Re: Is gatereloaded a Bad Exit?
On 01/30/2011 01:56 AM, morphium wrote: 2011/1/30 Damian Johnson atag...@gmail.com: The five relays Mike mentioned have been flagged as BadExits [1]. Adding them to your ExcludeExitNodes isn't necessary. -Damian That was really dumb, as it puts a lot more load on the Nodes that support encryption, and, as was mentioned before, _every_ operator could sniff. Hardly. An important difference is that some people specifically create exit policies to attract traffic worth passively sniffing. In any case, it hardly puts more load on nodes that support encryption unless they also are supporting the unencrypted protocols in the first place. I will change my Exit Policy now to something like 80, 6667, 21 and if you BadExit it, you'll loose another fast node. It sounds like there's now a known reason for your exit policy, I doubt anyone would bad exit you. All the best, Jake *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: exit node config for egypt IP range
On 01/28/2011 08:01 AM, forc...@safe-mail.net wrote: All Egypt ISP are offline, the gov has turned the full internet OFF. This isn't true. I have access to some machines in Noor - this is an ISP currently active in Cairo. All the best, Jake *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: tor-ramdisk 20101011 released for i686 only
On 10/11/2010 10:52 AM, Anthony G. Basile wrote: Hi everyone I want to announce to the list that a new release of tor-ramdisk is out. Tor-ramdisk is an i686, x86_64 or MIPS uClibc-based micro Linux distribution whose only purpose is to host a Tor server in an environment that maximizes security and privacy. Security is enhenced by hardening the kernel and binaries, and privacy is enhanced by forcing logging to be off at all levels so that even the Tor operator only has access to minimal information. Finally, since everything runs in ephemeral memory, no information survives a reboot, except for the Tor configuration file and the private RSA key, which may be exported/imported by FTP. Via FTP? It's probably not a good idea to export a private key without using encryption... All the best, Jake *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: The best way to run a hidden service: one or two computers?
On 09/24/2010 03:10 PM, Robert Ransom wrote: On Fri, 24 Sep 2010 17:34:05 -0400 hi...@safe-mail.net wrote: Robert Ransom: Also, if you haven't bothered to change your MAC address, an attacker with any UID can read it using ifconfig; your hardware manufacturers may have kept records of where the device(s) with that MAC address were shipped. I have heard of these attacks, like an attacker reading off your MAC address and even hardware serial numbers. I should be safe regarding serial numbers, but I am some concerned about the MAC address. It would be very nice to know how to change the MAC address so it says something different when you run the ifconfig utility. Could you, or anyone, please help me with that? I'm using Linux. Use the macchanger utility. Make sure you write down your original MAC first, in case you need to switch back to it later. Robert Ransom Try the following by hand: sudo ifconfig eth1 hw ether 00:00:00:00:00:00 # make this something believable All the best, Jake *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How to Run High Capacity Tor Relays
On 09/01/2010 02:28 PM, John Case wrote: Also, afaik, zero people in the wild are actively running Tor with any crypto accelerator. May be a very painful process... I'm not really interested in documenting it unless its proven to scale by actual use. I want this document to end up with tested and reproduced results only. You know, Science. Not computerscience ;) There was a _very_ interesting, long and detailed discussion of this about 1 year ago on this list. I really do think some subset of that discussion should be included in your lore, at the very least the parts pertaining to the built-in crypto acceleration included in recent sparc CPUs, which appear to be the only non-painful way to make this work. My impression was that a significant boost could be had by accelerating openssl using this on-chip features... If you're using a fast CPU, it's almost not worth the trouble to bother with hardware acceleration. All the best, Jacob *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tcpcrypt and tor
On 08/29/2010 09:21 PM, Gregory Maxwell wrote: Tcpcrypt (http://tcpcrypt.org/) proposes a new extension to TCP to enable opportunistic encryption with optional authentication. From a features and performance perspective, it's probably exactly what we need to get away from the almost-everything-in-the-clear Internet that we have today. This looks like a protocol by Adam Langley: https://secure.wikimedia.org/wikipedia/en/wiki/Obfuscated_TCP All the best, Jake *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Project 2008 Tax Return Now Online
On 08/15/2010 02:56 AM, Anon Mus wrote: I think you'll find that Tor only became officially incapable of protecting from such an adversary around 2004/5 when numerous request to add this protection to Tor was made. Since then its been the official policy not to protect from such a threat (so as to head off any complaints it does not do the job perhaps ??). [citation needed] It a good idea that you speak for Tor only, not other system here, where there are/have been genuine attempts to provide full anonymity, no get out clause. Nice story, bro. All the best, Jake *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: The State of the DNS and Tor Union (also: a DNS UDP - TCP shim)
On 07/04/2010 03:17 PM, coderman wrote: great info! my comments below... On Fri, Jul 2, 2010 at 6:15 PM, Jacob Appelbaum ja...@appelbaum.net wrote: ... While Tor users should always use Torbutton[-1] for their web browsing, not all applications have an equivalent plugin available. Torbutton addresses DNS leaks from within Firefox by ensuring that Firefox uses the local Tor proxy for its DNS name lookup requests. However, other applications may not do this and may, as a result, leak DNS requests. We try to discover if popular applications are leaky but, ultimately, any application that makes a DNS request may compromise your anonymity unless specifically configured to make that request over Tor. The central concern is thus for an applications that don't know to send their name lookup requests via Tor, or don't know how to do so. Tor can't protect these applications' requests. a better wording: ... ultimately, any application that uses DNS or UDP may compromise your anonymity. best intentions fail in the face of an attacker in most circumstances. Java can be configured to use explicit resolver endpoints regardless of suggested default proxy or other configuration. raw UDP sockets via third party plug-ins are worst case. note that even with transparent proxy configuration and DNS port you are at risk if the attacker can direct explicit DNS requests to a local resolver (over link-local route, not default gateway). this type of attack affects all VPN or transparent proxy configurations that do not use a /29 point-to-point router path. to add insult to injury, many commercial Linux based routers like ActionTek and D-Link use dproxy-nexgen resolvers accessible at link-local 192.168.1.1. a reverse lookup of the gateway itself provides not just the internal address but also the public IP and hostname from ISP. there are other caching resolvers used in captive wifi portals and other locations with same behavior. Nice catch. Do you want to provide some test cases for this? I guess it would be nice to see how wide-spread this problem is - it would also help us build in some protection mechanisms. ... Having a local DNS server is useful; many applications may only support SOCKS4, rather than SOCKS4A or SOCKS5 - their failure could lead to de-anonymization. It is also useful to ensure that possible DNS leaks will fail closed - if your system only knows about 127.0.0.1:53, it's hard but not impossible to leak DNS packets to the public internet. not really hard in any sense of the word. :( Can you give me an example of how you'd do this? I know that if a user does something like `dig @8.8.8.8 torproject.org` - the query won't go to 127.0.0.1:50 - But if you can do that, you've already won in a very serious way. I'd argue that you have arbitrary code execution and that if that is the threat, you'd simply need to hook ttdnsd as part of a transparent proxying setup. This was part of the original design of ttdnsd and it seems like that solves the leaking DNS issue entirely. === Old Hope: tor-proxy-dns ... Once, a long time ago, we had a super star programmer named Tup in our community. He was anonymous to us. He was a programming machine and we really miss him. We often wonder and worry about what has happened to our friend. He would crank out code in a myriad of languages that served all sorts of useful purposes. One of the things that he wrote was a small program in Python called tor-proxy-dns; this software was useful but written in Python, abandoned by the missing superstar, and generally lost to the sands of time. PERL, but that doesn't detract from the awesome that is Tup. Ah darn. Thank you for the correction. I haven't seen a PERL version of the program - do you have a link to the source? I noticed a newish python version was written by Dug Song. I think it's similar in scope to ttdnsd. sadly, we are not currently temporally propinquitous with Tup. I miss Tup and wish he would return. :-( VirtualAddrNetwork is an obscure but very useful option for decreasing latency at connection time. When enabled, Tor will automatically return a specially mapped IP address. Eventually, Tor will learn the real address and keep an internal mapping between the virtual address and the real address. Tor remembers this mapping for the duration of execution but it is not saved between Tor restarts. This works except in cases where the IP address is noted by an application, such as OpenSSH. This will decrease perceived and actual latency but it has frustrating side effects for some applications. the other trade-off with this approach is that is behaves very poorly with some applications that expect name resolution to fail on un-reachability (like .onion or .exit) rather than in-determinate connection establishment. A good point. I'll add that. that is, your application may
Re: The State of the DNS and Tor Union (also: a DNS UDP - TCP shim)
On 07/05/2010 03:07 PM, coderman wrote: On Sun, Jul 4, 2010 at 3:17 PM, coderman coder...@gmail.com wrote: ... a better wording: ... ultimately, any application that uses DNS or UDP may compromise your anonymity. i should mention that the Tor Browser Bundle when used as directed has been and continues to be most resilient to these attacks. while this is a very limited environment (no plug-ins, flash, java, etc.) these limitations are a feature ensuring your protection. I think that the TBB could use one and only one major enhancement: a DNS proxy that is used by all of the applications that ship with it. when you start using arbitrary applications or plug-ins with Tor or any other anonymity service you open yourself up to great risk as described here for DNS, not to mention other side channels avenues using TCP directly. I agree. I think that this is inspiring me to work on torwall a little more next week... All the best, Jake *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Using tor as proxy for the command line
Scott Bennett wrote: I think using nmap in the context of tor is really barking up the wrong tree. Perhaps, the goal was more general than Tor - it's specifically a set of patches for SOCKS5. Would you post your specifications for it, please? Specifications? There's an nmap branch with some basic SOCKS proxy support here: svn co svn://svn.insecure.org/nmap-exp/ioerror/ All the best, Jacob signature.asc Description: OpenPGP digital signature
Re: Using tor as proxy for the command line
exit operators by doing that. =20 I wrote a little program to ease my use of wget with Tor/Polipo/Privoxy: % cat tor-wget #!/bin/bash -x export http_proxy=3D127.0.0.1:8118 export https_proxy=3D127.0.0.1:8118 wget -U $@ EOF I also started working on a patch to nmap with Fyodor to work with SOCKS proxies; it's in my (ioerror) svn branch on the nmap subversion server. It sorta works but it's not great for anonymity because of the many kinds of packets that nmap wants to send. All the best, Jacob signature.asc Description: OpenPGP digital signature
Re: BadExit flag still needed for PrivacyNow...
