Re: My relay never shows up
Yes, I appear to have shown up. I went over everything I could think of and finally checked my firewall/router and for some reason/at some point, the dyndns setting was deactivated. It appears that my actual IP was unavailable to tor (just my local IP). Reactivating dyndns looks like it fixed it. praedor On Wednesday, August 11, 2010 03:48:20 pm you wrote: > Am 11.08.2010 15:20, schrieb Praedor Atrebates: > > I am running a tor relay called "Stonekeep". > > is it you? > > http://torstatus.blutmagie.de/router_detail.php?FP=a0470c0ea30c3a4d58048db134b8f9e7c6b52d6c > > Olaf > *** > To unsubscribe, send an e-mail to majord...@torproject.org with > unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ > > -- Economics is not practiced as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Restricted Exit Policy Port Suggestions?
On Wed, Aug 11, 2010 at 11:52 AM, Mike Perry wrote: [snip] > Sometimes, you just need to pick your battles. If you believe the DMCA > is bullshit and want a full exit policy, I think the practical answer > is "Go outside the US for bandwidth". Or, be prepared to provider-hop > for a good, long time. [snip] This is, however, bad for the diversity of the Tor network. Ideally there would be exists as widely spread as possible in order to minimize the return on investment for attackers. It seems to me that there exists an opportunity to collaboratively build a list of destinations which are "safe"— in that the probability of an ISP complaint or an unfriendly law enforcement visit is effectively insignificant. Safe destinations might include things like some network services (DNS, esp if tor moves to the TCP dns stuff which has been discussed lately), human rights organizations, other anonymity services, read-only web resources, services which already have special handling for tor (e.g. Wikipedia, which is effectively read-only for Tor exits, IRC networks which identify and specially handle Tor), and services which are known not to keep logs. While these destinations would only amount to only a tiny fraction of the Internet they could amount to a reasonable portion of the overall exit usage thus freeing up the rest of the exit capacity for everything that can't use these limited exits and providing increased performance and diversity for things that can. This is something that would require some technical infrastructure. Currently nodes don't get an exit flag unless they are fairly broadly open... and thousands of nodes each running a different idea of the safe destinations would create a computational burden on circuit creation as well as significant directory bloat. Setting the exit flag on nodes with very narrow exit policies would also facilitate the creation of targeted exit spying nodes. To avoid these problems a single template exit list could be distributed with the directories then included in node exit lists. I don't have any great answer on how to create and manage such a list— a small one is fairly easy to manage but I don't expect a large one to be. But I think the bigger question is: would the existence of this option discourage the creation of full exits to such an extent that it would hurt the tor network overall? At least in the US and soon, with the ACTA, perhaps most of the developed world I think the answer is no. The difficulty in establishing network connectivity which won't be immediately shutdown due to overzealous notice-and-takedown conformance is already so great that anyone running a full exit instead of a relay is obviously putting out a special effort to do so. The existence of an easy limited-exit option shouldn't change the incentives much. There are other things which could be done to increase the usefulness of the tor network in the face of an increasingly difficult exit climate, for example improving the exit enclave functionality would be helpful (putting services which do not need anonymity themselves behind hidden services is far from optimal both due to performance and name discovery issues), but I don't think this would provide as great or as immediate a benefit as simply increasing the real exit capacity to selected destinations. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Restricted Exit Policy Port Suggestions?
