Re: geeez...
Moritz Bartl mor...@torservers.net wrote: On 12.01.2011 22:05, Fabian Keil wrote: Some of my equipment got seized a few months ago. Good luck on getting it back then! Thanks. I'm also not sure how the police would try to seize equipment and fail (assuming the equipment is actually there). Explosives? ;-) Did you run a Tor exit at home? I'm not sure if they come and seize your home computer if the Tor server is hosted in a data center. Olaf seems not to have run into big trouble yet (or maybe he was quick on replacing the hardware). The exit node that triggered the raid is hosted by Strato. I'm running it there since 2006. The friendly local police man who usually deals with the occasional abuse cases has a generic description of Tor that includes the IP addresses of my exit nodes and can forward that information to whomever is interested without having to contact me every time. This arrangement worked rather well so far. For reasons unknown to me the investigation that lead to the raid was handled by a different police department, though, and apparently the police men involved prefer to investigate a bit differently. They also didn't seem that fond of Tor in general. Fabian signature.asc Description: PGP signature
Re: geeez...
Moritz Bartl mor...@torservers.net wrote: ok... since this mailing list is not able to give at least some tips for running a tor exit node except: What do you want to know exactly? In many countries, running an anonymizing service is definitely not illegal. Many exit operators run into trouble with their ISP, because they are too easily scared by DMCA complaints and the like. This is especially true for an exit policy that allows arbitrary ports, as your ISP will be flooded with mails from BayTSP/MediaSentry. That's why we have compiled a list of well-known ports. [1] You should find an ISP who explicitly allows you to run a Tor exit, and if you want you can start with an open exit policy. If your ISP complaints and wants to shut you down later, you can switch to the reduced exit policy. Or, you can allow exiting only to a few ports. It's your decision. Try to convince your ISP to SWIP the IP range and attach your personal abuse handle. Example: http://torstatus.blutmagie.de/cgi-bin/whois.pl?ip=79.140.39.227 Most complaints you will have to deal with can be easily solved by telling them about Tor. In extreme cases, the police might come knocking to your door or even try to seize your equipment, but I am only aware of a single case in Germany where that happened some years ago. Some of my equipment got seized a few months ago. I'm also not sure how the police would try to seize equipment and fail (assuming the equipment is actually there). Getting a warrant seems to be pretty easy as long as you don't mention that the IP address in question belongs to a known Tor server. Fabian signature.asc Description: PGP signature
Re: Arm Release 1.4.0
Damian Johnson atag...@gmail.com wrote: John mentioned that for him connection resolution doesn't work in the new arm tarball (arm_bsdTest2.tar.bz2). Hans, Fabian: can either of you confirm, and if so what sort of issue is the log indicating? I can't confirm this. Also, there was interest mentioned earlier in a BSD port. Anyone interested in taking up that gauntlet? :P I intend to look into creating a FreeBSD port around Christmas. Fabian signature.asc Description: PGP signature
Re: Arm Release 1.4.0
Damian Johnson atag...@gmail.com wrote: Hi all. I've checked in the resolver fixes (thank Fabian and Hans!) and a test tarball is available at: http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2 http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2.asc Thanks. For BSD I'm using the following commands: sockstat -4 | egrep 'process\s*pid' | grep -v '*:*' procstat -f 'pgrep process' | grep 'pid' | grep -v '0.0.0.0:0' Neither of those commands work for me. To let Arm figure out Tor's pid I still need the pgrep patch I mailed you yesterday. Attached are the patches I used to get it working on FreeBSD 9.0 CURRENT. I also rebased the sockstat+awk patch, but sockstat+grep probably works reliably enough. One unrelated problem I noticed is that Arm tends to show local connections as Outbound. A connection from the Privoxy jail to the Tor jail: _tor tor2750 25 tcp4 10.0.0.2:9050 10.0.0.1:20528 shows up as: [public gateway IP address scrubbed]:9050 -- scrubbed 0.0s (OUTBOUND) Given that the connection doesn't leave the system, replacing the Tor jail IP address with the public IP address of the gateway is a bit confusing. Also, when running Arm outside the Tor jail, the Tor configuration file isn't found. Fabian From 48734e94a8205754f793b19d1db77bd72e2a305b Mon Sep 17 00:00:00 2001 From: Fabian Keil f...@fabiankeil.de Date: Sat, 4 Dec 2010 17:36:53 +0100 Subject: [PATCH 1/4] Add pgrep as another way to get the tor pid. --- src/util/torTools.py | 11 +++ 1 files changed, 11 insertions(+), 0 deletions(-) diff --git a/src/util/torTools.py b/src/util/torTools.py index d18869b..077c2e1 100644 --- a/src/util/torTools.py +++ b/src/util/torTools.py @@ -96,6 +96,7 @@ def getPid(controlPort=9051, pidFilePath=None): 2. pidof tor 3. netstat -npl | grep 127.0.0.1:%s % tor control port 4. ps -o pid -C tor + 5. pgrep tor If pidof or ps provide multiple tor instances then their results are discarded (since only netstat can differentiate using the control port). This @@ -150,6 +151,16 @@ def getPid(controlPort=9051, pidFilePath=None): if pid.isdigit(): return pid except IOError: pass + # attempts to resolve using pgrep, failing if: + # - tor is running under a different name + # - there are multiple instances of tor + try: +results = sysTools.call(pgrep tor) +if len(results) == 1 and len(results[0].split()) == 1: + pid = results[0].strip() + if pid.isdigit(): return pid + except IOError: pass + return None def getConn(): -- 1.7.3.2 From 1bd8015476dd5c3613e3384ca373d9f096aabae4 Mon Sep 17 00:00:00 2001 From: Fabian Keil f...@fabiankeil.de Date: Sun, 5 Dec 2010 11:49:35 +0100 Subject: [PATCH 2/4] Shorten RUN_BSD_SOCKSTAT and get it working. --- src/util/connections.py |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/connections.py b/src/util/connections.py index 2487afb..7824f4f 100644 --- a/src/util/connections.py +++ b/src/util/connections.py @@ -12,7 +12,7 @@ all queries dump its stderr (directing it to /dev/null). FreeBSD lacks support for the needed netstat flags and has a completely different program for 'ss'. However, there's a couple other options (thanks to Fabian Keil and Hans Schnehl): -- sockstatsockstat -4 | egrep 'process\s*pid' | grep -v '*:*' +- sockstatsockstat -4c | grep 'process *pid' - procstatprocstat -f 'pgrep process' | grep 'pid' | grep -v '0.0.0.0:0' @@ -62,7 +62,7 @@ RUN_LSOF = lsof -nPi | grep \%s\s*%s.*(ESTABLISHED)\ # *note: this isn't available by default under ubuntu RUN_SOCKSTAT = sockstat | egrep \%s\s*%s.*ESTABLISHED\ -RUN_BSD_SOCKSTAT = sockstat -4 | egrep '%s\s*%s' | grep -v '*:*' +RUN_BSD_SOCKSTAT = sockstat -4c | grep '%s *%s' RUN_BSD_PROCSTAT = procstat -f 'pgrep %s' | grep '%s' | grep -v '0.0.0.0:0' RESOLVERS = [] # connection resolvers available via the singleton constructor -- 1.7.3.2 From 12d267f497870ecff1b37bddb1aeb44e9ba01994 Mon Sep 17 00:00:00 2001 From: Fabian Keil f...@fabiankeil.de Date: Sun, 5 Dec 2010 12:07:36 +0100 Subject: [PATCH 3/4] Get RUN_BSD_PROCSTAT working. --- src/util/connections.py |6 +++--- 1 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/util/connections.py b/src/util/connections.py index 7824f4f..062562e 100644 --- a/src/util/connections.py +++ b/src/util/connections.py @@ -13,7 +13,7 @@ FreeBSD lacks support for the needed netstat flags and has a completely different program for 'ss'. However, there's a couple other options (thanks to Fabian Keil and Hans Schnehl): - sockstatsockstat -4c | grep 'process *pid' -- procstatprocstat -f 'pgrep process' | grep 'pid' | grep -v '0.0.0.0:0' +- procstatprocstat -f pid | grep TCP | grep -v 0.0.0.0:0 import os @@ -63,7 +63,7 @@ RUN_LSOF = lsof -nPi | grep \%s\s*%s.*(ESTABLISHED)\ RUN_SOCKSTAT = sockstat | egrep \%s\s*%s.*ESTABLISHED\ RUN_BSD_SOCKSTAT = sockstat -4c
Re: Arm Release 1.4.0
Hans Schnehl torvallena...@gmail.com wrote: On Sun, Dec 05, 2010 at 01:02:16PM +0100, Fabian Keil wrote: Damian Johnson atag...@gmail.com wrote: Hi all. I've checked in the resolver fixes (thank Fabian and Hans!) and a test tarball is available at: http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2 http://www.atagar.com/transfer/tmp/arm_bsdTest.tar.bz2.asc Thanks. Thanks, too. BTW where is the git repo, please ? I don't think there is an official git repository. To Fabian, instead of adding another patch: Running 'pgrep tor' might show multiple results, anything containing the string 'tor' will present it's pid. Good point. On 7 it's 'pgrep -x' to get an exact match of the argument ,see man pgrep(1). It's -x on CURRENT, too. Patch attached. I also attached one to get the pid through sockstat. I think changing it to additionally filter for the control port address would get the most reliable results. Fabian From cdb53450e64c38a5792b10328790dee49be32371 Mon Sep 17 00:00:00 2001 From: Fabian Keil f...@fabiankeil.de Date: Sun, 5 Dec 2010 15:09:26 +0100 Subject: [PATCH 1/2] Use pgrep's -x flag. Pointed out by Hans Schnehl --- src/util/torTools.py |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/util/torTools.py b/src/util/torTools.py index 077c2e1..056b066 100644 --- a/src/util/torTools.py +++ b/src/util/torTools.py @@ -96,7 +96,7 @@ def getPid(controlPort=9051, pidFilePath=None): 2. pidof tor 3. netstat -npl | grep 127.0.0.1:%s % tor control port 4. ps -o pid -C tor - 5. pgrep tor + 5. pgrep -x tor If pidof or ps provide multiple tor instances then their results are discarded (since only netstat can differentiate using the control port). This @@ -155,7 +155,7 @@ def getPid(controlPort=9051, pidFilePath=None): # - tor is running under a different name # - there are multiple instances of tor try: -results = sysTools.call(pgrep tor) +results = sysTools.call(pgrep -x tor) if len(results) == 1 and len(results[0].split()) == 1: pid = results[0].strip() if pid.isdigit(): return pid -- 1.7.3.2 From fc8f0f7be7590a6bde2c2efaaa84f36be5af1136 Mon Sep 17 00:00:00 2001 From: Fabian Keil f...@fabiankeil.de Date: Sun, 5 Dec 2010 15:24:50 +0100 Subject: [PATCH 2/2] Add sockstat as another way to get the tor pid. --- src/util/torTools.py | 17 - 1 files changed, 16 insertions(+), 1 deletions(-) diff --git a/src/util/torTools.py b/src/util/torTools.py index 056b066..1a36f71 100644 --- a/src/util/torTools.py +++ b/src/util/torTools.py @@ -96,7 +96,8 @@ def getPid(controlPort=9051, pidFilePath=None): 2. pidof tor 3. netstat -npl | grep 127.0.0.1:%s % tor control port 4. ps -o pid -C tor - 5. pgrep -x tor + 5. sockstat -4l -P tcp -p %i | grep tor % tor control port + 6. pgrep -x tor If pidof or ps provide multiple tor instances then their results are discarded (since only netstat can differentiate using the control port). This @@ -151,6 +152,20 @@ def getPid(controlPort=9051, pidFilePath=None): if pid.isdigit(): return pid except IOError: pass + # attempts to resolve using sockstat, failing if: + # - tor is running under a different name + # - there are multiple instances of Tor, using the + # same control port on different addresses. + # + # XXX: both issues could be solved by filtering for the + # control port IP address instead of the process name. + try: +results = sysTools.call(sockstat -4l -P tcp -p %i | grep tor % controlPort) +if len(results) == 1 and len(results[0].split()) == 7: + pid = results[0].split()[2] + if pid.isdigit(): return pid + except IOError: pass + # attempts to resolve using pgrep, failing if: # - tor is running under a different name # - there are multiple instances of tor -- 1.7.3.2 signature.asc Description: PGP signature
Re: Arm Release 1.4.0
Damian Johnson atag...@gmail.com wrote: The lsof command issued by arm [1] is: lsof -nPi | grep process\s*pid.*(ESTABLISHED) I'd be happy to work with you to provide a fix, if you'd like. Once upon a time I tried to use VMs to troubleshoot FreeBSD and Gentoo issues (thus far they're the only platforms to give arm any trouble). However, either VirtualBox, those OSes, or the combination of the two made this a colossal pain in the ass. Trying to wrangle even the most basic functionality out of those systems chewed up dozens of hours so that's definitely *not* a road I'm going down again. What I'll need from you is the following: - A command that, when executed as the tor user, produces connection results filtered to tor's connections. - Example output. tor-jail# uname -or FreeBSD 9.0-CURRENT tor-jail# su -m _tor -c /bin/csh tor-jail# id uid=256(_tor) gid=256(_tor) groups=256(_tor) tor-jail# procstat -f `pgrep tor` | egrep 'TCP|UDP|PID' PID COMM FD T V FLAGSREF OFFSET PRO NAME 3561 tor 4 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:22370 3561 tor 5 s - rw---n-- 2 0 TCP 10.0.0.2:9050 0.0.0.0:0 3561 tor 6 s - rw---n-- 2 0 TCP 10.0.0.2:9040 0.0.0.0:0 3561 tor 7 s - rw---n-- 2 0 UDP 10.0.0.2:53 0.0.0.0:0 3561 tor 8 s - rw---n-- 2 0 TCP 10.0.0.2:9051 0.0.0.0:0 3561 tor14 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:44381 3561 tor15 s - rw---n-- 2 0 TCP 10.0.0.2:33734 [scrubbed]:443 3561 tor16 s - rw---n-- 2 0 TCP 10.0.0.2:47704 [scrubbed]:9001 3561 tor17 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:46343 3561 tor18 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:64196 3561 tor19 s - rw---n-- 2 0 TCP 10.0.0.2:18856 [scrubbed]:443 3561 tor20 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:20385 3561 tor22 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:27541 3561 tor23 s - rw---n-- 2 0 TCP 10.0.0.2:9050 10.0.0.1:21877 (Public IP addresses scrubbed) - Be available to test a potential fix. If you're up for that then I'm glad to have the help! Lets take further discussion of this off the list. I don't think this is generally of interest to the rest of the tor community. -Damian It's at least interesting to a part of the rest of the tor community. I intent to try Arm in the future. Are you aware of anyone working on a port? Fabian signature.asc Description: PGP signature
Re: AdvTor
Anon Mus my.green.lant...@googlemail.com wrote: Fabian Keil wrote: Your Privoxy version is from 2006, you might want to consider updating it. With a more recent version I get: | f...@r500 ~ $lynx --dump http://www.cobblers.za/ |503 | |This is [1]Privoxy 3.0.17 on Privoxy-Jail.local (10.0.0.1), port 8118, |enabled | |Warning: | | This Privoxy version is based on UNRELEASED code and not intended for | production systems! | Use at your own risk. See the [2]license for details. | |Forwarding failure | | Privoxy was unable to socks5-forward your request | [3]http://www.cobblers.za/ through tor-jail: SOCKS5 host unreachable | |Just [4]try again to see if this is a temporary problem, or check your |[5]forwarding settings and make sure that all forwarding servers are |working correctly and listening where they are supposed to be |listening. [...] Yes Fabian, it probably is that old, as old as the last version distributed with Tor. Having gone to www.privoxy.org/ sourceforge.net/projects/ijbswa/files/, the most recent was v3.0.16, which I will try. Does this version differentiate the DNS resolution fails? Where can you get v3.0.17 from? It's the unreleased development version available from CVS. Fabian signature.asc Description: PGP signature
Re: AdvTor
Anon Mus my.green.lant...@googlemail.com wrote: Jim wrote: Anon Mus wrote: These were added because, as I already said, they were repeatedly (5+ times on 5 different circuits) unable to resolve DNS and so failed page access,. this is a standard privoxy message. FYI, when you get that Privoxy message while using Tor (or any other downstream proxy) it just means that Tor was unable to retrieve the page. Privoxy has no way of knowing whether this was because of a DNS failure or some other reason. (If Privoxy is the final proxy then it knows whether the problem is DNS or not. They should probably use a different failure message when Privoxy passes the request onto another proxy.) If you are using a Privoxy version more recent than 3.0.9 (released in 2008), you can use SOCKS5 which will allow Tor to provide Privoxy with a more detailed problem description. Sorry Jim, thats what it says, if these are NOT refusing DNS resolution, then they ARE actively blocking access to named urls which are noncriminal in nature (like this one), if so, then thats even worse and for so many - implies ALL these exit nodes have a linked (organized) hidden agenda. Try this... enter into your torrified/privoxyified browser the url cobblers.za and go get it. You'll see the following privoxy message page entitled 404 - No such Domain 404 This is Privoxy http://www.privoxy.org/ 3.0.6 on YourMachineName (127.0.0.1), port 8118, enabled Your Privoxy version is from 2006, you might want to consider updating it. With a more recent version I get: | f...@r500 ~ $lynx --dump http://www.cobblers.za/ |503 | |This is [1]Privoxy 3.0.17 on Privoxy-Jail.local (10.0.0.1), port 8118, |enabled | |Warning: | | This Privoxy version is based on UNRELEASED code and not intended for | production systems! | Use at your own risk. See the [2]license for details. | |Forwarding failure | | Privoxy was unable to socks5-forward your request | [3]http://www.cobblers.za/ through tor-jail: SOCKS5 host unreachable | |Just [4]try again to see if this is a temporary problem, or check your |[5]forwarding settings and make sure that all forwarding servers are |working correctly and listening where they are supposed to be |listening. [...] And Tor says: Oct 09 14:00:19.571 [notice] Have tried resolving or connecting to address 'www.cobblers.za' at 3 different places. Giving up. Fabian signature.asc Description: PGP signature
Re: AdvTor
Anon Mus my.green.lant...@googlemail.com wrote: and...@torproject.org wrote: On Thu, Oct 07, 2010 at 05:20:08PM +0100, my.green.lant...@googlemail.com wrote 2.3K bytes in 55 lines about: : Well, well, well suddenly the problem fixes itself... after : 20+ disconnects and 10+ You are using a proxy which is changing : your data... refusing connection.. over the past 3 days. This would be a lot better if it came with logs, bug reports, and data. It could also be the destination site having problems, or the exit relay is overloaded, or sun flares. The Internet is complex, narrowing down the problem to Tor or not Tor is a first step. I have no idea how to log (privoxy or tor??) these, maybe you could explain how its done, just in case they start happening again.. 1. Connection Disconnected: The browser has a little message connection closed on a white background (not a privoxy message). If the server (or proxy) accepts the connection but closes it without sending any data, Privoxy versions before 3.0.7 will send the text 'Connection: close' to the client. This bug was fixed more than three years ago and is yet another reason why you might want to consider updating your Privoxy version. Nowadays you get a proper problem description: |f...@r500 ~ $lynx --dump http://10.0.0.1/empty-response | 502 | | This is [1]Privoxy 3.0.17 on Privoxy-Jail.local (10.0.0.1), port 8118, | enabled | | Warning: | | This Privoxy version is based on UNRELEASED code and not intended for | production systems! | Use at your own risk. See the [2]license for details. | | No server or forwarder data received | | Your request for [3]http://10.0.0.1/empty-response could not be | fulfilled, because the connection to 10.0.0.1 (10.0.0.1) has been | closed before Privoxy received any data for this request. | | This is often a temporary failure, so you might just [4]try again. | | If you get this message very often, consider disabling | [5]connection-sharing (which should be off by default). If that doesn't | help, you may have to additionally disable support for connection | keep-alive by setting [6]keep-alive-timeout to 0. [...] It's still a frequent problem when using Tor. Yesterday it happened for around 1% of my requests (some of them were made without Tor, though): f...@r500 ~ $privoxy-log-parser --statistics /usr/jails/privoxy-jail/var/log/privoxy/privoxy.log.1 Client requests total: 7881 Crunches: 1100 (13.96%) Outgoing requests: 6781 (86.04%) Server keep-alive offers: 2802 (35.55%) New outgoing connections: 5535 (70.23%) Reused connections: 1246 (15.81%) Empty responses: 95 (1.21%) Empty responses on new connections: 1 (0.01%) Empty responses on reused connections: 94 (1.19%) Method distribution: 7052 : GET 753 : CONNECT 46 : POST Client HTTP versions: 7830 : HTTP/1.1 21 : HTTP/1.0 URL statistics are disabled. Increase --url-statistics-threshold to enable them. Note that it isn't necessarily caused by the exit node itself, it can also happen simply because the server closed the connection but the Tor client hasn't noticed it yet and thus still accepts data on an already-dead connection. This would explain the number of Empty responses on reused connections. Fabian signature.asc Description: PGP signature
Re: prifoxy privoxy-on-firefox-extension?