Roger Dingledine wrote: On Thu, Apr 15, 2010 at 11:59:31PM -0500, Scott Bennett wrote: My weather satellite images got blocked again, due to the PrivacyNow exit using OpenDNS with a misconfigured account and the fact that ExcludeExitNodes still doesn't work reliably. Will the the authority operators *please* stick a BadExit flag onto that router's entry in the consensus? Thanks! Sebastian just confirmed for me that it was really happening, so I've set the BadExit flag for moria1. I agree that dns filtering is a good reason for earning the BadExit flag. Once tor26 or ides set it also, it should take effect. I've also set the authdirbadexit on urras for the PrivacyNow node. It seems like we should make a baddns flag at some point. All the best, Jake signature.asc Description: OpenPGP digital signature
Android Tor packages
Hi, The Tor Project has been working very closely with Nathan Freitas and The Guardian Project to create an Android release. This is an early beta release and is not yet suitable for high security needs. The Android web browser is not protected by Torbutton and we have not yet developed an anonymous browser on the Android platform. Please be cautious with this release, it's probably pretty fragile and it's certainly not ready for serious use. We've codenamed the Tor on Android project Orbot; Orbot is a single Android package that provides a new Tor controller, Privoxy as our trusty little HTTP proxy, libevent, and Tor itself. This Android package is using the C reference implementation of Tor. Orbot should be orders of magnitude safer than other Tor implementations on Android and it's our official release. Everything you'll need for using Tor is in the package. :-) We now have a webpage that discusses the Orbot Android package in some detail: https://www.torproject.org/docs/android.html Orbot has some commonly used features such as support for bridges. It also has advanced features such as per application Torification on modified devices (commonly called 'rooted' phones). It has been tested on Android 1.5, 1.6, 2.0, 2.1 and on non-standard customized builds of Android. We think we've ironed out most of the kinks but we're looking for some community feedback from devices in the wild. We'd especially like to hear about the UI and what applications you commonly use with Tor. When Orbot is successfully installed and running, it should provide a few standard interfaces to interface with the Tor network. Privoxy listens on 127.0.0.1:8118 - it's chained to the standard Tor SOCKS proxy on 127.0.0.1:9050. In addition, we have a DNSPort on port 5400. The DNSPort is most commonly used by the automagical per application Torification. These ports may change in the future; if they conflict with other common and popular applications, we'd like to hear about it. Our official builds are available from our website. As per our usual style of package releases, we're releasing the .apk package with gpg signatures: http://www.torproject.org/dist/android/0.2.2.9-alpha-orbot-0.0.2.apk http://www.torproject.org/dist/android/0.2.2.9-alpha-orbot-0.0.2.apk.asc If you'd simply like the latest Android package, please visit this url: http://www.torproject.org/dist/android/alpha-orbot-latest.apk If you have the barcode scanner, you'll be able to directly load the latest package by scanning the following QR code: http://www.torproject.org/img/android/orbot-qr-code-latest.png We plan to release Orbot in the Google Market in the near future. The Orbot package you install from our website and the application in the Market should be identical. In addition to the GPG signature, the .apk files contain a digital signature. If you're feeling reasonably paranoid, it's probably a fine idea to download the .apk from our website, check the gpg signature, and then install the package on your device manually. If you'd like to reproduce our builds from source, we've documented the build process here: https://svn.torproject.org/svn/projects/android/trunk/Orbot/BUILD If you'd like to read more about Orbot, we suggest you check out the source and start hacking around: svn co https://svn.torproject.org/svn/projects/android/trunk/ android/ Please remember that this is an early beta and please let us know about the bugs you experience! Best, Jake signature.asc Description: OpenPGP digital signature
Re: Android Tor packages
Marco Bonetti wrote: Jacob Appelbaum wrote: The Tor Project has been working very closely with Nathan Freitas and The Guardian Project to create an Android release. congrats! Thanks! We've codenamed the Tor on Android project Orbot; Orbot is a single Android package that provides a new Tor controller, Privoxy as our trusty little HTTP proxy, libevent, and Tor itself. another http proxy switch between polipo and privoxy! ;-) I'd like to know if there are any specific reasons for this time choice, like hardware support or ease of compilation or whatever. Maybe polipo timeouts when chained to Tor which were mentioned some times ago? It was largely an arbitrary choice at the time we started working on Orbot (sometime last fall). Congratulations, again, for the release: Tor on mobile devices is great. Thanks. What's your interest and focus for a mobile Tor? Best, Jake signature.asc Description: OpenPGP digital signature
Re: Tor on the Nokia N900 (Mobile Tor stuff)
7v5w7go9ub0o wrote: On 02/18/10 20:07, Jacob Appelbaum wrote: The performance of Tor is similar to any other Tor client - this is our reference C implementation running on the N900. With that said - You may want to hold out and get an Android phone. We're looking to do a release of Tor on Android next week. We have some very promising alphas and it's quite exciting! Please correct me if I'm wrong, but am a little surprised at the interest in TOR on Android - Android seems a closed, phone-home cloud computer with little/no regard for privacy or anonymity. I'd always wonder about a nice little log somewhere on my phone and/or in the cloud. I think that Android offers us a new possibility for telephones. I also like the N900 but I feel that Nokia often screws their user community. It's good to have options and so the more Tor on the more devices, the better. You may be interested in hearing about the Guardian project: http://openideals.com/guardian/ Additionally, you may also be interested in Noisedroid: https://www.noisebridge.net/wiki/Noisedroid Or perhaps the more well known cyanogen firmware: http://www.cyanogenmod.com/ All of those offer a possibility for an Android system built entirely from Free Software pieces. The big missing piece is the baseband and when last I checked there was not a single smart phone with a free baseband firmware. Harald Welte is currently working on on solving this problem for the Calypso chipset: http://laforge.gnumonks.org/weblog/2010/02/19/#20100219-announcing_osmocom_bb The future looks nice all around. Having Tor on as many of these devices will provide many people with options beyond what we can imagine. OTOH, IIUC, The N900 can be configured as a traditional lap/desktop. (Arguably, one may want to hold out for an entirely open-source meego N900 with the new Intel chip) The same can be said about almost any phone software. You can hack it and the barrier for entry is really the only sticking point. The N900 and Android aren't too terribly different from a consumer standpoint. If you're running the stock firmware from your phone provider, you're beholden to their backdoors or whatever crazy bugs they haven't patched. In any case, Tor provides you with a nice anonymity solution. It is far from perfect (baseband security issues, etc) but it's certainly better than nothing. Having Tor in the Android Market and having Tor in the Maemo repository allows people to choose. We'll also hopefully have Tor on Windows Mobile in the future but I can't seem to find anyone who wants to Bell The Cat. :-) Best, Jake signature.asc Description: OpenPGP digital signature
Tor on the Nokia N900 (Mobile Tor stuff)
Hi, I'm happy to announce that we've gotten Tor working as a client on the Nokia N900 GSM telephone. We've written up a blog post and some instructions. We'd love to get some feedback: https://blog.torproject.org/blog/tor-nokia-n900-maemo-gsm-telephone We're working on some other awesome mobile Tor stuff. Let us know what you'd like to see in the future! Best, Jake signature.asc Description: OpenPGP digital signature
Re: Tor on the Nokia N900 (Mobile Tor stuff)
The performance of Tor is similar to any other Tor client - this is our reference C implementation running on the N900. With that said - You may want to hold out and get an Android phone. We're looking to do a release of Tor on Android next week. We have some very promising alphas and it's quite exciting! Best, Jake signature.asc Description: OpenPGP digital signature
Android Was: Re: Tor on the Nokia N900 (Mobile Tor stuff)
