Re: Scroogle and Tor

[Jim]

scroo...@lavabit.com wrote:

I've been fighting two different Tor users for a week. Each is
apparently having a good time trying to see how quickly they
can get results from Scroogle searches via Tor exit nodes. 
[snip]


As the person who (recently) raised the question about the availability 
of Scroogle via Tor, I want to thank you both for running Scroogle and 
for coming on this list to explain what happened.  I also apologize to 
the list for not mentioning that Scroogle is once again available via 
Tor.  (I discovered that and meant to publish that fact aprox. 24 hours 
ago.)


You are obviously much more knowledgable about network issues than I am 
so I will leave it to others to advise you about possible mitigations 
for your problems.  It is a real shame about the script kiddies, but 
such is the world we live in.


Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Can't Contact Scroogle

[Jim]

I currently cannot reach https://ssl.scroogle.org:443/ via Tor.  I can 
reach it going directly to the Internet.  In the past Scroogle has 
seemed tor-friendly.  Is anybody else having this problem?


Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Design Change Causing More Traffic?

[Jim]

and...@torproject.org wrote:

On Mon, Feb 07, 2011 at 09:51:57PM -0700, jimmy...@copper.net wrote 0.6K bytes 
in 11 lines about:
: I am on dialup and so I am very sensitive to the amount of traffic
: overhead in the operation of Tor.  Lately that seems to have increased
: significantly.  Assuming I am not just imagining it (I have no objective
: measurements to back this up) is this just because of the build-out of
: the network or has then there been a design change that would cause this?

Which version of tor?


Apologies for not including that.

I am running Tor 0.2.1.29 compiled from source.

Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Design Change Causing More Traffic?

[Jim]

I am on dialup and so I am very sensitive to the amount of traffic
overhead in the operation of Tor.  Lately that seems to have increased
significantly.  Assuming I am not just imagining it (I have no objective
measurements to back this up) is this just because of the build-out of
the network or has then there been a design change that would cause this?

Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor exits in .edu space

[Jim]

Andrew Lewman wrote:
 We're trying to figure this out ourselves.  I've personally been the
 introduction point between exit relay operators and a lawyer in their
 country to help them when something goes wrong.  ...

 [snip]]

 I am always impressed that 95% of those accused of something due to
 their exit node fight harder to keep running a Tor exit node.  It's
 people like this that help keep your liberties around the world.  Once
 again, thank you.

And thank you, Andrew, for all the ways you support these people.

Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: System time in anonymity oriented LiveCDs

[Jim]

thomas.hluch...@netcologne.de wrote:
 Without understanding details of the tor design, did you mention that
 tor knows the real time? So why dont you let tor set the right
 time. There could be a torrc setting like when connecting to tor
 set system time according what tor says. This would enforce to
 run tor as root, not as unprivileged user, but this is a Live
 system, so this might be no problem(?).
 
 Would this be a nice tor extension to help the LiveCD users?

Presumably some people will be running live CDs (or USBs) on systems
where they don't have the necessary privilege to set the system time.
To address these situations, what might be more useful is to be able to
tell Tor to offset the system clock by a given amount to get the real
time.  Possbily in connection with this there could be a setting which
would cause Tor to automically determine this offset at initialization.

Cheers,
Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: System time in anonymity oriented LiveCDs

[Jim]

Jim wrote:


thomas.hluch...@netcologne.de wrote:

Without understanding details of the tor design, did you mention that
tor knows the real time? So why dont you let tor set the right
time. There could be a torrc setting like when connecting to tor
set system time according what tor says. This would enforce to
run tor as root, not as unprivileged user, but this is a Live
system, so this might be no problem(?).

Would this be a nice tor extension to help the LiveCD users?


Presumably some people will be running live CDs (or USBs) on systems
where they don't have the necessary privilege to set the system time.
To address these situations, what might be more useful is to be able to
tell Tor to offset the system clock by a given amount to get the real
time.  Possbily in connection with this there could be a setting which
would cause Tor to automically determine this offset at initialization.


Oops.  Sorry about responding to my own post, but I just realized that 
the lack of permission problem I mentioned would pertain to running 
something like a Tor bundle from a USB stick on a public computer rather 
 than a running a Live CD/USB.  But I still think my proposal might be 
useful for that situation.


Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: System time in anonymity oriented LiveCDs

[Jim]

Jim wrote:


thomas.hluch...@netcologne.de wrote:

Without understanding details of the tor design, did you mention that
tor knows the real time? So why dont you let tor set the right
time. There could be a torrc setting like when connecting to tor
set system time according what tor says. This would enforce to
run tor as root, not as unprivileged user, but this is a Live
system, so this might be no problem(?).

Would this be a nice tor extension to help the LiveCD users?


Presumably some people will be running live CDs (or USBs) on systems
where they don't have the necessary privilege to set the system time.
To address these situations, what might be more useful is to be able to
tell Tor to offset the system clock by a given amount to get the real
time.  Possbily in connection with this there could be a setting which
would cause Tor to automically determine this offset at initialization.


Oops.  Sorry about responding to my own post, but I just realized that 
the lack of permission problem I mentioned would pertain to running 
something like a Tor bundle from a USB stick on a public computer rather 
 than a running a Live CD/USB.  But I still think my proposal might be 
useful for that situation.


Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Very low performance in CriptolabTORRelays*

[Jim]

Daniel Franganillo wrote:


Hi,
still no luck with our bandwidth problems. I even tried to set up a tor 
relay under windows (to discard a linux problem) and it does not work.
Also, if I setup an https server at 9001 or 9030 and download a file 
from there it works fine.

Can you help me to gather some clues on how our School is filtering Tor?
I need that information so i can fill a request to stop Tor filtering.
Thanks.
PD: Will it help if I pastebin a debug log?


Hi Daniel,

I am surprised that nobody on this list that is more knowledgeable than 
I has responded to your request.


I am certainly no expert here, but based both on what has been posted on 
this list previously and the TLS entries that ended up in your debug 
log, I would have to wonder if your problem doesn't have to do with an 
incompatibilty between the version of Tor you are using and the version 
of SSL you are using rather than being a problem with your school's 
filtering Tor.  I did not respond sooner in part because, based on my 
(admittedly limited) understanding of these issues, I did not see a 
conflict between what you posted you were using, based on recent other 
posts about this.  Still there have been recent (say the last 6 months 
or so) issues between Tor and SSL.  I can only hope that either you can 
research this some yourself or somebody else with more knowledge about 
this will post.


Good luck!

Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Debian/Ubuntu tor users, please check for core files

[Jim McClanahan]

Jan Weiher wrote:

Hi,
no core files on my Ubuntu 8.04 relay.

regards,
Jan


Has anybody checked to see whether the Tor instances running on Ubuntu 
have the ability to leave core files?  I've never delved into the 
details, but I know on older versions of Ubuntu, running ulimit in a 
shell showed the maximum core file size set to 0.


Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Congrats on Torservers Bandwidth

[Jim]

It's been a while since I looked at http://us1.torservers.net/

Congratulations to Moritz for getting the throughput back above 30MB/s!
Nice!

Cheers
Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: AdvTor

[Jim]

Anon Mus wrote:

These were added because, as I already said, they were repeatedly (5+ 
times on 5 different circuits)  unable to resolve DNS and so failed 
page access,. this is a standard privoxy message.


FYI, when you get that Privoxy message while using Tor (or any other 
downstream proxy) it just means that Tor was unable to retrieve the 
page.  Privoxy has no way of knowing whether this was because of a DNS 
failure or some other reason.  (If Privoxy is the final proxy then it 
knows whether the problem is DNS or not.  They should probably use a 
different failure message when Privoxy passes the request onto another 
proxy.)


Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: BetterPrivacy - necessary?

[Jim]

grarpamp wrote:

As usual, it would be awesome to have a tool that could de and re
encapsulate https so that proxies and caches could do their thing with it.


I am very far from an expert in these matters, but it would seem to me 
that the ability to do so without the explicit cooperation of the 
browser (or other client) would indicate that your attempt at end-to-end 
encryption was hopelessly broken.  If you could de/re-encapsulate then 
so could any other man-in-the-middle, and you would never be the wiser.


But I do understand the usefulness of what you suggest.  The only way I 
can see of doing it that had any possibility of being secure would be if 
A) your proxy/cache handled the real end-to-end 
encryption/authentication with the website, and B) there was a plugin 
(or built-in functionality) on the browser that maintained a secure AND 
AUTHENTICATED connection with the proxy/cache.  I.e. the browser would 
have to be aware of what was going on and would suspend its verification 
of the website's certificate while insisting that it authenticate that 
it was talking to the approved proxy/cache which is tasked with the 
secure communication to the website. If the proxy/cache detected a 
problem with the website's certificate, then it would have to have a way 
of signalling this, perhaps just by serving up its own page with the 
relevant information.


That's the best I can come up with.  Comments?

