Re: [tor-relays] Is there a reason for all exit nodes being public?
I agree 100%. And yet, it's still useful for those who don't have anything to fear from using Tor, but still want the privacy and security from the last mile. On Wed, Dec 7, 2016, at 23:45, Duncan Guthrie wrote: > The problem with Facebook is that their policies on real names > somewhat goes against hiding from a repressive regime. Their terms and > conditions mandate that they kick people who use pseudonyms, and make > fellow Facebook users rat on each other. > If I was an activist I would be wary of using it on or off Tor at > all. If I am going to be harassed for using Facebook, it's probably > unsafe to use Tor altogether. It isn't worth the risk, except in a > very limited manner. > I think the hidden service in this case is just gesture politics. > It's not really for citizens in repressive regimes, but people who > have little to fear from using Tor. > > Duncan > > On 7 December 2016 3:20:05 pm GMT+00:00, Rana >wrote: >> >> >> >> >> -Original Message- >> >>> From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] >>> On Behalf Of heartsucker >>> >>> Sent: Wednesday, December 07, 2016 5:11 PM >>> >>> : tor-relays@lists.torproject.org >>> >>> Subject: Re: [tor-relays] Is there a reason for all exit nodes >>> being public? >>> >>> >>> >>> As one of the Tor users who connects to services where I have to >>> use my real name (e.g., my banks), I think it's not helpful to make >>> assumptions about everyone's use case. Part of why I use Tor is to >>> >>> keep my ISPs from snooping on what I'm doing, and it's possible >>> some of these millions of facebook users are doing the same. >>> >> >> >> We will never know the breakdown of the Facebook users by the reason >> why they use Tor. However, surely many of them are under repressive >> regimes and do not want their ass kicked for what they write on >> Facebook. Protecting them is fine purpose and anyhow, Tor has no >> control over how people use the network and certainly not over why >> they use it. >> >> >> >> Rana >> >> >> >> >> >> >> >> >> >> >> >> tor-relays mailing list >> >> tor-relays@lists.torproject.org >> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > _ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
The problem with Facebook is that their policies on real names somewhat goes against hiding from a repressive regime. Their terms and conditions mandate that they kick people who use pseudonyms, and make fellow Facebook users rat on each other. If I was an activist I would be wary of using it on or off Tor at all. If I am going to be harassed for using Facebook, it's probably unsafe to use Tor altogether. It isn't worth the risk, except in a very limited manner. I think the hidden service in this case is just gesture politics. It's not really for citizens in repressive regimes, but people who have little to fear from using Tor. Duncan On 7 December 2016 3:20:05 pm GMT+00:00, Ranawrote: > > >-Original Message- >> From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On >Behalf Of heartsucker >> Sent: Wednesday, December 07, 2016 5:11 PM >> : tor-relays@lists.torproject.org >> Subject: Re: [tor-relays] Is there a reason for all exit nodes being >public? >> >> As one of the Tor users who connects to services where I have to use >my real name (e.g., my banks), I think it's not helpful to make >assumptions about everyone's use case. Part of why I use Tor is to >> keep my ISPs from snooping on what I'm doing, and it's possible some >of these millions of facebook users are doing the same. > >We will never know the breakdown of the Facebook users by the reason >why they use Tor. However, surely many of them are under repressive >regimes and do not want their ass kicked for what they write on >Facebook. Protecting them is fine purpose and anyhow, Tor has no >control over how people use the network and certainly not over why they >use it. > >Rana > > > > >___ >tor-relays mailing list >tor-relays@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
On 2016-12-07 05:41, Rana wrote: By the way, I just checked, Gmail works without problems over Tor (both Web and IMAPS). Using Gmail over Tor when they already know who you are is self-defeating. Try to register an anonymous Gmail account using Tor. Doable. They require a phone number for verification, but that's the same with and without Tor. Besides, if you want an anonymous email, use _anything but Gmail_, eg. ProtonMail. Providing you phone number during registration = registration is not anonymous, so anonymous registration of a Gmail account using Tor is NOT doable. This depends on your country. In some countries you can purchase a SIM and activate service using only cash. If your threat model includes includes an adversary that could obtain phone company records, you should not reuse the phone or SIM for any other purpose. Obviously not all countries allow for this approach. Last time I tried, this did not work. I provided the SMS number in a Tor registration attempt and Gmail said we cannot register you "at this time", without even trying to send me an SMS. Protonmail is exactly the same thing, if you want to register a free account you need to provide your phone number. You can register "anonymously" in ProtonMail only for paid account, and even if you are willing to pay for anonymity, you need to pay in bitcoin which ultimately discloses you identity - so again, not anonymous. As someone who previously ran a small freemail service, I can tell you that it's extremely difficult to block abusers from signing up without also blocking legitimate users. I gave up trying. If you can acquire an untrackable prepaid credit card (again, something that can be done using only cash here, but perhaps not everywhere), you may be able to find a VoIP service which can be used for this purpose. I have registered both Gmail and Outlook.com accounts at a VoIP SMS phone number, although I had to register a few phone numbers in different area codes before I found one that would work. It's a tough problem to solve, I will admit. On 2016-12-07 04:15, Rana wrote: Using Gmail over Tor when they already know who you are is self-defeating. Try to register an anonymous Gmail account using Tor. Gmail might know who I am, but my connectivity provider doesn't and I might not want them to know I'm using Gmail. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
On Wed, 7 Dec 2016 22:50:39 + Alex Haydockwrote: > Intel ME/AMT concerns me too, especially how unavoidable it seems to be > on modern CPUs (AMD is no escape, as they have an equivalent in the form > of their "Platform Security Processor"). On AMD that's been implemented only after "Family 15h" https://libreboot.org/faq/#amdbastards https://en.wikipedia.org/wiki/List_of_AMD_CPU_microarchitectures Family 15h itself is safe. It includes FX-series 8-core CPUs at up to 5 GHz supporting DDR3-2133 RAM: https://en.wikipedia.org/wiki/Piledriver_%28microarchitecture%29 So don't handwave-away AMD with "they are doing that too", today you CAN have a non-backdoored modern high-performance CPU -- from AMD. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