Rich Jones wrote: Jacob - Are you aware of TorProxy / Shadow Browser for Android - http://www.cl.cam.ac.uk/research/dtg/android/tor/ - is this going to building on that? Either way, I'm excited. I've gotten quite good at Android stuff and would be interested in helping out, if you need a hand. Hi Rich, Yes - we've been somewhat in contact with the authors of TorProxy and Shadow Browser. They did great work and it's quite a slick pair of applications. However, the TorProxy in the Android market is absolutely unsafe to use. It is based on research code that was never intended for high security needs or real serious public use: http://archives.seul.org/or/java/Sep-2009/msg3.html Rather, we're working on building an Android package we've codenamed Orbot: https://svn.torproject.org/svn/projects/android/trunk/Orbot/ Orbot will replace the TorProxy component and it includes the C reference implementation of Tor. It will also ship with Privoxy (although we're also looking into Polipo) to provide an HTTP proxy as well as the normal SOCKS4A/5 proxy interface into the Tor network. We don't have a great solution for Shadow at this point and it's non-trivial to sew it into Orbot. Nathan has a better grasp on the Android internals that make the web browser component complicated across Android versions. Perhaps he'll weigh in on it... In any case, we're may move to a hybrid model for some mobile phones. It's easy to provide a compiled Tor binary (the C reference implementation) and a Java Tor implementation [0] in a single container. This should allow for greater compatibility and hopefully everyone will have better anonymity as a result. Best, Jake [0] http://github.com/brl/JTor signature.asc Description: OpenPGP digital signature
Re: Tor argument at BoingBoing
David McKeegan wrote: On 26 Jan 2010, at 11:07, Jens Kubieziel wrote: * David McKeegan schrieb am 2010-01-26 um 10:55 Uhr: Perhaps some here would care to post in defence? In my opinion it is not worth the hassle. Never argue with an idiot. They will only pull you down to their level, then beat you with experience. I agree that you can't change the minds of idiots, but I think it is important to publicly refute them - especially in a forum with an audience of thousands. I gave it a shot and I think that it's helpful for people to state why they use Tor. When people complain about malware traffic exiting from Tor, it's great to see someone say: I use Tor for malware research and it keeps me safe. Best, Jake signature.asc Description: OpenPGP digital signature
Re: Tor Project infrastructure updates in response to security breach
Mike Perry wrote: I suppose I could also create a rogue code signing certificate and provide that over SSL for people to install, but then I wonder if vanilla Firefox will reject my XPIs then because they are signed, but with an invalid cert. I have a few of those laying around. I guess we could run some tests and find out? Best, Jake signature.asc Description: OpenPGP digital signature
Running Tor Bridges on a Chumby One
Hi, I've been talking with Andrew Huang [0] about running Tor on the new Chumby One device. It's a pretty nice device that he designed; it runs Linux and it's very hackable. He ran with the idea of putting Tor (configured as a bridge) on a the Chumby One. He wrote up how to do it here (step by step and binary builds): http://www.bunniestudios.com/blog/?p=800 If you're interested in a small box to run a bridge, I think the Chumby One looks like a great device. It's very hackable and the designer is not only a fan of Tor, he's hacking on it to make it work with the Chumby One! Awesome! Best, Jacob [0] http://en.wikipedia.org/wiki/Andrew_Huang signature.asc Description: OpenPGP digital signature
Re: polipo POC
Darren Thurston wrote:
#!/usr/bin/perl
# estranged.pl
# AKA
# Polipo 1.0.4 Remote Memory Corruption 0day PoC
Cute.
$payload = GET / HTTP/1.1\r\nContent-Length: 2147483602\r\n\r\n;
The proof of concept works as advertised. Wheee.
Here's a simple patch (that probably breaks some requests and is
imperfect) to stop the proof of concept while we wait on upstream to
provide a real fix for it:
--- polipo-1.0.4/client.c 2008-01-08 14:56:45.0 +0200
+++ polipo-1.0.4-fixed/client.c 2009-12-09 15:30:53.0 +0200
@@ -998,7 +998,7 @@
return 1;
}
-if(connection-reqlen connection-reqbegin) {
+if(connection-reqlen connection-reqbegin (connection-reqlen
- connection-reqbegin ) 0 ) {
memmove(connection-reqbuf, connection-reqbuf +
connection-reqbegin,
connection-reqlen - connection-reqbegin);
connection-reqlen -= connection-reqbegin;
Using memmove like that is extremely unsafe. :-(
Best,
Jacob
signature.asc
Description: OpenPGP digital signature
Re: US Customers: anyone helping me?
thomas.hluch...@netcologne.de wrote: Hello altogether, for my Sun Hosts I would like to have a Crypto Hardware Accelerator Card. At ebay.com there are some. Especially this one is what I want to get: http://cgi.ebay.com/Sun-X6762A-375-3089-Crypto-Accelerator-1000_W0QQitemZ180440049586QQcmdZViewItemQQptZCOMP_EN_Networking_Components?hash=item2a0310a7b2 Unfortunately the owner sells only within the USA, but I live in germany. I wrote him and asked if he would make an exception, but he doesnt. At ebay.de there is nothing like this. So can someone living in the US get this, then sending it for me to germany? If so, please contact me by mail directly (my PublicKeys can be obtained from the keyservers) Will you attend the 26c3? If so, there's a large Tor gathering planned and I'm sure someone will gladly bring it along for you. Best, Jacob signature.asc Description: OpenPGP digital signature
Re: DisableAllSwap question
Scott Bennett wrote: I'm currently running 0.2.2.5-alpha but will probably move to 0.2.2.6-alpha fairly soon. In the Changelog there is a note about a new option available in 0.2.2.6-alpha called DisableAllSwap. I'm running FreeBSD, and my only swap area is GELI-encrypted disk slice. Doesn't that effectively accomplish the same thing on my system without requiring a lot of real memory to be tied up in fixed pages (a.k.a. wired pages)? Or is there some further advantage to be gained by using both that I've missed? The goal behind DisableAllSwap is to ensure that no memory is ever paged out to disk. If you have encrypted swap space, it's probably not an issue if your have information swapped out to disk. There may be some speed improvements from never having memory paged out to disk but it's probably minimal. If you'd like to test it, we'd sure would love to know if it works properly on FreeBSD. Best, Jacob signature.asc Description: OpenPGP digital signature
Re: livejournal ban tor-nodes
James Brown wrote: The Livejournal has blocked access to that resource through the Tor. It is certainly the consequence of purshasing the LJ of Russian company SUP by order of Putin and FSB. That decision of Russian powers of purshacing the LJ was adopted because many Russian oppositionists used it in the conditions of suffocation of freedom of speech by Putin's bloody fascist regim. I think that all progressive humanity must require from the US President B. Obama to order the FBI to investigate the circumstances of purshasing the LJ by Russian company that was acted obviously as an agent of Russian secret services against the foundations of the constitutional order of the USA. Hello, I'm heading over to the LJ offices (in San Francisco) to discuss this ban with them in the next thirty minutes. I'll let you know how it goes and why it happened. Best, Jacob signature.asc Description: OpenPGP digital signature
Re: livejournal ban tor-nodes
James Brown wrote: Jacob Appelbaum wrote: James Brown wrote: The Livejournal has blocked access to that resource through the Tor. It is certainly the consequence of purshasing the LJ of Russian company SUP by order of Putin and FSB. That decision of Russian powers of purshacing the LJ was adopted because many Russian oppositionists used it in the conditions of suffocation of freedom of speech by Putin's bloody fascist regim. I think that all progressive humanity must require from the US President B. Obama to order the FBI to investigate the circumstances of purshasing the LJ by Russian company that was acted obviously as an agent of Russian secret services against the foundations of the constitutional order of the USA. Hello, I'm heading over to the LJ offices (in San Francisco) to discuss this ban with them in the next thirty minutes. I'll let you know how it goes and why it happened. Best, Jacob Very thanks Hello again, In summary: Mike Perry and I just had a visit to the San Francisco Livejournal office. The servers at LJ are currently being abused by two users in Russia. They are currently blocking access to all of the Tor exit nodes with a rather crufty (but effective) screen scrape of some Tor status page. They'd like to lift this ban and they'd like to see the abuse stop. They recognize that many legitimate users are now out in the cold and they'd like to allow Tor to access LJ. The service abusing their systems is http://lj2rss.net.ru/; lj2rss provides a user with an RSS feed of their LJ friends page (normally a paid service). LJ considers this abuse and has attempted to block this service. Lj2rss was previously run through basic HTTP proxies. It has apparently evolved as a service. The lj2rss people decided to ditch HTTP proxies for the public Tor network. This has caused LJ to filter _all_ access from the Tor network as a quick hack to block their service. LJ is unhappy with this as they realize this means that many people are not able to reach LJ. They want to find a solution to this total method of blocking. They only want to stop lj2rss and not everyone who actually needs Tor to legitimately use LJ. We've suggested that rather than outright blocking, users should be redirected (http 302 rather than 502) to a status page explaining the outage information. We've also suggested they can have user puzzles or require a specific login (paid accounts or flagged in some way). As far as I can tell, this is not a conspiracy by SUP or any other measure taken on behalf of SUP. The sysadmins at LJ are simply trying to combat someone abusing their service. LJ said that they're going to change their status page shortly to explain the block. They're also working on methods to block the lj2rss people and not every single user of the Tor network. I hope this is helpful and that the users of Tor will be able to access LJ services again shortly. Best, Jacob signature.asc Description: OpenPGP digital signature
Re: Anyone running Tor on routing/switching hardware ?
