[tor-commits] [community/staging] better strings for l10n. please add one sentence per line.
commit d8e9c59d9311e93045db94c491a8615523a33bf8 Author: emma peel Date: Thu Oct 31 15:41:39 2019 +0100 better strings for l10n. please add one sentence per line. --- content/user-research/contents.lr | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/content/user-research/contents.lr b/content/user-research/contents.lr index 2ad1aeb..31b93ef 100644 --- a/content/user-research/contents.lr +++ b/content/user-research/contents.lr @@ -20,4 +20,7 @@ body: ## We respect our users' privacy when we conduct research. -We practice human-centered design when we build tools for internet freedom. The way we build tools also builds community. Our user research is founded on the premises of consent, respect, and empathy. You can make an impact in your community by learning from our methods and helping us with user research. +We practice human-centered design when we build tools for internet freedom. +The way we build tools also builds community. +Our user research is founded on the premises of consent, respect, and empathy. +You can make an impact in your community by learning from our methods and helping us with user research. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [community/staging] better strings for l10n
commit 5d985dbcaabaef9f6a1f6a1273ca8ad0e06ece3e Author: emma peel Date: Sat Oct 12 11:56:59 2019 +0200 better strings for l10n --- content/onion-services/overview/contents.lr | 26 ++ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/content/onion-services/overview/contents.lr b/content/onion-services/overview/contents.lr index 330dea4..1122aa1 100644 --- a/content/onion-services/overview/contents.lr +++ b/content/onion-services/overview/contents.lr @@ -16,7 +16,8 @@ html: two-columns-page.html --- body: -Onion services are services that can only be accessed over Tor. Running an onion service gives your users all the security of HTTPS with the added privacy benefits of Tor Browser. +Onion services are services that can only be accessed over Tor. +Running an onion service gives your users all the security of HTTPS with the added privacy benefits of Tor Browser. ## Why onion services? @@ -29,32 +30,41 @@ Onion services are an overlay network on top of TCP/IP, so in some sense IP addr ### End-to-end authentication -When a user visits a particular onion, they know that the content they are seeing can only come from that particular onion. No impersonation is possible, which is generally not the case. Usually, reaching a website does not mean that a man-in-the-middle did not reroute to some other location (e.g. DNS attacks). +When a user visits a particular onion, they know that the content they are seeing can only come from that particular onion. +No impersonation is possible, which is generally not the case. +Usually, reaching a website does not mean that a man-in-the-middle did not reroute to some other location (e.g. DNS attacks). ### End-to-end encryption -Onion service traffic is encrypted from the client to the onion host. This is like getting strong SSL/HTTPS for free. +Onion service traffic is encrypted from the client to the onion host. +This is like getting strong SSL/HTTPS for free. ### NAT punching -Is your network filtered and you can't open ports on your firewall? This could happen if you are in a university campus, an office, an airport, or pretty much anywhere. Onion services don't need open ports because they punch through NAT. They only establish outgoing connections. +Is your network filtered and you can't open ports on your firewall? +This could happen if you are in a university campus, an office, an airport, or pretty much anywhere. +Onion services don't need open ports because they punch through NAT. They only establish outgoing connections. ## The Onion Service Protocol: Overview -Now the question becomes **what kind of protocol is needed to achieve all these properties?** Usually, people connect to an IP address and are done, but how can you connect to something that does not have an IP address? +Now the question becomes **what kind of protocol is needed to achieve all these properties?** +Usually, people connect to an IP address and are done, but how can you connect to something that does not have an IP address? In particular, an onion service's address looks like this: `vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion` -This looks weird and random because it's the _identity public key_ of the onion service. That's one of the reasons we can achieve the security properties above. +This looks weird and random because it's the _identity public key_ of the onion service. +That's one of the reasons we can achieve the security properties above. -The onion service protocol uses the Tor network so that the client (Alice) can introduce itself to the service (Bob), and then set up a rendezvous point with the service over the Tor network. Here is a detailed breakdown of how this happens: +The onion service protocol uses the Tor network so that the client (Alice) can introduce itself to the service (Bob), and then set up a rendezvous point with the service over the Tor network. +Here is a detailed breakdown of how this happens: ### Act 1: Where the onion service sets up its introduction points  -As the first step in the protocol, Bob (the onion service) contacts a bunch of Tor relays and asks them to act as his _introduction points_, by establishing long-term circuits to them. These circuits are anonymized circuits, so Bob does not reveal his locations to his introduction points. +As the first step in the protocol, Bob (the onion service) contacts a bunch of Tor relays and asks them to act as his _introduction points_, by establishing long-term circuits to them. +These circuits are anonymized circuits, so Bob does not reveal his locations to his introduction points. As part of this step, Bob gives its introduction point a special "authentication key", so that if any clients come for introductions later the introduction point can use that key to match them to Bob.
[tor-commits] [community/staging] better strings for l10n, layout, trailing spaces
commit 5b7a3f1509fc331fe7a444eb7f2ac63c9bbb7ad6 Author: gus Date: Tue Sep 3 12:00:52 2019 -0400 better strings for l10n, layout, trailing spaces --- content/outreach/contents.lr | 3 ++- content/training/faq/contents.lr | 8 +--- content/training/risks/contents.lr | 22 +++--- content/user-testing/current/contents.lr | 4 ++-- 4 files changed, 24 insertions(+), 13 deletions(-) diff --git a/content/outreach/contents.lr b/content/outreach/contents.lr index e6d65ef..8e7206a 100644 --- a/content/outreach/contents.lr +++ b/content/outreach/contents.lr @@ -20,4 +20,5 @@ body: ##Tell the world about Tor -We love it when people bring information about Tor to their community events, conferences, and meetups. We've curated some beautiful materials for sharing in-person and on social media we welcome you to use. \ No newline at end of file +We love it when people bring information about Tor to their community events, conferences, and meetups. +We've curated some beautiful materials for sharing in-person and on social media we welcome you to use. diff --git a/content/training/faq/contents.lr b/content/training/faq/contents.lr index f305b85..69a2d72 100644 --- a/content/training/faq/contents.lr +++ b/content/training/faq/contents.lr @@ -4,10 +4,12 @@ title: Tor Training FAQ --- body: -After running a couple of Tor training, you will find out that first time users have some similar questions about Tor. Here we aggregate the most frequent questions that we listened during our training sessions and you must be aware before running your training. For an extensive resource check [Support portal](https://support.torproject.org). +After running a couple of Tor training, you will find out that first time users have some similar questions about Tor. +Here we aggregate the most frequent questions that we listened during our training sessions and you must be aware before running your training. +For an extensive resource check [Support portal](https://support.torproject.org). * [Why is it called Tor?](https://support.torproject.org/about/why-is-it-called-tor/) - * [Does using Tor Browser protect other applications on my computer?](https://support.torproject.org/tbb/tbb-13/) + * [Does using Tor Browser protect other applications on my computer?](https://support.torproject.org/tbb/tbb-13/) * [Using Tor with a VPN is more secure?](https://support.torproject.org/faq/faq-5/) * [Can I browse normal HTTPS sites with Tor?](https://support.torproject.org/https/https-2/) * [Is it possible to find out the path that a client is taking on the Tor Network?](https://support.torproject.org/misc/misc-1/) @@ -34,4 +36,4 @@ section_id: training --- subtitle: -You probably should know these answers before teaching about Tor +You probably should know these answers before teaching about Tor diff --git a/content/training/risks/contents.lr b/content/training/risks/contents.lr index 6da1774..c1fea57 100644 --- a/content/training/risks/contents.lr +++ b/content/training/risks/contents.lr @@ -4,17 +4,22 @@ title: Risks --- body: -To our knowledge, no Tor trainer has ever faced consequences as a result of training others or speaking about Tor. However, in some countries and in certain circumstances, it's possible that a simply gathering of human rights defenders could be very risky, illegal or even subject of imprisonment, physical assaults, large fines, threats, placement on government watch lists and targeting for surveillance. +To our knowledge, no Tor trainer has ever faced consequences as a result of training others or speaking about Tor. +However, in some countries and in certain circumstances, it's possible that a simply gathering of human rights defenders could be very risky, illegal or even subject of imprisonment, physical assaults, large fines, threats, placement on government watch lists and targeting for surveillance. If you want to run a Tor training for the first time and you don't know how to assess the political and social environment, we strongly encourage you read this document and, in case of doubt, to reach out Tor Community Team privately. -Some of potential risks of running a digital security training are only valid in specific contexts. Therefore the potential risks associated to running a Tor training depend on: +Some of potential risks of running a digital security training are only valid in specific contexts. +Therefore the potential risks associated to running a Tor training depend on: 1. **Your threat model.** A high-profile activist already under a lot of surveillance, for example, might attract more attention when reaching out other activists to run a digital security training. 2. **The laws and regulations in the country.** Best to consult with local lawyers and local freedom of expression organizations, and learn whether your country has a record in prosecuting individuals engaging in similar
[tor-commits] [community/staging] better strings for l10n
commit 176c87e00c097a951d65d60a29c43c9b7e28fb38 Author: emma peel Date: Sun Aug 25 16:39:09 2019 +0200 better strings for l10n --- .../bridge/debian-ubuntu/contents.lr | 31 +++--- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/content/relay-operations/technical-setup/bridge/debian-ubuntu/contents.lr b/content/relay-operations/technical-setup/bridge/debian-ubuntu/contents.lr index cf83c8d..e68a4da 100644 --- a/content/relay-operations/technical-setup/bridge/debian-ubuntu/contents.lr +++ b/content/relay-operations/technical-setup/bridge/debian-ubuntu/contents.lr @@ -12,11 +12,12 @@ Get the latest version of Tor. If you're on Debian stable, `sudo apt-get install ### 2. Install obfs4proxy -On [Debian](https://packages.debian.org/search?keywords=obfs4proxy), the `obfs4proxy` package is available in unstable, testing, and stable. On [Ubuntu](https://packages.ubuntu.com/search?keywords=obfs4proxy), bionic, cosmic, disco, and eoan have the package. If you're running any of them, `sudo apt-get install obfs4proxy` should work. +On [Debian](https://packages.debian.org/search?keywords=obfs4proxy), the `obfs4proxy` package is available in unstable, testing, and stable. +On [Ubuntu](https://packages.ubuntu.com/search?keywords=obfs4proxy), bionic, cosmic, disco, and eoan have the package. +If you're running any of them, `sudo apt-get install obfs4proxy` should work. If not, you can [build it from source](https://gitlab.com/yawning/obfs4#installation). - ### 3. Edit your Tor config file, usually located at `/etc/tor/torrc` and replace its content with: ``` @@ -30,41 +31,39 @@ ORPort TODO ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy -# Replace "TODO" with an obfs4 port of your choice. This port must be -# externally reachable. Avoid port 9001 because it's commonly associated with -# Tor and censors may be scanning the Internet for this port. +# Replace "TODO" with an obfs4 port of your choice. This port must be externally reachable. +# Avoid port 9001 because it's commonly associated with Tor and censors may be scanning the Internet for this port. ServerTransportListenAddr obfs4 0.0.0.0:TODO # Local communication port between Tor and obfs4. Always set this to "auto". -# "Ext" means "extended", not "external". Don't try to set a specific port -# number, nor listen on 0.0.0.0. +# "Ext" means "extended", not "external". Don't try to set a specific port number, nor listen on 0.0.0.0. ExtORPort auto -# Replace "" with your email address so we can contact you if -# there are problems with your bridge. This is optional but encouraged. +# Replace "" with your email address so we can contact you if there are problems with your bridge. +# This is optional but encouraged. ContactInfo # Pick a nickname that you like for your bridge. This is optional. Nickname PickANickname ``` +Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`, and `Nickname` options. - Don't forget to change the `ORPort`, `ServerTransportListenAddr`, `ContactInfo`, and `Nickname` options. - -* If you decide to use a fixed obfs4 port smaller than 1024 (for example 80 or 443), you will need to give obfs4 `CAP_NET_BIND_SERVICE` capabilities to bind the port with a non-root user: - +* If you decide to use a fixed obfs4 port smaller than 1024 (for example 80 or 443), you will need to give obfs4 `CAP_NET_BIND_SERVICE` capabilities to bind the port with a non-root user: -`sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy` + `sudo setcap cap_net_bind_service=+ep /usr/bin/obfs4proxy` * Under Debian, you will also need to set `NoNewPrivileges=no` in `/lib/systemd/system/tor@default.service` and `/lib/systemd/system/tor@.service` and then run `systemctl daemon-reload`. (see [bug #18356](https://trac.torproject.org/projects/tor/ticket/18356)) -* Note that both Tor's OR port and its obfs4 port must be reachable. If your bridge is behind a firewall or NAT, make sure to open both ports. You can use [our reachability test](https://bridges.torproject.org/scan/) to see if your obfs4 port is reachable from the Internet. +* Note that both Tor's OR port and its obfs4 port must be reachable. + If your bridge is behind a firewall or NAT, make sure to open both ports. + You can use [our reachability test](https://bridges.torproject.org/scan/) to see if your obfs4 port is reachable from the Internet. ### 4. Restart tor `systemctl restart tor` -### 5. Monitor your logs +### 5. Monitor your logs To confirm your bridge is running with no issues, you should see something like this (usually in `/var/log/tor/log` or `/var/log/syslog`): ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [community/staging] better strings for l10n
commit fe03ea8d27c30b76c0f52740c28ecef32c04aaa7 Author: emma peel Date: Wed Aug 21 19:34:03 2019 +0200 better strings for l10n --- content/relay-operations/community-resources/contents.lr | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/content/relay-operations/community-resources/contents.lr b/content/relay-operations/community-resources/contents.lr index 440aa3a..313199d 100644 --- a/content/relay-operations/community-resources/contents.lr +++ b/content/relay-operations/community-resources/contents.lr @@ -86,7 +86,8 @@ Some organizations running Tor relays include Digital Courage, [Access Now](http # Bad relays -A bad relay is one that either do not work properly or tamper with our users' connections. This can be either through maliciousness or misconfiguration. Many bad relays are caught thanks to our wider community, so many thanks for all your help and vigilance! Learn how you can report [bad relays](bad-relays). +A bad relay is one that either do not work properly or tamper with our users' connections. This can be either through maliciousness or misconfiguration. +Many bad relays are caught thanks to our wider community, so many thanks for all your help and vigilance! Learn how you can report [bad relays](bad-relays). # Other resources ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [community/staging] better strings for l10n
commit 8dafac6672754e120e1a36721b735d1d45140108 Author: emma peel Date: Wed Jul 31 18:14:09 2019 +0200 better strings for l10n --- content/onion-services/overview/contents.lr| 33 ++--- .../tor-relay-universities/contents.lr | 82 +- .../technical-setup/exit/contents.lr | 6 +- 3 files changed, 91 insertions(+), 30 deletions(-) diff --git a/content/onion-services/overview/contents.lr b/content/onion-services/overview/contents.lr index 1974a0b..b8dd03f 100644 --- a/content/onion-services/overview/contents.lr +++ b/content/onion-services/overview/contents.lr @@ -63,39 +63,50 @@ As part of this step, Bob gives its introduction point a special "authentication Now that the introduction points are setup, we need to create a way for clients to be able to find them. -For this reason, Bob assembles an _onion service descriptor_, containing a list of his introduction points (and their "authentication keys"), and signs this descriptor with his _identity private key_. The _identity private key_ used here is the private part of the **public key that is encoded in the onion service address**. +For this reason, Bob assembles an _onion service descriptor_, containing a list of his introduction points (and their "authentication keys"), and signs this descriptor with his _identity private key_. +The _identity private key_ used here is the private part of the **public key that is encoded in the onion service address**. -Now, Bob uploads that signed descriptor to a _distributed hash table_ which is part of the Tor network, so that clients can also get it. Bob uses an anonymized Tor circuit to do this upload, so that he does not reveal his location. +Now, Bob uploads that signed descriptor to a _distributed hash table_ which is part of the Tor network, so that clients can also get it. +Bob uses an anonymized Tor circuit to do this upload, so that he does not reveal his location. ### Act 3: Where a client wants to visit the onion service -All the previous steps were just setup for the onion service so that it's reachable by clients. Now let's fast-forward to the point where an actual client wants to visit the service: +All the previous steps were just setup for the onion service so that it's reachable by clients. +Now let's fast-forward to the point where an actual client wants to visit the service:  -In this case, Alice (the client) has the onion address of Bob and she wants to visit it, so she connects to it with her Tor Browser. Now the next thing that needs to happen is that Alice goes to the _distributed hash table_ from the step above, and ask for the signed descriptor of Bob. +In this case, Alice (the client) has the onion address of Bob and she wants to visit it, so she connects to it with her Tor Browser. +Now the next thing that needs to happen is that Alice goes to the _distributed hash table_ from the step above, and ask for the signed descriptor of Bob. -When Alice receives the signed descriptor she verifies the signature of the descriptor using the public key that is encoded in the onion address. This provides the _end-to-end authentication_ security property, since we are now sure that this descriptor could only be produced by Bob and no one else. And inside the descriptor there are the introduction points which allow Alice to introduce herself to Bob. +When Alice receives the signed descriptor she verifies the signature of the descriptor using the public key that is encoded in the onion address. +This provides the _end-to-end authentication_ security property, since we are now sure that this descriptor could only be produced by Bob and no one else. +And inside the descriptor there are the introduction points which allow Alice to introduce herself to Bob. ### Act 4: Where the client establishes a rendezvous point -Now before the introduction takes place, Alice picks a Tor relay and establishes a circuit to it. Alice asks the relay to become her _rendezvous point_ and gives it an "one-time secret" that will be used as part of the rendezvous procedure. +Now before the introduction takes place, Alice picks a Tor relay and establishes a circuit to it. +Alice asks the relay to become her _rendezvous point_ and gives it an "one-time secret" that will be used as part of the rendezvous procedure. ### Act 5: Where the client introduces itself to the onion service  -Now, Alice goes ahead and connects to one of Bob's introduction points and introduces herself to Bob. Through this introduction Bob learns Alice's choice of rendezvous point and the "one-time secret". +Now, Alice goes ahead and connects to one of Bob's introduction points and introduces herself to Bob. +Through this introduction Bob learns Alic
[tor-commits] [community/staging] better strings for l10n
commit 7578c61e3a07aa3367ee796d8b561089a0b4d323 Author: emma peel Date: Wed Jul 24 16:34:22 2019 +0200 better strings for l10n --- .../tor-abuse-templates/contents.lr| 272 - .../tor-exit-guidelines/contents.lr| 36 ++- 2 files changed, 123 insertions(+), 185 deletions(-) diff --git a/content/relay-operations/community-resources/tor-abuse-templates/contents.lr b/content/relay-operations/community-resources/tor-abuse-templates/contents.lr index e57afb2..949df7f 100644 --- a/content/relay-operations/community-resources/tor-abuse-templates/contents.lr +++ b/content/relay-operations/community-resources/tor-abuse-templates/contents.lr @@ -6,15 +6,21 @@ body: # Before You Start -The best way to handle abuse complaints is to set up your exit node so that they are less likely to be sent in the first place. Please see [Tips for Running an Exit Node with Minimal Harassment](https://blog.torproject.org/running-exit-node) and [Tor Exit Guidelines](tor-exit-guidelines) for more info, before reading this document. +The best way to handle abuse complaints is to set up your exit node so that they are less likely to be sent in the first place. +Please see [Tips for Running an Exit Node with Minimal Harassment](https://blog.torproject.org/running-exit-node) and [Tor Exit Guidelines](tor-exit-guidelines) for more info, before reading this document. Below are a collection of letters you can use to respond to your ISP about their complaint in regards to your Tor exit server. ## Format and Philosophy of Templates -The general format of these templates is to inform the complaintant about Tor, to help them to find a solution to their particular issue that works in general for the Internet at large (open wifi, open proxies, botnets, etc), and barring all else, how to block Tor. The philosophy of the Tor Project is that abuse should be handled proactively by the site administrators, rather than wasting effort and resources on seeking vengeance and chasing ghosts. +The general format of these templates is to inform the complaintant about Tor, to help them to find a solution to their particular issue that works in general for the Internet at large (open wifi, open proxies, botnets, etc), and barring all else, how to block Tor. +The philosophy of the Tor Project is that abuse should be handled proactively by the site administrators, rather than wasting effort and resources on seeking vengeance and chasing ghosts. -The difference between the proactive approach and the reactive approach to abuse is the difference between decentralized fault-tolerant Internet freedom, and fragile, corruptible totalitarian control. To further preach to the choir, the identity-based Internet "driver's licenses" of South Korea and China have done nothing to curtail cybercrime and Internet abuse. In fact, all [objective evidence](http://boingboing.net/2011/08/12/south-korea-to-abandon-real-name-internet-policy.html) seems to indicate that it has only created new markets for organized crime to preside over. This is the core idea that these abuse complaint templates attempt to instil in the recipient. Feel free to improve them if you feel they fall short of this goal. +The difference between the proactive approach and the reactive approach to abuse is the difference between decentralized fault-tolerant Internet freedom, and fragile, corruptible totalitarian control. +To further preach to the choir, the identity-based Internet "driver's licenses" of South Korea and China have done nothing to curtail cybercrime and Internet abuse. +In fact, all [objective evidence](http://boingboing.net/2011/08/12/south-korea-to-abandon-real-name-internet-policy.html) seems to indicate that it has only created new markets for organized crime to preside over. +This is the core idea that these abuse complaint templates attempt to instil in the recipient. +Feel free to improve them if you feel they fall short of this goal. All templates should include the Common Boilerplate below, and append some additional paragraphs depending on the specific Scenario. @@ -24,52 +30,37 @@ All templates should include the Common Boilerplate below, and append some addit The IP address in question is a Tor exit node. https://www.torproject.org/overview.html -There is little we can do to trace this matter further. As can be seen -from the overview page, the Tor network is designed to make tracing of -users impossible. The Tor network is run by some 5000 volunteers who -use the free software provided by the Tor Project to run Tor routers. -Client connections are routed through multiple relays, and are -multiplexed together on the connections between relays. The system -does not record logs of client connections or previous hops. - -This is because the Tor network is a censorship resistance, privacy, -and anonymity system used by whistle blowers, journalists, Chinese -dissident
[tor-commits] [community/staging] better strings for l10n
commit 17968159ffdc39db72da04482b44cf78f8747ac4 Author: emma peel Date: Fri Jun 14 09:03:40 2019 +0200 better strings for l10n --- content/training/best-practices/contents.lr | 39 ++--- content/training/contents.lr| 6 +++-- 2 files changed, 28 insertions(+), 17 deletions(-) diff --git a/content/training/best-practices/contents.lr b/content/training/best-practices/contents.lr index 09e08aa..1f9fced 100644 --- a/content/training/best-practices/contents.lr +++ b/content/training/best-practices/contents.lr @@ -20,13 +20,16 @@ html: two-columns-page.html --- body: -Running security trainings is a fun and rewarding way to help your community conduct human rights work safely. Good preparation is essential to an effective and safe training, so we've curated some resources to help you make the most of your training event. +Running security trainings is a fun and rewarding way to help your community conduct human rights work safely. +Good preparation is essential to an effective and safe training, so we've curated some resources to help you make the most of your training event. ## Before the training _Am I the right person to give this training?_ -Security trainings can help people communicate and use the internet safely, but there are additional considerations to be made before training some at-risk groups. That's why we recommend this resource from EFF's Security Education Companion, ["Am I the right person to give this training?"](https://sec.eff.org/articles/right-person-to-train). This resource can help you be sure that you're doing the best by the community of people you wish to train. +Security trainings can help people communicate and use the internet safely, but there are additional considerations to be made before training some at-risk groups. +That's why we recommend this resource from EFF's Security Education Companion, ["Am I the right person to give this training?"](https://sec.eff.org/articles/right-person-to-train). +This resource can help you be sure that you're doing the best by the community of people you wish to train. Other questions to ask yourself before deciding to do a training: @@ -35,26 +38,32 @@ Other questions to ask yourself before deciding to do a training: Once you've answered those questions, you're ready to plan your training! -1. Find a location that is accessible, affordable, has an internet connection and other materials like a white board, projector, and screen. Make sure that the location is safe for your attendees to visit. -2. Promote your event in your community's spaces, taking safety into consideration. Under many circumstances, social media is great for promotion, but for higher risk groups, you may want to use a smaller word-of-mouth network or require community members to share information individually to other trusted people. +1. Find a location that is accessible, affordable, has an internet connection and other materials like a white board, projector, and screen. + Make sure that the location is safe for your attendees to visit. +2. Promote your event in your community's spaces, taking safety into consideration. + Under many circumstances, social media is great for promotion, but for higher risk groups, you may want to use a smaller word-of-mouth network or require community members to share information individually to other trusted people. 3. Create localized handouts for some of the more difficult concepts that you'll be teaching. 4. Make sure you have plenty of stickers to hand out to participants! -5. Create a link list of all the resources you'll be talking about. This includes downloads and PDFs of handouts. You'll share this link list on a whiteboard or project it at the training. -6. Determine how you'll do hands-on assistance at your training. Will you be able to handle this alone? Or will you require partners? If you need more help, make sure the partners you're bringing in are aware of the safety needs of the community, and communicate with your contacts in the community to make sure they're okay with you bringing in additional trainers. -7. Make sure your presentation is up-to-date (both information and screenshots) and save your presentation in two file formats -- for example, odp and pdf -- and on at least one additional device -- for example, on your computer and on a USB stick. -8. Decide how you will facilitate a safer space. We recommend using the Tor Code of Conduct. You can also start the training by asking participants to come up with their own community agreements for the space. +5. Create a link list of all the resources you'll be talking about. + This includes downloads and PDFs of handouts. + You'll share this link list on a whiteboard or project it at the training. +6. Determine how you'll do hands-on assistance at your training. + Will you be able to handle this alone? Or will you require partners? If you
[tor-commits] [community/staging] better strings for l10n
commit d653dcf19cd7c831f5ff9372d7997b66cf7c8789 Author: emma peel Date: Mon Jun 17 12:49:53 2019 +0200 better strings for l10n --- content/localization/translate-strings/contents.lr | 19 content/onion-services/setup/contents.lr | 36 +++--- 2 files changed, 25 insertions(+), 30 deletions(-) diff --git a/content/localization/translate-strings/contents.lr b/content/localization/translate-strings/contents.lr deleted file mode 100644 index e7f98bf..000 --- a/content/localization/translate-strings/contents.lr +++ /dev/null @@ -1,19 +0,0 @@ -section: localization -section_id: localization -color: primary -_template: layout.html -title: Translate strings -subtitle: How to translate -key: 4 -html: two-columns-page.html -body: -The Tor Project translatable strings are spread over different projects in Transifex. -To find out about our priorities and translation needs you can read the [Tor Localization Lab wiki page](https://wiki.localizationlab.org/index.php/Tor) diff --git a/content/onion-services/setup/contents.lr b/content/onion-services/setup/contents.lr index c442fe3..784cf45 100644 --- a/content/onion-services/setup/contents.lr +++ b/content/onion-services/setup/contents.lr @@ -30,21 +30,28 @@ To setup Tor, Windows users can follow the [Windows howto](https://2019.www.torp ## Step 1: Get a web server working -As a first step you should setup a web server locally, like nginx or lighttpd. Setting up a web server can be complex. We're not going to cover how to set up a web server here. If you get stuck or want to do more, find a friend who can help you. We recommend you install a new separate web server for your onion service. +As a first step you should setup a web server locally, like nginx or lighttpd. Setting up a web server can be complex. +We're not going to cover how to set up a web server here. If you get stuck or want to do more, find a friend who can help you. +We recommend you install a new separate web server for your onion service. -You need to configure your web server so it doesn't give away any information about you, your computer, or your location. This is not an easy task and in the end of this document we will offer more resources on how to make this possible. +You need to configure your web server so it doesn't give away any information about you, your computer, or your location. +This is not an easy task and in the end of this document we will offer more resources on how to make this possible. -Once your web server is set up, make sure it works: open your browser and go to http://localhost:8080/, where 8080 is the webserver port you chose during setup (you can choose any port, 8080 is just an example). Then try putting a file in the main html directory, and make sure it shows up when you access the site. +Once your web server is set up, make sure it works: open your browser and go to http://localhost:8080/, where 8080 is the webserver port you chose during setup (you can choose any port, 8080 is just an example). +Then try putting a file in the main html directory, and make sure it shows up when you access the site. ## Step 2: Configure your Tor onion service -The next step is opening the config file of Tor (torrc) and doing the appropriate configurations to setup an onion service. Depending on your operating system and setup, your Tor configuration file can be at a different location or look different. You will need to put the following two lines in your torrc: +The next step is opening the config file of Tor (torrc) and doing the appropriate configurations to setup an onion service. +Depending on your operating system and setup, your Tor configuration file can be at a different location or look different. +You will need to put the following two lines in your torrc: HiddenServiceDir /var/lib/tor/hidden_service/ HiddenServicePort 80 127.0.0.1:8080 -The `HiddenServiceDir` line specifies the directory which should contain information and cryptographic keys for your onion service. You will want to change the `HiddenServiceDir` line, so that it points to an actual directory that is readable/writeable by the user that will be running Tor. +The `HiddenServiceDir` line specifies the directory which should contain information and cryptographic keys for your onion service. +You will want to change the `HiddenServiceDir` line, so that it points to an actual directory that is readable/writeable by the user that will be running Tor. The `HiddenServicePort` line specifies a _virtual port_ (that is, the port that people visiting your onion service will be using), and in the above case it says that any traffic incoming to port 80 of your onion service should be redirected to `127.0.0.1:8080` (which is where the web server from step 1 is listening). @@ -52,23 +59,30 @@ The `HiddenServicePort` line specifies a _virtual port_ (that is, the po
[tor-commits] [community/staging] better strings for l10n
commit e076c90b924f19bec7e86b893633c285dbc884d6 Author: emma peel Date: Tue Jun 4 09:45:44 2019 +0200 better strings for l10n --- content/onion-services/overview/contents.lr| 60 ++ .../relay-operations/technical-setup/contents.lr | 9 ++-- 2 files changed, 45 insertions(+), 24 deletions(-) diff --git a/content/onion-services/overview/contents.lr b/content/onion-services/overview/contents.lr index 9daf496..9ba18c6 100644 --- a/content/onion-services/overview/contents.lr +++ b/content/onion-services/overview/contents.lr @@ -16,7 +16,8 @@ html: onion-services.html --- body: -Onion services are services that can only be accessed over Tor. Running an onion service gives your users all the security of HTTPS with the added privacy benefits of Tor Browser. +Onion services are services that can only be accessed over Tor. +Running an onion service gives your users all the security of HTTPS with the added privacy benefits of Tor Browser. ##Â Why onion services? @@ -24,11 +25,13 @@ Onion services offer various security benefits to their users, that are not usua ###Â Location hiding -An onion service's IP is hidden. Onion services are an overlay network on top of TCP/IP/, so in some sense IP addresses are not even meaningful to onion services: they are not even used in the protocol. +An onion service's IP is hidden. +Onion services are an overlay network on top of TCP/IP/, so in some sense IP addresses are not even meaningful to onion services: they are not even used in the protocol. ### End-to-end authentication -When a user visits a particular onion, they know that the content they are seeing can only come from that particular onion and that no impersonation is possible. This is not the case with the normal web, where reaching a website does not mean that a man-in-the-middle did not reroute to some other location (e.g. DNS attacks). +When a user visits a particular onion, they know that the content they are seeing can only come from that particular onion and that no impersonation is possible. +This is not the case with the normal web, where reaching a website does not mean that a man-in-the-middle did not reroute to some other location (e.g. DNS attacks). ###Â End-to-end encryption @@ -36,24 +39,29 @@ Onion service traffic is encrypted from the client to the onion host. This is li ### NAT punching -Is your network filtered and you can't open ports on your firewall? This could happen if you are in a university campus, an office, an airport or pretty much anywhere. Onion services don't need open ports because they punch through NAT, since they only establish outgoing connections. +Is your network filtered and you can't open ports on your firewall? +This could happen if you are in a university campus, an office, an airport or pretty much anywhere. +Onion services don't need open ports because they punch through NAT, since they only establish outgoing connections. ## The Onion Service Protocol: Overview -Now the question becomes **what kind of protocol do we need to achieve all these properties?** In particular, on the normal web, we connect to an IP address and we are done, but in this case how do we connect to something that does not have an IP address? +Now the question becomes **what kind of protocol do we need to achieve all these properties?**. +In particular, on the normal web, we connect to an IP address and we are done, but in this case how do we connect to something that does not have an IP address? -In particular, an onion service's address looks like this: `vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion` +In particular, an onion service's address looks like this: 'vww6ybal4bd7szmgncyruucpgfkqahzddi37ktceo3ah7ngmcopnpyyd.onion'. This looks weird and random because in reality it's the _identity public key_ of the onion service and that's one of the reasons we can achieve the security properties from above. -The general concept behind the onion service protocol is that we use the Tor network so that the client (Alice) can introduce itself to the service (Bob), and then sets up a rendezvous with the service. Here is a detailed breakdown of how this happens: +The general concept behind the onion service protocol is that we use the Tor network so that the client (Alice) can introduce itself to the service (Bob), and then sets up a rendezvous with the service. +Here is a detailed breakdown of how this happens: ###Â Act 1: Where the onion service sets up its introduction points  -As the first step in the protocol, Bob (the onion service) contacts a bunch of Tor relays and asks them to act as his _introduction points_, by establishing long-term circuits to them. These circuits are anonymized circuits, so Bob does not reveal his locations to his introduction points. +As the first step in the
[tor-commits] [community/staging] better strings for l10n
commit 85f4edda01ccb226c8267e2e5497c4fd30416779 Author: emma peel Date: Tue May 28 09:32:29 2019 +0200 better strings for l10n --- .../relay-operations/technical-setup/contents.lr | 188 +++-- .../technical-setup/debianubuntu/contents.lr | 5 +- .../technical-setup/exit-relay/contents.lr | 90 -- content/user-testing/contents+en.lr| 6 +- content/user-testing/contents+es.lr| 6 +- content/user-testing/contents+fr.lr| 6 +- content/user-testing/contents.lr | 6 +- 7 files changed, 108 insertions(+), 199 deletions(-) diff --git a/content/relay-operations/technical-setup/contents.lr b/content/relay-operations/technical-setup/contents.lr index c795b0f..fc255aa 100644 --- a/content/relay-operations/technical-setup/contents.lr +++ b/content/relay-operations/technical-setup/contents.lr @@ -180,52 +180,41 @@ The following torrc configuration options can be used to restrict bandwidth and * BandwidthBurst * RelayBandwidthRate -Having a fast relay for some time of the month is preferred over a slow relay -for the entire month. +Having a fast relay for some time of the month is preferred over a slow relay for the entire month. Also see the bandwidth entry in the FAQ: https://www.torproject.org/docs/faq.html.en#BandwidthShaping # IPv6 -We encourage everyone to enable IPv6 on their relays. This is especially -valuable on exit and guard relays. +We encourage everyone to enable IPv6 on their relays. This is especially valuable on exit and guard relays. -Before enabling your tor daemon to use IPv6 in addition to IPv4 you should do -some basic IPv6 connectivity tests. +Before enabling your tor daemon to use IPv6 in addition to IPv4 you should do some basic IPv6 connectivity tests. -he following command line will ping the IPv6 addresses of Tor directory -authorities from your server: +The following command line will ping the IPv6 addresses of Tor directory authorities from your server: ``` ping6 -c2 2001:858:2:2:aabb:0:563b:1526 && ping6 -c2 2620:13:4000:6000::1000:118 && ping6 -c2 2001:67c:289c::9 && ping6 -c2 2001:678:558:1000::244 && ping6 -c2 2607:8500:154::3 && ping6 -c2 2001:638:a000:4140:::189 && echo OK. ``` -At the end of the output you should see "OK." if that is not the case do not -enable IPv6 in your torrc configuration file before IPv6 is indeed working. If -you enable IPv6 without working IPv6 connectivity your entire relay will not be -used, regardless if IPv4 is working. +At the end of the output you should see "OK." if that is not the case do not enable IPv6 in your torrc configuration file before IPv6 is indeed working. +If you enable IPv6 without working IPv6 connectivity your entire relay will not be used, regardless if IPv4 is working. -If it worked fine, make your Tor relay reachable via IPv6 by adding an -additional ORPort line to your configuration (example for ORPort 9001): +If it worked fine, make your Tor relay reachable via IPv6 by adding an additional ORPort line to your configuration (example for ORPort 9001): ``` ORPort [IPv6-address]:9001 ``` -The location of that line in the configuration file does not matter you can -simply add it next to the first ORPort lins in your torrc file. +The location of that line in the configuration file does not matter you can simply add it next to the first ORPort lins in your torrc file. -Note: You have to explicitly specify your IPv6 address in square brackets, you -can not tell tor to bind to any IPv6 (like you do for IPv4). If you have a -global IPv6 address you should be able to find it in the output of the following -command: +Note: You have to explicitly specify your IPv6 address in square brackets, you can not tell tor to bind to any IPv6 (like you do for IPv4). +If you have a global IPv6 address you should be able to find it in the output of the following command: ``` ip addr|grep inet6|grep global ``` -If you are an exit relay with IPv6 connectivity, tell your tor daemon to allow -exiting via IPv6 so clients can reach IPv6 destinations: +If you are an exit relay with IPv6 connectivity, tell your tor daemon to allow exiting via IPv6 so clients can reach IPv6 destinations: ``` IPv6Exit 1 @@ -235,59 +224,44 @@ Note: Tor requires IPv4 connectivity, you can not run a Tor relay on IPv6-only. # Important if you run more than one Tor instance -To avoid putting Tor clients at risk when operating multiple relays you must set -a proper [MyFamily](https://2019.www.torproject.org/docs/tor-manual.html.en#MyFamily) -value and have a valid [ContactInfo](https://2019.www.torproject.org/docs/tor-manual.html.en#ContactInfo) -in your torrc configuration. The MyFamily setting is simply telling Tor clients what Tor -relays are controlled by a single entity/operator/organization, so they don't -use them in multiple position in a single circuit. +To avoid putting Tor clients
[tor-commits] [community/staging] better strings for l10n
commit 821e72b6c7a6c2689fc7f4c58a8ada18fa016fe3 Author: emma peel Date: Mon May 27 15:49:34 2019 +0200 better strings for l10n --- content/relay-operations/contents+en.lr| 30 content/relay-operations/contents+es.lr| 30 content/relay-operations/contents+fr.lr| 30 content/relay-operations/contents.lr | 7 +- .../relays-requirements/contents.lr| 77 -- .../relay-operations/technical-setup/contents.lr | 160 - 6 files changed, 95 insertions(+), 239 deletions(-) diff --git a/content/relay-operations/contents+en.lr b/content/relay-operations/contents+en.lr deleted file mode 100644 index e96d6c9..000 --- a/content/relay-operations/contents+en.lr +++ /dev/null @@ -1,30 +0,0 @@ -section: relay operations -section_id: relay-operations -color: primary -_template: layout.html -title: Relay operations -subtitle: Relays are the backbone of the Tor network. Help make Tor stronger and faster by running a relay today. -cta: Grow the Tor network -key: 1 -html: relay-operations.html -body: - -The Tor network relies on volunteers to donate bandwidth. The more people who run relays, the better the Tor network will be. The current Tor network is quite small compared to the number of people who need to use Tor, which means we need more dedicated volunteers like you to run relays. - -By running a Tor relay you can help make the Tor network: - -* faster (and therefore more usable) -* more robust against attacks -* more stable in case of outages -* safer for its users (spying on more relays is harder than on a few) - -Running a relay requires technical skill and commitment, which is why we've created a wealth of resources to help our relay operators. The best resource of all is the active community of relay operators on tor-rel...@lists.torproject.org and on IRC in #tor-relays. diff --git a/content/relay-operations/contents+es.lr b/content/relay-operations/contents+es.lr deleted file mode 100644 index e96d6c9..000 --- a/content/relay-operations/contents+es.lr +++ /dev/null @@ -1,30 +0,0 @@ -section: relay operations -section_id: relay-operations -color: primary -_template: layout.html -title: Relay operations -subtitle: Relays are the backbone of the Tor network. Help make Tor stronger and faster by running a relay today. -cta: Grow the Tor network -key: 1 -html: relay-operations.html -body: - -The Tor network relies on volunteers to donate bandwidth. The more people who run relays, the better the Tor network will be. The current Tor network is quite small compared to the number of people who need to use Tor, which means we need more dedicated volunteers like you to run relays. - -By running a Tor relay you can help make the Tor network: - -* faster (and therefore more usable) -* more robust against attacks -* more stable in case of outages -* safer for its users (spying on more relays is harder than on a few) - -Running a relay requires technical skill and commitment, which is why we've created a wealth of resources to help our relay operators. The best resource of all is the active community of relay operators on tor-rel...@lists.torproject.org and on IRC in #tor-relays. diff --git a/content/relay-operations/contents+fr.lr b/content/relay-operations/contents+fr.lr deleted file mode 100644 index e96d6c9..000 --- a/content/relay-operations/contents+fr.lr +++ /dev/null @@ -1,30 +0,0 @@ -section: relay operations -section_id: relay-operations -color: primary -_template: layout.html -title: Relay operations -subtitle: Relays are the backbone of the Tor network. Help make Tor stronger and faster by running a relay today. -cta: Grow the Tor network -key: 1 -html: relay-operations.html -body: - -The Tor network relies on volunteers to donate bandwidth. The more people who run relays, the better the Tor network will be. The current Tor network is quite small compared to the number of people who need to use Tor, which means we need more dedicated volunteers like you to run relays. - -By running a Tor relay you can help make the Tor network: - -* faster (and therefore more usable) -* more robust against attacks -* more stable in case of outages -* safer for its users (spying on more relays is harder than on a few) - -Running a relay requires technical skill and commitment, which is why we've created a wealth of resources to help our relay operators. The best resource of all is the active community of relay operators on tor-rel...@lists.torproject.org and on IRC in #tor-relays. diff --git a/content/relay-operations/contents.lr b/content/relay-operations/contents.lr index e96d6c9..7d28096 100644 --- a/content/relay-operations/contents.lr +++ b/content/relay-operations/contents.lr @@ -18,7 +18,9 @@ html: relay-operations.html --- body: -The To
[tor-commits] [community/staging] better strings for l10n
commit 4213a179ab3e95e2c761e38b75595da66cdb014b Author: emma peel Date: Mon May 27 14:30:25 2019 +0200 better strings for l10n --- content/contents.lr | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/content/contents.lr b/content/contents.lr index b09a299..9f90191 100644 --- a/content/contents.lr +++ b/content/contents.lr @@ -14,4 +14,7 @@ html: home.html --- body: -The Tor community is made up of all kinds of contributors. Some people write documentation and bug reports, while others hold Tor events and conduct outreach. Whether you have a lot of time to volunteer or a little, and whether you consider yourself technical or not, we want you to join our community, too. Below you'll find some different ways to volunteer with the Tor community as well as resources to help you help Tor. +The Tor community is made up of all kinds of contributors. +Some people write documentation and bug reports, while others hold Tor events and conduct outreach. +Whether you have a lot of time to volunteer or a little, and whether you consider yourself technical or not, we want you to join our community, too. +Below you'll find some different ways to volunteer with the Tor community as well as resources to help you help Tor. ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
[tor-commits] [community/staging] better strings for l10n
commit ba7ab280557a9588df91e7230bf54bac4439c5c9 Author: emma peel Date: Mon May 27 13:41:40 2019 +0200 better strings for l10n --- content/localization/becoming-tor-translator/contents.lr | 10 +++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/content/localization/becoming-tor-translator/contents.lr b/content/localization/becoming-tor-translator/contents.lr index ad43dcb..a1acba9 100644 --- a/content/localization/becoming-tor-translator/contents.lr +++ b/content/localization/becoming-tor-translator/contents.lr @@ -16,9 +16,13 @@ html: localization.html --- body: -If you are interested in helping out the project by translating the manual or the Tor Browser to your language, your help would be greatly appreciated! Tor Project localization is hosted in the [Localization Lab Hub](https://www.localizationlab.org/) on Transifex, a third-party translation tool. In order to begin contributing you will have to sign up with Transifex. Below is an outline of how to sign up and begin. +If you are interested in helping out the project by translating the manual or the Tor Browser to your language, your help would be greatly appreciated! Tor Project localization is hosted in the [Localization Lab Hub](https://www.localizationlab.org/) on Transifex, a third-party translation platform. +In order to begin contributing you will have to sign up with Transifex. Below is an outline of how to sign up and begin. -Before translating, please read through the Tor Project page on the [Localization Lab Wiki](https://wiki.localizationlab.org/index.php/Tor). There you will find translation guidelines and resources that will help you contribute to Tor translations. +Before translating, please read through the Tor Project page on the [Localization Lab Wiki](https://wiki.localizationlab.org/index.php/Tor). +There you will find translation guidelines and resources that will help you contribute to Tor translations. + +You are cordially invited to join the [Tor localization mailing list](https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-l10n), to organize translations, participate in our decisions, report errors in source strings, etc. # Signing Up On Transifex @@ -40,4 +44,4 @@ After your membership is approved you can begin translating; there is a list of The [Localization Lab Wiki](https://wiki.localizationlab.org/index.php/Tor) also has information about the translations with bigger priority. -Thanks for your interest in helping the project! \ No newline at end of file +Thanks for your interest in helping the project! ___ tor-commits mailing list tor-commits@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits
