Potentially then the circuit builders Tor user ip could be sent on secretly, in another layer, to as far as it will go in this SSS Intel network) 5. Potentially, normal Tor traffic could be deliberately sent, by these SS servers, in specific traffic analysis timed sequences to make easier to pick it up when it exits the SSS Intel network by traffic analysis systems . A sort of traffic signature to be followed to the source. To a large extent freesoftware defends agains the worst abuses funders can demand (1), but I wouldn't fully trust TOR against China either (2) No comment -Jon *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
Roger Dingledine wrote: On Sat, Aug 14, 2010 at 12:26:57PM +0100, Anon Mus wrote: It looks like 90% of the funding is from the US, nearly all US government. If you know any funders outside the US who care about privacy, anonymity, or circumvention, we're all ears. :) I am certain there are funders outside the US but whilst Tor remains a tool the US I would guess they'd be reticent to contribute and who could blame them. Add to this the number of Tor nodes run from US institutions (many at US gov funded edu's) and you should be able to see who that Global Adversary is! US - GOV Conspiracy theories aside, this is an important open research question that still needs more research attention: if you can watch a given amount of Internet backbone traffic, how much of the Tor network can you surveil? Here are three papers to get you started if you want to learn more about this issue: http://freehaven.net/anonbib/#feamster:wpes2004 http://freehaven.net/anonbib/#DBLP:conf/ccs/EdmanS09 http://freehaven.net/anonbib/#murdoch-pet2007 Designs like Tor have always accepted that they will be vulnerable to a global passive adversary: https://svn.torproject.org/svn/projects/design-paper/tor-design.html#subsec:threat-model I think you'll find that Tor only became officially incapable of protecting from such an adversary around 2004/5 when numerous request to add this protection to Tor was made. Since then its been the official policy not to protect from such a threat (so as to head off any complaints it does not do the job perhaps ??). It a good idea that you speak for Tor only, not other system here, where there are/have been genuine attempts to provide full anonymity, no get out clause. The key point to realize here is that you shouldn't so much think about the locations of the Tor relays, but instead think about which networks the communication between Tor users and the Tor network traverses, and which networks the communication between the Tor network and the destination services (e.g. websites) traverses. The Internet itself has bottlenecks that make our task hard even if we could engineer a good diversity of relay locations. Conspiracy theorist slander aside, FACT: in the mid-1990's IBM had 80% of the Global Internet Traffic flowiing through their servers, paid for by US military contracts, all routed through the US, so the US -GOV could spy on the global internet traffic. We can certainly imagine that some pieces of the US government have the capability to tap large pieces of the Internet: https://www.eff.org/nsa/faq But what saves us here is that the US government, like all governments, is not one person. It's a lot of different groups, all with different goals and different capabilities. That saves you?? Are you saying its not co-ordinated? Did you once work for US - Gov - Mil research? So a) that means some parts of the government actually want to support freedom of speech and/or need for themselves the security properties that Tor provides, and b) there's a huge amount of bureaucracy to slow down coordination between different pieces of the government -- so even if somebody at NSA can beat Tor, that doesn't mean somebody at FBI can call him up and ask for answers. --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
Andrew Lewman wrote: On Sat, 14 Aug 2010 12:26:57 +0100 Anon Mus my.green.lant...@googlemail.com wrote: It looks like 90% of the funding is from the US, nearly all US government. Internews Europe - France $183,180 (35.6%) (http://www.sourcewatch.org/index.php?title=Internews) Stichting Nlnet - Netherlands $42,931 International Broadcasting $260,000 (50.5%)) (http://en.wikipedia.org/wiki/International_Broadcasting_Bureau) Google US $28,500 (5.5%) Total $514,611 Last I checked, France Yes France is in France, but IBM France (called that for taxation purposes - I am sure you know this) is still a US company. Similarly, Internews Europe - France, is still 80% US funded, and a US - GOV run propaganda org, as I am sure you know. Deceit or what?? Is that not your signature and handwriting on the tax return (I assume the handwriting is not yours as its so shocking, looks more like a that of a 5y.o.) ? and the Netherlands I never said this was, so why accuse me of that? Did doing that make you case stronger? aren't under US Government rule. Internews Europe is different from Internews, and funded completely differently. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
Jimmy Dioxin wrote: The US Government also gets extensive use out of Tor. Law enforcement uses it for informants etc. As explained on the Tor website, this is actually a good thing as it makes you more anonymous (are you a fed, a journalist, somebody looking for porn, etc) Jimmy Dioxin Actually, you haven't really worked it out yet, so let me try and put you on the right track. If you have no protection from a global adversary using timing attacks, who had such massive access then there is NO anonymity for the ordinary Tor user, because there is ALWAYS a timing attack solution (from automated passive data analysis) which identifies the originating ip making exit node to open net request. Even the location of Tor hidden services and their users is easy (and automatic). So it matters not a jot that the US mil or gov uses the Tor service itself, even assuming that they are not using a modified Tor client to improve their anonymity and possibly aso identify their streams from the rest (only they will know how this can be done) . Think military, think intel community and never assume they are playing the game. What would you do in their jobs? On 08/14/2010 07:26 AM, Anon Mus wrote: Jimmy Dioxin wrote: Hey Folks, Cryptome has posted the Tor Project 2008 Tax Return available at: http://cryptome.org/0002/tor-2008.zip As many know, all US non-profit corporation returns are available upon request by the public. Firstly, people need to look through these returns in the same way we audit code. Looking at funding sources and expenditures is important to insuring Tor is a useful anonymity tool for years to come. Thanks for this. It looks like 90% of the funding is from the US, nearly all US government. Internews Europe - France $183,180 (35.6%) (http://www.sourcewatch.org/index.php?title=Internews) Stichting Nlnet - Netherlands $42,931 International Broadcasting $260,000 (50.5%)) (http://en.wikipedia.org/wiki/International_Broadcasting_Bureau) Google US $28,500 (5.5%) Total $514,611 Add to this the number of Tor nodes run from US institutions (many at US gov funded edu's) and you should be able to see who that Global Adversary is! US - GOV So perhaps we should not expect Tor to protect us from the hand that feeds it (and anyone else who has access to their data) Secondly, can the Tor project release these returns on the site for the above purpose? I don't think there needs to be some onerous accounting process for reporting to the public (ya'll have better things to do anyways), but these returns would be nice to have in the interest of transparency. Thanks, Jimmy Dioxin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
Jimmy Dioxin wrote: Hey Folks, Cryptome has posted the Tor Project 2008 Tax Return available at: http://cryptome.org/0002/tor-2008.zip As many know, all US non-profit corporation returns are available upon request by the public. Firstly, people need to look through these returns in the same way we audit code. Looking at funding sources and expenditures is important to insuring Tor is a useful anonymity tool for years to come. Thanks for this. It looks like 90% of the funding is from the US, nearly all US government. Internews Europe - France $183,180 (35.6%) (http://www.sourcewatch.org/index.php?title=Internews) Stichting Nlnet - Netherlands $42,931 International Broadcasting $260,000 (50.5%)) (http://en.wikipedia.org/wiki/International_Broadcasting_Bureau) Google US $28,500 (5.5%) Total $514,611 Add to this the number of Tor nodes run from US institutions (many at US gov funded edu's) and you should be able to see who that Global Adversary is! US - GOV So perhaps we should not expect Tor to protect us from the hand that feeds it (and anyone else who has access to their data) Secondly, can the Tor project release these returns on the site for the above purpose? I don't think there needs to be some onerous accounting process for reporting to the public (ya'll have better things to do anyways), but these returns would be nice to have in the interest of transparency. Thanks, Jimmy Dioxin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Torbutton Documentation - Adversary Capabilities. - fork: Normalization of XHR requests
