Re: Tor Project 2008 Tax Return Now Online

[Scott Bennett]

 On Sun, 15 Aug 2010 03:40:57 -0700 Jacob Appelbaum 
wrote:
>On 08/15/2010 02:56 AM, Anon Mus wrote:
>> I think you'll find that Tor only became officially incapable of
>> protecting from such an adversary around 2004/5 when numerous request to
>> add this protection to Tor was made. Since then  its been the official
>> policy not to protect from such a threat (so as to head off any
>> complaints it does not do the job perhaps ??).
>> 
>
>[citation needed]
>
>> It a good idea that you speak for Tor only, not other system here, where
>> there are/have been genuine attempts to provide full anonymity, no get
>> out clause.
>
>Nice story, bro.
>
 Relax, Jake.  He/she did write "attempts", which, of course, neither
equates to nor implies "successes". ;-)


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: polipo

[Trystero Lot]

no wonder. so there's a downside with https :(
thanks guys.

On 8/21/10, Robert Ransom  wrote:
> On Sat, 21 Aug 2010 09:39:08 +0800
> Trystero Lot  wrote:
>
>> still the same. i uncommented and added user-agent
>>
>> censoredHeaders = set-cookie, cookie, cookie2, from,accept-language,
>> user-agent
>> censorReferer = true
>>
>> my header is not clean and in fact shows my OS :(
>>
>> tested using..
>> https://anonymous-proxy-servers.net/en/anontest
>
> As I understand it, Polipo can't scrub the headers of an HTTPS request,
> even if you use it as an HTTPS proxy.
>
>
> Robert Ransom
>
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: polipo

[Robert Ransom]

On Sat, 21 Aug 2010 09:39:08 +0800
Trystero Lot  wrote:

> still the same. i uncommented and added user-agent
> 
> censoredHeaders = set-cookie, cookie, cookie2, from,accept-language, 
> user-agent
> censorReferer = true
> 
> my header is not clean and in fact shows my OS :(
> 
> tested using..
> https://anonymous-proxy-servers.net/en/anontest

As I understand it, Polipo can't scrub the headers of an HTTPS request,
even if you use it as an HTTPS proxy.


Robert Ransom


signature.asc
Description: PGP signature

Re: polipo

[Trystero Lot]

still the same. i uncommented and added user-agent

censoredHeaders = set-cookie, cookie, cookie2, from,accept-language, user-agent
censorReferer = true

my header is not clean and in fact shows my OS :(

tested using..
https://anonymous-proxy-servers.net/en/anontest
***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Tor 0.2.2.15-alpha is out

[Roger Dingledine]

Tor 0.2.2.15-alpha fixes a big bug in hidden service availability, fixes a
variety of other bugs that were preventing performance experiments from
moving forward, fixes several bothersome memory leaks, and generally
closes a lot of smaller bugs that have been filling up trac lately.

https://www.torproject.org/download.html.en

Packages will be appearing over the next few days or weeks.

Changes in version 0.2.2.15-alpha - 2010-08-18
  o Major bugfixes:
- Stop assigning the HSDir flag to relays that disable their
  DirPort (and thus will refuse to answer directory requests). This
  fix should dramatically improve the reachability of hidden services:
  hidden services and hidden service clients pick six HSDir relays
  to store and retrieve the hidden service descriptor, and currently
  about half of the HSDir relays will refuse to work. Bugfix on
  0.2.0.10-alpha; fixes part of bug 1693.
- The PerConnBWRate and Burst config options, along with the
  bwconnrate and bwconnburst consensus params, initialized each conn's
  token bucket values only when the connection is established. Now we
  update them if the config options change, and update them every time
  we get a new consensus. Otherwise we can encounter an ugly edge
  case where we initialize an OR conn to client-level bandwidth,
  but then later the relay joins the consensus and we leave it
  throttled. Bugfix on 0.2.2.7-alpha; fixes bug 1830.
- Fix a regression that caused Tor to rebind its ports if it receives
  SIGHUP while hibernating. Bugfix in 0.1.1.6-alpha; closes bug 919.

  o Major features:
- Lower the maximum weighted-fractional-uptime cutoff to 98%. This
  should give us approximately 40-50% more Guard-flagged nodes,
  improving the anonymity the Tor network can provide and also
  decreasing the dropoff in throughput that relays experience when
  they first get the Guard flag.
- Allow enabling or disabling the *Statistics config options while
  Tor is running.

  o Minor features:
- Update to the August 1 2010 Maxmind GeoLite Country database.
- Have the controller interface give a more useful message than
  "Internal Error" in response to failed GETINFO requests.
- Warn when the same option is provided more than once in a torrc
  file, on the command line, or in a single SETCONF statement, and
  the option is one that only accepts a single line. Closes bug 1384.
- Build correctly on mingw with more recent versions of OpenSSL 0.9.8.
  Patch from mingw-san.
- Add support for the country code "{??}" in torrc options like
  ExcludeNodes, to indicate all routers of unknown country. Closes
  bug 1094.
- Relays report the number of bytes spent on answering directory
  requests in extra-info descriptors similar to {read,write}-history.
  Implements enhancement 1790.

  o Minor bugfixes (on 0.2.1.x and earlier):
- Complain if PublishServerDescriptor is given multiple arguments that
  include 0 or 1. This configuration will be rejected in the future.
  Bugfix on 0.2.0.1-alpha; closes bug 1107.
- Disallow BridgeRelay 1 and ORPort 0 at once in the configuration.
  Bugfix on 0.2.0.13-alpha; closes bug 928.
- Change "Application request when we're believed to be offline."
  notice to "Application request when we haven't used client
  functionality lately.", to clarify that it's not an error. Bugfix
  on 0.0.9.3; fixes bug 1222.
- Fix a bug in the controller interface where "GETINFO ns/asdaskljkl"
  would return "551 Internal error" rather than "552 Unrecognized key
  ns/asdaskljkl". Bugfix on 0.1.2.3-alpha.
- Users can't configure a regular relay to be their bridge. It didn't
  work because when Tor fetched the bridge descriptor, it found
  that it already had it, and didn't realize that the purpose of the
  descriptor had changed. Now we replace routers with a purpose other
  than bridge with bridge descriptors when fetching them. Bugfix on
  0.1.1.9-alpha. Bug 1776 not yet fixed because now we immediately
  refetch the descriptor with router purpose 'general', disabling
  it as a bridge.
- Fix a rare bug in rend_fn unit tests: we would fail a test when
  a randomly generated port is 0. Diagnosed by Matt Edman. Bugfix
  on 0.2.0.10-alpha; fixes bug 1808.
- Exit nodes didn't recognize EHOSTUNREACH as a plausible error code,
  and so sent back END_STREAM_REASON_MISC. Clients now recognize a new
  stream ending reason for this case: END_STREAM_REASON_NOROUTE.
  Servers can start sending this code when enough clients recognize
  it. Also update the spec to reflect this new reason. Bugfix on
  0.1.0.1-rc; fixes part of bug 1793.
- Delay geoip stats collection by bridges for 6 hours, not 2 hours,
  when we switch from being a public relay to a bridge. Otherwise
  there will still be 

Re: Bigger Thinking [was: Tor Project 2008 Tax Return]

[Julie C]

On Fri, Aug 20, 2010 at 4:28 AM, Curious Kid  wrote:

>
> Possibly the fact that they are our enemies and want to end online
> anonymity.
>
> Microsoft Exec Calls For 'Driver's License For The Internet'
>
> http://techdirt.com/articles/20100204/1925188060.shtml
>
>
Our enemies? That's a self-limiting attitude. Plus, can we take one
employee/executive's comments to be company policy? Plus, would he be the
one making this decision? Plus, what about "hold your friends close, and
your enemies closer"? Plus, he is just one more of the majority view that
the "bad guys" have to be stopped at any cost - and one more reason the Tor
Project needs a professional PR/branding/marketing makeover to tell the good
side of the Tor story.

I don't pretend to believe this would be an easy sell. Only that it
shouldn't be ignored outright when there is so much upside. And maybe this
is not the same old bad Micro$oft that many like to loathe.

Hell, if no one else wants to tackle this then I would be glad to on the
basis of a reasonable expense account and 20% of whatever I convince them to
send to the Tor Project every year in funding.

--
Julie

Re: Bigger Thinking [was: Tor Project 2008 Tax Return]

[Jim]

Curious Kid wrote:
>> And what about Microsoft?



>> at least $20M a year. Why would they even consider doing this? To be a good 
>> corporate citizen, to better protect the anonymity of their users, to do 
>> their 
>> part to fight the good fight for freedom of speech, and to possibly give 
>> them a 
>> chance to one-up Google for once.
> 
> Possibly the fact that they are our enemies and want to end online anonymity.
> 
> 
> Microsoft Exec Calls For 'Driver's License For The Internet'
> 
> http://techdirt.com/articles/20100204/1925188060.shtml

Plus, would you trust Microsoft's (binary only, no doubt) implimentation
of Tor?  I wouldn't

(Yes, I realize that even running a known, good instance of Tor on a
proprietary system can result in that instance of Tor being subverted.)

Cheers,
Jim


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: polipo

[Juliusz Chroboczek]

Trystero Lot  writes:

> it seems the censoredHeaders not working for me.

It works for me.

> have anyone tried to use this and add useragent?

It's "user-agent", not "useragent".

  censoredHeaders = user-agent

Juliusz


***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Bigger Thinking [was: Tor Project 2008 Tax Return]

[Curious Kid]

> And what about Microsoft? I think someone should be targeting/lobbying them 
> to 


> include a Tor client and default bridge relay in every version of Windows 8 
> or 


> 9. Find out what it would take to get them to do this, and keep a list. 
> Assign 


> someone to this task full time. Tell Microsoft it will take funding from them 
>of 
>
> at least $20M a year. Why would they even consider doing this? To be a good 
> corporate citizen, to better protect the anonymity of their users, to do 
> their 


> part to fight the good fight for freedom of speech, and to possibly give them 
> a 
>
>
> chance to one-up Google for once.

Possibly the fact that they are our enemies and want to end online anonymity.


Microsoft Exec Calls For 'Driver's License For The Internet'

http://techdirt.com/articles/20100204/1925188060.shtml


  

***
To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/