On 2016-12-07 07:20, Rana wrote: We will never know the breakdown of the Facebook users by the reason why they use Tor. However, surely many of them are under repressive regimes and do not want their ass kicked for what they write on Facebook. Protecting them is fine purpose and anyhow, Tor has no control over how people use the network and certainly not over why they use it. I use Tor to access Facebook because it exists, and because I believe that legitimate use of both hidden services and exit nodes improves the overall legitimacy of Tor. I believe that if the only use of Tor is users with something to hide, it becomes easier to justify blocking and therefore is less effective and less useful overall. I use Facebook with my real name and real photo because I'm not hiding anything from anyone in this situation (except perhaps my local connectivity provider, should I be traveling at the time). I'm probably a minority in this case, and certainly an anecdote is not of statistical significance, but that's me. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
Op 07-12-16 om 23:50 schreef Alex Haydock: AMD is no escape, as they have an equivalent in the form of their "Platform Security Processor" I believe[1] the Athlon 5370 that AMD released this year is without PSP. Suits small form factors and has good performance for the mere 25 Watt that it uses. [1] https://notabug.org/vimuser/libreboot-website/issues/10 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
On 07/12/16 23:15, diffusae wrote > I am totally agree with you. > > One alternative would be to use coreboot on your machine. If you are > good, than you will put your kernel into the flash chip and make it > write protected. As far as I know, Coreboot is merely an open source BIOS replacement and doesn't act to disable the management engine as many Intel chips simply won't boot without the ME firmware present and correct. Libreboot might be the project you're thinking of, but it only works on the small subset of (sadly usually quite old) CPUs that will actually boot without Intel's firmware being present. They are both fantastic projects, and I do have some Libreboot machines at home, but the main concern I was raising was that: firstly, unless you are colocating your own hardware or running your relay at home, flashing a new BIOS to your relay's hardware is out of the question as the hardware is under the control of your service provider. The other thing I was noting was that the fact the hardware is under control of your service provider is probably more of a threat than just the ME would be. The service provider obviously needs access to the machine, but they often expose quite low-level access either through web consoles of unknown security, or to helpdesk techs working at the provider. As a side note, there is one VPS provider I know of that are currently in the preparation stages before launch, and who are intending to run their entire infrastructure on Libreboot machines: https://www.vikings.net/index.html ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
As long as CPU hardware is closed source, perfect privacy does not exist, full stop. Conspiracy theories are futile, the probability of microcode backdoor is 1. So there is no need to "worry" about hardware blobs. There is NO way that processors made by US chip manufacturers do NOT contain a backdoor. The same goes for Raspberry Pi which is based on a Broadcom chip. Privacy is a therefore probabilistic entity. Instead of worrying about hardware blobs, you should is try to estimate the cost of intrusion, collection and analysis, divided by the probability of yourself being a target. This yields a weighted cost of spying on you. If the result is high enough, no problem, as the adversary's budget s always limited. Otherwise you are toast, Tor or no Tor, VM or no VM. What Tor hopefully does is raise the cost and thus minimize the probability of the Tor user being targeted, collected and analyzed, due to purely budgetary reasons. I am happily using hardware based on Intel chips. If I were an ISIS ringleader, I wouldn't. Allahu Akbar but my ass is valuable, too. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
On 07.12.2016 23:50, Alex Haydock wrote: > On 07/12/16 21:45, diffusae wrote: >> Hmm, interesting subject ... >> >> On 07.12.2016 21:35, Gumby wrote: >>> Subject seems to have changed a bit, so not hijacking it. >>> When thinking of any exploitation of firmware - should there be concerns >>> of Intel's Management Engine in the CPU of any relays >>> running on "home hardware" in any common unused pc or laptop? >>> Should that be a concern on ANY newer Intel hardware? >>> >>> Gumby >> What do you think about Intel AMT, it's a part of the most modern PCs? >> > Intel ME/AMT concerns me too, especially how unavoidable it seems to be > on modern CPUs (AMD is no escape, as they have an equivalent in the form > of their "Platform Security Processor"). > > Though I this probably concerns me less than the fact that only the > fastest relays are going to be deployed on colocated and fully > owner-controlled hardware or under their own ASNs. > > The rest are probably going to be VPS nodes or at least connected to > some out-of-band network management interface for quick deployment and > monitoring at the ISP-level. This can provide low-level access in a > similar way to ME/AMT. I've seen many providers allowing access to > management TTYs, or even raw disk management tools via HTTP web interfaces. > > Abusing the ME/AMT would require some sort of co-operation on Intel's > part, or stolen signing keys, but imagine if you could get access to > some sort of administration panel for OVH/DigitalOcean etc. Co-opting a > large number of relays/exits through that process might be a lot easier, > so if I was going to worry about out-of-band management interfaces, I'd > probably worry about those first. I am totally agree with you. One alternative would be to use coreboot on your machine. If you are good, than you will put your kernel into the flash chip and make it write protected. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
On 07/12/16 21:45, diffusae wrote: > Hmm, interesting subject ... > > On 07.12.2016 21:35, Gumby wrote: >> Subject seems to have changed a bit, so not hijacking it. >> When thinking of any exploitation of firmware - should there be concerns >> of Intel's Management Engine in the CPU of any relays >> running on "home hardware" in any common unused pc or laptop? >> Should that be a concern on ANY newer Intel hardware? >> >> Gumby > What do you think about Intel AMT, it's a part of the most modern PCs? > Intel ME/AMT concerns me too, especially how unavoidable it seems to be on modern CPUs (AMD is no escape, as they have an equivalent in the form of their "Platform Security Processor"). Though I this probably concerns me less than the fact that only the fastest relays are going to be deployed on colocated and fully owner-controlled hardware or under their own ASNs. The rest are probably going to be VPS nodes or at least connected to some out-of-band network management interface for quick deployment and monitoring at the ISP-level. This can provide low-level access in a similar way to ME/AMT. I've seen many providers allowing access to management TTYs, or even raw disk management tools via HTTP web interfaces. Abusing the ME/AMT would require some sort of co-operation on Intel's part, or stolen signing keys, but imagine if you could get access to some sort of administration panel for OVH/DigitalOcean etc. Co-opting a large number of relays/exits through that process might be a lot easier, so if I was going to worry about out-of-band management interfaces, I'd probably worry about those first. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
Which "other parts" do you mean? The GPU blob or Raspbian? You don't need to use the stock distribution. On 07.12.2016 23:10, Duncan Guthrie wrote: > What I was originally getting at was that the parts of the Raspberry Pi > that are completely proprietary - while there is a free software > implementation of the GPU blob, most people don't use that, as they are > on stock Rasbian, which includes all the nasty "other parts" - are a > great possibility for hijacking, perhaps through malicious code running > on the GPU, which controls the CPU in several ways. The problem with > this isn't that this is unique (Intel computers having so much more > attack surface) but that a flaw in lots of these small computers that > power a portion of the network means that an exploit in them due to lack > of diversity would be much more serious. Better a lots of these small computers than none ... > The management engine blob is also very serious. One possible mitigation > might be to run the relays in VMs with good isolation, e.g. Xen on > recent hardware which has good IOMMU. This makes it much harder to > exploit the actual software that runs on the ME since the VMs would, in > theory, have no access to hardware. > > It should be of concern on any hardware that is being used for related > purposes, I think. However, whether it works out in practice as a > backdoor that is worth exploiting vs other methods is debatable. > > Regardless, diversity is good. That's true! Regards, > On 07/12/16 20:35, Gumby wrote: >> Subject seems to have changed a bit, so not hijacking it. >> When thinking of any exploitation of firmware - should there be >> concerns of Intel's Management Engine in the CPU of any relays >> running on "home hardware" in any common unused pc or laptop? >> Should that be a concern on ANY newer Intel hardware? >> >> Gumby ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
> On 8 Dec. 2016, at 01:18, myflyrybrwrote: > > Trying to hide exit nodes would have little effect on censorship. I believe a > more effective approach would be just do the same the vpngate guys did to > beat the chinese firewall. Just mix in the published list some essential or > high popularity IPs (ex. DNS servers...) as if they were relays. That would > send the censors in a goose-chase when a lot of people start complaining > about the block. The cost to censor is raised considerably. This is somewhat like the approach taken by the meek pluggable transport, which uses popular sites to front for a reflector to a Tor bridge. > They would have to check every relay address before adding it to a blacklist, > or risk breaking popular services. It's just not worth the trouble. This would create a market for providing an accurate list. T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
What I was originally getting at was that the parts of the Raspberry Pi that are completely proprietary - while there is a free software implementation of the GPU blob, most people don't use that, as they are on stock Rasbian, which includes all the nasty "other parts" - are a great possibility for hijacking, perhaps through malicious code running on the GPU, which controls the CPU in several ways. The problem with this isn't that this is unique (Intel computers having so much more attack surface) but that a flaw in lots of these small computers that power a portion of the network means that an exploit in them due to lack of diversity would be much more serious. The management engine blob is also very serious. One possible mitigation might be to run the relays in VMs with good isolation, e.g. Xen on recent hardware which has good IOMMU. This makes it much harder to exploit the actual software that runs on the ME since the VMs would, in theory, have no access to hardware. It should be of concern on any hardware that is being used for related purposes, I think. However, whether it works out in practice as a backdoor that is worth exploiting vs other methods is debatable. Regardless, diversity is good. On 07/12/16 20:35, Gumby wrote: Subject seems to have changed a bit, so not hijacking it. When thinking of any exploitation of firmware - should there be concerns of Intel's Management Engine in the CPU of any relays running on "home hardware" in any common unused pc or laptop? Should that be a concern on ANY newer Intel hardware? Gumby ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware
Hmm, interesting subject ... On 07.12.2016 21:35, Gumby wrote: > Subject seems to have changed a bit, so not hijacking it. > When thinking of any exploitation of firmware - should there be concerns > of Intel's Management Engine in the CPU of any relays > running on "home hardware" in any common unused pc or laptop? > Should that be a concern on ANY newer Intel hardware? > > Gumby What do you think about Intel AMT, it's a part of the most modern PCs? > On 12/07/2016 02:35 PM, diffusae wrote: >> >> On 07.12.2016 01:36, Duncan Guthrie wrote: >>> if some flaw was exploited in the various nasty proprietary bits that >>> make up the Pi, much of the network might be compromised - due to large >>> similarities across the different models, this would affect considerable >>> numbers of devices. So using many different computer models with a large >>> variety of operating systems is ideal for the network as a whole. >> >> Yes, there proprietary parts in the firmware, but also this firmware is >> free and open source. And there are a lot of people who keep care on it. >> >> It's especially very easy to rewrite the boot partition. >> >> Regards, >> ___ >> tor-relays mailing list >> tor-relays@lists.torproject.org >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >> > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Exploiting firmware (was: Unwarranted discrimination of relays with dynamic IP)
Subject seems to have changed a bit, so not hijacking it. When thinking of any exploitation of firmware - should there be concerns of Intel's Management Engine in the CPU of any relays running on "home hardware" in any common unused pc or laptop? Should that be a concern on ANY newer Intel hardware? Gumby On 12/07/2016 02:35 PM, diffusae wrote: On 07.12.2016 01:36, Duncan Guthrie wrote: if some flaw was exploited in the various nasty proprietary bits that make up the Pi, much of the network might be compromised - due to large similarities across the different models, this would affect considerable numbers of devices. So using many different computer models with a large variety of operating systems is ideal for the network as a whole. Yes, there proprietary parts in the firmware, but also this firmware is free and open source. And there are a lot of people who keep care on it. It's especially very easy to rewrite the boot partition. Regards, ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] how to distribute pgp public key?