Paul Syverson wrote: On Tue, Jul 13, 2010 at 05:30:27PM +0100, Anon Mus wrote: Paul Syverson wrote: Tor doesn't do any batching or delaying. This is just another way you could be identified by timing attacks. Tor provides no resistance to timing attacks, and so far there are no countermeasures that have been identified as working against a passive, much less active, adversary without imposing unacceptably high overhead or limitations. Since Tor's inception (must be getting ion for 10 years now) it has been getting faster year after year, this is due to network speed and bandwidth increases, which have been about a 200 fold (e.g. speeds of 100+Kbps max 2003 to 20+Mbps today). OK, there have been some increases in web page byte size but it not more than 10 fold. That means a real speed increase of at least 10 fold. So perhaps Tor developers should start putting in some timing attack protection. It seems to me that the time is right. What is holding them back? Are they afraid of global big brother complaining they cannot identify users at will? Anonymous should mean anonymous, no? Even assuming your description of the evolution of Tor network communication processing is correct, I don't understand what increase in network speed (throughput?) or bandwidth have to do with making it more feasible to protect against timing attacks. Obvious really, I quote you (from above) without imposing unacceptably high overhead - if the speeds bandwidth (you might like to read up on this subject) are up 10 fold then the latency is down. Pages load fast now, so there IS room for some extra ovehead now. Didn't you figure that out? There are lots of methods that can be employed to resist against timing attacks... and there's definite resistance to implementing them, even though its obvious on first principles that they DO work and that other anonymity systems have/do use them. The obvious one are.. 1. Bundling/Multiplexing individual streams into mixed streams, individual streams can even be split by over multiple routes then reconstituted. (means streams cannot reliably be followed). - adds entropy. 2. Caching by exit nodes (means streams cannot always be tracked from the external site) - adds entropy. 3. Variable (3-n random pattern) node size paths (means timing attack adversaries cannot EASILY predict route start and end) - adds entropy. 4. Random variable packet delay/sequence position transmission - adds entropy. 5. Addition of chaff traffic - adds entropy. INCREASED ENTROPY is the KEY. More entropy, the less certainty of the adversary of finding a timing attack solution. At the moment Tor has the appearance of an ordered NETWORK/WEB/GRAPH - low entropy (predictable system), the above would make it look more like an amorphous CLOUD - high entropy (unpredictable system). As for the rest you say below - as you are stuck with ever faster networks you'd better get used to it and put some ENTROPY into the Tor system. Faster networks should just make timing attacks more effective, and we know that we were already unable to do anything useful when such attacks were less effective. People should continue to work on this hard research problem. (I myself have a paper on it to be presented in the Privacy Enhancing Technologies Symposium next week, Preventing Active Timing Attacks in Low-Latency Anonymous Communication .) But as the blog post I pointed at noted, nobody has yet made a suggestion that clearly improves the situation (even in theory) and would clearly be feasible and practical to deploy on the Tor network as it stands. THE ABOVE 1..5 ALL THEORETICALLY INCREASE ENTROPY, which ACTUALLY makes it more difficult to make timing attacks on Tor - as you need MORE and MORE data on the MORE Tor nodes and users and the computational solution grows by the power of the number of nodes/users that have to be included in the timing attack solution. - why would you argue otherwise? And just as there is no such thing as a secure system---only systems secure against a given adversary conducting a given class of attack provided that the implementation, deployment and environment satisfy certain assumptions, so to there is no such thing as an anonymous system. In that sense, the answer is no, anonymous should not mean anonymous, or rather it depends what _you_ mean by anonymous and a whole bunch of other things that must be stated. Well if is your attitude, then why have Tor in the first place? Seems to me you need to pull over and let those who are interested in making Tor secure against Timing Attacks take the road. That way Tor will at least be on the road to more being more secure than it is now. Why get up in the morning? HTH, Paul *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk
80%+ Tor network relay locations unknown
Platform: Win2000 Pro SP4 TOR - Upgraded from several dev. versions ago to Tor 0.2.10-alpha (git-81b84c0b017267b4) package last week. (Vidalia 0.2.7). Recently, since the TOR upgrade, have noticed that 80+ of the relay locations in View the Network are missing. Is anyone else seeing this? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: 80%+ Tor network relay locations unknown
Andrew Lewman wrote: On Thursday May 13 2010 07:45:03 Anon Mus wrote: Recently, since the TOR upgrade, have noticed that 80+ of the relay locations in View the Network are missing. Everyone will be seeing this soon. The SSL cert changed/renewed. The forthcoming Vidalia 0.2.9 will fix the issue. See https://trac.vidalia- project.net/changeset/4284 for the details. Neat, thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: I Write Mass Surveillance Software
Eugen Leitl wrote: On Thu, Sep 17, 2009 at 03:58:50PM -0400, Michael Holstein wrote: (basically, all the OP on Rededit was saying, was he's the guy that writes the microengine code) .. the processors themselves aren't Not quite -- he explicitly claimed they used custom hardware. Perhaps using network processor macro cells, but custom design was definitely involved. capable of realtime brute-force decryption ... but they are the sort of There's no such thing, apart from really obsolete cryptosystems. And even there you can't just fish for content as it was cleartext. thing that can look for signatures/keywords/etc in a stream and act upon it at wire-speed. That is old news. As for breaking encryption, this would be a task better suited for a large farm of purpose-programmed FPGAs, since I'm not aware of any commercially-produced ASIC that does this (although the NSA does list jobs for semiconductor fabrication, so I'm sure they're in that game). I can see large boxes for e.g. offline DES (perhaps even 3DES) cracks, but everything else is probably not cost effective (of course, NSA has demonstrably been decades ahead of open research in some instances, so don't blame me if they waterboard you just because you took this at face value). IIRC the Russians had purpose-built their own ASICs to break DES when it was en-vouge .. I'm sure our side of the pond actively does the same. Sneakier mice, better mousetraps. Lather, rinse, repeat. while(). What I really dread is having to sanitize my entire systems, which effectively means wiping and bootstrapping my entire infrastructure from known good state, establish physical security, secret management including crypto hardware, system hardening, privilege separation, intrusion detection and documentation, periodic review, and the like. This is seriously annoying, and I resent having to go full tinhat monty. In case anyone has pointers or has already done such a thing I very much welcome any documentation. We should publish everthing in the open to make it easily replicable by anybody anywhere, so just to make the annoyance mutual. [Grobbage - French - for a plot of cleared land the only web use of the word is here: http://cnc.virtuelle.ca/riviere-la-paix/riviere_la_paix/leurs_memoires/roy.html reference to term's description here: http://cnc.virtuelle.ca/riviere-la-paix/riviere_la_paix/lexique/grobbage.html ] Its equivalent to the English term grubbed out. Perhaps his name is the English surname Grubb. This Grobbage's activity is stated to be UK (Britain) only. If (s)he's a fake then look for an attention seeker Search (webcrawler.com) - Grubb UK - gives Ben Grubb (.co.uk) 3rd in list. Search (yahoo.co.uk - UK only hits) - Ben Grubb - Wow.. Hey.. he's an attention seeker all right! ... so rite or w#so wrong? (RE-)Build your (new) machine off line - then take a snap shot. Get it working on line then take another snapshot. If you fear you've been trojaned in future then destroy - install snapshot and you're back in business. Always use official off-line updates. I don't bother with this - I've got wifi connected spyhardware already on my PC motherboard (think about it - its just a kernal tweak), so there's no point in protecting from trojans or keyloggers.
Re: eliminating bogus port 43 exits
Alexander Cherepanov wrote: Hello, Anon! You wrote to or-talk@freehaven.net on Sun, 14 Jun 2009 16:44:12 +0100: Of course, websites organizations have the right to choose which ports they use for which services and open/close. Anyone trying to inflict that kind of system on any internet user community should STOP doing so immediately. Its called port blocking and its unacceptable. Therefore ALL traffic, on ALL ports, are LEGITIMATE traffic, regardless of whether they comply with IANA's list or not. I agree more or less. But there are some concentrations of troubling traffic on some ports such as 25. Blocking exit to these ports is a compromise. It is not ideal -- good traffic is also lost in the process and not all bad traffic is blocked. Tor exit node operators that feel balance should be different can change their exit policy accordingly. Do you have better apporach? Alexander Cherepanov Of course. All relay operators have the right to protect themselves. From trojans etc or spam generators. This is why you can set up tor to provide its service on only certain ports. But destination port blocking is a more difficult to approve of. Obviously, if you block port 25 traffic completely then all (usual, but not always, as it can be set up to another port) smtp will be blocked.. spammers the rest of us included. Now I used smtp (secure - not port 25) to deliver this email. Should you block this? If so what about port 80? I hate spam... but I've learned to live with it and so I use a spam filter. Thats the best way.. At the end of the day its YOUR relay .. as long as tor clients can find a good few routes from amongst all the relays out there, thats all that is needed.