Roger Dingledine a...@mit.edu wrote: Several people on irc have pointed out prifoxy: http://code.google.com/p/prifoxy/ Can somebody take a look at it, and decide whether it's for real, whether it looks competently done, trustworthy, safe to recommend, etc? My brief look showed me a binary blob and not much else, so my guess is that it's bad news; but more eyes would be great. There was a thread about this on the Privoxy users mailing list a while ago, started by the Prifoxy originator: http://sourceforge.net/mailarchive/message.php?msg_name=94f7b1b40902240452y1a22d7b4y7461c4edb2f956c5%40mail.gmail.com My concerns and questions were pretty much ignored and until that changes I certainly wouldn't recommend the extension myself. Fabian signature.asc Description: PGP signature
Re: Announce: amnesia Live system 0.4.2
intrigeri intrig...@boum.org wrote: amnesia [0] is a Live System similar to (and heavily inspired by) Incognito [1]: * all outgoing connections to the Internet are forced to go through the Tor network; It's turtles all the way down? Fabian signature.asc Description: PGP signature
Re: Tracing internal errors
Jon Cosby j...@jcosby.com wrote: I'm trying to get Tor working in Firefox/Torbutton on openSUSE 11.2. There's something about the privoxy settings that it doesn't seem to like. In the privoxy config, I've tried forward-socks4a / localhost:9050 . (internal error) forward-socks4a / 127.0.0.1:9050 . (check settings) forward-socks5 / localhost:9050 . (internal error) forward-socks5 / 127.0.0.1:9050 . (check settings) Internal error is kind of vague. There's nothing in the privoxy log. I seem to remember running into this when there was an issue with the system time, but that's not the case here. What's the next place to look? Sounds like the following OpenSUSE packaging bug still hasn't been fixed: https://sourceforge.net/tracker/index.php?func=detailaid=2783703group_id=8atid=28 You are most likely getting the internal error because Privoxy is configured to use an improperly populated chroot directory, so it can't access its template files. If that's the case, you are probably also looking at the wrong log file. I'd suggest you file a bug report with OpenSuSE. Fabian signature.asc Description: PGP signature
Re: frequent empty/closed connections
Scott Bennett benn...@cs.niu.edu wrote: On Mon, 03 Aug 2009 09:21:53 -0400 The Doctor dr...@virtadpt.net wrote: Scott Bennett wrote: Empty server or forwarder response. The connection has been closed but Privoxy didn't receive any data. ... Does anyone else get these, too? I suspect that the problem may be in privoxy, rather than tor, but haven't yet figured out a test for that hypothesis. Any ideas? If the keep-alive-timeout directive is used, Privoxy versions before 3.0.14 beta don't take the latency into account and may try to reuse a connection that has already been closed on the server side but still appears to be open from the point of view of the client. The result is the error message you mention above. I've been seeing this behavior off and on for a few months now, but not so often that I felt like tracking it down. Generally, I just reload the page and everything's fine. Sometimes it takes several reload attempts to get it to work, though. It also thoroughly bollixes automatically refreshed pages like the small GOES East images I like to keep handy and updated to most recent half hour. Any other automated accesses, such as through curl, wget, et al. are also screwed when it happens. If someone has an idea of how to prove that the problem is in privoxy and not in tor, I can try to file a bug report there. To really prove anything, you'd have to watch the server side as well, without that you can still make assumptions, though. If you enable connection debugging in Privoxy, you can tell from the log messages whether or not the problem happened while reusing a connections. If it only happens while reusing a connection it likely is a Privoxy problem. Otherwise it most likely isn't. If the problem goes away after disabling the keep-alive-timeout directive, and reappears right after enabling it again, that would indicate a Privoxy problem as well. If you report a problem for Privoxy 3.0.12, the first response will be Please try to reproduce it with 3.0.14 beta, so you probably want to upgrade before looking into this. A FreeBSD port skeleton is available on the SF project page. Fabian signature.asc Description: PGP signature
Re: Which proxy to use?
Mr. Blue trashd...@yahoo.com wrote: - Original Message - From: coderman coder...@gmail.com On Sat, Aug 1, 2009 at 9:19 AM, Mr. Bluetrashd...@yahoo.com wrote: 2) Must be capable to run as a reverse proxy. what are you trying to do, exactly? I wana have ONE proxy app installed Well, curently, I am using privoxy, which achieves a) exit notattion striping, but it can not act as a b) reverse proxy. What's your definition of reverse proxy? If you simply want the proxy to process intercepted requests, you may want to have a look at Privoxy's accept-intercepted-requests directive. Fabian signature.asc Description: PGP signature
Re: Yahoo Mail and Tor
bao song michaelw...@yahoo.com.au wrote: Two months??? I have had trouble with Yahoo Mail via Privoxy for more than four years. I'm sorry to hear that. Are you by any chance using the Vidalia bundle which unfortunately contains a Privoxy version that is several years out of date? At first, I was given some config file modifications for Privoxy so it would allow me to use Yahoo Mail, but this disabled a lot of the stuff Privoxy did, and I wanted that stuff for other sites. Also, I was still unable to log out of Yahoo Mail even with the modifications someone had posted. So I now disable all of Privoxy when signing out of Yahoo Mail. Here, behind a Middle Eastern firewall, the Yahoo Mail signout is often blocked by the firewall, as well as by Privoxy for reasons that escape me. Sometimes, I can sign out if I don't use Tor at all. Other times, I can only sign out if I use Tor without Privoxy. Yahoo mail is accessible through Privoxy, but all style sheets are disabled, so the display is rather annoying. Annoying or not, I use Privoxy until I need to sign out, disable Privoxy, sign out of Yahoo Mail, then turn Privoxy back on in default mode. I'm still not sure what it is about Yahoo Signout that Privoxy (and the local firewall) see the need to block. That sounds like a lot more work than simply upgrading your Privoxy version or even back porting the action file changes manually. As far as I know, the Yahoo-related problems have been fixed quite some time ago and if you still notice any problems with Privoxy 3.0.12 or later, feel free to report them so we can fix them. Fabian signature.asc Description: PGP signature
Re: Lynx leaks DNS
Jim McClanahan jimmy...@copper.net wrote: Quite by accident I discovered that the lynx browser is leaking DNS addresses. I have verified this on: Lynx Version 2.8.4dev.7 (03 Aug 2000) and Lynx Version 2.8.5rel.1 (04 Feb 2004) Is there a reason why you aren't using a more recent build? I can't reproduce the problem with: f...@tp51 ~ $lynx --version Lynx Version 2.8.6rel.5 (09 May 2007) libwww-FM 2.14, SSL-MM 1.4.1, OpenSSL 0.9.8k, ncurses 5.7.20081102(wide) Built on freebsd8.0 Feb 27 2009 22:36:34 Fabian signature.asc Description: PGP signature
Re: Hetzner
Sören Weber soe...@gmail.com wrote: On Wed, Jun 17, 2009 at 4:53 PM, Hannah Schroeterhan...@pond.sub.org wrote: he says it'd be possible that Hetzner will forbid the use of TOR nodes by their policy. Did he mean any kind tor nodes or tor exits? I don't think that he had the knowledge about the differences of nodes. As far as he told me, he just contacted those people with a high amount of copyright infringements - so only exit nodes are the real problem for him. Alleged copyright infringements. Fabian signature.asc Description: PGP signature
Re: Jailed/sandboxed/chrooted applications
Adlesshaven adlessha...@embarqmail.com wrote: Does anyone here jail, sandbox or chroot the applications they use with Tor? I'm running Tor and Privoxy in FreeBSD jails, Xorg applications (which probably pose a bigger thread) are running on the host system, though. I have been trying to adapt the Wiki's transparent proxy recommendations to a FreeBSD jail for the last couple weeks with no luck. I wrote about trans-proxy-tor running in a FreeBSD jail at: http://www.fabiankeil.de/blog-surrogat/2006/06/15/jail-experimente-mit-ezjail.html The text is in German but the only thing that really matters is the /etc/devfs.rules example to make /dev/pf visible in the jail. Nowadays I use Tor's TransPort option instead of trans-proxy-tor, but the configuration is pretty much the same. Fabian signature.asc Description: PGP signature
Re: [Fwd: (Probably) a known problem?] - cant run a relay node
[EMAIL PROTECTED] wrote: On Wed, Dec 03, 2008 at 09:34:40AM -0500, [EMAIL PROTECTED] wrote 2.1K bytes in 74 lines about: : Nov 30 22:02:52.906 [Error] set_options(): Bug: Acting on config options left us : in a broken state. Dying. : Nov 30 22:02:52.906 [Warning] eventdns: Didn't find any nameservers. : Nov 30 22:02:52.906 [Warning] Could not config nameservers. : Nov 30 22:02:52.906 [Error] set_options(): Bug: Acting on config options left us : in a broken state. Dying. A few things, you probably haven't received a response because no one has a good idea how to fix it. You may have 2 issues, one is that libevent can't find nameservers, and the other is that the config options are broken. While we're talking about DNS issues, I recently got: Nov 30 06:25:02.803 [notice] Tor 0.2.1.6-alpha (r17011) opening new log file. Nov 30 06:25:02.818 [warn] eventdns: Unable to add nameserver 164.148.169.81: error 2 Nov 30 06:25:02.818 [warn] eventdns: Unable to add nameserver 34.148.169.81: error 2 Nov 30 06:25:02.818 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (6) Nov 30 06:25:02.819 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. The nameservers were indeed unreachable at that time (the traffic limit was reached and the system offline), but earlier Tor versions continued to run and started working again once the system was back on the net. Fabian signature.asc Description: PGP signature
Re: [Fwd: (Probably) a known problem?] - cant run a relay node
Fabian Keil [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: On Wed, Dec 03, 2008 at 09:34:40AM -0500, [EMAIL PROTECTED] wrote 2.1K bytes in 74 lines about: : Nov 30 22:02:52.906 [Error] set_options(): Bug: Acting on config options left us : in a broken state. Dying. : Nov 30 22:02:52.906 [Warning] eventdns: Didn't find any nameservers. : Nov 30 22:02:52.906 [Warning] Could not config nameservers. : Nov 30 22:02:52.906 [Error] set_options(): Bug: Acting on config options left us : in a broken state. Dying. A few things, you probably haven't received a response because no one has a good idea how to fix it. You may have 2 issues, one is that libevent can't find nameservers, and the other is that the config options are broken. While we're talking about DNS issues, I recently got: Nov 30 06:25:02.803 [notice] Tor 0.2.1.6-alpha (r17011) opening new log file. Nov 30 06:25:02.818 [warn] eventdns: Unable to add nameserver 164.148.169.81: error 2 Nov 30 06:25:02.818 [warn] eventdns: Unable to add nameserver 34.148.169.81: error 2 Nov 30 06:25:02.818 [warn] Unable to parse '/etc/resolv.conf', or no nameservers in '/etc/resolv.conf' (6) Nov 30 06:25:02.819 [err] set_options(): Bug: Acting on config options left us in a broken state. Dying. The nameservers were indeed unreachable at that time (the traffic limit was reached and the system offline), but earlier Tor versions continued to run and started working again once the system was back on the net. It's probably worth mentioning that this is a relay server running on a GNU/Linux system. Fabian signature.asc Description: PGP signature
Re: Tor 0.2.1.7-alpha is out
Roger Dingledine [EMAIL PROTECTED] wrote: Changes in version 0.2.1.7-alpha - 2008-11-08 o Minor bugfixes: - Minor fix in the warning messages when you're having problems bootstrapping; also, be more forgiving of bootstrap problems when we're still making incremental progress on a given bootstrap phase. I'm not sure if it's related to this change, but bootstrapping no longer works for me on FreeBSD 8.0-CURRENT: Nov 23 18:59:08.931 [notice] Tor 0.2.1.7-alpha-dev (r17366) opening log file. Nov 23 18:59:08.945 [notice] Parsing GEOIP file. Nov 23 18:59:10.160 [notice] This version of Tor (0.2.1.7-alpha-dev) is newer than any recommended version, according to the directory authorities. Recommended versions are: 0.1.2.17,0.1.2.18,0.1.2.19,0.2.0.26-rc,0.2.0.27-rc,0.2.0.28-rc,0.2.0.29-rc,0.2.0.30,0.2.0.31,0.2.0.32,0.2.1.1-alpha,0.2.1.2-alpha,0.2.1.4-alpha,0.2.1.5-alpha,0.2.1.6-alpha,0.2.1.7-alpha Nov 23 18:59:11.347 [notice] Bootstrapped 45%: Asking for relay descriptors. Nov 23 18:59:11.347 [notice] I learned some more directory information, but not enough to build a circuit: We have only 0/1259 usable descriptors. Nov 23 18:59:12.163 [notice] Bootstrapped 50%: Loading relay descriptors. Nov 23 18:59:12.741 [notice] I learned some more directory information, but not enough to build a circuit: We have only 0/1259 usable descriptors. [repeated 31 times] Nov 23 18:59:28.774 [warn] Problem bootstrapping. Stuck at 50%: Loading relay descriptors. (Tor gave up on the connection; TIMEOUT; count 10; recommendation warn) Nov 23 18:59:28.805 [warn] Problem bootstrapping. Stuck at 50%: Loading relay descriptors. (Tor gave up on the connection; TIMEOUT; count 11; recommendation warn) Nov 23 18:59:28.810 [warn] Problem bootstrapping. Stuck at 50%: Loading relay descriptors. (DONE; DONE; count 12; recommendation warn) Nov 23 18:59:28.810 [warn] Problem bootstrapping. Stuck at 50%: Loading relay descriptors. (DONE; DONE; count 13; recommendation warn) Nov 23 18:59:28.872 [notice] I learned some more directory information, but not enough to build a circuit: We have only 0/1259 usable descriptors. [Seems to loop endlessly here] I have a complete debug log if any Tor developer is interested. Does the following indicate that Tor is trying to use invalid sockets? Nov 23 15:05:14.034 [debug] relay_lookup_conn(): found conn for stream 17393. Nov 23 15:05:14.035 [debug] circuit_receive_relay_cell(): Sending to origin. Nov 23 15:05:14.035 [debug] connection_edge_process_relay_cell(): Now seen 343 relay cells here. Nov 23 15:05:14.035 [debug] connection_edge_process_relay_cell(): circ deliver_window now 992. Nov 23 15:05:14.035 [debug] connection_or_process_cells_from_inbuf(): 28: starting, inbuf_datalen 496 (0 pending in tls object). Nov 23 15:05:14.035 [debug] conn_write_callback(): socket 19 wants to write. Nov 23 15:05:14.035 [debug] flush_chunk_tls(): flushed 512 bytes, 0 ready to flush, 0 remain. Nov 23 15:05:14.035 [debug] connection_handle_write(): After TLS write of 512: 0 read, 586 written Nov 23 15:05:14.035 [debug] connection_or_flush_from_first_active_circuit(): Made a circuit inactive. Nov 23 15:05:14.035 [debug] conn_read_callback(): socket 28 wants to read. Nov 23 15:05:14.036 [debug] connection_read_to_buf(): 28: starting, inbuf_datalen 496 (0 pending in tls object). at_most 16384. Nov 23 15:05:14.036 [debug] tor_tls_read(): read returned r=-1, err=-2 Nov 23 15:05:14.036 [debug] connection_read_to_buf(): After TLS read of 0: 1440 read, 0 written Nov 23 15:05:14.036 [debug] connection_or_process_cells_from_inbuf(): 28: starting, inbuf_datalen 496 (0 pending in tls object). Nov 23 15:05:14.036 [debug] conn_write_callback(): socket 19 wants to write. Nov 23 15:05:14.036 [debug] flush_chunk_tls(): flushed 512 bytes, 0 ready to flush, 0 remain. Nov 23 15:05:14.036 [debug] connection_handle_write(): After TLS write of 512: 0 read, 586 written Nov 23 15:05:14.036 [debug] conn_read_callback(): socket -1 wants to read. Nov 23 15:05:14.036 [debug] connection_dir_process_inbuf(): Got data, not eof. Leaving on inbuf. Nov 23 15:05:14.045 [debug] conn_read_callback(): socket 21 wants to read. Nov 23 15:05:14.045 [debug] connection_read_to_buf(): 21: starting, inbuf_datalen 0 (0 pending in tls object). at_most 16384. Nov 23 15:05:14.046 [debug] connection_read_to_buf(): After TLS read of 4080: 1258 read, 0 written Nov 23 15:05:14.046 [debug] connection_or_process_cells_from_inbuf(): 21: starting, inbuf_datalen 4080 (0 pending in tls object). According to the debug log, tor_tls_read() returns -1 all the time: [EMAIL PROTECTED] ~ $grep -c tor_tls_read(): read returned r=-1, err=-2 test/tor/debug.log 757 [EMAIL PROTECTED] ~ $grep tor_tls_read(): read test/tor/debug.log | grep -v -c r=-1 0 Tor 0.2.1.6-alpha bootstraps without problems: Nov 23 19:38:00.572 [notice] Tor 0.2.1.6-alpha (r17011) opening log file. Nov 23 19:38:00.584 [notice] Parsing GEOIP file. Nov 23 19:38:01.119
Re: Tor and Gmail
Koh Choon Lin [EMAIL PROTECTED] wrote: With https option enabled in Gmail, I could not achieve full encryption at the login page. Its always partial encryption unless I turn off JavaScript. Anyone has this problem too? Of course, if I turn off tor/privoxy, I get the full encryption back at the login page. You're probably running into: https://sourceforge.net/tracker/index.php?func=detailaid=1943422group_id=8atid=18 Fabian signature.asc Description: PGP signature
Re: Waiting for circuit-problem (newbie)
Buchenstab [EMAIL PROTECTED] wrote: In the meantime I've tried to solve my Privoxy problem- I suppose it's part of the whole problem- but without success. Firefox says: 505; This is Privoxy 3.0.6 on localhost (127.0.0.1), port 8118, enabled and Connect failed. Your request for http://de.start2.mozilla.com/firefox?client=firefox-arls=org.mozilla:de:official could not be fulfilled, because the connection to de.start2.mozilla.com (127.0.0.1) could not be established. Privoxy starts automatically, so it RUNS. But I can't get a connection outwards. I tried to find answers on the Privoxy websites on this, but I've done all I have to do for the installation; also if I change the netconnection as requested from Privoxy to 127.0.0.1 and 8118 manually for e.g. Safari, it brings the same information. I can't find anything else I HAVE to do, to get it work. Did you already follow the steps mentioned in the FAQ? http://www.privoxy.org/faq/misc.html#TOR Using a more recent Privoxy version wouldn't hurt either. While I think this is a Tor-related problem, newer Privoxy versions have more descriptive error messages (especially if you use forward-socks5 instead of forward-socks4a), which should make debugging this easier: http://www.fabiankeil.de/blog-surrogat/2008/08/17/privoxy-3.0.10.html Fabian signature.asc Description: PGP signature
Re: Tor TransPort on OpenBSD?
