Re: Tor Project 2008 Tax Return Now Online
On Sun, 15 Aug 2010 03:40:57 -0700 Jacob Appelbaum ja...@appelbaum.net wrote: On 08/15/2010 02:56 AM, Anon Mus wrote: I think you'll find that Tor only became officially incapable of protecting from such an adversary around 2004/5 when numerous request to add this protection to Tor was made. Since then its been the official policy not to protect from such a threat (so as to head off any complaints it does not do the job perhaps ??). [citation needed] It a good idea that you speak for Tor only, not other system here, where there are/have been genuine attempts to provide full anonymity, no get out clause. Nice story, bro. Relax, Jake. He/she did write attempts, which, of course, neither equates to nor implies successes. ;-) Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at cs.niu.edu * ** * A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army. * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
And what about Microsoft? I think someone should be targeting/lobbying them to include a Tor client and default bridge relay in every version of Windows 8 or 9. Find out what it would take to get them to do this, Sorry, what's in this for Microsoft? Being a good corporate citizen? From a business point of view, including a peer to peer style client BY DEFAULT in an operating system has PR nightmare written all over it, but they will take the risk of lost revenue for being a good corporate citizen? I find it unlikely... of having a European voice in all this. That means another $20M a year in funding please. At least. Then there is law enforcement and the military and intelligence agencies - for f*ck sakes if someone at the Tor Project can't see them as low hanging fruit then I will start to cry. Right... so in the case of law enforcement, you are going to ask law enforcement to fund a project that (this is not my opinion, this will be theirs) allows people to access illegal content anonymously and makes their job that much harder? That's low hanging fruit? Hate to hear what the high hanging fruit will involve :) I think if you want a job at the tor project, you should just ask :P And maybe just provide them with past results you've obtained for similar organisations or in a lobbyist role, as opposed to getting frustrated on mailing lists :) Cheers, Al *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
Thus spake Al MailingList (alpal.mailingl...@gmail.com): And what about Microsoft? I think someone should be targeting/lobbying them to include a Tor client and default bridge relay in every version of Windows 8 or 9. Find out what it would take to get them to do this, Sorry, what's in this for Microsoft? Being a good corporate citizen? From a business point of view, including a peer to peer style client BY DEFAULT in an operating system has PR nightmare written all over it, but they will take the risk of lost revenue for being a good corporate citizen? I find it unlikely... Actually there are several large-userbase companies that want to include Tor by default in their product, either as a client, a relay, or a bridge. Unfortunately, the only answer we have for them in the immediate term is For the love of goddess don't do that, you'll destroy Tor. Our immediate concern is making it possible to support at least a fraction of one of these userbases in either the relay or the bridge roll. The relay role will require a significant update to Tor's directory mechanisms, and we are trying to drive academic research forward in these areas. The bridge roll may be more immediately doable, but we're not sure that bridgedb wouldn't just fall over yet either. of having a European voice in all this. That means another $20M a year in funding please. At least. Then there is law enforcement and the military and intelligence agencies - for f*ck sakes if someone at the Tor Project can't see them as low hanging fruit then I will start to cry. Right... so in the case of law enforcement, you are going to ask law enforcement to fund a project that (this is not my opinion, this will be theirs) allows people to access illegal content anonymously and makes their job that much harder? That's low hanging fruit? Hate to hear what the high hanging fruit will involve :) Actually, most competent law enforcement agents realize that what gets them the most points are sting operations that topple entire distribution rings, gangs, or bot herders. These sorts of stings require heavy use of Tor. Roger and Andrew actually spend a good amount of their time talking with law enforcement and giving presentations about what Tor is and how they can use it to anonymize their investigative activity. I think if you want a job at the tor project, you should just ask :P And maybe just provide them with past results you've obtained for similar organisations or in a lobbyist role, as opposed to getting frustrated on mailing lists :) Actually almost all of the people working for Tor today started out on the mailinglists, frustrated with some aspect of Tor or other :). Of course, they also tended to naturally step in to some sort of volunteer capacity along their areas of interest, as a result of this frustration. Tor tends to care about this level of passion way more than resumes or interviews. The Tor Project is trying most of the things Julie has suggested. It just takes time, effort, communication, and people. We don't mind letting our consistently passionate volunteers talk to people about Tor in official capacity, either. -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpiblWx40FaN.pgp Description: PGP signature