Re: Stealing browser history without JavaScript
Zinco wrote: Matej Kovacic wrote: Hi, this seems an interesting issue: http://www.making-the-web.com/misc/sites-you-visit/nojs/ bye, Matej Anon Mus Wrote: Been to this site and it dont work on my firefox.3.0.8 browser... (with NoScript, QuickJava, Better Privacy, JavaScript Deobfuscator, Quick Preference Button User Agent Switcher) it replies with a 0 (zero) count. But there should be dozens. Zinco Wrote: Seems to me it would have to have all websites known to man on the page it loads. If it looks at visited links css on the page it loads it could only look at websites on that page. It would have to store a lot of web pages on that hidden i-frame to really compare. Unless you are looking to see if a particular person visited a particular page doesn't seem like it would do anyone much good. Anon Mus Wrote: Maybe IFrames don't work on Firefox. The pages IFrame message Please enable Iframes, though is superfluous, as it only prints if IFrames is functional !! Reminds me of a security software con site years ago which would print some detail value known only to your browser, up on a web page. Of course, only YOU could see it, no data was sent to the visited web site. Even though it was a con, lots of people bought the security software to protect themselves from that non-existent leak. In this IFrames exploit the test web page is said to have a css background image embedded in it. I can find no such image (background: #003399;). (See http://www.w3schools.com/css/pr_background.asp.) The only image on the page is a javascript button. But there is a javascript dependent Google Analytics urchin tracker. Would the author Brendon Bo[mb]shell like to identify him/her self? Zinco Wrote: 5 pages isn't very much. Would have to contain millions it would seem. It did work on my browser and found 30 of the most popular sites. Ebay ect. * Index.php I-Frame iframe src=start_scan.php?769245844 width=300 height=260 frameborder=0 scrolling=noPlease enable Iframes, though/iframe p!-- AddThis Button BEGIN -- !-- AddThis Button END -- script type=text/javascript digg_skin = 'compact'; digg_window = 'new'; /script script src=http://digg.com/tools/diggthis.js; type=text/javascript/script script type=text/javascript src=http://www.reddit.com/button.js?t=1;/script /p *** Start_scan.php I-frame iframe src=sites_list.php?sess=fe728e width=288 height=210 frameborder=0/iframe /div iframe src=base.php?sess=fe728e width=1 height=1 frameborder=0/iframe ** Base.php style type=text/css#l2001 a:visited{background:url(log_base.php?id=2001sess=fe728e);} *** So there is the IFrame provisioned background image. As I couldn't see this base.php code, then it pretty much confirms that firefox don't run IFrames. Obviously the, p!-- AddThis Button BEGIN -- !-- AddThis Button END -- script type=text/javascript digg_skin = 'compact'; digg_window = 'new'; /script script src=http://digg.com/tools/diggthis.js; type=text/javascript/script script type=text/javascript src=http://www.reddit.com/button.js?t=1;/script /p section will only run as javascript.. so NoScript takes care of that.
Re: eliminating bogus port 43 exits
Alexander Cherepanov wrote: Hello, Scott! You wrote to or-t...@seul.org, scr...@nonvocalscream.com on Sun, 14 Jun 2009 01:15:43 -0500 (CDT): Now, another person on this list has argued that the RFC's should be ignored and that IANA should be ignored. I remain unconvinced that doing either would be a good idea. The main discord here seems to arise from totally different approaches to the question. You are building a whitelist while default tor exit policy is a blacklist. IMHO it's hard to constructively discuss amending blacklist from whitelist POV. Having a set of standard port numbers at which one may expect to access standard services is valuable, Sure it is valuable but AFAIU tor is not there to bring order back to Internet. The thing is the port numbers list is NOT an exclusivity list... other people systems may use these ports if they wish. Its a misconception that these ports were exclusively assigned to the stated systems. Its only true that if you run/design these systems then you are asked (not required) to design using them (and only them). The idea was to make it easier to open certain ports in corporate firewalls for common services. There is no form of enforcement of ANY sort, either of.. ports ONLY for certain services or services ONLY on certain ports. Of course, websites organizations have the right to choose which ports they use for which services and open/close. Anyone trying to inflict that kind of system on any internet user community should STOP doing so immediately. Its called port blocking and its unacceptable. Therefore ALL traffic, on ALL ports, are LEGITIMATE traffic, regardless of whether they comply with IANA's list or not. My understanding was that Tor allows node operators to best configure their node to make the most of their particular resources (eg to get round fascist firewalls etc), as opposed to blocking ports because of arbitrary ideas of what services might/might not be used on them. Of course, fascist firewalls are commonly the reason why a Tor user would set up communication over (more often not open) ports, like port 43, as it will not be blocked. And so, petty administrators are employed to reduce this supposed unauthorized traffic (tut tut) to a minimum. I suppose some of these bureaucrats will use the IANA list as evidence of malpractice. Alexander Cherepanov P.S. There is neither X-Mailer nor User-Agent headers in your mails. That's cool but missing In-Reply-To and References is annoying. Do you use some email sanitizing software or just hardened MUA? If it's not a secret of course:-)
Re: Stealing browser history without JavaScript
Zinco wrote: -Original Message- From: owner-or-t...@freehaven.net [mailto:owner-or-t...@freehaven.net] On Behalf Of Anon Mus Sent: Sunday, June 14, 2009 8:09 AM To: or-talk@freehaven.net Subject: Re: Stealing browser history without JavaScript Matej Kovacic wrote: Hi, this seems an interesting issue: http://www.making-the-web.com/misc/sites-you-visit/nojs/ bye, Matej Been to this site and it dont work on my firefox.3.0.8 browser... (with NoScript, QuickJava, Better Privacy, JavaScript Deobfuscator, Quick Preference Button User Agent Switcher) it replies with a 0 (zero) count. But there should be dozens. Seems to me it would have to have all websites known to man on the page it loads. If it looks at visited links css on the page it loads it could only look at websites on that page. It would have to store a lot of web pages on that hidden i-frame to really compare. Unless you are looking to see if a particular person visited a particular page doesn't seem like it would do anyone much good. Maybe IFrames don't work on Firefox. The pages IFrame message Please enable Iframes, though is superfluous, as it only prints if IFrames is functional !! Reminds me of a security software con site years ago which would print some detail value known only to your browser, up on a web page. Of course, only YOU could see it, no data was sent to the visited web site. Even though it was a con, lots of people bought the security software to protect themselves from that non-existent leak. In this IFrames exploit the test web page is said to have a css background image embedded in it. I can find no such image (background: #003399;). (See http://www.w3schools.com/css/pr_background.asp.) The only image on the page is a javascript button. But there is a javascript dependent Google Analytics urchin tracker. Would the author Brendon Bo[mb]shell like to identify him/her self?
Re: eliminating bogus port 43 exits
Roger Dingledine wrote: On Fri, Jun 12, 2009 at 03:51:25PM -0700, Kyle Williams wrote: I think snooping and statistical information should be treated differently. Take Scott's case here. He is making a claim that by using the exit policy outlined above, it would reduce the amount of traffic on tor by 70% or whatever. What I would like to see proof of is that the IP addresses that are now being blocked are NOT running a WHOIS services. How do we know for sure that they are not in fact a valid WHOIS service? I would also be curious to learn the mean/median number of bytes that a given connection to port 43 takes. If it's a tiny amount, then it probably isn't responsible for 70% of Tor's traffic. If it's huge, then perhaps that means people are file-sharing over port 43. IMHO its unlikely that file sharers are ALL using port 43... you are more likely to see a wide spread of ports with high usage. I've found that sharers are not savvy enough to all pick port 43 because its more likely to be open. When I file share over TOR (once or twice a year max., to get seeding started, anonymously) I pick no particular port. Without a large anonymous Pron provider operating over TOR, its more likely that a very large organization (military - intell) has its own software communicating over TOR (hidden in ordinary port 43 cover traffic) on port 43. Obviously, this would be a globally distributed operation. Say... the US MilIntel. Of course, if its existence were discovered they would need to put up some sort of smokescreen, pointing the finger in the wrong direction, so to speak. Of course... it could all be regular WHOIS traffic, as cover traffic, or just genuine. Maybe someone (MIL/GOV) has their own local WHOIS copy which is updated via TOR (??). A little bloodhounding the port 43 IP addresses/domains would go a long way to seeing if they were at least all or mainly genuine WHOIS requests. snip.. --Roger
Re: another reason to keep ExcludeNodes
- Original Message - From: Roger Dingledine a...@mit.edu mailto:a...@mit.edu To: or-talk@freehaven.net mailto:or-talk@freehaven.net Sent: Tuesday, February 17, 2009 8:04 PM Subject: Re: another reason to keep ExcludeNodes On Tue, Feb 17, 2009 at 08:08:19PM +0100, Lexi Pimenidis wrote: little bit of investigation it turned out that one particular relay was always in a circuit that truncated those files, so I added it to my ExcludeNodes list. And voila' complete images from then on. Would not it be better if you would report this node so that its problem can be fixed? This could possibly be used to identify anonymous surfers: imagine an $evil exit node trying to identify somebody surfing on $evil-site1 (which isn't very popular and only a very small subset of people use it). It just needs to modify the output a bit and then wait for somebody to complain about it. Chances are, the one complaining might give away enough info to identify himself..? Hey, that brings up another possible attack. What if a website keeps giving out partial pages in response to exit nodes that it doesn't like (for example because it can't monitor them), to encourage users to manually mark them as excludeexit, thus making sure that user won't use those exits for other sites either? From my experience there are (probably) govnt run sites in the US which do block a wide range of tor exit nodes. But they permit a few exit nodes, mainly from the US, to have full access. So this is done whether or not you use excludeexit. It wouldn't break anonymity outright, but it would certainly make the probabilities more complex to reason about. Rabbit holes within rabbit holes, --Roger My experience of excluding nodes (exits or otherwise) is that there are generally plenty of nodes out there so as to keep you safe. And that in general terms only a few exit nodes are a problem at the moment. Therefore I reckon that the ExcludeNodes, etc, options are very useful - we need them - place a warning label on their use if need be.