Eugen Leitl wrote: On Fri, Oct 30, 2009 at 03:22:55AM -0400, grarpamp wrote: Best market for such porting efforts might be the millions of home linksys gateway type thingies out there that run some sort of linux under the hood. IIRC SheevaPlug dev kit comes with Ubuntu 9.04 preinstalled, arguably you can pull in an entire developer environment on a large enough flash filesystem, and roll your .deb packages. Perhaps somebody should sent a SheevaPlug with a large flash card to Tor developers. Of course supporting a yet another architecture is a PITA, but on the other hand we would know the packages come from a trusted source. I'm certainly interested in a SheevaPlug and if there was an interest, I'd build packages for it. I'd have to get one first but I'm not sure if it's being used by anyone? Best, Jacob signature.asc Description: OpenPGP digital signature
Re: Orbot: An Anonymous Proxy for Android using Tor
Eugen Leitl wrote: http://openideals.com/2009/10/22/orbot-proxy/ Orbot: An Anonymous Proxy for Android using Tor Thanks Eugen, I wrote a nice BUILD document and sent it to or-dev last night. Here's a copy of the mail for those not on or-dev: Original Message Subject: Tor on Android - Progress! (Orbot) Date: Sun, 25 Oct 2009 00:22:48 -0700 From: Jacob Appelbaum ja...@appelbaum.net To: or-...@freehaven.net Hello *, Nathan and I have been working on making a viable, secure and usable port of Tor to the Android platform. There have been a few attempts at getting Tor or Tor like software (onion coffee, etc) to run on Android. The most notable was probably Adam Langley's initial attempts. For quite sometime, Nathan and I tried a few different approaches. Finally, we stumbled upon a method for calling arbitrary binaries that are stored as assets in a package. Nathan wrote a little about this method here: http://openideals.com/2009/10/22/orbot-proxy/ We spent most of today working on an Orbot build document: https://tor-svn.freehaven.net/svn/projects/android/trunk/Orbot/BUILD The BUILD document starts a user off without any Android tools on their system. By the end of the tutorial, you'll have a working, signed Orbot package. We will endevor to keep this document up to date. Orbot provides a simple way to run the C reference implementation of Tor. This means that we can have hidden services and all of the rest of the Tor client/server/bridge functionality on Android. I expect that hidden services will become popular if someone ports TorChat to Android. Tor itself exposes the usual SOCKS proxy and Orbot extends this by also offering an HTTP proxy. Part of the code that powers the HTTP proxy is a powered by a fork of jsocks. We've named it asocks (Android SOCKS) and put it in subversion: https://tor-svn.freehaven.net/svn/projects/android/trunk/asocks/ The UI for Orbot really needs a lot of work. It will require a lot of polish. Currently, it does do very basic controlling of Tor; it's mostly by brute force and doesn't use anything fancy with the control port. The next step will be to create a second application that actually uses Tor. It will likely be a web browser that specifically utilizes Tor for everything. This will be similar in scope to what Conell did for TorProxy with his Shadow browser: http://www.cl.cam.ac.uk/research/dtg/android/tor/ It is likely that we'll replace TorProxy in the market after we're pretty sure that we're on the right path. If you'd like to try a build of Orbot, I've put up an early alpha build: http://freehaven.net/~ioerror/Orbot-signed-alpha-24-10-2009.apk If you have an android phone, you can scan this QR code to download and install the package: http://freehaven.net/~ioerror/orbot.png This is our first alpha release and we'd love some feedback... Best, Jacob signature.asc Description: OpenPGP digital signature
Tor and Java
Hi, Roger and I recently decided we should have a list centering around Tor and Java development. The tor-java list is now live and is welcoming new subscribers: http://archives.seul.org/tor/java/ Best, Jacob signature.asc Description: OpenPGP digital signature
Re: Tor for Android
It also seems like TorProxy should have a new identity button. Shadow suggests that users should restart TorProxy if connections fail and that seems costly. Perhaps it's not too costly on the network or cpu? The Shadow Browser/TorProxy setup seems like a pretty great start for anonymity on Android. It's great stuff! Exciting! Best, Jacob signature.asc Description: OpenPGP digital signature
Re: Introducing Torfox 3.0.10
Tor Fox wrote: Jacob wrote: That sorta seems like a risky proposition, no? In what way? It doesn't appear to protect you against a variety of attacks? Have you read the design document that Mike wrote about Torbutton? https://www.torproject.org/torbutton/design/ Do you integrate Torbutton or something like it in some way? It works more like Freecap but I've added the code directly to the Firefox socket code. Torbutton does more than simply set a proxy. Hooking the sockets may be useful, I'm pretty sure that won't protect you against say, rogue browser extensions that are often installed on Windows machines. Those seem to pop up from time to time and we've disabled that feature in the Tor Browser Bundle. You may want to look into that also. Additionally, if Firefox only talks to Tor, do you have a control port open? No, only the socks port 9060 (non-default) is open. Why not use 9050? To not conflict with other running Tors? I assume I'd just find the matching files in Firefox 3.0.10 and clobber them with your files? That's right. Ok. How does someone replicate your builds on torfox.org? Do you plan on publishing that too? Perhaps it would be useful to have a README.build with patching and building information? After you replace the files you can build Firefox normally. Other than those 3 source code files in the SVN I've only changed the branding stuff and startup options. I just search and replace the string firefox with torfox and I have some icons and graphics I've made. I have some parts I need to automate but I will definitely add a build section and the branding stuff for building from source. It is important to be able to build it and produce the same binary that you offer for download. It seems like you're not getting much more over the current Tor Browser Bundle. Additionally, do you take into account the non-Torbutton protection and usability improvements that we have added? I think it just appeals to a different style of usage. That's the reason I wanted to make it anyways. I've disabled Java, set it to auto delete private data on shutdown, etc. I'm looking for input as far as what kinds of protection needs to be added. I'm not sure what you mean when you say that it appeals to a different style of usage. Do you mean because it lacks a Torbutton logo, or that it lacks Vidalia? We do a lot to protect users with the Tor Browser Bundle (much of it is protection added by Torbutton), it would be a really good idea to make sure you're familiar with those things. I look forward to reproducible builds! Don't forget the pgp signatures too. ;-) Best, Jacob
Re: Introducing Torfox 3.0.10
Tor Fox wrote: http://www.torfox.org/ Torfox is a mashup between Tor and Firefox. I’ve made changes to Firefox's source code, at the socket level, forcing all connections to be encapsulated with a Socks4 connection through tor.exe. All DNS lookups are done with a piped call to tor-resolve.exe to prevent DNS leaks. There is no configuration needed for Tor. It's included in the installer. The browser will start and stop Tor automatically on a non-default port to prevent conflicts. I have uploaded the only changed source code files to http://torfox.googlecode.com/svn/trunk/source/3.0.10/ and the rest can be downloaded from Mozilla and the Tor Project. Huh. Interesting. That sorta seems like a risky proposition, no? Do you integrate Torbutton or something like it in some way? Additionally, if Firefox only talks to Tor, do you have a control port open? Also, I looked at the svn tree you published and it appears to only have three files: http://torfox.googlecode.com/svn/trunk/source/3.0.10/prnetdb.c http://torfox.googlecode.com/svn/trunk/source/3.0.10/nssinit.c http://torfox.googlecode.com/svn/trunk/source/3.0.10/w95sock.c I assume I'd just find the matching files in Firefox 3.0.10 and clobber them with your files? How does someone replicate your builds on torfox.org? Do you plan on publishing that too? Perhaps it would be useful to have a README.build with patching and building information? It seems like you're not getting much more over the current Tor Browser Bundle. Additionally, do you take into account the non-Torbutton protection and usability improvements that we have added? Best, Jacob
Re: DNS statistics from node operators
Olaf Selke wrote: Jacob Appelbaum wrote: I'm looking into some simple DNS related statistics in the Tor network. Specifically, I wrote a small patch that tells an operator the total number of cached entries for their node. I'd like to know about your DNS cache size, especially if you run a fast node! how does tor dns caching work? My exit gw's tor process size increases by about 50 MB each TB of tor traffic. Generally speaking, your Or will cache a couple of record types when people use you to resolve names (A, PTR). You'll keep them cached for a maximum amount of time (defined in the source code) or less time depending on the returned TTL. Generally, your OR resolves names when someone extends a circuit through you for a connection or when they explicitly use your node for name resolution. I was actually hoping to get statistics from you specifically, so I'm glad that you responded! Please let us know how large your cache gets? It would be interesting to see the average size of the cache for the top twenty nodes. My node 'trusted' for example certainly does not have 50MB of entries: Jun 03 21:20:51.271 [notice] Our DNS cache has 28 entries. Jun 03 21:20:51.271 [notice] Our DNS cache size is approximately 9856 bytes. My exit policy on 'trusted' allows *:53. Simply being able to resolve names doesn't increase my cache size too much. Badbits on the other hand does allow a few other ports and today, it has a much larger cache: Jun 03 14:26:37.577 [notice] Our DNS cache has 3473 entries. Jun 03 14:26:37.577 [notice] Our DNS cache size is approximately 1104968 bytes. Best, Jacob
DNS statistics from node operators
Hi, I'm looking into some simple DNS related statistics in the Tor network. Specifically, I wrote a small patch that tells an operator the total number of cached entries for their node. I'd like to know about your DNS cache size, especially if you run a fast node! Here's an example of this feature in use with my node 'badbits', a node that averages about 20-30Mb/s. I'm running a very alpha version where Nick merged my DNS cache counting patch: r...@badbits:~# tor --version Jun 02 17:15:22.293 [notice] Tor v0.2.2.0-alpha-dev. This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Tor version 0.2.2.0-alpha-dev. r...@badbits:~# pkill -SIGUSR1 tor r...@badbits:~# grep -i dns /var/log/tor/notices.log Jun 02 17:14:33.597 [notice] Our DNS cache has 3486 entries. Jun 02 17:14:33.597 [notice] Our DNS cache size is approximately 1108920 bytes. Best, Jacob
Re: Tor Bulk Exit Exporter Broken - check.torproject.org
Arrakis wrote: http://check.torproject.org/cgi-bin/TorBulkExitList.py Reports error: Mod_python error: PythonHandler TorBulkExitList Traceback (most recent call last): File /usr/lib/python2.4/site-packages/mod_python/apache.py, line 299, in HandlerDispatch result = object(req) File /var/www/tor-detector/cgi-bin/TorBulkExitList.py, line 198, in handler updateCache() File /var/www/tor-detector/cgi-bin/TorBulkExitList.py, line 103, in updateCache parsedList = open(parsedExitList, 'w') IOError: [Errno 2] No such file or directory: '/tmp/TorBulkCheck/parsed-exit-list' Hi, Thanks for pointing out the issue. I've fixed it and the site is back up. In the future, please feel free to mail tor-assista...@torproject.org with issues about services we offer. Generally, I read that email before the public mailing list posts. Others who help out might do the same. Thanks again, Jacob
Re: tor-browser bundle on XP
Arrakis wrote: Phobos et al, xB Browser installs giving a user a choice of two modes. The first is Tor, the second is the XeroBank network. xB Browser is included in the XeroBank Installer bundle which includes xB VPN and xB Mail as well. xB Browser, if Tor is installed, will just run Tor for it's connection client. I think there's some confusion here. In a previous thread you suggested that XeroBank [0] doesn't use Tor. This is confusing because your source package contains a Tor binary: /tmp/xb% 7z e XeroBank_Source.zip /tmp/xb% find .|grep -i tor ./history.dat ./tor-resolve.exe ./localstore.rdf ./Tor ./torcircuitstatus.exe ./Torcircuitstatus ./torcircuitstatus.dll ./tor.exe ./TOR_user.js ./.autoreg ./formhistory.dat It looks like Tor is included with your software. Regards, Jacob [0] http://archives.seul.org/or/talk/Dec-2008/msg00053.html
Re: UK internet filtering
Gregory Maxwell wrote: On Sat, Dec 6, 2008 at 8:39 PM, [EMAIL PROTECTED] wrote: On Sat, Dec 06, 2008 at 07:49:58PM -0500, [EMAIL PROTECTED] wrote 0.2K bytes in 4 lines about: : I've confirmed the reports of UK ISPs censoring Wikipedia using some : UK tor exists. http://en.wikinews.org/wiki/UK_ISPs_erect_%27Great_Firewall_of_Britain%27_to_censor_Wikipedia I intentionally did not link to the Wikinews article: They're often junk. I've confirmed this report by talking to people in the UK. At least two of them are filtered in the manner stated by the Wikinews article. I imagine that you can also observe by exiting through certain nodes that have censoring ISPs. I wonder if these nodes should be marked as bad exits? Best, Jacob
Re: Tor on Nokia Internet Tablet?
Clemens Eisserer wrote: Hi, I've about ~768kbit/s upstream and an un-used Nokia770 internet tablet, with an ARM9 clocked at 250mhz. Do you think it would make sence running a TOR relay on it, and do you think the ARM would be able to keep up even with this low bandwith. Some performance tests suggested its about as fast as a Pentium-90. Thank you in advance, lg Clemens Hi! Recently I was given a Nokia 770 by a Nokia Researcher/Developer in Manaus. Specifically, I have some plans to (in the next month - unless something more pressing comes up) make official Tor packages for the 770. I doubt that it would make a useful Tor relay but the 770 does come with software that will use proxies. Specifically, pidgin (the IM client) appears able to use a SOCKS5 proxy. I'll make some packages in the near future and then let people know where to download them... Best, Jacob
Re: xB Mail: Anonymous Email Client
Arrakis wrote: It's appropriate to repeat it because you're spamming this list again with your ideas about licensing. You continue your attempts to ride on the coat tales of the Free Software and Open Source licenses that came before you. Jacob, I'm not spamming the list with licensing ideas. I commented that the idea contributions would be used in a software licensed under TESLA, as that is a legitimate caveat for those here, as expressed before. Your further illustration is a testament to the legitimacy of that caveat. Sigh. Actually that's just what you did when you replied to Seth and that's just what you're doing in the paragraphs below. Stop wasting our time debating the meaning of specific software licensing terms. *The TESLA software license is neither 'open source' or 'free'/'free software' as people commonly understand those terms.* As people commonly understand those terms, I disagree. For the 99.% of the users out there, it is free and open source. They don't hit any restriction. Download it, modify it, sell it, redistribute it modified or unmodified. That .0001% that apparently some people feel outraged over, only represents the addition of backdoors/spyware, or commercial theft. It would be reasonable to say that many people don't understand software licensing. You are clearly one of those people. Please consider learning about Free and Open Source software licensing ideas: http://www.gnu.org/philosophy/free-sw.html http://opensource.org/docs/osd These are the definitions used by people who write software on this list. You seem to be the exception as far as I've read. Stop misusing those terms and people will stop calling you on it. It's a factual debate and the facts aren't on your side. Shall I say it again? While we can all love Richard Stallman, your choice of definition is not universal. That the software is open source and free, is dependent on your purpose being non-malicious. I'll clarify, as per your reply: FOSS definitions != fact. They are colloquial, they are subjective terms. Sigh. It's depressing to watch you beat your head against the wall here. That you restrict your users pretty much means that your software isn't Open Source or Free Software. warning: spam licensing idea ahead, involves gpl... We could license it under GPL, but wrap that in a license / software that says you can't get to the GPL license if you have malicious intent (possible?). It just seems easier to use a single license. I don't have any real comment about this. It's immaterial to the discussion as far as I can tell. I don't want to discuss creation of software licenses. To be clear, your xB* software doesn't belong on or-talk because it has next to nothing to do with Tor. I'm not sure if you're aware of it, but there are both security and anonymity implications for passing mail over tor that should be discussed. And if you haven't understood it yet, we are indeed talking about passing mail over tor, because that is exactly what the software will do, presumably. Of course I'm aware that there are both security and anonymity implications for sending email over Tor. As far as I can tell, you haven't decided if you want to use Tor or Mixmaster. It seems like you should probably do some high level design on your own software and then ask for advice. Which of course seems weird to say because it sounds like you were so close to being finished with it... That is what _I_ want to discuss. My only caveat is telling contributors how I plan to use the information they share. I don't want people to be angry that I used information or methods in a way that wasn't suitable to them. That seems like a pretty straight forward issue. For some reason, Seth thought my disclosure of use required comment, in the interests of malware producers who might be contributing in the hopes of introducing malware/spyware. Reductio ad absurdum, that is the logical conclusion to the objection, if it isn't purely for attempting to open discourse about subjective terms. Maybe I should think of Seth's post as less of an objection and more like a wikipedia stub, but then again that isn't how he phrased it so I'll take the comments as they come. Huh. Ok. If you configure a mail client to use Tor, no one else needs to know about it. I remember your same posts about incoginto, tor browser, torpedo, vidalia, torbutton, janusvm, rockate, etc. You're right. Discussion about software projects that implement tor don't belong in or-talk. Sure. How am I supposed to take your comments seriously, Jacob? That lack of evidence doesn't seem to bloster that claim as your motive. Maybe you're just a very easy-going guy and decided here is where you would make your stand for disallowing discussion on or-talk of software that integrates tor, and things that aren't purely about tor project itself. In your email you indicated that you weren't