Thus spake Mike Perry (mikepe...@fscked.org): > Thus spake and...@torproject.org (and...@torproject.org): > > Yeah, unfortunately what this means in practice is "voting with your > feet" and leaving ISPs that simply do not want to devote the staff and > the stress to dealing with this spam for you, regardless of the law. > > The problem is this drastically changes the effective market for > bandwidth for Tor. Bandwidth costs are plummeting, and exit node > operators (and thus the Tor network as a whole) are faced with a > choice: you can pay less than $1/Mbit and go with an ISP that is less > than ideal, but will still allow you to exit to most Internet > services, or you put your foot down and end up moving your node every > few months until you finally end up paying $20/Mbit with the RBN. > > Or, you shop around for non-US bandwidth. > > Sometimes, you just need to pick your battles. If you believe the DMCA > is bullshit and want a full exit policy, I think the practical answer > is "Go outside the US for bandwidth". Or, be prepared to provider-hop > for a good, long time. Now, what we *should* be doing is turning on the default first, and then reducing it back to the restriced policy *after* complaints arrive and the ISP refuses the budge. They are not going to cancel service immediately, and if you argue with them for a bit, you can at least try to educate some people (and maybe make it easier for the next relay they get). This is what I've done with my nodes, and this is what Moritz did too. So far though, ISPs have insisted that either bittorrent goes, or we go. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpXY8EmEgf2T.pgp Description: PGP signature
Re: My relay never shows up
Am 11.08.2010 15:20, schrieb Praedor Atrebates: > I am running a tor relay called "Stonekeep". is it you? http://torstatus.blutmagie.de/router_detail.php?FP=a0470c0ea30c3a4d58048db134b8f9e7c6b52d6c Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: My relay never shows up
On Wed, Aug 11, 2010 at 8:20 AM, Praedor Atrebates wrote: > I am running a tor relay called "Stonekeep". I have port forwarding set on > my firewall/router and my personal system firewall permits connections to the > tor ports. I am also running Vidalia (Vidalia 0.1.15, tor 0.2.1.26). My > relay never shows up in the list of servers/relays and doesn't show up on the > various tor network status pages. Why not? I cannot find anything amiss to > render my system invisible or unusable to the network. I have no trouble > using the tor myself. > > praedor > -- How many days is your relay up and running with out going down and/or having to reboot? I have found that if one keeps rebooting or the relay keeps going down, it takes a while for it to be recognized. Also I have seen where it may take several minutes for the network status to populate before a relay shows up. The biggest issue I personally have seen is if one can't stay on line for any length of time, the relay probably will not show up. I am sure there may be other reasons, but this has been my observation . *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: My relay never shows up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marco Predicatori, on 08/11/2010 05:54 PM, wrote: > Sometimes it happens to me also, with 0.2.1.26 Pardon, 0.2.1.25 - -- http://torstatus.blutmagie.de/router_detail.php?FP=368a442ff0f0af0fa15c37c25b71dc7441be27da -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxiyQcACgkQIk+7gSPVysl02gCfet/7aA/ED3r0oL0W4YMgbuat C4QAn32KL0Y344RlDlFOJOe4FtoUhPuR =MgyY -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: My relay never shows up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Praedor Atrebates, on 08/11/2010 03:20 PM, wrote: > I am running a tor relay called "Stonekeep". I have port > forwarding set on my firewall/router and my personal system > firewall permits connections to the tor ports. I am also > running Vidalia (Vidalia 0.1.15, tor 0.2.1.26). My relay never > shows up in the list of servers/relays and doesn't show up on the > various tor network status pages. Why not? I cannot find > anything amiss to render my system invisible or unusable to the > network. I have no trouble using the tor myself. > > praedor Sometimes it happens to me also, with 0.2.1.26. My relay gets ignored for a few days after a new IP assignment. Sometimes the problem goes away restarting tor. - -- http://torstatus.blutmagie.de/router_detail.php?FP=368a442ff0f0af0fa15c37c25b71dc7441be27da -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxix68ACgkQIk+7gSPVyslQKwCbBOm/14sXZdodD1/nHgGbTAyL zPMAn0uJoB87lHJgFqz18ZPTvQPGoFIR =Yo4Q -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Restricted Exit Policy Port Suggestions?
Thus spake and...@torproject.org (and...@torproject.org): > On Wed, Aug 11, 2010 at 03:05:24AM -0700, mikepe...@fscked.org wrote 1.8K > bytes in 55 lines about: > : It's become clear that it is almost impossible to run an exit node > : with the default exit policy in the USA, due to bittorrent DMCA abuse > : spambots. I believe this means that we should try to come up with one > : or more standard, reduced exit policy sets that allow use of the > : majority of popular internet services without attracting bittorrent > : users and associated spam. > > Giving in to the automated accusations of DMCA violations is a sad > statement on the contemporary Internet. It seems the chilling effects > of the DMCA are so palpable, no one wants to fight back any more, not > users and not ISPs. See http://chillingeffects.org/ for more analysis > and options on how to respond. Are there no ISPs/datacenters left in the > USA willing to defend the First Amendment of the US Constitution and the > user's legal protections under patent/trademark/copyright laws? Yeah, unfortunately what this means in practice is "voting with your feet" and leaving ISPs that simply do not want to devote the staff and the stress to dealing with this spam for you, regardless of the law. The problem is this drastically changes the effective market for bandwidth for Tor. Bandwidth costs are plummeting, and exit node operators (and thus the Tor network as a whole) are faced with a choice: you can pay less than $1/Mbit and go with an ISP that is less than ideal, but will still allow you to exit to most Internet services, or you put your foot down and end up moving your node every few months until you finally end up paying $20/Mbit with the RBN. Or, you shop around for non-US bandwidth. Sometimes, you just need to pick your battles. If you believe the DMCA is bullshit and want a full exit policy, I think the practical answer is "Go outside the US for bandwidth". Or, be prepared to provider-hop for a good, long time. > : 1. Low Abuse (above list, possibly minus 465, 587 and 563) > : 2. Medium Abuse (above list, plus IRC) > : 3. High Abuse (default exit policy) > > I wouldn't call them varying levels of abuse, as the name alone implies > exiting Tor traffic generates abuse. It doesn't. Many exit nodes run > without incident for years. We could probably better study/poll exit > node operators and ask how many abuse complaints or dmca notices they > receive over time to get more data on this topic. And of course, > everyone forgets their Tor exit relay will transmit TB of normal traffic > without incident. Yeah, perhaps that's not what we should call the options in the UI, but that is really what it boils down to. You can run an exit node for much longer without a complaint if you don't allow any form of IRC, SMTP, or NNTP. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpryUeGXmW6o.pgp Description: PGP signature
My relay never shows up
I am running a tor relay called "Stonekeep". I have port forwarding set on my firewall/router and my personal system firewall permits connections to the tor ports. I am also running Vidalia (Vidalia 0.1.15, tor 0.2.1.26). My relay never shows up in the list of servers/relays and doesn't show up on the various tor network status pages. Why not? I cannot find anything amiss to render my system invisible or unusable to the network. I have no trouble using the tor myself. praedor -- Economics is not practiced as a science. Rather, it is a pretentious way to covertly promote political prejudices. - Fred Harrison *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Restricted Exit Policy Port Suggestions?
Am 11.08.2010 15:01, schrieb Harry Hoffman: There are certainly instances where takedown requests are incorrect but the frequency of them isn't high (again, my opinion). It is not so much that they are incorrect. What is incorrect is to force the takedown of Tor exit nodes because of - in comparison - little abuse. And after all the Tor relays are not the origin of the infringement and actually protected by the DMCA (512a). Still, upstream ISP don't care much and want the complaints to cease. In that sense, the takedown requests *are* incorrect. If you want to exclude p2p, then I would bet that the amount of abuse reports would plummet. You cannot "exclude p2p" if as with Tor exits policy is port based. Bittorrent (which is the main culprit here) uses port 80 (or 443 for SSL) for tracker connections, and random ports for actual transfer. If you cut of tracker connections (by blacklisting them), abuse stops. If you stop the actual transfers from happening, abuse stops, too. Both MediaSentry and BayTSP refer to the infringement including the port that the data was offered on. Moritz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Restricted Exit Policy Port Suggestions?
(sorry for the top posting, I do not believe my phone can bottom post.) Slightly OT but in response to the US ISP comment: Until recently (my motherboard gave out) the ISP Xmission was great about my server and dmca. I let them know about my tor node and the several dozen takedowns I received afterwards were ignored by them---not to mention everyone I have interacted with there has been very friendly and knowledgeable (and my residental speed was $60/month for 50 Mbps full duplex with fiber!) :) I figure there are still a few small ISPs out there which haven't had the chilling effect take hold. Kasimir Gabert On Aug 11, 2010 7:09 AM, "Harry Hoffman" wrote: In my opinion, more often then not DMCA takedown requests center around file-sharing and also more often then not the takedown requests actually have validity to them. There are certainly instances where takedown requests are incorrect but the frequency of them isn't high (again, my opinion). My $0.02, after having processed many a takedown request. If you want to exclude p2p, then I would bet that the amount of abuse reports would plummet. Cheers, Harry On Wed, 2010-08-11 at 08:44 -0400, and...@torproject.org wrote: > On Wed, Aug 11, 2010 at 03:05:2... *** To unsubscribe, send an e-ma...
Re: Restricted Exit Policy Port Suggestions?
In my opinion, more often then not DMCA takedown requests center around file-sharing and also more often then not the takedown requests actually have validity to them. There are certainly instances where takedown requests are incorrect but the frequency of them isn't high (again, my opinion). My $0.02, after having processed many a takedown request. If you want to exclude p2p, then I would bet that the amount of abuse reports would plummet. Cheers, Harry On Wed, 2010-08-11 at 08:44 -0400, and...@torproject.org wrote: > On Wed, Aug 11, 2010 at 03:05:24AM -0700, mikepe...@fscked.org wrote 1.8K > bytes in 55 lines about: > : It's become clear that it is almost impossible to run an exit node > : with the default exit policy in the USA, due to bittorrent DMCA abuse > : spambots. I believe this means that we should try to come up with one > : or more standard, reduced exit policy sets that allow use of the > : majority of popular internet services without attracting bittorrent > : users and associated spam. > > Giving in to the automated accusations of DMCA violations is a sad > statement on the contemporary Internet. It seems the chilling effects > of the DMCA are so palpable, no one wants to fight back any more, not > users and not ISPs. See http://chillingeffects.org/ for more analysis > and options on how to respond. Are there no ISPs/datacenters left in the > USA willing to defend the First Amendment of the US Constitution and the > user's legal protections under patent/trademark/copyright laws? > > : 1. Low Abuse (above list, possibly minus 465, 587 and 563) > : 2. Medium Abuse (above list, plus IRC) > : 3. High Abuse (default exit policy) > > I wouldn't call them varying levels of abuse, as the name alone implies > exiting Tor traffic generates abuse. It doesn't. Many exit nodes run > without incident for years. We could probably better study/poll exit > node operators and ask how many abuse complaints or dmca notices they > receive over time to get more data on this topic. And of course, > everyone forgets their Tor exit relay will transmit TB of normal traffic > without incident. > *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Restricted Exit Policy Port Suggestions?
On Wed, Aug 11, 2010 at 03:05:24AM -0700, mikepe...@fscked.org wrote 1.8K bytes in 55 lines about: : It's become clear that it is almost impossible to run an exit node : with the default exit policy in the USA, due to bittorrent DMCA abuse : spambots. I believe this means that we should try to come up with one : or more standard, reduced exit policy sets that allow use of the : majority of popular internet services without attracting bittorrent : users and associated spam. Giving in to the automated accusations of DMCA violations is a sad statement on the contemporary Internet. It seems the chilling effects of the DMCA are so palpable, no one wants to fight back any more, not users and not ISPs. See http://chillingeffects.org/ for more analysis and options on how to respond. Are there no ISPs/datacenters left in the USA willing to defend the First Amendment of the US Constitution and the user's legal protections under patent/trademark/copyright laws? : 1. Low Abuse (above list, possibly minus 465, 587 and 563) : 2. Medium Abuse (above list, plus IRC) : 3. High Abuse (default exit policy) I wouldn't call them varying levels of abuse, as the name alone implies exiting Tor traffic generates abuse. It doesn't. Many exit nodes run without incident for years. We could probably better study/poll exit node operators and ask how many abuse complaints or dmca notices they receive over time to get more data on this topic. And of course, everyone forgets their Tor exit relay will transmit TB of normal traffic without incident. -- Andrew Lewman The Tor Project pgp 0x31B0974B +1-781-352-0568 Website: https://www.torproject.org/ Blog: https://blog.torproject.org/ Identi.ca: torproject Skype: lewmanator *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Restricted Exit Policy Port Suggestions?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mike Perry, on 08/11/2010 12:05 PM, wrote: > It includes the following ports: 20-22, 53, 79-81, 110, 143, 443, 465, > 563, 587, 706, 873, 993, 995, 1863, 5190, 5050, 5222, 5223, 8008, > 8080, . ... > Now the question is, what other ports should we add or subtract from > this list? My 2 cents: I would add 119 (nntp) - -- http://torstatus.blutmagie.de/router_detail.php?FP=368a442ff0f0af0fa15c37c25b71dc7441be27da -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkxigPcACgkQIk+7gSPVysnJmACffn0laFx6eqN2aeN6QLv+A9PL 4iEAn10l30m/XL+T52/A0Hih24K2SD89 =4Xhh -END PGP SIGNATURE- *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Restricted Exit Policy Port Suggestions?
It's become clear that it is almost impossible to run an exit node with the default exit policy in the USA, due to bittorrent DMCA abuse spambots. I believe this means that we should try to come up with one or more standard, reduced exit policy sets that allow use of the majority of popular internet services without attracting bittorrent users and associated spam. Using previous threads, I have an initial sketch of such a policy at: https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment It includes the following ports: 20-22, 53, 79-81, 110, 143, 443, 465, 563, 587, 706, 873, 993, 995, 1863, 5190, 5050, 5222, 5223, 8008, 8080, . While looking over the Vidalia settings, I just noticed that IRC is missing from this list: , 6667, 6697. However, IRC is also a common source of abuse and DDoS attacks, and is often forbidden by ISP AUP. Because of this, I was thinking we should probably define 3 or 4 levels of Exit Policy: 1. Low Abuse (above list, possibly minus 465, 587 and 563) 2. Medium Abuse (above list, plus IRC) 3. High Abuse (default exit policy) Now the question is, what other ports should we add or subtract from this list? -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpUROdGntQNx.pgp Description: PGP signature