Re: same first hops
Scott Bennett wrote: Well, technically speaking, I guess that's true. However, unless I'm greatly mistaken, the exit end of a circuit will compress any data coming into it to be relayed back to the client and will uncompress anything arriving from the client to be sent out from the exit. Given that the attacker might observe data in the clear going into the exit or coming out of it and could perform the same compression in order to know the length of the encrypted data, the attacker might be able to pull that off. Another complication for the attacker to deal with is the fact that a link between the client and an entry node may support multiple circuits, and each circuit may support multiple streams, all of which are multiply encrypted and whose data cells are commingled with the data cells of the others at the client end with no obvious way of distinguishing between the cells of one thread and the cells of any other thread traversing that particular link. Does this already happen? However, in order to match the length up with whatever is sent/received by the suspected client, wouldn't the attacker need to make an assumption or two about the circuit length? If so, then introducing randomly varying circuit lengths ought to obfuscate things considerably for the attacker. This has been suggested many times.. but never, to my knowledge, implemented. Its one way to add real entropy to the tor network traffic, circuits (specified user setting min max hops) could randomly vary between say 3..5 hops. Also 1 and 2 hop circuits would be useful ( add more entropy) for where a person only wanted a simple exit ip proxy. This is useful nowadays for 2 reasons, 1. where some forums have bad,nuisance ip blocking lists. Some clever forum admins (contrary to forum rules) will put someones ip on this list to (illegally) stop them posting a reply, usually if the admin is abusing their power and losing some argument with someone on the forum. When challenged this admin will claim they had nothing to do with it and that it was the automated protection mechanism. So to be able to have a large number of simple proxies to hand immediately is very useful. 2. for anonymously seeding/downloading torrents. Now, before you all shout, you must realize its getting more difficult out there. People are getting sent huge fines for just downloading a movie they will junk the next day, based on their IP addy. Potentially, torrent traffic could provide a lot of cover for torland users. 3 or more hops is far too excessive. 1 (or 2) hops would be enough. It not needed for most torrents (eg legal porn) and 1 hop is not going to protect you from law enforcement. Another possible way to complicate things for the attacker would be a variant of something has already been proposed, namely, using multiple data cell sizes within the circuit. As I understand it, the suggestions so far have been directed toward efficiency, e.g., sending long cells when there are enough data to exceed the payload limits of short cells. However, if short cells were randomly used when there are enough data for long cells, then the significance to the attacker of the distinction between long and short cells would be somewhat reduced. Tossing in occasional padding at random to produce a long cell that might have either had only minimally more payload than a short cell or even data for which a short cell would have been adequate ought to augment the attacker's obstacles. If more than two cell lengths were used, then these techniques ought to become even more effective against attackers. Also been suggested before. Perhaps it might be possibly to make very packet exactly the same size. Or at least a range (large medium small) of exact size packets. So they could not be told apart according to their exact data. A third possibility might be to do at the tor level something that is already supported at the data link level in the BSDs and perhaps LINUX, namely, to use multiple physical links (circuits in the case of tor) to split the traffic load of a data link (stream in the case of tor) across multiple physical links. The downside of this method, of course, is that it multiplies the risk of a broken stream due to a tor node failure or lower-level failure. OTOH, it might also frequently and significantly speed up large file transfers through tor. Also been suggested before. If a new feature were added to tor's internal protocol that would allow handing off a thread from one circuit to another, then a further enhancement could be made because it would be handled entirely at the tor level. For example, a thread supported by (i.e., spread across) multiple tor circuits could be shifted across a frequently changing set of circuits between the client and the exit server, all under the control of the tor client. Used in i2p? For a fixed circuit length, such as the constant
Re: flash won't work with Tor enabled
sean darcy wrote: I have firefox 3.0.1, tor button 1.2, tor-0.1.2.19-1.fc9.i386 , privoxy-3.0.8-2.fc9.i386 flash won't play with tor enabled. tor disabled it works fine. For instance, http://www.adobe.com/shockwave/welcome/ Do I need some new setting? Thanks for any help. sean Hello Sean, I use flash player over TOR, I don't install Torbutton, its a little slow, but I do download larger files at peak, if available. I use Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12 browser. With Firefox, QuickJava, NoScript and FlashBlock addons to control the various java's manually and with flashblock you get a to choose what to see on flash. My Firefox network setting are (tools/options/advanced/network/settings), manual proxy config... http proxy: localhost at 8118 ssl proxy: localhost at 8118 socks host: localhost at 9050 socksv5 No proxy for: localhost, 127.0.0.1 My privoxy works on port 8118 Tor access port: 9050 At the same time my (soft hard) firewalls block all direct internet access for both my Firefox browser and any apps runninh in firefox. So Firefox and flash has no exit other than via TOR. I can see the flash traffic in Vidalia's bandwidth graph. For direct internet access I use another browser entirely. Hope that helps. -K-
[Fwd: [Fwd: Not getting copied my posts to or-talk]]
Can someone in this list admin reply to this email below please. -K- Original Message Subject:[Fwd: Not getting copied my posts to or-talk] Date: Mon, 18 Aug 2008 12:56:37 +0100 From: Anon Mus [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hi, I'd appreciate a reply.. if none is forthcoming by next week I'll post this email to or-talk. Original Message Subject:Not getting copied my posts to or-talk Date: Sat, 02 Aug 2008 01:06:06 +0100 From: Anon Mus [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hi, I've now 3 posts to or-talk which all appear to have got through but I don't get copied the post as a list member. I'm pretty sure I used to get them with my old addy [EMAIL PROTECTED] Maybe the system has changed recently or maybe my use of [EMAIL PROTECTED] in my new addy doesn't work for a copy (but works fine for copies of all others who post). Can you please advise. I'll get a new addy if need be. Thanks
Re: [Fwd: [Fwd: Not getting copied my posts to or-talk]]
coderman wrote: On Mon, Aug 25, 2008 at 7:26 AM, Anon Mus [EMAIL PROTECTED] wrote: ... I've now 3 posts to or-talk which all appear to have got through but I don't get copied the post as a list member. I'm pretty sure I used to get them with my old addy [EMAIL PROTECTED] this is a feature of google mail / gmail. it collapses conversations into distinct messages; since you sent the message, it sees no reason to deliver it back to yourself. you can find the message in your outbound mail folder, and confirm it was received via the external mail list archives, if needed. best regards, OK, many thanks coderman. It was not very clear, but I now think the gmail help appears to say that gmail automatically blocks (with total deletion) any email from its own email address, as an anti-spam feature. I can't seem to find a setting to switch this feature off with. The problem I (and I guess other gmailers) have is I don't know my email to or-talk was successfully sent out or not. Theory is not the same as practice. So I keep having to go over to a friends pc to be sure. I might set up another account, of my own, to check receipts. Seems to be the only solution. Best wishes, -K-
Re: Mixed pages - serious bug of tor
slush wrote: Hi to all again, because it looks like conference did not receive emails with attachments, Im resending my initial email about problem I found. Attachments from original email are here: http://www.slush.cz/centrumyahoo.png http://www.slush.cz/centrum.png http://www.slush.cz/centrumok.png Regards, Marek On Thu, Jul 17, 2008 at 2:16 AM, slush [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I dont have better contact (I cannot find any bugzilla for Tor), but I have to say, that there is serious problem in Tor (using last 0.2.0.30 http://0.2.0.30 version). It looks like buffer overflow, but I dont know, if it is problem of client or exit node (I dont suspect relays). In attachment, you can see three screenshot of the same page. On two of that, there are big artefacts from other pages (first of them is yahoo - see Yahoo privacy policy, second is unknown - Serbia? - website). Because Im not using yahoo and I dont speak Serbia, these pages are not from my cache (latest stable Opera without any plugin). On third screenshot is original lookfeel of centrum.cz http://centrum.cz, one of biggest portal in Czech Republic. It is almost impossible, that this is problem on their side. I hear about this Tor problem before weeks, but I did not believe that. Some IMPORTANT additional info. I found this bug when I broke my program using Tor, that he created very much circuits thru Tor (~ 1000 circuits at the same time). I think it is very important for this description. On other case, I created them using standard Tor interface (extend circuit command on tor controller) and Tor did not say me about any problem. So it is definitely bug of tor (even if suspect, that 1000 circuits are not standard behaviour). Unfortunately, I dont know, which exit node serves me when error occured, so I dont know version of exit node :( Regards, slush (admin of tor relays slush and mwserver) -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: http://getfiregpg.org iD8DBQFIfo9Hr7KgZiv8EokRAskDAKCuYxXcd4g3beMQP4Lj/4awpXBoeQCeM7OV rnAkbBw/a8ssDO6U92u2qVk= =wVDS -END PGP SIGNATURE- At first sight this appears to be an exit node problem but then, as I read it, you say it occurs with more than one exit node and only at this higher level of throughput. Alarm bells are ringing ... to mix streams up like this then streams at the higher throughput would have to be unencrypted clear streams - yes? This would mean that either all tor exits are vulnerable and are mixing the streams. Or that traffic is being passed wholesale *-unencrypted-* between nodes (so that nodes other than the exit nodes are doing the mixing). Sh*ttt.. whatever.. this is a major BUG.
