Re: Is gatereloaded a Bad Exit?
Mike Perry wrote: Thus spake Eddie Cornejo (corn...@gmail.com): Forgive my ignorance but this seeks rather knee-jerk to me. Maybe I'm missing something. Yeah, I believe you're missing the fact that these ports also contain plaintext passwords than can be used to gain access to information on these and other accounts that may or may not have ever traveled over tor. That is the difference. And what is a difference in using the Tor and not using the Tor when you don't use SSL? Only that in the last time your password etc. can see your ISP or governmental systems like european Echelon, Russian SORM and etc. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor 0.2.2.22-alpha is out
Roger Dingledine wrote: Tor 0.2.2.22-alpha fixes a few more less-critical security issues. The main other change is a slight tweak to Tor's TLS handshake that makes relays and bridges that run this new version reachable from Iran again. We don't expect this tweak will win the arms race long-term, but it will buy us a bit more time until we roll out a better solution. Anybody running a relay or bridge who wants it to work for Iran should upgrade. https://www.torproject.org/download/download Changes in version 0.2.2.22-alpha - 2011-01-25 o Major bugfixes: - Fix a bounds-checking error that could allow an attacker to remotely crash a directory authority. Bugfix on 0.2.1.5-alpha. Found by piebeer. - Don't assert when changing from bridge to relay or vice versa via the controller. The assert happened because we didn't properly initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes bug 2433. Reported by bastik. o Minor features: - Adjust our TLS Diffie-Hellman parameters to match those used by Apache's mod_ssl. - Provide a log message stating which geoip file we're parsing instead of just stating that we're parsing the geoip file. Implements ticket 2432. o Minor bugfixes: - Check for and reject overly long directory certificates and directory tokens before they have a chance to hit any assertions. Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by doorss. I installed it in the morning of yesterday or in the morning of the day before yesteray on my debian exit node. How can I do it before this release? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
arm: NameError: global name 'bin' is not defined
Dear Damian, with revision 24158 I am getting the following error when I want to run arm. # ./arm Traceback (most recent call last): File ./src/starter.py, line 378, in module controller.init(conn) File /arm/src/util/torTools.py, line 292, in init self._exitPolicyChecker = self.getExitPolicy() File /arm/src/util/torTools.py, line 766, in getExitPolicy result = ExitPolicy(reject private, result) File /arm/src/util/torTools.py, line 1541, in __init__ lastHop = ExitPolicy(prefix + addr + suffix, lastHop) File /arm/src/util/torTools.py, line 1558, in __init__ self.ipAddressBin += (%8s % bin(int(octet))[2:]).replace( , 0) NameError: global name 'bin' is not defined Thanks, Paul signature.asc Description: This is a digitally signed message part
Re: arm: NameError: global name 'bin' is not defined
Damn, looks like the bin function is new in Python 2.6: http://docs.python.org/library/functions.html#bin Thanks for the catch. In the future please file a trac ticket rather emailing everyone on or-talk. Cheers! -Damian On Sun, Jan 30, 2011 at 12:25 AM, Paul Menzel paulepan...@users.sourceforge.net wrote: Dear Damian, with revision 24158 I am getting the following error when I want to run arm. # ./arm Traceback (most recent call last): File ./src/starter.py, line 378, in module controller.init(conn) File /arm/src/util/torTools.py, line 292, in init self._exitPolicyChecker = self.getExitPolicy() File /arm/src/util/torTools.py, line 766, in getExitPolicy result = ExitPolicy(reject private, result) File /arm/src/util/torTools.py, line 1541, in __init__ lastHop = ExitPolicy(prefix + addr + suffix, lastHop) File /arm/src/util/torTools.py, line 1558, in __init__ self.ipAddressBin += (%8s % bin(int(octet))[2:]).replace( , 0) NameError: global name 'bin' is not defined Thanks, Paul *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor 0.2.2.22-alpha is out
On Sun, 30 Jan 2011 12:48:02 +0330 Hasan mhaliz...@gmail.com wrote: *I have download the new version from https://www.torproject.org/download/download but still i can't connect to tor!! :(* Tor 0.2.2.22-alpha contains 'a slight tweak ... that makes *relays and bridges* that run this new version reachable from Iran again' (emphasis added). Running it as your client will not help you. You need to find a bridge that is running 0.2.2.22-alpha, or find a relay that is running 0.2.2.22-alpha and configure it as a bridge. *My IP Add: [DELETED] * You should not have published your IP address. It is quite easy for your government to use your IP address to identify you and punish you, and no one on this list can use your IP address to help you. Robert Ransom signature.asc Description: PGP signature
Re: Is gatereloaded a Bad Exit?
At some point, we intend to shrink exit policies further as Tor scales to more decentralized schemes. Those exit policies will likely be represented as bits representing subsets of ports. When that time comes, we will very likely combine encrypted and unencrypted versions of ports together, removing this option entirely. Sounds good. But what to do for now? Just creating a list of nodes which only allow unencrypted traffic and put them into the ExcludeExitNodes list? Shouldnt these nodes be excluded by default? I'm unsure. I want to stress again that I'm not saying any operator is doing anything evil, but I think we should find some way to avoid nodes which have such weird exitpolicies. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
The five relays Mike mentioned have been flagged as BadExits [1]. Adding them to your ExcludeExitNodes isn't necessary. -Damian [1] https://trac.torproject.org/projects/tor/wiki/badRelays On Sun, Jan 30, 2011 at 1:33 AM, Jan Weiher j...@buksy.de wrote: At some point, we intend to shrink exit policies further as Tor scales to more decentralized schemes. Those exit policies will likely be represented as bits representing subsets of ports. When that time comes, we will very likely combine encrypted and unencrypted versions of ports together, removing this option entirely. Sounds good. But what to do for now? Just creating a list of nodes which only allow unencrypted traffic and put them into the ExcludeExitNodes list? Shouldnt these nodes be excluded by default? I'm unsure. I want to stress again that I'm not saying any operator is doing anything evil, but I think we should find some way to avoid nodes which have such weird exitpolicies. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
On Sun, 30 Jan 2011 10:33:31 +0100 Jan Weiher j...@buksy.de wrote: At some point, we intend to shrink exit policies further as Tor scales to more decentralized schemes. Those exit policies will likely be represented as bits representing subsets of ports. When that time comes, we will very likely combine encrypted and unencrypted versions of ports together, removing this option entirely. Sounds good. But what to do for now? Just creating a list of nodes which only allow unencrypted traffic and put them into the ExcludeExitNodes list? Shouldnt these nodes be excluded by default? They will be now. The exit scanner detects such nodes, and Mike Perry has just made it easier to mark nodes with suspicious policies with the BadExit flag in the future: https://gitweb.torproject.org/torflow.git/commitdiff/2320961a05e3277534887c7f76036c826a879230 Robert Ransom signature.asc Description: PGP signature
Re: Is gatereloaded a Bad Exit?
2011/1/30 Damian Johnson atag...@gmail.com: The five relays Mike mentioned have been flagged as BadExits [1]. Adding them to your ExcludeExitNodes isn't necessary. -Damian That was really dumb, as it puts a lot more load on the Nodes that support encryption, and, as was mentioned before, _every_ operator could sniff. I will change my Exit Policy now to something like 80, 6667, 21 and if you BadExit it, you'll loose another fast node. Bye! morphium *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
On 01/30/2011 01:56 AM, morphium wrote: 2011/1/30 Damian Johnson atag...@gmail.com: The five relays Mike mentioned have been flagged as BadExits [1]. Adding them to your ExcludeExitNodes isn't necessary. -Damian That was really dumb, as it puts a lot more load on the Nodes that support encryption, and, as was mentioned before, _every_ operator could sniff. Hardly. An important difference is that some people specifically create exit policies to attract traffic worth passively sniffing. In any case, it hardly puts more load on nodes that support encryption unless they also are supporting the unencrypted protocols in the first place. I will change my Exit Policy now to something like 80, 6667, 21 and if you BadExit it, you'll loose another fast node. It sounds like there's now a known reason for your exit policy, I doubt anyone would bad exit you. All the best, Jake *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Hi and Ubuntu install...
Thanks, I see the site was up this earlier, but the gpg call still failed (using gpg 1.4.10) Have written a loop to keep trying to grab it... ~chris On 30 January 2011 00:47, Andrew Lewis and...@pdqvpn.com wrote: Yeah, that server seems to timeout time to time. Retry it a few times and it should work. On Jan 29, 2011, at 6:23 PM, Chris Kimpton wrote: Hi, I am trying to setup Tor on an Ubuntu box, but getting a little glitch on the install - hope this is the correct list to query... I followed the instructions from here: http://www.torproject.org/docs/debian.html.en In particular: Then add this line to your /etc/apt/sources.list file: deb http://deb.torproject.org/torproject.org DISTRIBUTION main where you put the codename of your distribution (i.e. etch, lenny, sid, maverick, lucid, karmic, jaunty, intrepid, hardy or whatever it is) in place of DISTRIBUTION. Then add the gpg key used to sign the packages by running the following commands at your command prompt: gpg --keyserver keys.gnupg.net --recv 886DDD89 I found and installed the package ok, but the gpg line fails - doesnt seem to get to keys.gnupg.net. Is that still current, or is the server just down for now and I should try later... Thanks in advance, Chris *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor 0.2.2.22-alpha is out
*Thanks for your attention* *but when I run Tor I receive these warnings:* *[Warning] Problem bootstrapping. Stuck at 10%: Finishing handshake with directory server. (Socket is not connected [WSAENOTCONN ]; NOROUTE; count 1; recommendation warn)* *[Notice] No current certificate known for authority moria1; launching request.* *[Notice] No current certificate known for authority dannenberg; launching request.* *and Tor status is:* *Establishing an encrypted directory connection* *The Tor Version is:* *The Tor Software is Running - You are currently running version 0.2.1.29 (r8e9b25e6c7a2e70c) of the Tor software.* On Sun, Jan 30, 2011 at 1:01 PM, Robert Ransom rransom.8...@gmail.comwrote: On Sun, 30 Jan 2011 12:48:02 +0330 Hasan mhaliz...@gmail.com wrote: *I have download the new version from https://www.torproject.org/download/download but still i can't connect to tor!! :(* Tor 0.2.2.22-alpha contains 'a slight tweak ... that makes *relays and bridges* that run this new version reachable from Iran again' (emphasis added). Running it as your client will not help you. You need to find a bridge that is running 0.2.2.22-alpha, or find a relay that is running 0.2.2.22-alpha and configure it as a bridge. *My IP Add: [DELETED] * You should not have published your IP address. It is quite easy for your government to use your IP address to identify you and punish you, and no one on this list can use your IP address to help you. Robert Ransom
Re: Is gatereloaded a Bad Exit?
On Sat, 2011-01-29 at 22:45 -0800, Mike Perry wrote: Thus spake Eddie Cornejo (corn...@gmail.com): Forgive my ignorance but this seeks rather knee-jerk to me. Maybe I'm missing something. Yeah, I believe you're missing the fact that these ports also contain plaintext passwords than can be used to gain access to information on these and other accounts that may or may not have ever traveled over tor. That is the difference. Finally there is no way that an exit node can directly affect the mode choices by a client. Ie, apart from a particular node existing, there is no way that a node could force a user to use it. See above. Therefore I submit that having these nodes, whether they are overtly recording traffic or not, does not result in any harm to the TOR network. In fact, their presence lessens the burden on the TOR network as they are providing much needed bandwidth. We don't need bandwidth that bad. So, what's the threat? Why are you considering banning these nodes when, by all accounts, I cannot see them having a negative impact on the network as a whole (in fact, it's probably a positive influence) I believe that allowing these nodes sends a message that we are OK with people monitoring plaintext traffic, because it is anonymized. We have never been OK with this. People use plaintext at their own risk, and yes, they should know better, but this does NOT mean that we are comfortable feeding them to the wolves. If said exits are really interested in helping, they should alter their exit policy to allow encryption and then rekey. They will be banned by identity key, not by IP. Rekeying without fixing the exit policy will just result in IP bans. Could it be that these nodes have set these policies to reduce the possibility of being approached because of illegal activity passing through them? It could be they believe that they're helping with the project and limiting their exposure as bad guys wouldn't use clear text. Take care, Chris signature.asc Description: This is a digitally signed message part
Re: Is gatereloaded a Bad Exit?
On Sat, Jan 29, 2011 at 07:46:20PM +0100, Jan Weiher wrote: Hi, while scrolling through the tor status page (torstatus.blutmagie.de), I stumpled upon the following node (the reason why it came to my eye was the long uptime): gatereloaded 550C C972 4FA7 7C7F 9260 B939 89D2 2A70 654D 3B92 This node looks suspicious to me, because there is no contact info given and the exit policy allows only unencrypted traffic: reject 0.0.0.0/8:* reject 169.254.0.0/16:* reject 127.0.0.0/8:* reject 192.168.0.0/16:* reject 10.0.0.0/8:* reject 172.16.0.0/12:* reject 194.154.227.109:* accept *:21 accept *:80 accept *:110 accept *:143 reject *:* Am I missing something? I'm wondering why the status page lists this node as non-exit, because it clearly allows outgoing traffic on ports 21,80,110 and 143? I'm aware of the fact that it is not recommended to use tor without additional encryption, but some users do. And I dont see any reason for only allowing unencrypted traffic than snooping? Can anyone clearify this? If the admin of this node is on the list, would he please explain this situation? best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ I don't see why any of this really matters. Anyone running tor should have the good sense to realize that if you login to webmail.example.com over plaintext then the node operator could grab your details. It states this repeatedly on torproject IIRC. Furthermore anything really important like financial logins are typically done over SSL anyway. If some guy gets his facebook account hijacked because he didn't read the FAQ I don't see the issue. Just my measly two cents. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
Damian Johnson wrote: The five relays Mike mentioned have been flagged as BadExits [1]. Adding them to your ExcludeExitNodes isn't necessary. -Damian [1] https://trac.torproject.org/projects/tor/wiki/badRelays On Sun, Jan 30, 2011 at 1:33 AM, Jan Weiher j...@buksy.de wrote: At some point, we intend to shrink exit policies further as Tor scales to more decentralized schemes. Those exit policies will likely be represented as bits representing subsets of ports. When that time comes, we will very likely combine encrypted and unencrypted versions of ports together, removing this option entirely. Sounds good. But what to do for now? Just creating a list of nodes which only allow unencrypted traffic and put them into the ExcludeExitNodes list? Shouldnt these nodes be excluded by default? I'm unsure. I want to stress again that I'm not saying any operator is doing anything evil, but I think we should find some way to avoid nodes which have such weird exitpolicies. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ Is it possible to publish a list of bad-exits for copypasting it to /etc/torrc in addition to the above-mentioned list? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Using Mixminion trough the Tor network
Hi, I was wondering if anyone has succeeded torifyng Mixminion. usewithtor output: $ usewithtor mixminion send -t x...@.zzz -i data.asc libtorsocks: The symbol res_send() was not found in any shared library. The error reported was: not found! Mixminion version 0.0.8alpha3 This software is for testing purposes only. Anonymity is not guaranteed. Jan 30 20:06:10.819 +0100 [WARN] This software is newer than any version on the recommended list. Jan 30 20:06:10.820 +0100 [INFO] Generating payload(s)... Jan 30 20:06:10.820 +0100 [INFO] Unrecognized zlib version: '1.2.3.4'. Spot-checking output Jan 30 20:06:10.823 +0100 [INFO] Selected path is [...] Jan 30 20:06:10.851 +0100 [INFO] Packet queued Jan 30 20:06:10.851 +0100 [INFO] Connecting... 20:06:10 libtorsocks(5017): connect: Connection is a UDP or ICMP stream, may be a DNS request or other form of leak: rejecting. Jan 30 20:06:25.678 +0100 [INFO] ... 1 sent libtorsocks: The symbol res_send() was not found in any shared library. The error reported was: not found! tor logs: Jan 30 19:42:07.822 [warn] Destination '[scrubbed]' seems to be an invalid hostname. Failing. Jan 30 20:06:10.851 [warn] Destination '[scrubbed]' seems to be an invalid hostname. Failing. Thanks, emerson. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
There's no point in putting relays flagged as BadExit into your torrc since your client will already avoid them. However, if you want a listing of the bad exits then it's available at: https://trac.torproject.org/projects/tor/wiki/badRelays As for the previous discussion of if plaintext-only exits warrant the flag, here's my bit to add to the discussion: We already filter exit nodes based on suspicion by defaulting ExcludeSingleHopRelays to true (the reason for that being that single hop exits are more likely to be passively monitoring data). We also invalidated the trotsky relays without proof of malicious intent (a suspected sybil attack when over seven hundred identical relays appeared out of the blue). I'm a little in favor of flagging plaintext-only exits, though I agree that it sucks when flagging doesn't have a smoking gun. Cheers! -Damian On Sun, Jan 30, 2011 at 10:58 AM, Orionjur Tor-admin tor-ad...@orionjurinform.com wrote: Damian Johnson wrote: The five relays Mike mentioned have been flagged as BadExits [1]. Adding them to your ExcludeExitNodes isn't necessary. -Damian [1] https://trac.torproject.org/projects/tor/wiki/badRelays On Sun, Jan 30, 2011 at 1:33 AM, Jan Weiher j...@buksy.de wrote: At some point, we intend to shrink exit policies further as Tor scales to more decentralized schemes. Those exit policies will likely be represented as bits representing subsets of ports. When that time comes, we will very likely combine encrypted and unencrypted versions of ports together, removing this option entirely. Sounds good. But what to do for now? Just creating a list of nodes which only allow unencrypted traffic and put them into the ExcludeExitNodes list? Shouldnt these nodes be excluded by default? I'm unsure. I want to stress again that I'm not saying any operator is doing anything evil, but I think we should find some way to avoid nodes which have such weird exitpolicies. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ Is it possible to publish a list of bad-exits for copypasting it to /etc/torrc in addition to the above-mentioned list? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Blocked from yelp.com?
On Sat, 29 Jan 2011 10:24 -0600, David Carlson carlson...@sbcglobal.net wrote: Hi, I am forbidden to access the server yelp.com. Is that because I am a Tor exit node? Thanks David I can confirm this, after accidentally running an exit for a while. There is a mailto link on the 403 page for you to contact them about it - I can't find anything in the site TOS about proxies. GD -- http://www.fastmail.fm - Choose from over 50 domains or use your own *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
On 30/01/11 02:32, and...@torproject.org wrote: On Fri, Jan 28, 2011 at 11:29:25PM +, pump...@cotse.net wrote 2.3K bytes in 53 lines about: : My understanding is that Tor encrypts both the content of a data : packet and also the header. It encrypts the packet and header three : times on the client (my computer) and then at each node one layer is : decrypted until the data packet and header are decrypted to : plaintext at the final exit node (except when TLS is used). Right? Actually, tor wraps the original traffic in encryption and tunnels it through the 3 hops of a circuit. We do not touch the original data. SorryI'm not trying to be dumb but I'm unclear how your answer differs from my assumption. Tor takes all the data (header and content), encrypts it three times on the client (me), and then at each node one layer is unencrypted OR is it all of it unencrypted at the exit node? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
On Sun, 30 Jan 2011 22:33:21 + Matthew pump...@cotse.net wrote: On 30/01/11 02:32, and...@torproject.org wrote: On Fri, Jan 28, 2011 at 11:29:25PM +, pump...@cotse.net wrote 2.3K bytes in 53 lines about: : My understanding is that Tor encrypts both the content of a data : packet and also the header. It encrypts the packet and header three : times on the client (my computer) and then at each node one layer is : decrypted until the data packet and header are decrypted to : plaintext at the final exit node (except when TLS is used). Right? Actually, tor wraps the original traffic in encryption and tunnels it through the 3 hops of a circuit. We do not touch the original data. SorryI'm not trying to be dumb but I'm unclear how your answer differs from my assumption. Tor takes all the data (header and content), encrypts it three times on the client (me), and then at each node one layer is unencrypted OR is it all of it unencrypted at the exit node? Each relay removes one layer of encryption. Tor does *not* encrypt and send packet headers. Tor only relays the data within a TCP connection. Robert Ransom signature.asc Description: PGP signature
Re: Question and Confirmation.
Each relay removes one layer of encryption. Tor does *not* encrypt and send packet headers. Tor only relays the data within a TCP connection. I'm still not getting this. My understanding is that you have the data and the header when using TCP. If only the data is encrypted then what happens to the headers? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
On Sun, 30 Jan 2011 23:15:17 + Matthew pump...@cotse.net wrote: I'm still not getting this. My understanding is that you have the data and the header when using TCP. If only the data is encrypted then what happens to the headers? Does this image help at all? https://svn.torproject.org/svn/projects/presentations/images/tor-keys.svg Your original data is tunnelled through tor. Your original packets are wrapped in onionskins and moved about the globe. -- Andrew pgp 0x74ED336B *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
Each relay removes one layer of encryption. Tor does *not* encrypt and send packet headers. Tor only relays the data within a TCP connection. OK. I get it. I think. Please confirm: The data is encrypted. The header is not encrypted. So if my ISP is monitoring my traffic all they see for the header is the connection to the first Tor node. In which case my question is: where is the information that tells the exit node which DNS resolution to do and therefore which website I am asking for? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Question and Confirmation.
On Sun, 30 Jan 2011 23:33 +, Matthew pump...@cotse.net wrote: Each relay removes one layer of encryption. Tor does *not* encrypt and send packet headers. Tor only relays the data within a TCP connection. OK. I get it. I think. Please confirm: The data is encrypted. The header is not encrypted. So if my ISP is monitoring my traffic all they see for the header is the connection to the first Tor node. In which case my question is: where is the information that tells the exit node which DNS resolution to do and therefore which website I am asking for? In the *HTTP* headers, which are part of the encrypted TCP data payload. GD -- http://www.fastmail.fm - Same, same, but different... *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
I'm aware of the fact that it is not recommended to use tor without additional encryption, but some users do. And I dont see any reason for only allowing unencrypted traffic than snooping? [...] I don't see why any of this really matters. Anyone running tor should have the good sense to realize that if you login to webmail.example.com over plaintext then the node operator could grab your details. It states this repeatedly on torproject IIRC. Furthermore anything really important like financial logins are typically done over SSL anyway. Yes, we all know that, hopefully the average user knows that. But in my opinion this has nothing to do with having an exitpolicy that attracts unencrypted traffic. Just the fact that everyone (hopefully) knows that the traffic can be recorded, it does not make it better if I do? I would have asked the specific operator about his exitpolicy, but as I noted, there is no contact info given, which makes it even more suspicious. Not the fact that there is no contact info - there are many nodes without contact infos - but I thought the combination is odd. If some guy gets his facebook account hijacked because he didn't read the FAQ I don't see the issue. I totally disagree. Of course, you could argue that it's his fault and so forth. I would agree to that, but on the other hand, should accept to make this even easier? Additionally, if some guy gets his account somewhere hacked after having used tor, it looks bad. And at that point, the user does not really care about I told you so!!!. He is going to tell his friends I used tor and my account got hacked.. These nodes are marked as BadExits for now, which does not hurt, because if the operators of these nodes care about Tor, they are going to ask why is my node marked as bad exit and you could have a discussion about it. The operators can tell us why they choose these exitpolicy or we can help to improve them. If those nodes - which have sometimes been up for several months - silently disappear, I know what I'll think. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Polipo bug reporting
On Sun, 30 Jan 2011 22:59:49 + Geoff Down geoffd...@fastmail.net wrote: how do I report a bug with the Polipo in https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.2.22-alpha-0.2.10-ppc.dmg ? And how do I tell which version is in there also please? If that bundle contains a CHANGES file for Polipo, the last entry in it is for the included version of Polipo. ( I saw http://archives.seul.org/or/talk/Jan-2011/msg00161.html but it doesn't specify where the new bugtracker is). We do not know of any new bug tracker for Polipo. If you have a bug report for Polipo itself, report it to the polipo-users mailing list (see https://lists.sourceforge.net/lists/listinfo/polipo-users). Robert Ransom signature.asc Description: PGP signature
Re: Polipo bug reporting
On Sun, 30 Jan 2011 16:20 -0800, Robert Ransom rransom.8...@gmail.com wrote: On Sun, 30 Jan 2011 22:59:49 + Geoff Down geoffd...@fastmail.net wrote: how do I report a bug with the Polipo in https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-0.2.2.22-alpha-0.2.10-ppc.dmg ? And how do I tell which version is in there also please? If that bundle contains a CHANGES file for Polipo, the last entry in it is for the included version of Polipo. ( I saw http://archives.seul.org/or/talk/Jan-2011/msg00161.html but it doesn't specify where the new bugtracker is). We do not know of any new bug tracker for Polipo. If you have a bug report for Polipo itself, report it to the polipo-users mailing list (see https://lists.sourceforge.net/lists/listinfo/polipo-users). Robert Ransom Thank you. There is a Changes.txt file in the .dmg, but it doesn't mention the Polipo version number, it's mainly concerned with Vidalia changes. I can't see any other file with 'Changes' or 'Version' in the name in the .app folder, other than in the Quicktime section. GD -- http://www.fastmail.fm - Or how I learned to stop worrying and love email again *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
Thus spake morphium (morph...@morphium.info): 2011/1/30 Damian Johnson atag...@gmail.com: The five relays Mike mentioned have been flagged as BadExits [1]. Adding them to your ExcludeExitNodes isn't necessary. -Damian That was really dumb, as it puts a lot more load on the Nodes that support encryption, and, as was mentioned before, _every_ operator could sniff. There is no rational reason to carry the unencrypted version of a service but not the encrypted version, except to log data. So unless these 5 nodes were all just playing their favorite lotto numbers in their exit policy, they were being jerks. I am aware that every operator can sniff regardless of policy. Every operator can do a lot of things. The fact that even good exit policies can do bad things is not a necessary condition for allowing bad exit policies. Frankly, this in-your-face selfishness of *only* accepting the unencrypted data because fuck it, that's the only data I want to log just rubs me the wrong way. Not one of those 5 had legit contact info. Two of them actually bothered to fill out the field, but filled it in with a fake email address. All of them just wreak of disrespect for us, for the network, and for our users. Essentially, it's that disrespect that earned them the BadExit flag. If this means that sending the message to them means we take out a few irrational actors in the process, that's fine. I don't much want people playing lotto in their exit policies either. They can stick to middle node and put their lotto numbers in their contact info. I promise that it will work just as well. I will change my Exit Policy now to something like 80, 6667, 21 and if you BadExit it, you'll loose another fast node. *sigh*. And so the cat herding begins. Are you really protesting this policy decision with civil disobedience? Really? Fighting for Great Justice everywhere, eh? Do you have a rational reason why we should allow people to carry the unencrypted version of a service but not the encrypted one, other than Well, they could be bad actors even with a good policy! Or is it just because you feel that someone told to do something and you don't much like being told what to do, regardless of the reasoning? I forbid you from jumping in the nearest lake! I also forbid you from taking your freshly-gimped exit node in for a swim with you! -- Mike Perry Mad Computer Scientist fscked.org evil labs pgpmdWraSdf96.pgp Description: PGP signature
Re: Polipo bug reporting
( I saw http://archives.seul.org/or/talk/Jan-2011/msg00161.html but it doesn't specify where the new bugtracker is). We do not know of any new bug tracker for Polipo. If you have a bug report for Polipo itself, report it to the polipo-users mailing list (see https://lists.sourceforge.net/lists/listinfo/polipo-users). Please note that Polipo is very short on manpower -- there's only me working on it in my copious free time, and it's my nth project, for some large value of n. As Robert mentioned, you're welcome to report your bug on the Polipo mailing list, but please don't expect a timely fix. --Juliusz *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Blocked from yelp.com?
On 1/30/2011 1:53 PM, Geoff Down wrote: On Sat, 29 Jan 2011 10:24 -0600, David Carlson carlson...@sbcglobal.net wrote: Hi, I am forbidden to access the server yelp.com. Is that because I am a Tor exit node? Thanks David I can confirm this, after accidentally running an exit for a while. There is a mailto link on the 403 page for you to contact them about it - I can't find anything in the site TOS about proxies. GD Thank you. When I am blocked, it is hard to ask them why. I did not notice the mailto link. I shall have to try that. David 0xDC7C8BF3.asc Description: application/pgp-keys