Re: xB Mail: Anonymous Email Client
Arrakis wrote: (I don't think it's necessary to repeat that thread.) Then I'm unsure why you thought it appropriate to repeat it now. It's appropriate to repeat it because you're spamming this list again with your ideas about licensing. You continue your attempts to ride on the coat tales of the Free Software and Open Source licenses that came before you. *The TESLA software license is neither 'open source' or 'free'/'free software' as people commonly understand those terms.* If FOSS is your jesus, that's fine. If you don't mind spyware makers and for-profit codejackers being the only ones getting a boot in the face, that's fine too. The point being, it is not your prerogative to choose my software religion, or that of others. It's absolutely reasonable to point out that the TESLA license isn't what it purports to be. Get an OSI certification on the license and then call it 'open source' software. He's not telling you how to license your code. He's telling *other people* what your code license isn't. You're misusing terms they're familiar with and it's fair to let people know the history behind your misuse of the terms. The posts speak for themselves. And if it was merely your noble intention to bring relevant subject data to light, rather than embarrassing the EFF by making a comment antithetical to their existence and attempting to derail a thread, then we should seriously consider uploading your consciousness to the google collective. You're crossing the line here. Seth isn't embarrassing the EFF. He's pointing out that you're misusing the terms you throw around without fully understanding them. As an EFF supporter, I certainly find his behavior to be reasonable. Stop misusing those terms and people will stop calling you on it. It's a factual debate and the facts aren't on your side. Kind Regards, Arrakis P.S. Privacy enhancing technologies are a young science. Who knows, some people might appreciate such a license.. People might. When you find them, please start a mailing list so that people who care will sign up and then they can read all about it. This kind of discussion doesn't belong on or-talk anyway. To be clear, it's not because of your licensing that the emails aren't a fit. Your licensing is just a hilariously bad mistake. One that you keep repeating to the same crowd of people you ask for advice (that you never seem to take). Over and over and over again. I'm sick of it. I'm also not interested in you attacking Seth because you do not comprehend Free and Open Source licensing terms. To be clear, your xB* software doesn't belong on or-talk because it has next to nothing to do with Tor. If you configure a mail client to use Tor, no one else needs to know about it. Please stop spamming or-talk with details of your software projects. Please take the discussion somewhere else. Pretty pretty please, Jacob
Mapping the physical locations of Tor nodes
Hi, I've been thinking about the physical distribution of Tor nodes around the world. I wrote a really simple parser that does geo-ip lookups of public servers and plots them on a map. If you're interested in seeing almost all of the Tor servers on a global map, check it out here: http://crypto.nsa.org/maps/tormap.html As an extra effort just because it's a small dataset, I also tried to map all of the mixmaster servers: http://crypto.nsa.org/maps/mixmastermap.html If anyone has any interest in this, I'll probably automate it and put it up somewhere else. Best, Jacob
Re: Mapping the physical locations of Tor nodes
Bryan L. Fordham wrote: Jacob Appelbaum wrote: Hi, I've been thinking about the physical distribution of Tor nodes around the world. I wrote a really simple parser that does geo-ip lookups of public servers and plots them on a map. Hi Jacob. I have something similar at http://socialistsushi.com/tormap/ Hi Bryan, Is any of your code available? I'm using the geoip database from MaxMind[0] and it's showing the same distribution as some of your images. Which GeoIP database are you using to identify nodes in Africa? Curious, Jacob [0] http://www.maxmind.com/download/geoip/database/
Re: Phish filters on exit nodes
Geoff Down wrote: Hi, I work in antiphishing, and use Tor to access some phish sites. Today I got an OpenDNS Phish Warning page instead of the phish I was trying to see. The site was visible with Tor switched off. Is there a policy regarding content filtering at exit nodes? I recorded the 'Connections' data at the time, is there any point in trying to work out the exit node involved and trying to contact them? Try visiting the OpenDNS preferences page from that node. Someone other than the Admin of the node may have enabled the OpenDNS anti-phishing features. You may also just want to email the admin of the Exit node and ask in the first place... (Disclaimer, once in another lifetime, I worked on OpenDNS and it may not even be possible to change the preferences of a given IP address in such a way anymore...) Regards, Jacob Appelbaum
Re: List of exit nodes wanted
Jamie McCarthy wrote: These don't look like official URLs, so if they go dead in a year I guess I'll ask or-talk again. This might be more efficient for my code than the DNSEL, so I might end up using it despite the false positives/negatives. Hi there, I'd really like to encourage you to use the DNSEL. I run exitlist.torproject.org and I'd like to encourage you to use it. We created it specifically just for people with the problem you have. You can use a caching name server and you'll have a fast system once you've done an initial lookup. Regards, Jacob Appelbaum
Re: GSoC Idea: Packaging Tor+Vidalia
Peter Palfrader wrote: On Fri, 21 Mar 2008, Adna rim wrote: My solution at the moment is stopping the tor daemon and removing it from the runlevels through vidalia's postinst script. Mucking with another package's config is a serious policy violation. Such a package would never be acceptable for Debian. That was my thought as well. However, I'm curious what your thoughts are on the Debian Way (TM) to solve this problem? Perhaps to patch the tor init.d script in the Tor package to check for a flag that can be set by the Vadalia package? Regards, Jacob
Re: Tor and Firefox 3
defcon wrote: I am a linux user, therefore I am not interested in xerobank products. If Xerobank decides to setup there service for linux I may be interested in the future. I do appreciate anonym's response, thankyou. Any other ideas for replacing torbutton until torbutton fixes there addon for firefox 3? I would suggest using the most recent version of Torbutton-dev and Firefox 2. It's well tested and while there may be some problems, it's probably going to be your best bet. Regards, Jacob
Tor on the OLPC: Working as a server!
the outside. Excellent. Mar 14 00:56:10.790 [notice] Self-testing indicates your ORPort is reachable from the outside. Excellent. Publishing server descriptor. Mar 14 00:56:25.685 [notice] Performing bandwidth self-test...done. Furthermore, lsof should show Tor: -bash-3.2# lsof -ni|grep tor tor 3224 _tor7u IPv4 73211 TCP *:etlservicemgr (LISTEN) tor 3224 _tor8u IPv4 73212 TCP *:9030 (LISTEN) tor 3224 _tor9u IPv4 73213 TCP 127.0.0.1:9050 (LISTEN) I hacked up a little bash script[0] (based on Weasel's zsh dotfile) to test that I could reach it from the outside and it seemed to be registering itself with the directory authorities just fine: ./sd olpc router olpc 1.2.3.4 443 0 80 platform Tor 0.1.2.19 on Linux i586 published 2008-03-14 07:50:42 opt fingerprint B286 353F 0BE3 8D25 CB50 00BE A2D5 B006 A8E4 DEB4 uptime 28 bandwidth 3145728 6291456 0 onion-key -BEGIN RSA PUBLIC KEY- MIGJAoGBAMCMsWTN44Bhe7ZpfiHg6q5OLxVqKGdno/hG4zBHReEnNbsmgequLQBK 6xxlCyf5XuriTaCduhatV2TSBT2l0VlqN41KskrT6MtqCwbcSwwxjBpNNG3oHBaQ 94rl0Y8K4yO2oGdxEoPWOBH/rCompy7oU2CtH5kxCfP2dCiQlRv9AgMBAAE= -END RSA PUBLIC KEY- signing-key -BEGIN RSA PUBLIC KEY- MIGJAoGBAJaBLJfwJROa1X11yOnOFIjIhJIZtht5/bjL9CwGWlSrnr8ftQ3sRfFI WUESBv9JXPNyRghyOpEB0MKNXybc8zc0BfQBrzpNCEBHP/O/hwKcYmXupkvkJFEY MPuaqxbX0D9n5LT39gVHBvU467NHXsVq72VIFxDB1ARvRsZxi1aDAgMBAAE= -END RSA PUBLIC KEY- opt write-history 2008-03-14 07:48:57 (900 s) 149504,7168,8192,0,13312,0,14336,0,23552,2048,18432,4096,13312,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 opt read-history 2008-03-14 07:48:57 (900 s) 2629632,3072,191488,0,196608,0,206848,0,335872,2048,224256,2048,263168,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 reject *:* router-signature -BEGIN SIGNATURE- JXCuqec8OIA33pxJYTh44TwBhaxaA8HNVoxVg4F/zTW1AXzvkeXtKk2iaCe0DEmY W4jTovOFLYLka4hCl5ZTtSez8FnoeRq2bWYRz/NoSkDLRAqJ3Js/9aJDxNSj345f Nyr58l63m2eRtzlpBamgAXuZL49tRJmK9Uqfk1Yq0NY= -END SIGNATURE- Enjoy! Regards, Jacob Appelbaum [0] https://tor-svn.freehaven.net/svn/tor/trunk/contrib/sd
Re: Tor on the OLPC: Working as a server!