Re: Mixed pages - serious bug of tor
slush wrote: At first sight this appears to be an exit node problem but then, as I read it, you say it occurs with more than one exit node and only at this higher level of throughput. I can repeat this problem (I could do it yesterday) by opening large amount of circuits between my computer and another exit nodes. Currently, I dont know, if take care, that I connected to many different exit nodes. OK, understood. I thought you had specified the Python code you were using.. it appears to use multiple exits. snip for i in range(300): ctl.extend_circuit(0,[sabotage, 'tortila']) ctl.extend_circuit(0,[Bellum, 'tortila']) ctl.extend_circuit(0,['mwserver', 'gpfTOR4']) ctl.extend_circuit(0,['mwserver', 'charlesbabbage']) You need to try to identify the rogue exit node (or nodes) so we can exclude it from our circuit builds. It could be an overflow but it could be deliberate tampering admixture (not altogether uncommon on tor - it happens every now and then). Try running repeatedly through only one exit node at a time until you find the problem one. Alarm bells are ringing ... to mix streams up like this then streams at the higher throughput would have to be unencrypted clear streams - yes? I dont think so. I think it is problem on exit node, when he mix together two requests (or say better -responses), then encrypt them and send to clients. It really looks like normal buffer overflow problem - I can see another responses, which are pending on exit node, but not for me. Yes, but my point was it had to be admixture of the clear unencrypted streams rather than encrypted streams, otherwise you would get garbage out. Buffer overflow or not. This would mean that either all tor exits are vulnerable and are mixing the streams. Or that traffic is being passed wholesale *-unencrypted-* between nodes (so that nodes other than the exit nodes are doing the mixing). I dont think so, as I wrote above. Maybe, but I gave the only 2 options to consider, this defines the scope of the problem not the probability.. Sh*ttt.. whatever.. this is a major BUG. Yes, it is. The worst is, that you dont need anything special to simulate this problem. What you need is two years old notebook and 256kbit upload on internet connection (my case). Regards, Marek I guess that many of my page requests (I'm on 4mb broadband with dual processor) should be getting this kinda error, but I do not. I just see it once in a while (maybe once every 200+ pages) and then I try to zap the exit node if it occurs repeatedly. This makes me wonder why you are getting it so often.
Re: Compromised entry guards rejecting safe circuits (was Re: OSI 1-3 attack on Tor? in it.wikipedia)
Ben Wilhelm wrote: Anon Mus wrote: Ben, Yes you are right factorising this is hard, but thats not what I've been suggesting. What if every time you generated a pair of keys you stored the result somewhere! Say you owned a huge network of say mil/gov computers which communicate securely using sefl generated rotating keys. As any client finishes with a key pair they send them off to a central storage location. If they are not there already they are added to the store. To find the private key(s) you only need to search through the list of public keys. If you only find 1% of the server communities private keys then you've got many extra nodes to add to your dummy network. Hopefully you understand this and I'll get some sleep tonite ( :D ). -K- You're continuing to drastically underestimate the numbers involved. Let's say that a computer is a cube, one half foot on each side. Now let's take the Earth, and *cover the Earth with solid computers* to a depth of one mile. This gives us approximately 232 billion billion computers. If you assume that each computer can generate a thousand private/public pairs per second (I believe this is an exaggeration for commodity hardware, though you could likely build a custom system to do so) then that means we get 2.32 * 10^23 keys every second. I'm going to go handwavy here and assume that one key is approximately equal to one prime. This isn't true, but we'll end up within an order of magnitude of the right answer, and honestly more precision than that isn't needed. With 7.5127 * 10^74 primes, attempting to cover 1% of the keyspace at 2.32 * 10^23 keys per second would take approximately one million million million million million million million *years*. Excuse me for not being particularly worried about this. And remember, this assumes the entire surface of the planet is covered, a mile thick, with computers. Last I checked this was not the case. (Again, this also ignores the issue of where you store all this data.) Seriously, sit down and think about the numbers some. The numbers are *gigantic* - so gigantic that brute force becomes implausible, even if you assume the adversary owns all the government and corporations of our world and has access to alien supercomputers. -Ben Ben, I think you are using the purely theoretical numbers and applying them to the problem as if they were reality. As I remember the problem with the selection of primes for PKE is, 1. the seeding of the pseudo-random number generator e.g. with a 16bit seed then only 65,000 or so entry points into the number generation which leads that number of keys. Even for an 8byte random seed the number of keys generated would be about 10^19 keys and obviously, following your example, this represents less than a milligram of your hydrogen memory, about a breath of air in the lungs of the average human being. 2. the pseudo-random numbers generators, themselves have not been proven to be numerically complete. Indeed their very form suggests not. Bearing these things in mind, it may be possible to pick off machines where their key is only generated from a small sub-set of the total possible keys. I am sorry I included the example of the prime numbers tail off as it only served to confuse the issue and probably got you involved in your calculation in the first place. Hopefully, this brings a breath of fresh air to this subject and ends the scoffing of some detractors. Of course, the scenario for this attack, as originally outlined ( Re: OSI 1-3 attack on Tor? in it.wikipedia), is still intact, fully correct and easily provable. Thank you for your interest. -K- Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: Compromised entry guards rejecting safe circuits (was Re: OSI 1-3 attack on Tor? in it.wikipedia)
Ben Wilhelm wrote: Anon Mus wrote: Ben, I think you are using the purely theoretical numbers and applying them to the problem as if they were reality. As I remember the problem with the selection of primes for PKE is, 1. the seeding of the pseudo-random number generator e.g. with a 16bit seed then only 65,000 or so entry points into the number generation which leads that number of keys. Even for an 8byte random seed the number of keys generated would be about 10^19 keys and obviously, following your example, this represents less than a milligram of your hydrogen memory, about a breath of air in the lungs of the average human being. Yes, this is correct - if you use a horrifically insecure random-number generator, you'll end up with a horrifically insecure public key. Any serious application of crypto will use a random-number generator with far more than 16 bits of entropy. I don't actually know what the current standard for pseudo-random crypto generators are, but I give as a simple example Boost's Mersenne Twister generator, which, as I understand it, can be given something on the order of 20,000 bits of entropy as a seed. (Obviously, this is far more than is strictly needed to generate all 256-bit primes.) Hands up those tor nodes using Boost's Mersenne Twister generator. 2. the pseudo-random numbers generators, themselves have not been proven to be numerically complete. Indeed their very form suggests not. This is untrue in several ways. There's nothing in the structure of a psuedorandom generator which makes it impossible to analyse, and many pseudorandom generators are understood extremely well. Again, this isn't something I'm particularly expert in, but it's a solved problem to roughly the same extent that the entire public-key cryptography issue is a solved problem (i.e. solved, barring spectacular and unexpected advances.) Note that you could simply use a source of truly secure entropy to bypass these issues entirely, and most non-embedded operating systems include such a thing built-in. Hands up those tor nodes using a true entropy dongle. FYI - I empirically tested a common pseudo-random number generator in the 90's and found it seriously wanting. So you and I will have to agree to disagree over this. Of course, the scenario for this attack, as originally outlined ( Re: OSI 1-3 attack on Tor? in it.wikipedia), is still intact, fully correct and easily provable. We've described logically why your original attack would not work (at least, why it would not allow any kind of security breaches - obviously you can bring the Tor network down using such an attack, but that's not exactly avoidable.) It is neither intact nor correct, and, assuming no security bugs in the Tor implementation, I believe it is provably so. -Ben We've ?? - whose the we?? (rhetorical) Lets see whats been admitted so far shall we, Roger Dingledine wrote: Mike Perry also brought up an attack like this when he was working on SoaT. Alas (or perhaps fortunately), he's been working on Torbutton-dev lately instead. The number of competent anonymity programmers and designers in the world is still woefully small. OK - so the basic attack works - Mr Dingledine says so.. Ben Wilhelm wrote: Much more plausibly, you could claim that the US government has backdoors into most (if not all) modern OSes, including the ones used to generate Tor's directory server private keys. If the government got the private keys that way there would be, of course, no barrier to them intercepting Tor communications in exactly the way you claim. OK - so you yourself accept that spyware could steal private keys. (And there's lots of spyware out there) I myself wrote: 1. Attacker sets up a number of genuine tor servers, could be tor nodes right up to guard level - attacker therefore has these keys. OK - NO ONE has challenged this, it would be silly to do so, so I guess it stands as accepted. Ben, all thats left is you (and your we) disagreeing with the storage of public/private key pairs (A.3.). For my part I am 100% certain this is so!! I know it for a fact. Therefore, please be good enough to lay this matter to rest and accept that most is proven, if not totally accepted by all. There will always be die-hards and face savers but we try not to encourage them to dis-inform or-talk tor USers (thats the US not the WE). -K- Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Compromised entry guards rejecting safe circuits (was Re: OSI 1-3 attack on Tor? in it.wikipedia)
