Re: headers in email
On 10/8/07, Michael_google gmail_Gersten <[EMAIL PROTECTED]> wrote: > On 10/6/07, Chris Jacobs <[EMAIL PROTECTED]> wrote: > > When email is remailed via TOR is it possible to add a header with a > > contact address for complaints, > > like in cypherpunk remailers? > Hmm. Technically, yes. > To do so, you have to run a MITM node that intercepts traffic, looks > at it, decides to modify it, and then alters the traffic being sent > over it. > That's the sort of thing that I think is considered a "bad thing". There are nodes with open port 25 outbound? I can't connect to port 25 via tor at the moment. The better way(tm) to do this would be to just run an open SMTP server as a hidden service, and run spam filtering, hashacash proof-of-work challenge, whatever anti-abuse stuff you want, along with header munging and striping, ... and advertise this server for people to set their SMTP out to... Then you don't have to feel bad about running a MITM node, and you might manage to stay up for more than a few minutes before being used to spam and getting blocked by every mail server on the planet. ;) On this subject, it would be pretty interesting if the hidden node support supported a client proof-of-work with server specified difficulty in order to open a connection. If the SMTP server host were setup to only allow one mail per connection the server could have POW based abuse mitigation without special client software.
Re: headers in email
On 10/6/07, Chris Jacobs <[EMAIL PROTECTED]> wrote: > When email is remailed via TOR is it possible to add a header with a contact > address for complaints, > like in cypherpunk remailers? Hmm. Technically, yes. To do so, you have to run a MITM node that intercepts traffic, looks at it, decides to modify it, and then alters the traffic being sent over it. That's the sort of thing that I think is considered a "bad thing".
Re: Torbutton 1.1.8-alpha (Usability improvements)
> The way I see it there are two reasons to use NewNym: > > 1) To change ones's pseudonym identity (IP address of > exit node) to a new pseudonym identity. In this case > all cookies, cache, etc should be cleared to insure > the new pseudonym identity is not correlated to the > old pseudonym identity. > > 2) To try and find a faster circuit when the current > one is too slow. When I am surfing and my browsing > session seems too slow (even for Tor) I may use NewNym > in the hope the next circuit will be faster (which > generally seems to be the case). === > In either case NewNym (New Identity) should be used > with care. I think most non-tech Tor users do not > fully grasp issues/concerns with NewNym. It seems > many Tor users view it as a silver bullet that will > automatically increase anonymity. The big issue that I am aware of is that lots of "new circuits" cause CPU overhead. Some sites are CPU bound, and are hurt by that. > > Firefox has the problem that if you clear cookies > > from a site, that site is permanently blocked from > > sending cookies. > > Not sure what you mean here. I clear cookies after > each time I use yahoo and yahoo is still able to send > me new cookies. Really? For me, if I remove a cookie, that site is prohibited from sending me any cookie after that. Caused me all sorts of problems until I realized this (I used to clean my cookies out regularly).
Re: Setting up a private tor network
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, > I am using 0.1.2.17. I am planning to run an application over tor so i was > not sure puppetor will work. I think i will try using that. Then you might encounter problems with 0.1.2.17, because PuppeTor is configured to be used with the development versions. This is kind of a dilemma: Newer Tor version require certain configuration options to be used in a private setting which are not understood by older Tor versions. So, you will need to remove some configuration strings before being able to use PuppeTor with 0.1.2.17. Or use the trunk version. Or I could include a version check and select configurations appropriately -- sometime. You could also use PuppeTor only to establish and initialize private network configurations, without performing actual test. Afterwards, you can re-use the working directories with their configuration files and state files and start the Tor processes on your own. Up to you. > My problem is > that the logs say that there is enough directory information but still it > does not try to make a circuit. I changed the code so that it builds > circuits all the time. But, it is like tor is not running at all. It is > supposed to make a circuit once it gets directory information but is not > doing so. Are there any reasons why it is not able to do so? Hard to say without your log files. From PuppeTor I know that newly configurated private Tor networks require multiple reloads before being stable. And this process also fails quite often. In general you should not have to change the Tor code to create a private Tor network. Maybe your changes are what prevents Tor from working properly?! Could you try whether PuppeTor is able to create a private network configuration for you -- with your changed and the unchanged Tor? If you have specific questions on PuppeTor, e.g. how to configure it for 0.1.2.17, you could also mail me off the list. And if this all fails, you could post a link to your info-level log files here. - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHCV/O0M+WPffBEmURAnmuAKCXzm/layHGwWeEWmhRFx25PPlKLgCgrQUJ 84LpzLGGnTD5GesN35Eh/mM= =YIv6 -END PGP SIGNATURE-