Wilfred L. Guerin wrote: confirmed dec 2007 unit with Jan (*91) update with the following errors: also need to configure for school server and tunneling, the olpcs are excessively vulnerable and should use tor to offoad school networks rather than risk mim isps. Also the MESH capability needs to be optimized, the dual head radios are not used correctly with the offloading chip and may not need to buffer content through cpu, just headers. Can you explain that? What school server? Can you walk through what you've done? su * disallowed in new terminal (null pw doesn't work) but in the graphical term the new icon top right is Become root Good to know. rest of sequence is fine, mkdir not needed, rpm succeed, not using fwall, please confirm StickFigure operational StickFigure operational? What do you mean by this? appears tor blocked by 802.11 ap .. advise Tor blocked how? You're able to install Tor but you're unable to make circuits? You're behind a NAT and only being a client works? Best, Jacob Appelbaum
Re: How do I volunteer? #6 Improvements on our active browser configuration tester
Rochester TOR Admin wrote: I've been doing some work on a better system to check the privacy of a browser [server side DNS tests, flash tests, etc] and humbly think that I may have some good contributions. Looking at the tor volunteer page http://www.torproject.org/volunteer.html.eni see that #6 is the task of improving the active browser configuration tester and that it was last updated 3/11/08. Is there anyone I can contact to see if my time and skills are a benefit to this task? Sure. If you're discussing Improvements on our active browser configuration tester, we would probably want to start by documenting the false positives and the false negatives. There is currently a very basic test written in perl to query the exitlist.torproject.org DNS server. If you're also interested in discussing the privacy/security of the actual browser configuration: Have you already taken a look at the code from the metasploit team? They've created some DNS, flash, java and javacript attacks that serve as a good starting point for a nice test. This is listed under the header of Testing integration of Tor with web browsers for our end users on the volunteer page. You can shoot an email here on or-talk, to tor-assistants or directly to me.. Regards, Jacob
Re: Child pornography blocking again
Eugen Leitl wrote: On Sat, Jan 26, 2008 at 12:46:46PM -0500, Kraktus wrote: Really, if I'd known my message was going to evoke this sort of response, Really, if you want any other sort of response, DON'T SUGGEST IMPLEMENTING CENSORSHIP HOOKS IN TOR in future. Thanks so much. Agreed. I'd have entitled it 'Directory-distributed variables for exit lists'. It doesn't matter how you call it, it still stinks. Of course suggesting paedophilia in a anonymity forum is the equivalent of Godwin's law. Basically, you lost in the moment you mentioned it. Seriously! Can we drop this already? Send a fully tested and working patch, fork the code base, start a new project or knock it off. HTH, Jacob
Re: Tor meetup in San Francisco this Thursday
Nick Mathewson wrote: Hi, all! I'll be in San Francisco for most of this week, and I thought it would be neat to have a Tor Folks meetup on Thursday, probably in the late afternoon or early evening. Let me know (off-list) if there's any interest, and I'll figure out where -- probably a coffee shop or something. I, as well as others, certainly have an interest. I'd vote for somewhere near the EFF, if the EFF itself isn't an option. -jake
Re: Reducing java leakage in windows
James Muir wrote: Arrakis wrote: It appears that Java attacks for causing external IP data to be leaked can be mitigated to some good degree. The upshot is that you can now run Java applets that even when attempting to phone home directly (revealing your IP), they are routed through the socks port and thus Tor or any other socks speaking application. What we are doing is changing the proxy settings of the Java Control Panel in windows. Some time ago, I conducted several tests that demonstrated that Java Applets have the ability to disregard proxy settings in the Java Control and open direct non-proxied connections. I do not think what you have described will work. I remember these tests. I can't seem to find a copy of the applets you used. Are you willing to publish them? Or point me in the right direction should I want to try implementing them? Regards, Jacob
Re: Soliciting Opinions on xB Browser How To Build doc
Arrakis wrote: Greetings, We've rewritten xB Browser to version 2.0.0.9/10 and are about to introduce some new functionality to it. I thought this would be a lovely time to take a step back and acquiesce to some prior requests for a doc on how to build xB Browser from scratch. I've got some questions, and hopefully you've got some opinions and maybe requests of your own. 1. Given the somewhat complicated layout mechanisms in Mozilla, would you be willing to have instructions that say to the effect Go to View|Toolbar|Customize and drag button xyz to the toolbar where desired or do we demand to see a file-based placement? 2. Given the above, you will get users placing the toolbar items or buttons in slightly different order, or editing a file with an editor that may not have the same /$r/$n EOL functions, thus we will end up with different hashes/sizes from one user to the other, despite them being the same build. Is that acceptable? What is an acceptable alternative if not? I suggest you use an automated build system. Make[0] should do the job. Basically all modern software projects are built with some sort of build system, it's probably a good idea to use something that everyone can acquire and use for free. Regards, Jacob [0] http://www.gnu.org/software/make/
Re: Soliciting Opinions on xB Browser How To Build doc
Arrakis wrote: Jacob, This might be able to work, assuming we figure out if there are any dependencies for win32 Make. Actually, I could probably even have Make curl, verify, and unpack the latest Tor, Firefox, etc. Still doesn't solve all the GUI settings issues, but I guess it is a general step in the right direction. Every successful software project I can think of uses an automated build process of sorts. If you make UI changes, they will eventually find their way into a file. How to modify these things isn't something you'd need to place into an automated build process. It's something you'd want to put into another document. Your default settings are the files left after tweaking things to fit your desires. Build your project in an automated way around files that are already created properly. What you ship is what needs to be automated. This allows someone to take your shipped binary and validate your claims. If you're using subversion, you can easily make a single subversion server that uses external subversion repositories. This means that you can have Tor and other projects automatically pulled for a specific given revision. It should result in something stable without having to specifically release any code from those projects. This is useful because it means that users would be getting the source of those projects from their main distribution points and not you. Make is very useful though it might not fit your needs because of your desire to build the software on windows. However, it seems that you're using lots of software that depends on it for building anyway. Have you considered trying to make this work with cygwin and automating everything in simple terms? Once you have something simple, you can build something more complex. Regards, Jacob
Re: Security concerns/help me understand tor
Kyle Williams wrote: I don't want to post all the results of my research, for fear that truly evil Torrorist would go crazy with this. Let's just say that this could be very, very bad. Trust me, Roger, this isn't something that should be taken lightly. The moment Tor knows it's own external IP, and is operating as an exit node, it should (in code) automatically disallow connections to it's own external IP. Unless someone has a really good reason why you would need access to your external IP address from inside your LAN. I run a few services on the net. I like the idea that if I run a Tor server on the same machine (on the same interface, with the same IP) as my service, people using Tor will prefer my node as their exit node. This allows me to provide services indirectly to the Tor network without very much effort. Smart routing is neato. This is a feature and a pretty neat one at that. BTW, I tried the 'responsible discloser' once already in IRC, remember Roger? So I don't feel bad one bit for talking about this with others. At least I included a temporary solution to the problem. I didn't know about your IRC discussion however, I think you should disclose the results of your research to [EMAIL PROTECTED] I'm sure it would be appreciated and everyone would be keen to hear more about it. Regards, jacob
Re: Security concerns/help me understand tor
Kyle Williams wrote: On Nov 8, 2007 3:54 PM, Jacob Appelbaum [EMAIL PROTECTED] wrote: Kyle Williams wrote: (This requires some changes to the torrc and tor source, so I'd like to add it to the feature request list in case somebody has free time) That would be a hidden service. Tor already does that. What we are talking about is secure defaults for exit nodes. That's a horrible idea. You do NOT want everyone to be able to anonymously fuck with your router's admin page. You don't need to redirect that specific request either. It needs to be dropped. If you want to offer up a website, then use the hidden service feature of Tor. I agree that you don't want someone to mess with my admin page. I don't have an admin page, I have a service. I think that it's a feature that in your presented case has an unintended consequence. It's not as useless as you think. Furthermore, it's *not* a hidden service. Hidden services are often slower than any other Tor network function. You could *also* use a hidden service if you wanted but that's not the same thing. Something useful you could do with the exit enclave: Run a mixmaster server Run Tor with the ability to exit to your mixmaster server Now all people who can use Tor could use mixmaster, even if mixmaster was blocked and without exiting through a node you don't trust. ( Yes, I realize you could possibly exit and use the mixmaster network without this setup. And yes I realize that mixmaster is able to be observed without worry, I think this setup is useful anyway. ) If you want to run a hidden server, such as a web site over a .onion address, then that's fine. If your router is disallowing people to access the admin webpage interface from the Internet, that's probably a good thing. But if running a Tor exit node opens up that admin webpage to the rest of the Tor network, that's not good. At that point, anyone could anonymously try and hack your router. God help you if they do get in, then your really in trouble. Exit enclaves aren't .onions. They're two different things. They're also used differently and with different threat models. Furthermore, one is very reliable and the other isn't always so reliable at times. It's also a known and documented issue. You forgot to address the above comments that you quoted. It has relevance to the next question you did address. Do you also think Tor should automatically block access to all RFC 1918 address space unless otherwise enabled? Why should Tor be so automatic about your specific preferences? How about you not restrict all the RFC 1918 address spaces in your network, tell which exit node you run, and let me have some fun playing inside your network anonymously. I think that's the case right now. Perhaps you could share some of your finding to help people understand your concerns? Regards, Jacob
Re: some civically irresponsible exits?