Roger Dingledine wrote: (I changed the thread's Subject, since Anon Mus's attack is not the same as the attack described on it.wikipedia.) Here's the original quote text translation of the article in it.wikipedia from the starting thread to which I replied. quote: Tor works on assuming IP protocol's integrity. An ISP, however, can work on a lower OSI level to divert an user's Tor traffic to a separate, fake server. ATM switching or MPLS labeling can be used to selectively deviate an user's Tor traffic towards a third-party controlled Tor network. Therefore, IP address and key exchange with an unknown peer do not ensure that an user has not connected to a rogue node. I think this compares well with most of the aspects of the scenario I described in my reply, albeit I added the necessary pass through component out to the real tor network to make it work. [The ATM switching or MPLS labeling is just the lower-layer network protocol/method, many IP networks operate over these, its common place, so don't be confused by that.] On Fri, Feb 15, 2008 at 12:42:59PM -0800, Anon Mus wrote: F. Fox wrote: Anon Mus wrote: 3. Attacker has a list of known public/private key pairs. These are generated over the years by government security service supercomputers and their own secure network computers (around the world). Such lists are regularly swapped between 'friendly' countries and are fro sale on the black market. Given any tor nodes public key, the attacker looks up that key in the list and it returns the tor nodes genuine private key, where it has it in its list. (Interesting note: here you have to imagine that there is software of out there, like the tor network itself, which could be used for generating and acquiring billions of key pairs a year over millions of networked computers world wide. You only need to store the key pairs such networked software generates after they have finished with them.) Umm... unless you're talking about lists of *compromised* keys (i.e., stolen, like via malware), then this is pure FUD. Trying to figure out the private key by other means, is pretty infeasible. I agree with others here that this particular item from Anon Mus is bogus. The math simply doesn't work this way: 1024 bits is really big, and enumerating and storing products of 512ish-bit primes is going to fill up your disk way before you have a non-trivial fraction of them. Take a look at figure 1 in here... http://home.zonnet.nl/galien8/prime/prime.html now reframe the graph there in 512bit primes and extrapolate the graph. The US NSA has many floors of high density storage archives. Like a supermassive automated DVD changer. I must say, I feel that 3 very deliberate and clumbsy attempts have been to shoot down such a VERY obvious and sound scenario. Why so? Probably the reason they all misinterpreted your attack is the thread you posted it in (which describes a similar-sounding attack that *is* bogus), plus the above A.3 which sounds like it's straight out of some conspiracy theory. Theory??? Facts::: Connection machines: http://en.wikipedia.org/wiki/Connection_Machine CM5: http://en.wikipedia.org/wiki/FROSTBURG Also at connection machines at US edu's Univ. Penn http://www.ese.upenn.edu/facilities.html Univ. Maryland http://www.ece.umd.edu/Academic/Grad/Gen_info/ginfodoc.html Univ. Florida http://www.cise.ufl.edu/~jnw/IA/ia-software.html Univ. Florida AM http://www.oakridge.doe.gov/diversity/florida.html Now THIS is what I call a conspiracy theory ( :D )::: A fully global networked array of prime number testers, prime numbers being the underlying basis for your public key encryption technology. 1 million decimal digit long primes achieved, the search for 10 million digit primes underway. http://en.wikipedia.org/wiki/Great_Internet_Mersenne_Prime_Search http://mersenne.org/primenet/ The virtual machine's sustained throughput http://mersenne.org/ips/stats.html* is currently *29479 billion floating point operations per second* (gigaflops), or 2448.9 CPU years (Pentium 90Mhz) computing time per day. For the testing of Mersenne numbers, this is equivalent to 1052 Cray T916 supercomputers Take a look at just which org is offering the $100,000 prize !!! (In the para. headed by *v22.12 Mersenne Research Software Released)* http://mersenne.org/ips/index.html#contest This project went live in 1997 and the CM5 ( http://en.wikipedia.org/wiki/FROSTBURG ) was phased out in 1999 .. you decide. Makes 512 bit prime location and storage look like a walk in the park. Now that we've cleared that up (if we have), let me rephrase your attack and we can see if it makes sense to more people here. Imagine an adversary who can observe any connection attempt from Alice and fail any of them that he wants. Imagine this adversary also runs, say, 10% of the Tor network, including some guard nodes and some
Re: Compromised entry guards rejecting safe circuits (was Re: OSI 1-3 attack on Tor? in it.wikipedia)
Ben Wilhelm wrote: Anon Mus wrote: A fully global networked array of prime number testers, prime numbers being the underlying basis for your public key encryption technology. 1 million decimal digit long primes achieved, the search for 10 million digit primes underway. http://en.wikipedia.org/wiki/Great_Internet_Mersenne_Prime_Search http://mersenne.org/primenet/ The virtual machine's sustained throughput http://mersenne.org/ips/stats.html* is currently *29479 billion floating point operations per second* (gigaflops), or 2448.9 CPU years (Pentium 90Mhz) computing time per day. For the testing of Mersenne numbers, this is equivalent to 1052 Cray T916 supercomputers Take a look at just which org is offering the $100,000 prize !!! (In the para. headed by *v22.12 Mersenne Research Software Released)* http://mersenne.org/ips/index.html#contest This project went live in 1997 and the CM5 ( http://en.wikipedia.org/wiki/FROSTBURG ) was phased out in 1999 .. you decide. Makes 512 bit prime location and storage look like a walk in the park. You're suffering from several very serious misconceptions. First off, the Mersenne primality testing network is designed to test prime numbers of a very specific type, namely 2^n-1. It turns out that you can test primality for those numbers in a much more efficient manner than for general primes. The Mersenne algorithm is useless for general primes, and virtually every prime used in modern cryptography is not going to be a Mersenne prime. Second, merely testing to see if something is prime is not isn't particularly helpful in breaking modern cryptography. You already know that the public key isn't a prime (since it's the product of two private keys) and you also already know that the private keys are prime (since that's necessary for the algorithm to function.) What you'd need to do in order to derive the private keys from a public key is to *factor* an extremely large number with no convenient properties. This is an entirely different issue from mere primality testing. Without major breakthroughs in number factoring, I seem to remember it's actually provable that modern public keys literally cannot be factored within the heat death of the universe. As in, if you turned every atom of the universe into energy, and used it to power a universe-sized supercomputer which reaches the theoretical limits of efficiency, you would not be done factoring a single public key by the time you ran out of energy. Unless you want to claim that the US government is actually *more powerful* than this, any number of supercomputers and databases they might have is completely irrelevant. Now, if you do want to keep on with the the government is all-powerful and can corrupt Tor installations easily, there's a few easy tactics you can use. First, you can claim that the US governmenet has come up with a factoring breakthrough that makes factoring - and thus far, far easier. There's certainly nothing we've discovered yet that proves this is impossible. Of course, there's no evidence for it being possible either. Second, private keys are only as secure as they system they are stored on. Much more plausibly, you could claim that the US government has backdoors into most (if not all) modern OSes, including the ones used to generate Tor's directory server private keys. If the government got the private keys that way there would be, of course, no barrier to them intercepting Tor communications in exactly the way you claim. But claiming that the government has huge datacenters that derive public keys from private keys is simply impossible. The math doesn't add up. Now for a bit of hard math, just to demonstrate that you need to think about your numbers a bit further: The density of prime numbers can be approximated as 1/log(N), as you've mentioned. This means, for 256-binary-digit primes, the density is approximately 1/log(2^256) or 0.012976. There are 2^255 (that's about 5.7896 * 10^76) 256-digit numbers, therefore we can assume that there are approximately 1/log(2^256) * 2^255 primes in that area. This is approximately 7.5127 * 10^74 primes. If we assume we can store each prime number on a single atom of hydrogen (this is obviously a hilarious overestimation of storage density, but bear with me) we can store 6.02214 * 10^23 prime numbers in one gram of hydrogen. Thus we will need 1.2475 * 10^51 grams in order to store our prime database. The Sun masses approximately 1.98892 * 10^33 grams, so we'll need the hydrogen of approximately 627 thousand million million suns merely to store a list of all the 256-digit prime numbers. If Tor uses 512-bit keys then we're approximately seventy orders of magnitude too small, however. (That was actually kind of fun to work out.) -Ben Ben, Yes you are right factorising this is hard, but thats not what I've been
Re: OSI 1-3 attack on Tor? in it.wikipedia
Jan Reister wrote: Il 14/02/2008 13:36, Anon Mus ha scritto: A. Attacker obtains genuine private keys by, 1. Attacker sets up a number of genuine tor servers 2. Attacker infects genuine tor nodes with spyware Setting up rogue (or compromised) nodes won't work for getting the directory authority private keys. That makes the rest of your assumption empty. As Roger pointed out: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#KeyManagement Jan Hello Jan, Again your statements are wrong. In the scenario we are discussing the tor clients traffic is diverted into a faked tor network, on the whole. The replying nodes, those which authenticate themselves with knowledge of the ACTUAL node's private key. Obtained by methods A 1-3. So the simulated nodes just look like the real thing, when they are not. Your statement that the attacker needs to control a directory authority is a red herring! Control of a directory authority is NOT required in this scenario. That was made plain from the start! Why did you inject this red herring into your argument? [ Note this is not for debate: And directory authority I suspect that given the private keys for directory servers, the attacker could also simulate these. Here's a quote from the wiki you link above. How do clients know what the directory servers are? The list comes with the Tor distribution. It hard-codes their locations and their public keys. So the only way to trick the user into using a fake Tor network is to give them a specially modified version of the software. So to trick the user (tor client) into thinking it was using a genuine network all it would need is the private keys of the directory server (as the public ones are already published) again these could be obtained by methods A 1-3. As these PRIVATE keys are available in an UNENCRYPTED file on the directory servers themselves. The same is true on every tor server in the entire tor network!] -K- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: OSI 1-3 attack on Tor? in it.wikipedia
Andrew wrote: Jan Reister schrieb: Il 14/02/2008 13:36, Anon Mus ha scritto: A. Attacker obtains genuine private keys by, 1. Attacker sets up a number of genuine tor servers 2. Attacker infects genuine tor nodes with spyware Setting up rogue (or compromised) nodes won't work for getting the directory authority private keys. That makes the rest of your assumption empty. As Roger pointed out: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#KeyManagement Plus, it is well known that tor has only limited usefulness against an attacker of the size you just invented. Such an attacker would have much easier ways to break tor's security. Those were noted and discussed, but frankly, it's just like a safe: you can reinforce it all you want, but in the end, if someone with an (almost) unlimited budget wants to break it, it can be done. The point of the reinforcement (- tor) is to make breaking it *harder*, not impossible. Andrew Hello Andrew, Well actually - I didn't invent this attacker, I just filled in the gaps of how this attacker works his magic. As for the size of this so called attacker. 1. All western nato nations have the capability and the cost is in the region of 10's of thousands of dollars. 2. Most ISP's/telco's could afford to launch this attack. 3. Any large criminal/political/religious/racial/social group could also most likely afford to organize this attack. 4. A group of dedicated hackers most likely could also Some of these attackers would have to illegally divert the targets local telco connection but thats not a big deal. You only need a friendly telco engineer for that. I remember back in 2001 a telco engineer telling me just how much porn traffic he saw coming through his telco servers when he was on duty! The reason for the low cost of this attack, is that the tor source code is out there for all to use. The attacker only has to run a small tor servers (modified as required) instance array and Glue it all together with a network simulation engine. The rest of the network connection would be allowed to genuine tor nodes (but would time-out/fail so you are only able to use the fake network). You could run it on a single core-duo with ease. Cheap as chips! So most nato governments could do this as a small, low budget, research project. And its truely frightening how many others could afford to as well. Why did you exaggerate over the cost? -K- Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: OSI 1-3 attack on Tor? in it.wikipedia
F. Fox wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Anon Mus wrote: (snip) Not quite true. (snip) 3. Attacker has a list of known public/private key pairs. These are generated over the years by government security service supercomputers and their own secure network computers (around the world). Such lists are regularly swapped between 'friendly' countries and are fro sale on the black market. Given any tor nodes public key, the attacker looks up that key in the list and it returns the tor nodes genuine private key, where it has it in its list. (Interesting note: here you have to imagine that there is software of out there, like the tor network itself, which could be used for generating and acquiring billions of key pairs a year over millions of networked computers world wide. You only need to store the key pairs such networked software generates after they have finished with them.) (snip) Umm... unless you're talking about lists of *compromised* keys (i.e., stolen, like via malware), then this is pure FUD. Trying to figure out the private key by other means, is pretty infeasible. ahhh ... well you don't appear to understand even the basics of public (private) key encryption so its not suprising you reckon its pure FUD. FYI - the keys exist in UNIQUE pairs - a public key and a private key. They are related by mathematically and they are both prime numbers. They may be calculated by software, so you don't have to compromise them! They may be read form a file. The contents of any file may be stolen by spyware. Of course you may not really be than dumb. Whether you are or not makes no difference. Why chip in such a misleading statement? I must say, I feel that 3 very deliberate and clumbsy attempts have been to shoot down such a VERY obvious and sound scenario. Why so? Are we here not interested in protecting our anonymity ? or are we really here just protecting the reputation of tor? IMHO - the soundness of any tor software would protects it reputation - not obvious disinformation. -K- Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
Re: OSI 1-3 attack on Tor? in it.wikipedia
Scott Bennett wrote: Looks like OR-TALK has moved up in the world enough that it has at last acquired a troll. On Fri, 15 Feb 2008 12:42:59 -0800 (PST) Anon Mus [EMAIL PROTECTED] wrote F. Fox wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Anon Mus wrote: (snip) Not quite true. (snip) 3. Attacker has a list of known public/private key pairs. These are generated over the years by government security service supercomputers and their own secure network computers (around the world). Such lists are regularly swapped between 'friendly' countries and are fro sale on the black market. Given any tor nodes public key, the attacker looks up that key in the list and it returns the tor nodes genuine private key, where it has it in its list. (Interesting note: here you have to imagine that there is software of out there, like the tor network itself, which could be used for generating and acquiring billions of key pairs a year over millions of networked computers world wide. You only need to store the key pairs such networked software generates after they have finished with them.) (snip) Umm... unless you're talking about lists of *compromised* keys (i.e., stolen, like via malware), then this is pure FUD. Trying to figure out the private key by other means, is pretty infeasible. ahhh ... well you don't appear to understand even the basics of public (private) key encryption so its not suprising you reckon its pure FUD. FYI - the keys exist in UNIQUE pairs - a public key and a private key. They are related by mathematically and they are both prime numbers. They may be calculated by software, so you don't have to compromise them! They may be read form a file. The contents of any file may be stolen by spyware. Of course you may not really be than dumb. Whether you are or not makes no difference. Why chip in such a misleading statement? I must say, I feel that 3 very deliberate and clumbsy attempts have been to shoot down such a VERY obvious and sound scenario. Why so? Are we here not interested in protecting our anonymity ? or are we really here just protecting the reputation of tor? IMHO - the soundness of any tor software would protects it reputation - not obvious disinformation. Please don't feed the troll, folks! Definitely off topic - whoops - sorry http://en.wikipedia.org/wiki/Troll_%28Internet%29 Quote: Usage The term /troll/ is highly subjective. Some readers may characterize a post as /trolling/, while others may regard the same post as a legitimate contribution to the discussion, even if controversial. The term is often erroneously used to discredit an opposing position, or its proponent, by argument fallacy /ad hominem http://en.wikipedia.org/wiki/Ad_hominem/. Often, calling someone a troll makes assumptions about a writer's motives. Regardless of the circumstances, controversial posts may attract a particularly strong response from those unfamiliar with the robust dialogue found in some online, rather than physical, communities. Experienced participants in online forums know that the most effective way to discourage a troll is usually to ignore him or her, because responding encourages a true troll to continue disruptive posts hence the often-seen warning Please do not feed the troll.^[/citation needed http://en.wikipedia.org/wiki/Wikipedia:Citation_needed/] Frequently, someone who has been labelled a troll by a group may seek to redeem their reputation by discrediting their opponents, for example by claiming that other members of the group are closed-minded, conspirators, or trolls themselves. IMHO a troll usually adds little to the enlightenment of the group and but much to its temperature and hot air. Typical signs being base unfounded statements like this is pure FUD. And if when a troll can't shoot the message down with slander, then it shoot's the messenger down with slanderous pot calling the kettle black statements like Looks like OR-TALK has moved up in the world enough that it has at last acquired a troll. But of course, a troll is someone who regularly frequents a forum, as we ALL know. ... someone like... ahhh there's that name again... permanent member obviously... not like us occasional johnny-come- lately s. ... err maybe I shouldn't have replied... oh well he's such a glutton... Back on topic: I only hope that those who followed my original message were not bamboozled by the subsequent distractions. So hopefully, its back to it.wikipedia for more of the good advice. A little more enlightened and lot less dogmatic. -K- Never miss a thing. Make Yahoo your
Re: Possible attack method?? Question..