macintoshzoom [EMAIL PROTECTED] wrote: Yes, the /dev/pf access is probably the problem as I catch once a warning in tor logs about that. Sorry, this is a newbie question, what and how have I to give tor permissions to access my /dev/pf ? I'll skip this part as others already gave a few suggestions. Is this safe? Is Tor safe if you don't give it access to /dev/pf? I run Firefox and a handful of other programs with poor security track records with the privileges required to access my mail, so I don't worry too much about a (jailed) Tor process with access to PF. Are you successful using make and pkg_add FreeBSD equivalent to update or build ports via tor using this TransPort feature, even when fetching ftp files? I don't update my ports through Tor, I use OpenSSH for the HTTP traffic (mainly because I can) and direct connections for ftp (I haven't looked into how to tunnel it properly yet). I believe the main problem with ftp through Tor is that the number of suitable exit relays is limited. I don't think it's a TransPort problem and I'm somewhat sure that I successfully tested ftp through the TransPort in the past. Fabian signature.asc Description: PGP signature
Re: Is tor-resolve required to run an Exit node.
dante [EMAIL PROTECTED] wrote: I'm reading the tor code and (if I've understood it) it looks like the tor binary is sufficient for running either a relay or exit node. Correct. i.e. tor-resolve is simply an extra utility for the end user to do DNS resolution via tor rather than via one's DNS server as defined in /etc/resolv.conf. (tor-resolve is the tor equivalent of nslookup). My Tor nslookup equivalent of choice is nslookup: [EMAIL PROTECTED] ~ $sockstat -4l | grep _tor _tor tor1643 5 tcp4 10.0.0.2:9050 *:* _tor tor1643 6 tcp4 10.0.0.2:9040 *:* _tor tor1643 7 udp4 10.0.0.2:53 *:* _tor tor1643 8 tcp4 10.0.0.2:9051 *:* [EMAIL PROTECTED] ~ $nslookup www.torproject.org tor-jail Server: tor-jail Address:10.0.0.2#53 Non-authoritative answer: Name: www.torproject.org Address: 86.59.21.36 That may not be possible with stable releases yet, though. Fabian signature.asc Description: PGP signature
Re: Tor with secure Gmail
[Second try, now with a subscribed address ...] Man Man [EMAIL PROTECTED] wrote: I am using Gmail at https://mail.google.com/ with tor. When I am at login, browser will state that the connection is only partially secure, ie. some items (I do not know what) are not encrypted. However, once I untor, I am able to get into the fully secure Gmail login page. If you untor by switching from Privoxy+Tor to a direct connection, you may be hitting the problem described in: https://sourceforge.net/tracker/index.php?func=detailaid=1943422group_id=8atid=18 Fabian signature.asc Description: PGP signature
Re: New Privoxy 3.0.8 with Tor
Jack Straw [EMAIL PROTECTED] wrote: I hate to sound lazy, but I find the new version of Privoxy somewhat confusing. And I know that it's me!! Would it be possible for some kind soul to post 1)A sample user.action file 2) a sample config file designed to allow the browser to connect to Tor? My old useraction file and config file for Privoxy 3.06 don't work with 3.08. Without seeing the actual error messages, my guess would be that your config file references action files without the extension and your action files use the filter-client-headers or filter-server-headers actions which have been removed as Privoxy now supports real header filters. Check your configuration file for lines like: actionsfile default and change them to: actionsfile default.action In your configuration file remove the obsoleted actions mentioned above. Note that this will probably take more time than simply following the steps in: http://www.privoxy.org/3.0.8/user-manual/whatsnew.html#UPGRADERSNOTE If you never actually changed Privoxy's action files you might as well completely deinstall Privoxy 3.0.6, install 3.0.8 and enable Tor again: http://www.privoxy.org/faq/misc.html#TOR Fabian signature.asc Description: PGP signature
Re: New Privoxy 3.0.8 with Tor
Mr. Blue [EMAIL PROTECTED] wrote: When I've upgraded from Privoxy 3.0.6 to New Privoxy 3.0.8 These rules from user.action doesn't seem to work anymore: {+filter-client-headers +filter{hide-tor-exit-notation}} / With Privoxy 3.0.8 it should be: {+client-header-filter{hide-tor-exit-notation}} / Quoting item two on http://www.privoxy.org/3.0.8/user-manual/whatsnew.html: | Header filtering is done with dedicated header filters now. | As a result the actions filter-client-headers and | filter-server-headers that were introduced with Privoxy 3.0.5 | to apply content filters to the headers have been removed. | See the new actions server-header-filter and client-header-filter | for details. Please also have a look at the Note to Upgraders on the same page. Fabian signature.asc Description: PGP signature
Re: New Privoxy 3.0.8 with Tor
Mr. Blue [EMAIL PROTECTED] wrote: Ok thanks Fabian, You're welcome. I've already looked there and fixed it like this: {+client-header-filter{hide-tor-exit-notation}} .exit/ Note that hide-tor-exit-notation can also clean Referer headers, but if you only apply it to requests for hosts ending with .exit, tainted referrers to other hosts could slip through. Of course that's only an issue if you aren't already blocking referrers across different hosts anyway. Fabian signature.asc Description: PGP signature
Re: TorStatus version 4 has been released
Noiano [EMAIL PROTECTED] wrote: Kasimir Gabert wrote: A new version of TorStatus (http://torstatus.kgprog.com) has been released. More information can be found at http://project.torstatus.kgprog.com, and any comments are greatly welcome. In my *very humble opinion* I think the web page is a bit too heavy for two reasons: · it takes a bit too much to load because it contains a lot of data. At least it compresses quite well: 21:28:27.567 283b5400 Re-Filter: Decompression successful. Old size: 230926, new size: 2642640. (saved: 91.26%) Of course if you'd be using Privoxy 3.0.6 or earlier with filtering enabled, you'd download the whole two megs ... Fabian signature.asc Description: PGP signature
Re: privoxy log analyzer
lester psigal [EMAIL PROTECTED] wrote: does somebody know a good working, freely available log analysis software for privoxy and/or tor (vidalia) and can provide me and the forum with her/his experience? What exactly do you want to analyse? Privoxy and Tor log different things. I'm not aware of any dedicated log analysers for Privoxy, but I intend to one day have Privoxy-Log-Parser report some fancy statistics. Currently it's just a filter and syntax highlighter: http://www.fabiankeil.de/sourcecode/privoxy-log-parser/ Also note that Privoxy (more or less) supports the Common Log Format which is supposed to be widely understood by analysers for web server logs. It's not very detailed, but may be better than nothing. comments like 'write your own!' are very welcome i'm already thinking about it I sure would like to have analysers for both Tor and Privoxy logs. One for Polipo logs would be useful too ... Fabian signature.asc Description: PGP signature
Re: Is there something similar like Torbutton FF plugin for the Internet Explorer ?
[EMAIL PROTECTED] wrote: On Mon, Dec 31, 2007 at 10:28:21AM +0100, Ben Stover wrote: Is there something similar like Torbutton FF plugin for the Internet Explorer ? Or do I really have to change manually proxy settings each time I want to switch from Tor enabled to Tor disabled mode? If you're using Privoxy, it has such a function build in already. Just go to the special 'website' p.p which will be intercepted by privoxy and you can click on 'Toggle Privoxy on or off'. There you can switch it off and it also offers bookmarklets, which you can add as buttons (bookmarks) to your IE. Easy as that. I don't think Privoxy's toggle option does what you think it does. However not all is lost: using Privoxy 3.0.7 beta or later you can combine the user-agent client-header tagger, the forward-override action and a browser-plugin that changes the User-Agent header to build your own Tor toggle. For details see: http://www.privoxy.org/3.0.7/user-manual/actions-file.html#CLIENT-HEADER-TAGGER and: http://www.privoxy.org/3.0.7/user-manual/actions-file.html#FORWARD-OVERRIDE Be sure to read the warning before doing it, though. Note that nowadays the Torbutton extension is also supposed to protect you against some JavaScript-based attacks. Privoxy doesn't do that. Fabian signature.asc Description: PGP signature
Re: Maintanance of TOR for FreeBSD 6.2
Mr. Blue [EMAIL PROTECTED] wrote: Um, lattest TOR port for above platform is 0.1.2.17_1 In order to install lattest 0.1.2.18, I was forced to go and build it from source. I assume it hasn't been updated yet because the ports tree is frozen in preparation for the next releases. Also if the port's Makefile is out of date, it's usually less work to update it yourself instead of messing with the source tarballs directly. Is anyone maintaining it? Check the Makefile: [EMAIL PROTECTED] ~ $grep MAINTAINER /usr/ports/security/tor/Makefile MAINTAINER= [EMAIL PROTECTED] Fabian signature.asc Description: PGP signature
Re: Swedish Police Swoop on Dan Egerstad
Paul Ferguson [EMAIL PROTECTED] wrote: Not good. What's that? Via TheAge.com.au. The hack required little more than tools freely available on the internet, and Egerstad maintains he broke no laws. I find it hard to believe that his hack didn't violate any laws in Sweden and I also have my doubts about the raid taking place in the way described in this poorly-researched article. Without more information I get the impression that he broke Swedish law and is now facing the consequences. Big deal. Fabian signature.asc Description: PGP signature
Re: court trial against me - the outcome
Mirko Thiesen [EMAIL PROTECTED] wrote: They offered me to dismiss the actual court trial according to paragraph 153 StPO which is not the same as an acquittal (no Freispruch) which I eventually accepted. My German is not that fresh anymore, but it seems to say that if your guilt is low and they don't find any interest for society at large to prosecute you, they can choose not to prosecute. Is that what that paragraph says? Yes, this is what the paragraph says. Unfortunately it implies that I am indeed somehow guilty. I don't think so. The first part of the paragraph talks about the guilt of the offender, the second part about dismissing the case with the approval of the accused. The accused doesn't have to be the offender and as being accused for itself doesn't imply any guilt I don't see why dismissing the case according of § 153 StPO would imply any guilt either. Fabian signature.asc Description: PGP signature
Using Torbutton to toggle between Privoxy+Tor and vanilla Privoxy (was: [privoxy-users] Toggling Privoxy?)
Jim Ford [EMAIL PROTECTED] wrote: I've got Privoxy and Tor installed on a Win XP machine, via the Vidalia package. I've also got the Firefox Torbutton installed. How do I toggle Tor on/off without affecting the status of Privoxy? If I turn Tor off, via the Torbutton of Vidalia, Privoxy also gets turned off. I don't use Torbutton, but I think it simply changes the browser's proxy settings. While Privoxy can be used independently of Tor, Torbutton only lets you either use a HTTP proxy (+ Tor) or no HTTP proxy at all. With Privoxy 3.0.6 and earlier you have to edit Privoxy's main configuration file to change the forwarding settings and I don't know if Firefox gives its extensions the power to do that. Actually I'm not even sure if the Torbutton developer(s) would want to do that anyway. Privoxy 3.0.7 beta (which is supposed to be released this weekend) can be configured to control forwarding settings with HTTP headers and this makes thinks a lot easier for Torbutton and friends, but (again) using that feature may not be desired by the Tor developers. Of course I can speculate a lot about their motives to do or not do anything, but I rather CC or-talk@ so they can give you a definitive answer (Reply-To set as well). Fabian signature.asc Description: PGP signature
Re: peculiar 0.2.0.9-alpha behavior this a.m.