Re: Setting up a private tor network
Hi I am using 0.1.2.17. I am planning to run an application over tor so i was not sure puppetor will work. I think i will try using that. My problem is that the logs say that there is enough directory information but still it does not try to make a circuit. I changed the code so that it builds circuits all the time. But, it is like tor is not running at all. It is supposed to make a circuit once it gets directory information but is not doing so. Are there any reasons why it is not able to do so? Thanks Shreyas On 10/7/07, Karsten Loesing <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi Shreyas, > > > But nowadays when i start the network is says do not > > have enough directory information to build circuits. > > Which Tor version do you use? I had a potentially related problem with > the current trunk version that had to do with private IP addresses and > the directories. You could try to set the new config option > "ClientDNSRejectInternalAddresses" to 0. That option is not described in > the wiki, yet. But I'm not sure if that will solve your problem, too. > > Apart from that you might consider using PuppeTor for creating private > Tor network configurations and running whatever you want to test in it. > We developed it for testing and measuring hidden-service related things, > but it could also be useful for you. It also contains all our wisdom > measured in necessary configuration options and sending HUP signals to > create private Tor networks. You can find it here: > > https://tor-svn.freehaven.net/svn/puppetor/ > > - --Karsten > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.6 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHCSCK0M+WPffBEmURAo7oAKDO5KMXelzav5I7b+Bqb1YAxfqE+QCfajSc > IHSdYr0Ksp6NVezk10tOq/c= > =3evC > -END PGP SIGNATURE- >
Library Defeats Tor Followup Addl Info
Ok, promised I would report back. My testing time has been limited so this information is not complete, but will help I think. Here is what I have found: 1) you cannot connect to any tor server until you connect first to a library server, and accept the library TOS, else you get repeated error messages from each tor server "will try again later..." 2) Once you have accepted the TOS on their web page through a direct browser connection, then all DNS requests are made through that library server, subjecting you to profiling and tracking. Now the more interesting part: You can defeat #2 by not allowing dns/p53 requests in you firewall ruleset-that way all dns requests will then go directly to tor servers (as far as my fw logs seem to indicate). This slows down the web page and other requests considerably. I will have to relookup how to fix Microsuck OS to do it's dns lookups directly from the client as I recall it does not do it simply by putting entries in the hosts file. Even if dns requests are made to the library machine, running a sniffer seems to show that the TCP packets are still encrypted at the client level. I have not had a chance to analyze the sniffer logs yet well yet, but just watching the traffic shows encrypted TCP going to and from tor servers, so that part is safe. You must disable dns requests at the firewall to prevent leaking to the library IP. Once you do that it appears (again, on the surface without too much study) that your traffic, including dns requests is safe. I will do more intensive analysis and testing as time and access to the library connection permits. Any useful comments and feedback appreciated. On Sat, 29 Sep 2007 13:58:37 -0700, [EMAIL PROTECTED] said: > Give me a couple days and I will confirm and report back after running a > sniffer. > I don't use this library node often, so it will be a few days. Besides I > do not have the > firewall logs with me now, so don't want to misstate things until I am > sure and have gathered as much information as I can. > > > > > On Fri, 28 Sep 2007 23:57:17 -0500 (CDT), "Scott Bennett" > <[EMAIL PROTECTED]> said: > > On Fri, 28 Sep 2007 15:06:48 -0700 [EMAIL PROTECTED] wrote: > > > > >On Fri, 28 Sep 2007 15:02:53 -0700, [EMAIL PROTECTED] said: > > >> > > >> On Thu, 27 Sep 2007 21:20:42 -0500 (CDT), "Scott Bennett" > > >> <[EMAIL PROTECTED]> said: > > >> > On Thu, 27 Sep 2007 19:05:27 -0700 [EMAIL PROTECTED] wrote: > > >> > > > >> > >On Thu, 27 Sep 2007 19:52:30 -0500 (CDT), "Scott Bennett" > > >> > ><[EMAIL PROTECTED]> said: > > >> > >> On Thu, 27 Sep 2007 20:35:58 -0400 Watson Ladd > > >> > >> <[EMAIL PROTECTED]> > > >> > >> wrote: > > >> > >> >[EMAIL PROTECTED] wrote: > > >> > >> >> Then after agreeing to the TOS, you are able to connect to tor > > >> > >> >> servers,= > > >> > >> > > > >> > >> >> but all dns requests go through a library computer IP, such that > > >> > >> >> they > > >> > >> >> can see and record where you are going. I am not sure if they > > >> > >> >> can see > > >> > >> >> the TCP content, but the UDP (which I assume is the dns lookups > > >> > >> >> are all= > > > > What does your