[tor-relays] (no subject)
Hello, Can you remove my email adress from your contact list? Thanks in advance. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] efficiency and reachability
On Tue, Aug 27, 2013 at 1:11 PM, That Guy g...@gmx.us wrote: 1) have 4 extra unused devices, 2 android 2 older laptops running Xubuntu Lubuntu that can run full time my 2 primary machines(android tab and Debian laptop). With only so much bandwidth, what helps best in that situation? a. fewer(1-2) devices offering more BW each, or b. more(4-7) devices each offering less BW to the network. Would all these devices be behind a single external IP address (if that question makes sense)? They'd all be behind the same router (as I take it); in all probability, that would in most cases mean they'd all share the same external / WAN IP address. Is that the case? If yes, you should try and not run more than two Tor relays behind the same WAN IP. That's because the directory authorities (which compose and sign lists of relays that Tor user clients then download to compose circuits of) won't like this, afaik. In any case, it does kind of matter what's your realistic overall download and upload throughput / bandwidth. 2) Port forwarding would make the most amount of sense, I guess. Each of those devices, having Tor instances running on them, will have a torrc config file. Probably under /etc/tor/torrc, or /usr/local/etc/tor/torrc (you can also probably use Vidalia for this.) In that file, there will be a line #ORPort 9001 You will need to (after uncommenting the line) set different ports in each of the Tor instances you're running, and then port-forward that same port (that's the most easy way) to each of the devices. Basically, external port (e.g. 9001) - forward to local IP of the device in question - 9001. Try and set the ORPort to 443 on one of the devices, if possible. (This might mean you'll have to run Tor as root, or will need to change capabilities.) In any case, the ports will have to differ, the way I see it. -- Kostas. 0x0e5dce45 @ pgp.mit.edu ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] What if my favorite online store websiteblacklists all Tor Relay IP addresses?
Just wanted to follow up - I emailed yelp, never heard back from them, but now we can access it. We can also access TDBank North (I can't remember if I emailed them or not). On Mon, Aug 26, 2013 at 11:37 AM, Konstantinos Asimakis insh...@gmail.comwrote: Chuck do you run Tor on a separate machine to do that? Or have you found some way to pass only your Tor traffic through the VPN? Cheers. - My full signature with lots of links etc.https://bittit.info/publicDro/signature.html On Mon, Aug 26, 2013 at 10:01 AM, Chuck Bevitt t...@bevitt.ws wrote: I run a tor exit node (CulverCityChuck) using my home Internet (Time Warner). I did used to get blacklisted by Yelp and occasionally Google. I started using an anonymous VPN service for my exit node which gives it a different IP than the rest of my home traffic and haven't had a problem since. Costs less than $100 / year and gives me (and my ISP) some measure of protection from DMCA complaints. The other side of the issue would be customers accessing web storefronts via tor and getting blocked because the traffic comes from an exit node. Not sure what the answer to that is. Chuck Bevitt Sent from my iPad On Aug 25, 2013, at 6:46 PM, Gordon Morehouse gor...@morehouse.me wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 t...@t-3.net: Not sure where you live but, I read that these days, USA is photographing the fronts of all postal mail. So, mailed merchandise isn't exactly a win on privacy anyway. That is correct[1]. 1. http://www.nytimes.com/2013/08/03/us/postal-service-confirms-photographing-all-us-mail.html Best, - -Gordon M. -BEGIN PGP SIGNATURE- iQEcBAEBCgAGBQJSGrNdAAoJED/jpRoe7/uj7ZIH/2tcPxpO0F0G+W0fI3cWu/CC +Igh8j9zpXJkA1Z8YODuiyD26G3VQSg3IILXUjfCpzvLsP3xKzxImD3atocXK7y7 O7tLdgyLg4nPLNtILQtOe26g3W59ljxPJXoHRwGpO0N1g94qkggepxB3qz83UZe/ TPZ3iIhtImvYmzXgU1RHK+3X5ikAlRFShbgPG7IsZrsB9QMFgDL4fGL0x1/ipTLh mfuzdHbfAYqW4zXVgn9wuncWZK/FY1D2e5gMbavrVpR1jRFxuAB81ty230ibOHPC 1DX4+pqHZOWyNpEpADX+aejhpA9F2yLE6ahhnTtv8UBNxpWh2OZwEP4pem+EQJ0= =rbQ3 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new relays
On Aug 22, 2013, at 11:56 AM, mick m...@rlogin.net wrote: The other thing that I am weighing is just a moral question regarding misuse of the Tor network for despicable things like child porn. I understand that of all the traffic it is a small percentage and that ISPs essentially face the same dilemma, but I wonder if more can be done to make Tor resistant to evil usage. Tor is neutral. You and I may agree that certain usage is unwelcome, even abhorrent, but we cannot dictate how others may use an anonymising service we agree to provide. If you have a problem with that, you probably should not be running a tor node. Then why have exit policies? Exit nodes regularly block unwelcome traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn (which, come to think of it, also tends to be a bandwidth hog like bittorrent--so it doesn't have to be just a moral question). If someone has a problem with exit nodes blocking things like porn (or bittorrent, or...), then they probably should not be using Tor. The very idea of Tor is based on moral convictions (e.g., that personal privacy is a good thing, that human rights violations and abuse of power are bad things, etc.). So Tor is most definitely not neutral, nor can it be--because, if it is to exist and flourish, those moral convictions must remain at its foundation. One cannot on the one hand claim that human rights violations are wrong while on the other hand claiming that pornography (especially child porn) is right. If one wants further proof that Tor has a moral component, one has only to visit http://www.torproject.org, click the About Tor link, and notice the discussion points. I doubt that anyone could convince the Tor team to add ...for unfettered access to pornography... as a bullet point under Why we need Tor. The Tor devs go to great lengths to try to keep evil governments from using Tor against itself. Why not devote some effort toward keeping evil traffic off of Tor? Given the fact that we need more relays is the common mantra, it seems to me that if the Tor community could come up with a technical answer to address at least some of the most egregious abuses of Tor--things like child porn, or even porn in general, that either have nothing to do with Tor's foundational mission, or (like child porn) are antithetical to it--the result would be greater public support for the technology, and a wider deployment base. It's worth discussion. Jon ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new relays
On Tue, 27 Aug 2013 11:08:34 +, Jon Gardner wrote: ... Then why have exit policies? To keep spammers at bay (or getting your exit blacklisted); to keep traffic at bay (bittorrent), to keep law harrassment at bay (again bittorrent, others as well). Exit nodes regularly block unwelcome traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn THe point is that the exit policy is a decision of the exit operator in question, not of the network as a whole. If you want to access something you just need to find some exit that allows it. Who should even decide what 'porn' means, or do you expect each exit operator to maintain his own blacklist? The very idea of Tor is based on moral convictions (e.g., that personal privacy is a good thing, that human rights violations and abuse of power are bad things, etc.). So Tor is most definitely not neutral, nor can it be--because, if it is to exist and flourish, those moral convictions must remain at its foundation. No. The underlying conviction of tor is that communication shall be free, not censored. Besides there is pretty little whose transport via a network should reasonably be illegal. One cannot on the one hand claim that human rights violations are wrong while on the other hand claiming that pornography (especially child porn) is right. If one wants further proof that Tor has a moral component, one has only to visit http://www.torproject.org, click the About Tor link, and notice the discussion points. I doubt that anyone could convince the Tor team to add ...for unfettered access to pornography... as a bullet point under Why we need Tor. No. But if you want to ensure unfettered access to X, that necessarily implies unfettered access ot Y, for any values of X and Y. Any mean to disable access to Y implies that the tor network can be forced as well to disable access to X. The Tor devs go to great lengths to try to keep evil governments from using Tor against itself. Why not devote some effort toward keeping evil traffic off of Tor? Given the fact that we need more relays is the common mantra, it seems to me that if the Tor community could come up with a technical answer to address at least some of the most egregious abuses of Tor--things like child porn, or even porn in general, that either have nothing to do with Tor's foundational mission, or (like child porn) are antithetical to it--the result would be greater public support for the technology, and a wider deployment base. What do you think how long it takes, when we block X, we start getting requests (or worse, think NSL) to block Y. The moment tor gets a global block list I will pull the plug on my relays. Besides: You didn't mention any idea how to actually find and enumerate the things you apparently want to block. Or how not to overblock. There isn't even a government entity that has this problem solved. Andreas -- Totally trivial. Famous last words. From: Linus Torvalds torvalds@*.org Date: Fri, 22 Jan 2010 07:29:21 -0800 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new relays
On 08/28/2013 12:08 AM, Jon Gardner wrote: Then why have exit policies? Exit nodes regularly block unwelcome traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn (which, come to think of it, also tends to be a bandwidth hog like bittorrent--so it doesn't have to be just a moral question). I do not wish to comment on the morality or desirability of traffic filters, but on the implementation: It is much easier to block the majority of BitTorrent traffic than it is to block specific content served through HTTP. Torrent traffic can be blocked by the reduced exit policy https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy, which is a static whitelist of ports to allow. To do the same thing for content over HTTP, one would have to maintain a dynamic blacklist of IPs (or IP/port combinations) to block, which is much more challenging. An even more challenging alternative would be to implement deep packet inspection https://en.wikipedia.org/wiki/Deep_packet_inspection at the exit nodes---I think this is completely unpalatable to most Tor developers and exit node operators (and maybe illegal under US wiretapping laws). Vincent smime.p7s Description: S/MIME Cryptographic Signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Being flooded.........
by virusessince starting relay. I run several anti viral and malware routines daily and ever since deciding to start relaying, they are all being stretched to their capacity. Let me know when the sys is cleaned up. Maybe include an anti viral with the relay setup and update it thru the software. Make it so no one can connect to Tor unless they are certified clean. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Being flooded.........
they are all being stretched to their capacity. 1: Anti virus and malware detection don't have a 'capacity' - no idea what you're talking about. Make it so no one can connect to Tor unless they are certified clean. 2: Whether your an exit relay or not, viruses would not come from Tor. Your relay is just a tunnel for encrypted traffic to pass through, there is simply no way a virus could get onto your machine that way as nothing stops at your machine and if you were to sniff what went through it would all be encrypted. If you've been on Tor yourself and downloaded things from the onion sites then it's your own fault, same as the regular web. You're blaming the wrong program. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new relays
On Tue, 27 Aug 2013 11:08:34 -0500 Jon Gardner j...@brazoslink.net allegedly wrote: On Aug 22, 2013, at 11:56 AM, mick m...@rlogin.net wrote: Tor is neutral. You and I may agree that certain usage is unwelcome, even abhorrent, but we cannot dictate how others may use an anonymising service we agree to provide. If you have a problem with that, you probably should not be running a tor node. Then why have exit policies? Exit nodes regularly block unwelcome traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn (which, come to think of it, also tends to be a bandwidth hog like bittorrent--so it doesn't have to be just a moral question). If someone has a problem with exit nodes blocking things like porn (or bittorrent, or...), then they probably should not be using Tor. The very idea of Tor is based on moral convictions (e.g., that personal privacy is a good thing, that human rights violations and abuse of power are bad things, etc.). Nope. Not in my view. Tor's USP is anonymity of access to any and all network resources. I say again, tor is neutral. It cares not about what those resources are - it just shovels bits. And as a relay operator I cannot say that bits of type A are OK to retrieve but not bits of type B. I do not even know what type of bits are transferred. As someone else here said censorship implies surveillance. The Tor devs go to great lengths to try to keep evil governments from using Tor against itself. Why not devote some effort toward keeping evil traffic off of Tor? Define evil (or its converse good). I'd bet that given any random selection of people in a room you'd get a broad spectrum of views. The only way you can safely meet /all/ those views is not to take a position at all and remain neutral. I repeat tor is neutral. It's worth discussion. I agree. Best Mick - Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net - signature.asc Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Being flooded.........
On Tue, Aug 27, 2013 at 12:52:14PM -0400, Allan Moon wrote: by virusessince starting relay. What signs do you have that this is happening? Are you running AV on your relay node, or something? What messages are you getting? Good luck cleaning up your system. You mightw want to run a relay on a cheap Linux computer like a rpi instead of on a Windows machine. Considering that several AV programs consider *Tor* to be malware, it wouldn't be a good idea to require AV for Tor! -andy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Being flooded.........
On 13-08-27 12:52 PM, Allan Moon wrote: by virusessince starting relay. I run several anti viral and malware routines daily and ever since deciding to start relaying, they are all being stretched to their capacity. Let me know when the sys is cleaned up. Maybe include an anti viral with the relay setup and update it thru the software. Make it so no one can connect to Tor unless they are certified clean. You should not be scanning the traffic exiting your Tor relay, and especially not altering it by removing viruses or anything else. Doing so will get your node listed as a bad exit. Try adding an exception to your firewall or anti-virus rules for the Tor.exe program's traffic exiting (and returning via) your computer. Likely your virus detectors are seeing the drive-by exploits on websites and bogus search engines that surfers typically click on. Your own machine should not be affected by these things as it is just passing them through to the requestor at the other end of the Tor network. If you do not want to deal with viruses or other end-user content, you can change your exit policy to reject *:* in other words, become a non-exit node. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new relays
The Tor devs go to great lengths to try to keep evil governments from using Tor against itself. Why not devote some effort toward keeping evil traffic off of Tor? I agree. Why not block the most obvious abuse? All professional Apache webservers install a module named 'mod_secure' that will filter out trivial hacking attempts such as: GET /index.php?id=123 OR 1=1 GET /index.php?file=../../../../../../../etc/passwd Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent. The examples above are not a matter of taste/moral conviction/opinion, so why not implement a 'mod_security'-like filter in Tor? Define evil (or its converse good). I'd bet that given any random selection of people in a room you'd get a broad spectrum of views. The only way you can safely meet /all/ those views is not to take a position at all and remain neutral. Yes, this is a gray area. Moreover, there is not a solid technical solution to reliably label or classify content. However, suppose that in ten years technology has advanced and we can reliably classify websites as gay porn, controversial political views, child porn, weapons, etc. Then I see no harm in a tor exit operator to choose an exit policy that matches his own moral beliefs. Don't forget Tor exits are operated by volunteers that donate time and money to provide anonymity and provide access to content they think is important to the world and should be freely accessible at all cost. Others may regard this as censorship, but they are free to operate a Tor exit node themselves to provide access to more grim content. Everybody has their own reasons to join the torproject. Be it providing access to information for those living under an oppressing regime, or because they don't want their health care insurance to know what diseases they search on Google, or because they have a sexual orientation that is unacceptable in the community they live in. Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new relays
On 13-08-27 05:12 PM, Tor Exit wrote: The Tor devs go to great lengths to try to keep evil governments from using Tor against itself. Why not devote some effort toward keeping evil traffic off of Tor? I agree. Why not block the most obvious abuse? All professional Apache webservers install a module named 'mod_secure' that will filter out trivial hacking attempts such as: GET /index.php?id=123 OR 1=1 GET /index.php?file=../../../../../../../etc/passwd Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent. The examples above are not a matter of taste/moral conviction/opinion, so why not implement a 'mod_security'-like filter in Tor? Define evil (or its converse good). I'd bet that given any random selection of people in a room you'd get a broad spectrum of views. The only way you can safely meet /all/ those views is not to take a position at all and remain neutral. Yes, this is a gray area. Moreover, there is not a solid technical solution to reliably label or classify content. However, suppose that in ten years technology has advanced and we can reliably classify websites as gay porn, controversial political views, child porn, weapons, etc. Then I see no harm in a tor exit operator to choose an exit policy that matches his own moral beliefs. Don't forget Tor exits are operated by volunteers that donate time and money to provide anonymity and provide access to content they think is important to the world and should be freely accessible at all cost. Others may regard this as censorship, but they are free to operate a Tor exit node themselves to provide access to more grim content. Everybody has their own reasons to join the torproject. Be it providing access to information for those living under an oppressing regime, or because they don't want their health care insurance to know what diseases they search on Google, or because they have a sexual orientation that is unacceptable in the community they live in. Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs? You can do that if you choose, but consequences may include: - getting listed as a BadExit: https://trac.torproject.org/projects/tor/wiki/doc/badRelays - becoming liable for not stopping illegal activity passing through your node, or get charged with illegal wiretapping. See the Snoop question in: https://www.torproject.org/eff/tor-legal-faq.html.en - creating uncertainty about whether exit node operators snoop on traffic or retain data, which puts all of them at risk of being seized during police investigations; - impeding police investigations of the evil sites: https://www.torproject.org/about/torusers.html.en#lawenforcement ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new relays
On Tue, Aug 27, 2013 at 11:08:34AM -0500, Jon Gardner wrote: Then why have exit policies? Exit nodes regularly block unwelcome traffic like bittorrent, and there's only a slight functional difference between that and using a filter in front of the node to block things like porn The exit policy is a public statement to the Tor network by the exit node about what traffic it is willing to transport. Users who wish to use a particular TCP port can consult the consensus and find an exit node which meets their needs. By contrast, a porn blacklist would presumably prevent particular HTTP requests from being satisfied, based on analysis of the contents of the requests. In other words, the pornfiltering-exit-node offered to transport port 80, but then reneged on the offer when it looked inside the box and didn't like what it found. If only there were a separate TCP port for HTTP-with-Porn and all the pornographers used it, then an exit policy for HTTP-without-porn would be possible. But alas, we don't even have vague agreement on what constitutes porn, much less a social contract requiring all pornographers to segregate their traffic for our convenience. RFC6969, Pornographic HTTP. #ideasforapril1 Consider http://www.ietf.org/rfc/rfc3514.txt -- Firewalls, packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. The problem is that making such determinations is hard. To solve this problem, we define a security flag, known as the evil bit, in the IPv4 header. Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1. -andy ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] new relays
On Tue, 27 Aug 2013 23:12:01 +, Tor Exit wrote: GET /index.php?file=../../../../../../../etc/passwd Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent. No, you can't be sure. That request could quite well be totally legitimate; you are not in a position to judge for the site owner. (I'm just fighting against a 'transparent proxy' that thinks POST with more than 1000 bytes are evil. Please don't add more points of failure to an already fragile web.) Andreas -- Totally trivial. Famous last words. From: Linus Torvalds torvalds@*.org Date: Fri, 22 Jan 2010 07:29:21 -0800 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