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
On Sat, Aug 21, 2010 at 4:13 AM, Mike Perry mikepe...@fscked.org wrote: Actually there are several large-userbase companies that want to include Tor by default in their product, either as a client, a relay, or a bridge. Unfortunately, the only answer we have for them in the immediate term is For the love of goddess don't do that, you'll destroy Tor. Our immediate concern is making it possible to support at least a fraction of one of these userbases in either the relay or the bridge roll. The relay role will require a significant update to Tor's directory mechanisms, and we are trying to drive academic research forward in these areas. The bridge roll may be more immediately doable, but we're not sure that bridgedb wouldn't just fall over yet either. Thanks, Mike. That's probably the biggest flaw in my bigger thinking effort. Tor is, after all, only at version 0.2 isn't it? Sigh. Maybe I am just 2 or 3 years ahead of reality, where/when Tor could run reliably and without making a mess of it. But then again, if that is true, then what better time to plan for it than now, eh? :) So if no one else is putting their hat in the ring yet to convince Google to include a default Tor relay or bridge in Chrome OS (in 2-3 years) then I would be glad to carry the ball on that one in addition to doing the same at Microsoft for Windows 2013. I've no experience doing this, but it can't be rocket science to talk to the right people and find out what it would take to reach a desirable, shared goal. -- Julie
Re: Tor Project 2008 Tax Return Now Online
On 8/19/10, Seth David Schoen sch...@eff.org wrote: Exactly! Even if any particular anon system was comprimiseable, why would any comprimising organization [save the full disclosure types] wish to play their trump card in public??? If any anon system is comprimisable, far better to listen in, under the convenient seal of black ops, until such a time as enough has been learned to effect an 'indictment' upon much more common fare, grounds and methods. The users of anon systems would always be better off assuming that they are indeed 'made' when calculating their exposure to certain riskes. And further, they should integrate defenses to those riskes into their usual mode of operations... rather than trust any given system blindly. Yes, it is good to watch the news and public records in detail. As sure, all trump cards are eventually played on table... the only question is when, and for how long they've been held. And given the subject of calculating riskes... any particular strong anon system is likely good enough for all purposes not invoving a position in which the direct target of such purpose is the same as one which is in a position to prosecute: ie: government. If you have ever talked to anyone related to the governent, you would know this is the case as they are hesitant to even mention the most mundane of obvious 'secret operational methods' used to go after, say, the most common of street whores or drug dealers. Does one not think that the grand high holy of holies between thy legs would be far more protected from disclosure than that? Onward Tor et al! *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Tor + SELinux sandbox = leak proof without VM overhead?
Greetings, I've searched my copy of the lists and can't find any discussion of this. If there has been, please direct me to it. I think it's obvious that the best way of using tor is running your torrified apps in a VM which can only access the outside world via TOR. This provides the highest protection from network leaks and also partially thwarts fingerprinting. But I can only assume that the 'cost' (performance, complexity, etc) of using a VM for tor is too high for many people— otherwise we would insist that anyone who wants anonymity operate that way. Has anyone looked into using the SELINUX sandbox (http://danwalsh.livejournal.com/28545.html) to prevent leaks? The sandbox provides a high degree of application isolation. It looks like it would be pretty much trivial to add an option to the sandbox front end program to only allow accesses to the tor socks port from the isolated app. With this users on a supporting platforms wouldn't have to use wireshark to figure out if, say, pidgin, is leaking via DNS. They could simply run the app inside the sandbox and be sure of it. Does this sound like a practice which should be refined and recommended? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor + SELinux sandbox = leak proof without VM overhead?
It certainly sounds interesting. Full VM environments not only cause system resource overhead, but maintenance overhead, too (that's always been my biggest gripe about them). F. Fox On 08/21/2010 05:55 PM, Gregory Maxwell wrote: (snip) Has anyone looked into using the SELINUX sandbox (http://danwalsh.livejournal.com/28545.html) to prevent leaks? The sandbox provides a high degree of application isolation. It looks like it would be pretty much trivial to add an option to the sandbox front end program to only allow accesses to the tor socks port from the isolated app. With this users on a supporting platforms wouldn't have to use wireshark to figure out if, say, pidgin, is leaking via DNS. They could simply run the app inside the sandbox and be sure of it. (snip) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: polipo
For the most part, anything involving HTTPS, needs to be taken care of in the browser itself. Properly-configured extensions help a lot here. Also, that adds an extra layer of protection onto normal HTTP stuff, too. The more, the merrier... F. Fox On 8/21/10, Robert Ransomrransom.8...@gmail.com wrote: (snip) As I understand it, Polipo can't scrub the headers of an HTTPS request, even if you use it as an HTTPS proxy. (snip) *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: https proxy [was polipo]
https://anonymous-proxy-servers.net/en/anontest As I understand it, Polipo can't scrub the headers of an HTTPS request, Nothing in the open source field can do so yet afaik. To do it, a shim needs to be coded and placed between the application and Tor. user - browser - [optional tool] - shim - tor:9050 The shim needs to listen on a proxy port (and or two configurable ports (for http and https)) and connect out to the world (or tor) to a proxy port (socks) (and or two other ports (for http and https or whatever port the input protocol used)). It would pass http unmodified. It would break end to end https. If the destination site had an invalid cert, it would present an invalid self-generated one to the client. If the destination site had a valid cert, it would present a self-generated and self-signed one to the client (which had obviously included the shim's root as a trusted cert), simply to signify to the client as to validity. Identity would be available from verbose logging in the shim and via an http[s] port on the shim itself. It could furthermore 'tee' off two output ports from it's bottom and receive two input ports from it's top. These would be a more general hook into 'optional toolchains' located in between the client and server side, decoding and shuffling the data stream in and out to a toolset at that point. It should have no 'censoring', caching or other features.. as that is what the optional toolsets do best. Note that 'browser' could be anything that can speak http[s], not just FF/MSIE. So 'plugins' are a non option. And that the 'optional tool' might be squid or polipo or whatever. And lastly, erasing your OS and other info from your headers makes you stand out as an obvious eraser. It's better to use a dead common and up to date os and browser and then mind your sessions properly. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
Mike Perry wrote: Actually there are several large-userbase companies that want to include Tor by default in their product, either as a client, a relay, or a bridge. Unfortunately, the only answer we have for them in the immediate term is For the love of goddess don't do that, you'll destroy Tor. Our immediate concern is making it possible to support at least a fraction of one of these userbases in either the relay or the bridge roll. The relay role will require a significant update to Tor's directory mechanisms, and we are trying to drive academic research forward in these areas. ... This might be a good time to bring up a concern that has been on my mind for a while. I don't know if this is one of the concerns that has already been identified when thinking about a much larger relay pool. I connect to the Internet with dialup. I have been successfully using Tor clients for 4+ years. One of the issues with using Tor over a slow connection is the amount of time it takes to update the information about the network when Tor is first started after having been off-line for a while. Depending on connection speed and how long the client has been off-line, this typically takes about 3 to 10 minutes. Perhaps a bit longer. My experience is that during this time the connection is pretty much useless for any other purpose. While inconvenient, this situation is certainly manageable. My concern has been what happens as the Tor network grows. At some point the delay would start being a serious problem. So as you think about how to change the directory mechanisms to handle a significantly larger number of relays I request that you also think about changing how this information is distributed to clients. Perhaps with a much larger Tor network, each client doesn't actually have to know about all of the nodes but can make do with a reasonably sized sampling. Or maybe there is a way to spread out over time the increased amount of information available. I can imagine that a solution to the problems a slow connection has might not be acceptable for relays. As such, maybe there could be a slow connection option in torrc that would not be used by relays. Thanks for giving consideration to this issue. Jim *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Bigger Thinking [was: Tor Project 2008 Tax Return]
On Sat, Aug 21, 2010 at 10:53:48PM -0600, Jim wrote: I connect to the Internet with dialup. I have been successfully using Tor clients for 4+ years. One of the issues with using Tor over a slow connection is the amount of time it takes to update the information about the network when Tor is first started after having been off-line for a while. Depending on connection speed and how long the client has been off-line, this typically takes about 3 to 10 minutes. Perhaps a bit longer. My experience is that during this time the connection is pretty much useless for any other purpose. Yep. While inconvenient, this situation is certainly manageable. My concern has been what happens as the Tor network grows. At some point the delay would start being a serious problem. Here's some reading: https://blog.torproject.org/blog/overhead-directory-info%3A-past%2C-present%2C-future We haven't gotten the microdescriptor out in practice yet, but it's on its way: https://trac.torproject.org/projects/tor/ticket/1748 Perhaps with a much larger Tor network, each client doesn't actually have to know about all of the nodes but can make do with a reasonably sized sampling. Most ways to do this are bad news: http://freehaven.net/anonbib/#danezis-pet2008 But it probably is how the distant future will look: http://www.hatswitch.org/~nikita/papers/shadowwalker-ccs09.pdf http://freehaven.net/anonbib/#ccs09-torsk http://freehaven.net/anonbib/#wpes09-dht-attack --Roger *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/