firewall software or other tool at your disposal have > > to > > say about the TCP packets from your browser? Do they go to privoxy? And > > where does it say that packets from privoxy go? To your tor client? > > Somewhere > > else? > > > > >> > >> >> being monitored and probably logged by the library server > > >> > >> >> through which= > > >> > >> > > > >> > >> >> you are connected. Firewall logs clearly show the outgoing and > > >> > >> >> incoming= > > >> > >> > > > >> > >> >> DNS packets to the library IP. Rest of connections to Tor > > >> > >> >> servers in th= > > >> > >> >e > > >> > >> >> firewall log appear normal. > > > > Just to confirm: your firewall log shows that the UDP packets in > > question are destined to some IP address and port 53? > > > > >> > >> >Make sure to run DNS queries over tor if anonymity is important. > > >> > >> > > >> > >> Absolutely. Check your privoxy configuration file to make > > >> > >> sure its > > >> > >> first line is > > >> > >> > > >> > >> forward-socks4a / localhost:9050 . > > >> > > > > >> > >already is > > >> > > > > >> > Okay. Good. > > >> > >> > > >> > >> If you're using some other port than 9050, change that accordingly. > > >> > >> Other > > >> > >> programs, e.g. PuTTY, will need to be configured, too, if you use > > >> > >> them. > > >> > >> In the case of PuTTY, each remote login site that you configure to > > >> > >> be > > >> > >> proxied through tor will need to be set to use socks5 and to do DNS > > >> > >> name > > >> > >> lookups at the proxy end (see "Proxy" under "Connection"). > > >> > >> > > >> > >> >>=20 > > >> > >> >> I have not run a sniffer yet on this, because my laptop is old > > >> > >> >> and it > > >> > >> >> might not be able to handle it. But tor anonymity is obviously > >
Re: Setting up a private tor network
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Shreyas, > But nowadays when i start the network is says do not > have enough directory information to build circuits. Which Tor version do you use? I had a potentially related problem with the current trunk version that had to do with private IP addresses and the directories. You could try to set the new config option "ClientDNSRejectInternalAddresses" to 0. That option is not described in the wiki, yet. But I'm not sure if that will solve your problem, too. Apart from that you might consider using PuppeTor for creating private Tor network configurations and running whatever you want to test in it. We developed it for testing and measuring hidden-service related things, but it could also be useful for you. It also contains all our wisdom measured in necessary configuration options and sending HUP signals to create private Tor networks. You can find it here: https://tor-svn.freehaven.net/svn/puppetor/ - --Karsten -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHCSCK0M+WPffBEmURAo7oAKDO5KMXelzav5I7b+Bqb1YAxfqE+QCfajSc IHSdYr0Ksp6NVezk10tOq/c= =3evC -END PGP SIGNATURE-
Re: Incognito Live CD using Polipo
Hi, > I am considering changing the Incognito LiveCD to use Polipo. Excellent news. > Polipo config - > https://tor-svn.freehaven.net/svn/incognito/branches/polipo/root_overlay/etc/polipo/ First point -- you'll definitely want to set disableLocalInterface. Since you're running with no on-disk cache, you will also want to increase the memory cache. No hard guidelines -- it depends on the machine's memory -- (The default in Polipo 1.0.3 is 24 MB or 1/4 the machine's memory, whichever is less. 1.0.2 and earlier use 8 MB). > serverSlots=4 > serverMaxSlots=8 I think that more experience is needed with finding the right value for serverSlots. I'm running polipo with serverSlots set to 2, 4 might be overkill. On a related note, you'll also want to decrease maxConnectionAge and maxConnectionRequests. I suggest 5 minutes and 120 connections, respec- tively. Plese see http://archives.seul.org/or/talk/Apr-2007/msg00076.html > censorReferer=maybe Yep. This is a reasonable compromise -- doesn't leak too much memory while not breaking most sites. > censoredHeaders=from, accept-language, x-pad, link, warning Don't censor Warning -- it allows the server to send information to the user, not the other way around. Any suggestion for additional censorings? Juliusz pgpD1lKGXaY9h.pgp Description: PGP signature
Setting up a private tor network
Hi I am trying to setup a private tor network and followed all the steps mentioned in the FAQ list. Now when i start running the network initially it used to run properly. But nowadays when i start the network is says do not have enough directory information to build circuits. I tried commenting that part out from the code so that it could build circuits all the time, but then it says the directory info is too old to build circuits. And the problem is these things keep popping up now and then. It works well for a while but if i end up stopping the network and restarting again then it gives this problem again. I am actually using tor to implement certain things on top of it and hence have the requirement of killing and restarting the tor nodes frequently. Is there anyway i could setup static circuits for a while or reduce the directory requirements so that a smal private network runs seemlessly? Thanks for your help in advance. Shreyas
