Re: opening up (exit policy) a bit ...
On 5/8/2010 6:49 PM, John Case wrote: I suppose I could see the ratio of actual connections by simply running 'netstat', yes ? If my orport and dirport are 9001/9030, and I am allowing port 80 exit, then all netstat connections showing port 80 are exit connections, so I could (roughly) calculate these numbers myself, right ? They wouldn't only be exit connections, as many relays use 80/443 or other combinations of those ports for their orport and dirport, to be more accessible to users behind restrictive firewalls. So if you're a middle node or entry guard in a circuit you could still be making outgoing connections out to other nodes on those ports. But you'd probably get an acceptable approximation anyway. Regards, Tim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: TOR and ISP
On 12/29/2009 9:01 AM, Curious Kid wrote: Current law, as contained in Title 18 U.S.C. Section 2703(f), outlines the process by which law enforcement can contact ISPs to request the preservation of identified records or communications related to a particular person. The information cannot be deleted for 90 days, during which time law enforcement obtains the proper legal process.7 7. United States Internet Service Provider Association, The US Data Preservation System: Title 18 U.S.C. Section 2703(f), http://www.usispa.org/pdf/DataPreservationSystem.pdf That law requires providers to PRESERVE existing data after they receive a SPECIFIC request for that data. If they do not already have that data, it does not mandate that they begin collecting it, nor does it require any on-going data collection - merely preservation. Please don't spread FUD. There are plenty of truly scary things under consideration, we don't need fear-mongering over things that already exist but aren't really that scary - because then the argument can be made that the new stuff isn't all that scarier than the old stuff, and boom, we've got truly scary laws in place. Regards, Tim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Reduce hops when privacy level allows to save Tor network bandwidth
On 11/18/2009 4:17 AM, Jim wrote: Google was actually the motivating factor in causing me to get serious about overcoming whatever problem I had when I first tried to use Tor. Although my concern at the time was more the ubiquity of google-analytics. But still concerned about using their search engine. My problem was that (for quite a while now), when I try to do a search on Google via Tor, more often than not Google calls me a virus and tells me to go away (unusual network activity or some such). My solution has been to connect to Scroogle via Tor. I am not nearly as anti-Google as the guy (people?) who run Scroogle and I don't mind the unobtrusive right column adds on Google search results. Its just my (usual) inability to use Google directly w/o dropping anonymity. There's another relatively easy solution to the Analytics part - surf with a plugin like Firefox's NoScript installed, and forbid google-analytics.com from ever running scripts. Boom, no more analytics, I believe NoScript won't even allow Firefox to fetch the code from the URL, so they don't even get the hit (note: I haven't actually confirmed that part explicitly). Plus you get a ton of other safety benefits from browsing the web with scripting off by default, and the various other nasty things like clickjacking and XSS that NoScript attempts to block. Regards, Tim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: eliminating bogus port 43 exits
On 6/12/2009 3:29 AM, Scott Bennett wrote: In other words, by restricting just port 43 exits to only the legitimate whois IP addresses, I eliminated at least 70% of *all* exits through my tor node, which suggests to me that the vast, overwhelming majority of exits from the tor network are illegitimate and place a terribly taxing load upon the tor network as a whole. Scott, Thanks for your continued analysis, this is interesting information. However, the list of WHOIS servers you mentioned (and I snipped for brevity) is by no means a complete set of the legitimate WHOIS IP addresses. In fact, it's much much too small to draw any significant conclusions, for at least two major reasons: 1) Any .com or .net WHOIS queries that hit whois.verisign-grs.com (aka whois.internic.net in your list) with a legitimate domain name will result in a referral to an individual registrar's WHOIS server, which will often be followed by the client, and would not be allowed by your exit policy. There are potentially tens of thousands of these registrar WHOIS servers out there. 2) Your list significantly excludes all ccTLD WHOIS servers. While the numbers of domains registered in ccTLDs are not significant compared to .com/.net, their use is quite popular in a number of places, particularly in some where Tor is also quite popular, ie Germany. I'd be interested in seeing a comparison done with a more significantly complete list. I understand you feel very strongly about sampling the contents of the traffic, and that's perfectly understandable and appropriate, but it is probably the only way to actually make a firm determination of how much of this exit traffic really is WHOIS, without crafting a VERY large Exit policy. It may be possible, with appropriately engineered tools, to sample the traffic in a suitably anonymous way but still draw some conclusions, perhaps by simply attempting to determine if the TCP session involves mostly text or binary data. That may still be a bit too intrusive, so I suppose we might just never know. Given these shortcomings in the list, I definitely wouldn't suggest that such a list be considered a default, as you'll be blocking a potentially significant amount of legitimate WHOIS traffic. If you do attempt to dig up a more complete list of WHOIS servers, I'd certainly be interested to see what you come up with, but of course understand you're doing this all on your own time and dime, and would never suggest that you're by any means obligated to do so. :) Best Regards, Tim