Jim



***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Privoxy doesn't start on booting

[Jim]

James Brown wrote:

OS - Ubuntu 9.10 on a laptop
Privoxy version 3.0.13
Tor version 0.2.1.26

I have installed tor and privoxy and now I have the next problem.
When I boot my system privoxy does not start as daemon and I need to
start it manually (/etc/init.d/privoxy start).
I have files with privoxy skripts in my /etc/rc1.d - /etc/rc5.d (named
K20privoxy), I can see through sysv-rc-conf that it must start on 1
level but it doesn't.


I am not sure how startd (what Ubuntu uses for process 1) might interact 
with this, but on traditional SysV systems, the services you want to run 
in a particular runlevel should start with S (for start) rather than 
than K (for kill = stop).


Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Google and Tor.

[Jim]

Gregory Maxwell wrote:
 On Wed, Aug 25, 2010 at 11:31 AM, Matthew pump...@cotse.net wrote:
 People are running automated datamining queries _via tor_ in order to
 gain control of more IPs and avoid being blocked.

 I think it would be nice if captchas and blocking weren't the only
 anti-DOS/anti-abuse mechanisms used on the web today, but this is the
 world we live in.

While I usually use scroogle or ixquick, on occasion I do a google
query.  Sometimes it works, frequently it is blocked.  When they give me
a captcha, I've learned to just give up right then (or maybe try with a
new exit node).  I have never had a successful result with a Google
captcha ... it just keeps giving me new ones.  So while your explanation
for blocking makes sense, it doesn't explain why they don't fix their
capthca.  (Maybe it's tied to cookies, but I'm not going to allow google
cookies for that one instance only to disable them again.)

I realize there is nothing anybody on this list can do (unless a Google
employee subscribes to the list).  I'm just venting ...

Cheers,
Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Bigger Thinking [was: Tor Project 2008 Tax Return]

[Jim]

Roger Dingledine wrote:

On Sat, Aug 21, 2010 at 10:53:48PM -0600, Jim wrote:
I connect to the Internet with dialup.  I have been successfully using  
Tor clients for 4+ years.  One of the issues with using Tor over a slow  
connection is the amount of time it takes to update the information  
about the network when Tor is first started after having been off-line  
for a while.  Depending on connection speed and how long the client has  
been off-line, this typically takes about 3 to 10 minutes.  Perhaps a  
bit longer.  My experience is that during this time the connection is  
pretty much useless for any other purpose.


Yep.

While inconvenient, this situation is certainly manageable.  My concern  
has been what happens as the Tor network grows.  At some point the delay  
would start being a serious problem.


Here's some reading:

https://blog.torproject.org/blog/overhead-directory-info%3A-past%2C-present%2C-future

We haven't gotten the microdescriptor out in practice yet, but
it's on its way:
https://trac.torproject.org/projects/tor/ticket/1748


That's good to know.  Thanks for the links.

Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Bigger Thinking [was: Tor Project 2008 Tax Return]

[Jim]

Mike Perry wrote:

Actually there are several large-userbase companies that want to
include Tor by default in their product, either as a client, a relay,
or a bridge.  Unfortunately, the only answer we have for them in the
immediate term is For the love of goddess don't do that, you'll
destroy Tor. 


Our immediate concern is making it possible to support at least a
fraction of one of these userbases in either the relay or the bridge
roll. The relay role will require a significant update to Tor's
directory mechanisms, and we are trying to drive academic research
forward in these areas.  ...


This might be a good time to bring up a concern that has been on my mind 
for a while.  I don't know if this is one of the concerns that has 
already been identified when thinking about a much larger relay pool.


I connect to the Internet with dialup.  I have been successfully using 
Tor clients for 4+ years.  One of the issues with using Tor over a slow 
connection is the amount of time it takes to update the information 
about the network when Tor is first started after having been off-line 
for a while.  Depending on connection speed and how long the client has 
been off-line, this typically takes about 3 to 10 minutes.  Perhaps a 
bit longer.  My experience is that during this time the connection is 
pretty much useless for any other purpose.


While inconvenient, this situation is certainly manageable.  My concern 
has been what happens as the Tor network grows.  At some point the delay 
would start being a serious problem.  So as you think about how to 
change the directory mechanisms to handle a significantly larger number 
of relays I request that you also think about changing how this 
information is distributed to clients.  Perhaps with a much larger Tor 
network, each client doesn't actually have to know about all of the 
nodes but can make do with a reasonably sized sampling.  Or maybe 
there is a way to spread out over time the increased amount of 
information available.


I can imagine that a solution to the problems a slow connection has 
might not be acceptable for relays.  As such, maybe there could be a 
slow connection option in torrc that would not be used by relays.


Thanks for giving consideration to this issue.

Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Bigger Thinking [was: Tor Project 2008 Tax Return]

[Jim]

Curious Kid wrote:
 And what about Microsoft?

snip

 at least $20M a year. Why would they even consider doing this? To be a good 
 corporate citizen, to better protect the anonymity of their users, to do 
 their 
 part to fight the good fight for freedom of speech, and to possibly give 
 them a 
 chance to one-up Google for once.
 
 Possibly the fact that they are our enemies and want to end online anonymity.
 
 
 Microsoft Exec Calls For 'Driver's License For The Internet'
 
 http://techdirt.com/articles/20100204/1925188060.shtml

Plus, would you trust Microsoft's (binary only, no doubt) implimentation
of Tor?  I wouldn't

(Yes, I realize that even running a known, good instance of Tor on a
proprietary system can result in that instance of Tor being subverted.)

Cheers,
Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor notice

[Jim]

and...@torproject.org wrote:

On Mon, Aug 09, 2010 at 09:48:24PM +0200, spacem...@gmail.com wrote 0.4K bytes 
in 9 lines about:
: why in every Tor version (a/b/stable) there is Do not rely on it for
: strong anonymity? If not Tor, what should we use for strong
: anonymity? excluding Freenet and cryptography apps.



Many other tools simply state they are anonymous, without mentioning any
of the RD on current anonymity attacks, their success probabilities,
and design flaws. If you're interested in learning more about the
current state of the field of anonymity in research, start here;
http://freehaven.net/anonbib/full/topic.html


Would it make sense to add that link, or some other link, to the message 
  Tor prints out so the casual user can get some idea of what the 
message means?


Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: A suggestion to TOR [a proxy server]

[Jim]

emigrant wrote:


and i think, this can be a step towards the increasing trend of cloud
computing, if i have correctly understood what is cloud computing. :D


I guess this is off-topic, but some of us don't think moving toward 
cloud computing is necessarily a good thing.  Since this is OT, I'll 
leave it at that.


Cheers,
Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: gwget and tor?

[Jim]

Scott Bennett wrote:

 On Wed, 26 May 2010 09:40:29 -0400 Aplin, Justin M jmap...@ufl.edu
wrote:
I don't know about gwget, but plain wget supports http proxies, which 
you can point at Polipo. If you're only going to need to do this every 
once in a while, I'd pop open a terminal and do the following:
HTTP_PROXY=127.0.0.1:8118  HTTPS_PROXY=127.0.0.1:8118  
FTP_PROXY=127.0.0.1:8118

export HTTP_PROXY  export HTTPS_PROXY  export FTP_PROXY
wget your://url.to/download.here


 Once again, I strongly recommend that you set the *_proxy environment
variables to full URLs rather than to the abbreviated forms you've shown
above.  See fetch(3) in the man pages for details.


Hi Scott,

This is the second time I've seen you reference the fetch(3) man page,
so I thought maybe I should post.  I believe you run one of the BSDs.
Just FYI, I cannot find a fetch man page on my Linux systems.  I know
that several years ago when I was proxying Lynx I looked up this
information /somewhere/.  I thought it was in some man page but I cannot
find it now.  Maybe I pulled the info off the web? scratches head

Cheers,
Jim



***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Answer by perfect-privacy.com Re: perfect-privacy.com, Family specifications, etc.

[Jim]

Roger Dingledine wrote:

On Mon, May 17, 2010 at 09:44:21PM +0200, Moritz Bartl wrote:

 Original Message 
Subject: Re: - Medium - Tor servers, Tor community wants to disable your
nodes - General
Date: Mon, 17 May 2010 13:46:04 +0200
From: Perfect Privacy Administration ad...@perfect-privacy.com
Organization: PP Internet Services

[snip]

A proposal to the TOR developers:  I don't know if it's technically
possible, but maybe one could introduce a BelongingToFamily entry or a
similarly named command in future versions of TOR which could work as
such, as that every server which contains the same BelongingToFamily
entry (e.g. BelongingToFamily xyz) belongs to the family xyz.

That way one wouldn't have to enumerate all server names in the
MyFamily section of each and every individual torrc file what causes
an enormous effort if one adds a lot of servers (and donates a lot of
traffic) to the Tor network.  As mentioned, we currently would have to
edit 45+ torrc files on 45+ TOR servers whenever a server is added or
removed, and the number of our servers is constantly increasing.


The trouble here is that if we make family declarations one-sided, then
I can tell everybody that I'm in blutmagie's family (and X's family and
Y's family and Z's family and ...), and suddenly I'm influencing the
path selection of other clients in a way I shouldn't be able to.

We need to have each set of relays in a family declare the others,
or it's open to attacks like this.