> On 8 Dec. 2016, at 06:40, Univibewrote: > > >> I had a thought to publish it on my relay's DirPort (using > >> DirPortFrontPage > >> and a simple html doc containing the public key). Then I could just > >> provide a > >> link to the DirPort in ContactInfo. > > > It's better to just use a fingerprint. I don't know how efficient or useful > > that would be. It is also not necessary. > > Okay. Thanks Jason for your reply. I was just thinking about how PGP key > exchange seems to frustrate most people and wondering if it would make sense > to skip the middleman (keyservers) in this case. Having the public key > published directly by the relay establishes trust. There would be no question > that the PGP key belongs to the relay operator. Unfortunately, the DirPortFrontPage is not authenticated: it is plain HTTP. But the descriptor with the ContactInfo is signed with your relay key. > However since it's an odd implementation, it might just add confusion instead > of making things easier. It sounds like the convention is to just list your > fingerprint, so I'll do that. Thanks! Yes, this is what people typically do. Thanks! T -- Tim Wilson-Brown (teor) teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] how to distribute pgp public key?
>> I had a thought to publish it on my relay's DirPort (using DirPortFrontPage >> and a simple html doc containing the public key). Then I could just provide a >> link to the DirPort in ContactInfo. > It's better to just use a fingerprint. I don't know how efficient or useful > that would be. It is also not necessary. Okay. Thanks Jason for your reply. I was just thinking about how PGP key exchange seems to frustrate most people and wondering if it would make sense to skip the middleman (keyservers) in this case. Having the public key published directly by the relay establishes trust. There would be no question that the PGP key belongs to the relay operator. However since it's an odd implementation, it might just add confusion instead of making things easier. It sounds like the convention is to just list your fingerprint, so I'll do that. Thanks!___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
On 07.12.2016 01:36, Duncan Guthrie wrote: > if some flaw was exploited in the various nasty proprietary bits that > make up the Pi, much of the network might be compromised - due to large > similarities across the different models, this would affect considerable > numbers of devices. So using many different computer models with a large > variety of operating systems is ideal for the network as a whole. Yes, there proprietary parts in the firmware, but also this firmware is free and open source. And there are a lot of people who keep care on it. It's especially very easy to rewrite the boot partition. Regards, ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
:-) Does anyone needs a P4 with 300 Watts power supply. In idle mode it's only 100 ... On 07.12.2016 06:32, Rana wrote: > I can just imagine someone panting while dragging a sub-$35 old desktop > computer up the stairs after physically searching for it in a nearby > junkyard. A considerable level of destitution and a commendable commitment to > the cause of Tor would be required. > > -Original Message- > From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf > Of Roman Mamedov > Sent: Wednesday, December 07, 2016 7:08 AM > To: Duncan Guthrie > Cc: tor-relays@lists.torproject.org > Subject: Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP > > On Wed, 7 Dec 2016 00:36:15 + > Duncan Guthriewrote: > >> My original figure may have been... somewhat off. With different >> models they may have updated the network hardware. > > They did not. All models with Ethernet use the same SMSC LAN9514 chip. > >> A more general point is that old desktop computers still offer better >> performance than a Raspberry Pi. You can easily get one for >> considerably less than the cost of a Pi > > And pay more than the cost of a Pi in electricity. > > -- > With respect, > Roman > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
You're seriously going to play the "be polite" card after this entire thread happened? I give up. Fuck this, unsubscribed. If you need me, I'll be hiding in my cold dark corner. On Dec 7, 2016 10:02 AM, "Ralph Seichter"wrote: On 07.12.16 15:44, Tristan wrote: > Stop it, both of you. This is not the place for a flame war. If this > were a forum, the topic would be locked. It is not a forum, it is not a flame war, and you'd do well to be a lot more polite before you try to take the moral high ground and presume to tell other people what to do. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
On 07.12.16 15:44, Tristan wrote: > Stop it, both of you. This is not the place for a flame war. If this > were a forum, the topic would be locked. It is not a forum, it is not a flame war, and you'd do well to be a lot more polite before you try to take the moral high ground and presume to tell other people what to do. -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
-Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of Paul Syverson Sent: Wednesday, December 07, 2016 4:34 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Is there a reason for all exit nodes being public? On Wed, Dec 07, 2016 at 02:15:55PM +0200, Rana wrote: >>As of last April, FaceBook reported over a million users per month via Tor. I am sure that the 1 million FB users connect via Tor not because they want to hide their location but the want to hide WHO they are. Hence their authentication information is mostly false and they use Tor for personal anonymity, not for anonymous routing. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
