Re: New Tor distribution for testing: Tor Browser Bundle

[Silivrenion]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

I have to disagree with setting any options by default like that. The
concept behind PortableTor as I wrote it was to let the end user have the
right to decide what to do.. don't force anything on them! I think this
concept should be relevant to all bundles.. don't force users to become
nodes, because you have those out there that possibly don't want to be,
plus in my opinion it hurts the usefulness of the package to have that
automatically on.

As someone mentioned earlier, a portable tor approach is useful for the
client, not necessarily the server end. You can cause a lot of server
identity problems if you log on as a tor server just to check your email
for 5 minutes.

Let the end user decide what they want their software to do.

On a more positive note, congrats on bringing up a new system :)

- --
Steve Morley
http://silivrenion.com
PGP Key 0x6F0A7BDE

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.7.1 (Build 1503) - not licensed for commercial use:
www.pgp.com
Charset: utf-8

wsBVAwUBR6aWCAQuIIFvCnveAQhAaAf8DNTFYYkmdyAqMeammQ2+QFm6AWhy1Jj3
Gi7FKh/2lqKfKwDdr5mL6Vlhze7mvawPv7yYqi/z2hcGLjG8YYNqDg4gZcx85ncj
I6xEpnNQlTzp5LdG2sqfgADJsYMyoJ4RIg4JyrSqQ6f7R3NVZIYbyUu7KZi4zOqs
KCWXQUsGI8tkCpCBUxT6pLPeq/sqXMud4+QkMT7smkcSyF3tUX5ppptDeBe0SI1v
ZHREHzvIICUxM0eXXu2BBqkaG/Pn9t6diHy62TobWE+H+JgFUbUcLt8XNY4MmcjK
BWNCleLKicjawGz5UbXKmuRXYSJ0AbBPmXt7j95jE4WqQVvBxiRcTQ==
=p4vu
-END PGP SIGNATURE-


On Feb 3, 2008 9:34 PM, Steven J. Murdoch <
[EMAIL PROTECTED]> wrote:

> On Sun, Feb 03, 2008 at 10:19:54PM +0100, Michael Schmidt wrote:
> > Steven, i suggest to make it hardcoded default and a Must, that each
> user,
> > using this browser, is as well running an tor **exit** node,
> > tit for tat. like emule partials: upload is a MUST.
>
> I don't think this is likely in the near future. One of the important
> target classes of users is people who are at risk of persecution by
> their government and want to keep a low profile. Many of these users
> are also not fully computer literate and there may not be fully
> translated Tor documentation in their language.
>
> The goals of the bundle include being easy to set up and to leave
> limited traces (both are still being worked on). In this scenario, to
> broadcast the fact that someone is using Tor is in my opinion an
> unacceptable risk. There would need to be some way to protect these
> users before mandatory server operation is the standard.
>
> Steven.
>
> --
> w: http://www.cl.cam.ac.uk/users/sjm217/
>

Re: New Tor distribution for testing: Tor Browser Bundle

[Steven J. Murdoch]

On Sun, Feb 03, 2008 at 10:19:54PM +0100, Michael Schmidt wrote:
> Steven, i suggest to make it hardcoded default and a Must, that each user,
> using this browser, is as well running an tor **exit** node,
> tit for tat. like emule partials: upload is a MUST.

I don't think this is likely in the near future. One of the important
target classes of users is people who are at risk of persecution by
their government and want to keep a low profile. Many of these users
are also not fully computer literate and there may not be fully
translated Tor documentation in their language.

The goals of the bundle include being easy to set up and to leave
limited traces (both are still being worked on). In this scenario, to
broadcast the fact that someone is using Tor is in my opinion an
unacceptable risk. There would need to be some way to protect these
users before mandatory server operation is the standard.

Steven.

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/

Re: New Tor distribution for testing: Tor Browser Bundle

[Scott Bennett]

 On Sun, 3 Feb 2008 16:47:24 -0800 "Michael_google gmail_Gersten"
<[EMAIL PROTECTED]>
>> Steven, i suggest to make it hardcoded default and a Must, that each user,
>> using this browser, is as well running an tor **exit** node,
>
>And what about countries where something like Tor is illegal?
>
 Yes, that's another very important point.
 Requiring someone to run an exit server when all they need is a client
would seem quite out of line with the tor project's point of view as given
on its web pages, too.  They point out that even using tor only in client
mode still contributes to everyone else's anonymity by adding more traffic
to the mix (the "safety in numbers" effect).


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**

Re: New Tor distribution for testing: Tor Browser Bundle

[Scott Bennett]

 On Sun, 03 Feb 2008 16:37:20 -0800 Jacob Appelbaum <[EMAIL PROTECTED]>
wrote:
>Scott Bennett wrote:
>>  On Sun, 3 Feb 2008 22:19:54 +0100 "Michael Schmidt"
>> <[EMAIL PROTECTED]> top-posted:
>>> Steven, i suggest to make it hardcoded default and a Must, that each user,
 ^   
>>> using this browser, is as well running an tor **exit** node,
>>> tit for tat. like emule partials: upload is a MUST.
>>> That would help a lot to have more tor-exit nodes.
>>> Thanks.
>>>
>>  That seems a tad impractical for a portable tor bundle, don't you
>> think?  If you take your computer to your friendly neighborhood coffee
>> shop, I doubt that you will find them so friendly as to be willing to
>> reconfigure their wireless router to let you run tor in server mode at
>> all, much less as an exit server.
>>  And who would determine the exit policy?  The exit policy would
>> probably have to be hardcoded as well.
>>  Where were you thinking that these changes would be made?  In the
>> tor source tree?  Or would a modified tor be packaged into the bundle?
>> Perhaps with a different version/release number?
>> 
>> 
>
>While it may be impractical because of NAT, I certainly don't think it's
>impractical to become a Tor server. It's a few lines in the torrc and
>you're off.

 Please reread what he wrote.  He said, "hardcoded" and "must".  Now,
it's true that tor's self-reachability testing would keep it from actually
running as a server if the appropriate NAT and RDR rules weren't in place,
it does seem wasteful to have it continually trying to complete the test
in situations where it never can.  It would be much better simply to let
it run as just a client in those cases.
 There is also the ethical consideration of tying up the available
bandwidth in a private business's services provided to its customers, but
for the benefit of people scattered at unknown locations all around the
globe, rather than of those customers.
>
>However, without the ability to punch a hole in your upstream NAT ( With
>UPNP or something else), I don't think it's very /useful/ for the Tor
>network. Though it's certainly possible without changes to the Tor source.

 But then those changes would not be hardcoded either, as the top-poster
demanded.
>
>The bundle ships with Vidalia, so in theory, it's just a check box away
>if the user didn't wish to be a server. Still, it seems impractical
>unless there's some way to actually *reach* the Tor server.
>
 But a check box, by the top-poster's request, would have to do nothing,
so that the server mode with some unspecified exit policy would be a "must".


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**

Re: New Tor distribution for testing: Tor Browser Bundle

[Michael_google gmail_Gersten]

> Steven, i suggest to make it hardcoded default and a Must, that each user,
> using this browser, is as well running an tor **exit** node,

And what about countries where something like Tor is illegal?

Re: New Tor distribution for testing: Tor Browser Bundle

[Jacob Appelbaum]

Scott Bennett wrote:
>  On Sun, 3 Feb 2008 22:19:54 +0100 "Michael Schmidt"
> <[EMAIL PROTECTED]> top-posted:
>> Steven, i suggest to make it hardcoded default and a Must, that each user,
>> using this browser, is as well running an tor **exit** node,
>> tit for tat. like emule partials: upload is a MUST.
>> That would help a lot to have more tor-exit nodes.
>> Thanks.
>>
>  That seems a tad impractical for a portable tor bundle, don't you
> think?  If you take your computer to your friendly neighborhood coffee
> shop, I doubt that you will find them so friendly as to be willing to
> reconfigure their wireless router to let you run tor in server mode at
> all, much less as an exit server.
>  And who would determine the exit policy?  The exit policy would
> probably have to be hardcoded as well.
>  Where were you thinking that these changes would be made?  In the
> tor source tree?  Or would a modified tor be packaged into the bundle?
> Perhaps with a different version/release number?
> 
> 

While it may be impractical because of NAT, I certainly don't think it's
impractical to become a Tor server. It's a few lines in the torrc and
you're off.

However, without the ability to punch a hole in your upstream NAT ( With
UPNP or something else), I don't think it's very /useful/ for the Tor
network. Though it's certainly possible without changes to the Tor source.

The bundle ships with Vidalia, so in theory, it's just a check box away
if the user didn't wish to be a server. Still, it seems impractical
unless there's some way to actually *reach* the Tor server.

Regards,
Jacob

Re: New Tor distribution for testing: Tor Browser Bundle

[Scott Bennett]

 On Sun, 3 Feb 2008 22:19:54 +0100 "Michael Schmidt"
<[EMAIL PROTECTED]> top-posted:
>Steven, i suggest to make it hardcoded default and a Must, that each user,
>using this browser, is as well running an tor **exit** node,
>tit for tat. like emule partials: upload is a MUST.
>That would help a lot to have more tor-exit nodes.
>Thanks.
>
 That seems a tad impractical for a portable tor bundle, don't you
think?  If you take your computer to your friendly neighborhood coffee
shop, I doubt that you will find them so friendly as to be willing to
reconfigure their wireless router to let you run tor in server mode at
all, much less as an exit server.
 And who would determine the exit policy?  The exit policy would
probably have to be hardcoded as well.
 Where were you thinking that these changes would be made?  In the
tor source tree?  Or would a modified tor be packaged into the bundle?
Perhaps with a different version/release number?


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**

Re: New Tor distribution for testing: Tor Browser Bundle

[Michael Schmidt]

Steven, i suggest to make it hardcoded default and a Must, that each user,
using this browser, is as well running an tor **exit** node,
tit for tat. like emule partials: upload is a MUST.
That would help a lot to have more tor-exit nodes.
Thanks.

On Jan 30, 2008 1:52 AM, Steven J. Murdoch <
[EMAIL PROTECTED]> wrote:

> Recently I have been working on creating a distribution of Tor which
> includes a pre-configured browser -- the Tor Browser Bundle. It is
> intended for being run off an USB flash drive, but will probably also
> be helpful to users who want an easy-to-setup packaging of Tor.
>
> More information and download links can be found here:
>
>  http://torbrowser.torproject.org/
>
> The bundle contains Firefox, Tor, Vidalia, Polipo and Torbutton. No
> installation is needed (just unpack the contents). All the components
> are automatically started by one double-click.
>
> The bundle is new, and contains development versions of Tor, Vidalia
> and Torbutton, so should be considered a testing release. I do hope it
> will be useful, and I'd appreciate comments, suggestions, and bug
> reports.
>
> Thanks,
> Steven.
>
> --
> w: http://www.cl.cam.ac.uk/users/sjm217/
>

Re: New Tor distribution for testing: Tor Browser Bundle

[Steven J. Murdoch]

On Sun, Feb 03, 2008 at 02:36:10AM -0500, Silivrenion wrote:
> I did notice torbrowser was in the directory format that is friendly with
> PortableApps format applications, so props on that.
> 
> Interesting take, taking what Portable Tor  has
> done and bringing it to an all inclusive bundle.

Yes, I did look at how Portable Tor worked when I started, and it was
very helpful to see that it could be done, though I've taken a bit of
a different approach, based on my guess at user requirements. 

The main architectural change, is that Vidalia controls most of the
process. The major advantage is that Vidalia receives and understands
status messages from Tor and can act accordingly. It's also easy to
extend without needed extra build components.

I added new configuration options to handle starting Polipo and Firefox:
 - BrowserExecutable: location of the web browser to be started when
Tor successfully builds a circuit. When the browser exits, Vidalia
will shut down too
 - ProxyExecutable: location of the proxy server, started when Vidalia
does and will be killed as Vidalia exits.

These changes are now in the mainline Vidalia source tree, so might be
useful for other bundles of Tor too. The Tor Browser Bundle is still
in development so assuming we stick to this architecture there might
be some more.

Steven.

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/

Re: New Tor distribution for testing: Tor Browser Bundle

[Silivrenion]

I did notice torbrowser was in the directory format that is friendly with
PortableApps format applications, so props on that.

Interesting take, taking what Portable Tor  has
done and bringing it to an all inclusive bundle.

On Jan 31, 2008 1:40 AM, Scott Bennett <[EMAIL PROTECTED]> wrote:

> On Wed, 30 Jan 2008 00:52:18 + "Steven J. Murdoch"
> <[EMAIL PROTECTED]> wrote:
> >Recently I have been working on creating a distribution of Tor which
> >includes a pre-configured browser -- the Tor Browser Bundle. It is
> >intended for being run off an USB flash drive, but will probably also
> >be helpful to users who want an easy-to-setup packaging of Tor.
> >
> >More information and download links can be found here:
> >
> > http://torbrowser.torproject.org/
> >
> >The bundle contains Firefox, Tor, Vidalia, Polipo and Torbutton. No
> >installation is needed (just unpack the contents). All the components
> >are automatically started by one double-click.
> >
> >The bundle is new, and contains development versions of Tor, Vidalia
> >and Torbutton, so should be considered a testing release. I do hope it
> >will be useful, and I'd appreciate comments, suggestions, and bug
> >reports.
> >
> I do hope that you, as well as others on this list who are developing
> portable versions of tor and tor-related applications and bundles thereof,
> are coordinating your efforts with the good folks at portableapps.com, who
> have already assembled a significant collection of portable applications
> suitable for burning onto CDs or flash drives, including Firefox,
> OpenOffice.org, and many associated packages (extensions, utilities, etc.)
> They even have a sort of "super  bundle" called PortableApps Suite that
> contains ClamWin, Firefox, Gaim, OpenOffice.org, Sudoku, Sunbird, and
> Thunderbird.  There is a "lite" version of the suite that substitutes
> AbiWord for OpenOffice.org, and a "base" version whose OpenOffice.org is
> a stripped-down version.  Check all this stuff out at
>
>http://portableapps.com
>
> It would be a shame either to duplicate the efforts of others needlessly
> or to keep your bundle(s) from the wider audience outside of the OR-TALK
> list.
>
>
>  Scott Bennett, Comm. ASMELG, CFIAG
> **
> * Internet:   bennett at cs.niu.edu  *
> **
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."   *
> *-- Gov. John Hancock, New York Journal, 28 January 1790 *
> **
>



-- 
Steve Morley
http://silivrenion.com
PGP Key 0x6F0A7BDE

Re: New Tor distribution for testing: Tor Browser Bundle

[Scott Bennett]

 On Wed, 30 Jan 2008 00:52:18 + "Steven J. Murdoch"
<[EMAIL PROTECTED]> wrote:
>Recently I have been working on creating a distribution of Tor which
>includes a pre-configured browser -- the Tor Browser Bundle. It is
>intended for being run off an USB flash drive, but will probably also
>be helpful to users who want an easy-to-setup packaging of Tor.
>
>More information and download links can be found here:
>
> http://torbrowser.torproject.org/
>
>The bundle contains Firefox, Tor, Vidalia, Polipo and Torbutton. No
>installation is needed (just unpack the contents). All the components
>are automatically started by one double-click.
>
>The bundle is new, and contains development versions of Tor, Vidalia
>and Torbutton, so should be considered a testing release. I do hope it
>will be useful, and I'd appreciate comments, suggestions, and bug
>reports.
>
 I do hope that you, as well as others on this list who are developing
portable versions of tor and tor-related applications and bundles thereof,
are coordinating your efforts with the good folks at portableapps.com, who
have already assembled a significant collection of portable applications
suitable for burning onto CDs or flash drives, including Firefox,
OpenOffice.org, and many associated packages (extensions, utilities, etc.)
They even have a sort of "super  bundle" called PortableApps Suite that
contains ClamWin, Firefox, Gaim, OpenOffice.org, Sudoku, Sunbird, and
Thunderbird.  There is a "lite" version of the suite that substitutes
AbiWord for OpenOffice.org, and a "base" version whose OpenOffice.org is
a stripped-down version.  Check all this stuff out at

http://portableapps.com

It would be a shame either to duplicate the efforts of others needlessly
or to keep your bundle(s) from the wider audience outside of the OR-TALK
list.


  Scott Bennett, Comm. ASMELG, CFIAG
**
* Internet:   bennett at cs.niu.edu  *
**
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *
**

New Tor distribution for testing: Tor Browser Bundle

[Steven J. Murdoch]

Recently I have been working on creating a distribution of Tor which
includes a pre-configured browser -- the Tor Browser Bundle. It is
intended for being run off an USB flash drive, but will probably also
be helpful to users who want an easy-to-setup packaging of Tor.

More information and download links can be found here:

 http://torbrowser.torproject.org/

The bundle contains Firefox, Tor, Vidalia, Polipo and Torbutton. No
installation is needed (just unpack the contents). All the components
are automatically started by one double-click.

The bundle is new, and contains development versions of Tor, Vidalia
and Torbutton, so should be considered a testing release. I do hope it
will be useful, and I'd appreciate comments, suggestions, and bug
reports.

Thanks,
Steven.

-- 
w: http://www.cl.cam.ac.uk/users/sjm217/