In situations like Perfect Privacy's where there are a significant
number of nodes that are dynamically changing. which all need to be in
one family, the basic proposal seems useful enough that I wonder if it
can be rehabilitated to take care of the concerns Roger just expressed.
So let me just float an idea here that maybe others can
flesh-out/simplify/correct ...

What if families could be declared by giving them a name (say XYZ123)
and publishing a public key for them.  Then to add a node to the family,
the server operator would issue a BelongToFamily XYZ123 declaration that
is somehow signed by the corresponding private key.  If the details can
be worked out correctly, then only the person/organization with access
to the private key can add servers to that family. I think  that would
take care of Roger' concern about relay operators adding their server to
others' families.  If this is too much information to reasonably contain
in a torrc file, then perhaps it could be included in a separate file.
Either one the Tor client automatically looks for or one referenced in
torrc.

Does anything like that seem viable?  Maybe the developers can comment
about the doability and whether it addresses all of the security
concerns?And maybe Perfect Privacy can somehow be pulled into the
conversation to see if such a thing would be useful for people in their
situation.

Jim


P.S.  The above was written while off-line.  After seeing the newer 
posts, I realize my proposal might essentially be the same as 
The23rdRaccoon's.  I am not sure.  But I don't remember seeing anything 
about using a signature to limit who could add themselves to a family in 
Bruce's original proposal.

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Reducing relays = reducing anonymity ? Tortunnel.

[Jim]

Sebastian Hahn wrote:

Hi Niklas,

On May 19, 2010, at 6:06 PM, Attac Heidenheim wrote:
Is tortunnel evil since it maybe hacks Tor-cirucits to reduce the  
number

of relays ?


Yes, unfortunately quite a few people use it.
It hurts the network by endangering exit node operators, and
by completely ignoring any of the load balancing that happens
in normal Tor.


Just wondering if anybody from the Tor Project has contacted the author 
to express the concerns with tortunnel.  Particularly about it being 
detrimental to the Tor network.


Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: [GSoC] Improving Snakes on a Tor

[Jim]

Anders Andersson wrote:

The way
to do better at that one is to teach users and service providers about
end-to-end authentication and encryption.

From what I've seen I don't think there is any realistic hope for any
significant number of web pages to be served with end-to-end encryption (not
sure what your reference is to end-to-end authentication) in the foreseeable
future.

Jim


I take it that you don't consider HTTPS to be end-to-end encryption
then? Because I don't see why it would be unlikely for at least
sensitive websites to switch to HTTPS.


Of course HTTPS is end-to-end encryption!  And, of course, it is already 
used some.  We apparently have different assements of what the future 
holds and how quickly.  Time will tell ...


Cheers,
Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Using tor as proxy for the command line

[Jim]

Scott Bennett wrote:

 On Thu, 06 May 2010 11:05:17 +0200 Jacob Appelbaum ja...@appelbaum.net
wrote:



% cat tor-wget
#!/bin/bash -x
export http_proxy=3D127.0.0.1:8118
export https_proxy=3D127.0.0.1:8118
wget -U   $@
EOF


 I would recommend using the full form in each of those above.  There
are apparently a few cases where the abbreviated form you show here will
not work.


Could you elaborate on what you mean by full form and abbreviated 
form please?


Thanks.

Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Firefox configurations for tor with Mac ppc

[Jim]

zzzjethro...@email2me.net wrote:

 Here are a few configs (firefox-windows vs. mac), that are different and
 I'm wondering if I should change them?

snip

 network.proxy.http 127.0.0.1  my mac is localhost
 network.proxy.socks 127.0.0.1 my mac is local host
 network.proxy 127.0.0.1  my mac is localhost

Hi,

I'll let others respond to other configuration differences, but for what
is listed above, you should know that localhost and 127.0.0.1 are two
different ways of referring to the same thing.  (It is an IP address
that allows different programs on your computer to talk to each other
using Internet Protocol.)  So what you've listed above is not really a
difference, so there is no need to change those.  (I am assuming you
simply made a typo on the second line and on your computer localhost
actually is one word.)

Also, would you be so kind in future posts to put your responses *below*
what you are responding to, like I have done in this email and like most
posts you see on this list?  It really does make reading the posts
*much* easier. (As such, it probably also increases the chance that
somebody will reply.)  -- Thanks.

Jim





***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: How does TOR deal with mac addresses

[Jim]

Faraaz Damji wrote:

On 10-03-27 8:03 PM, Simon Ruderich wrote:

On Sat, Mar 27, 2010 at 08:00:44PM +0530, emigrant wrote:

On Fri, 2010-03-26 at 19:48 +0100, Marco Predicatori wrote:

If you use Tor correctly, he can't figure out what site you
are connecting to, and that's the whole point.

thanks for the reply,
what do you mean by using Tor correctly?

If Tor is not correctly used you can still leak information
regarding your identity. See this link on the main Tor page:
https://www.torproject.org/download.html.en#Warning


Since he in Marco's original post referred to the client's ISP, just 
to clarify, your ISP can't even see leaked data sent through Tor.  It 
would be encrypted before being sent through the Tor network.


I believe what you say is technically true but potentially misleading. 
The operative phrase in your statement is 'leaked' data sent through 
Tor.  Yet much of the potential for leaked data that is warned about in 
that link is *not* sent through Tor (as I understand it).  This is (part 
of) the hazard of using things like Flash, Java, PDF plugins, etc.  To 
the extent these extensions bypass Tor, then the ISP *will* be able to 
see the leaked data.


As always, if I misunderstand, I am willing to learn ...

Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor Browser Bundle for GNU/Linux 1.0.0 Released

[Jim]

Erinn Clark wrote:

https://blog.torproject.org/blog/tor-browser-bundle-gnulinux

Tor Browser Bundle for GNU/Linux is now available for x86 and x86_64
architectures in 12 languages.

The Tor Browser Bundle lets you use Tor without needing to install any
software. It can run off a USB flash drive, comes with a pre-configured web
browser and is self-contained.

You can download it from the Tor Browser page which also has instructions about
how to extract and use it. http://www.torproject.org/torbrowser/


Hi,

Thanks for doing this.

The  fingerprints for your your signing keys seem to be missing from the 
verifying signatures page:


https://www.torproject.org/verifying-signatures

Also, on a minor housekeeping note, the link for how to verify package 
signatures on http://www.torproject.org/torbrowser/ points to an old 
page with a message that the page has moved.


Thanks again,

Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Firefox woes with .onion and proxies

[Jim]

Stephen Carpenter wrote:

: Now, I put in my onion address and firefox dutifully adds a www.
: before it, and immediately times out.


This is a bit of a guess (so make sure you remember how to revert!), but 
in about:config try setting browser.fixup.alternate.enabled to false.  I 
believe that is how you turn off the browser attempting a prefix of www. 
and/or a suffix of .com if it doesn't think the URL you entered is correct.


Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor Project infrastructure updates in response to security breach

[Jim]

Mike Perry wrote:

Just as in the Tor repo, I gpg sign the Torbutton git tags. I also gpg
sign .xpis, but have been sloppy about posting them publicly.


snip


For now, I think the right answer is Fetch it over SSL or Check the
git/gpg sig.


Could you make a point of publicly posting the .xpi gpg signatures along 
with the .xpis?  I have never liked the method of downloading the 
extensions via the browser and installing all in one step.  I prefer to 
download the extension, convince myself it is authentic (such as gpg), 
possibly install it locally in a test accound, and finally install it 
locally in the account(s) where I intend to use it.  At present, the 
missing ingredient in being able to do that is not having a signature to 
verify against.


So I'd much appreciate being able to get the signature w/o having to 
figure out git.  Particularly if that signature has already been created.


Thanks,
Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Why governments fund TOR?

[Jim]

arshad wrote:
 hi all,
 forgive me for my ignorance.
 may i know why governmetns fund TOR. i read 49% funds coming from
 government. TOR is usually considered for passing government restriction
 by journalists and activists. so why should governments fund this?

I can't speak for all governments but it might be relevant to point out
 that onion routing started (as I understand it -- anybody, feel free to
correct) as a project of the U.S. Navy and was used by the various
branches of the U.S armed forces to use the Internet anonymously.
Trouble was, that although their targets could not tell *exactly* who
was visiting their website, they could tell it was U.S. military.  So,
as I understand it, they released the technology so they could hide
among the civilians.

Even within a particular govt you can have conflicting goals.  Part may
wish to prevent its citizens from being anonymous while another part may
find it useful to use civilians for cover.

Just my speculation ...

Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Vidalia Bundle and RSS in Thunderbird 3.0

[Jim]

Programmer In Training wrote:
 I've been testing some time out changes in FF to see if there is any
 difference. So far I haven't seen any but I've yet to fully put it to
 the test (I'm having problems with pages not fully loading, mainly on
 techrepublic.com.com)

I've sometimes wondered if some websites were terminating connections
themselves wen the connection took too long.  Of course, that would be
the connection itself rather than setting up a circuit since the website
wouldn't know about that.