Scott Bennett [EMAIL PROTECTED] wrote: I should mention that I only use Vidalia when I run tor under WinXP, which was not the case that produced the log messages. I no longer run tor in server mode under WinXP, only in client mode long enough to download updates to security software. My tor server runs under FreeBSD 6.2-STABLE. I haven't succeeded in compiling Vidalia under FreeBSD, so I can't use it. Did you try to build it manually or did you use the port? For FreeBSD 6 the port is reported to build on all architectures except sparc64: http://portsmon.freebsd.org/portoverview.py?category=portname=vidaliawildcard= The stats aren't updated for Vidalia 0.0.15 yet, but I'm not aware of any regressions. Fabian signature.asc Description: PGP signature
Re: Insecure Privoxy Configuration in Vidalia Bundles Prior to 0.1.2.18
Kyle Williams [EMAIL PROTECTED] wrote: On 10/31/07, Gregory Fleischer (Lists) [EMAIL PROTECTED] wrote: Versions of the Vidalia bundle prior to 0.1.2.18 install Privoxy with an insecure configuration file. Both Windows and Mac OS X versions are affected. The installed 'config.txt' file ('config' on Mac OS X) had the following option values set to 1: - enable-remote-toggle - enable-edit-actions Additionally, on Windows the following option was set to 1: - enable-remote-http-toggle Malicious sites (or malicious exit nodes) could include active content (e.g., JavaScript, Java, Flash) that caused the web browser to: - make requests through the proxy that causes Privoxy filtering to be bypassed or completely disabled - establish a direct connection from the web browser to the local proxy and modify the user defined configuration values I know what that code would be (cause I tried this awhile back), but I'm not going to be the one to post it. Although anyone with basic HTML coding abilities and half a brain can figure it out. And javascript/java/flash isn't required to make this happen. It can be done with a simple IFRAME. But I'm not posting the one line of HTML code that would do this, no sir. We noted this a while back with JanusVM, but I don't think we documented the reasoning behind it. Let me get this straight. A while ago, you found a vulnerability that allows an attacker to change Privoxy's action files without relying on the user to execute untrusted code, but decided not to report it to the Privoxy Team and/or the people behind the Vidalia bundle and instead only fixed it in your own Tor+Privoxy distribution? Is there a remote chance that you could come around to do the right thing and report it now? Fabian signature.asc Description: PGP signature
Re: Tor 0.2.0.9-alpha is out
Roger Dingledine [EMAIL PROTECTED] wrote: On Sat, Oct 27, 2007 at 08:12:58PM +0200, Fabian Keil wrote: Oct 27 18:32:00.180 [err] Bug: container.c:828: strmap_get: Assertion map failed; aborting. Not using MyFamily works around the problem (and in my case it's not necessary anyway). Maybe specifying the MyFamily nodes by fingerprint would have worked as well, but I didn't figure out an acceptable fingerprint format yet ... Thanks for the bug report. I may have fixed it here: http://archives.seul.org/or/cvs/Oct-2007/msg00511.html You did indeed. Thanks. Fabian signature.asc Description: PGP signature
Re: Tor 0.2.0.9-alpha is out
Roger Dingledine [EMAIL PROTECTED] wrote: This ninth development snapshot switches clients to the new v3 directory system; allows servers to be listed in the network status even when they have the same nickname as a registered server; and fixes many other bugs including a big one that was causing some servers to disappear from the network status lists for a few hours each day. My client seems to work, but both of my servers abort with: Oct 27 18:31:57.221 [notice] Tor 0.2.0.9-alpha (r12180) opening log file. Oct 27 18:31:57.222 [warn] Can't log to stdout with RunAsDaemon set; skipping stdout Oct 27 18:31:57.250 [warn] Unable to open /var/run/tor/tor.pid for writing: No such file or directory Oct 27 18:31:57.683 [warn] I have no descriptor for the router named Zwiebelsuppe in my declared family; I'll use the nickname as is, but this may confuse clients. Oct 27 18:31:57.698 [notice] Your Tor server's identity key fingerprint is 'Zwiebelkuchen 8666 742C 9AD2 D3B3 028E 1FB7 C7E6 12F7 4340 BD05' Oct 27 18:31:57.699 [notice] Configured hibernation. This interval began at 2007-10-27 17:25:00; the scheduled wake-up time was 2007-10-27 17:25:00; we expect to exhaust our quota for this interval around 2007-10-28 17:25:00; the next interval begins at 2007-10-28 17:25:00 (all times local) Oct 27 18:32:00.180 [err] Bug: container.c:828: strmap_get: Assertion map failed; aborting. #0 0x28416ad7 in kill () from /lib/libc.so.7 #1 0x28336e66 in raise () from /lib/libthr.so.3 #2 0x2841576a in abort () from /lib/libc.so.7 #3 0x080f937a in strmap_get (map=0x0, key=0x28c46a80 zwiebelkuchen) at container.c:828 #4 0x080f9ab1 in strmap_get_lc (map=0x0, key=0x28c46b20 Zwiebelkuchen) at container.c:923 #5 0x080b465b in networkstatus_nickname_is_unnamed (nickname=0x28c46b20 Zwiebelkuchen) at networkstatus.c:885 #6 0x080d34a1 in router_get_by_nickname (nickname=0x28c46b20 Zwiebelkuchen, warn_if_unnamed=1) at routerlist.c:1703 #7 0x080cd16c in router_rebuild_descriptor (force=0) at router.c:1235 #8 0x080cc97c in router_get_my_routerinfo () at router.c:1099 #9 0x080d4bfb in routerlist_insert (rl=0x2852a9e0, ri=0x285395e0) at routerlist.c:2157 #10 0x080d6b7b in router_add_to_routerlist (router=0x285395e0, msg=0xbfbfeae8, from_cache=1, from_fetch=0) at routerlist.c:2675 #11 0x080d7db4 in router_load_routers_from_string (s=0x289af436 , eos=0x289af436 , saved_location=SAVED_IN_CACHE, requested_fingerprints=0x0, descriptor_digests=0, prepend_annotations=0x0) at routerlist.c:3066 #12 0x080d0452 in router_reload_router_list_impl (store=0x2852a9f8) at routerlist.c:635 #13 0x080d067c in router_reload_router_list () at routerlist.c:685 #14 0x080b0dc0 in do_main_loop () at main.c:1356 #15 0x080b2339 in tor_main (argc=15, argv=0xbfbfecec) at main.c:1932 #16 0x080ebd12 in main (argc=Cannot access memory at address 0x3 ) at tor_main.c:28 Fabian signature.asc Description: PGP signature
Re: Tor 0.2.0.9-alpha is out
Fabian Keil [EMAIL PROTECTED] wrote: Roger Dingledine [EMAIL PROTECTED] wrote: This ninth development snapshot switches clients to the new v3 directory system; allows servers to be listed in the network status even when they have the same nickname as a registered server; and fixes many other bugs including a big one that was causing some servers to disappear from the network status lists for a few hours each day. My client seems to work, but both of my servers abort with: Oct 27 18:31:57.221 [notice] Tor 0.2.0.9-alpha (r12180) opening log file. Oct 27 18:31:57.222 [warn] Can't log to stdout with RunAsDaemon set; skipping stdout Oct 27 18:31:57.250 [warn] Unable to open /var/run/tor/tor.pid for writing: No such file or directory Oct 27 18:31:57.683 [warn] I have no descriptor for the router named Zwiebelsuppe in my declared family; I'll use the nickname as is, but this may confuse clients. Oct 27 18:31:57.698 [notice] Your Tor server's identity key fingerprint is 'Zwiebelkuchen 8666 742C 9AD2 D3B3 028E 1FB7 C7E6 12F7 4340 BD05' Oct 27 18:31:57.699 [notice] Configured hibernation. This interval began at 2007-10-27 17:25:00; the scheduled wake-up time was 2007-10-27 17:25:00; we expect to exhaust our quota for this interval around 2007-10-28 17:25:00; the next interval begins at 2007-10-28 17:25:00 (all times local) Oct 27 18:32:00.180 [err] Bug: container.c:828: strmap_get: Assertion map failed; aborting. Not using MyFamily works around the problem (and in my case it's not necessary anyway). Maybe specifying the MyFamily nodes by fingerprint would have worked as well, but I didn't figure out an acceptable fingerprint format yet ... Fabian signature.asc Description: PGP signature
Re: Torbutton 1.1.8-alpha (Usability improvements)
jeffery statin [EMAIL PROTECTED] wrote: --- Mike Perry [EMAIL PROTECTED] wrote: I'm still of the mind it's kind of silly to put it in torbutton if it doesn't clear cache+cookies... I agree. While on that topic, would it possible to have TorButton clear the cache of Polipo/Privoxy? I know the Polipo cache can be cleared from command line but I do not know if this is possible with Privoxy. It's not. Privoxy isn't a caching proxy so there's nothing to be cleared. Fabian signature.asc Description: PGP signature
Re: dns_cancel_pending_resolve() message
Scott Bennett [EMAIL PROTECTED] wrote: Yesterday I got a long string of messages over a ten-minute period that looked like this: Sep 25 08:15:09.412 [notice] dns_cancel_pending_resolve(): Bug: Address [scrubbed] is not pending (state 3). Dropping. I'm running 0.2.0.7-alpha under FreeBSD 6.2-STABLE. What does this message mean? Is there anything I should do about it? Or just think of it as an interesting curiousity whose likelihood of recurring will decrease as this and earlier releases fade into disuse? Have a look at: http://bugs.noreply.org/flyspray/index.php?do=detailsid=463 Fabian signature.asc Description: PGP signature
Re: Set up a webproxy to TOR - tor-proxy.net
Ricky Fitz [EMAIL PROTECTED] wrote: To prevent any DNS-Leaks, I redirect all outgoing traffic to port 53 to the dns-proxy of Fabian Keil ( http://www.fabiankeil.de/blog-surrogat/2006/06/08/von-kopf-bis-fuss-auf-tor-eingestellt.html ) I didn't write dns-proxy-tor, I merely created the FreeBSD port. dns-proxy-tor was written by Tup. And while I don't know who's behind this pseudonym, I'm quite confident that it isn't me. Fabian signature.asc Description: PGP signature
Re: Load Balancing
Juliusz Chroboczek [EMAIL PROTECTED] wrote: I believe this results in a perceptible performance improvement for general browsing. I think so too, but some people disagree. Since I don't want to get into this discussion again, I refer you to the following friendly flamewar. Additionally there's http://tor.eff.org/volunteer.html.en#Coding: |We need a measurement study of Polipo vs Privoxy. Is Polipo in |fact significantly faster, once you factor in the slow-down from Tor? |Are the results the same on both Linux and Windows? Related, does Polipo |handle more web sites correctly than Privoxy, or vice versa? Are there |stability issues on any common platforms, e.g. Windows? Looks like the first person who comes up with a reproducible benchmark could make three projects happy at the same time. (Note that while the tone was not always as polite as it should have been, Fabian and I live in good friendship and mutual respect.) I second that. Fabian signature.asc Description: PGP signature
Re: Load Balancing
Michael_google gmail_Gersten [EMAIL PROTECTED] wrote: On 9/21/07, Alexander W. Janssen [EMAIL PROTECTED] wrote: On 9/21/07, Nick Mathewson [EMAIL PROTECTED] wrote: Short answer: Tor tries to group many streams on a single circuit. If we didn't, that would be way too much PK. Means, if the browser opens up 6 instances to grab stuff from a site, Tor consolidates all requests into a single circuit? Makes sense from a performance point of view. If you have a web page with 30 sub-fetches (images, style sheets, script files, etc), then they will all fetch over a single circuit. That's likely, but not guaranteed. Circuits don't last forever. Fabian signature.asc Description: PGP signature
Re: is this a bandwidth problem? my IP is a TOR exit, the client works and the server doesn't
Rip Rock [EMAIL PROTECTED] wrote: So http://torcheck.xenobite.eu/ verifies that my TOR setup really is working, and it shows IPs and machine names that have nothing to do with my real IP and machine name. That much is great. However, when I try surfing to .onion URLs, I get 503 or 404 errors, along with the not-very-encouraging message that my request could not be fulfilled, because the domain name *... *could not be resolvedThis is often a temporary failure, so you might just try again. Remote Tor checks usually only confirm that your request is coming from a known Tor exit node, they don't confirm whether or not your using socks4 or socks4a. Are you sure you're using the latter? I'm using Vidalia/Privoxy/Firefox/Torbutton and I usually don't run a server. And it's great for going to normal webpages but telling them some other IP. I tried running a server to see if that would improve matters, but possibly my bandwidth is too low (I'm just on a home ADSL account). Jul 22 11:29:12:003 [Warning] Your server (...:9001) has not managed to confirm that its ORPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. Jul 22 11:29:12:080 [Warning] Your server (...:9030) has not managed to confirm that its DirPort is reachable. Please check your firewalls, ports, address, /etc/hosts file, etc. I don't think this is related to your hidden service problems. I think the problem might be a lack of bandwidth. I don't believe I have a firewall problem. While it could also be a NAT problem, I wouldn't rule out a firewall issue. I imagine the worst-case scenario is that I'll be unable to resolve any .onion URLs until I buy a huge amount of bandwidth, set up a dedicated TOR server, and thus get enough traffic to be thoroughly connected. In other words, I fear that I might have to set up a miniature ISP in order to get any .onion connections. Is there any way to troubleshoot this, short of setting up a miniature ISP? Check your Tor logs. A failed request for a hidden service should result in something like: Jul 22 14:28:10.086 [notice] Tried for 120 seconds to get a connection to hy2644uxnz6zwt6c:80. Giving up. (waiting for circuit) or: Jul 22 15:07:26.829 [notice] Rend stream is 120 seconds late. Giving up on address 'hy2644uxnz6zwt6c.onion'. If there are no such messages you may not be using socks4a. With a socks4 (no a) connection between Privoxy and Tor you would still pass remote Tor checks, while your DNS requests could be done through a standard name server which wouldn't resolve onion domains and might explain the error messages. You could also try opening example.noconnect. If it leads to the same error message you're not using socks4a. Additionally you could build Privoxy 3.0.7 from CVS to get a less useless error message in case of forwarding failures. It wouldn't solve the problem, but might make diagnosing it easier. Fabian signature.asc Description: PGP signature
Re: is this a bandwidth problem? my IP is a TOR exit, the client works and the server doesn't
Rip Rock [EMAIL PROTECTED] wrote: On 7/22/07, Roger Dingledine [EMAIL PROTECTED] wrote: I think the problem might be a lack of bandwidth. No, the problem is that your ports aren't reachable. Okay, the problem is my ports. And because my logs had lacked the error messages described by Fabian, I guess I have socks4 where I ought to have socks4a, although I had thought that I had socks4a because my Privoxy config file has the line: # forward-socks4a / localhost:9050 . But of course the little dot prevents the forwarding from being used. There's nothing wrong with the dot. It indicates that there's no HTTP proxy after the socks proxy. So I tried taking out the . and LittleSnitch reported that Privoxy was now trying to access the net when I tried to find the hidden service. That's because invalid configuration directives are ignored (and valid forward-socks4a directives end either with a dot or with a HTTP proxy address). Have a look at: http://config.privoxy.org/show-status to see which of your configuration directives are ignored. I now see that there is an error: Jul 22 23:53:09:137 [Notice] Rend stream is 120 seconds late. Giving up on addre ss '[scrubbed].onion'. Now, the fact that I have that would lead me to think I have socks4a, At least you had it at Jul 22 23:53:09:137 ... but example.noconnect leads to an identical error page, so maybe I don't have socks4a, or maybe some other thing is going wrong with the 9050 mentioned in the file and the 8118 mentioned on the error page. I think you messed up your Privoxy configuration file while debugging this issue. I imagine the worst-case scenario is that I'll be unable to resolve any .onion URLs until Does http://6sxoyfb3h2nvok2d.onion/ load for you? You may have to try it several times. That address opens immediately with the message: [quote] The hidden wiki is gone. If you set up a new one and post the link to the or-talk list I'll link it from here. 06/07/07. Some Hans Zaagman suggested in a post to or-talkhttp://archives.seul.org/or/talk/Jun-2007/msg00215.htmlto use http://hy2644uxnz6zwt6c.onion/hidden/ as a replacement. 07/07/07. [/quote] So this hidden service appears to be working. The problem comes when I try to open http://hy2644uxnz6zwt6c.onion/hidden/ which always takes at least 30 seconds, usually much longer, and results in a 404 error. This hidden service doesn't work for me either, maybe it's just not running. So anyway I went into the config file of Privoxy and added the following below the forward socks4a: forward-socks4a / localhost:9050 forward-socks4a / localhost:8118 forward 192.168.*.*/ forward 10.*.*.*/ forward 127.*.*.*/ This was inspired by reading the faq/configuration file. However, neither the new hidden wiki, nor example.noconnect, show any new behaviors -- they both show the same error page, except for the URL. That's probably because none of these lines use correct syntax (and the second one is probably wrong anyway as it would overrule the first one and it's unlikely that Tor is listening at port 8118). The configuration file of the official Privoxy release should contain the same (valid) lines as: http://www.privoxy.org/faq/misc.html#TOR Fabian signature.asc Description: PGP signature
Re: HTTP response is Connection: close
Juliusz Chroboczek [EMAIL PROTECTED] wrote: Like Andrew, I assume the real problem is a malfunctioning intercepting proxy on the exit node, so there's little you can do about it. I would rather blame it on a tor server that crashes or drops the connection. It's my impression that the OP can detect that and throws a socks error. If, however, there's a broken intercepting proxy it would explain why the OP doesn't notice. WWIW, if Polipo can detect such a situation (either because we haven't reached the Content-Length the server declared, or because there was an unterminated chunk), it will refetch the object. The responses in question are completely empty, there's not a single HTTP header and of course the nothingness isn't chunked either. I get the impression that Polipo forwards them as empty page and puts some headers on top. At least I'm currently running Privoxy-Polipo-Tor as default proxy chain and from time to time I get empty pages that pass Privoxy's trivial no-data check. Refreshing with CTRL+F5 usually results in the real page. I neither verified that it's the same problem, nor did I check how the requests look like before they reach Polipo or after they are processed by it, but the symptoms would fit. Fabian signature.asc Description: PGP signature
Re: HTTP response is Connection: close
Got Glint [EMAIL PROTECTED] wrote: Sometimes when I perform an HTTP request via Tor, the response is Connection: close rather than the expected content. This happens intermittently, and with various sites. Does anyone know what causes this problem, and whether anything can be done about it? It's been annoying me for quite a while. I've experienced the issue with at least two clients: Opera and Wget. They both interpret the response body as a 21-byte string consisting of Connection: close\r\n\r\n. Also, Wget says 200 No headers, assuming HTTP/0.9. Current software versions: Tor 0.1.2.14, Privoxy 3.0.6, Windows XP SP2. This can happen with Privoxy versions before 3.0.7 and a server or proxy before Privoxy that simply sends nothing. You should be able to reliable reproduce it by using Tor's .noconnect special host name (although it's a slightly different case). As far as Privoxy is concerned, this has been fixed in: http://ijbswa.cvs.sourceforge.net/ijbswa/current/jcc.c?r1=1.118r2=1.119 However, this of course only replaces the confusing Connection: close string with a more reasonable problem description. The real problem happens earlier in the proxy chain and you still have to retry manually. Like Andrew, I assume the real problem is a malfunctioning intercepting proxy on the exit node, so there's little you can do about it. Fabian signature.asc Description: PGP signature
Re: Problem logging out of yahoo mail over Tor
Steve Southam [EMAIL PROTECTED] wrote: When I logout of my yahoo mail account using Tor it jumps back to the same page. I'm using firefox with Tor 0.1.2.14 (package, not compiling) on Vista. When I toggle torbutton I can logout OK. Any ideas? Your problem description is pretty vague, but if by package you mean the Tor Vidalia bundle that also contains Privoxy, this might be related to: https://sourceforge.net/tracker/index.php?func=detailaid=1635354group_id=8atid=28 Fabian signature.asc Description: PGP signature
Re: Compile TOR 0.1.2.14 under FreeBSD
Nils Vogels [EMAIL PROTECTED] wrote: I've just submitted a pr to update the tor port to 1.2.14. http://www.freebsd.org/cgi/query-pr.cgi?pr=113289 Note that security/tor will be without maintainer after: http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/112492 Just in case someone wants to volunteer ... Fabian signature.asc Description: PGP signature
Re: Crazy with Exit nodes
Mr. Blue [EMAIL PROTECTED] wrote: At the moment of writing this email Node tamaribuchi worked great for me. So I'll base this example on it. I have a great need to use exact exit nodes. When I go to: http://www.whatismyipaddress.com.tamaribuchi.exit/ I get expected response AND IP. But when I go to majority sites in form like: http://www.domain.net.tamaribuchi.exit/ I get: Index of / NameLast modified Size Description [DIR] Parent Directory20-Sep-2006 00:00 - [DIR] cgi-bin/19-Apr-2006 11:04 - Apache/1.3.37 Server at www.server1.some-domain.com.zz Port 80 OR when I alter it to http://www.domain.net.tamaribuchi.exit/index.php Not Found The requested URL /index.php was not found on this server. Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request. Apache/1.3.37 Server at www.server1.smileyhosting.com.zz Port 80 OR (in worst case) Great Success ! Apache is working on your cPanel® and WHM Server... (You know the rest of story) BUT when I access all this site withot .tamaribuchi.exit part ALL is well. I must access those site with prefered exit node so what am I doing wrong here? Web servers that are responsible for more than one domain rely on the HTTP Host header to decide which content you're interested in. If you use Tor's exit node notation in the URL, the browser will also append it to the Host header. If the web server ignores the Host header anyway, it doesn't matter, otherwise you get an error message because the web server isn't aware of any host with Tor exit node notation at the end. Some servers also simply use a default host instead of an error message. You'll either have to find a way to tell the browser not to add the exit node notation to the Host header, or remove the exit node notation later on. The latter can be done automatically with Privoxy's hide-tor-exit-notation filter, you can also do it manually with Firefox extensions like Tamper data. I assume there are extensions that can do it automatically as well, but I haven't looked for them. Note that many HTTP proxies rebuild the host header from the URL in which case removing the Tor exit node notation in the browser is futile. Fabian signature.asc Description: PGP signature
Re: Crazy with Exit nodes
Benjamin Schieder [EMAIL PROTECTED] wrote: On 02.05.2007 10:46:28, Fabian Keil wrote: Mr. Blue [EMAIL PROTECTED] wrote: When I go to: http://www.whatismyipaddress.com.tamaribuchi.exit/ I get expected response AND IP. But when I go to majority sites in form like: http://www.domain.net.tamaribuchi.exit/ I get: Index of / Web servers that are responsible for more than one domain rely on the HTTP Host header to decide which content you're interested in. If you use Tor's exit node notation in the URL, the browser will also append it to the Host header. ... The latter can be done automatically with Privoxy's hide-tor-exit-notation filter, you can also do it manually with Firefox extensions like Tamper data. The privoxy rule by itself won't work in most cases. At least my installation of firefox does use this: GET http://www.example.com.node.exit/path/to/somewhere HTTP/1.1 Host: www.example.com.node.exit X-SomeHeaders: value The Host: will be modified, but not the GET. This is still futile since I encountered many a webserver ignoring the Host: header with the query as above. Please name at least one example of a web server that expects or relies on the host being part of the request line. The request you cited above is a proxy request, the last HTTP proxy in the proxy chain will strip the http://www.example.com.node.exit; before connecting to the target server. As a result the target server should never see the exit node notation in the request line. Privoxy's hide-tor-exit-notation filter doesn't modify the request line because Privoxy will be either the last HTTP proxy in the chain in which case there's nothing to filter, or there will be another HTTP proxy behind Privoxy which has to see the Tor exit node notation to forward it to Tor. The hide-tor-exit-notation filter should work as long as Privoxy is the last HTTP proxy in the proxy chain, or no HTTP proxy behind Privoxy rebuilds the Host header based on the request line. Here's an example request: [EMAIL PROTECTED] ~ $curl -X HEAD -v http://tor.eff.org.zwiebelsuppe.exit/ * About to connect() to proxy 10.0.0.1 port 8118 (#0) * Trying 10.0.0.1... connected * Connected to 10.0.0.1 (10.0.0.1) port 8118 (#0) HEAD http://tor.eff.org.zwiebelsuppe.exit/ HTTP/1.1 User-Agent: curl/7.16.0 (i386-portbld-freebsd6.2) libcurl/7.16.0 OpenSSL/0.9.7e zlib/1.2.3 Host: tor.eff.org.zwiebelsuppe.exit Pragma: no-cache Accept: */* Proxy-Connection: Keep-Alive HTTP/1.1 200 OK Date: Wed, 02 May 2007 09:51:37 GMT Server: Apache Content-Location: index.html.en Vary: negotiate,accept-language,Accept-Encoding TCN: choice Accept-Ranges: bytes Content-Length: 6789 Connection: close Content-Type: text/html Content-Language: en * transfer closed with 6789 bytes remaining to read curl: (18) transfer closed with 6789 bytes remaining to read * Closing connection #0 And here's what Privoxy did with it: 11:51:25.138 08160600 Header: New HTTP Request-Line: HEAD / HTTP/1.1 11:51:25.139 08160600 Header: HEAD / HTTP/1.1 11:51:25.139 08160600 Header: Tagger 'http-method' added tag 'HEAD'. No action bits update necessary. 11:51:25.139 08160600 Header: Tagger 'variable-test' added tag 'Complete URL is http://tor.eff.org.zwiebelsuppe.exit/, host is tor.eff.org.zwiebelsuppe.exit and the request came from 10.0.0.1'. No action bits update necessary. 11:51:25.139 08160600 Header: Tagger 'client-ip-address' added tag 'IP-ADDRESS: 10.0.0.1'. No action bits update necessary. 11:51:25.139 08160600 Header: scan: User-Agent: curl/7.16.0 (i386-portbld-freebsd6.2) libcurl/7.16.0 OpenSSL/0.9.7e zlib/1.2.3 11:51:25.139 08160600 Header: Tagger 'user-agent' added tag 'User-Agent: curl/7.16.0 (i386-portbld-freebsd6.2) libcurl/7.16.0 OpenSSL/0.9.7e zlib/1.2.3'. No action bits update necessary. 11:51:25.139 08160600 Header: scan: Host: tor.eff.org.zwiebelsuppe.exit 11:51:25.139 08160600 Header: scan: Pragma: no-cache 11:51:25.140 08160600 Header: scan: Accept: */* 11:51:25.140 08160600 Header: scan: Proxy-Connection: Keep-Alive 11:51:25.140 08160600 Header: Modified: User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; de-CH; rv:1.8.1.2) Gecko/20070327 Firefox/2.0.0.2 11:51:25.140 08160600 Header: crumble crunched: Proxy-Connection: Keep-Alive! 11:51:25.140 08160600 Header: Transforming Host: tor.eff.org.zwiebelsuppe.exit to Host: tor.eff.org 11:51:25.140 08160600 Re-Filter: 'hide-tor-exit-notation' hit 1 time, changing size from 35 to 17 11:51:25.140 08160600 Header: Adding: Connection: close 11:51:25.140 08160600 Redirect: Decoding / if necessary. 11:51:25.140 08160600 Redirect: Checking / for redirects. 11:51:25.140 08160600 Request: tor.eff.org.zwiebelsuppe.exit/ 11:51:25.140 08160600 Connect: to tor.eff.org.zwiebelsuppe.exit 11:51:48.215 08160600 Header: scan: HTTP/1.1 200 OK 11:51:48.215
Re: Crazy with Exit nodes
Benjamin Schieder [EMAIL PROTECTED] wrote: On 02.05.2007 12:00:33, Fabian Keil wrote: Benjamin Schieder [EMAIL PROTECTED] wrote: On 02.05.2007 10:46:28, Fabian Keil wrote: Mr. Blue [EMAIL PROTECTED] wrote: When I go to: http://www.whatismyipaddress.com.tamaribuchi.exit/ I get expected response AND IP. But when I go to majority sites in form like: http://www.domain.net.tamaribuchi.exit/ I get: Index of / Web servers that are responsible for more than one domain rely on the HTTP Host header to decide which content you're interested in. If you use Tor's exit node notation in the URL, the browser will also append it to the Host header. ... The latter can be done automatically with Privoxy's hide-tor-exit-notation filter, you can also do it manually with Firefox extensions like Tamper data. The privoxy rule by itself won't work in most cases. At least my installation of firefox does use this: GET http://www.example.com.node.exit/path/to/somewhere HTTP/1.1 Host: www.example.com.node.exit X-SomeHeaders: value The Host: will be modified, but not the GET. This is still futile since I encountered many a webserver ignoring the Host: header with the query as above. Please name at least one example of a web server that expects or relies on the host being part of the request line. Full disclosure: this is my own webserver. [EMAIL PROTECTED]:/etc/privoxy# tail user.action # default policy to have a 'blank' image as opposed to the checkerboard # pattern for ALL sites. '/' of course matches all URLs. # patterns: # { +set-image-blocker{blank} } #/ ## set vi:nowrap tw=72 { +filter{hide-tor-exit-notation} } / [EMAIL PROTECTED]:/etc/privoxy# telnet localhost 8118 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET http://blog.crash-override.net.zwiebelsuppe.exit/ HTTP/1.1 Host: blog.crash-override.net.zwiebelsuppe.exit HTTP/1.1 403 Forbidden Date: Wed, 02 May 2007 10:19:33 GMT Server: Apache Content-Length: 343 Content-Type: text/html; charset=iso-8859-1 Connection: close !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title403 Forbidden/title /headbody h1Forbidden/h1 pYou don't have permission to access / on this server./p hr addressApache Server at a href=mailto:[EMAIL PROTECTED]blog.crash-override.net.zwiebelsuppe.exit/a Port 80/address /body/html Connection closed by foreign host. Looks like you forgot to enable client-header filtering: http://www.privoxy.org/user-manual/actions-file.html#FILTER-CLIENT-HEADERS Fabian signature.asc Description: PGP signature
Re: Crazy with Exit nodes
Benjamin Schieder [EMAIL PROTECTED] wrote: On 02.05.2007 13:01:28, Fabian Keil wrote: Benjamin Schieder [EMAIL PROTECTED] wrote: [EMAIL PROTECTED]:/etc/privoxy# tail user.action # default policy to have a 'blank' image as opposed to the checkerboard # pattern for ALL sites. '/' of course matches all URLs. # patterns: # { +set-image-blocker{blank} } #/ ## set vi:nowrap tw=72 { +filter{hide-tor-exit-notation} } / Looks like you forgot to enable client-header filtering: http://www.privoxy.org/user-manual/actions-file.html#FILTER-CLIENT-HEADERS Interesting. Why isn't this listed in the help for hide-tor-exit-notation? I don't remember. Probably I either assumed that it would be too obvious and that calling it a header filter would be enough of a hint, or I just didn't think about it. I've been searching for a viable solution for this for a while. Please consider writing a problem report the next time a Privoxy feature doesn't appear to be working. So far there wasn't any feedback for hide-tor-exit-notation, so my assumption was that it worked as expected for everyone who cared about it. Also, would it be possible to do it the other way around? Inserting an existing exit node notation into links in the page? There's no official Privoxy filter to do that, but you might try something like: FILTER: add-tor-exit-notation Adds the Tor exit node notation to absolute link targets s@[^]*(?:src|href)\s*=\s*[']?\s*http://[^/[EMAIL PROTECTED]@gis I assume it works but I only tested it with a few examples. It wont work for relative URLs, but if you already used the Tor exit node notation to reach the page it doesn't matter because the browser will treat the exit note notation as part of the host. With Privoxy's CVS version one could solve that problem with dynamic pcrs commands and the $host variable, but it would make more sense to leave the page source alone and just redirect the browser's requests to a rewritten version of the request URL: {+redirect{s@(http://[^/]*)/@$1.zwiebelsuppe.exit/@Ui} \ } tor.eff.org/ (Requires a Privoxy version above 3.0.6) Fabian signature.asc Description: PGP signature
Re: Accept-encoding: gzip
light zoo [EMAIL PROTECTED] wrote: --- Mike Cardwell [EMAIL PROTECTED] wrote: Or am I missing something? Mike Yes, you are missing something...and that is header munging. If you use compression then the headers can/may not be munged (spoofed and modified) as far as I understand. The Accept-Encoding header doesn't affect the encoding of the headers, so there's no reason why it should make a difference for header modifications. I do all my header munging (Firefox browser) via. about:config and extensions, some people use Privoxy, etc. This is my compression setting in about:config, it disables all compression: network.http.accept-encoding {gzip;q=0,deflate;q=0,compress;q=0} I don't think so. It certainly makes fingerprinting your requests easier, though. If you don't want to receive compressed content, you should either set the Accept-Encoding header to identity, or send no Accept-Encoding header at all. Have a look at section 3.5 Content Codings in: http://ietf.org/rfc/rfc2616.txt if you're interested in the details. Of course if there is no reason not to accept compressed content, it makes sense to just leave the client's encoding settings alone. Fabian signature.asc Description: PGP signature
Re: Open DNS
xiando [EMAIL PROTECTED] wrote: I read an article from LH this morning about the OpenDNS service. http://tinyurl.com/24y2cn http://www.opendns.com/ Can I use this with Tor? Will that void any anonymity provided by Tor? Forgive me if this is a stupid question. As for Tor: I want to get a message saying the domain isn't found if it doesn't exist - I don't want no mikey mouse bullshit advertisement landing page. Thus; I'd really dislike it if you use OpenDNS with Tor and now you're sending all these random Tor-users to view the stupid advertisement. I think there's a fair chance that the OP only wanted to reach OpenDNS through Tor for himself, and never intended to force OpenDNS upon other Tor users through an exit node. Fabian signature.asc Description: PGP signature
Re: Importance of HTTP connection keep-alive
Juliusz Chroboczek [EMAIL PROTECTED] wrote: However if I understand you correctly, you're saying that I intentionally... My apologies, I got carried away. No problem. Fabian signature.asc Description: PGP signature
Re: Importance of HTTP connection keep-alive
Juliusz Chroboczek [EMAIL PROTECTED] wrote: Michael Gersten: getting keep-alive to work will help a lot with web browsing, Fabian Keil: Is this an assumption or did you just forget to show your benchmarks to back this claim up? I've just tested this by running wget -p http://www.kde.org/screenshots/ No, you tested wget, which doesn't do parallel requests. The results are certainly interesting and may or may not show the difference between serialised requests that are done with and without keep-alive, but the numbers are worthless to make any assumptions about web browsing. Any modern browser I'm aware of uses multiple parallel connections if keep-alive isn't used, Firefox certainly does. Please feel free to repeat my tests and report the results on this list. I have no reason to doubt your results, I just don't think they are relevant for web browsing. I just did some tests which I think are more meaningful. I used Firefox instead of wget, used the Fasterfox plug-in to time the requests and tried several proxy combinations. The versions were Tor 0.1.2.9-rc, Firefox 2.0.0.3, Polipo 0.9.99.1 and Privoxy's CVS version with some uncommitted modifications which should be irrelevant for this test. I didn't change my Privoxy configuration, which means there were several actions active, some of which effected the results. http://www.kde.org/screenshots/ contains no ads or tracking pixels, so filtering the page causes a delay without any gain. The test was done on a laptop with FreeBSD's powered(aemon) running. As a result the CPU frequency wasn't constant, but I doubt that it mattered for the end results. I first did five tests for every proxy combination, switching the proxy combination after each request. Requests where started with ctrl+F5 so Firefox didn't use its cache and additionally set the headers Pragma: no-cache and Cache-Control: no-cache. I started Polipo with: polipo diskCacheRoot='' socksParentProxy=10.0.0.2:9050 and restarted it for every test. I kept Tor and Privoxy running all the time. Finally the numbers, the format is: |Proxy combination |results in the order I got them |average all |average without the best and worst result |average without the two worst results With http://www.kde.org/screenshots/: Firefox + Privoxy + Polipo + Tor: 40.950s, 6.100s, 6.294s, 24.290s, 56.680s 26.863s 23.845s 12.228 Firefox + Privoxy + Tor 59.523s, 7.493s, 6.822s, 156.438s, 35.282s 53.112s 34.099s 16.532 Firefox + Polipo + Tor 14.558s, 38.840s, 12.100s, 5.548s, 26.370s 19.483s 17.676s 10.735 I also tested with another website (http://www.spiegel.de/): Firefox + Privoxy + Polipo + Tor: 155.674s, 46.256s, 141.360, 47.120s, 35.967s 85,275s 78,245s 43,117s Firefox + Privoxy + Tor: 110.619s, 78.505s, 20.397s, 36.926s, 73,442s 63.983s 62,956s 43,588s Firefox + Polipo + Tor: 93.979s, 33.102s, 34.242s, 123.365s, 99.740s 76.886s 75.987s 53,774s Privoxy may have had a slight advantage here, because by removing three tracking pixels it had to do three requests less. However I think that it didn't matter much. The speed of the underlying Tor circuits seems to be the most important factor here and five samples probably aren't enough to prove anything. It certainly looks like keep-alive's effects aren't big enough to guarantee faster web browsing through Tor, though. Fabian signature.asc Description: PGP signature
Re: Importance of HTTP connection keep-alive
Juliusz Chroboczek [EMAIL PROTECTED] wrote: With http://www.kde.org/screenshots/: So according to this test, this page downloads roughly two times faster through Polipo/tor than through Privoxy/tor, right? It certainly did for the five samples I took. I also tested with another website (http://www.spiegel.de/): This test is not representative: this is an HTTP/1.0 site. There are fortunately very few of these left nowadays. What exactly is the problem with the site? Watching the circuits in Vidalia I had the impression that Polipo used keep-alive. Privoxy may have had a slight advantage here, because by removing three tracking pixels it had to do three requests less. And notwithstanding the fact that you so carefully crafted this test to advantage Privoxy, Polipo/tor was still 13% faster? To which numbers are you referring here? Repeating my results: Firefox + Privoxy + Tor: 110.619s, 78.505s, 20.397s, 36.926s, 73,442s 63.983s 62,956s 43,588s Firefox + Polipo + Tor: 93.979s, 33.102s, 34.242s, 123.365s, 99.740s 76.886s 75.987s 53,774s So Polipo+Tor were slightly slower, while the reason seems to be bad luck with the speed of the Tor circuits. However if I understand you correctly, you're saying that I intentionally chose a site where Polipo has problems? Can you name some other sites that you consider valid targets then? I can test again with Privoxy's actions disabled. Fabian signature.asc Description: PGP signature
Re: My ISP block Tor Servers
Dr. Death [EMAIL PROTECTED] wrote: My ISP Blocked most of tor servers that provide the cached-routers. any Idea how to bypass this issue ! Are you sure the blocks are intentional targeted against Tor and don't have other reasons (some overly aggressive heuristic to block worms for example)? If your ISP is intentionally blocking Tor and the contract allows it, I assume the most effective bypass will be to switch ISPs. Unless your ISP has a monopoly I don't see a reason to pay for its censorship. If you can't or don't want to switch ISP you could rent a server with uncensored net access and use it as proxy. There are different example configurations in the Tor FAQ. Fabian signature.asc Description: PGP signature
Re: Importance of HTTP connection keep-alive (was: Is this for real?)
Michael_google gmail_Gersten [EMAIL PROTECTED] wrote: (Yea, getting keep-alive to work will help a lot with web browsing, Is this an assumption or did you just forget to show your benchmarks to back this claim up? but that means tossing privoxy and using something else. Actually you can use connection keep-alive without tossing Privoxy. Just put Polipo between Privoxy and Tor (be aware that using another proxy behind Privoxy will render some of Privoxy's actions useless, though). My impression is that keep-alive (in the setup described above, and without Privoxy in the chain) doesn't buy you enough to be noticeable. Of course adding Polipo to the proxy chain has other advantages, I didn't do any scientific benchmarks either, and I may be biased. I used Privoxy's CVS version to measure the effects of not having to use prevent-compression for filtering, though: [EMAIL PROTECTED] ~ $head -n 15000 /usr/jails/privoxy-jail/var/log/privoxy/privoxy.log | grep Decomp | privoxy-log-parser 16:50:26.413 0815c700 Re-Filter: Decompression successful. Old size: 1147, new size: 2763. (saved: 58.49%) 16:50:27.125 0815c800 Re-Filter: Decompression successful. Old size: 5007, new size: 20885. (saved: 76.03%) 16:50:27.704 0808e900 Re-Filter: Decompression successful. Old size: 623, new size: 2145. (saved: 70.96%) 16:51:48.746 0815c900 Re-Filter: Decompression successful. Old size: 6104, new size: 26928. (saved: 77.33%) 16:57:07.983 0815c900 Re-Filter: Decompression successful. Old size: 29972, new size: 148272. (saved: 79.79%) 16:57:08.745 0815c600 Re-Filter: Decompression successful. Old size: 24125, new size: 113632. (saved: 78.77%) 16:57:16.002 0815ca00 Re-Filter: Decompression successful. Old size: 30392, new size: 150126. (saved: 79.76%) 16:57:17.475 0815c100 Re-Filter: Decompression successful. Old size: 15979, new size: 78088. (saved: 79.54%) 16:57:42.869 08156000 Re-Filter: Decompression successful. Old size: 18927, new size: 86616. (saved: 78.15%) 16:57:50.084 0808e700 Re-Filter: Decompression successful. Old size: 23686, new size: 115163. (saved: 79.43%) 16:58:32.836 0815c400 Re-Filter: Decompression successful. Old size: 30261, new size: 141889. (saved: 78.67%) 17:15:53.644 0808e700 Re-Filter: Decompression successful. Old size: 5318, new size: 22906. (saved: 76.78%) 17:22:20.633 0815c100 Re-Filter: Decompression successful. Old size: 7351, new size: 36324. (saved: 79.76%) As receiving compressed content seldom saves less than 50%, I assume that for Privoxy 3.0.6 (chained with Tor) the missing zlib support is a much bigger slow-down factor than the missing support for connection keep-alive (if that's a slow-down factor at all). Fabian signature.asc Description: PGP signature
Re: Please RTM!...Re: Please don't recommend Tor Button!
light zoo [EMAIL PROTECTED] wrote: --- Fabian Keil [EMAIL PROTECTED] wrote: If the Tor button extension would indeed remove these settings permanently, I'd consider JT's concerns valid. TorButton handles these correctly and does not route them into Privoxy, it just breaks them with a zero port...which is what was recommended by the Tor devs. when Scott Squires when building TorButton (as far I as remember). There is no need set those up to go into Privoxy if the port is zero. Is that a guess or did you actually verify that? If you did, which Firefox version were you using? At least for: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.8.1.2) Gecko/20070306 Firefox/2.0.0.2 proxy port 0 means ignore the proxy IP and use a direct connection. I would be very surprised if the behaviour would be platform-dependent. Fabian signature.asc Description: PGP signature
Re: Free Software and Torpark
H D Moore [EMAIL PROTECTED] wrote: On Sunday 25 March 2007 14:06, Fabian Keil wrote: ... and the people who currently don't use Torpark because it isn't free software and the people who don't care about Torpark itself but would appreciate it if the term free software wouldn't be watered down. Watered down? C'mon. Do a google search for free software. At least half of the results refer to software that is free as in beer vs free as in speech. According to Google my search request for free software looks similar to automated requests from a computer virus or spyware application and can't be processed right now, so I couldn't verify your claim. According to the first MSN Search page the ratio is 9 to 1 in favour of the FSF interpretation, though. If you want to show the difference between free and Free, capitalize it like everyone else. Just because something isn't Free doesn't mean you have to pay for it. I never said you had to pay for Torpark. Speaking of freedom, what about a giving a software developer the freedom to prevent commercial abuse? Would you prefer to give them the Freedom to stop working on their software because they don't want it ripped off by scumbags? If by commercial abuse you mean commercial use, they already have both of these freedoms and I never argued that they shouldn't have them. Torpark's license just doesn't give the user enough rights to call Torpark either free software or open source software without causing confusion, raised eyebrows or being laughed at. I argue that anyone trying to redefine the english word free to only mean software licensed according to the FSF guidelines deserves to be laughed at. It's not about redefining anything. Please have a look at [EMAIL PROTECTED] if you haven't already. This is a stupid argument to start with -- ignoring the license, TorPark should be recommended based on the quality of the code and the features of the software. If TorPark LLC does something evil at a later date, stop recommending them. I don't know anything about the quality of the code and I never recommended Torpark or Torpark LLC in the first place (not because of its code quality or its license, but because I don't know enough about it). I would assume though, that license and code quality aren't completely unrelated and that non-free licenses make it less likely that the code gets audited by third parties that aren't paid to do it. Fabian signature.asc Description: PGP signature
Re: Free Software and Torpark (was: Ultimate solution)
Arrakis [EMAIL PROTECTED] wrote: Saying free and open-source software isn't Free and Open Source is giving in to a combination of semantics and snobbery of licensing. The terms free software and open source software have been around for a while and so has there meaning. No one said Torpark wasn't delivered free of charge or that its source wasn't open for review. Torpark's license just doesn't give the user enough rights to call Torpark either free software or open source software without causing confusion, raised eyebrows or being laughed at. The source is totally free, and that isn't Free but free, _except_ I don't allow for other commercial services to rip it off and use it for their personal gain since I am giving it away to the public, and you can't install tracking/spyware/malware in it and then redistribute it. So it's totally free, except that it isn't. You're also not giving it away to the public, you're only giving it to those parts of the public you don't discriminate against. Those are pretty much the only restrictions. Perhaps GPL fanatics think I owe it to spyware manufacturers, or I need to give away my intellectual property to every 3rd-rate commercial anonymity service? The bottom line is, everyone benefits by these restrictions, except for malware manufacturers and commercial anonymity services. ... and the people who currently don't use Torpark because it isn't free software and the people who don't care about Torpark itself but would appreciate it if the term free software wouldn't be watered down. Fabian signature.asc Description: PGP signature
Re: Stripping code with Privoxy (was: Warnings on the download page)
Freemor [EMAIL PROTECTED] wrote: I've been watching this thread with some interest and as the Talk of mis-onfigured browsers and mis-behaving plug-ins grew I found myself thinking that there must be an easier way to fix the problem. It occured to me that what is needed (at least until a more permenant solution can be found) is a way to stop the offending material from making it to a potentially misconfigured application. So I started thinking about another proxy in the chain to strip all java and java script etc.. it then occured to me that Privoxy can most likely do this if a much more strict action file were written. so my questions are: 1 - Can a modified actions file be made that would strip all Java/javascript, flash, steaming media, etc. From looking at the Privoxy documentation it looks possible so far (but I'm no privoxy guru) There are too many different ways to embed or reference code in HTML. Creating such a Privoxy filter would take a lot of time and I doubt that it would ever work reliable enough to be remotely useful, even if you ignore the fact that it would only work for HTTP anyway. The filter would only remove the stuff its creators knew about, and while that may (or may not) be a lot, it would still default to permit. Default permit is OK when it comes to blocking ads and other minor annoyances, but it's a really bad idea when it comes to security: http://www.ranum.com/security/computer_security/editorials/dumb/ 2 - If 1 is possible wouldn't it be easiest to include the stricter action file in the tor/privoxy/vidalia bundle. Tell people look, a lot of stuff isn't going to fly.. but trust us.. you don't want it too If people wouldn't want this stuff, they shouldn't install the plugins in the first place and disable remote code execution in the browser. Don't want to get owned because of Java, PDF, flash or whatever? Just don't install the plugins. Can't trust your browser if JavaScript is enabled? Just disable it. It's that simple. Fabian signature.asc Description: PGP signature
Re: Tor breaks slashdot
Michael_google gmail_Gersten [EMAIL PROTECTED] wrote: Tor seems to be destroying slashdot's new hidden, display on demand discussion format. Test environment: Firefox 2.0.0.2, Mac os 10.4.8, privoxy 3.0.6, tor rc 9. For this test, everything went through privoxy. Slashdot page is http://it.slashdot.org/article.pl?sid=07/03/05/041215from=rss Privoxy config file contains one relavent line: ## forward-socks4a / localhost:9050 . This line was either commented out, or uncommented, to switch tor on or off. Observed behavior: When commented out (tor turned off), clicking on the hidden discussions first displays the initial burst that appears to have come in the original web page, and after about one second, the rest of the article and article header appear, downloaded on demand from slashdot. When enabled, the next (first) one also appears. After that, no more will download. When disabled again, there will be one more does not appear. After that, they will all appear. Is there a chance that you could give a more detailed description or even provide some before and after screen shots where you highlight the problem? I visited the URL above, but I'm not sure what a display on demand feature looks like or how the navigation is supposed to work. It would also be interesting to know if you freed the browser cache between the requests and if you can reproduce the problem without Privoxy. You might additionally want to increase Privoxy's debug level to see if and how the requests differ. The delay of one between enabling/disabling, and actual, I'm guessing to be privoxy noticing a change to its config file. That's probably correct. Privoxy reloads it's configuration file with the first request after the change was made, but that request itself will still use the old settings. Fabian signature.asc Description: PGP signature
Re: tor proxy chain
giorgio m [EMAIL PROTECTED] wrote: I've set up the proxy in firefox in order to connect to tor, and it works well, now I would like to do this: my_pc - tor - proxy_choosen_by_me:port-www_page May I ask why? but if I type in the address bar of firefox: http://proxy_choosen_by_me:port/www_page I get nothing What kind of proxy is proxy_choosen_by_me? I'm not aware of a proxy standard that would work the way you described. It certainly wouldn't work with HTTP forwarding proxies. And while I'm not sure, I also believe that Firefox can't access other HTTP proxies through socks proxies anyway. If that's true, you need an additional proxy before Tor, for example: Firefox - Privoxy - Tor - another HTTP proxy - web site would work. Most of the time, however, using a proxy after Tor makes no sense as it usually reduces your anonymity level again (the IP address the target website sees doesn't change). Fabian signature.asc Description: PGP signature
Re: tor proxy chain
giorgio m [EMAIL PROTECTED] wrote: First of all, thanks for your polite and fast answer. You're welcome. To simplify the problem, I say that I would like to do this: perl_script- tor - standard_http_proxy - web_site I want the web site to see the ip of the standard_http_proxy, not the tor ip. Do you think that it is possible to do this? Probably the easiest way to do this is to add Privoxy to the proxy chain, have the Perl script use Privoxy as HTTP proxy and let Privoxy do the rest. I currently use something similar for testing purposes, the Privoxy config line looks like this: forward-socks4a .freebsd.org/Tor-Jail:9050 tor.fabiankeil.de:8118 Requests that match .freebsd.org/ are forwarded through the HTTP proxy tor.fabiankeil.de:8118 (another Privoxy) and the connection to that proxy is made through the socks4a server Tor-Jail:9050 (Tor). As mentioned earlier, from a anonymity point of view this isn't the smartest setup. It increases the chances that the traffic is sniffed or altered and the target server always sees the same IP address. You could also try to find a Perl module that can reach HTTP proxies through socks4a servers. If you find one (and aren't already using Privoxy anyway) this should be even easier to set up, provided you also find documentation for it. A third way would be to configure your Perl script to use a HTTP proxy and then intercept and redirect these requests through Tor. I recommend you use dns-proxy-tor, PF and a recent Tor alpha version to set up the interception proxy, but the programs John mentioned should work too. Fabian signature.asc Description: PGP signature
Re: Forcing firefox to keep a connection alive for reuse
Juliusz Chroboczek [EMAIL PROTECTED] wrote: Fiddlesticks. I've got mine set for pipelining also, and yet Vidalia clearly shows multiple connections to each website, not a single re-used one. Privoxy disables pipelining. Minor correction -- I belive Privoxy doesn't do persistent connections at all, let alone pipelining. I don't see the contradiction here, but you're not mistaken. Privoxy doesn't initialise persistent connections by itself, doesn't pipeline anything and doesn't allow the client to do it either. Fabian signature.asc Description: PGP signature
Re: more letters from the feds
Anthony DiPierro [EMAIL PROTECTED] wrote: On 1/28/07, Fabian Keil [EMAIL PROTECTED] wrote: Anthony DiPierro [EMAIL PROTECTED] wrote: That brings up an idea, though. Are there certain common perfectly legitimate things that exit nodes are being used for, that maybe some hidden services could be set up to take the load off? I guess the most obvious and perfectly legitimate thing to use exit nodes for is anonymous communication on the net. I don't understand how using hidden services would take off any load though. If a hidden service does the job of an exit node you might as well consider it as one. Hidden services don't require exit nodes, so if exit nodes are the bottleneck, then moving traffic from exit nodes to middleman nodes will improve the entire network. As for if a hidden service does the job of an exit node you might as well consider it as one, I'm not really sure what that means. What if a hidden service does *some* of the jobs of an exit node? Do you count it as part of one? If it means relaying requests to the outside with the possibility to get the operator into problems, yes. After all it's request IP address will be visible to the public in which case the risk for the operator stays the same (unless requests are routed through the Tor network again, in which case it would only add latency). The risk is the same for the same services, but there's no requirement for a hidden service to, for instance, forward POST requests, which I would think greatly reduces the risk. If one runs an exit node, they're agreeing to forward all requests, not just GET requests or GET requests without any parameters, and not even just HTTP traffic (as was pointed out, any traffic can go over port 80). I doubt that anyone would want to use a service that limits HTTP to GET without parameters. Also it could obviously still be used to get information. At least in Germany the possession of certain information, or even the mere attempt to get it is already forbidden and could get the operator of the proposed exit node with reduced capabilities into problems. Fabian signature.asc Description: PGP signature
Re: TorK 0.13 Released - Many new features
Robert Hogan [EMAIL PROTECTED] wrote: I've just released a new version of TorK, with quite a few new features. At: http://tork.sourceforge.net/wiki/index.php/FAQ#What_do_I_need_to_compile_and_install_TorK.3F I only see kde-devel, xorg-dev, libqt4-dev and KDE 3.5.3 listed as build requirements. Does this mean the dependency on a GNU/Linux build environment is gone now? Fabian signature.asc Description: PGP signature
Re: more letters from the feds
Eugen Leitl [EMAIL PROTECTED] wrote: On Sat, Jan 27, 2007 at 11:12:01AM -0500, [EMAIL PROTECTED] wrote: Perhaps someone could draft a generic response letter to be sent to law enforcement if a server operator is contact and post it online or even include it in the package. It doesn't matter what you write, if your local jurisdiction outlaws e.g. pedophilia or persecutes online fraud and is serious about it you will receive more attention from LEOs and lawyers than you're comfortable with. Which is main reason why I'm no longer running an exit node. I think it would be interesting to know if any single person in Germany got more than one letter, or first a letter for one investigation and than a personal visit for another one. If you get the friendly letter to give up information about your clients it already means you aren't considered a suspect. If this decision isn't made arbitrary, it should be always the same and someone who already got one of the service provider letters could feel more comfortable than one who hasn't heard anything from the authorities yet. Of course it's a decision everyone has to make himself, but I for one wouldn't mind answering the letters now and then. Fabian signature.asc Description: PGP signature
Re: more letters from the feds
Anthony DiPierro [EMAIL PROTECTED] wrote: That brings up an idea, though. Are there certain common perfectly legitimate things that exit nodes are being used for, that maybe some hidden services could be set up to take the load off? I guess the most obvious and perfectly legitimate thing to use exit nodes for is anonymous communication on the net. I don't understand how using hidden services would take off any load though. If a hidden service does the job of an exit node you might as well consider it as one. After all it's request IP address will be visible to the public in which case the risk for the operator stays the same (unless requests are routed through the Tor network again, in which case it would only add latency). Fabian signature.asc Description: PGP signature
Re: Privoxy setting blocking Yahoo mail logout
A. L. [EMAIL PROTECTED] wrote: Below is a sample logout URL, where I replaced alphanumeric characters in alpahumeric only character sequences with A and numeric characters in numeric only character sequences with N. For some clarity, I present two versions of sampled URLs, one having the char sequences contracted to Ax and Ny forms, where x and y are the number of times a (not certain) alphanumeric character and numeric character respectively occur. http://us.ard.yahoo.com/SIG=A/M=NN.NNN.NNN.NNN/D=mail/S=N:HEADR/Y=YAHOO/EXP=NN/A=NNN/R=N/SIG=A/*http://login.yahoo.com/config/login?logout=1.done=http://mail.yahoo.com.src=ym.intl=us http://us.ard.yahoo.com/SIG=A9/M=N6.N7.N7.N7/D=mail/S=N9:HEADR/Y=YAHOO/EXP=N10/A=N7/R=N/SIG=A9/*http://login.yahoo.com/config/login?logout=1.done=http://mail.yahoo.com.src=ym.intl=us The first url string might break the page layout, sorry if it does. However, the browser should reach the following url: http://login.yahoo.com/config/login?logout=1.done=http://mail.yahoo.com.src=ym.intl=us Can you please check if it still works if the request to us.ard.yahoo.com is intercepted and redirected to the URL above? If I open it, I get a message that I signed out of the Yahoo! network, however I don't have an Yahoo account and was never signed in, therefore I can't verify if skipping us.ard.yahoo.com would be safe. Yahoo doesn't bother to validate the URL parameters (try http://login.yahoo.com/config/login?logout=1.done=http://tor.eff.org.src=ym.intl=us and use the Return to Yahoo! Mail link) so maybe they don't verify whether or not you're really signed out either. Also note, and this is Tor related again, that every time you run into a Privoxy fast-redirect problem it means that your request was unencrypted and could be sniffed or altered by the Tor exit node or systems between the exit node and the destination. You may want to investigate whether or not Yahoo allows you to accidentally send your Email unencrypted (like Google does) and if the session cookies are transferred encrypted. Indeed, maybe I should've posted at the Privoxy project lists but I thought it concerns all the users of the bundle alike (maybe this setting for other Privoxy uses is useful, but in the particular case of Yahoo mail users it doesn't). While this problem affects all Yahoo-mail-using Tor bundle users it also affects Yahoo-mail-using Privoxy users that don't use Tor. If it gets fixed upstream both groups profit. I agree that the problem should be fixed, I just don't think that blindly disabling all yahoo redirects is a solution. With Privoxy 3.0.6 you can add: {+redirect{http://login.yahoo.com/config/login?logout=1.done=http://mail.yahoo.com.src=ym.intl=us} \ } .yahoo./.*http://login.yahoo.com/config/login.*http://mail.yahoo.com {-fast-redirects \ } .yahoo.com/.*done=http in your user.action file, with Privoxy 3.0.7 (unreleased) you can even replace the static redirect with: [EMAIL PROTECTED](http://login\.yahoo\.com/.*)[EMAIL PROTECTED]@i} to make sure it works for other done URLs as well. If someone can confirm that this is safe, we (the Privoxy team) will ship it with Privoxy 3.0.7's default configuration. Fabian signature.asc Description: PGP signature
Re: Letter from the feds
Alexander Janssen [EMAIL PROTECTED] wrote: my turn for a story to tell now. I run the TOR-server wormhole in Germany. I run Zwiebelsuppe and Zwiebelkuchen. On the 28th of December I got a letter from the BKA (the german Federal Office of Criminal Investigation). The content of the letter was something like that: The owner of the IP-Addres $my_servers_address is suspected of posession of child pornography. Hereby we order you to tell us the real name of the owner and disclose all relevant logfiles according to §113 TKG in the time of the 26th of October, 7:00 PST. We also demand the names of all your customers which use your service and we inform you that disclosing our request to your customers may be punishable. I got a similar letter about two weeks earlier, but the language was quite polite and no punishment promised. The BKA was interested in the person who used my exit nodes at the 26th of October, 6:40 PST, so I guess the thought crime offender was the same. I explained what Tor does and why German law forbids me to log the information they wanted and haven't heard anything back so far. Hm, they finally seem to have come to their senses. They really scared the shit out of my wife and me, believe me. I don't know if their floppy requests was intentional or not or if they wanted to scare me, but that's nothing a lawyer can sort out. Unfortunately you'll still have to pay the lawyer yourself. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Tor 0.1.2.2-alpha eventdns timeouts
Nick Mathewson [EMAIL PROTECTED] wrote: On Thu, Oct 26, 2006 at 06:49:57PM +0200, Fabian Keil wrote: [...] As a result I see indeed a lot less timeout warnings, and the servers are declared active right away, but it also looks as if the number of timeouts isn't reset correctly: My apologies for the delay here. Your diagnosis turned out to be completely correct. I was looking for far more tricky problems, when the root cause turned out to be (I think) that eventdns.c never actually reset the timeout count. Oops! I've checked a patch in to subversion as r9054; if you have a chance to see whether it fixes the problem for you, I'd be most grateful. I patched Tor 0.1.2.4-alpha about half an hour ago, so I can't be sure yet, but it looks as if the patch causes less timeout warnings, but more Bad response 2 messages. This is a log excerpt from vanilla Tor 0.1.2.4-alpha: Dec 12 18:55:11.676 [warn] eventdns: Nameserver 81.169.148.34 has failed: request timed out. Dec 12 17:46:01.083 [warn] eventdns: Nameserver 81.169.148.34 is back up Dec 12 17:53:45.157 [warn] eventdns: Nameserver 81.169.148.34 has failed: request timed out. Dec 12 17:53:55.158 [warn] eventdns: Nameserver 81.169.148.34 is back up Dec 12 18:02:27.201 [warn] eventdns: Nameserver 81.169.148.34 has failed: request timed out. Dec 12 18:02:37.242 [warn] eventdns: Nameserver 81.169.148.34 is back up Dec 12 18:12:59.581 [warn] eventdns: Nameserver 81.169.148.34 has failed: request timed out. Dec 12 18:13:09.582 [warn] eventdns: Nameserver 81.169.148.34 is back up Dec 12 18:13:19.784 [warn] eventdns: Nameserver 81.169.148.34 has failed: request timed out. Dec 12 18:13:29.785 [warn] eventdns: Nameserver 81.169.148.34 is back up Dec 12 18:33:15.708 [warn] eventdns: Nameserver 81.169.148.34 has failed: request timed out. Dec 12 18:33:16.746 [warn] eventdns: Nameserver 81.169.148.34 is back up Dec 12 18:43:00.952 [warn] eventdns: Nameserver 81.169.148.34 has failed: request timed out. Dec 12 18:43:02.706 [warn] eventdns: Nameserver 81.169.148.34 is back up This is with your patch applied: Dec 12 18:47:11.260 [notice] Self-testing indicates your DirPort is reachable from the outside. Excellent. Dec 12 18:48:09.113 [notice] Performing bandwidth self-test. Dec 12 18:55:11.676 [warn] eventdns: Nameserver 81.169.148.34 has failed: request timed out. Dec 12 18:55:21.677 [warn] eventdns: Nameserver 81.169.148.34 is back up Dec 12 18:55:37.977 [warn] eventdns: Nameserver 81.169.148.34 has failed: Bad response 2 (server failed) Dec 12 18:55:47.978 [warn] eventdns: Nameserver 81.169.148.34 is back up Dec 12 18:59:26.843 [warn] eventdns: Nameserver 81.169.148.164 has failed: Bad response 2 (server failed) Dec 12 18:59:34.863 [warn] eventdns: Nameserver 81.169.148.34 has failed: Bad response 2 (server failed) Dec 12 18:59:34.864 [warn] eventdns: All nameservers have failed Dec 12 18:59:36.843 [warn] eventdns: Nameserver 81.169.148.164 is back up Dec 12 18:59:44.864 [warn] eventdns: Nameserver 81.169.148.34 is back up I already did get some Bad response 2 before, so this could be a coincidence. As I said, it's not running long enough to be sure, but it at least looks as if there's still some problem left. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: ff 1.5.0.7 2.0 (remote) dns leaks when using tor
lester psigal [EMAIL PROTECTED] wrote: Thus spake lester psigal ([EMAIL PROTECTED]): i've got a setup for anonymous browsing using firefoxf 1.5.0.7 and lately ff 2 with privoxy and tor (vidalia bundle 0.0.7) on windows xp sp2. the ff configuration option 'network.proxy.socks_remote_dns ' is set to true, the setting 'network.proxy.failover_timeout' is set to 5 and the 'network.proxy.socks_version' is set to 5 but the ethereal logs show that firefox is still leaking dns requests, i.e. ff still does the lookups itself and does not delegate them to the proxy (which is not quite true: the dns requests are always delegated to the proxy and _sometimes_ to the local dns client too). to make it worse the leaks are occuring randomly (sometimes the remote dns works and sometimes not), so i'm guessing that it is a timeout issue. does ff fallback to local dns lookup when a remote lookup request is not answered in a timely manner or is it a failure with the os dns client or even a ff bug? what else could be done to prevent ff from dns leaking? any hints or suggestions would be very nice as it does not make any sense to me to operate a quite complex and complicated system for anonymous browsing when tracking of dns requests is all a profiling facility has to do... what i've forgot to mention that my installation of firefox uses torbutton 1.0.4 which is a firefox add-on preconfiguring the proxy settings for the vidalia bundle, that is http/s: localhost:8118 and socksv5 localhost:9050. Can you reproduce the problem without any Firefox plugins that influence the proxy settings? A few weeks ago I shortly tested FoxyProxy and had similar experiences. I used the always use proxy xyz feature to quickly switch between different Privoxy versions, Firefox own settings were configured to use Privoxy as well. Directly after starting up, Firefox always ignored the proxy settings and fetched some of the live bookmarks directly. The same happened if there were still tabs open from a previous session. I also had the feeling that it would randomly ignore the settings later on, but I didn't use the plugin long enough to verify this. I never used torbutton, but maybe it has similar problems. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Anonymous Blogging
RMS [EMAIL PROTECTED] wrote: If you don't enable hide-forwarded-for-headers you are sending your client's IP address to the web server. If you aren't using NAT, this will obviously affect your anonymity. If you're running Privoxy on the machine you are using to browse, and you're connecting using the address 127.0.0.1, the Forwarded-For header should read 127.0.0.1, so there's no real threat. I cannot find the parameter hide-forwarded-for-headers. Is it in one of the files I had cleared? It's usually in default action. Anyway, my masked IP was tested to be a Tor node from the detector. Can I conclude that the 3 files can be safely cleared without compromising on my anonymity? You can use: http://config.privoxy.org/show-request to see how Privoxy is changing the request headers. If you are using the setup jgt described (which is the default), Privoxy should indeed only send 127.0.0.1. While this isn't enough to compromise your anonymity by itself, it would still make user tracking easier. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Using Tor under Parallels
David O Smith [EMAIL PROTECTED] wrote: I'm running an Intel-based Mac with Tor and Privoxy installed and working. I'm also running Windows XP under Parallels on the same Mac. I'm using Firefox on the Windows system. Firefox on the Windows Virtual Machine won't connect to the net. I've configured it to use the Proxy settings recommended on the web page (Proxy at 127.0.0.1/port 8118/Socks 5). All I get is a message that the proxy is refusing connections. How do I get round this, please? If I understand you correctly, you are trying to convice Firefox inside Parallels to connect to Privoxy running on the host system? If that's the case you will either have to bind Privoxy to a non-local listen address or skim through the Parallels documentation to see if there's another way to reach the host's 127.0.0.1 from the guest system. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Connecting to special ports through Tor/Privoxy
[EMAIL PROTECTED] wrote: Config: Firefox 2 Privoxy Tor (Vidalia) When I want to connect through Tor to special port as 8443 by https (Plesk panels), I simply cannot and always get a blank page. (Usual config for https is 127.0.0.1:8118) Some Privoxy configurations limit CONNECT to port 443 or block it all together. By default Privoxy answers those request with an error message inside the HTTP headers because some user agents get confused otherwise. If you use a browser that hides HTTP headers, these error messages are obviously easy to overlook. To solve the problem, I have to delete all entries the https entry, and so I use the Socks5 proxy on 127.0.0.1:9050 Isn't there a way (probably something to add in the Privoxy config?) to be able to connect through Tor to https://x:8443 without using the Socks5 proxy? You can just make an exception or disable limit-connect for all sites: http://www.privoxy.org/user-manual/actions-file.html#LIMIT-CONNECT If you use Privoxy 3.0.5 beta you could also enable: http://www.privoxy.org/user-manual/actions-file.html#TREAT-FORBIDDEN-CONNECTS-LIKE-BLOCKS to get the standard HTML error message for blocked sites next time you try to CONNECT to a blocked port. Please read the fine print about its limitations first. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Connecting to special ports through Tor/Privoxy
[EMAIL PROTECTED] wrote: When I want to connect through Tor to special port as 8443 by https (Plesk panels), I simply cannot and always get a blank page. (Usual config for https is 127.0.0.1:8118) Some Privoxy configurations limit CONNECT to port 443 or block it all together. By default Privoxy answers those request with an error message inside the HTTP headers because some user agents get confused otherwise. If you use a browser that hides HTTP headers, these error messages are obviously easy to overlook. The problem isn't on the port 443, but 8443. As I already wrote above, CONNECT requests are limited to port 443 (or blocked to every port) by default and as a result attempts to CONNECT to port 8443 get blocked. The Plesk addresses are https://domain/etc:8443 Which means the proxy-using browser will use HTTP CONNECT while trying to open the SSL connection. Usual addresses https work fine with my config, it is when I want to connect to the port 8443 that it fails. Usually HTTPS connections use port 443 which isn't blocked. And I have no Privoxy error page, nothing. Just a blank page. As mentioned above, the error message is send as HTTP header. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Tor and NNTP
Aioe [EMAIL PROTECTED] wrote: I need a (server side) way to separate the tor users from the other ones: is this possible? I'm supposing to setup an hidden service which redirects all tor users to a non default *local* NNTP port in order to treat them differently from the other clients. In this way, when the tor users access the server from the main DNS system (as nntp.aioe.org) they're still subjected to the standard rules that are applied to all clients but when they use the .onion domain a different (less restrictive) policy can be applied to them. Is this a right way? As this still relies on the users to get active and change their settings it's probably a good idea to combine it with a Tor node that allows (only) exits to your NTTP port. This way Tor clients of lazy users should automatically pick your node as exit and you can detect these requests on their IP addresses as well. If I remember correctly this only works from the second connection on, but I assume most of your user use the first connection to fetch new articles anyway, therefore this shouldn't be a problem. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Practical onion hacking: finding the real address of Tor clients
GeorgeDS [EMAIL PROTECTED] wrote: On Tue, 2006-10-31 at 09:49, Fabian Keil wrote: George Shaffer [EMAIL PROTECTED] wrote: To go to a malicious site you need to encounter a site whose security has been compromised, be tricked into going to a site, be the victim of poisoned DNS, receive an email with a macro based Outlook virus that uses IE functionality, or deliberately browse fringe web sites. Or you can use Tor and give every Tor exit node operator the chance to render every trusted site that doesn't use encryption into a source of malware. If your only point is I forgot to list this, I'm guilty. Other than that, this seems to be an argument against using Tor. I think it's just a fact every Tor user should be aware of. It sure is a disadvantage, but I don't see it as a reason to stop using Tor. Regarding systrace: Looking at man, it does appear that it would be useful for controlling developmental software on a very secure OpenBSD system. It's useful to control software in general. In general I agree but there are costs as well as benefits to all security measures. Rational people can reach a wide range of conclusions regarding how much to invest and where. Of course. I suspect you might be rather uneasy with controlling software, as in preventing customers from using Skype, as the Narus tools linked to below can. It's besides the point, but given the free alternatives I don't think anyone should be using Skype anyway. Especially not users who care about their privacy and system security. If an ISP thinks it's a good idea to disallow Skype usage in its terms of service and then tries to enforce this policy, I don't have a problem with that. If the user wants to use Skype, she should sign up with an ISP with less unreasonable terms of service. There are several valid reason not to run a Tor server at all, I just don't think that local security or ISP terms of service are among them. We will obviously continue to disagree about these. I recently came across http://www.narus.com/products/index.html which describes a line of products that allow large ISPs and broadband carriers to monitor everything that flows across their network. Virtually every protocol can be identified, and everything from any IP can be assembled into a stream and it's contents examined. For Tor users this shouldn't be a big deal. I also don't see anything exciting about Narus, I once saw a Squil presentation and if I remember correctly it can do the basically the same. http://sguil.sourceforge.net/index.php?page=description Of course a patient person can already do the same thing with less comfortable tools like tcpdump anyway. That barely begins to describe what the Narus tools can do. If you care about privacy, this is really creepy. Maybe if you care about privacy and don't use tools like Tor to protect it. Partly this is to allow carriers to conform to the wiretap laws that are being applied in the US and other countries, but Narus makes clear the carriers can use these tools for their own purposes. While resources should prevent an ISP or carrier from monitoring all their customers all the time, tools like this will allow them to focus on protocols banned by terms of service and identify the customers using the banned protocol. Personally I think the frequent changes in wiretaping laws are lot more frightening than the software to comply with them. In the case of a cable provider, there is only one in any specific area. If you loose your access, then you have to hope DSL is available, and you will normally pay more for comparable download speeds. Personally I want to be careful about my ISPs terms of service. It was probably not clear enough, but I wasn't trying to say that one shouldn't honour the ISP's terms of service. I'm just saying that they aren't a valid reason not to run a Tor server. They are only a reason not to run a Tor server in that ISP's network (if you are interested in running a Tor server and I know, you personally aren't). Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Using Privoxy to increase the security level (was: reporter from The Economist in Thailand seeks help / new Tor guide is up)
Chris Willis [EMAIL PROTECTED] wrote: I have to add a bit to this one: NO browser (cept maybe a text browser in BSD or something) is really 100% safe on its own. Firefox has lots of vulnerabilities, just like IE. That is why you use privoxy with Tor. http://www.privoxy.org/ Actually it's not, at least it shouldn't be. If you visit the Privoxy website you will notice that Privoxy isn't advertised as a protection against browser vulnerabilities: |Privoxy is a web proxy with advanced filtering capabilities |for protecting privacy, modifying web page data, managing cookies, |controlling access, and removing ads, banners, pop-ups and other |obnoxious Internet junk. Privoxy has a very flexible configuration |and can be customized to suit individual needs and tastes. While Privoxy has some mechanisms against a small set of IE exploits, these exploits are known for several years and should be fixed in any recent IE release anyway. I'm not aware of a single Firefox vulnerability that didn't affect Firefox versions behind Privoxy, and if there are any, these could probably be prevented by using any other http proxy as well. Usually browser vulnerabilities are the result of active scripting bugs or content parsing problems. Privoxy's filtering capabilities are far too limited to reliable protect the browser against these, especially not in advance. And even if Privoxy could do it: by the time someone implemented a counter measure in Privoxy, the problem would probably be already long fixed in the latest browser release. If you want to increase your browser's security level, use a reasonable default configuration and update regularly to stay on top of known security problems. If you do that, Privoxy is unlikely to increase your security level any further. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Practical onion hacking: finding the real address of Tor clients
George Shaffer [EMAIL PROTECTED] wrote: On Thu, 2006-10-26 at 15:05, Fabian Keil wrote: George Shaffer [EMAIL PROTECTED] wrote: On Mon, 2006-10-23 at 08:22, Fabian Keil wrote: George Shaffer [EMAIL PROTECTED] wrote: . . . many web surfers, even knowledgeable ones, like the rich experience and are willing to sacrifice security and privacy for it. And they constantly get what they deserve. . . If a member of your family is sick with a contagious disease, and you tend to them, do you deserve to get the disease? It might be smarter to stay away and call a doctor, but perhaps you get infected before you knew a doctor was needed, or while waiting for the doctor, or can't afford a doctor. I fail to see the similarities between willingly sacrificing security and privacy for 'rich experience' and caring about ones family. It may have been a poor analogy (I was thinking of computer viruses which suggested disease) but my objection is to the use of the word deserve. Lets replace it with shouldn't act surprised if they run into problems then. What is so often forgotten about malicious web attacks is that nearly all web operators have a large investment in their sites and malicious software hurts them as much or more as victim client computers. To go to a malicious site you need to encounter a site whose security has been compromised, be tricked into going to a site, be the victim of poisoned DNS, receive an email with a macro based Outlook virus that uses IE functionality, or deliberately browse fringe web sites. Or you can use Tor and give every Tor exit node operator the chance to render every trusted site that doesn't use encryption into a source of malware. Anyone interested whether or not your IP address is currently in use only needs to do a port scan. Are you sure? By stealth I mean . . . If the target IP address is unused, the scanner gets an error message send from the router located one hop before the target. If the scanner doesn't get this error message, it's safe to assume that the target system is running. By unused to you mean unassigned or will simply turned off result in such a message? I don't have enough computers to test this and know of no legal way to do so. I guess I have to take your word, though I've never heard this before. Perhaps someone could provide a URL that describes this. http://www.ietf.org/rfc/rfc792.txt And if you can't trust your firewall enough to work in cases where someone knows that your IP address is in use, you should get a firewall that actually works anyway. One might conclude, if one assumed these couple smart alec remarks represented your entire knowledge of firewalls, that you don't seem to know that once you open a port in a firewall to a server, e.g., Tor and port 80, that the firewall cannot protect that server. The packet filter can still protect all other ports and increase the chances that the packets arriving at the Tor running server are valid. The Tor server's host system can make sure that a compromised Tor server doesn't cause too much damage. As a OpenBSD user you will be aware of systrace, other systems have similar tools. While I'm generally familiar with most of your points, and the one about a firewall only allowing valid packets is a good one, in the context of this discussion, your final sentence grates. Perhaps this comes from the way German translates to English, but it would be much easier to read If you are not familiar with, then you should look up systrace rather than saying you will be aware of. If I ever knew it I've completely forgotten it. Looking at man, it does appear that it would be useful for controlling developmental software on a very secure OpenBSD system. It's useful to control software in general. Fabian, please make this the last time you suggest that I run a Tor server whether locally or hosted. This is the third time you've suggested that I run a server and the third time I said I'm not going to. I thought we were discussing the (dis)advantaged of running a Tor server in general. I don't intend to convince you personally to run a Tor server, especially not if you don't even use the Tor client regularly. There are several valid reason not to run a Tor server at all, I just don't think that local security or ISP terms of service are among them. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Practical onion hacking: finding the real address of Tor clients
George Shaffer [EMAIL PROTECTED] wrote: On Mon, 2006-10-23 at 08:22, Fabian Keil wrote: George Shaffer [EMAIL PROTECTED] wrote: The risks of JavaScript, Flash and friends are mentioned several times in the docs. Haven't the authors of the report that you seem to object to so much made a dramatic demonstration of this. The products you mention are used by many content providers, and many web surfers, even knowledgeable ones, like the rich experience and are willing to sacrifice security and privacy for it. And they constantly get what they deserve. . . If a member of your family is sick with a contagious disease, and you tend to them, do you deserve to get the disease? It might be smarter to stay away and call a doctor, but perhaps you get infected before you knew a doctor was needed, or while waiting for the doctor, or can't afford a doctor. I fail to see the similarities between willingly sacrificing security and privacy for 'rich experience' and caring about ones family. It was already a well known and documented fact that Tor exit nodes can alter unencrypted traffic. And even if this wasn't documented, just thinking about it would make it clear. . . That would depend on how well you understood how Tor works, and more generally your understanding of computers, which to most people are pretty much a mystery. Of course you're right, but I assume the people you mentioned wouldn't find and read this paper either. There is another reason for not running a Tor server even if my ISP allowed it. I have a dedicated stealth firewall (protecting a personal desktop with little of intrinsic value). There is no chance I would poke holes in its configuration. . . Anyone interested whether or not your IP address is currently in use only needs to do a port scan. Are you sure? By stealth I mean a firewall that drops packets on blocked ports (and ICMP) and returns no packets, regardless of whether probing packets are properly formed or deliberately misformed. A scanner (at least theoretically) gets exactly the same response as from a computer that is turned off. This only works if every single port and ICMP are blocked (stealth). A single open, or closed port, will reveal unequivocally to a port scan that there is a working computer at the target IP address. If the target IP address is unused, the scanner gets an error message send from the router located one hop before the target. If the scanner doesn't get this error message, it's safe to assume that the target system is running. And if you can't trust your firewall enough to work in cases where someone knows that your IP address is in use, you should get a firewall that actually works anyway. One might conclude, if one assumed these couple smart alec remarks represented your entire knowledge of firewalls, that you don't seem to know that once you open a port in a firewall to a server, e.g., Tor and port 80, that the firewall cannot protect that server. The packet filter can still protect all other ports and increase the chances that the packets arriving at the Tor running server are valid. The Tor server's host system can make sure that a compromised Tor server doesn't cause too much damage. As a OpenBSD user you will be aware of systrace, other systems have similar tools. It's not that I don't trust my firewall, I just don't want to invite random attacks, because a broad probe of many port 80s, happens to find an open one on my machine. I hope you're not suggesting Packet Filter on OpenBSD does not work. I don't. But if by random attacks you mainly mean DoS attacks I can see your point. Now that I've already told you something about my system, if you think you are smart or knowledgeable enough to get past my firewall, I'll be glad to give you permission to try. I didn't claim that. (Recently when I again got unexpected content as was discussed in a recent thread, I scanned the Tor exit node from grc.com, and both 80 and 443 showed as open, where the others showed as stealth. This means Tor is responding, even though the incoming packet is not a Tor packet. Other explanations? I did not write down the IP, and have no knowledge of the OS or firewall in use on that exit node.) Depending on your scan it probably wasn't Tor, but the underlying OS which answered your scan. Of course this doesn't change the fact that Tor doesn't operate invisible, but this shouldn't be a major problem. Either way though, packets are now sent from the Tor node system that can be fingerprinted to determine the OS, version, and some other facts about the OS running the Tor node and possibly firewall. A port scanner will quickly show other ports as blocked. The attacker can't immediately know if the open service is on the firewall machine or being passed to a machine behind the firewall. A careful packet analysis may reveal this. From this the attacker can look
Re: Practical onion hacking: finding the real address of Tor clients
coderman [EMAIL PROTECTED] wrote: one last comment: an additional reason to run a server which i haven't seen listed in this thread is hidden services. while not a compelling feature, they are useful for some purposes. AFAIK you don't have to run a Tor server to run a hidden service. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Practical onion hacking: finding the real address of Tor clients
George Shaffer [EMAIL PROTECTED] wrote: On Fri, 2006-10-20 at 09:53, Fabian Keil wrote: George Shaffer [EMAIL PROTECTED] wrote: On Wed, 2006-10-18 at 12:47, Fabian Keil wrote: . . . They aren't attacking Tor, but misconfigured applications behind the Tor client. Which they said quite clearly in different words: Clearly Tor's designers have done a pretty good job: I couldn't find any weaknesses in Tor itself . . . So instead, I attacked the data which Tor carries the most of: web traffic. Please don't quote out of context. I wrote: I also think the title of the paper is intentionally misleading. ^ In case you did not notice, I used ellipses (. . .), the standard English language notation for omitted content. I considered the part that I left out an unfounded personal opinion that needed no comment. My whole point is that you have to read the paper before it becomes clear that there was no actual onion hacking involved. I'm aware that the author knows that he didn't attack Tor, but this doesn't change the fact that the title mislead me. Since you seem to want me to address that, I will. For my first comment the actual title does not matter. You use the word intentionally as an adjective to misleading. You start with I also think so you state this is opinion, and not necessarily fact, but basically you are saying that you think the authors are liars. No, I'm saying that the title is misleading and I assume this is intentional to get more attention. If the paper was titled Stating the obvious: as you already know from reading the documentation, Tor isn't an intercepting proxy and using a misconfigured browser has consequences, there would be a lot less readers. The second issue is a matter of fact to be determined. Is the title of the paper misleading? For that we do need the title. The subtitle is Finding the real address of Tor clients. Unless the authors are liars, and I think they present enough evidence that that is not likely, they did find 86 addresses in one day. They did exactly what the subtitle said, so I don't see how it could be misleading. While the author claimed to have found addresses of Tor clients, he found addresses of the system where the browser is running, and the addresses of the NAT system the browser is using. In many (probably most) cases the browser and the Tor client are running on the same system and share the same IP address, but that's not guaranteed. The main title is Practical Onion Hacking: and I expect your point is that they did not successful hack, crack, or break the Tor software, which everyone who read the article already knows. I think the first word Practical is important. I have come to expect, that when I see practical as part of the title of something in any way related to computer security, not to expect something esoteric, theoretical, or even necessarily very technical. What I do expect are topics loosely comparable to social engineering attacks or dumpster diving. These obviously have no relationship at all to the technical merits of any software, but they are part of the black hat arsenal. Lets say I puplish a paper called Practical lock picking: opening closed doors, whose content basically is: I didn't find any flaws in the locks, so obviously they are very well designed. I can't be bothered to tell you which attacks I tried, but just believe me that I know what I'm doing. So instead, I concentrated my efforts on the fact that some people hide the key under a stone near to the door. It's known to be bad practise, but some do it anyway. And oh my god, my research shows that these keys can be used to actual open the doors. Do you still think the title would not be misleading? After all everyone who reads the paper can tell that there was no lock picking involved, and the subtitle is true as some doors could be opened. In the meantime though, some users are depending on it for anonymity. You can be sure that someone in Red China, searching for information his or her government does not want them to see, is not likely to have mis configured or misused Tor for want of trying to get it right. I assume you mean the opposite of the last sentence? I've reread it multiple times, and while it may be complex or even awkward, I believe I said what I meant and meant what I said. To rephrase it, those referred to are highly likely to make every effort they can to get it right, and still some are failing. I don't see the and still some are failing part in your first sentence and read is not likely to have misconfigured or misused Tor as the opposite. But then again, English is not my native language. Anyway, there will always be some people who don't understand the documentation, or don't even bother to read it. That's the case for every product and not a Tor specific problem. But products also vary greatly in how easy or hard
Re: Practical onion hacking: finding the real address of Tor clients
George Shaffer [EMAIL PROTECTED] wrote: On Wed, 2006-10-18 at 12:47, Fabian Keil wrote: . . . They aren't attacking Tor, but misconfigured applications behind the Tor client. Which they said quite clearly in different words: Clearly Tor's designers have done a pretty good job: I couldn't find any weaknesses in Tor itself . . . So instead, I attacked the data which Tor carries the most of: web traffic. Please don't quote out of context. I wrote: I also think the title of the paper is intentionally misleading. ^ For a user new to Tor, the documentation is often confusing or ambiguous, important information is missing, and sometimes minor details over emphasized (especially in Tor FAQ). Tor is a young product and hopefully these problems will be remedied as it grows. In the meantime though, some users are depending on it for anonymity. You can be sure that someone in Red China, searching for information his or her government does not want them to see, is not likely to have mis configured or misused Tor for want of trying to get it right. I assume you mean the opposite of the last sentence? Anyway, there will always be some people who don't understand the documentation, or don't even bother to read it. That's the case for every product and not a Tor specific problem. The risks of JavaScript, Flash and friends are mentioned several times in the docs. It's also a good idea not to trust any exit nodes, except the ones you run yourself. If this is true, then the Tor network serves no useful purpose for the large majority of users who don't run Tor servers, let alone exit nodes. Why? Just because you can't trust a exit node, doesn't mean you can't use it. You just have to be aware that unencrypted traffic might have been altered. Even if in the future, some auditing process is set up for exit nodes, anyone using Tor, implicitly trusts whoever does the auditing, and he or she is likely to be self selected. Besides technical knowledge and connection limitations, there is at least one other valid reason for not running a Tor server. Comcast, the largest ISP in the U.S., has Terms of Use that very clearly prohibit any and all servers, including p2p, on any residential connection. I suspect some other ISPs have similar provisions. That's a rather lame excuse. Even if your local ISP doesn't allow you to run a Tor server, you can always get your own rootserver and run your exit node from there. Maybe I'm missing something, but except for a large company with many valid public IP addresses, what anonymity can you hope to gain by using your own exit node, except hiding from a network sniffer in the clutter of the other traffic which leaves the node. Whoever you connect to will still have the exit node's IP, which can presumably traced back to you. That's right, but I'm not saying you should only use your own exit nodes. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Practical onion hacking: finding the real address of Tor clients
Chris [EMAIL PROTECTED] wrote: That paper also demonstrates how easy it is to create a bad exit node that can poison traffic passing through it with spam, malware, trojans, fake sites and 0-day exploits. Which is nothing new. I also think the title of the paper is intentionally misleading. They aren't attacking Tor, but misconfigured applications behind the Tor client. The surprising result of their investigation seems to be that Tor doesn't automatically fix all applications on the system it runs on. Captain Obvious to the rescue. By joining the TOR network and becoming a server a rouge player instantly becomes a trusted ISP and can serve up anything they want and monitor everything passing through. Tor's documentation stresses several times that Tor isn't a replacement for application level security. It's also a good idea not to trust any exit nodes, except the ones you run yourself. I use firefox with noscript fully armed but every now and again I allow scripts for a certain site to access some functionality and then, no matter what site that is, if I am using tor I will be at more risk than if not using tor. This may be true in some environments, but certainly not always. If you have to assume that someone in your local network is trying to spy on you or alter your traffic, using Tor makes that a lot less likely What about people using IE on an unpatched machine. TOR becomes a BOT army recruitment center where the new soldiers walk right in. No need to advertise. I assume the old way (having all bots try to infect some other nodes randomly) is much more effective than to only target IE using Tor users. You are also less likely to get caught that way. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: tor bandwith ratio
gabrix [EMAIL PROTECTED] wrote: I'm sorry if recently my tor node argo666tor wasn't always up ... but i'm sort of experimenting how much bandwith i have to allocate to the tor network.My will is to give as much band as possible without slowing down my connection.I'm trying with this 4 rules: AccountingStart day 12:00 AccountingMax 600MB #BandwidthRate 100 KB #BandwidthBurst 200 KB But i seriously don't know witch one is best considering i have a TIM adsl flat! Maybe using queues for prioritising empty ACKs would already be good enough: http://www.benzedrine.cx/ackpri.html It's PF and ALTQ specific, but the same can be done with other packet filters. Additionally you could give all Tor traffic a lower priority, I think it would be a better solution than to set a hard bandwidth limit in Tor, which most of the time would limit your server more than necessary. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Tor not working
Spin Doctor [EMAIL PROTECTED] top posted (please don't): Firefox displays the 503 error page, saying This is Privoxy 3.0.3 on localhost (127.0.0.1), port 8118, enabled Connect failed Your request for http://[EMAIL PROTECTED] could not be fulfilled, because the connection to [EMAIL PROTECTED] (127.0.0.1) could not be established. This is often a temporary failure, so you might just try again. The easiest way to get this error message is not to start Tor, or have it listening on another address than Privoxy is expecting. Make sure that Tor is running and that its local address is the one Privoxy is configured to use: [EMAIL PROTECTED] ~ $lynx -dump http://config.privoxy.org/show-status | grep socks4 [46]forward-socks4a / 10.0.0.2:9050 . [EMAIL PROTECTED] ~ $sockstat -4l -p 9050 USER COMMANDPID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS 256 tor862 5 tcp4 10.0.0.2:9050 *:* Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Using Gmail (with Tor) is a bad idea
Fabian Keil [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] top posted (please don't): I'm not quite sure what you are saying? Are you saying that some info gets leaked if you use unencrypted http to transfer mail with gmail? Yes, and some info means everything but your password. And even if you enter through https://mail.google.com/, a man in the middle can send your browser a redirect to http://mail.google.com/, Google then sends your browser another redirect to the encrypted login page on another server and after the secured login you will get redirected back to http://mail.google.com/. Firefox/1.5.0.7 honours an unencrypted redirect as response for a https connection request. You don't get a warning, but of course if you look for it, you can see that the connection is unencrypted. I missed something here: in my test Firefox was already configured to use Privoxy as SSL proxy, which means it has to ask the proxy to connect to the SSL server. As this happens with an unencrypted request, the client also accepts an unencrypted response. Most likely the client does not accept an unencrypted redirect while trying to open a direct SSL connection (without any proxy involved). It might not even work, if the man in the middle isn't already located between SSL proxy and browser. If this is true, a Tor exit node wouldn't be the right place to send these bogus redirects. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Using Gmail (with Tor) is a bad idea
[EMAIL PROTECTED] wrote: [EMAIL PROTECTED]: Just in case you wondered whether Tor and Gmail are a good combination: They are not. I'm not quite sure what you are saying? Are you saying that some info gets leaked if you use unencrypted http to transfer mail with gmail? Yes, and some info means everything but your password. And even if you enter through https://mail.google.com/, a man in the middle can send your browser a redirect to http://mail.google.com/, Google then sends your browser another redirect to the encrypted login page on another server and after the secured login you will get redirected back to http://mail.google.com/. OK, is this specific to Google? Or are there other free/nonfree email services that are immune to this behavior? If so, please suggest. What about ecommerce or other secured sites? Any site that keeps the whole session encrypted and doesn't use redirects based on user supplied URL parameters is not affected. The problem is specific to a broken security concept and while there are probably a few websites with similar problems, you shouldn't have a problem finding one that gets it right, after all that's common sense since the invention of HTTPS. You can easily test for yourself if a website is affected. Use Privoxy to disable HTTPS after you successfully logged in. If you can still transfer privacy-sensitive data, you know that the site is broken. I can't comment on different web based email services because I don't use them. This short test was an exception to see which Privoxy filters have to be disabled to get GMail working. It wasn't my account and I would never trust Google to take care of my data anyway. For me a quick look at their terms and conditions already is reason enough to stay away from them. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Using Gmail (with Tor) is a bad idea
Claude LaFrenière [EMAIL PROTECTED] wrote: Hi *Fabian Keil* : Just in case you wondered whether Tor and Gmail are a good combination: They are not. Just one remark Sir. This site is accessible by anybody in clear : http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?textonly=1 which reveal these informations: DE *zwiebelkuchen tor.fabiankeil.de DE *zwiebelsuppetor.fabiankeil.de So it's easy to find fabiankeil.de and finally: You leave your email address in clear (in text) in your web site. This reveal your ID and this is the best way to be spamed... No? I don't intend to post anonymously on this list and I'm well aware that my website contains information about where I live and how anyone interested can reach me. That's intentionally as well. I use Tor to surf the web anonymously, but if I say something in public I usually use my real name. For the topics I'm interested in, that's currently not a problem in Germany. I still use encryption for privacy-sensitive information and if you run a Tor exit node, you will not be able to alter my mails without getting noticed. Did using Gmail + Tor + Thunderbird + Pgp/GnuPG and access Gmail with SSL/TLS connexion is not a better solution ? Personally I think using Gmail is never a solution. You are right though: if you are using a real mail client with real encryption, you shouldn't have a problem with man in the middle issues. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Using Gmail (with Tor) is a bad idea
Anothony Georgeo [EMAIL PROTECTED] wrote: --- Fabian Keil [EMAIL PROTECTED] wrote: Firefox/1.5.0.7 honours an unencrypted redirect as response for a https connection request. You don't get a warning, but of course if you look for it, you can see that the connection is unencrypted. Thanks for the heads up. You're welcome. I may be wise to also report this behaviour to the Firefox forums or bugzilla. Maybe the devs. will make FF provide a warning or an about:config setting to prevent https to http redirects. I don't consider this a Firefox problem and if you don't use broken sites the redirect isn't an issue. Also I don't have the feeling that privacy is a high priority for the Firefox team anyway, just have a look a the default configuration. Feel free to report this as Firefox bug, but as this doesn't affect me and as I could easily use Privoxy to disable redirects for untrusted sites, I'm not going to do anything about it my self. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Using Gmail (with Tor) is a bad idea
Tim McCormack [EMAIL PROTECTED] top posted (please don't): Jason Holt wrote: On Mon, 18 Sep 2006, Tim McCormack wrote: The problem is that Google puts the auth tokens in an http:// GET request -- you can see for yourself. And then it switches to https://. The exit node could grab your auth tokens, I guess. Since you're effectively at the same IP as the Tor exit node, gmail wouldn't know the difference. Where does that happen? When I go to gmail.com I get redirected to an https login page. After you login (which is on a https://www.google.com address), you are redirected (with auth tokens) to a http://mail.google.com/ address. There seem to be two issues: 1) Is Gmail secure with regard to the exit node, even when entering on https://www.gmail.com/? Depending on your browser setup, a man in the middle just has to redirect you to http://mail.google.com/ or directly to Google's login page and the situation is the same. You can easily overlook a few redirect, they usally take less than a second and Google uses lots of redirects anyway. 2) Is the Tor network leaking data with Gmail? This isn't a Tor problem at all, in an insecure network environment the same could be done. An exit node is just an convenient position to start this attack, it's cheap to run one and if you only sniff traffic, it's unlikely to get caught. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature
Re: Using Gmail (with Tor) is a bad idea
Taka Khumbartha [EMAIL PROTECTED] wrote: is the issue here not with gmail, but perhaps javascript? can anyone confirm that there is no in-secure re-direction if javascript is dis-abled? if there still is (in-secure re-direction), please be specific about how to observe such an in-security. The redirects I'm talking about are basic HTTP features and don't depend on JavaScript at all. It's possible to emulate redirects with JavaScript, but if an attacker is already in the position to run code on your system, she probably has better things to do than just to redirect you. If you want to see how a redirect looks like, use a Privoxy section like: {-limit-connect \ +redirect{http://tor.eff.org/} \ } secure-login.example.org:443/ Enter https://secure-login.example.org/ in your browser and see what happens. If you are still using Privoxy 3.0.3 use: {+block \ +handle-as-image \ -limit-connect \ +set-image-blocker{http://tor.eff.org/} \ } secure-login.example.org:443/ instead. Fabian -- http://www.fabiankeil.de/ signature.asc Description: PGP signature