Re: Using a Proxy with Tor
Thus spake Roger Dingledine ([EMAIL PROTECTED]): On Fri, Apr 20, 2007 at 06:41:43PM -0700, Mike Perry wrote: Regretably the proxy behavior with Tor is not all that good. For example, if for some reason the proxy is unreachable, it fails silently and reverts to non-proxied connections. If the proxy refuses to allow you to connect to a particular IP/port (for example, if you do not specify FascistFirewall), it prints out a warn, and then reconnects without using the proxy. Can you clarify this bug report? I was under the impression that Tor's proxy behavior was perfect, at least in 0.1.1.10-alpha and later. The above was what I noticed while briefly testing SETCONF HttpsProxy via the control port for different proxies, some unreachable, some that gave me 403 errors. It seemed that after the proxy failed once, it was ignored. Sometimes it failed silently and then was ignored. I suppose I could have been doing something strange accidentally. Or maybe the control port setting wasn't properly being propagated. I can retest sometime next week if you need me to. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpqBx0adybeH.pgp Description: PGP signature
Open DNS
Hey guys, I read an article from LH this morning about the OpenDNS service. http://tinyurl.com/24y2cn http://www.opendns.com/ Can I use this with Tor? Will that void any anonymity provided by Tor? Forgive me if this is a stupid question. Jay
Re: Open DNS
Ater Atrocitas writes: Ater Atrocitas Atrocitas is feminine, but the adjective form ater is masculine. To agree with atrocitas, assuming ater is meant to describe it, you need a feminine adjective atra (compare post equitem sedet atra Cura from Horace III, 1). -- Seth Schoen Staff Technologist[EMAIL PROTECTED] Electronic Frontier Foundationhttp://www.eff.org/ 454 Shotwell Street, San Francisco, CA 94110 1 415 436 9333 x107
Re: Open DNS
I read an article from LH this morning about the OpenDNS service. http://tinyurl.com/24y2cn http://www.opendns.com/ Can I use this with Tor? Will that void any anonymity provided by Tor? Forgive me if this is a stupid question. I call SCAM. Yes. SCAM, I tell you. This isn't really Tor related, so I'll keep it short. In bullet summary, we know: Their nameservers are: nameserver 208.67.222.222 nameserver 208.67.220.220 At first blush their service may seem plausible. However, try them and visit something like www.akljfdlkajdfasfd.com, which takes you to: http://guide.opendns.com/?url=www.akljfdlkajdfasfd.com I'm sorry, but if I try a non-existing domain then I prefer to be informed that the domain can not be found. OpenDNS will tell you Sure, there's a website called whateveryoutrytoresolve.com, here's the IP, and you should go visit that site and view all these advertisements we've put up there. Further, their nameservers really aren't all that fast. I've got 50ms ping to them and it takes them 345 ms to resolve a domain. They do cache, so if you lookup the same name twice then you get a quicker response, but so does bind and tinydns and those respond in 1msec if it's cached. As for Tor: I want to get a message saying the domain isn't found if it doesn't exist - I don't want no mikey mouse bullshit advertisement landing page. Thus; I'd really dislike it if you use OpenDNS with Tor and now you're sending all these random Tor-users to view the stupid advertisement. Now that you know OpenDNS is bullshit scam, consider this: I setup a fast Tor exit server, it uses my wildcard nameserver for it, I redirect every resolve failure to a landing page, I'm fairly sure that would upset quite a lot of people.. So don't use OpenDNS at all, specially not with Tor. I call it a SCAM. Perhaps that's a little harsh word, but I do view their service as basically nothing more than any other nameserver out there except that they wildcard any non-existing domain to their advertisement page.
Re: Open DNS
xiando [EMAIL PROTECTED] wrote: I read an article from LH this morning about the OpenDNS service. http://tinyurl.com/24y2cn http://www.opendns.com/ Can I use this with Tor? Will that void any anonymity provided by Tor? Forgive me if this is a stupid question. As for Tor: I want to get a message saying the domain isn't found if it doesn't exist - I don't want no mikey mouse bullshit advertisement landing page. Thus; I'd really dislike it if you use OpenDNS with Tor and now you're sending all these random Tor-users to view the stupid advertisement. I think there's a fair chance that the OP only wanted to reach OpenDNS through Tor for himself, and never intended to force OpenDNS upon other Tor users through an exit node. Fabian signature.asc Description: PGP signature
Re: Open DNS
xiando wrote: I read an article from LH this morning about the OpenDNS service. http://tinyurl.com/24y2cn http://www.opendns.com/ Can I use this with Tor? Will that void any anonymity provided by Tor? Forgive me if this is a stupid question. I call SCAM. Yes. SCAM, I tell you. This isn't really Tor related, so I'll keep it short. In bullet summary, we know: I think you misunderstand the meaning of the word scam. Their nameservers are: nameserver 208.67.222.222 nameserver 208.67.220.220 At first blush their service may seem plausible. However, try them and visit something like www.akljfdlkajdfasfd.com, which takes you to: http://guide.opendns.com/?url=www.akljfdlkajdfasfd.com I'm sorry, but if I try a non-existing domain then I prefer to be informed that the domain can not be found. OpenDNS will tell you Sure, there's a website called whateveryoutrytoresolve.com, here's the IP, and you should go visit that site and view all these advertisements we've put up there. If you'd spent two minutes reading their website you would have noticed that by signing up for an account you can turn off the feature you mentioned above. It's called typo correction and is described: When OpenDNS receives a request to resolve a domain which does not exist (known to techies as NXDOMAIN or RCODE 3), OpenDNS first attempts to correct any known typos and resolve the domain again. If that fails, OpenDNS uses the request as a search query to give you a page of search results. If you turn this feature off, you will no longer have us correct typos for you. Note: mail servers running DNSBLs and URIBLs work fine with typo correction enabled. You can hardly blame them for turning this on by default and using the advertising. But you can certainly applaud them for making it optional. It is a FREE service after all. Further, their nameservers really aren't all that fast. I've got 50ms ping to them and it takes them 345 ms to resolve a domain. They do cache, so if you lookup the same name twice then you get a quicker response, but so does bind and tinydns and those respond in 1msec if it's cached. That could be them doing typo correction for you. As far as I can see they're bloody fast. Your lack of knowledge about how their system works, the fact that you never posted any benchmarks, and you're poor usage of the word scam makes me disregard your speed comments. As for Tor: I want to get a message saying the domain isn't found if it doesn't exist - I don't want no mikey mouse bullshit advertisement landing page. Thus; I'd really dislike it if you use OpenDNS with Tor and now you're sending all these random Tor-users to view the stupid advertisement. He never said he'd do that. But guess what, if he wanted to do it, he could turn off the advertising. Now that you know OpenDNS is bullshit scam, consider this: I setup a fast Tor exit server, it uses my wildcard nameserver for it, I redirect every resolve failure to a landing page, I'm fairly sure that would upset quite a lot of people.. That's not what he said he'd do. So don't use OpenDNS at all, specially not with Tor. I call it a SCAM. Perhaps that's a little harsh word, but I do view their service as basically nothing more than any other nameserver out there except that they wildcard any non-existing domain to their advertisement page. Read their documentation. Everyone else, ignore this guy and check out the service yourselves. Mike P.S. I have no relationship to this site in any way other than having a peak at it a year or two back, and just signing up for a new account.
Re: Example hidden service issue
Roger Dingledine wrote: Wont that give google a map of Real IP - Hidden service name? Yes, you're absolutely right. Oops. Thanks for pointing it out. I originally split the setup instructions into two steps because people had a lot of trouble distinguishing whether they had screwed up editing their torrc or had screwed up setting up their webserver. It's doubly tricky because we're trying to be platform independent in the instructions. One option is to remove step one. This will cause more people to get confused and send us angry mail that our instructions are too hard. *snip option two* Just a reminder as it's been a few weeks since this discussion. The bad hidden service instructions are still up in the online documentation. I left option one above as I think that should be the option used, at least in the short term until someone gets around to writing some more extensive documentation. Mike
Re: Example hidden service issue
Roger Dingledine wrote: Yes, you're absolutely right. Oops. Thanks for pointing it out. *snip option two* Just a reminder as it's been a few weeks since this discussion. The bad hidden service instructions are still up in the online documentation. I left option one above as I think that should be the option used, at least in the short term until someone gets around to writing some more extensive documentation. Hi Mike, Thanks for the kick. This has been moving up my todo list, but I just jumped it to the top and finished it: Thanks. I was just checking it hadn't been forgotten :) http://tor.eff.org/docs/tor-hidden-service.html.en Folks, please let me know if this new page is intelligible and also if it fixes all the issues we've raised. It fixes the issue I raised. It all makes sense to me and is clear to follow, but then I'm speaking as someone that already understood how to do it... Regardless, complicated yet safe documentation is preferable to simple yet unsafe documentation. Mike