Jim
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Privoxy and Polipo

[Jim]

arshad wrote:

hi all,
what is the difference in using privoxy and polipo?
im in ubuntu and have used both. and privoxy seems unable to render
all .gifs file. it shows part of the gif or in some cases won't show the
animation.


Privoxy has the ability to deanimate gifs.  Check your Privoxy 
configuration.


The Look up which actions apply to a URL and why link in Privoxy's web 
interface may be useful to you.


Cheers,
Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: TOR and ISP

[Jim]

Scott Bennett wrote:

 The key here is that the ISPs not only cannot detect encrypted URLs,
they cannot detect what the user is doing, not even whether the user is
trying to connect to a port or is simply transmitting packets over an already
open connection or is closing a connection.  They cannot detect the
destination address or port number.


Perhaps you meant when /using Tor/ the ISP cannot detect the destination
address or port number?  (I read your email several times and did not
detect this meaning.)  Surely on a generic encrypted connection the ISP
can determine the destination of the connection.  (For a Tor user, that
would be the the IP address of the entry guard.)

Cheers,
Jim



***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Firefox and Tor? Forget about it!!

[Jim]

--- n...@safe-mail.net wrote:

  Please tell me what you think of all of this and whether or not this
  is  a proper direction to go on or if Dillo's audience is limited and
  doesn't receive enough testing to warrant switching to Dillo.

The last I knew Dillo did not support Java Script and had no plans to do so.  
You can argue that that is a good thing, but it will break a number of 
websites.  It is also possible I am completely out of date and they have 
changed their minds about Java Script.

You should also think about the user agent string.  I suspect Dillo's might 
stand out a bit.  Unless it is in more common use than I thought.

Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Talking w/local service CEOs [LJ, goog...]

[Jim]

--- jbrownfi...@gmail.com wrote:

 And what can you tell about blocking the Tor-access to the mail
 accounts of the Yahoo?

Yahoo does not block access.  However you will frequently get an error 999.  
You can get around this by using their CAPTCHA based login.  Do realize that 
while the login is https, the mail viewing/sending is not.  So malicious exit 
nodes will be able to view all of the email you view/send.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor: Scroogle blocked, Google not ? (November 2009)

[Jim]

Gitano wrote:
 Jim wrote:
 
 The past few days I've noticed that all http requests to
 https://ssl.scroogle.org have invariably failed.

snip

 About a year ago I stopped being able access to Scroogle via Tor.  After
 half a day or so of such failure I sent the operator an email about it.
  I never received a reply, but it started working again.

 I just sent the operator another email some hours ago.  I'm hoping for
 the best ...
 
 Thanks - now 'ssl.scroogle.org' is reachable over Tor again!

It turns out I had nothing to do with it.  My email bounced! :-)

But I am glad it is working again.

Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor: Scroogle blocked, Google not ? (November 2009)

[Jim]

dreamcat four wrote:

Hi,

The past few days I've noticed that all http requests to
https://ssl.scroogle.org have invariably failed. This appeared as a
DNS failure. After switching over to the regular http (non-ssl)
version of scroogle, I found that was generally working for another
couple of days then that went away too with the same can't resolve
host / No such domain. Anyone else also experienced this?


About a year ago I stopped being able access to Scroogle via Tor.  After 
half a day or so of such failure I sent the operator an email about it. 
 I never received a reply, but it started working again.


I just sent the operator another email some hours ago.  I'm hoping for 
the best ...




And google. Nearly as strange have been my experience google lately.
The reason I started using Scroogle a while back was simply because
google had been blocking Tor exit nodes from performing searches. But
just today my first 2 searches worked. By prior experience this is
very uncommon. The first search had accepted cookies, the second
search cookies were disabled and it still worked just fine. Maybe
simply a coincidence and/or blind luck? Again, can anyone confirm /
deny?


Some months back, by accident, I discovered Google working via Tor for 
me.  After subsequent tries I decided it occasionally worked, but not 
often enough to make trying it worth my while.  (BTW, my 
impression/assumption was that Google was not *explicitly* blocking Tor, 
but that it depended on what was hitting Google from the particular exit 
node I happened to be using.)


AFAIK, the only thing cookies would be good for (other than spying) 
would (possibly) be if you were using their CAPTCHA.  And I've never had 
their CAPTCHA let me through (via Tor), so I stopped trying.


Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Reduce hops when privacy level allows to save Tor network bandwidth

[Jim]

Tim Wilde wrote:

On 11/18/2009 4:17 AM, Jim wrote:

Google was actually the motivating factor in causing me to get serious
about overcoming whatever problem I had when I first tried to use Tor.
Although my concern at the time was more the ubiquity of
google-analytics.  But still concerned about using their search engine.
 My problem was that (for quite a while now), when I try to do a search
on Google via Tor, more often than not Google calls me a virus and tells
me to go away (unusual network activity or some such).  My solution
has been to connect to Scroogle via Tor.  I am not nearly as anti-Google
as the guy (people?) who run Scroogle and I don't mind the unobtrusive
right column adds on Google search results.  Its just my (usual)
inability to use Google directly w/o dropping anonymity.


There's another relatively easy solution to the Analytics part - surf
with a plugin like Firefox's NoScript installed, and forbid
google-analytics.com from ever running scripts.  Boom, no more
analytics, I believe NoScript won't even allow Firefox to fetch the code
from the URL, so they don't even get the hit (note: I haven't actually
confirmed that part explicitly).  Plus you get a ton of other safety
benefits from browsing the web with scripting off by default, and the
various other nasty things like clickjacking and XSS that NoScript
attempts to block.


Yes.  I've long recognized that one of the possible ironies in my story 
is that google-analytics motivated me to get off my duff and get Tor 
working.  However, in the process of setting up Tor I found out that 
Privoxy could very nicely take care of google-analytics on its own.  But 
as I've alluded to, while google-analytics was the top motivator for me, 
there is other motivation from Google (as search engine) and others 
wishing to track me.


Others more knowledgeable than I may wish to comment on this, but I 
believe I have read that it is not a good idea to combine NoScript with 
Tor.  I can't give you the gory details.  While I don't know the details 
of how NoScript handles google-analytics, I do know (on the last version 
I checked) that by default Privoxy won't allow anything from 
google-analytics to load, including their script(s).


Cheers,
Jim

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Reduce hops when privacy level allows to save Tor network bandwidth

[Jim]

Gregory Maxwell wrote:

There are a great many people who have merely encountered one too many
examples of the ubiquitious tracking on the Internet. For example,
Google's abuse of JS fake out the link target display and intercept
outbound links on search has been driving me nuts lately as it makes
it impossible to copy and paste links from the search results. This
makes me aware of and irritated by Google's surveillance.


You might want to look into using something like Scroogle
( http://www.scroogle.org ).  I thnk Scroogle scrubs those redirects.

Google was actually the motivating factor in causing me to get serious 
about overcoming whatever problem I had when I first tried to use Tor. 
Although my concern at the time was more the ubiquity of 
google-analytics.  But still concerned about using their search engine. 
 My problem was that (for quite a while now), when I try to do a search 
on Google via Tor, more often than not Google calls me a virus and tells 
me to go away (unusual network activity or some such).  My solution 
has been to connect to Scroogle via Tor.  I am not nearly as anti-Google 
as the guy (people?) who run Scroogle and I don't mind the unobtrusive 
right column adds on Google search results.  Its just my (usual) 
inability to use Google directly w/o dropping anonymity.


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: minimal traffic footprint Tor on the road

[Jim McClanahan]

grarpamp wrote:
 
  Besides plugging DNS leaks, the two programs serve somewhat different 
  purposes.
 
 Indeed, however neither program's purpose is to 'plug dns leaks'.
 They simply feed what connection [dns] requests they receive on towards Tor.

I thought the reason you could not send Firefox's SOX5 straight to Tor
was because of a bug in Firefox that would cause a DNS leak.  Perhaps I
misunderstood or my information is outdated?
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: minimal traffic footprint Tor on the road

[Jim McClanahan]

Jan Reister wrote:
 
 Il 28/09/2009 15:25, Eugen Leitl ha scritto:
  Why the switch to Polipo from Privoxy? Is Privoxy officially
  deprecated now?
 
 I just found out today and am wondering myself. From hearsay, Polipo
 should perform faster and better.

There was a somewhat extended discussion about Privoxy vs Polipo on this
list not too long ago (a month or two?).  You may wish to review that. 
My recollection of that discussion is that Polipo being better was
called into question.  Certainly Privoxy is alive and well.  Besides
plugging DNS leaks, the two programs serve somewhat different purposes.
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: [OT]RE: Unsubscribe

[Jim McClanahan]

downie - wrote:
 
 You have to send to a different address. Instructions [to unsubscribe]
 are in the headers.

Having seen this situation on this list multiple times, it occurs to me
that beyond To, From, and Date, many people have probably never
seen the headers.  Most non-techies probably don't even know it exists.
I believe most GUI mail clients, by default, only show the abbreviated
version I just mentioned.  I know mine does.

I don't know what the solution is, but I thought I would throw this out
there for people's consideration.

Jim

Re: seven bloxortsipt* relays ought *not* to be Valid

[Jim McClanahan]

Scott Bennett wrote:
 a) are running an obsolete version of tor (0.1.2.19) under LINUX,
which is far enough back to be a security problem due to the SSL
key generation bug in LINUX,

If the key generation problem refers to what I think, and just for the
record, that was only a problem for Debian and Debian derived
distributions of Linux.


snipped other reasons

 That much, IMO, ought to justify removal of their Valid flags by the
 authorities.  In the meantime, I have them all in my ExcludeNodes list, and
 I recommend that all relay operators concerned about security in tor do
 likewise.

My comment above should *not* be construed to mean I disagree with this
conclusion.

Re: Thanks for the inclusion...

[Jim McClanahan]

Michael Cozzi wrote:
 
 Hello Tor Team.
 
 I'm not sure who to thank, but I noticed my suggested text regarding
 what IT Professionals use Tor for was included whole cloth on the web
 page.
 
 Thank you, that gave me geek-warm-fuzzies.
 
 Michael

Very nicely done.

It has been quite a while since I have looked at that page.  The whole
page is quite nice.  Kudos to those involved.

Re: .exit handling (was Yahoo Mail and Tor)

[Jim McClanahan]

downie - wrote:
 
  Date: Fri, 10 Jul 2009 11:15:25 -0400
  From: eril...@gmail.com
  To: or-talk@freehaven.net
  Subject: Re: Yahoo Mail and Tor
 
  If I'm proxying through Tor and I type this into my browser:
 
  www.google.com.example.exit
 
  My browser asks the proxy for a connection to
 www.google.com.example.exit
 
  Once my browser receives the connection, it then sends this down it:
 
  GET / HTTP/1.1\r\n
  Host: www.google.com.example.exit\r\n
  \r\n
 
  The problem is that some web servers have multiple websites on the
 same IP
  and they decide which website to serve by looking at the HTTP Host
 header.
  So you need privoxy/polipo to strip the example.exit from the HTTP
 Host
  header before forwarding on the actual HTTP request, so it sends
 this
  instead:
 
  GET / HTTP/1.1\r\n
  Host: www.google.com\r\n
  \r\n
 
  --
  Erilenz
 
 So far so good. A possible problem then arises when the served page
 contains absolute URLs for resources, links etc which no longer use
 the .exit notation, and so could be fetched from a different exit. How
 often that would happen is open to question.
 Another Privoxy rule could be written to rewrite those page URLs I
 guess, but how would you pass the name of the required exit to the
 rule?

Should the tor exit be removing the .exit notation from the header
instead of privoxy?  Or perhaps the tor client, which selects the
route?  (I mistakenly thought one of those did it now.  It has been a
long time since I've used .exit ...)

Re: Yahoo Mail and Tor

[Jim McClanahan]

Andrew Lewman wrote:

 A) The Privoxies after 3.06 have a local web control interface
 which we believe is a security risk. We think that remote websites can
 probably reconfigure your privoxy via that interface, maybe even without
 your noticing.  If newer versions have the ability to disable this
 interface, we can consider testing and subsequently including those with
 our packages.

Can you provide a link to what you are talking about?  I just searched
on the terms/phrase web control interface with privoxy and only had
a few matches, none of which seemed relevant.  I also checked privoxy's
online manual
( http://www.privoxy.org/user-manual/index.html ,
v 1.60 2009/03/21 12:58:53) and I didn't see anything about changing
configuration that had substantively changed since I started using
privoxy 3+ years ago.  At *least* since that time there there has been
the ability to edit action files via browser (web interface) if allowed
in the configuration file.  The configuration file itself had to be
manually edited, and, at least in *nix, the config file could be owned
by root and set to be not writeable by privoxy (assuming privoxy was
running w/o privilege).  You could also toggle enable/disable through
privoxy's web interface if allowed in the config file. It should be
noted that disabling merely turns off the application of the rules --
it does *not* affect packet routing.  So if something was sent via Tor
with privoxy enabled, it is still sent through Tor with privoxy
disabled.  I have specifically verified that using
http://torcheck.xenobite.eu .

So could you point me to what has changed since 3.0.6 that causes
security concerns?  Thanks.

P.S.  Oops, I just noticed others have requested a link.  Did not mean
to repeat.  I believe the rest of what I said is relevant.

Re: Yahoo Mail and Tor

[Jim McClanahan]

bao song michaelw...@yahoo.com.au wrote:

  The standard Tor bundle download for non-Windows still includes
  Privoxy 3.0.6, which mangles Yahoo mail.

I am running privoxy 3.0.6.  If you want to email me off-list I will be
happy to send you my user.action file which seems to more or less work
adequately for Yahoo mail.  (Sometimes there is some weirdness with
scroll bars, but it is usuable.  And the page *after* logging out is
somewhat mangeled, but who cares about that?)  You will have to sort the
relevant yahoo rules from the rest for yourself.  You can also simply
disable privoxy (via its menu -- it still forwards to tor
appropriately) while using Yahoo mail.

If you email me, I would appreciate text (not html) email.

Re: Google and Tor

[Jim McClanahan]

grarpamp wrote:
 
   GMail doesn't do this anymore.  You can sign up through Tor just fine.
 
 Yes, there was a time years ago where they were invite only :(
 Then they opened up. This does not refer to that historical thing.
 
 I tried making four different acct names over the span of a day
 about a day before I first posted this. Clearing cookies and
 newnym between each.
 
 Account creation tests between then and now have worked without issue.
 Don't know what google was up to when I posted Seems fine now.
 Thanks, sorry for the noise.

It may have been related to the traffic from those exit nodes that
Google was seeing *at* *that* *time*.  There was a time when Google's
search engine would sometimes tell me something along the lines of we
think you are a virus that was definitely time/exit-node dependent. 
(Now it is very rare that exiting from Tor does not cause me problems
with Google's search.)

Re: Google and Tor

[Jim McClanahan]

James Brown wrote:

 I use the gmail within Tor very easy but I have some problems sometimes
 with other services of Google.

For maybe I couple of years it has been almost impossible for me to use
Google's search via Tor.  (It keeps calling me a virus.)  Somebody
eventually told me about Scroogle ( http://www.scroogle.org/scraper.html
) which I have had good luck with via Tor.  I *think* that recently,
after Google flags you as suspicious activity it allows you to proceed
with a captcha *if* you accept cookies. Not a good way to remain
anonymous unless you immediately delete the cookies.

(When I first tried to use Tor I had some, now long forgotten, problem. 
Google-analytics was my motivation for solving the problem.)

 But about last two monthes there is problems with using the Yahoo mail
 through Tor.

If you are talking about error 999 (Yahoo's term), I have occasionally
had problems with that for a long time.  Recently it seems to have
become routine.  You can immediately go to the captcha login for email
(which I don't have trouble with from Tor) with:

https://login.yahoo.com/config/login?.ab=1.done=http%3A//mail.yahoo.com

(of course, Yahoo might break that link at any time)  Be aware that
although *login* to Yahoo mail is https, the other transmissions are in
clear text.  So you are exposing your email (both send and receive) to
exit nodes.

P.S.  After seeing bao song's post, I remembered I have fiddled with
Privoxy's settings to keep it from mangling Yahoo mail.  But I have
routed Yahoo's mail clear text straight to the Internet to avoid any
exit node mischief.  I send the https login via Tor because it it too
difficult to separate from my other Yahoo traffic.

Re: 25 tbreg relays in directory

[Jim McClanahan]

Arjan wrote:
 
 Jim McClanahan wrote:
 [...]
  Certainly, protecting
  the network is a priority.  Protecting uninformed or unsuspecting
  users gets trickier IMHO.  I'll admit this is a bit of a hot-button
  issue for me and I may have overreacted.  But I think care needs to be
  taken before cavalierly shutting something down to protect uninformed or
  unsuspecting users.  I agree with Ringo 2600den...@gmail.com when he
  wrote (at Tue, 30 Jun 2009 00:06:01 -0400) Remotely disabling Tor nodes
  is a slippery slope.
 
 In my humble opinion, protecting uninformed or unsuspecting users /
 relay operators should be a priority.

The discussion was about Tor *clients* not Tor *servers*.  I have
repeatedly stated I didn't have problems with disabling the servers if
that was needed to protect the network.  And while I didn't specifically
mention client in what was quoted above, I did reiterate that
protecting the network was important.

Re: 25 tbreg relays in directory

[Jim McClanahan]

Scott Bennett wrote:
 
  On Mon, 29 Jun 2009 07:13:42 -0600 Jim McClanahan jimmy...@copper.net
 Scott Bennett wrote:
 
   On Mon, 29 Jun 2009 05:14:25 -0600 Jim McClanahan 
  jimmy...@copper.net
  wrote:
  Scott Bennett wrote:
  
Ouch.  This provides another example in support of having a way
   for the directory authorities to render insecure versions ...
   and only usable as clients to connect to the tor project's web site to
   download a current version of tor.
  
  This kind of thinking baffles me.  It seems diametrically opposed to the
  notion of free software.  I could understand if the outdated client was
 
   How so?  It's still free of charge, freely available, and freely
  modifiable and redistributable.  (GPL3-licensed software doesn't
  qualify, IMO.)
 
 I did not not mean it was not technically free software.  The license
 takes care of that.  My meaning is that the goal is to restrict people
 rather than to grant freedom.  It is an issue of perspective rather than
 license technicalities.  I probably could have phrased it better.
 
  Oh, okay.  Thanks for clarifying.
  The intent of my suggestions has been to restrict abuse harmful either
 to an uninformed and unsuspecting user or to the tor network overall, not to
 restrict people.

I have no problems with either of those goals.  Certainly, protecting
the network is a priority.  Protecting uninformed or unsuspecting
users gets trickier IMHO.  I'll admit this is a bit of a hot-button
issue for me and I may have overreacted.  But I think care needs to be
taken before cavalierly shutting something down to protect uninformed or
unsuspecting users.  I agree with Ringo 2600den...@gmail.com when he
wrote (at Tue, 30 Jun 2009 00:06:01 -0400) Remotely disabling Tor nodes
is a slippery slope.

 will do.
 
  endangering the Tor network (which was discussed in the portion of the
  comment I skipped over with the ellipsis).  And I would have no problem
 
   Insecure relays endanger the network
 
 That is why I inserted the ellipsis and made the parenthetical comment
 about it.  I am not arguing against neutralizing insecure relays.  The
 danger to the network is perfect justification IMO.
 
  Note that the version of tor that Pei Hanru reported here had been part
 of the tbreg distribution is *not* secure.
 

I was aware of that at the beginning of this discussion.

 It's not like the clients ended up there on their own w/o the consent of
 the user or owner.  Trying to enforce a policy on people when those
 
  Pei Hanru suggested otherwise.

My point was the users knew that they were installing *some* software. 
They may not have know that the software contained Tor or even what Tor
is.  But I see the situation as similar to unscrupulous people slipping
malware or other unknown software into packages people willingly
install. While I don't approve of that, neither do I feel compelled to
police it.  Which would be a futile endevour anyway.

  I would argue that those unsuspecting, involuntary tor operators were
 indeed harmed and further that they were placed at significant risk of far
 greater harms at the hands of that State.

Yet the harm at the hands of that State has nothing to do (TMK) with
the fact that the clients were insecure, but rather that they were Tor.

 
 technical argument.  Obviously, it is technically possible to do what
 you describe.  And because of the free license, it is technically
 possible and legally permissible for people to undo those changes on
 their copies of the software.  It is also possible for the software to
 lie to the network about what it is.  But as I stated, this attitude of
 trying to coerce other people baffles me.  I am not saying nobody does
 it.  The world is full of tyrants.
 
  Clearly, the above comments are inapplicable to this situation and
 to what I was suggesting as a way to deal with similar situations in the
 future.

Again, maybe I was overreacting. But I do think people who are not
trying to be tyrants nonetheless need to be very careful with for your
own good attitudes.  IMO it gets very tricky.

 Just to flesh out my view a little more, I would have no problem with a
 configuration option that says allow the tor network to nearly disable
 this client at somebody's discretion.  As long as it could be
 
  Oh, stop it.  That's ridiculous.  All the person would have to do
 would be to upgrade to a valid version.  It does not restrict the user.
 It just minimizes the damage that can be caused by software 
 known/suspected to have something wrong with it.

I probably should have canned the sarcasm, but I do think that any
disabling of the client from the network should be easily reversible. 
Part of that is just my philosophy.  But it also has a practical element
in terms of what is required to resume functionality if the client
suddenly and unexpectedly stop working.  Somebody may not wish to take
the time to install at that moment

Re: 25 tbreg relays in directory

[Jim McClanahan]

Edward Langenback wrote:
 Jim McClanahan wrote:
  I probably should have canned the sarcasm, but I do think that any
  disabling of the client from the network should be easily reversible.
  Part of that is just my philosophy.  But it also has a practical element
  in terms of what is required to resume functionality if the client
  suddenly and unexpectedly stop working.  Somebody may not wish to take
  the time to install at that moment.
 
 I assume that Tor can (or could be made to) detect what OS it's being
 run on.  Given that, what if Tor were to check it's current version
 against the directory servers while it's creating circuits.
 
 Then if the version running is judged too far out of date to be safe, it
 could download the most recent version (via the Tor network of course)
 for the OS it's running on and auto-update itself.

I guess that would depend on the OS and how it is configured.  If Tor is
running without privilege, as recommended, I would think in most
scenarios it would not have the ability to update itself.  If something
is configured non-standard (whatever that may mean in a particular
situation) then I would guess the attempt to update would not have the
desired result even if Tor had privilege.  That said, it is my
understanding that on MS Windows, Firefox has such an auto-update
mechanism although I am not familiar with the details.  Personally, I
like to be in charge of what happens on my computers.

I remain unconvinced that what happened in the case of tbreg should be
determining policy for the Tor project, at least as far as client
activity is concerned.  To the extent the people who installed really
didn't know it involved Tor, it seems to me that, if not technically
malware, it is at least a close cousin (where software creators are not
being up front with users).  Trying to, in effect, be the guardian of
such users is (IMHO) a losing proposition.

@Scott Bennett

[Jim McClanahan]

I was trying to email you and it bounced:

Final-Recipient: rfc822; benn...@cs.niu.edu
Original-Recipient:
rfc822;benn...@cs.niu.edu
Action: failed
Status: 5.7.1
Remote-MTA: dns; mp.cs.niu.edu
Diagnostic-Code: smtp; 550 5.7.1
benn...@cs.niu.edu... Access denied

@Scott Bennett

[Jim McClanahan]

Ah, I see.  It is the duplicate messages from you that were confusing
me.

Why duplicate messages?  As somebody else has pointed out recently, the
fact that I can post on or-talk means I am subscribed to or-talk.

Re: 25 tbreg relays in directory

[Jim McClanahan]

Scott Bennett wrote:

  Ouch.  This provides another example in support of having a way
 for the directory authorities to render insecure versions ... 
 and only usable as clients to connect to the tor project's web site to
 download a current version of tor.

This kind of thinking baffles me.  It seems diametrically opposed to the
notion of free software.  I could understand if the outdated client was
endangering the Tor network (which was discussed in the portion of the
comment I skipped over with the ellipsis).  And I would have no problem
with a friendly advisory as long is it wasn't incessant nagware that
couldn't be disabled.  But I don't understand the desire to dictate to
people or some nanny viewpoint of trying to save people from
themselves.  (Before somebody makes an argument of keeping the Internet
free of compromised machines, I rather imagine the number of machines
compromised because of Tor software would be lost in the statistical
noise of all the other ways machines get compromised.  And I don't think
the unsavory purpose these tbreg instances are put to is a relevant
factor.)

Re: 25 tbreg relays in directory

[Jim McClanahan]

Scott, when I did a reply on your email, it (tried to) sent it your
personal email account rather than the list.

--

Scott Bennett wrote:
 
  On Mon, 29 Jun 2009 05:14:25 -0600 Jim McClanahan jimmy...@copper.net
 wrote:
 Scott Bennett wrote:
 
   Ouch.  This provides another example in support of having a way
  for the directory authorities to render insecure versions ...
  and only usable as clients to connect to the tor project's web site to
  download a current version of tor.
 
 This kind of thinking baffles me.  It seems diametrically opposed to the
 notion of free software.  I could understand if the outdated client was
 
  How so?  It's still free of charge, freely available, and freely
 modifiable and redistributable.  (GPL3-licensed software doesn't
 qualify, IMO.)

I did not not mean it was not technically free software.  The license
takes care of that.  My meaning is that the goal is to restrict people
rather than to grant freedom.  It is an issue of perspective rather than
license technicalities.  I probably could have phrased it better.

(I happen to like, to the extent I understand it, GPLv3.  But I don't
see how it is relevant to this discussion and I don't know why it was
injected into it.)

 
 endangering the Tor network (which was discussed in the portion of the
 comment I skipped over with the ellipsis).  And I would have no problem
 
  Insecure relays endanger the network

That is why I inserted the ellipsis and made the parenthetical comment
about it.  I am not arguing against neutralizing insecure relays.  The
danger to the network is perfect justification IMO.

 Insecure clients installed
 virally onto systems without notice to the users endanger those users.

It's not like the clients ended up there on their own w/o the consent of
the user or owner.  Trying to enforce a policy on people when those
people are not harming others reeks (IMO) of unsavory things like police
states and nanny states.  I am opposed.  It is personal perspective, not
technical argument.  Obviously, it is technically possible to do what
you describe.  And because of the free license, it is technically
possible and legally permissible for people to undo those changes on
their copies of the software.  It is also possible for the software to
lie to the network about what it is.  But as I stated, this attitude of
trying to coerce other people baffles me.  I am not saying nobody does
it.  The world is full of tyrants.

Just to flesh out my view a little more, I would have no problem with a
configuration option that says allow the tor network to nearly disable
this client at somebody's discretion.  As long as it could be
disabled.  But I really wonder why Tor developers would be interested in
spending the time to implement such a thing.

 
 with a friendly advisory as long is it wasn't incessant nagware that
 couldn't be disabled.  But I don't understand the desire to dictate to
 
  I don't think the current log messages are so influential as all that.
 Just take a look at the current consensus. :-(
 
 people or some nanny viewpoint of trying to save people from
 themselves.  (Before somebody makes an argument of keeping the Internet
 free of compromised machines, I rather imagine the number of machines
 compromised because of Tor software would be lost in the statistical
 
  Again, when the software is installed by stealth onto the machines
 of unsuspecting users, then the probability on each user's machine becomes
 100%.  In other words, the number of machines w.r.t. the user is 1 out of 1,
 a ratio that cannot be considered lost in the noise for that user.

By stealth???  If that is really so, I guess you could try to make the
same argument about *any* free software that somebody decided to turn
into malware.  But I am still unconvinced the people who installed
didn't know they were installing something.

 noise of all the other ways machines get compromised.  And I don't think
 the unsavory purpose these tbreg instances are put to is a relevant
 factor.)
 
  How so?  I note that you deleted all the relevant context in your reply.

I did not reproduce Pei Hanru's email in its entirety because I did not
see it as necessary.  Or particularly relevant for this discussion.  As
I stated, I don't think the unsavory purpose these 'tbreg' instances
are put to is a relevant factor.  The unsavory purpose I referred to
and perhaps what you call relevant context is the fact that Tor was
part of software sold to (for the purpose of) (quoting Pei Hanru)
automatically register large number of TaoBao accounts. It is my
opinion (yes, once again, *opinion*) that the fact that an unscrupulous
person (or group of people) used the free software in question in a
manner that *might* be analogous to certain freeware (*not* free
software) actually being a trojan, i.e. malware that arguably was
installed by stealth, is not justification for taking a tyrannical
attitude toward the users of said free

Question About Security Threat from Tor

[Jim McClanahan]

Hi,

I have read on this mailing list several times about how some previous
versions of Tor contain vulnerabilities that can threaten the host
machine itself.  I am reminded of this again with Pei Hanru's excellent
work tracking down the tbreg mystery.  (I too say thank you.)  While
I understand that all software has bugs, some of which can be exploited
for malicious purposes, I've long wondered how such vulnerabilities in
Tor threaten the host itself if Tor is being run (as recommended) as an
unprivileged user.

Can somebody explain, or point me to an explanation?  Thanks.

Re: Question About Security Threat from Tor

[Jim McClanahan]

Michael wrote:
 
 Jim McClanahan wrote:
  Hi,
 
  I have read on this mailing list several times about how some
  previous versions of Tor contain vulnerabilities that can
  threaten the host machine itself.

snip

 Hi Jim,
 
 Not so much related to Tor itself, but more toward general
 security.  If a standard user account were to be compromised,
 that's the first step in getting control of a machine.

snip

Thanks, Michael.

My impression from the list was it was a direct threat rather than just
a stepping stone.  Maybe the references were to Microsoft Windows, or
maybe I misunderstood.  And I know next to nothing about the security
model of MS Windows ...

Jim

Re: Lynx leaks DNS

[Jim McClanahan]

Phil wrote:
 
 I realize this needs a fix not a workaround, but if a workaround is enough 
 for now you could try running lynx via proxychains -- tor
 
 Proxychains might grab all the DNS requests.

Thanks for your response.  Now that I know lynx doesn't leak DNS when
the protocol (e.g. http://) in included, using full URLs is enough of a
workaround for me.  (And a relief that I haven't been leaking all of
this time.)  For everybody's information, I think I learned more about
the leaks while I was playing with proxychains.  It *appears* that lynx
is using DNS to try variations on the supplied name to find one that
works.  (Maybe there is an option to stop this?)  So while I have a
solution for myself, I think people using lynx with tor ought to be
warned about this.

 You could also probably leave privoxy in the proxy chain or test it with and 
 without.
 
 I haven't tried this with lynx, but proxychains does work with tor.

I have tried using proxychains to chain to privoxy.  Trying to chain
directly to Tor would require more fiddling and I haven't tried that.
Lynx couldn't get to the website *and* it DNS leaked.  Maybe I didn't
have it configured correctly?  (privoxy is listening on
192.168.1.27:8119)

The non-comment, non-blank lines of the configuration file were:

strict_chain
tcp_read_time_out 15000
tcp_connect_time_out 1  
[ProxyList]
http192.168.1.27 8119

I used the command:  proxychains lynx http://torcheck.xenobite.eu

With tcpdump I saw a DNS query, a TCP handshake with Privoxy, and then
proxychains terminated the connection.  The page request was not logged
in Privoxy's logfile.   proxychains reported:
strict chain:192.168.1.27:8119..broken, and backgrounded and
stopped lynx.

# tcpdump -nni eth0 not tcp port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
23:20:08.950239 IP 192.168.2.102.42865  65.247.xx.xx.53: 28346+ A?
torcheck.xenobite.eu. (38)
23:20:08.952037 IP 65.247.xx.xx.53  192.168.2.102.42865: 28346 1/2/2 A
217.160.111.190 (137)
23:20:08.952807 IP 192.168.2.102.51357  192.168.1.27.8119: S
3021896822:3021896822(0) win 5840 mss 1460,sackOK,timestamp 709785
0,nop,wscale 5
23:20:08.954018 IP 192.168.1.27.8119  192.168.2.102.51357: S
3677520579:3677520579(0) ack 3021896823 win 5792 mss
1460,sackOK,timestamp 4633540 709785,nop,wscale 2
23:20:08.954052 IP 192.168.2.102.51357  192.168.1.27.8119: . ack 1 win
183 nop,nop,timestamp 709785 4633540
23:20:08.954245 IP 192.168.2.102.51357  192.168.1.27.8119: F 1:1(0) ack
1 win 183 nop,nop,timestamp 709785 4633540
23:20:08.955321 IP 192.168.1.27.8119  192.168.2.102.51357: P 1:54(53)
ack 2 win 1448 nop,nop,timestamp 4633540 709785
23:20:08.955353 IP 192.168.2.102.51357  192.168.1.27.8119: R
3021896824:3021896824(0) win 0
23:20:08.955686 IP 192.168.1.27.8119  192.168.2.102.51357: F 54:54(0)
ack 2 win 1448 nop,nop,timestamp 4633540 709785
23:20:08.955702 IP 192.168.2.102.51357  192.168.1.27.8119: R
3021896824:3021896824(0) win 0

Lynx leaks DNS

[Jim McClanahan]

Hi,

Quite by accident I discovered that the lynx browser is leaking DNS
addresses.  I have verified this on:

   Lynx Version 2.8.4dev.7 (03 Aug 2000)   and
   Lynx Version 2.8.5rel.1 (04 Feb 2004)

lynx is called from scripts with the following statements:

   export http_proxy=http://localhost:8119
   export https_proxy=http://localhost:8119
   export ftp_proxy=http://localhost:8119
   export gopher_proxy=http://localhost:8119
   export news_proxy=http://localhost:8119
   export newspost_proxy=http://localhost:8119
   export newsreply_proxy=http://localhost:8119
   export snews_proxy=http://localhost:8119
   export snewspost_proxy=http://localhost:8119
   export snewsreply_proxy=http://localhost:8119
   export nntp_proxy=http://localhost:8119
   export wais_proxy=http://localhost:8119
   export finger_proxy=http://localhost:8119
   export cso_proxy=http://localhost:8119

Privoxy is listening on localhost:8119 and sends requests to tor in the
standard way.  I have verified from Privoxy's log that requests are
received and   http://torcheck.xenobite.eu verifies the request
is coming through the Tor network.  Supplying linx with the url of p.p
(an alias that Privoxy understands) demonstrates that lynx does a DNS
request and then ignores the result. 

Comments?  Suggestions?

Re: Lynx leaks DNS

[Jim McClanahan]

Fabian Keil wrote:
 
 Jim McClanahan jimmy...@copper.net wrote:
 
  Quite by accident I discovered that the lynx browser is leaking DNS
  addresses.  I have verified this on:
 
 Lynx Version 2.8.4dev.7 (03 Aug 2000)   and
 Lynx Version 2.8.5rel.1 (04 Feb 2004)
 
 Is there a reason why you aren't using a more recent build?

That was what I had readily available.  I just installed lynx on
Ubuntu 8.04 LTS for more testing:

   lynx --version
   Lynx Version 2.8.6rel.4 (15 Nov 2006)
   libwww-FM 2.14, SSL-MM 1.4.1, GNUTLS 2.0.4, ncurses
5.6.20071124(wide)
   Built on linux-gnu Apr  8 2008 13:48:42

It shows the same behavior I saw before.  But further investigation
reveals this interesting twist:  It does not leak if the URL with
protocol is given.  But if the http:// is omitted, it leaks, yet still
loads the page.  Without thinking, I had just been using p.p.  When I
used http://p.p, it did not leak.  But it is not only p.p that leaks:

tcpdump -nni eth0 udp port 53
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
08:22:23.435995 IP 192.168.2.102.45063  65.247.xx.xx.53: 46608+ A? p.p.
(21)
08:22:23.437732 IP 65.247.xx.xx.53  192.168.2.102.45063: 46608 2/2/0 A
64.158.56.50, A 63.251.179.30 (109)
08:33:39.447099 IP 192.168.2.102.54845  65.247.xx.xx.53: 19107+ A?
torcheck.xenobite.eu. (38)
08:33:39.679776 IP 65.247.xx.xx.53  192.168.2.102.54845: 19107 1/2/2 A
217.160.111.190 (137)

(The returned addresses for p.p is bad behavior on the part of my ISP. 
They lead to a not found page with advertising.)  

Both of the above were without http://  .   And When http:// was added,
neither leaked.  torcheck.xenobite.eu (both with a w/o http://) verified
I was accessing via Tor.

Not as bad as I thought when I originally posted.  But still
disconcerting, particularly considering that it will happily render the
page w/o http://  .

 
 I can't reproduce the problem with:
 
 f...@tp51 ~ $lynx --version
 Lynx Version 2.8.6rel.5 (09 May 2007)
 libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.8k, ncurses 5.7.20081102(wide)
 Built on freebsd8.0 Feb 27 2009 22:36:34

Re: Banners injected in web pages at exit nodes TRHCourtney*

[Jim McClanahan]

 Strange the the provided link didn't have injection... Adaptation on
 the nodes part?

A few minutes ago I tried http://www.torproject.org.TRHCourtney01.exit/
and got a banner ad.  Maybe they do it on a sporadic basis?

Re: GSoC Introduction! (TorButton)

[Jim McClanahan]

Chris Humphry wrote:
 
 Hi Kroy!
 
  snip

 I
 informened Tor team how RefContorl will spoof the root of the site you
 are visiting as the referrer.

I will also point out functionality Privoxy has as an option.  When you
come from another site, it spoofs the referrer as the root of the site
being visited as indicated above.  But as you move around within a site
it reports the referrer accurately.  Some sites require this for proper
functioning.

Re: TOR and HADOPI

[Jim McClanahan]

Freemor wrote:
 
 On Thu, 28 May 2009 22:25:49 -0700 (PDT)
 Curious Kid letsshareinformat...@yahoo.com wrote:
 
 
  This policy model, applied globally, may put and end to Tor. Imagine
  if exit nodes in every country were shut down, yet their operators
  were still required to pay for an Internet connection for a long
  period of time thereafter. Each country having their own special
  blend of banned activities further complicates matters.
 
  Maybe Tor could go completely hidden.
 
 I really can't see how the pay for something you aren't receiving part
 of this bill will stand any kind of a legal challenge. Cutting off a
 persons service is one thing. Forcing a person to pay for nothing is
 almost universally considered theft/extortion.

Particularly when the pay for nothing was not part of any due
process.  But we shall see.

Re: Iptables configuration for a transparent proxy for a singleuser

[Jim McClanahan]

unknown wrote:
 
 INET_IFACE=eth0 #our internet interface
 
 $IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9050 -j DROP
 $IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 9040 -j DROP
 $IPTABLES -A INPUT -i $INET_IFACE -p TCP --dport 53 -j DROP
 $IPTABLES -A INPUT -i $INET_IFACE -p UDP --dport 53 -j DROP
 # Block incoming traffic for this ports from outside.
 # Tor already ignore non-local connections by default.
 
 
 $IPTABLES -t nat -A OUTPUT -o lo -j RETURN
 $IPTABLES -t nat -A OUTPUT -d 127.0.0.1 -j RETURN
 # Pass direct connection to localhost services.
 # We can trying use privoxy at first before redirecticting unfiltered traffic 
 to Tor.
 
 
 TOR_UID=debian-tor
 #see tor uid in file:
 #tor:x:XXX:YYY::/var/lib/tor)
 
 $IPTABLES -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
 $IPTABLES -t nat -A OUTPUT -p tcp -m owner --uid-owner tornet_user -m tcp 
 --syn  \
 -j REDIRECT --to-ports 9040
 $IPTABLES -t nat -A OUTPUT -p udp -m owner --uid-owner tornet_user -m udp 
 --dport 53  \
 -j REDIRECT --to-ports 53
 $IPTABLES -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
 # Transparent redirection of the traffic to Tor for tornet_user
 
 
 # $IPTABLES -t nat -A OUTPUT -m owner --uid-owner tornet_user -j DROP
 # This rule will not working anymore in new iptables.
 
 
 $IPTABLES -t nat -A OUTPUT -m owner --uid-owner tornet_user -j DNAT \
 --to-destination 127.0.0.1
 # Use DNAT instead of nat
 # Any traffic from tornet user if not redirected to tor, redirected to 
 localhost.
 # If no services in localhost can accept this traffic than this packets dying 
 quietly in our localhost.
 
 I test this rules with sniffer and cannot see any DNS leakage and everithing 
 is works fine.
 Any possible vulnerabilities here?

Rather than to just DNATing all un-REDIRECTed traffic of tornet_user to
local host, I wonder whether it would be safer to direct udp  tcp
traffic to a particular port where you explicitly DROP (or REJECT) it. 
Something along the lines of:

DROPDEAD=12345
$IPTABLES -t nat -A OUTPUT -p tcp -m owner --uid-owner tornet_user \
   -j REDIRECT --to-port $DROPDEAD
$IPTABLES -t nat -A OUTPUT -p udp -m owner --uid-owner tornet_user \
   -j REDIRECT --to-port $DROPDEAD
$IPTABLES -t nat -A OUTPUT -m owner --uid-owner tornet_user \
   -j REDIRECT

$IPTABLES -A INPUT -p tcp --dport $DROPDEAD -j DROP
$IPTABLES -A INPUT -p udp --dport $DROPDEAD -j DROP

(BTW, DNATing to localhost for a locally generated packet is the same as
REDIRECT.)

Also, it looks to me like the following rule is not needed, as any
packets that would match have already been RETURNed.

$IPTABLES -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT

Re: Version checking (was Re: 25 tbreg relays in directory)

[Jim McClanahan]

Tripple Moon wrote:

 IMHO, all and i mean *all* modifications of the original code and/or design 
 should be committed to the development-tree, that's how things get improved 
 and fixed etc by the community that maintains the development of the project.

The problem with your logic (leaving aside the questions of whether it
is desire or doable) is that it is *source* code that gets committed to
the development tree, but you are wanting to authenticate against
*object* code (at least that's what it used to be called), i.e.,
binaries.  If there were a way to authenticate against *source* code
(yeah, right) then your plan might be doable, even if not desirable. 
But when I compile my code (and I do), the resulting binary is dependent
on the particulars of my system.  I suspect if I compiled it on two
different machines (and I have) I would get two different binaries even
when I start with the same source.

 If the tor application wont get means to authenticate itself's
internals, then im afraid (IMHO) we will be looking at a future with
*many* independent tor networks who are not connected to each others
cloud because of differences...

The need is for the code to be interoperable.  Interoperability is a
much lower threshold than authenticating binaries people run. 
Presumably your desire to authenticate stems from lack of trust -- i.e.
fear of an attacker.   But attackers are (or can be) clever and I don't
think that even in *prinicple* you can reliably authenticate w/o
requiring things that would destroy anonymity.  That is, before you can
trust me, you have to know who I am (with certainty) and what I am
doing.  If you don't know who I am I can tell you anything I want (such
as what binary I'm running) and you won't know the difference.

Re: Version checking (was Re: 25 tbreg relays in directory)

[Jim McClanahan]

 By remotely calculated CRC-value of the client i mean that the
destination does the CRC calculation of the connecting client.
 Yes this means the client needs to send all of its binary-self to the 
 destination.

That would be a pretty big upload for a dial-up user!

I am also wondering what kind of danger you think a *client* can have
for the Tor network.

And if somebody wanted to circumvent, I would think the client could be
modified so that when it claimed to be uploading itself, it was actually
uploading a copy of an unmodified binary.  Am I missing something?

Also what would be gained from a CRC based on the *binary*?  Wouldn't
that change according to the system that compiled it?

Re: Precompiled tor binary for openwrt/dd-wrt?

[Jim Nightshade]

glymr writes:

 perhaps openwrt hasn't got urandom? urandom is pretty intensive as far
 as i know, it'd definitely load the little router hard. i'd say the devs
 will be able to tell you if there's anything that can be done.

OpenWrt has /dev/random and /dev/urandom.  The SSH daemon dropbear,
which is installed by default under OpenWrt, uses /dev/urandom.

 my initial thought is edit the source and change all references to
 /dev/urandom to /dev/random - this would reduce the randomness a bit
 but would also reduce loading (and in this case, may enable it to
 run)

Isn't it vice versa?  AFAIK /dev/random provides strong random data,
which /dev/urandom doesn't guarantee.

I don't know why the tor binary crashes on the Linksys router.  I
can't reproduce this bug on my Asus router.  I used a current OpenWrt
WhiteRussian build tree to create the binary packages.  So far I never
had problems to mix packages from the current build tree with packages
from WhiteRussian RC5, but maybe something has changed recently.