Watson Ladd wrote: Anon Mus wrote: This question is for those with the knowhow. A while back I got a number of emails from the same source where the emails were sent in pairs a minute or less apart. The first of each of the email pair were large (over 700characters), the second were small (under 50 characters). On the face of it the email pairs appeared to be a genuine error (oh yes I forgot to mention kind of thing) by the sender, so I took no notice at the time. One thing to improve anonymity for emails is to use anonymous remailers. Slow, but email generally is, and it is more secure then Tor because of latency-security tradeoff. Yes what you say is probably true for someone who is engaged in terrorism, pedophilia, or anti-rule of law activities (unfortunately I must add here those engaged in leaking government secrets - no matter what the cause). But for people like myself who simply help identify criminals - then I would have thought that tor is enough anonymity. If not, then we would have to conclude that our governments are all controlled by some group of criminals and that these would try to identify snitches to protect themselves. IMHO, if we are already at this level of international government corruption then we must surely be in the period foretold of nearly 2000 years ago - of days when the 2/3rds of humanity are deceived and the beast is in control. Of course, this is speculation (?? or did someone 200 years ago know the modus operandii of this criminal group). Slightly off topic I know, but none-the-less relevant to the subject. Maybe it s just paranoia or are all the pieces now beginning to fit? Thankyou to all that replied. -K- Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Possible attack method?? Question..
This question is for those with the knowhow. A while back I got a number of emails from the same source where the emails were sent in pairs a minute or less apart. The first of each of the email pair were large (over 700characters), the second were small (under 50 characters). On the face of it the email pairs appeared to be a genuine error (oh yes I forgot to mention kind of thing) by the sender, so I took no notice at the time. It was not until this week when re-reading these emails that I realized the sender had all along been trying to locate me (I was an anonymous informant). My guess is that my contact was in fact an intelligence (probably British with the help of the USA) plant out there pretending to be a (British) activist with a grievance. My question is, is this email pair (of vastly differing sizes) a possible attack method on a Tor user, by somehow watching and counting (to estimate the size of) a packet stream? -K- Never miss a thing. Make Yahoo your home page. http://www.yahoo.com/r/hs
Re: Possible attack method?? Question..
Thanks, I have some comments that may help... Max Berger wrote: Am Freitag, den 11.01.2008, 09:44 -0800 schrieb Anon Mus: This question is for those with the knowhow.A while back I got a number of emails from the same source where the emails were sent in pairs a minute or less apart.The first of each of the email pair were large (over 700characters), the second were small (under 50 characters). On the face of it the email pairs appeared to be a genuine error (oh yes I forgot to mention kind of thing) by the sender, so I took no notice at the time. Perhaps someone isn't looking for an unknown IP-address, but just wantto prove that the owner if a given IP-address is the owner of theMailbox green lantern at yahoo. It is not a given IP addressed account - its only accessed via tor andnot a Yahoo account. If this one is able to do a traffic analysis on this IP-address andknows the login time at the pop/imap-Server of yahoo, a well definedpattern of mail sizes could help. I agree - I am using POP3 + SMTP (over SSL) to connect. And if I amon-line and thunderbird is up then it could create just enough delay tobe seen. But the mail account is in the USA, so they could see thedownload precisely and the EXIT server if they had US help. Of course they could watch the streams from the exit server looking forthe precise size pattern (and could probably calculate the sizesanyway). Then they only need to look for the traffic connected tor thetor network in the suspected country of connection origin. e.g. in the suspected country of origin filter traffic - by time band - by tor network node source - by packet size pattern and you get a list of possible IP's who could be the suspect. Do this a couple of times for confirmation of suspects real IP. Lookup IP in ISP's records. Give suspect a medal for identifying criminals (-yea sure-). But in this case I think it's not useful for him, to send these mails insuch short intervals, because you would fetch both mails at one loginand in one stream of data...Max I had no idea my contact may be an intel-op posing as an activist. Sotherefore I was not concerned that I should be up against intelcommunity. It would be interesting to hear if any other tor users have gottensimilar email patterns. Maybe its a new intel technique against tor. More reliable than astraight forward timing attack. -K- - Never miss a thing. Make Yahoo your homepage.
UK - Capping Unlimited ADSL Services Petition
Whoops - off topic - but helps Tor servers in UK. FYI.. if you are in the UK then sign up for this if you feel able. http://petitions.pm.gov.uk/Unlimited-ADSL/ Then email it to all your friends. Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games. http://games.yahoo.com/games/front
Re: router get by nickname on request to dir server appears to be failing
Nick Mathewson [EMAIL PROTECTED] wrote:On Sun, Mar 04, 2007 at 07:24:10AM -0800, Anon Mus wrote: [Reformatted: lines wrapped. You might want to see if you can get your mailer to wrap lines to 72 characters.] ***Yes, it was set to 99. (v0.1.1.26 client on Win2Ksp4+) I have a few nodes I exclude in my torrc with ExcludeNodesconfiguration. When I start tor (using vidalia) I get a series of error messages in mylog. eg [Warning] router_get_by_nickname(): You specified a server xxx byname, but the directory authorities do not have a listing for thisname. To make sure you get the same server in the future, refer to itby key, as $x. Yet these servers are all in my tor directory file and on xenobite'slisting https://torstat.xenobite.eu/. It is possible for the servers to appear in your directory without having a listing _by name_. Servers are listed as Named by directory authorities if the nickname has been registered with the directory authorities, and no other server is allowed to canonically use it. If the name isn't registered, then any server can claim to have that name. This is why Tor is suggesting that you identify servers by key, not name. I'll change this warning so it is more clear; thanks for the tip. ***Ok thanks, I undestand now. ***Suggestion: ***Seeing as how most servers nowadays don't appear to have officially registered names, could the system get the name from the ordinary directory, if it fails to get it from the directory authorities. A torrc file setting nicknamesource = [registerednamesonly, includedirectoryname] could keep it that way. Users beware using the includedirectorynames setting. Its simpler that way, if you have spare time. No need to say yes/no. I've noticed I even get routes (1st hop) to some of them, perhaps thisis because router_get_by_nickname() fails. I believe keys can change, so I use nicknames because they always seemto be there. ***Identity keys don't change for a given server, unless the server admin deletes the old identity key and generates a new one. ***I noticed they were changing (but weirdly not their nickname). Maybe they are using vidalia's change id button(??). ***large amount snipped ***For all the rest, I'll give it a try. ***That was great help, thankyou. - No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started.