This is exactly why I use Tor. I imagine a lot of people use Tor to bypass network restrictions, like school/University firewalls or counties like China and Pakistan. On Dec 7, 2016 9:11 AM, "heartsucker"wrote: > As one of the Tor users who connects to services where I have to use my > real name (e.g., my banks), I think it's not helpful to make assumptions > about everyone's use case. Part of why I use Tor is to keep my ISPs from > snooping on what I'm doing, and it's possible some of these millions of > facebook users are doing the same. > > -h > > On 12/07/2016 04:07 PM, Rana wrote: > > > > > > -Original Message- > > From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On > Behalf Of Paul Syverson > > Sent: Wednesday, December 07, 2016 4:34 PM > > To: tor-relays@lists.torproject.org > > Subject: Re: [tor-relays] Is there a reason for all exit nodes being > public? > > > > On Wed, Dec 07, 2016 at 02:15:55PM +0200, Rana wrote: > >>> As of last April, FaceBook reported over a million users per month via > Tor. > > > > I am sure that the 1 million FB users connect via Tor not because they > want to hide their location but the want to hide WHO they are. Hence their > authentication information is mostly false and they use Tor for personal > anonymity, not for anonymous routing. > > > > ___ > > tor-relays mailing list > > tor-relays@lists.torproject.org > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Anonymous email (was: Is there a reason for all exit nodes being public?)
> >Protonmail supports receiving a verification code by email. Use a disposable >email provider that isn't blocked to receive the code. I _just_ made a >protonmail account to test. > >https://10minutemail.net/ worked for me just now. > >https://10minutemail.com did not work as protonmail recognized the address I >got from it as being temporary. > >Hope that helps. > >Matt I already had it solved but I tipped a friend about https://10minutemail.net and it worked for him, for which he thanks you. I wonder how long it will take Protonmail to close this loophole :) ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
Stop it, both of you. This is not the place for a flame war. If this were a forum, the topic would be locked. Can we just have a normal conversation and get back to what this mailing list is actually used for? On Dec 7, 2016 5:29 AM, "Rana"wrote: There's an alternative interpretation but mentioning in reply to your message would be... rude :-) -Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of Ralph Seichter Sent: Wednesday, December 07, 2016 12:59 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP On 07.12.2016 10:56, Rana wrote: > Calling "rude" people who, to make a point, use a bit of obvious and > harmless humor, is rude. Your getting on other people's nerves must *obviously* be the fault of other people. Welcome to Trump World. :-) -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
On Wed, Dec 07, 2016 at 02:15:55PM +0200, Rana wrote: > >How would that work? First of all, the clients need to know which exit nodes > >exist, so that they can build circuits. That list, as well as that of the > >middle nodes, is public, otherwise you'd >have to manually request exits by > >email/web service/… As a result you'd be limited to a few exits, which might > >not necessarily have an exit policy matching your needs, or might be > >offline, >or simply overloaded on account of there being less than regular > >exits. > The same way bridges work. They are not published. > > >By the way, I just checked, Gmail works without problems over Tor (both Web > >and IMAPS). > Using Gmail over Tor when they already know who you are is > self-defeating. Try to register an anonymous Gmail account using > Tor. Responses have already been given in this thread about trying to obtain an email account that is anonymous (err, pseudonymous) with the intended meaning that the service provider is not directly given another identity (phone number, etc.) intended to be kept separate---where "given" means that the service provider can (easily) associate these. (So not some sort of ZKP of a blinded credential, etc.) 'Anonymous' often gets thrown around quite recklessly, but the much more important problem with the above statement is perpetuating the false impression that letting a service provider know such associations must be contrary to the goals of Tor. As we wrote in 1996, "Our motivation here is not to provide anonymous communication, but to separate identification from routing. Authenticating information must be carried in the data stream... use of a public network should not automatically reveal the identities of communicating parties. The goal here is anonymous routing, not anonymity." As of last April, FaceBook reported over a million users per month via Tor. As to GMail, you might want to access GMail over Tor to complicate geo-location by GMail, or because you don't want a local ISP (or your VPN provider or...) to know you are accessing GMail, or... aloha, Paul ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is my exit affected by a botnet?
I get abuse reports like that - my exit is not yet officially recognised as an exit so is curretly seen as the source of the attack - its unlikely your server is infected its just the traffic from your exit - especially as you using port 443 - just send standard abuse template to them if its a problem for the isp U could always install clamav and do a quick check on your server if u think its necessary regards Mark B > On 7 Dec 2016, at 14:09, Volker Minkwrote: > > hey folks. > > i got an abuse-information from my provider, please see details attached. > could this propably be caused by some malware on my tor exit? > > Any ideas on this? > > Best, > volker > > > > > https://unity.abusehq.net/share/gFraliWxA_A-0uCFJvSxAkPRxYn536JoReAkl2MNUuCq3TNWJ8f4uXJVypwWAnVa > > > > > > MAC Address IP > > f07959d25289 109.90.11.123 > > > > Date: > > 06.12.2016 11:16 > > > > Type: > > bot-infection > > > > Reporter: > > secur...@libertyglobal.com > > > > IP address: > > 109.90.11.123 > > > > Incident part: > > - malware family: virut > > - destination ip: 148.81.111.121 > > - destination port: 80 > > - feeder: team cymru > > - description: This host is most likely infected with malware. > > > > Date: > > 05.12.2016 10:00 > > > > Type: > > malware > > > > Reporter: > > repo...@reports.cert-bund.de > > > > IP address: > > 109.90.11.123 > > > > Incident part: > > - malware: urlzone > > - destination ip: 64.71.166.50 > > - destination port: 443 > > - destination hostname: didnadinka.net > > - asn: 6830 > > > > Date: > > 02.12.2016 19:16 > > > > Type: > > bot-infection > > > > Reporter: > > secur...@libertyglobal.com > > > > IP address: > > 109.90.11.123 > > > > Incident part: > > - malware family: zeus > > - destination ip: 87.106.18.112 > > - http request: /config > > - destination port: 80 > > - destination domain name: mabqg.com > > - feeder: shadowserver > > - report type: botnet_drone > > - description: This host is most likely infected with malware. > > > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
Trying to hide exit nodes would have little effect on censorship. I believe a more effective approach would be just do the same the vpngate guys did to beat the chinese firewall. Just mix in the published list some essential or high popularity IPs (ex. DNS servers...) as if they were relays. That would send the censors in a goose-chase when a lot of people start complaining about the block. The cost to censor is raised considerably. They would have to check every relay address before adding it to a blacklist, or risk breaking popular services. It's just not worth the trouble. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Anonymous email (was: Is there a reason for all exit nodes being public?)
Lucky me, i signed up in the early beta state and got everything for free without phone number. Gesendet: Mittwoch, 07. Dezember 2016 um 15:06 Uhr Von: "Matt Traudt"An: tor-relays@lists.torproject.org Betreff: Re: [tor-relays] Anonymous email (was: Is there a reason for all exit nodes being public?) On 12/7/16 08:41, Rana wrote: > Protonmail is exactly the same thing, if you want to register a free account you need to provide your phone number. You can register "anonymously" in ProtonMail only for paid account, and even if you are willing to pay for anonymity, you need to pay in bitcoin which ultimately discloses you identity - so again, not anonymous. > Protonmail supports receiving a verification code by email. Use a disposable email provider that isn't blocked to receive the code. I _just_ made a protonmail account to test. https://10minutemail.net/ worked for me just now. https://10minutemail.com did not work as protonmail recognized the address I got from it as being temporary. Hope that helps. Matt ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Is my exit affected by a botnet?
hey folks. i got an abuse-information from my provider, please see details attached. could this propably be caused by some malware on my tor exit? Any ideas on this? Best, volker https://unity.abusehq.net/share/gFraliWxA_A-0uCFJvSxAkPRxYn536JoReAkl2MNUuCq3TNWJ8f4uXJVypwWAnVa MAC Address IP f07959d25289 109.90.11.123 Date: 06.12.2016 11:16 Type: bot-infection Reporter: secur...@libertyglobal.com IP address: 109.90.11.123 Incident part: - malware family: virut - destination ip: 148.81.111.121 - destination port: 80 - feeder: team cymru - description: This host is most likely infected with malware. Date: 05.12.2016 10:00 Type: malware Reporter: repo...@reports.cert-bund.de IP address: 109.90.11.123 Incident part: - malware: urlzone - destination ip: 64.71.166.50 - destination port: 443 - destination hostname: didnadinka.net - asn: 6830 Date: 02.12.2016 19:16 Type: bot-infection Reporter: secur...@libertyglobal.com IP address: 109.90.11.123 Incident part: - malware family: zeus - destination ip: 87.106.18.112 - http request: /config - destination port: 80 - destination domain name: mabqg.com - feeder: shadowserver - report type: botnet_drone - description: This host is most likely infected with malware. smime.p7s Description: S/MIME cryptographic signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Anonymous email (was: Is there a reason for all exit nodes being public?)
On 12/7/16 08:41, Rana wrote: Protonmail is exactly the same thing, if you want to register a free account you need to provide your phone number. You can register "anonymously" in ProtonMail only for paid account, and even if you are willing to pay for anonymity, you need to pay in bitcoin which ultimately discloses you identity - so again, not anonymous. Protonmail supports receiving a verification code by email. Use a disposable email provider that isn't blocked to receive the code. I _just_ made a protonmail account to test. https://10minutemail.net/ worked for me just now. https://10minutemail.com did not work as protonmail recognized the address I got from it as being temporary. Hope that helps. Matt ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
>>> By the way, I just checked, Gmail works without problems over Tor (both Web >>> and IMAPS). >> Using Gmail over Tor when they already know who you are is self-defeating. >> Try to register an anonymous Gmail account using Tor. >Doable. They require a phone number for verification, but that's the same with >and without Tor. Besides, if you want an anonymous email, use _anything but >Gmail_, eg. ProtonMail. Providing you phone number during registration = registration is not anonymous, so anonymous registration of a Gmail account using Tor is NOT doable. Last time I tried, this did not work. I provided the SMS number in a Tor registration attempt and Gmail said we cannot register you "at this time", without even trying to send me an SMS. Protonmail is exactly the same thing, if you want to register a free account you need to provide your phone number. You can register "anonymously" in ProtonMail only for paid account, and even if you are willing to pay for anonymity, you need to pay in bitcoin which ultimately discloses you identity - so again, not anonymous. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
On Wed, Dec 07, 2016 at 02:25:03PM +0200, Rana wrote: > > On Wed, Dec 07, 2016 at 11:51:34AM +, Matthew Finkel wrote: > >> On Wed, Dec 07, 2016 at 01:25:59PM +0200, Rana wrote: > >> > I mean, why aren't some exit nodes kept hidden, at least partially > >> > and temporarily, like bridges? This would mitigate web services > >> > denying service to Tor users (Gmail is the most recent example), > >> > plus would increase security. > >> > > I'll simply refer you to the FAQ: > > >That was rude of me, answer below. Do you disagree with the reasoning? > > That was not rude at all, thank you for the reference to the FAQ. I largely > got a satisfactory explanation there although points (b) and (c) might be > controversial. > > The one point I find difficult to agree with is "(a) We can't help but make > the information available, since Tor clients need to use it to pick their > paths." If bridges can be hidden and provided to clients on as-needed basis, > so can exits. Yes, this is true, and it's a topic that comes up every couple years. But, there are significant differences between bridges and exits. First, choosing your circuit's exit manually is a usability nightmare and could destroy your anonymity. Even if you give your tor client a small set of "hidden" exits, over time traffic from these nodes will be linked to your connections and they will be linked to Tor. It's not easy for users know when this happens. Tor tries extremely hard at preventing users from hurting themselves. Research has shown that bridges (and guards) should be used for longer periods of time, but if you use an exit for too long then you risk leaking too much information about your behavior (to both the exit and the destination server). Similarly, using a hidden exit becomes more risky if the user is already using a bridge because there is (currently) less oversight of the bridges than there is for the public network. This would likely be true for hidden exits, as well. This presents the problem that traffic analysis attacks against a small subset of Tor users become incredibly easy. When it comes to hidden nodes, they never remain hidden forever. Some adversaries already crawl the list of bridges and block them, other adversaries would do the same if some exit nodes were not public. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
>> How would that work? First of all, the clients need to know which exit nodes >> exist, so that they can build circuits. That list, as well as that of the >> middle nodes, is public, otherwise you'd >have to manually request exits by >> email/web service/… As a result you'd be limited to a few exits, which might >> not necessarily have an exit policy matching your needs, or might be >> offline, >or simply overloaded on account of there being less than regular >> exits. > The same way bridges work. They are not published. See the answer by Matthew about that, apparently that question has already been answered in the FAQ. >> By the way, I just checked, Gmail works without problems over Tor (both Web >> and IMAPS). > Using Gmail over Tor when they already know who you are is self-defeating. > Try to register an anonymous Gmail account using Tor. Doable. They require a phone number for verification, but that's the same with and without Tor. Besides, if you want an anonymous email, use _anything but Gmail_, eg. ProtonMail. signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
On Wed, Dec 07, 2016 at 11:51:34AM +, Matthew Finkel wrote: >> On Wed, Dec 07, 2016 at 01:25:59PM +0200, Rana wrote: >> > I mean, why aren't some exit nodes kept hidden, at least partially >> > and temporarily, like bridges? This would mitigate web services >> > denying service to Tor users (Gmail is the most recent example), >> > plus would increase security. >> > I'll simply refer you to the FAQ: >That was rude of me, answer below. Do you disagree with the reasoning? That was not rude at all, thank you for the reference to the FAQ. I largely got a satisfactory explanation there although points (b) and (c) might be controversial. The one point I find difficult to agree with is "(a) We can't help but make the information available, since Tor clients need to use it to pick their paths." If bridges can be hidden and provided to clients on as-needed basis, so can exits. Rana ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
>How would that work? First of all, the clients need to know which exit nodes >exist, so that they can build circuits. That list, as well as that of the >middle nodes, is public, otherwise you'd >have to manually request exits by >email/web service/… As a result you'd be limited to a few exits, which might >not necessarily have an exit policy matching your needs, or might be offline, >>or simply overloaded on account of there being less than regular exits. The same way bridges work. They are not published. >By the way, I just checked, Gmail works without problems over Tor (both Web >and IMAPS). Using Gmail over Tor when they already know who you are is self-defeating. Try to register an anonymous Gmail account using Tor. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
How would that work? First of all, the clients need to know which exit nodes exist, so that they can build circuits. That list, as well as that of the middle nodes, is public, otherwise you'd have to manually request exits by email/web service/… As a result you'd be limited to a few exits, which might not necessarily have an exit policy matching your needs, or might be offline, or simply overloaded on account of there being less than regular exits. By the way, I just checked, Gmail works without problems over Tor (both Web and IMAPS). Regards /peter On 12/07/2016 12:25 PM, Rana wrote: > I mean, why aren’t some exit nodes kept hidden, at least partially and > temporarily, like bridges? This would mitigate web services denying > service to Tor users (Gmail is the most recent example), plus would > increase security. > > > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
On Wed, Dec 07, 2016 at 11:51:34AM +, Matthew Finkel wrote: > On Wed, Dec 07, 2016 at 01:25:59PM +0200, Rana wrote: > > I mean, why aren't some exit nodes kept hidden, at least partially and > > temporarily, like bridges? This would mitigate web services denying service > > to Tor users (Gmail is the most recent example), plus would increase > > security. > > I'll simply refer you to the FAQ: That was rude of me, answer below. Do you disagree with the reasoning? *You should hide the list of Tor relays, so people can't block the exits.* There are a few reasons we don't: a. We can't help but make the information available, since Tor clients need to use it to pick their paths. So if the "blockers" want it, they can get it anyway. Further, even if we didn't tell clients about the list of relays directly, somebody could still make a lot of connections through Tor to a test site and build a list of the addresses they see. b. If people want to block us, we believe that they should be allowed to do so. Obviously, we would prefer for everybody to allow Tor users to connect to them, but people have the right to decide who their services should allow connections from, and if they want to block anonymous users, they can. c. Being blockable also has tactical advantages: it may be a persuasive response to website maintainers who feel threatened by Tor. Giving them the option may inspire them to stop and think about whether they really want to eliminate private access to their system, and if not, what other options they might have. The time they might otherwise have spent blocking Tor, they may instead spend rethinking their overall approach to privacy and anonymity. > > https://www.torproject.org/docs/faq.html.en#HideExits ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Is there a reason for all exit nodes being public?
