Exit Jisunglove

2010-08-09 Thread Geoff Down
Would the owner of exit Jisunglove
F098 38C3 7C31 1C59 8307 A4B2 BE7C 55AF 740E 5371
please turn of OpenDNS URL filtering.

http://www.fastmail.fm - Send your email first class

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: DuckDuckGo now operates a Tor exit enclave

2010-08-14 Thread Geoff Down

On Sat, 14 Aug 2010 09:20 -0400, "Ted Smith"  wrote:

> An "exit enclave" is when a service operates a Tor exit node with an
> exit policy permitting exiting to that service. Tor will automagically
> extend circuits built to that host from three hops to four, such that
> your traffic will exit on localhost of the service you are intending to
> use. This means that users will use DDG's node when building circuits
> that terminate at duckduckgo.com or whatever.
Really? Duckduckgo.com is on AS19262 Verizon, but when I accessed it, it
was via an exit node on AS30058 ACTIVO-SYSTEMS.


http://www.fastmail.fm - The professional email service

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: DuckDuckGo now operates a Tor exit enclave

2010-08-14 Thread Geoff Down

On Sat, 14 Aug 2010 18:19 +0200, "morphium" 
> > An "exit enclave" is when a service operates a Tor exit node with an
> > exit policy permitting exiting to that service. Tor will automagically
> > extend circuits built to that host from three hops to four, such that
> > your traffic will exit on localhost of the service you are intending to
> > use. This means that users will use DDG's node when building circuits
> > that terminate at duckduckgo.com or whatever.
> Oh cool, so I declare my Tor exit node as an enclave for
> emailProviderNotUsingHTTPS.com and can get a lot of passwords?
> Thats easy!
> I hope enclaves in that sense don't exist! I hope thats a
> misunderstanding! Such a thing would be pretty bad!

 well if the circuit can only be extended to localhost, your exit 
 wouldn't be able to connect to emailProviderNotUsingHTTPS.com's server
 unless you owned emailProviderNotUsingHTTPS.com and it was on the same
 machine, by the sound of it . I'm not sure how you protect from
 modified versions of Tor though.

http://www.fastmail.fm - Email service worth paying for. Try it for free

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Exit poul censoring sites

2010-08-25 Thread Geoff Down
Would the owner of exit Poul (B8EB 1587 F2C8 7E3D C05A 08E7 A68F 375B
5B23 368F) please turn off OpenDNS URL blacklisting.

http://www.fastmail.fm - IMAP accessible web-mail

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor + SELinux sandbox = leak proof without VM overhead?

2010-08-29 Thread Geoff Down

On Sun, 29 Aug 2010 00:25 +0200, "intrigeri"  wrote:
> Hi,
> Gregory Maxwell wrote (22 Aug 2010 00:55:49 GMT) :
> > I think it's obvious that the best way of using tor is running your
> > torrified apps in a VM which can only access the outside world via
> > TOR.
> I doubt there is something like "the" best way of using Tor. One
> always needs to balance the risks vs. the efforts needed to get some
> protection against it. More practically speaking: there are use cases
> the Tor Browser Button is perfect for, but it cannot prevent every
> leakage of anonymity to local disks. Then come Tor-ified VM setups
> that protect users a bit more but still somehow rely on the host
> operating system. Then comes running a Tor-ified Live system such as
> T(A)ILS [1] on bare metal. Each situation has its best fit solution
> but I don't think one solution can be told to be best in any cases.
>   [1] https://amnesia.boum.rog/
 That would be '.org' :)
BTW is there somewhere from where the CACert root certificate (or
fingerprint) can be downloaded with protection from an SSL cert I
already trust? The above link, once corrected, generates an SSL warning.

http://www.fastmail.fm - Same, same, but different...

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: How does Gmail know my local time zone (therefore ignoring the time zone of the Tor exit node) and what else can it see?

2010-09-05 Thread Geoff Down

On Sun, 05 Sep 2010 19:55 +0100, "Matthew"  wrote:
>   Hello,
> I have yet another question that relates to the effectiveness of Tor.
> Gmail (and therefore presumably other webmail operators) knows my 
> computer's time zone.  It does not know the time per se but the "time
> zone" 
> as set (in Ubuntu) through clicking on the clock, selecting preferences, 
> then choosing location.
> Obviously this ignores the time (based on the location) of the Tor exit
> node.
> I do not know how Gmail knows my computer's time zone, and, in which
> case, 
> what other "local" information it can know.
> Does anyone know how Gmail can do this and what other information from
> the 
> client computer can be viewed.  In other words, why can Gmail not, in 
> theory, also view the real local IP?
> Thanks.

Did you select a time zone when you set up the account?
I assume you are using Torbutton, which blocks Javascript being used to
read your local clock.

http://www.fastmail.fm - Same, same, but different...

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: connect Vidalia to a running tor instance [solved]

2010-09-12 Thread Geoff Down

On Sun, 12 Sep 2010 18:55 -0400, and...@torproject.org wrote:
> On Sun, Sep 12, 2010 at 05:19:00PM +0200, tor...@ymail.com wrote 0.4K
> bytes in 12 lines about:
> > solved:
> > It is irritating but one has to tick:
> > "Start the Tor software when Vidalia starts"
> >
> > even if Vidalia just connects to a already running tor instance and  
> > doesn't start tor.
> this doesn't sound correct.   with a shared cookie or hashed passphrase,
> does your vidalia not connect to the existing tor on start?
> The option above should start a new tor process, spawned by vidalia.

I too have tor running at startup as its own user, and that box ticked
in Vidalia. Starting Vidalia later does bring up the password box and
connect to the exisiting process.

http://www.fastmail.fm - IMAP accessible web-mail

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Corrupt state file?

2010-10-02 Thread Geoff Down
just installed Tor (git-eba3f37f17a2af4f) PPC, got the
'Oct 02 22:11:19.841 [warn] Corrupt state file? Build times count
mismatch. Read 29 times, but file says 1900544
Oct 02 22:11:19.850 [warn] or_state_save_broken(): Bug: Unable to parse
state in "[tor data dir]/state". Moving it aside to "[tor data
dir]/state.0".  This could be a bug in Tor; please tell the developers.'
 Client function seems to be fine, and it looks like relay connections
 are being made.
I did a quick search of the archives, apologies if this has come up


http://www.fastmail.fm - Choose from over 50 domains or use your own

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/


2010-10-05 Thread Geoff Down
"[warn] The configuration option 'StrictExitNodes' is deprecated; use
'StrictNodes' instead."
 It would help if such an option were documented in
or shipped in the expert install package.
 Where is it documented please?

http://www.fastmail.fm - A no graphics, no pop-ups email service

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: StrictNodes

2010-10-05 Thread Geoff Down

On Tue, 05 Oct 2010 15:07 -0400, "Andrew Lewman" 
> On Tue, 05 Oct 2010 19:57:42 +0100
> "Geoff Down"  wrote:
> > "[warn] The configuration option 'StrictExitNodes' is deprecated; use
> > 'StrictNodes' instead."
> >  It would help if such an option were documented in
> > https://www.torproject.org/tor-manual.html.en
> > or shipped in the expert install package.
> >  Where is it documented please?
> You are running the -alpha version of tor, therefore you want the
> appropriate man page, https://www.torproject.org/tor-manual-dev.html.en
> Which -alpha package are you using that has the -stable man page
> included?
I was previously unaware that it had *any* manpage included, but I see
now that it is in 'share', not in 'documents'

http://www.fastmail.fm - Same, same, but different...

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: AdvTor

2010-10-09 Thread Geoff Down

On Sat, 09 Oct 2010 13:37 +0200, "Olaf Selke" 
> On 09.10.2010 11:38, Anon Mus wrote:
> > 
> > Prior to end August 2010, if this kind of message was received I just
> > used to close the circuit and try again. Usually it would resolve by the
> > 3rd try. I tested these exits to see if they could resolve other urls,
> > they did so with ease, no errors.
> > 
> > But at the end August every time I closed the circuit I got one of the
> > "blutmagie,blutmagie2,blutmagie3,blutmagie4" exits again and these could
> > not resolve the DNS of webcrawler.com. So I did a little investigation
> > and found that ALL these were not resolving this DNS but simple (web
> > based) one hop proxies put on at the end of tor (globally) could resolve
> > this dns.
> hi there,
> please let me know if there's something wrong with blutmagie's dns
> resolution. "dig webcrawler.com" works perfectly from shell.
> By the way: My employer Telefonica O2 is shutting down the local office
> end of Q1 2011. Besides my job this might lead to the loss of the
> special deal for hosting blutmagie exit node. I doubt to get 200 TB
> traffic each month for free somewhere else.
> http://www.thelocal.de/money/20101008-30361.html
> regards Olaf - blutmagie operator

Sorry to hear about the loss of your job.
 I think the OP has not considered that Webcrawler may be blocking some
 Tor exits after experiencing abuse - the heaviest used exits would be
 the ones likely to show up.
Privoxy's error messages can't be relied on IMO. It would be useful if
tor-resolve had a 'choose exit' option.

http://www.fastmail.fm - Accessible with your email software
  or over the web

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: U.S. begins censoring Internet at U.K.'s request

2010-11-07 Thread Geoff Down

On Sun, 07 Nov 2010 08:05 -0600, "Jon"  wrote:
> On Sat, Nov 6, 2010 at 1:02 PM, Scott Bennett  wrote:
> > I wrote:
> >>http://news.antiwar.com/2010/11/05/us-censors-muslim-websites-list-of-british-mps-who-supported-iraq-war/
> >>
> >> Using exit "chuckthecanuck" gives a Google (!) error page, saying URL
> >>not found.  I'll add that exit to my ExcludeExitNodes list with a comment
> >>that the reason is due to DNS hijacking that is probably related to U.S.
> >>censorship.
> >
> > I changed my mind.  I'm adding {ca},{uk},{us} to my ExcludeExitNodes
> > list with an appropriate comment for later removal in case the U.S. ever
> > calls off its War on the Internet. :-(
> >
> >
>  I don't understand why excluding all exit nodes from the US, CA, and
> UK, especially if you have only one exit node showing the error?
> Altho, I may not understand or I misinterpreted your email
> I had no issues with getting the website on google. I had to copy and
> paste the url as it would not go directly from the email. Actually,
> almost all the url's lately from the email;s don't go directly, I have
> to cut and paste to get to them.
> Jon
The OP is presumably saying that the domain refered to in the
antiwar.com story is unreachable, not antiwar.com itself.
That's because it's been suspended by the registrar: tor-resolve returns
no IP for it and the .com root server reports that no such domain
exists. There may be cached entries floating around though.


http://www.fastmail.fm - IMAP accessible web-mail

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: U.S. begins censoring Internet at U.K.'s request

2010-11-07 Thread Geoff Down

On Sun, 07 Nov 2010 08:29 -0600, "Scott Bennett" 
>  On Sun, 07 Nov 2010 14:17:20 +0000 "Geoff Down"
> wrote:
> >On Sun, 07 Nov 2010 08:05 -0600, "Jon"  wrote:
> >> On Sat, Nov 6, 2010 at 1:02 PM, Scott Bennett  wrote:
> >> > I wrote:
> >> >>http://news.antiwar.com/2010/11/05/us-censors-muslim-websites-list-of-british-mps-who-supported-iraq-war/
> >> >>
> >> >> Using exit "chuckthecanuck" gives a Google (!) error page, saying 
> >> >> URL
> >> >>not found.  I'll add that exit to my ExcludeExitNodes list with a comment
> >> >>that the reason is due to DNS hijacking that is probably related to U.S.
> >> >>censorship.
> >> >
> >> > I changed my mind.  I'm adding {ca},{uk},{us} to my ExcludeExitNodes
> >> > list with an appropriate comment for later removal in case the U.S. ever
> >> > calls off its War on the Internet. :-(
> >> >
> >> >
> >>  I don't understand why excluding all exit nodes from the US, CA, and
> >> UK, especially if you have only one exit node showing the error?
> >> Altho, I may not understand or I misinterpreted your email
> >> 
> >> I had no issues with getting the website on google. I had to copy and
> >> paste the url as it would not go directly from the email. Actually,
> >> almost all the url's lately from the email;s don't go directly, I have
> >> to cut and paste to get to them.
> >> 
> >> Jon
> >> 
> >The OP is presumably saying that the domain refered to in the
> >antiwar.com story is unreachable, not antiwar.com itself.
> >That's because it's been suspended by the registrar: tor-resolve returns
> >no IP for it and the .com root server reports that no such domain
> >exists. There may be cached entries floating around though.
> >
>  Actually, before posting my original note, I had used tor-resolve to
> look for an IP address, and it quickly returned  Doing a
> reverse lookup of that address (also with tor-resolve -x) returned not
> the
> original name but rather qw-in-f121.1e100.net.  Plugging either the IP
> address or the latter name into the URL got me the same Google error
> page.
>  Now, however, tor-resolve on the original name returns
> [warn] Got SOCKS5 status response '4': host is unreachable
> but the reverse lookup still gives the name shown above.

Both domain 1e100.net and IP beong to Google - hence the
Google error message. Whether the censored domain was originally hosted
there, or the DNS record was temporarily changed before deletion, I
couldn't say.

http://www.fastmail.fm - A no graphics, no pop-ups email service

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Vidalia GeoIP

2010-11-07 Thread Geoff Down
I don't use Vidalia much, so I can't say how long this has been the
case, but the last couple of times I have started it up (with Tor
already running) there has been no GeoIP data - no flags in the relay
list, no lines on the map. I've not observed any calls to the GeoIP
server either.
Tor's log does say 'Parsing GEOIP file' at each startup.
 I'm using Tor 0.2.6 on OSX10.3 PPC

http://www.fastmail.fm - Does exactly what it says on the tin

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Vidalia GeoIP

2010-11-08 Thread Geoff Down

On Sun, 07 Nov 2010 19:16 -0800, "Robert Ransom"
> On Mon, 08 Nov 2010 03:07:43 +0000
> "Geoff Down"  wrote:
> > Hi,
> > I don't use Vidalia much, so I can't say how long this has been the
> > case, but the last couple of times I have started it up (with Tor
> > already running) there has been no GeoIP data - no flags in the relay
> > list, no lines on the map. I've not observed any calls to the GeoIP
> > server either.
> > Tor's log does say 'Parsing GEOIP file' at each startup.
> >  I'm using Tor 0.2.6 on OSX10.3 PPC
> See
> <https://blog.torproject.org/blog/shutting-down-vidalia-geoip-mapping-server>
> and upgrade to Vidalia 0.2.10 .
> Robert Ransom
 Thanks for that. It appears that only 0.2.9 is available for OSX PPC.
I hope that can be corrected soon.

http://www.fastmail.fm - Send your email first class

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Vidalia - Country Locations on Tor network map all missing

2010-11-15 Thread Geoff Down

On Mon, 15 Nov 2010 12:28 +, "Anon Mus"
> Using vidalia 0.2.7, Tor (Qt 4.5.3)
> I am not seeing any location in the left box (or anywhere else) against 
> Tor relays, just a ? in a white box.
> Is anyone else seeing this?

I asked this on the 8th :)

http://www.fastmail.fm - The way an email service should be

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor is out

2010-11-17 Thread Geoff Down

On Wed, 17 Nov 2010 17:05 -0500, "Roger Dingledine" 
> Tor fixes several crash bugs that have been nagging
> us lately, makes unpublished bridge relays able to detect their IP
> address, and fixes a wide variety of other bugs to get us much closer
> to a stable release.
> https://www.torproject.org/download/download

Thanks. The Tor-only packages for OSX PPC seem to have disappeared since
the website was revamped (nice look btw).
Is there a more recent version than available to test?

http://www.fastmail.fm - Accessible with your email software
  or over the web

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Wget (was Chrome and Safari IP leak)

2010-12-07 Thread Geoff Down

On Tue, 07 Dec 2010 15:34 -0800, "Mike Perry" 

> Turns out that wget can be 302d between schemes to cause you to bypass
> proxy settings. For example, if you have the $HTTP_PROXY environment
> variable set but nothing for $HTTPS_PROXY, a 302 to an https url will
> cause you to bypass proxy. I wouldn't be surprised if the same could
> happen for an ftp url.

Interesting. If I have in .wgetrc
 https_proxy =
redirection still fails:

 wget -O - https://paypal.com/
--00:27:52--  https://paypal.com/
   => `-'
Connecting to connected.
Proxy request sent, awaiting response... 301 Moved Permanently
Location: https://www.paypal.comhttps://paypal.com/ [following]

Is that a PayPal problem or a Wget problem?


http://www.fastmail.fm - Choose from over 50 domains or use your own

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Firefox problems

2010-12-15 Thread Geoff Down

On Wed, 15 Dec 2010 18:20 -0500, "." 
> I just got the following error message when I tried to start using Tor
> on Firefox;
> /The proxy server is refusing connections
> Firefox is configured to use a proxy server that is refusing
> connections./
> How do I fix this?

Sometimes Polipo stops for no apparent reason. That could be the problem

http://www.fastmail.fm - mmm... Fastmail...

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor is out (security patches)

2010-12-20 Thread Geoff Down

On Mon, 20 Dec 2010 09:15 -0500, "Roger Dingledine" 
> Tor does some code cleanup to reduce the risk of remotely
> exploitable bugs. Thanks to Willem Pinckaers for notifying us of the
> issue. The Common Vulnerabilities and Exposures project has assigned
> CVE-2010-1676 to this issue.
> We also fix a variety of other significant bugs, change the IP address
> for one of our directory authorities, and update the minimum version
> that Tor relays must run to join the network.
> All Tor users should upgrade.

Thanks Roger.
Any progress on the PPC build machine?

http://www.fastmail.fm - Choose from over 50 domains or use your own

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Tor is out (security patches)

2010-12-21 Thread Geoff Down

On Mon, 20 Dec 2010 23:49 -0500, "Justin Aplin"  wrote:
> On Dec 20, 2010, at 9:36 AM, Geoff Down wrote:
> >>
> >> All Tor users should upgrade.
> >
> > Thanks Roger.
> > Any progress on the PPC build machine?
> > GD
> If you're comfortable building from source on your PPC machine, I've  
> just been doing that and copying the four executables into Vidalia.app/ 
> Contents/MacOS. So far it's seemed to work fine, and I get to keep the  
> nice Vidalia interface and folder structure (ie, you won't have to  
> dick around moving your torrc or data directories, etc). It's been  
> holding me over so far.
 I'm not, and I don't have the cycles. I was using the Tor-only package
 to preserve my torrc etc too.

http://www.fastmail.fm - Send your email first class

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Double log entries?

2011-01-05 Thread Geoff Down
Hi All,
Happy New Year.
 I have double entries, including the timestamp, in my Notice-level Tor
 logs. I think it started when I sent a SIGHUP. lsof shows two Write
 file descriptors fwiw. This is Tor OSX PPC, Vidalia is
 not running.
Any ideas?

http://www.fastmail.fm - The way an email service should be

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Double log entries?

2011-01-06 Thread Geoff Down

On Thu, 06 Jan 2011 11:05 -0500, "Nick Mathewson" 
> On Wed, Jan 5, 2011 at 9:32 PM, Geoff Down 
> wrote:
> > Hi All,
> > Happy New Year.
> >  I have double entries, including the timestamp, in my Notice-level Tor
> >  logs. I think it started when I sent a SIGHUP. lsof shows two Write
> >  file descriptors fwiw. This is Tor OSX PPC, Vidalia is
> >  not running.
> > Any ideas?
> Really dumb question: is it possible that you the log configured twice
> in your torrc?
> -- 
> Nick

 Seems a pretty sensible question to me. The log command is duplicated
 in the torrc and in the command starting Tor, as are a couple of other
 options. I'll remove the duplicates.

http://www.fastmail.fm - Email service worth paying for. Try it for free

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Polipo bug Re: Tor is out (security patches)

2011-01-20 Thread Geoff Down

On Tue, 18 Jan 2011 22:11 -0500, "Roger Dingledine" 
> Tor includes all the patches from Tor, which
> continues our recent code security audit work. The main fix resolves
> a remote heap overflow vulnerability that can allow remote code
> execution (CVE-2011-0427). Other fixes address a variety of assert
> and crash bugs, most of which we think are hard to exploit remotely.
> All Tor users should upgrade.

The Polipo in
is broken:

dyld: /Applications/Vidalia.app.new/Contents/MacOS/polipo Undefined
/Applications/Vidalia.app.new/Contents/MacOS/polipo undefined reference
to ___stderrp expected to be defined in /usr/lib/libSystem.B.dylib
/Applications/Vidalia.app.new/Contents/MacOS/polipo undefined reference
to ___stdoutp expected to be defined in /usr/lib/libSystem.B.dylib
Trace/BPT trap

(I renamed the app folder - the old version is working fine with the new
Tor binary).

http://www.fastmail.fm - Email service worth paying for. Try it for free

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Polipo bug Re: Tor is out (security patches)

2011-01-21 Thread Geoff Down

On Fri, 21 Jan 2011 08:32 +0100, "Erinn Clark" 
> * Geoff Down  [2011:01:20 12:56 +]: 
> > The Polipo in
> > https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-
> > is broken:
> > 
> > dyld: /Applications/Vidalia.app.new/Contents/MacOS/polipo Undefined
> > symbols:
> > /Applications/Vidalia.app.new/Contents/MacOS/polipo undefined reference
> > to ___stderrp expected to be defined in /usr/lib/libSystem.B.dylib
> > /Applications/Vidalia.app.new/Contents/MacOS/polipo undefined reference
> > to ___stdoutp expected to be defined in /usr/lib/libSystem.B.dylib
> > Trace/BPT trap
> Hi Geoff,
> Which version of OS X are you using?
Hi Erinn,

http://www.fastmail.fm - Choose from over 50 domains or use your own

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Country-code exit broken in

2011-01-23 Thread Geoff Down
Hi list,
 I know for a fact that there is at least one GB exit running, but

ExitNodes {gb} 
StrictNodes 1

no longer works - no circuits get built.
Tor (git-5f63f0d6312d9f0d) PPC OSX10.3.9
No flags next to the relays in Vidalia either - I thought that was due
to be fixed.


http://www.fastmail.fm - A no graphics, no pop-ups email service

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Country-code exit broken in

2011-01-23 Thread Geoff Down

On Sun, 23 Jan 2011 17:07 -0500, "Nick Mathewson" 
> On Sun, Jan 23, 2011 at 2:42 PM, Geoff Down 
> wrote:
> > Hi list,
> >  I know for a fact that there is at least one GB exit running, but
> >
> > ExitNodes {gb}
> > StrictNodes 1
> >
> > no longer works - no circuits get built.
> > Tor (git-5f63f0d6312d9f0d) PPC OSX10.3.9
> > No flags next to the relays in Vidalia either - I thought that was due
> > to be fixed.
> I just current maint-0.2.2 from the command line and it built circuits
> okay with
> "
> ./src/or/tor -geoipfile ./src/config/geoip -exitnodes '{gb}'
> -strictnodes 1
> "
> Could there be a vidalia issue here?  Could some other option be
> interfering?  Could you have a missing geoip file somehow?
> -- 
> Nick
 Ah this could be a side effect of the Tor-only package not being
 available any more, and me having Tor in a different place from the
 default install. Should geoip be in the Tor directory, or the Tor Data

http://www.fastmail.fm - One of many happy users:

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Country-code exit broken in

2011-01-23 Thread Geoff Down

On Sun, 23 Jan 2011 17:07 -0500, "Nick Mathewson" 
> On Sun, Jan 23, 2011 at 2:42 PM, Geoff Down 
> wrote:
> > Hi list,
> >  I know for a fact that there is at least one GB exit running, but
> >
> > ExitNodes {gb}
> > StrictNodes 1
> >
> > no longer works - no circuits get built.
> > Tor (git-5f63f0d6312d9f0d) PPC OSX10.3.9
> > No flags next to the relays in Vidalia either - I thought that was due
> > to be fixed.
> I just current maint-0.2.2 from the command line and it built circuits
> okay with
> "
> ./src/or/tor -geoipfile ./src/config/geoip -exitnodes '{gb}'
> -strictnodes 1
> "
> Could there be a vidalia issue here?  Could some other option be
> interfering?  Could you have a missing geoip file somehow?
> -- 
> Nick

Ah the logs say
'Failed to open GEOIP file /Applications/Vidalia.app/share/tor/geoip'

There is no /Applications/Vidalia.app/share directory in the latest PPC
Vidalia bundle.
 Creating it and moving the Geoip file fixed the problem pro tem.

http://www.fastmail.fm - Access all of your messages and folders
  wherever you are

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Country-code exit broken in

2011-01-25 Thread Geoff Down
'Failed to open GEOIP file /Applications/Vidalia.app/share/tor/geoip'
> There is no /Applications/Vidalia.app/share directory in the latest PPC
> Vidalia bundle.

And should I raise a bug ticket about this, or is it in hand with the
package developers?

http://www.fastmail.fm - Faster than the air-speed velocity of an
  unladen european swallow

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Blocked from yelp.com?

2011-01-30 Thread Geoff Down

On Sat, 29 Jan 2011 10:24 -0600, "David Carlson"
> Hi,
> I am forbidden to access the server yelp.com.  Is that because I am a
> Tor exit node?
> Thanks
> David
I can confirm this, after accidentally running an exit for a while.
There is a mailto link on the 403 page for you to contact them about it
- I can't find anything in the site TOS about proxies.

http://www.fastmail.fm - Choose from over 50 domains or use your own

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Polipo bug reporting

2011-01-30 Thread Geoff Down
how do I report a bug with the Polipo in
And how do I tell which version is in there also please?
( I saw http://archives.seul.org/or/talk/Jan-2011/msg00161.html but it
doesn't specify where the new bugtracker is).

http://www.fastmail.fm - Accessible with your email software
  or over the web

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Question and Confirmation.

2011-01-30 Thread Geoff Down

On Sun, 30 Jan 2011 23:33 +, "Matthew"  wrote:
>   Each relay removes one layer of encryption.
> > Tor does *not* encrypt and send packet headers.  Tor only relays the
> > data within a TCP connection.
> >
> OK.  I get it.  I think.
> Please confirm:
> The data is encrypted.  The header is not encrypted.
> So if my ISP is monitoring my traffic all they see for the header is the 
> connection to the first Tor node.
> In which case my question is: where is the information that tells the
> exit 
> node which DNS resolution to do and therefore which website I am asking
> for?

 In the *HTTP* headers, which are part of the encrypted TCP data


http://www.fastmail.fm - Same, same, but different...

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Polipo bug reporting

2011-01-30 Thread Geoff Down

On Sun, 30 Jan 2011 16:20 -0800, "Robert Ransom"
> On Sun, 30 Jan 2011 22:59:49 +0000
> "Geoff Down"  wrote:
> > how do I report a bug with the Polipo in
> > https://www.torproject.org/dist/vidalia-bundles/vidalia-bundle-
> > ?
> > And how do I tell which version is in there also please?
> If that bundle contains a CHANGES file for Polipo, the last entry in it
> is for the included version of Polipo.  
> > ( I saw http://archives.seul.org/or/talk/Jan-2011/msg00161.html but it
> > doesn't specify where the new bugtracker is).
> We do not know of any new bug tracker for Polipo.  If you have a bug
> report for Polipo itself, report it to the polipo-users mailing list
> (see <https://lists.sourceforge.net/lists/listinfo/polipo-users>).
> Robert Ransom
 Thank you.
There is a Changes.txt file in the .dmg, but it doesn't mention the
Polipo version number, it's mainly concerned with Vidalia changes.
I can't see any other file with 'Changes' or 'Version' in the name in
the .app folder, other than in the Quicktime section.

http://www.fastmail.fm - Or how I learned to stop worrying and
  love email again

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Polipo bug reporting

2011-01-31 Thread Geoff Down

On Mon, 31 Jan 2011 07:09 +0100, "Juliusz Chroboczek"
> >> ( I saw http://archives.seul.org/or/talk/Jan-2011/msg00161.html but it
> >> doesn't specify where the new bugtracker is).
> > We do not know of any new bug tracker for Polipo.  If you have a bug
> > report for Polipo itself, report it to the polipo-users mailing list
> > (see ).
> Please note that Polipo is very short on manpower -- there's only me
> working on it in my copious free time, and it's my nth project, for some
> large value of n.  As Robert mentioned, you're welcome to report your
> bug on the Polipo mailing list, but please don't expect a timely fix.
> --Juliusz

 Thank you Juliusz, I appreciate your efforts.
Clearly Tor needs to ship with a working Polipo, so if this is a real
fault would the bundle developers please revert to the version which was
in the Vidalia 0.2.9 bundle, which is still working.
Conversely, if this is some misconfiguration on my part, can someone
please explain the error message and what I should change:

"Host Name:  localserver
Date/Time:  2011-01-30 22:39:04 +
OS Version: 10.3.9 (Build 7W98)
Report Version: 2

Command: Vidalia
Version: ??? (???)
PID: 11996
Thread:  Unknown

Link (dyld) error:

dyld: /Applications/Vidalia.app/Contents/MacOS/Vidalia Undefined
/Applications/Vidalia.app/Contents/MacOS/Vidalia undefined reference to
___stderrp expected to be defined in /usr/lib/libSystem.B.dylib

http://www.fastmail.fm - Access all of your messages and folders
  wherever you are

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Polipo bug reporting

2011-01-31 Thread Geoff Down

On Mon, 31 Jan 2011 08:56 -0500, "Andrew Lewman" 
> On Mon, 31 Jan 2011 12:20:10 +0000
> "Geoff Down"  wrote:
> >  Thank you Juliusz, I appreciate your efforts.
> > Clearly Tor needs to ship with a working Polipo, so if this is a real
> > fault would the bundle developers please revert to the version which
> > was in the Vidalia 0.2.9 bundle, which is still working.
> The difference is that the PPC bundle with vidalia 0.2.9 was built on a
> 10.3.9 ppc mac.  However, the 10.3.9 machine died a smelly, melty
> death during a build a few months ago. 

Is nobody freecycling one? http://www.freecycle.org/group/US/

http://www.fastmail.fm - IMAP accessible web-mail

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: IP address blocked on certain site

2011-02-02 Thread Geoff Down

On Wed, 02 Feb 2011 16:27 -0600, "Joe Btfsplk" 
> Using latest stable Vidalia / Tor bundle for Win (Vista x64).
> Never really had this prob before installing latest ver, but could be 
> coincidence.  When using Tor/ Torbutton, only one site gave message (to 
> the effect) "the IP address you're using has been determined to be 
> abusing this site ? / server ?.  Access denied."
> Then it showed the full IP address.  I could never get that site to stop 
> showing that same, blocked address, no matter what I did.
> Tried closing the tab in Firefox.
> Then tried closing Tor & Firefox, restarting.  Same msg from site, w/ 
> same IP address shown.  Also, tried refreshing the Tor network, so all 
> new nodes.  Made no diff.
> After doing the above (& site still showing old IP address when I opened 
> a new browser tab, then tried site again) I checked my ACTUAL current 
> exit IP address by going to a Tor check site.  As I figured, it showed a 
> diff IP address than the blocked site was still showing, at the very 
> same time as I checked at Tor check site.
> Somehow that old IP address was being stored somewhere, even though it 
> was no longer the exit address being used in Tor network.  How / why did 
> the site keep showing the old address after doing all those steps?
> Is there an easier way to deal w/ this problem than the many steps I 
> took?  Thanks.

I had a similar problem with a site. I came to the conclusion that it
was Polipo cacheing. You can try inserting a 'Pragma: No-cache' header
using Modify Headers or a similar addon, though that does make you stand

http://www.fastmail.fm - One of many happy users:

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: IP address blocked on certain site

2011-02-03 Thread Geoff Down

On Thu, 03 Feb 2011 15:30 -0600, "Joe Btfsplk" 
> On 2/2/2011 5:54 PM, Geoff Down wrote:
> >   I came to the conclusion that it
> > was Polipo cacheing. You can try inserting a 'Pragma: No-cache' header
> > using Modify Headers or a similar addon, though that does make you stand
> > out.
> >
> Not sure what you mean by "pragma:  No-cache" header.  How to go about 
> it, & will it (negatively) affect access to, or speed of other site, or 
> other issues?  Or can this header be targeted to a specific target site?
> Is Modify Headers a Firefox addon, or vidalia / Tor addon?
 It's a Firefox Addon and it modifies/filters/inserts HTTP headers into
 the requests Firefox makes. Alterations can be enabled and disabled
 with a click, so you can disable them when not needed.
Headers sent by the browser control which pages are cached. See
Section 14.9 Cache-Control
and http://en.wikipedia.org/wiki/Web_cache#Cache_control

> If didn't use your suggestion (don't know what exactly is involved, or 
> ramifications), which folder / file contains Polipo's cacheing of IP 
> addresses?
> I don't find a Polipo cache file.

Neither could I. It may be entirely in memory. Nevertheless that was the
conclusion I came to. It's not the IP address being cached, it's the
response from the site I would say. Your new request is never being sent
(via your new IP) because Polipo is returning the cached version of the
page IMO.
Anyone have other ideas?

http://www.fastmail.fm - Access all of your messages and folders
  wherever you are

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: IP address blocked on certain site

2011-02-04 Thread Geoff Down

On Thu, 03 Feb 2011 22:21 -0500, "Aplin, Justin M" 
> On 2/3/2011 8:28 PM, Joe Btfsplk wrote:
> > I am using Torbutton.  It is supposed to Torrify Firefox - yes?
> In a roundabout way, yes. Torbutton forwards Firefox traffic to Polipo, 
> which in turn sends the traffic to the SOCKS port of Tor. Disabling 
> Torbutton and entering the Tor SOCKS information into Firefox's network 
> configuration would skip the Polipo part, and eliminate any problems you 
> might be having with some hidden Polipo cache.
 I understood that Firefox couldn't be trusted to not leak DNS requests,
 hence the need for an HTTP proxy like Polipo. I'm running an old
 version of Firefox though - are the newer ones fixed in this regard?

http://www.fastmail.fm - mmm... Fastmail...

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Sent e-mails going into spam folders.

2011-02-09 Thread Geoff Down

On Wed, 09 Feb 2011 10:18 +0100, "Karsten N."
> Am 09.02.2011 10:06, schrieb Karsten N.:
> > (I did found an other solution for SMTP)
> Sorry - I did NOT found an other solution. :-(
> For webmail it is the same problem. Most webmail provider add the sender
> IP address to the mail header:
> >  Received: from
> >   (SquirrelMail authenticated user medium)
> >   by mail.provider.tld with HTTP;
> >  Date: Fri, 14 May 2010 07:37:04 +0300 (EAT)
> If was a tor node, some mail providers will set the spam
> flag if a DNSBL was used.
> May be, some mail providers does not add the sender IP address to the
> mail header? Google Mail does not add it. Any other?
Fastmail, maybe Gawab.com

http://www.fastmail.fm - Same, same, but different...

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Re: Is "gatereloaded" a Bad Exit?

2011-02-11 Thread Geoff Down

On Fri, 11 Feb 2011 17:44 +, "John Case" 
> There are a small number of easily identifiable "cons" to letting an exit 
> run like this, and there are an unlimited number of unknown "pros" to 
> letting an exit run like this.  You should know this.

 Leaving aside the original question of whether to BadExit GateReloaded,
 I'm afraid this argument is without merit.
A rational decision can only be made on the basis of that for which you
have evidence. There will always be an infinite number of things for
which you have no evidence, but which you can imagine. Your argument
appears to be equivalent to Pascal's argument for worshipping God -
which has always been open to the rejoinder "which god, worshipped
 Until you can quantify the "pros", it is only rational to behave on the
 basis of the quantifiable "cons".

http://www.fastmail.fm - Does exactly what it says on the tin

To unsubscribe, send an e-mail to majord...@torproject.org with
unsubscribe or-talkin the body. http://archives.seul.org/or/talk/

Phish filters on exit nodes

2008-06-08 Thread Geoff Down

 I work in antiphishing, and use Tor to access some phish sites.
Today I got an OpenDNS Phish Warning page instead of the phish I was 
trying to see. The site was visible with Tor switched off.

 Is there a policy regarding content filtering at exit nodes?
I recorded the 'Connections' data at the time, is there any point in 
trying to work out the exit node involved and trying to contact them?


Re: Phish filters on exit nodes

2008-06-08 Thread Geoff Down

Thanks for the feedback,
the Connections info at the time was

How do I tell from this which was the exit node ?
The page http://cassandra.eecs.harvard.edu/cgi-bin/exit.py was down 
momentarily but is back online now.

On 8 Jun 2008, at 23:57, Matt Nordhoff wrote:

Jacob Appelbaum wrote:
Try visiting the OpenDNS preferences page from that node. Someone 

than the Admin of the node may have enabled the OpenDNS anti-phishing

You may also just want to email the admin of the Exit node and ask in
the first place...

(Disclaimer, once in another lifetime, I worked on OpenDNS and it may
not even be possible to change the preferences of a given IP address 

such a way anymore...)

To change your prefs, you have to be logged in, and you can do it from
any IP address.

(The prefs are still applied based on your IP address(es), of course.)

Jacob Appelbaum


Re: Phish filters on exit nodes

2008-06-11 Thread Geoff Down
The owner of one of the exit nodes has replied to tell me that OpenDNS 
has phish-filtering  on by default but that it is now turned off on 
that node.

Thanks to them and to all who helped me out.
On 10 Jun 2008, at 03:31, downie wrote:

I've done as suggested by OtherGeoff and emailed the addresses found 
in the exit-node descriptions.
One was an abuse@ address though, which may or may not get through to 
the right person.


Re: German Fed???

2008-06-26 Thread Geoff Down

On 26 Jun 2008, at 10:47, Alexander W. Janssen wrote:

Don't take the bait. I bet those weirdos who put that information up 

Web are just playing with their wieners, drooling over your disgust.

Not Wieners, Berliners (wrong country,wrong type of food) :-P


Re: icann opening up of tld's

2008-06-28 Thread Geoff Down
Presumably any problems could be avoided by changing the pseudo-tld to 
something really obscene...

On 28 Jun 2008, at 12:30, Dawney Smith wrote:

Hash: SHA1


Regarding icann's announcement on Thursday about the opening up of 

detailed at this url:


What would be the hidden service privacy implications of someone
registering the .onion tld? Is this something the tor project should
look into doing next year?


Re: icann opening up of tld's

2008-06-28 Thread Geoff Down
I like it when they peel their layers off reeeally slowly - makes my 
eyes water just thinking about it ;)

On 28 Jun 2008, at 13:51, Alexander W. Janssen wrote:




Fwd: Flyspray task #698 - Uncaught exception on blocking local file network access

2008-07-05 Thread Geoff Down
This bug has been closed, but I was actually reporting it purely for  
the fact that it throws an uncaught exception error - I assume you  
don't want to fill up the Error Console with unnecessary alerts ;)
I'm glad local file blocking is not mandatory - I use a local  
Javascript utility whilst using Tor.


Begin forwarded message:

Date: 27 June 2008 10:34:45 BST
Subject: Flyspray task #698 - Uncaught exception on blocking local  
file network access


Notice from Torbutton

Mike Perry (mikeperry) has closed the following task. You are receiving
this because you are on the notification list.

Task #698: Uncaught exception on blocking local file network access
The reason for closing is: Won't fix
 This pref has been split into non-tor and tor access. It is not
recommended you access html pages downloaded via Tor via file urls, and
tor access of file urls is currently blocked. Please feel free to  

this option at your own risk.

You can get more information about this task at the following URL:

Re: Flyspray task #698 - Uncaught exception on blocking local file network access

2008-07-06 Thread Geoff Down

Thanks, I've attached a POC file.
On 7 Jul 2008, at 00:46, Mike Perry wrote:

Thus spake Geoff Down ([EMAIL PROTECTED]):

This bug has been closed, but I was actually reporting it purely for
the fact that it throws an uncaught exception error - I assume you
don't want to fill up the Error Console with unnecessary alerts ;)
I'm glad local file blocking is not mandatory - I use a local
Javascript utility whilst using Tor.

Hrmm. So this exception may just be because of the content policy
denying the load.. But I've re-opened the bug if you want to attach an
example file html page that triggers the exception.

Mike Perry
Mad Computer Scientist
fscked.org evil labs

Re: Archive & email addresses

2008-09-01 Thread Geoff Down

The webmaster has changed to forum to require registration to view.
I'm not sure this addresses the problem really - I suppose it stops 
search engines. Or should.

Do you use a regex to prune addresses from the official archive?
On 29 Aug 2008, at 07:26, Roger Dingledine wrote:

On Fri, Aug 29, 2008 at 06:17:22AM +, downie wrote:

 can the email addresses be concealed on the mail4liste.de forum 

I get enough spam already.

I doubt anybody here runs mail4liste.de. It certainly isn't the
official Tor list archives. (And we did prune email addresses from the
archives.seul.org lists.)

Perhaps you should contact somebody at mail4liste.de to get them to do
so? If they refuse, I suppose I can unsubscribe the address.


Re: Google's Chrome Web Browser and Tor

2008-09-04 Thread Geoff Down

Is there an echo in here?
Is there an echo in here?
On 4 Sep 2008, at 23:46, Kyle Williams wrote:

I've also noticed that while using the "incognito" feature, I was able 
to see my history from a regular browser window.

If I were to visit "www.microsoft.com" in a regular window, opened a 
new "incognito" window, then type in "www" in the URL bar, it shows 
that I've visited "www.microsoft.com" or any other site that was 
visited from a regular browser window. 

So it looks like the History in a regular browser window is accessible 
from the "incognito" window, but not the other way around.

On Thu, Sep 4, 2008 at 3:27 PM, Hideki Saito <[EMAIL PROTECTED]> wrote:

Just curious to how private is their private browsing feature. Don't
 feel much secure to me for plugins (perhaps cookies are isolated 

 as it is not really meant for use with Tor...

 > Hi all,
 > I've been playing around with Google's new web browser and Tor.  I
 > thought it might be good to share my findings with everyone.
 > After reading Google's privacy policy[1], I for one would not want 

 > use this on a regular basis, if at all.
 > The first bug I tried was an old one I found with Firefox; the 

 > URI type.
 > Any link that has a NEWS:// URI will launch Outlook Express and
 > attempt to contact the server in the URL...without using Tor.
 > The second bug I found resulted in local file/folder disclosure.
 > This is very similar to the one I found in Internet Explorer.
 > The third bug I found was with MIME-TYPEs, specifically Windows 

 > Player supported formats.
 > The BANNER tag can also leak your IP address when the playlist is
 > loaded *IF* WMP is not set to use a proxy.
 > Also, a playlist in WMP can specify protocols that use UDP, hence, 

 > proxy support...no Tor.
 > On the flip-side, it is very cool how each browser tab is it's own
 > process, making several types of attacks much more difficult.
 > However, with an invasive privacy policy, local proxy bypassing, 
 > local files/folders able to be read from your hard drive, I've 

 > not to use this browser.
 > It just doesn't feel privacy/anonymity friendly to me.
 > Anyone else want to chime in on this?
 > - Kyle
 > [1] http://www.google.com/chrome/intl/en/privacy.html
 > (Basically states you have no privacy when using Chrome)

Force exitnode oddness

2008-09-29 Thread Geoff Down

 I'm trying to force the use of an exit node in France to view a site 
using .exit in the URL.

I get a 404 page with the exitnode in the error message:
"The requested URL /Images/.../ was not found on this server.
Apache/2.0.54 (Unix) PHP/4.4.0 Server at ..exit Port 80"
 This is the right Server identifier - I am getting through to the site 
but the hostname is being rejected because it contains the ..exit 
Presumably that should have been stripped by my Tor client or the exit 

I'm using Tor OSX10.3.9
 On a related note, does using the ..exit notation affect the 
domain that cookies are stored under?


Re: Force exitnode oddness

2008-09-29 Thread Geoff Down
I have Privoxy, so that is possible (if anyone has the filter rule 
already I would appreciate it).
But if Privoxy strips the .exit bit, how does Tor then get the 
information about which node to use?

On 30 Sep 2008, at 01:13, coderman wrote:

On Mon, Sep 29, 2008 at 5:07 PM, Geoff Down <[EMAIL PROTECTED]> 

the hostname is being rejected because it contains the ..exit .
Presumably that should have been stripped by my Tor client or the 
exit node.

you actually need a proxy that supports the .exit syntax scrubbing,
like privoxy with appropriate rules, in order to use .exit syntax for
a virtual host domain to work properly.  otherwise, the host header
(and possibly other values, like cookie domain) will be incorrect.

best regards,

Re: Force exitnode oddness

2008-09-29 Thread Geoff Down

Those nice people at Privoxy have anticipated the need :)
+filter {hide-tor-exit-notation}

It looks like cookies are sent properly even though they are stored 
under the modified domain name.
It also looks like some page requisites (images etc) may be fetched 
from a different circuit i.e. not respecting the forced exit node. 
Could be a problem if the page contains absolute URIs.
It's an interesting problem. I suppose the only way to be sure is to 
edit the Tor config for strict-exit-nodes and restart it?

On 30 Sep 2008, at 03:38, John Brooks wrote:

Tor cares about the hostname it is told to connect to having the
'.exit' suffix - privoxy won't modify that (afaik). What you want to
modify with privoxy is the Host header, so the server you're
connecting to can properly handle virtual hosting. So, you want a
filter rule to modify the Host header and remove '.something.exit'
from the end if present. I'm not a privoxy user myself, so I don't
have any insight on how to actually do that, but I hope that helps.

- John Brooks

On Mon, Sep 29, 2008 at 8:14 PM, Geoff Down <[EMAIL PROTECTED]> 
I have Privoxy, so that is possible (if anyone has the filter rule 
already I

would appreciate it).
But if Privoxy strips the .exit bit, how does Tor then get the 

about which node to use?
On 30 Sep 2008, at 01:13, coderman wrote:

On Mon, Sep 29, 2008 at 5:07 PM, Geoff Down <[EMAIL PROTECTED]> 

the hostname is being rejected because it contains the ..exit 
Presumably that should have been stripped by my Tor client or the 


you actually need a proxy that supports the .exit syntax scrubbing,
like privoxy with appropriate rules, in order to use .exit syntax for
a virtual host domain to work properly.  otherwise, the host header
(and possibly other values, like cookie domain) will be incorrect.

best regards,

Re: Force exitnode oddness

2008-09-30 Thread Geoff Down
Thanks, that's very helpful, I understand what's going on a bit better  
The Tor bundle comes with Privoxy 3.0.6 still, I had some issues with  
the Privoxy Utility in 3.0.10 not running properly so I reverted.

On 30 Sep 2008, at 17:25, Fabian Keil wrote:

Geoff Down <[EMAIL PROTECTED]> wrote:

Those nice people at Privoxy have anticipated the need :)
+filter {hide-tor-exit-notation}

In Privoxy 3.0.8 and later, it's:


Using "/", as Referer headers send to "normal" URLs
while leaving .exit URLs can leak the exit notation
as well (if they aren't blocked anyway).

It looks like cookies are sent properly even though they are stored
under the modified domain name.
It also looks like some page requisites (images etc) may be fetched
from a different circuit i.e. not respecting the forced exit node.
Could be a problem if the page contains absolute URIs.

While it's a bit more work than simply adding the exit notation
in the browser, you can have Privoxy add it behind the browser's back.
Another advantage is that it works for SSL as well (no certificate  

For an example have a look at:

(note that the fingerprint has changed, though)

And in case you aren't using Privoxy, there's always MapAddress.
Quoting tor(1):
| MapAddress address newaddress
|   When a request for address arrives to Tor, it will rewrite it  
|   newaddress before processing it. For example, if you always  
|   connections  to  www.indymedia.org  to exit via torserver  
|   torserver is  the  nickname  of  the  server),  use   

|   www.indymedia.org www.indymedia.org.torserver.exit".


Re: unsubscribe

2008-10-09 Thread Geoff Down
It would never have occurred to me to check the headers either, so 
perhaps you are being too hard on them.

On 9 Oct 2008, at 13:24, sigi wrote:

Hi John,

On Thu, Oct 09, 2008 at 04:15:35AM -0700, John Mosgrove wrote:

unsubscribe me.

Please write your Mail to [EMAIL PROTECTED] with mailbody including:
unsubscribe or-talk

When finally will list-subscribers check their mailheaders for this?


Fwd: unsubscribe PS[offtopic}

2008-10-09 Thread Geoff Down
BTW, Hotmail users with Macs can't reliably access email headers at 
all, and yes that is stupid of Hotmail but they don't care.

Begin forwarded message:

From: Geoff Down <[EMAIL PROTECTED]>
Date: 9 October 2008 19:08:35 BST
To: or-talk@freehaven.net
Subject: Re: unsubscribe
Reply-To: or-talk@freehaven.net

It would never have occurred to me to check the headers either, so 
perhaps you are being too hard on them.

On 9 Oct 2008, at 13:24, sigi wrote:

Hi John,

On Thu, Oct 09, 2008 at 04:15:35AM -0700, John Mosgrove wrote:

unsubscribe me.

Please write your Mail to [EMAIL PROTECTED] with mailbody including:
unsubscribe or-talk

When finally will list-subscribers check their mailheaders for this?


Re: same first hops

2008-10-09 Thread Geoff Down

On 9 Oct 2008, at 13:33, Scott Bennett wrote:
 While we're on this subject, I'd like to point out a problem with 
current data rate capacity testing during server initialization.  In 
to get some initial observations of the available data rates over a 
network connections, tor builds a few (3?) test circuits that make a 
from itself into the tor network and then back to itself.  At present 
uses the normal route length to do this, which can give a drastically 
measurement.  A better way would seem to be to use a single hop, i.e., 
circuit that goes to one other relay and the back to its source.  That 
still provide a low estimate however, so the value obtained from a 
hop test probably ought to be doubled for use as an estimate of the 
data rate

capacity of the server that is being initialized.

Interestingly, I had about 6 single nodes showing on the Vidalia 
network map yesterday, whilst my traffic was going via a normal 3-node 
circuit and another 3-node circuit was in preparation.

The single nodes disappeared after 20 minutes or so.


Re: same first hops

2008-10-09 Thread Geoff Down

On 10 Oct 2008, at 03:40, Scott Bennett wrote:

 On Thu, 9 Oct 2008 19:23:48 +0100 Geoff Down 


Interestingly, I had about 6 single nodes showing on the Vidalia
network map yesterday, whilst my traffic was going via a normal 3-node
circuit and another 3-node circuit was in preparation.
The single nodes disappeared after 20 minutes or so.

 Were those nodes your entry guards by any chance?  Although tor 
tries to build a few (3?) circuits, once they have expired and no 
longer have
any active streams in them, they get torn down *except* for the links 
your client and the entry guard nodes.  This not only improves 
security, but
also means that a new circuit already has the first hop connected when 

goes to build that new circuit.
 Of course, that doesn't explain why those links disappeared after 

20 minutes, and right offhand, no other explanation comes to mind.

They weren't my usual entry nodes, no. It's a mystery.

Re: unsubscribe

2008-10-10 Thread Geoff Down

On 10 Oct 2008, at 10:00, Erilenz wrote:

 I'm sure a 30 second google would have been

Actually Google returns four result, all of which have the correct 
email address obliterated to prevent spamming ;) .

We're all capable of making incorrect assumptions.

Re: unsubscribe

2008-10-10 Thread Geoff Down

I guess we'll have to agree to disagree.

On 10 Oct 2008, at 19:27, Scott Bennett wrote:

 On Fri, 10 Oct 2008 18:29:39 +0100 Geoff Down 


On 10 Oct 2008, at 10:00, Erilenz wrote:

 I'm sure a 30 second google would have been

Actually Google returns four result, all of which have the correct
email address obliterated to prevent spamming ;) .
We're all capable of making incorrect assumptions.

 All of that is basically unnecessary and irrelevant.  Nearly all 
mailing lists that use an automated subscription process send an email 
to each new subscriber to confirm that the subscriber's attempt to 
has succeeded.  Many use an intermediate step of an email exchange in 
the subscriber must confirm that he/she did, in fact, wish to 
subscribe (i.e.,
the subscription request wasn't faked by someone else).  In any case, 
confirmation message almost always includes instructions for 
and often for modifying the subscription in other ways.  The OR-TALK 
is no exception.  Anyone with enough functioning neurons to use a 
can see that they should keep a copy of the confirmation message 
the instructions for getting off the list.  That's just common sense.  
they aren't doing that, it's because they are generally inconsiderate 
expect the world to tie their shoelaces for them, wipe their butts for 

when they crap, etc.
 If I were the list owner, I would be tempted to leave them 
but block their email address from being able to post to the list.  
That way
they would still have to take some responsibility for getting what 
they want,

but could no longer harass my list.

  Scott Bennett, Comm. ASMELG, CFIAG
* Internet:   bennett at cs.niu.edu  *
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."   *
*-- Gov. John Hancock, New York Journal, 28 January 1790 *

Single nodes (was same first hops)

2008-10-10 Thread Geoff Down

On 10 Oct 2008, at 07:25, Geoff Down wrote:

On 10 Oct 2008, at 03:40, Scott Bennett wrote:

 On Thu, 9 Oct 2008 19:23:48 +0100 Geoff Down 


Interestingly, I had about 6 single nodes showing on the Vidalia
network map yesterday, whilst my traffic was going via a normal 

circuit and another 3-node circuit was in preparation.
The single nodes disappeared after 20 minutes or so.

 Were those nodes your entry guards by any chance?  Although tor 
tries to build a few (3?) circuits, once they have expired and no 
longer have
any active streams in them, they get torn down *except* for the links 
your client and the entry guard nodes.  This not only improves 
security, but
also means that a new circuit already has the first hop connected 
when tor

goes to build that new circuit.
 Of course, that doesn't explain why those links disappeared 
after about

20 minutes, and right offhand, no other explanation comes to mind.

They weren't my usual entry nodes, no. It's a mystery.

It's just happened again - 12 single nodes as well as my 3 normal entry 
nodes and their circuits.
Is there some level of logging I should have on to capture what's going 


Re: Single nodes (was same first hops)

2008-10-10 Thread Geoff Down

On 10 Oct 2008, at 20:36, Roger Dingledine wrote:

On Fri, Oct 10, 2008 at 08:21:54PM +0100, Geoff Down wrote:

They weren't my usual entry nodes, no. It's a mystery.

It's just happened again - 12 single nodes as well as my 3 normal 

nodes and their circuits.
Is there some level of logging I should have on to capture what's 


Tor makes its directory fetches using one-hop circuits. It started 

this in
  - Enable encrypted directory connections by default for non-relays,
so censor tools that block Tor directory connections based on their
plaintext patterns will no longer work. This means Tor works in
certain censored countries by default again.

Vidalia shows all the circuits, because it can't really distinguish 

you (or your Tor) are planning to use the circuit for.

Down the road, we may switch it so it makes these one-hop circuits to 

entry guards. No point revealing your existence to any more relays than
you have to. The phrase for this new design would be "directory 

you can see it scattered about the TODO file and roadmaps.


Aha! Thanks Roger. I went straight from to when I 
downloaded the latest Tor-Privoxy-Vidalia bundle, so if there was 
anything in the release notes I missed it.

I don't think I've ever seen the roadmap.

Problems starting relay

2008-11-01 Thread Geoff Down

I'm having trouble starting up a Tor relay.
Once I set up port forwarding (I've tried to set it up for TCP and 
UDP), should I be able to

a) Ping myself from a looking-glass service
b) Traceroute myself from a looking glass ?
At the moment neither of these work.
I get 'cannot confirm you can be seen from the outside world' errors.
I'm on a dynamic IP, Mac OSX, I haven't changed any of the defaults 
from the Vidalia bundle.

the logs say
'Nov 02 04:35:41.569 [Notice] Opening OR listener on'


Re: Problems starting relay

2008-11-01 Thread Geoff Down

thanks for the response.
I have no ORListenAddress line in the torrc file - I will try adding 
that line.

The OrPort line is
ORPort 9001
as expected for non-windows
Versions are
 Tor v0.2.0.31 (r16744)
Vidalia 0.1.9


On 2 Nov 2008, at 05:09, Jonathan Addington wrote:

I can only be of so much help compared to many of the others on this
list but I'll give it a shot as I am posting as it.

On Sat, Nov 1, 2008 at 11:50 PM, Geoff Down <[EMAIL PROTECTED]> 

I'm having trouble starting up a Tor relay.
Once I set up port forwarding (I've tried to set it up for TCP and 

should I be able to

Tor only operates in TCP, you don't need to set yourself up UDP.

a) Ping myself from a looking-glass service
b) Traceroute myself from a looking glass ?
At the moment neither of these work.
I get 'cannot confirm you can be seen from the outside world' errors.
I'm on a dynamic IP, Mac OSX, I haven't changed any of the defaults 
from the

Vidalia bundle.
the logs say
'Nov 02 04:35:41.569 [Notice] Opening OR listener on'

It probably shouldn't be listening on localhost:9001 or are normal unless OS X is different from Windows &
Linux (sorry, not real familiar with Macs).

Changing that may be enough. It would mean editing your torrc file so
the  ORListenAddress  line is something like

ORListenAddress localhost:9001

-or--not both-


Also, your ORPort line (default: ORPort 9001) must match the above
lines. E.g., if

ORPort 2394


ORListenAddress localhost:2394


Hopefully this helps. If not, it is possible your port forwarding is
setup incorrectly. If your computer gets a different IP from your
router every so often it can cause problems (depending on the router).

I have found it is easier to make sure my Tor server has a static IP
*inside* my network. E.g., my Tor server always has the address
192.168.1.xxx. This is is easy to configure with most routers. If you
need to configure it this way and have not I or someone else on this
list ought to be able to help you.

Other questions for you to answer:
1) Whatever version or Tor/Vidalia are you running?
2) What router do you use?


Re: Problems starting relay

2008-11-01 Thread Geoff Down

I downloaded the Vidlalia/Tor/Privoxy bundle all together.
I'm pretty sure my PC hasn't changed from from the point of 
view of the router (there's nothing else on the LAN). It's a Safecom 
SWART2-54125 BTW.
Other than port forwarding, I have no idea what other settings there 
could be. I have software to prevent outgoing connections, but no 
software firewall to prevent incoming ones as far as I know - the 
router is supposed to handle that.

On 2 Nov 2008, at 05:30, Jonathan Addington wrote:

On Sun, Nov 2, 2008 at 12:21 AM, Geoff Down <[EMAIL PROTECTED]> 

thanks for the response.
I have no ORListenAddress line in the torrc file - I will try adding 

The OrPort line is
ORPort 9001
as expected for non-windows
Versions are
 Tor v0.2.0.31 (r16744)
Vidalia 0.1.9

Did you download Tor and Vidalia separately?

I assume this is the stable version of Tor?

Also, post if these changes (or others) work for you.

Finally, I obviously have no idea you are setup. But if your computer
gets a dynamic address from the router (standard DHCP setup) you may
want to check the port forward part again. It is *possible* that your
computer changes IP's (again, internally) since you set up the port


On 2 Nov 2008, at 05:09, Jonathan Addington wrote:

I can only be of so much help compared to many of the others on this
list but I'll give it a shot as I am posting as it.

On Sat, Nov 1, 2008 at 11:50 PM, Geoff Down <[EMAIL PROTECTED]> 

I'm having trouble starting up a Tor relay.
Once I set up port forwarding (I've tried to set it up for TCP and 

should I be able to

Tor only operates in TCP, you don't need to set yourself up UDP.

a) Ping myself from a looking-glass service
b) Traceroute myself from a looking glass ?
At the moment neither of these work.
I get 'cannot confirm you can be seen from the outside world' 
I'm on a dynamic IP, Mac OSX, I haven't changed any of the defaults 

Vidalia bundle.
the logs say
'Nov 02 04:35:41.569 [Notice] Opening OR listener on'

It probably shouldn't be listening on localhost:9001 or are normal unless OS X is different from Windows &
Linux (sorry, not real familiar with Macs).

Changing that may be enough. It would mean editing your torrc file so
the  ORListenAddress  line is something like

ORListenAddress localhost:9001

-or--not both-


Also, your ORPort line (default: ORPort 9001) must match the above
lines. E.g., if

ORPort 2394


ORListenAddress localhost:2394


Hopefully this helps. If not, it is possible your port forwarding is
setup incorrectly. If your computer gets a different IP from your
router every so often it can cause problems (depending on the 

I have found it is easier to make sure my Tor server has a static IP
*inside* my network. E.g., my Tor server always has the address
192.168.1.xxx. This is is easy to configure with most routers. If you
need to configure it this way and have not I or someone else on this
list ought to be able to help you.

Other questions for you to answer:
1) Whatever version or Tor/Vidalia are you running?
2) What router do you use?


Re: Problems starting relay

2008-11-01 Thread Geoff Down

I'm not mirroring the directory server (yet) so I assume I don't need 
to worry about the directory port.
I did enable UPnP on my router (temporarily) and tried the Test button 
in the Vidalia Relay setup page, and it reported 'Success'. However, on 
examining the Port Forwarding page, there was then no sign of a rule 
for Tor or Vidalia.

I disabled UPnP after that.
I'm using OSX 10.3.9.
I went into the Firewall section of 'Sharing' and added a rule for Tor:
"This is your firewall entry for Tor: it is currently on and all TCP 
network traffic on port(s) 9001 is being let through".

Yet still I get
"[Warning] Your server (xx.xx.xx.xx:9001) has not managed to confirm 
that its ORPort is reachable. Please check your firewalls, ports, 
address, /etc/hosts file, etc"

My Port Forwarding rule (added manually) says
"Protocol TCP
Port Start 9001
Port End 9001
Port Map 9001"
 Is there a way I can check the Port Forwarding independently of Tor?


On 2 Nov 2008, at 05:54, [EMAIL PROTECTED] wrote:

On Sun, Nov 02, 2008 at 05:45:40AM +, [EMAIL PROTECTED] wrote 
3.5K bytes in 113 lines about:

I downloaded the Vidlalia/Tor/Privoxy bundle all together.

Then all you need to do to run a relay is configure one via the Vidalia
"Setup Relaying" button in the Vidalia Control Panel.
Tor will generally figure out the rest.

If your router supports upnp, Vidalia will attempt to configure any 

forwarding for you.

If not, then yes, you need to port forward your orport and dirport from
the external router to your machine.  If for some reason you use the 

firewall, you'll also need to open the tcp ports for the orport and
dirport.  If you are using 10.5 (leopard), when you configure a relay
through vidalia, the system should ask you to allow or deny the correct

The easiest next step may be to start with a fresh torrc and let 

do the work of configuring the relay.


Re: Problems starting relay

2008-11-02 Thread Geoff Down

Seems to be working now - with ORListenAddress .
Thanks to those who actually tried to help with suggestions, correct or 

On 2 Nov 2008, at 06:52, Jonathan Addington wrote:

On Sun, Nov 2, 2008 at 1:39 AM, Geoff Down <[EMAIL PROTECTED]> 

I'm not mirroring the directory server (yet) so I assume I don't need 

worry about the directory port.
I did enable UPnP on my router (temporarily) and tried the Test 
button in

the Vidalia Relay setup page, and it reported 'Success'. However, on
examining the Port Forwarding page, there was then no sign of a rule 
for Tor

or Vidalia.
I disabled UPnP after that.
I'm using OSX 10.3.9.
I went into the Firewall section of 'Sharing' and added a rule for 
"This is your firewall entry for Tor: it is currently on and all TCP 

traffic on port(s) 9001 is being let through".
Yet still I get
"[Warning] Your server (xx.xx.xx.xx:9001) has not managed to confirm 

its ORPort is reachable. Please check your firewalls, ports, address,
/etc/hosts file, etc"
My Port Forwarding rule (added manually) says
"Protocol TCP
Port Start 9001
Port End 9001
Port Map 9001"
 Is there a way I can check the Port Forwarding independently of Tor?


On 2 Nov 2008, at 05:54, [EMAIL PROTECTED] wrote:

On Sun, Nov 02, 2008 at 05:45:40AM +, [EMAIL PROTECTED] 
wrote 3.5K

bytes in 113 lines about:

I downloaded the Vidlalia/Tor/Privoxy bundle all together.

Then all you need to do to run a relay is configure one via the 

"Setup Relaying" button in the Vidalia Control Panel.
Tor will generally figure out the rest.

If your router supports upnp, Vidalia will attempt to configure any 

forwarding for you.

If not, then yes, you need to port forward your orport and dirport 
the external router to your machine.  If for some reason you use the 

firewall, you'll also need to open the tcp ports for the orport and
dirport.  If you are using 10.5 (leopard), when you configure a relay
through vidalia, the system should ask you to allow or deny the 


The easiest next step may be to start with a fresh torrc and let 

do the work of configuring the relay.


First, take any advice from Phobos before mine.

Second, I opened up Vidialia on my computer (I'm old school and
usually do this in a text editor); under sharing what is the Relay
Port set to? Is it the same as what your router currently has
configured? I *think* the default (under Vidalia 0.1.9) is 443, not
9050. Make sure your router reflects that.

Finally, note what Phobos said above about using the OSX firewall. It
could be getting in the way (says the guy who only runs Windows &


Problem with dynamic IP

2008-11-03 Thread Geoff Down

 the Tor FAQs mentions bugginess with how Tor detects the IP of a relay 
when it isn't fixed.
I think I have this problem - the logs show Tor changing the IP it 
advertises to the world for the ORPort even though my IP has not in 
fact changed:

Nov 04 03:47:29.242 [Notice] Our IP Address has changed from xxx to 
yyy; rebuilding descriptor.
Nov 04 03:56:44.210 [Notice] Self-testing indicates your ORPort is 
reachable from the outside. Excellent. Publishing server descriptor.
Nov 04 04:17:58.142 [Notice] Our IP Address has changed from yyy to 
xxx; rebuilding descriptor.
Nov 04 04:19:05.460 [Notice] Self-testing indicates your ORPort is 
reachable from the outside. Excellent. Publishing server descriptor.

Nov 04 04:19:37.005 [Notice] Performing bandwidth self-test...done.
Nov 04 04:38:19.808 [Notice] Our IP Address has changed from xxx to 
yyy; rebuilding descriptor.
Nov 04 04:43:44.802 [Notice] Self-testing indicates your ORPort is 
reachable from the outside. Excellent. Publishing server descriptor.

Here yyy is the false IP - odd that it is supposedly reachable from the 
outside world.
The false IP is however on the right network, and could be one I had 
earlier in the day/week/month. Any idea how to stop this happening 
please? It's Tor (r16744) MacOSX 10.3.9.
 Also, I'm advised to back up my relay's private key 'stored in 
"keys/secret_id_key" in your DataDirectory' . Where is that? I don't 
have a DataDirectory defined in the torrc.


Re: Suggestion: Support UPNP

2008-11-07 Thread Geoff Down
As long as you disable UPnP afterwards to protect your router from  
drive-by attacks.

On 7 Nov 2008, at 13:52, CyberRax wrote:

What version are you using? Atleast 0.1.9 on Windows does have UPnP  
support, the "attempt to automatically configure port forwarding" on  
Sharing screen does just that - use UPnP to forward the configured  
or/dir ports.  
___ Sent by  
ePrompter, the premier email notification software. Free download at  

Re: any middlemen seeing DoS currently?

2008-11-07 Thread Geoff Down
My PC crashed overnight a couple of times now with a relay running - is 
this the same thing?

OSX 10.3.9 Vidalia 0.1.9 Tor r16744

On 7 Nov 2008, at 18:25, Martin Hodge wrote:

Same at IdentityHog.  Number of TCP connections steadily increased to 
~10k and then the server crashed.  I have unfortunately had to shut it 
down for now.

Eugen Leitl wrote:

I've seen continuous table state increase since about >3.5 hours.
It went up from 1 k baseline to 5 k.
Anyone else seeing this? Any alternative explanation to DoS? (ISP

Crashing relay (was any middlemen seeing DoS currently?)

2008-11-07 Thread Geoff Down

Is there anything, in simple terms, that I can do to stop this?
Bear in mind please that I'm an expert neither in Tor nor OSX, but I 
would like to contribute to the network. My torrc is the bare minimum 
generated by the Vidalia interface, apart from my specifying my Address 
to avoid a bug with my dynamic IP (I posted previously under thread 
'Problem with dynamic IP').

On 7 Nov 2008, at 19:51, Eugen Leitl wrote:

On Fri, Nov 07, 2008 at 07:52:06PM +0100, Olaf Selke wrote:

Geoff Down wrote:
My PC crashed overnight a couple of times now with a relay running - 

this the same thing?

my tor process' workspace increased from about 400 MB to 1200 MB over
the last hours. Fortuntely anonymizer.blutmagie.de is equipped with 4 


Here's the plot from the state table (see URL). The horizontal
line at 5 k is when the firewall's (128 kByte RAM, WRAP) state table
ran over until I increased them by a factor of 6. The vertical lines
were manual flushes.


The server sees some 25 GBytes/day traffic.

Eugen* Leitl http://leitl.org";>leitl http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

- End forwarded message -
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

Fwd: Problem with dynamic IP

2008-11-09 Thread Geoff Down

I found the keys, they're in ~/.tor/keys .
The dynamic IP problem persists.
Begin forwarded message:

From: Geoff Down <[EMAIL PROTECTED]>
Date: 4 November 2008 04:53:21 GMT
To: or-talk@freehaven.net
Subject: Problem with dynamic IP
Reply-To: or-talk@freehaven.net

 the Tor FAQs mentions bugginess with how Tor detects the IP of a 
relay when it isn't fixed.
I think I have this problem - the logs show Tor changing the IP it 
advertises to the world for the ORPort even though my IP has not in 
fact changed:

Nov 04 03:47:29.242 [Notice] Our IP Address has changed from xxx to 
yyy; rebuilding descriptor.
Nov 04 03:56:44.210 [Notice] Self-testing indicates your ORPort is 
reachable from the outside. Excellent. Publishing server descriptor.
Nov 04 04:17:58.142 [Notice] Our IP Address has changed from yyy to 
xxx; rebuilding descriptor.
Nov 04 04:19:05.460 [Notice] Self-testing indicates your ORPort is 
reachable from the outside. Excellent. Publishing server descriptor.

Nov 04 04:19:37.005 [Notice] Performing bandwidth self-test...done.
Nov 04 04:38:19.808 [Notice] Our IP Address has changed from xxx to 
yyy; rebuilding descriptor.
Nov 04 04:43:44.802 [Notice] Self-testing indicates your ORPort is 
reachable from the outside. Excellent. Publishing server descriptor.

Here yyy is the false IP - odd that it is supposedly reachable from 
the outside world.
The false IP is however on the right network, and could be one I had 
earlier in the day/week/month. Any idea how to stop this happening 
please? It's Tor (r16744) MacOSX 10.3.9.
 Also, I'm advised to back up my relay's private key 'stored in 
"keys/secret_id_key" in your DataDirectory' . Where is that? I don't 
have a DataDirectory defined in the torrc.


Version deprecated?

2008-11-10 Thread Geoff Down

This is new in the last day or so:
'Nov 10 16:24:16.973 [Notice] This version of Tor ( is newer  
than any recommended version in its series, according to the directory  
authorities. Recommended versions are:,,,,,, 
alpha '

 Since I got it in the Vidalia/Privoxy/Tor bundle, this seems odd.
The version at https://www.torproject.org/download.html.en hasn't  


Re: any middlemen seeing DoS currently?

2008-11-11 Thread Geoff Down

Crashed again after only 2 hours:
This was about 20 minutes beforehand,
0.0  1.639784  10400  ??  S 4:03AM   1:32.40

Nov 11 04:03:06.129 [Notice] Tor v0.2.0.31 (r16744). This is 
experimental software. Do not rely on it for strong anonymity. (Running 
on Darwin Power Macintosh)
Nov 11 04:03:06.177 [Notice] Initialized libevent version 1.4.7-stable 
using method kqueue. Good.

Nov 11 04:03:06.198 [Notice] Opening OR listener on
Nov 11 04:03:06.219 [Notice] Opening Socks listener on
Nov 11 04:03:06.299 [Notice] Opening Control listener on
Nov 11 04:04:23.566 [Notice] Self-testing indicates your ORPort is 
reachable from the outside. Excellent. Publishing server descriptor.

Nov 11 04:04:53.299 [Notice] Performing bandwidth self-test...done.
Nov 11 06:05:20.894 [Notice] We tried for 15 seconds to connect to 
'[scrubbed]' using exit 'johndoe'. Retrying on a new circuit.

Should I be logging at info level? It's a lot of data...

On 10 Nov 2008, at 03:19, Nick Mathewson wrote:

On Fri, Nov 07, 2008 at 01:38:28PM +0100, Eugen Leitl wrote:

I've seen continuous table state increase since about >3.5 hours.
It went up from 1 k baseline to 5 k.

Anyone else seeing this? Any alternative explanation to DoS? (ISP

Judging by the timing, I'd think it might be related to a bug we only
uncovered on Friday.  Why Friday?  That was the first time that a
directory authority's certificate expired before it could be replaced.
The bug was that clients repeatedly asked directory caches for a new
certificate over and over, without noticing that they were getting
something expired and deciding to wait for a while.

That bug should be fixed in newer versions of Tor.  Also, all the
authority operators should (if we can make them) get way more careful
about checking certificate expiry times.


Tor cleverness?

2008-11-17 Thread Geoff Down

two questions:
I renamed (with 'mv') the file I was sending Tor logs to whilst Tor was 

I actually moved it to a different directory.
The log data kept being written to that file. How?

Secondly, does sending a USR2 signal to Tor (r16744) switch on 
debug level logging as stated in the manual? I've tried it and it seems 
not to work - except I got some debug-level entries after I sent a 
shutdown signal.


Re: Tor cleverness?

2008-11-17 Thread Geoff Down
Oh yes, restarting does break the link, I just wondered how the link 
persisted after a name change. Perhaps this is a normal feature of OSX, 
I'm no expert.

On 17 Nov 2008, at 19:06, zmj wrote:

for the first question:
maybe you should restart Tor

On Tue, Nov 18, 2008 at 2:54 AM, Geoff Down <[EMAIL PROTECTED]> 

 two questions:
 I renamed (with 'mv') the file I was sending Tor logs to whilst Tor 
was running.

 I actually moved it to a different directory.
 The log data kept being written to that file. How?

 Secondly, does sending a USR2 signal to Tor (r16744) switch 
on debug level logging as stated in the manual? I've tried it and it 
seems not to work - except I got some debug-level entries after I 
sent a shutdown signal.


Re: Tor cleverness?

2008-11-17 Thread Geoff Down

Thank you very much for the comprehensive replies.
On 17 Nov 2008, at 20:05, Seth David Schoen wrote:



I renamed (with 'mv') the file I was sending Tor logs to whilst Tor 

I actually moved it to a different directory.
The log data kept being written to that file. How?

unixoid OSes use file pointers which remain even when you do rm or 

So mv does not change writing to an open file.

There's some more discussion of this kind of thing at


Notably, on Unix-like systems including Linux and Mac OS X, a file can
have multiple names or no names at all and still be the "same file",
because the notion of the identity of a file is so thoroughly separated
from the notion of a filename.

Seth Schoen
Staff Technologist[EMAIL PROTECTED]
Electronic Frontier Foundationhttp://www.eff.org/
454 Shotwell Street, San Francisco, CA  94110 1 415 436 9333 x107

Re: They know I'm using a proxy(Tor)...but how?

2008-11-30 Thread Geoff Down
FYI when I was running a relay (not an exit node) I was blocked 
(dynamically) from one site at least, presumably using the list at 
Moria. Unfair.

On 1 Dec 2008, at 06:03, Karsten N. wrote:

Hi gregery,

torproject.org supports two solution, to help webmasters to protect
theire service for anonymous missuse.

1: Have a look at https://www.torproject.org/tordnsel
   It is a dynamic DNSBL with all tor exit nodes.

2: https://check.torproject.org/ offers an dynamic list
   of all tor exit nodes, which can connect to a webserver.
   (xx.xx.xx.xx has to be replaced by the IP of the webserver)


Both service are using a IP list of tor exit nodes. Your settings in
your browser are ok.

Karsten N.

gregery schrieb:

Hey all,

I am trying to register at a website forum and I get an error message
when I try to register.  The message basically says that it seems I am
using an anonymous internet connection or a proxy.  The site is not
blocking Tor by exit-node because I get the same error message when I
try to register at the site while using a public high-anonymous elite
proxy (L1).  I think the forum administrator is using headers to 

if a new member is using a anonymous connection or not.

I use the current TorBrowser Bundle with current TorButton and
RefControl to spoof the referrer headers.  I also use vanilla Tor,
Vidalia and Privoxy with the same result.  I tired spoofing my
user-agent away from the default TorButton U-A settings, I spoofed as 

Mac, Firefox, IE, Opera, etc, all for not.

Does anyone know how I can circumvent this block?  I at least would 

to know what in my headers is setting off red flags as that means all
other Tor users in my anonymity set are potentially setting off red
flags too.

Thank you

Re: Tor is released

2008-12-04 Thread Geoff Down

Thank you, is a new version for OSX10.3.9 on the way?
On 4 Dec 2008, at 17:48, [EMAIL PROTECTED] wrote:

On Thu, Dec 04, 2008 at 12:34:16PM -0500, [EMAIL PROTECTED] wrote 4.4K  
bytes in 97 lines about:

For OS X users, there is a packaging bugfix in labelled as in the available packages.  It turns out for years we've been
shipping a Info.plist with an incorrect key.  The issue was discovered
and reported as bug 876,

The commit to fix the problem in the 0_2_0 branch is r17472:

The commit to fix the problem in the Vidalia 0.1 branch is r3361:

The bug is that the OS X Installer will prompt "The chosen volume
contains software which is newer then [sic] the software you are

The problem is that the Installer looks in the file
/Library/Receipts/Vidalia.pkg/Contents/Info.plist for
CFBundleShortVersionString.  We mistakenly called it
CFBundleSortVersionString, which Apple inserts "1" as the value.  The
upgrade to Vidalia from 0.1.9 to 0.1.10 apparently triggered the issue.

The fix is to put the correct value in place for the future.  The
simplest way to do this is to have the users click "Continue" when
prompted.  We could have spent a lot of time trying to fix it for the
user to hide the issue, but well, that is fraught with problems and
complexities.  A simple click of "Continue" is far simpler and less
error prone.

The difference between the released Tor code is the inclusion
of r17472.  It's not really per se, but since we lack package
versions, I had to distinguish it in some way.


Re: Tor is released

2008-12-04 Thread Geoff Down

That's a binary install?
I tried it (custom install without the startup script) but got a 'There 
were errors, try reinstalling' message. I's broken my old version
"dyld: /usr/bin/tor can't open library: 
/usr/local/lib/libevent-1.4.2.dylib  (No such file or directory, errno 
= 2)

Trace/BPT trap"
On 4 Dec 2008, at 18:07, [EMAIL PROTECTED] wrote:

On Thu, Dec 04, 2008 at 05:56:11PM +, [EMAIL PROTECTED] wrote 
1.8K bytes in 43 lines about:

Thank you, is a new version for OSX10.3.9 on the way?

Yes.  There is a tor-only package for 10.3.9 available at:

The vidalia bundle for PPC is coming shortly.  The machine I use to
make the ppc bundles is a G3 iMac.  Qt 4.4.3 takes 23 hours to compile,
assuming no errors.  It appears Qt 4.4.3 doesn't support 10.3.9 

so it has a slew of issues when compiling.  I'm compiling qt 4.4.1
right now (because 4.4.2 had lots of issues) and well, it has another
10 hours of compiling to go.


Re: Tor is released

2008-12-04 Thread Geoff Down

Standard install failed the same way.
When I tried to install
I got an 'unknown package error' before the install process began.
Fortunately the

still worked to restore the status-quo-ante.
On 4 Dec 2008, at 18:20, Geoff Down wrote:

That's a binary install?
I tried it (custom install without the startup script) but got a  
'There were errors, try reinstalling' message. I's broken my old  
"dyld: /usr/bin/tor can't open library:  
/usr/local/lib/libevent-1.4.2.dylib  (No such file or directory, errno  
= 2)

Trace/BPT trap"
On 4 Dec 2008, at 18:07, [EMAIL PROTECTED] wrote:

On Thu, Dec 04, 2008 at 05:56:11PM +, [EMAIL PROTECTED] wrote  
1.8K bytes in 43 lines about:

Thank you, is a new version for OSX10.3.9 on the way?

Yes.  There is a tor-only package for 10.3.9 available at:

The vidalia bundle for PPC is coming shortly.  The machine I use to
make the ppc bundles is a G3 iMac.  Qt 4.4.3 takes 23 hours to  
assuming no errors.  It appears Qt 4.4.3 doesn't support 10.3.9  

so it has a slew of issues when compiling.  I'm compiling qt 4.4.1
right now (because 4.4.2 had lots of issues) and well, it has another
10 hours of compiling to go.


Tor as a service OSX

2008-12-04 Thread Geoff Down

can anyone tell me how to uninstall the Tor startup script to prevent 
it running Tor as a background service in OSX 10.3.9 please? An 
unsuccessful attempt to upgrade has left me with this enabled.


Re: Tor as a service OSX

2008-12-04 Thread Geoff Down

If there's more to it than deleting /Library/StartupItems/Tor that is :)

On 5 Dec 2008, at 01:42, Geoff Down wrote:

can anyone tell me how to uninstall the Tor startup script to prevent 
it running Tor as a background service in OSX 10.3.9 please? An 
unsuccessful attempt to upgrade has left me with this enabled.


Re: Tor is released

2008-12-04 Thread Geoff Down

And thank you for responding so promptly and helpfully.
Whilst we're on distribution issues, the page
is offline
(referred to in the Tor wiki page on verifying signatures:  
It took me a while to work out whose key to download - in the end I got  
them all.

On 5 Dec 2008, at 02:29, [EMAIL PROTECTED] wrote:

On Fri, Dec 05, 2008 at 12:55:34AM +, [EMAIL PROTECTED] wrote  
1.5K bytes in 40 lines about:

Standard install failed the same way.

You found another packaging bug.  It's fixed.  The Tor PowerPC-only  
binary is

available at:


The issue didn't show up during testing because I had a test version of
libevent installed.  Libevent 1.4.8 is compiled and installed according
to the OS X build directions.  And on a clean OS X 10.3.9 system, the
"b" package installs correctly and without error.

Thanks for reporting the issue.


Re: Tor is released

2008-12-05 Thread Geoff Down

Hi Andrew,
I got the same 'Errors have occurred' message with the
 package: however, Tor does start up -
"Dec 05 08:40:05.209 [Notice] Tor v0.2.0.32 (r17346). This is 
experimental software. Do not rely on it for strong anonymity. (Running 
on Darwin Power Macintosh)
Dec 05 08:40:05.247 [Notice] Initialized libevent version 1.4.8-stable 
using method kqueue. Good.

Dec 05 08:40:05.248 [Notice] Opening Socks listener on
Dec 05 08:40:05.248 [Notice] Opening Control listener on 

and it's functional as a client.

Just one entry in console.log that looks relevant:
"2008-12-05 08:39:14.897 Installer[419] Exception raised during posting 
of notification.  Ignored.  exception: The postflight script in Tor 
failed. (code 126)"

On 5 Dec 2008, at 02:29, [EMAIL PROTECTED] wrote:

On Fri, Dec 05, 2008 at 12:55:34AM +, [EMAIL PROTECTED] wrote 
1.5K bytes in 40 lines about:

Standard install failed the same way.

You found another packaging bug.  It's fixed.  The Tor PowerPC-only 
binary is

available at:


The issue didn't show up during testing because I had a test version of
libevent installed.  Libevent 1.4.8 is compiled and installed according
to the OS X build directions.  And on a clean OS X 10.3.9 system, the
"b" package installs correctly and without error.

Thanks for reporting the issue.


Tor-Vidalia communication

2008-12-07 Thread Geoff Down

previously, if I started Vidalia when Tor was already running, I would 
be asked for the password.
Has this changed in ? The torrc's I use for Vidalia or for the 
command line are different (and therefore the passwords are different).


Re: Tor-Vidalia communication

2008-12-08 Thread Geoff Down
OSX10.3.9 , and yes, I was able to change identity, see the network map 

On 8 Dec 2008, at 06:51, Jon wrote:

Hash: SHA1

Geoff Down wrote:

previously, if I started Vidalia when Tor was already running, I
would be asked for the password.
Has this changed in ? The torrc's I use for Vidalia or for
the command line are different (and therefore the passwords are


What operating system, and is vidalia successfully communicating with
one instance or the other when you are *not* prompted for the pass?

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Re: Tor-Vidalia communication

2008-12-12 Thread Geoff Down

Should I raise this as a bug at Flyspray?
Vidalia can see relay status etc, and shut down Tor without the 
password being entered.

They are both running as the same user however.
On 8 Dec 2008, at 12:26, Geoff Down wrote:

OSX10.3.9 , and yes, I was able to change identity, see the network 
map etc.

On 8 Dec 2008, at 06:51, Jon wrote:

Hash: SHA1

Geoff Down wrote:

previously, if I started Vidalia when Tor was already running, I
would be asked for the password.
Has this changed in ? The torrc's I use for Vidalia or for
the command line are different (and therefore the passwords are


What operating system, and is vidalia successfully communicating with
one instance or the other when you are *not* prompted for the pass?

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Re: Tor-Vidalia communication

2008-12-13 Thread Geoff Down

On 13 Dec 2008, at 02:02, Jon wrote:

Hash: SHA1

Geoff Down wrote:

Should I raise this as a bug at Flyspray? Vidalia can see relay
status etc, and shut down Tor without the password being entered.
They are both running as the same user however. GD On 8 Dec 2008,
at 12:26, Geoff Down wrote:

OSX10.3.9 , and yes, I was able to change identity, see the
network map etc. GD On 8 Dec 2008, at 06:51, Jon wrote:

Geoff Down wrote:

Hi, previously, if I started Vidalia when Tor was already
running, I would be asked for the password. Has this
changed in ? The torrc's I use for Vidalia or for
the command line are different (and therefore the passwords
are different).


What operating system, and is vidalia successfully communicating
with one instance or the other when you are *not* prompted for the


It might do in the bug system yes, but I'm not actually sure if it
goes into trac or flyspray actually.  I wanted to help localize it
first.  Actually, I thought you were running two tor processes at the
same time, and I was wondering which one it connected?


Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


No, just the one process, started at the command line. Then starting up 
Vidalia, it connects to that process and has control over it. It 
doesn't start a second copy. That was the behaviour before the change 
to as well, but it did prompt for a password back then.