Scott Bennett wrote: The documentation that comes with tor rather strongly suggests that exit servers should have exit policies rejecting the SMTP port (25). The tor sample torrc includes this rejection as well. This rejection of exits to port 25 would seem to be a Very Good Thing (tm) in light of the rapidly growing waste of Internet bandwidth in the form of massmail. Nevertheless, I decided a few minutes ago to take a peek at reality by playing with the exitlist python script in tor-0.2.0.9-alpha/contrib. Using one of the IP addresses for the system on which I get most of my email, I get: I don't see this as a problem at all. I see it as totally responsible. Some exit node operators allow outgoing port 25. They probably also allow port 6667, port 80, port 443, etc. Any and all of these ports can be abused. Mail admins that want to block Tor from sending possible email to their servers can easily use the TorDNSEL: http://exitlist.torproject.org/ I run that server and if you're in need of help using its features, feel free to write me. Tup wrote the Haskel that's powering it and it's been running fine for months. A mail admin should assign a score based on the results of an exitlist rbl test. Hopefully they won't just throw it away. I hear people use it for the same reasons that people use any other exit port. -Jacob
Re: Firefox IPv6 Anonymity bypass
Arrakis wrote: Greetings and welcome to 2006! 3, Steve Excerpt from How To Create Torpark Step 31. set as follows: noscript.notify.hideDelay = 30 noscript.statusIcon = false network.dns.disableIPv6 = true ; ipv6 addresses fail through tor. network.proxy.socks_remote_dns = true browser.sessionstore.enabled = false browser.sessionhistory.max_entries = 1 network.cookie.lifetime.days = 0 dom.storage.enabled = false dom.max_script_run_time = 60 ;script running time dom.max_chrome_script_run_time = 60; network.proxy.failover_timeout = 0 ;always retry the proxy, never revert. plugin.scan.plid.all = false ;Do not allow plugin scanning. security.xpconnect.plugin.unrestricted = false; do not allow unlimited access to XPConnect layout.css.report_errors = false ;get rid of java console errors network.http.keep-alive.timeout:1000 network.http.max-persistent-connections-per-proxy:16 network.http.pipelining:true network.http.pipelining.maxrequests:8 network.http.proxy.pipelining:true I'm sure you've learned a great deal in the process of building Torpark. Have you ever documented why you've made these choices and explained them to the or-talk lost or Tor Developers privately? I think your contributions would be very valued if you only shared them in a constructive manner. Your message comes across as smug and counter productive. What are you trying to accomplish? With that said, I think your setup is still vulnerable to ipv6 leaks. I think that an attacker would merely have to list an ipv6 address rather than a name. Something along the lines of: img src=http://fe80::123:5667:fe6d:ab10/cookie.img; If you think this to be incorrect, perhaps you could share why? Does Firefox properly proxy ipv6 requests through Tor? Have you tested this? How did you test it? - Jaco
[Fwd: SpyBye 0.3 released]
This may be of interest to some people on this list. Original Message Subject: SpyBye 0.3 released Date: Sat, 9 Jun 2007 22:51:21 -0400 From: Niels Provos [EMAIL PROTECTED] To: [EMAIL PROTECTED] SpyBye 0.3 was released today. A major new feature is that SpyBye can be used as a regular web proxy, for regular web browsing. SpyBye still analyzes all content automatically, but it happens in the background. Whenever, dangerous content is encountered, a warning notification is shown in your browser that links to an in-depth analysis of the web page. Proxy mode allows web masters to quickly browse over their sites to detect malicious content, but it also allows users to protect their systems by using SpyBye as their proxy. The number of warning notifications encountered by normal browsing may come as a surprise. You can find the blog entry at http://www.spybye.org/ and source code for download at http://www.monkey.org/~provos/spybye/ Let me know if you have any feedback. Regards, Niels Provos.
Re: Next news from Germany
Eugen Leitl wrote: On Tue, Jul 10, 2007 at 06:22:48PM +0300, Jacob Appelbaum wrote: It seems that way. I run more than one node in Germany and I don't have Which Bundesland? Don't try this in Bavaria... As I understand it, Frankfurt and Berlin are nice places to run a server or two. a problem. It's a sad state of affairs that people are being forced to shut down their nodes. I'm sorry the police are questioning you, I do hope that they'll eventually understand that they have nothing to gain by doing this. Of course they have plenty to win. No Tor exit nodes in Germany -- no problem. They can't win that battle. Tor is already adapting to stop blocking and this has an added benefit, it makes a great deal more nodes to seize. Then, iterate across the world. I'd like to make a comment about living in a free country but I've yet to really find one. I have some protection under the law but I realize that it's only as good as my ability to pay for lawyers. And/or make anonymizing services illegal, so only criminals have anonymity. This sounds like you need to ensure your government doesn't take this route. Or find a strong economic case for anonymous communication. And there's a very good chance this is going to work. I want to doubt you but I think it's possible. A serious crackdown could happen to a specific piece of software or protocol. It happened in Japan with Winny, right? I think that Tor is different but only time will tell. Regards, Jacob
Re: Problem downloading new Torpark
Ringo Kamens wrote: Can somebody provide a sha1/magnet or ed2k hash so people can download it in censored countries from p2p? On 2/5/07, Eugen Leitl [EMAIL PROTECTED] wrote: On Mon, Feb 05, 2007 at 11:48:44AM +0800, Kevin Smith wrote: Downloading Torpark from China has redirected to Google since at least early December 2006: I don't know why the author decided to centralize the distribution. Now might be a good time to chime in with yet another request: How about asking the author to GPG/PGP sign the binary release? If people are looking for this software on a p2p network, they're asking for trouble.
Re: Block directory authorities, is it possible?
Kevin Smith wrote: I have never heard that the Tor website http://tor.eff.org/ has been blocked in China, nor any URLs under that website. It is currently not blocked by my ISP in Beijing, nor was it blocked by my ISP in Shandong province when I lived there. I was, however, referring to the Tor service itself, not the website, though I did not make that clear. The psiphon website, on the other hand, http://psiphon.civisec.org/ has been blocked, at least by my ISP in Beijing, but the psiphon service has not been [...] I think it is very interesting in and of itself that the main Tor website http://tor.eff.org/ has not been blocked. Perhaps it's the Great Firewall's way of saying, We are knowingly allowing this backdoor. It's funny. Looking at the codebase for both, it would almost seem this should be the other way around. I wonder if it's just an oversight that tor.eff.org hasn't been blocked in your case? How does the blocking with your ISP work? Do you get a generic reject page telling you the service is blocked? Do you get TCP resets? Regards, Jacob Appelbaum
Practical onion hacking: finding the real address of Tor clients
Hi *, Fortconsult wrote this and it may be of some interest to people on this list: http://www.packetstormsecurity.org/0610-advisories/Practical_Onion_Hacking.pdf And then of course there is this: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#TotallyAnonymous Regards, Jacob
Re: Tor-compatible secure email systems
coderman wrote: On 10/12/06, Total Privacy [EMAIL PROTECTED] wrote: ... Using PGP or similar to make an encrypted file (txt or word or something). Then attach it to an ordinary webmail upload function, to send it over to the recipient that alreday are informed of my public key (and who´s key I have). All this whitout any need for Thunderbird or anything in computer. something like freenigma? http://www.freenigma.com/ you have to trust them with your keys, but at least provides some protection for the scenario you describe. Why would you trust the freenigma people with your secret keys? This article by Ben Laurie sorta sums it up nicely: Oh dear. So freenigma can decrypt my mails (and anyone else they care to give the session key to). What’s more, it looks like they have your private key, too, so they can impersonate you. They don’t say how you decrypt, but I presume the story will be described with the same disingenuousness: no, you don’t send your encrypted mail to the server, just send us the encrypted session key and we’ll decrypt that for you. How comforting. Not. http://www.links.org/?p=130 (google cache: http://72.14.253.104/search?q=cache:33Eoh50ZCQ8J:www.links.org/%3Fp%3D130+http://www.links.org/%3Fp%3D130hl=engl=usct=clnkcd=1client=safari ) It would be ideal to use something like this when it's available: http://www.shmoo.com/soc/gpgreasemonkey.html Regards, Jacob
Re: hidden services spoof
Arrakistor wrote: Nick, Yes but the sig is only as good as the person you trust. That is why I haven't released Torpark 2.0b2 with 0.1.2.1-a, I simply don't have a trusted binary. I don't think they yet have a pgp plugin for NSIS language yet. I'll see what else can be done for verifying sigs. You're not going to get a better way to validate trust than a pgp signature. If you don't trust the tor signing release keys, you shouldn't trust the code they're signing. Some random .onion address given over a mailing list isn't a secure way to verify anything. Someone can compromise the server on the other end of the .onion address. It sounds like you're building an automatic updater for your system. I suspect that you should be very careful as you're introducing a method for automatically downloading binaries and potentially running untrusted code. You need to verify the pgp signature of builds just as you would source code before building. At the cost of repeating what Nick said, you're verifying pgp signatures already already, right? Something, Jacob Appelbaum
Re: Earthlink's broken DNS affecting Tor nodes?
Matt Ghali wrote: On Mon, 4 Sep 2006, numE wrote: Maybe http://www.orsn.net/ would be even better than opendns. OpenDns is commercial... orsn not. IIRC, OpenDNS does the same sort of Lie on NXDOMAIN foolishness that Earthlink has started doing, which is what the original poster was trying to escape. Doesn't ORSN use an alternate-root scheme where there's no real guarantee you're getting the same answers anyone using the one true root would get? I might be conflating my alternate-root quacks here, but I seem to recall their root delegations differ from the real ones. (Disclaimer, I work for OpenDNS.) If you're using OpenDNS, you disable all that stuff when you visit the preference page: http://www.opendns.com/prefs/ If you do that you'll get zero unexpected recursive dns behavior. Regards, Jacob Appelbaum