On Wed, Dec 07, 2016 at 01:25:59PM +0200, Rana wrote: > I mean, why aren't some exit nodes kept hidden, at least partially and > temporarily, like bridges? This would mitigate web services denying service > to Tor users (Gmail is the most recent example), plus would increase > security. I'll simply refer you to the FAQ: https://www.torproject.org/docs/faq.html.en#HideExits ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
There's an alternative interpretation but mentioning in reply to your message would be... rude :-) -Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of Ralph Seichter Sent: Wednesday, December 07, 2016 12:59 PM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP On 07.12.2016 10:56, Rana wrote: > Calling "rude" people who, to make a point, use a bit of obvious and > harmless humor, is rude. Your getting on other people's nerves must *obviously* be the fault of other people. Welcome to Trump World. :-) -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
[tor-relays] Is there a reason for all exit nodes being public?
I mean, why aren't some exit nodes kept hidden, at least partially and temporarily, like bridges? This would mitigate web services denying service to Tor users (Gmail is the most recent example), plus would increase security. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
On 07.12.2016 10:56, Rana wrote: > Calling "rude" people who, to make a point, use a bit of obvious and > harmless humor, is rude. Your getting on other people's nerves must *obviously* be the fault of other people. Welcome to Trump World. :-) -Ralph ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
Calling "rude" people who, to make a point, use a bit of obvious and harmless humor, is rude. -Original Message- From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org] On Behalf Of Duncan Guthrie Sent: Wednesday, December 07, 2016 11:41 AM To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP On 07/12/16 05:32, Rana wrote: > I can just imagine someone panting while dragging a sub-$35 old desktop > computer up the stairs after physically searching for it in a nearby > junkyard. A considerable level of destitution and a commendable commitment to > the cause of Tor would be required. This is hardly the case. Computers are so widespread that an old desktop system with even twice the power of the Pi can be had for buttons. There is no need to be rude about the suggestions that people on this list make. Duncan ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Unwarranted discrimination of relays with dynamic IP
On 07/12/16 05:32, Rana wrote: I can just imagine someone panting while dragging a sub-$35 old desktop computer up the stairs after physically searching for it in a nearby junkyard. A considerable level of destitution and a commendable commitment to the cause of Tor would be required. This is hardly the case. Computers are so widespread that an old desktop system with even twice the power of the Pi can be had for buttons. There is no need to be rude about the suggestions that people on this list make. Duncan ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] relays with dynamic IP - here Rasp2
On Wed, 7 Dec 2016 11:13:54 +0200 "Rana"wrote: > But is it possible to tell Tor on which cores to run? I mean, install a 2nd > instance of Tor and tell it to run on the two cores not used by the first > instance? The Linux kernel will sort it out automatically. Deciding optimally which programs get to run on which cores is the kernel's job. It's also possible to pin programs to specific cores using "schedtool", but that's more of an advanced tuning trick: not something you should need as the first thing you do, but you could look into that if you get to the point when both of them use 100% CPU, and you want to micro-optimize things a bit further. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] relays with dynamic IP - here Rasp2
On Wed, 7 Dec 2016 11:02:59 +0200 "Rana"wrote: > >> Wow nice bandwidth you are pushing through Paul! You mean two Raspi 2's > >> sharing an Internet connection, each relaying 27 Gbytes per day at 5.4 > >> Mbit/s on the average?? Total 10.8 Mbit/s?? Or 2.7 Mbit/s each? > > > > It is just 1 single Rasp2 - running 2 tor instances on 1 IP, details > > here > > https://gitweb.torproject.org/debian/tor.git/tree/debian/tor-instance-create.8.txt > > Any specific reason you have for running 2 instances of Tor on the same Raspi > instead of one? It has 4 cores, and a single instance of Tor cannot utilize all of them. It only uses one core and maybe 20-30% at most of another. Ideally you would run 3-4 Tor instances on a 4-core machine (if RAM allows), but the maximum allowed by the Tor authority servers is 2 per IPv4. -- With respect, Roman ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] relays with dynamic IP - here Rasp2
>> Wow nice bandwidth you are pushing through Paul! You mean two Raspi 2's >> sharing an Internet connection, each relaying 27 Gbytes per day at 5.4 >> Mbit/s on the average?? Total 10.8 Mbit/s?? Or 2.7 Mbit/s each? > > It is just 1 single Rasp2 - running 2 tor instances on 1 IP, details > here > https://gitweb.torproject.org/debian/tor.git/tree/debian/tor-instance-create.8.txt Any specific reason you have for running 2 instances of Tor on the same Raspi instead of one? ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays