Re: When can I get TOR for mobile?
and...@torproject.org wrote: > On Tue, May 25, 2010 at 12:59:48PM +, tor-ad...@orionjurinform.com wrote > 0.8K bytes in 18 lines about: > : Does a Tor-version for WM exist? I thought that such tor-version didn't > : exist. > > It doesn't exist in binary form. However, thanks to a volunteer, we > just committed some code to support it this week. > > See, > https://gitweb.torproject.org/tor.git/commit/312f4ee410de718aaf20030d22a93f1c258faa37 > for an example. > I have got the 312f4ee410de718aaf20030d22a93f1c258faa37.tar.gz file and how I could install it to my WM-PPC? It seems me that I can't do it through make && make install under my Linux-machine (for WM). Sorry for lamer's qustion but I have never compiled windows-programs from sources. And where can I get OpenSSL and libz for the WM, does they exist? (I have read in the readme.txt file that "OpenSSL and libz both compile on MinGW out of the box"). *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: When can I get TOR for mobile?
On Tue, May 25, 2010 at 12:59:48PM +, tor-ad...@orionjurinform.com wrote 0.8K bytes in 18 lines about: : Does a Tor-version for WM exist? I thought that such tor-version didn't : exist. It doesn't exist in binary form. However, thanks to a volunteer, we just committed some code to support it this week. See, https://gitweb.torproject.org/tor.git/commit/312f4ee410de718aaf20030d22a93f1c258faa37 for an example. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
Dear all, My tor have a error,this is the message log: [Warning] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (Socket is not connected [WSAENOTCONN ]; NOROUTE; count 4; recommendation warn) I have already set the bridges. pls help me,thanks.
Re: Tor Exit Node hosting: torservers.net
Cool Story, bro. Thus spake Scott Bennett (benn...@cs.niu.edu): > Mike and Moritz, > Would you both *please* stop posting each message to multiple lists? > Thanks much. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpwX5jpdIrXf.pgp Description: PGP signature
Re: Tor Exit Node hosting: torservers.net
Hi Scott, >Mike and Moritz, > Would you both *please* stop posting each message to multiple >lists? >Thanks much. I have only posted the initial annoucement to both lists. -- Moritz Bartl GPG 0xED2E9B44 http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
Hi Mike, "If you're making non-commercial use of Tor software, you may also use the Tor onion logo (as an illustration, not as a brand for your products)." One of the sticky issues with trademark protection though is that if you do not defend your mark in all applicable cases, you lose the right to defend it in cases you actually do care about. So please do not take any decisions about your use personally. I understand that. I have removed the favicon for now until this is cleared. -- Moritz Bartl GPG 0xED2E9B44 http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
Mike and Moritz, Would you both *please* stop posting each message to multiple lists? Thanks much. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
Hi Mike, Thank you for your input. I agree with all you say, and to some degree it shows that it is yet unclear (from the site) what exactly I want to offer. I now think it might have been better to not make it public before getting that message transported, but I haven't published it anywhere outside of the Tor community lists yet. I want to have clear statements about WHAT you get for funding a node, and what monthly amount is left to cover before (!) a new node will be set up. Nobody will be billed before that node is ordered. Irregular donations really are something extra. At the moment, they come across to prominent because there are no "product plans" yet. I am all open for suggestions, I will outline my ideas in a wiki-like, open discussion, together with "early adopters" on the mailing list, until there are specific "products" to offer. That's why I called the section "Plans" after all. What I really need to attract is people who decide that they want to *own* (parts of) a Tor node, and are willing to pay a monthly fee for it. -- Moritz Bartl GPG 0xED2E9B44 http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
Thus spake Moritz Bartl (t...@wiredwings.com): > Let's look at what the Tor website has to say about its logo: > https://www.torproject.org/trademark-faq.html.en > > "If you're making non-commercial use of Tor software, you may also use > the Tor onion logo (as an illustration, not as a brand for your > products). Please don't modify the design or colors of the logo. You can > use items that look like the Tor onion logo to illustrate a point (e.g. > an exploded onion with layers, for instance), so long as they're not > used as logos in ways that would confuse people." > > I have also tried to contact the Tor developers through this mailing > list about my planned usage, but I guess I should do that more > explicitly, and will do that now in a mail to execdir. Sorry. It is very > important to me to do this with approval of the Tor community (that's > why "it started here"). The problem is that the Tor developers really don't know - they primarily write software rather than practice law :). Andrew and the Tor Board of Directors typically need to discuss these issues with actual lawyers. One of the sticky issues with trademark protection though is that if you do not defend your mark in all applicable cases, you lose the right to defend it in cases you actually do care about. So please do not take any decisions about your use personally. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpg4zD3zOc18.pgp Description: PGP signature
Re: Tor Exit Node hosting: torservers.net
Hi, Your use of the Tor name and logo (and style) is deceptive. I take it you didn't see the favicon. Look again. Fair enough, that is a tad misleading. Yes, I have used the Tor logo in several places. For one, I am not a graphics designer. Secondly, I think my usage (it its context) is neither "deceptive" nor misleading. Actually, I want to provide Tor services after all. When you look around, you will see a lot of people and companies using logos of products they do not own or are associated with. For example, you will often see the Microsoft logo in places where Microsoft products are sold. Let's look at what the Tor website has to say about its logo: https://www.torproject.org/trademark-faq.html.en "If you're making non-commercial use of Tor software, you may also use the Tor onion logo (as an illustration, not as a brand for your products). Please don't modify the design or colors of the logo. You can use items that look like the Tor onion logo to illustrate a point (e.g. an exploded onion with layers, for instance), so long as they're not used as logos in ways that would confuse people." I have also tried to contact the Tor developers through this mailing list about my planned usage, but I guess I should do that more explicitly, and will do that now in a mail to execdir. Sorry. It is very important to me to do this with approval of the Tor community (that's why "it started here"). See below on why I see my current usage as "non-commercial". Of course, that hope includes the big assumption of things like, > all donations being used to cover costs (no profit) I don't see "commercial" as bad per se. I don't see how I am competing with anyone, and if I did (if there was anyone else offering Tor services), that would be "useful" competition after all. Let me clear with this: I am a student, willing to put my time and effort into running Tor nodes (and more). Depending on what "products" I am building here - which is something that I hope to have designed in a "community effort" (hence the mailing list) - I might *some day* consider to make some small amount of "management fee". At the moment, this is not part of the plan. , and all sponsors getting their donations back if the new relays never get off the ground. The website is not clear about this yet, but I want to distinguish between node sponsorship and donations. Node sponsorship is "a product you can buy", like you can buy managed and unmanaged servers. These are recurring payments with a contract, towards one or more specific services. I will not collect sponsorship money until we - everyone who is interested in funding a node in some way or another - have decided on a specific configuration, setup and server, which will then be ordered. Donations on the other hand are irregular, nonrecurring payments. At the moment I agree that this looks like a "primary service" on torservers.net, but I really see it as something very optional - I just haven't worked on the other parts of the "Plans" page yet. I will add a section that one could also want to donate to the Tor project instead to fund development. Donations will be collected, amounts published, and once some node can be funded from them, used. One pragmatic approach to this would be to bill the regular node sponsors less in one month to make up for these irregular donations. I already have several people interested in funding a node, and even if I cannot find enough to fund a big node, there's always a small one we can add. > I haven't seen anything come out of his own mailing list yet, but you can be sure I'll be watching it closely. Thanks for your interest. :-) If you want to find out more about me, feel free to visit my blog at www.wiredwings.com . -- Moritz Bartl GPG 0xED2E9B44 http://www.torservers.net/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
Thus spake Moritz Bartl (t...@wiredwings.com):
> I set up a preliminary homepage at http://www.torservers.net/
>
> For the original discussion ("Tor Exit Node Sponsorship, looking for
> partners") see http://archives.seul.org/or/talk/May-2010/msg00058.html
>
> Basically it comes down to: I want to run another high bandwidth Tor
> exit and I am looking for individuals or companies to help sponsor it.
>
> To keep the noise down on OR-Talk/Tor-Relays, I have also created a
> mailing list for "hosted tor exit" discussion. If you want to stay
> informed, feel free to subscribe at http://www.freelists.org/list/torservers
>
> I am grateful for help, suggestions and other comments.
Hi Moritz,
I for one thing this is a great idea. I also welcome and encourage
others to step up and try to start similar projects, once we have a
good pattern down for a model that seems to work.
However, a common problem with donation-run projects like this (and
non-profits in general) is that everyone expects that the project will
succeed because someone else will jump in before them and fund it/save
it. Economists often call this the free-rider problem, but I think it
is more closely related to "Diffusion of Responsibility":
http://en.wikipedia.org/wiki/Diffusion_of_responsibility
Because of these fundamental aspects of human nature, I think it is
very important to set goals such as: "We will not start or maintain
this project at the target level until/unless we have X months of
future funding", where X is around 3 months initially, and ideally
6-12 months or more long term.
I think its also very important for people to see what their level of
dollar contribution gets them in terms of a percentage slice of exit
bandwidth for the Tor network. At the volumes you will likely be
purchasing bandwidth at, this is likely to be a very very compelling
ratio.
This financial data should be very public on your website. If the
account balance ever drops below the level that can support roughly
this many months of service, you should renegotiate your contract with
your ISP to a level of service that you can support, and begin
clamoring for more funding.
Without this level of public accounting and public announcement of
financial requirements, I imagine most people are just going to look
at your site and assume "Well, that's nice. Best of luck, hope it works
out for you!" and move on. I know, because that thought has been in
the back of my mind (although I already spend quite a bit of my
paycheck to support Tor-related infrastructure, so perhaps I
am justified :).
If instead it's clear to people that if they just donate that $10,
$50, or $200, that it will make a significant impact to your service
staying online for X amount of time with Y amount of additional
capacity, they are way more likely to step forward.
For what it's worth, the optimal one-time donation amount to
request for addons.mozilla.org addons has been statistically
determined to be $10. I'm not sure if the same
psychological/political/financial dynamics will apply here, though.
Your optimal requested donation amount may be higher or lower,
depending upon the impact people believe they will have with that
money, and any additional economies of scale you can present to them
for donating more/reaching a higher level of total funding.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
pgpnnlbAzLSa0.pgp
Description: PGP signature
Re: Tor Exit Node hosting: torservers.net
On 5/25/2010 7:39 PM, Curious Kid wrote: Yes, of course it should be obvious that it is not sponsored by The Tor Project. Maybe it's just me, then. I tend to assume that anything not on the official website isn't sponsored by the official project, unless they make a point of explicitly saying "Sponsored by...". If that's not as general an assumption as I would think, then perhaps it does bear making the point clear. I take it you didn't see the favicon. Look again. Fair enough, that is a tad misleading. People in the past have created "non-competing" companies that used the Tor name to increase their profits. This will be a contention point. Most of me hopes this is an honest effort at contributing to the Tor project. Of course, that hope includes the big assumption of things like, all donations being used to cover costs (no profit), and all sponsors getting their donations back if the new relays never get off the ground. Big hopes and big assumptions; time will tell I suppose. It should not be in very small letters in the most hidden spot. Frankly, the leadup posts in the mailing list raised red flags for me that it would deliberately try to look like part of The Tor Project. Again, maybe it's just me, but it was clearly visible on my screen when I brought the page up. I haven't seen anything come out of his own mailing list yet, but you can be sure I'll be watching it closely. Cautious optimism is the way to go with any new project like this, methinks. ~japlin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
> > Your use of the > Tor name and logo (and style) is deceptive. Why did you make your disclaimer > in > fine print under the website? It looks like a copyright notice. Many people > won't bother to read it. Should he have to? The only place I see Tor's Yes, of course it should be obvious that it is not sponsored by The Tor Project. > logo is where he's explaining what Tor is. I thought it was pretty clear from > a I take it you didn't see the favicon. Look again. > quick glance that his website is about providing hosting, not competing with > the > Tor Project. People in the past have created "non-competing" companies that used the Tor name to increase their profits. The disclaimer I imagine is just that, a "Don't contact me I would not imagine that. > with legal or support issues meant for Tor's staff." Doesn't exactly have to > be > in bold red > letters. It should not be in very small letters in the most hidden spot. Frankly, the leadup posts in the mailing list raised red flags for me that it would deliberately try to look like part of The Tor Project. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
On May 25, 2010, at 6:59 PM, Curious Kid wrote: Your use of the Tor name and logo (and style) is deceptive. Why did you make your disclaimer in fine print under the website? It looks like a copyright notice. Many people won't bother to read it. Should he have to? The only place I see Tor's logo is where he's explaining what Tor is. I thought it was pretty clear from a quick glance that his website is about providing hosting, not competing with the Tor Project. The disclaimer I imagine is just that, a "Don't contact me with legal or support issues meant for Tor's staff." Doesn't exactly have to be in bold red letters. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
> because it's still undocumented vaporware. I still think the whole > thing smacks of being a honeypot for gullible humans. They have gotten awesome news coverage in over a dozen big-name media outlets. http://www.censorshipresearch.org/press/ I wonder why that is. The whole project seems intensely focused on Iran. I wonder why that is, but it could explain the news coverage. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor Exit Node hosting: torservers.net
> Hi, I set up a preliminary homepage at > http://www.torservers.net/ Your use of the Tor name and logo (and style) is deceptive. Why did you make your disclaimer in fine print under the website? It looks like a copyright notice. Many people won't bother to read it. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On Tue, May 25, 2010 at 04:01:43PM -0400, Ted Smith wrote: > > I couldn't figure > > out why the author, Kurt Knutson of WGN TV, was so taken in by something > > that > > isn't even available yet and about which there is so little publicly > > available > > information. > > > Maybe Tor Project should talk to his publicist ;-) Tor certainly takes a different approach to publicity compared to people like Haystack. We prefer to let our technology and deployment do the speaking, and then explain it to people once it's clear there's something worth explaining. As has been made clear in all areas of technology over the past years, though, the publicity side of things doesn't care whether you have the technology sorted out or not. Still, no thanks. I'd rather spend my time figuring out how to make the technology actually work, than telling people about how great it'll be. That said, massive publicity engines like this one can still do the field some good. First, it reminds a much broader segment of society about the issues. Second, it draws the attention of the censors. :) > > >looks like they'll be running single-hop proxies from various hosts, and > > >distributing that list inside the proprietary software they distribute > > > > That's more than I managed to extract from it, but that certainly > > looks very bad if that is indeed what they are doing. > > > They're just trying to tunnel traffic out of the "oppressive" countries, > not provide actual anonymity (though they're very unclear about > admitting this and should probably say it in big flashing red letters). > They admit that tunneling Tor through their system would be a "good" > thing. Big red warning letters are actually something that these other projects attack us about. After all, if you scare your users, they'll just go elsewhere, or "worse", they'll stop trying to circumvent their firewall as much. It does worry me that so many of these projects see circumvention and user privacy as totally unrelated goals. Iran sure has been learning its lesson in that regard, with all the shiny new deep packet inspection hardware their government is deploying. Check out these quotes from Iran's chief of police: http://www.reuters.com/assets/print?aid=USTRE61800J20100209 For more reading, check out #5 at https://svn.torproject.org/svn/projects/articles/circumvention-features.html It sure would be cool if somebody worked on pluggable ways to transport Tor traffic in a more unobservable way. I suspect that starting over is an unlikely route to get there though. --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On Tue, 2010-05-25 at 14:36 -0500, Scott Bennett wrote: > On Tue, 25 May 2010 13:33:23 -0400 Ted Smith > wrote: > >On Tue, 2010-05-25 at 01:45 -0500, Scott Bennett wrote: > >> I don't know who "Censorship Research Center" might be, but they claim > >> to have a development project going for another encrypted proxy service. > >> However, they say it will be free software, but *not* be open source, so = > >no > >> one can examine what they have done in order to look for bugs, design fla= > >ws, > >> etc. :-( There isn't much real information at the web site, > >>=20 > >>http://www.haystacknetwork.com > >>=20 > >> but what little there is looks very much like an attempt to sucker people > >> who don't understand much about security. > >> Oh. I almost forgot. Their FAQ page mentions tor, complaining abou= > >t > >> tor's publicly available directory and arguing that their method is bette= > >r, > >> while not mentioning bridges. > > > >I saw this a while ago. From what I could get from their website, it > > What drew my attention to it was a small newspaper column in yesterday's > _Fib_ (a.k.a. _Trib_ a.k.a. _The_Chicago_Tribune_) that I saw at a coffee > shop. The author was all ga-ga about it, praising Austin Heap as if he > should be canonized ASAP for his wonderful work for freedom of speech. > Being somewhat of a skeptical nature, I looked up the web site referred to > in the article when I got back to my apartment last night. I couldn't figure > out why the author, Kurt Knutson of WGN TV, was so taken in by something that > isn't even available yet and about which there is so little publicly available > information. > Maybe Tor Project should talk to his publicist ;-) > >looks like they'll be running single-hop proxies from various hosts, and > >distributing that list inside the proprietary software they distribute > > That's more than I managed to extract from it, but that certainly > looks very bad if that is indeed what they are doing. > They're just trying to tunnel traffic out of the "oppressive" countries, not provide actual anonymity (though they're very unclear about admitting this and should probably say it in big flashing red letters). They admit that tunneling Tor through their system would be a "good" thing. signature.asc Description: This is a digitally signed message part
Re: [OT] another proxy, but not open source :-(
On Tue, 25 May 2010 13:33:23 -0400 Ted Smith wrote: >On Tue, 2010-05-25 at 01:45 -0500, Scott Bennett wrote: >> I don't know who "Censorship Research Center" might be, but they claim >> to have a development project going for another encrypted proxy service. >> However, they say it will be free software, but *not* be open source, so = >no >> one can examine what they have done in order to look for bugs, design fla= >ws, >> etc. :-( There isn't much real information at the web site, >>=20 >> http://www.haystacknetwork.com >>=20 >> but what little there is looks very much like an attempt to sucker people >> who don't understand much about security. >> Oh. I almost forgot. Their FAQ page mentions tor, complaining abou= >t >> tor's publicly available directory and arguing that their method is bette= >r, >> while not mentioning bridges. > >I saw this a while ago. From what I could get from their website, it What drew my attention to it was a small newspaper column in yesterday's _Fib_ (a.k.a. _Trib_ a.k.a. _The_Chicago_Tribune_) that I saw at a coffee shop. The author was all ga-ga about it, praising Austin Heap as if he should be canonized ASAP for his wonderful work for freedom of speech. Being somewhat of a skeptical nature, I looked up the web site referred to in the article when I got back to my apartment last night. I couldn't figure out why the author, Kurt Knutson of WGN TV, was so taken in by something that isn't even available yet and about which there is so little publicly available information. >looks like they'll be running single-hop proxies from various hosts, and >distributing that list inside the proprietary software they distribute That's more than I managed to extract from it, but that certainly looks very bad if that is indeed what they are doing. >(IIRC). They also say they'll be using HTTP as the transport protocol, >which means either that the content will be unencrypted or that it'll be >tunneled through HTTP.=20 > >I wonder if they'll sign the binary blobs they distribute; it would be >very easy for the police in any country to distribute their own >backdoored version (via sneakernet) and just arrest everyone who uses >it. > Maybe they'll sign it with their own in-house equivalent to PGP, too. :-} Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On Tue, 2010-05-25 at 20:28 +0200, Olaf Selke wrote: > Ted Smith schrieb: > > > > I wonder if they'll sign the binary blobs they distribute; it would be > > very easy for the police in any country to distribute their own > > backdoored version (via sneakernet) and just arrest everyone who uses > > it. > > I wonder why they're so exclusively focused on Iran. Their mission is to > "provide safe, unfiltered Internet to the people of Iran ...". How do > their users know it's not the Mossad behind the project? Anyway, I don't > care. Because when this started Iran was probably on the news. If it was a few years previous, they'd be talking about Burma. signature.asc Description: This is a digitally signed message part
Re: [OT] another proxy, but not open source :-(
Ted Smith schrieb: > > I wonder if they'll sign the binary blobs they distribute; it would be > very easy for the police in any country to distribute their own > backdoored version (via sneakernet) and just arrest everyone who uses > it. I wonder why they're so exclusively focused on Iran. Their mission is to "provide safe, unfiltered Internet to the people of Iran ...". How do their users know it's not the Mossad behind the project? Anyway, I don't care. Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On Tue, 2010-05-25 at 01:45 -0500, Scott Bennett wrote: > I don't know who "Censorship Research Center" might be, but they claim > to have a development project going for another encrypted proxy service. > However, they say it will be free software, but *not* be open source, so no > one can examine what they have done in order to look for bugs, design flaws, > etc. :-( There isn't much real information at the web site, > > http://www.haystacknetwork.com > > but what little there is looks very much like an attempt to sucker people > who don't understand much about security. > Oh. I almost forgot. Their FAQ page mentions tor, complaining about > tor's publicly available directory and arguing that their method is better, > while not mentioning bridges. I saw this a while ago. From what I could get from their website, it looks like they'll be running single-hop proxies from various hosts, and distributing that list inside the proprietary software they distribute (IIRC). They also say they'll be using HTTP as the transport protocol, which means either that the content will be unencrypted or that it'll be tunneled through HTTP. I wonder if they'll sign the binary blobs they distribute; it would be very easy for the police in any country to distribute their own backdoored version (via sneakernet) and just arrest everyone who uses it. signature.asc Description: This is a digitally signed message part
Tor on a Tablet (Android!)
Here's a quick post with images of Orbot running on a 7" Android tablet: http://guardianproject.info/2010/05/25/tor-on-a-tablet/ This is a wifi-only device so it may be a better option for a truly secured Android solution, than something with a closed-source Qualcomm chipset in it. I plan to do a tear down of this hardware soon to see just what is making it tick. +Nathan PGP.sig Description: This is a digitally signed message part
Re: [OT] another proxy, but not open source :-(
I seem to recall that something called haystack, with a remarkably similar webpage was the software and donations portal developed by @austinheap during the Iran election. Since Heap's twitter is still linked from the haystacknetworkcom page, I assume that this project remains the offspring of that effort. I can't comment directly, but I recall that the effort seemed pretty legitimate at that time. I assume that it's still legitimate, even if not free software in the strictest sense. The Censorship Research Center is San Francisco non-profit, started by Heap. They do have a contact form on their about page: http://www.censorshipresearch.org/about/ While I think that free (as in speech as in Stallman) software is the best way to go, I can understand why someone of good intentions might think otherwise. I reckon that haystack is not a malicious honeypot, or cynical effort to relive people of their cash. However, I do think that the project may not be overly successful, and that donations would do more good elsewhere. On 25 May 2010 02:45, Scott Bennett wrote: > I don't know who "Censorship Research Center" might be, but they claim > to have a development project going for another encrypted proxy service. > However, they say it will be free software, but *not* be open source, so no > one can examine what they have done in order to look for bugs, design > flaws, > etc. :-( There isn't much real information at the web site, > >http://www.haystacknetwork.com > > but what little there is looks very much like an attempt to sucker people > who don't understand much about security. > Oh. I almost forgot. Their FAQ page mentions tor, complaining about > tor's publicly available directory and arguing that their method is better, > while not mentioning bridges. > > > Scott Bennett, Comm. ASMELG, CFIAG > ** > * Internet: bennett at cs.niu.edu * > ** > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > *-- Gov. John Hancock, New York Journal, 28 January 1790 * > ** > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ >
Re: When can I get TOR for mobile?
Nathan Freitas wrote: > Sorry, there is no version of Tor available for that class of Java phone > currently. You need to upgrade to an Android, Windows Mobile, Nokia N900 or > iPhone device. > > On May 24, 2010, at 12:20 PM, emigrant wrote: > >> sony ericsson k530i > > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > Does a Tor-version for WM exist? I thought that such tor-version didn't exist. Where I can get it? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
RE: [OT] another proxy, but not open source :-(
The Haystack developer was interviewed for the BBC documentary The Virtual Revolution - this episode I think: http://www.bbc.co.uk/worldservice/documentaries/2010/03/100301_the_virtual_revolution_part_two.shtml and see http://news.bbc.co.uk/1/hi/world/middle_east/8505645.stm GD _ Hotmail has tools for the New Busy. Search, chat and e-mail from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_1
Re: problem with bridges and a suggestion
On Tue, May 25, 2010 at 05:18:44PM +0800, for.tor.bri...@gmail.com wrote 1.3K bytes in 36 lines about: : china is blocking TOR more and more strict, : I can't establish a TOR circuit even I updated bridges in config file : of torrc with info retrieved from https://bridges.torproject.org and : email replies from brid...@torproject.org. Correct. We are aware of this. : this morning, I got some new bridges through a hidden https proxy and : established a TOR circuit, but after some time, I lost the connection : and couldn't establish a TOR circuit any more. Can you send debug logs to tor-assista...@torproject.org with what happens when your client tries to connect to the bridges? : from my knowledge to china's blocking methods, I believe they found my : newly got bridges through network traffic protocol analysis, and : blocked them. This is unlikely. In our experience, they are merely blocking IP:Port combinations. : use a general protocol for TOR clients to interact with bridges, so : that they can't distinguish the traffic between TOR clients and : bridges, : so that they can't find new bridges got through private ways. Tor traffic through bridges vs. public relays is the same. There is not a special "bridge connection". See https://www.torproject.org/faq#RelayOrBridge, also that text needs to be updated to reflect China's uniqueness in filtering Tor public relays. : the general protocol could be https which is encryption protected; It is already. What may be unique is we start the connection with a TLS renegotiation. This is probably starting to stand out as unique now that OpenSSL decided to everyone used renegotiation incorrectly and almost all operating systems have erroneously disabled this functionality by default. See https://www.torproject.org/faq#KeyManagement : the general protocol could be plain http, if you can encode its : content dynamically and privately, and don't make it display any : fingerprints. Then someone can read your traffic. Hiding in plain sight sounds good on paper, but doesn't stand up to academic research, so far. See https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#YoushouldusesteganographytohideTortraffic. -- Andrew Lewman The Tor Project pgp 0x31B0974B Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On 5/25/2010 6:22 AM, Scott Bennett wrote: "Proprietary" means the client companies pay for it, right? Which means they are funding its development, right? Windows Server releases are closed source, right? And client companies install and use it, right? Now, none of that tells us "how many large contributors would be willing to install closed-source software that they're not involved in developing on their servers", but I should think that the number may be fairly large. Ha, I see your point. Although by "large contributors" I was thinking of those awesome souls to run our heavy-duty relays and not corporations. A quick run-through of our top 50 contributors shows 47 Linux boxes and 3 FreeBSD boxes. I guess I'm just biased into thinking it's the open-software nuts who most support the cause ;-) ~Japlin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On Tue, 25 May 2010 05:55:34 -0400 "Aplin, Justin M" wrote: >On 5/25/2010 4:59 AM, Scott Bennett wrote: >> You may well be assuming too much. It's not easy to know at this >> point because it's still undocumented vaporware. I still think the >> whole thing smacks of being a honeypot for gullible humans. >> > >I'll admit I could be totally off base. But it's 5 in the morning and I >honestly can't think of another way they could implement what they're >trying to do (effectively, anyway) without an enormous infrastructure. >Cheapest way to create one seems to be distributing your free software >and having your users act as... oh wait, somebody thought of that already! :-) > >> Well, that, at least, happens all the time. How many installations >> of Windows Server 200[38] would you guess there are, for example? >> > >Maybe I've been out of the game for too long, but in my experience >proprietary software is used either because it works well, or because it "Proprietary" means the client companies pay for it, right? Which means they are funding its development, right? Windows Server releases are closed source, right? And client companies install and use it, right? Now, none of that tells us "how many large contributors would be willing to install closed-source software that they're not involved in developing on their servers", but I should think that the number may be fairly large. >comes with support (i.e. insurance). The Windows servers, for example, >work well in corporate environments running a large number of Windows >machines in a Domain, and often said corporation will purchase support >to go with it. It's worth the cost to keep things running (somewhat) >smoothly. If you have a free alternative that works just as well and can >be maintained by your staff without too much ado, odds are it will be >used. Apache on *nix comes to mind as one example, as opposed to IIS. > >So if we have two free softwares, one open-source and one closed-source, >neither with any *explicit* support, the choice is going to come down to >which one works better, and which one looks better. If they put out a >crappy product, odds are it'll get uninstalled by the majority of users >who just don't want to bother fucking with it. If it's a decent product, >however, and it has a decent UI, and their production team can keep up >with releases and bugfixes and whatnot, we may be in for some viable >competition. We'll see. Somehow I doubt it. > >> China has done that at least once already. They apparently managed >> to get ~80% of what the bridge authorities had at the time, IIRC. Yet >> the remainder continued to operate and serve many people in China during >> that time. And bridges come and go, just like ordinary relays. Many >> are on dynamically assigned IP addresses, so their addresses change, >> thereby invalidating those data in the Chinese government's list. >> > >The picture in my head reminds me of this, for some reason: >http://xkcd.com/350/ Nice call! ;) > >>> I am a tad unnerved at the number of links to the donation page, >>> though I appreciate the costs associated with such an endeavor. >>> >>> >> Indeed. >> > >As an aside, they do have a shiny-looking website, and I won't pretend >users aren't attracted to that. We could do with a little shininess >ourselves. Still though, pandering for donations when you're not even >offering any sort of product or service... honeypot indeed. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On 5/25/2010 4:59 AM, Scott Bennett wrote: You may well be assuming too much. It's not easy to know at this point because it's still undocumented vaporware. I still think the whole thing smacks of being a honeypot for gullible humans. I'll admit I could be totally off base. But it's 5 in the morning and I honestly can't think of another way they could implement what they're trying to do (effectively, anyway) without an enormous infrastructure. Cheapest way to create one seems to be distributing your free software and having your users act as... oh wait, somebody thought of that already! Well, that, at least, happens all the time. How many installations of Windows Server 200[38] would you guess there are, for example? Maybe I've been out of the game for too long, but in my experience proprietary software is used either because it works well, or because it comes with support (i.e. insurance). The Windows servers, for example, work well in corporate environments running a large number of Windows machines in a Domain, and often said corporation will purchase support to go with it. It's worth the cost to keep things running (somewhat) smoothly. If you have a free alternative that works just as well and can be maintained by your staff without too much ado, odds are it will be used. Apache on *nix comes to mind as one example, as opposed to IIS. So if we have two free softwares, one open-source and one closed-source, neither with any *explicit* support, the choice is going to come down to which one works better, and which one looks better. If they put out a crappy product, odds are it'll get uninstalled by the majority of users who just don't want to bother fucking with it. If it's a decent product, however, and it has a decent UI, and their production team can keep up with releases and bugfixes and whatnot, we may be in for some viable competition. We'll see. Somehow I doubt it. China has done that at least once already. They apparently managed to get ~80% of what the bridge authorities had at the time, IIRC. Yet the remainder continued to operate and serve many people in China during that time. And bridges come and go, just like ordinary relays. Many are on dynamically assigned IP addresses, so their addresses change, thereby invalidating those data in the Chinese government's list. The picture in my head reminds me of this, for some reason: http://xkcd.com/350/ I am a tad unnerved at the number of links to the donation page, though I appreciate the costs associated with such an endeavor. Indeed. As an aside, they do have a shiny-looking website, and I won't pretend users aren't attracted to that. We could do with a little shininess ourselves. Still though, pandering for donations when you're not even offering any sort of product or service... honeypot indeed. ~japlin *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor Exit Node hosting: torservers.net
Hi,
I set up a preliminary homepage at http://www.torservers.net/
For the original discussion ("Tor Exit Node Sponsorship, looking for
partners") see http://archives.seul.org/or/talk/May-2010/msg00058.html
Basically it comes down to: I want to run another high bandwidth Tor
exit and I am looking for individuals or companies to help sponsor it.
To keep the noise down on OR-Talk/Tor-Relays, I have also created a
mailing list for "hosted tor exit" discussion. If you want to stay
informed, feel free to subscribe at http://www.freelists.org/list/torservers
I am grateful for help, suggestions and other comments.
--
Moritz Bartl
GPG 0xED2E9B44
http://www.torservers.net/
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
problem with bridges and a suggestion
dear friends, problem: china is blocking TOR more and more strict, I can't establish a TOR circuit even I updated bridges in config file of torrc with info retrieved from https://bridges.torproject.org and email replies from brid...@torproject.org. this morning, I got some new bridges through a hidden https proxy and established a TOR circuit, but after some time, I lost the connection and couldn't establish a TOR circuit any more. from my knowledge to china's blocking methods, I believe they found my newly got bridges through network traffic protocol analysis, and blocked them. so my suggestion is: 1. use a general protocol for TOR clients to interact with bridges, so that they can't distinguish the traffic between TOR clients and bridges, so that they can't find new bridges got through private ways. 2. the general protocol could be https which is encryption protected; the general protocol could be plain http, if you can encode its content dynamically and privately, and don't make it display any fingerprints. by the way, I'm not a native english speaker, please pardon my awkward english. sincerely frank *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On Tue, 25 May 2010 03:30:34 -0400 Justin Aplin wrote: >On May 25, 2010, at 2:45 AM, Scott Bennett wrote: > >> I don't know who "Censorship Research Center" might be, but they >> claim >> to have a development project going for another encrypted proxy >> service. >> However, they say it will be free software, but *not* be open >> source, so no >> one can examine what they have done in order to look for bugs, >> design flaws, >> etc. :-( There isn't much real information at the web site, > >Without the community support, I wonder how quickly it could be >adopted. I'm assuming it's going to rely on user-run exits like Tor, You may well be assuming too much. It's not easy to know at this point because it's still undocumented vaporware. I still think the whole thing smacks of being a honeypot for gullible humans. >and I wonder how many large contributors would be willing to install >closed-source software that they're not involved in developing on >their servers. Well, that, at least, happens all the time. How many installations of Windows Server 200[38] would you guess there are, for example? > >> but what little there is looks very much like an attempt to sucker >> people >> who don't understand much about security. >> Oh. I almost forgot. Their FAQ page mentions tor, complaining >> about >> tor's publicly available directory and arguing that their method is >> better, >> while not mentioning bridges. > >Haters' gonn' hate. I'll admit, though, that using bridges might be a >bit above the "average" user, especially when it comes to finding >them. Not exactly plug-n-play. I also don't see why it would be >terribly difficult for a sufficiently determined government to amass a >large list of bridges and make that option essentially (if not >completely) inviable. China has done that at least once already. They apparently managed to get ~80% of what the bridge authorities had at the time, IIRC. Yet the remainder continued to operate and serve many people in China during that time. And bridges come and go, just like ordinary relays. Many are on dynamically assigned IP addresses, so their addresses change, thereby invalidating those data in the Chinese government's list. > >I am a tad unnerved at the number of links to the donation page, >though I appreciate the costs associated with such an endeavor. > Indeed. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: [OT] another proxy, but not open source :-(
On May 25, 2010, at 2:45 AM, Scott Bennett wrote: I don't know who "Censorship Research Center" might be, but they claim to have a development project going for another encrypted proxy service. However, they say it will be free software, but *not* be open source, so no one can examine what they have done in order to look for bugs, design flaws, etc. :-( There isn't much real information at the web site, Without the community support, I wonder how quickly it could be adopted. I'm assuming it's going to rely on user-run exits like Tor, and I wonder how many large contributors would be willing to install closed-source software that they're not involved in developing on their servers. but what little there is looks very much like an attempt to sucker people who don't understand much about security. Oh. I almost forgot. Their FAQ page mentions tor, complaining about tor's publicly available directory and arguing that their method is better, while not mentioning bridges. Haters' gonn' hate. I'll admit, though, that using bridges might be a bit above the "average" user, especially when it comes to finding them. Not exactly plug-n-play. I also don't see why it would be terribly difficult for a sufficiently determined government to amass a large list of bridges and make that option essentially (if not completely) inviable. I am a tad unnerved at the number of links to the donation page, though I appreciate the costs associated with such an endeavor. ~japlin
