Re: [tor-relays] [Censorship in Russia] Make HTTPS/Moat captcha more complex?

[Dave Warren]

On 2021-12-22 23:42, Gary C. New via tor-relays wrote:
I know it might be a fundamental change to the Tor network, but would it 
be possible to obfuscate the Tor bridge/relay addresses with their 
respective fingerprints; similar, to the I2P network? I've often thought 
that this aspect of the I2P network is one that is implemented well. 
Perhaps Directory Authorities could preform fingerprint to address 
resolution? I think it would be extremely beneficial if neither bridge 
or relay addresses were published in the wild. It would make great 
strides in further buffering the Tor network from various 
black-listing/censorship techniques.


I guess I'm not sure how this would work, for me as a user, when I 
launch tor browser? How do I obtain a bridge or an initial relay?


And as a trivially simple example, what stops an organization with 
government level resources from offering $10-$100 (in appropriate 
currency) to any citizen that adds a newly discovered bridge to their list?


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] OS Upgrade

[Dave Warren]

On 2021-04-23 08:49, Toralf Förster wrote:

On 4/23/21 2:03 PM, Matt Traudt wrote:

Keeping tor up to date, and the OS and all the other things installed on
it up to date, is much more important than maintaining your flags.
You'll get them back.


IMO relays with a way too long uptime should get a penalty.


If you replace "uptime" with "unpatched since at least..." when you read 
it, things make a lot more sense.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Windows Relay Setup

[Dave Warren]

One other possibility if you can't work through any issues, Windows 10 
has fairly decent Linux support, and/or consider running a lightweight 
Linux in a Hyper-V VM (Windows 10 Pro, most flavours of Windows Server).


Neither of these are as clean as running natively in Windows, but when a 
project doesn't actively maintain a particular platform it is sometimes 
an overall better result.



On 2019-07-14 17:33, William Pate wrote:

Hi!

Well, I certainly expected far more snarky responses. :)

Thank you for the links. I'll check them out and, if I get it to work, maybe 
write up a guide for others.

Thank you!


William

‐‐‐ Original Message ‐‐‐
On Sunday, July 14, 2019 1:44 AM, Barton Bruce  wrote:




William,

On 7/11/2019 6:58 PM, William Pate wrote:


I'm interested in hosting a Windows-based relay, if anyone can point me to a 
good tutorial. I've tried the most common ones.

tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


There used to be a VIDALIA (sp?) kit that could simply be downloaded and
run on a windows machine. I then worked for an ISP/CLEC and had lots of
bandwidth so ran Vidaalia on a 64 bit Windows 7 Ultimate machine on my
desk at work.

I never did hear why something had changed at the tor project so that
stopped working, but do remember a rude snippy condescending reply from
someone on the mailing list so I lost interest.

I did get the head Tor guy from the Central Square Cambridge office of
TOR to come speak at a local networking group's monthly meeting we held
at a MicroSlush faclity in Burlington, MA and it was well received by a
packed audience. I think he now has left TOR and works for some ISP.



This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] High Speed Exit Relay or just a plain Relay?

[Dave Warren]

On 2019-04-04 10:02, Conrad Rockenhaus wrote:

Hello,

I have a FreeBSD box on a 1 Gbit/s connection. I'm trying to determine
if we need more high speed relays or high speed exit relays. The AS
it's on has no plain relays, just exit relays. That's what has me
wondering what to do.

So, what is the general consensus - should it be an exit or just a plain relay?


High speed exits are harder to come by, but I'm not sure if the AS 
concentration makes a difference. I think the value of an exit still 
likely overwhelms this consideration.




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor website overhaul -- who deserves punishment?

[Dave Warren]

On Thu, Mar 28, 2019, at 06:28, Lars Noodén wrote:
> On 3/28/19 11:14 AM, Georg Koppen wrote:
> > Lars Noodén:
> > 
> > [snip]
> > 
> >> But about the problematic layout that now exists, in general, the CSS
> >> media rule mixes all types of screens together regardless of
> >> orientation, aspect ratio or size.  So mobile and multi-screen desktops
> >> all fall under the 'all' or 'screen' values.
> > 
> > Thanks for the feedback. I opened
> > https://trac.torproject.org/projects/tor/ticket/29934 for that.
> > 
> > Georg
> 
> Ok.  Thanks.  I mean that the CSS 'media' rule itself is incapable of
> differentiating screen types.  So with the Tor Project's web page, it
> looks like the route was take to pus a mobile style layout onto all
> visitors regardless.

Interestingly the /about/people/ page does seem to be responsive, handling 
various browser widths. 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor website overhaul -- who deserves punishment?

[Dave Warren]

On 2019-03-27 16:34, Mirimir wrote:

On 03/27/2019 09:10 AM, Ralph Seichter wrote:

Not sure if this is the right place to vent, but here goes:

Whoever changed the Tor website's design seems to a) have a serious
vision impairment and b) done his utmost to hide access to the Tor
source code.

I think the site feels dumbed down to cater only to those with the
shortest attention spans (and bad eyesight) now. Also, as a relay and
exit operator, I care most about the source code and documentation, not
some management summary.

Was there no QA process involved before rolling out the new website?

Annoyed,
Ralph


Well, it's obviously targeted at mobile devices.

And it's too bad that there's no link to a desktop version.


Works fine from my desktop. Perhaps you have your browser window sized 
to mimic a mobile device?



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] plans to require ContactInfo to be non-empty

[Dave Warren]

Perhaps it would be better to outright ban these relays with no warning? I'm 
sure that annoying those donating multiple relays will absolutely be encouraged 
to continue doing so.

(Or to be less sarcastic: I don't operate any tor relays at this time, but I do 
run public mirrors and a few other goodies and I'm eternally grateful to those 
that bother to notify me when there is a problem of any sort, especially 
configuration related -- I can't speak for tor relay operators, but I'm not 
sure that I'm seeing anything even in the same ballpark as harassment here)


On Sun, Feb 10, 2019, at 11:12, s7r wrote:
> +1
> 
> It looks like harassment.
> 
> 
> Tyler Durden wrote:
> > +1
> > 
> > Good to know that I'm not the only one finding this behavior of him  wicked.
> > 
> > 
> > Emilian Ursu:
> >> Hi,
> >>
> >> I was planning to bring up this issue but the other way around,
> >> ContactInfo, Nickname and Myfamily are non-enforceable so why
> >> should tor rely on spoofable information for its operation?
> >>
> >> I saw some discussions about contacting hosting providers to
> >> reach out to server operators and I see you harassing people
> >> often for not setting MyFamily and that is outrageous!
> >>
> >> A malicious actor will take the time to evade this policies so
> >> why bother at all, is tor getting designed for friendly or
> >> adversarial conditions?
> >>
> >> Your language, as seen in the Trabia-Network thread and other
> >> posts alike, seems to imply an undeserved authority position: 
> >> "please set MyFamily and contactInfo in your torrc 
> >>   
> >> to avoid getting rejected"
> >>
> >> What? Rejected from what? Does one have to earn the right
> >> to commit time and resources for helping the network?
> >> Do relay operators need the tor network or is it the other way
> >> around? Maybe it's time for a reality check.
> >>
> >> Regards,
> >> Emilian
> >>
> >>
> >> On Tue, Feb 05, 2019 at 09:25:00PM +, nusenu wrote:
> >>> Hi,
> >>>
> >>> due to some recent and ongoing events related
> >>> to a malicious entity running tor relays
> >>> I'll start to pursue an idea that I had 
> >>> for some time: require non-empty ContactInfo
> >>> (non-empty does not mean valid email address)
> >>>
> >>> This is primarily a non-technical policy discussion
> >>> which will take place on tor-dev@.
> >>>
> >>> If you want to help right away and currently
> >>> don't make use of the ContactInfo, please set it.
> >>>
> >>> If you think such a change would negatively affect you
> >>> please let me know (off-list is also fine if you prefer).
> >>>
> >>> thanks,
> >>> nusenu
> 
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> Email had 1 attachment:
> + signature.asc
>   1k (application/pgp-signature)
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Jerk spammers on tor-relays

[Dave Warren]

On 2018-09-22 06:24, Ralph Seichter wrote:

On 22.09.18 05:32, Dave Warren wrote:


Send a message through the list's outbound SMTP server that looks like
a list message [...]


Why this won't work has already been discussed. Please check earlier
messages in this thread.


Can you point it out? I don't see anything obvious that addresses my 
approach (only the approach of sending a message from a consistent 
address out slowly, which has several obvious flaws).



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Jerk spammers on tor-relays

[Dave Warren]

On 2018-09-21 08:57, Ralph Seichter wrote:

On 21.09.18 16:40, Dave Warren wrote:


It would be fantastic if the list operators were to track this down
and kill it off.

Imagine an address A subscribed to this mailing list in a read-only
fashion (a.k.a. "lurker"). A uses list posts as triggers to send spam
from address B, which does not even need to be subscribed. How would
the list admins ever be able to connect A to B?


Send a message through the list's outbound SMTP server that looks like a 
list message, but comes from  where 
$identifier is unique to each post.


Then wait a bit and see what address receives spam, determine which 
address received the message and deal with it.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Jerk spammers on tor-relays (was Re: Fwd: Tor GuardRelay)

[Dave Warren]

It would be fantastic if the list operators were to track this down and kill it 
off. My guess is that there is an address subscribed which receives the list 
and triggers the spam to be sent (at least based on seeing this type of thing 
on a few other lists over the years).
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Yay, Complaints

[Dave Warren]

On 2018-08-23 17:56, Conrad Rockenhaus wrote:



This mainly seemed to be an issue of miscommunication - I had one party that I 
was in communication with at the beginning who said that this was going to be a 
perfectly okay endeavor, equipment gets plugged in, day one passes with a 
couple of abuse complaints, no problems. Day two comes around, and a new guy 
comes in. That’s when it hit the fan.


Do you think it was an actual miscommunication, or perhaps just a 
salesdroid selling something different than they actually offer?


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Cloudflare Onions Beta and Network Stability

[Dave Warren]

On 2018-08-20 15:39, DaKnOb wrote:
HOWEVER, Cloudflare doesn’t need to hide their location. Everyone knows 
their servers. So they can use single hop Onion Services, and not the 
traditional three hop ones.


That means that in terms of total traffic, they will use 43 + (3*5) = ~ 
60 Gb/s, out of the ~ 90 Gb/s available.


One thought that comes to mind: Doesn't this same traffic already likely 
flow through tor?


Right now browsing my personal blog from TBB uses 'x' number of bytes 
which pass through relays and an exit, won't the primary difference be 
that we no longer require an exit by routing directly to a Cloudflare 
hosted single hop onion service?


This attention might bring more users to using Tor which is a separate 
and valid concern in terms of anticipating growth.


I'm still waiting for Cloudflare to activate me on this beta program to 
be able to explore how well it actually works.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question: systematic hacking on my social media accounts

[Dave Warren]

On 2018-01-12 18:07, Paul Templeton wrote:

They got into my Facebook page (Haven't used it for years) - Seems that they 
got access via really old personal questions that family have provided them via 
their online posts - ie happy birthday now that you are this old... and hows 
your dog m doing and my mum listing her maiden name etc. I can't get it 
through to people to stop them from having public profiles... SIGH. Mean while 
they have to put up with girly pics or unfriend me as i'm not interested in the 
account.


Why would you place your security in the hands of people who may or may 
not remember what data they are supposed to hide, and who have no vested 
interest in guessing which parts should or should not be used?


Hint: You don't need to answer security questions honestly, just record 
what you answered for future reference. An randomly generated 
alphanumeric password is just as good as "spot" for the name of your 
first pet from Facebook's perspective, but a lot more secure for you.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Combined relay and hidden service, good idea or not?

[Dave Warren]

On 2018-01-09 13:33, yl wrote:


On 08.01.2018 11:21, Florentin Rochet wrote:


Yes, if the HS operator does not want to mask the HS location, then it
is all good. For that purpose, I agree that the warning message should
be changed.


So assuming I just want to run SSH on some port on an .onion on the
relay, what is the downside there? Just wondering if for that usecase,
SSH to login remotely on to the relay would still have any disadvantages
that I missed to consider.


Do you care if a random third party could determine the real internet IP 
address of your .onion? If this isn't a problem, then you can probably 
proceed safely.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Combined relay and hidden service, good idea or not?

[Dave Warren]

On 2018-01-08 16:08, Roger Dingledine wrote:

On Mon, Jan 08, 2018 at 03:59:25PM -0700, Dave Warren wrote:

  Even if Tor didn't supply any relay
statistics, a curious and enterprising individual could "explore" by seeing
what happens to a particular onion when one launches a DoS attack against an
external IP that one believes might be connected to the .onion service.


Yep. If you want to go a step further, check out this paper:
https://www.freehaven.net/anonbib/#remote-traffic-pets12
where they investigate inducing congestion on a target IP address
to learn *what web page it's loading*.

Turns out the attack is only effective in certain situations, but
the fact that it's worth taking seriously at all is bad news for
the Internet as a whole.


I forgot about that one! Not a surprise that it's possible in certain 
circumstances, I suppose.


Nonetheless, a hidden service should be relatively immune if the IP 
address isn't known (and isn't trivially determined, such as also 
hosting a relay).


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Combined relay and hidden service, good idea or not?

[Dave Warren]

On 2018-01-08 19:54, Alain Wolf wrote:

I think the real issue here is once more the wording "hidden service"
for something which is, in your case, not intended to be hidden.

I believe thats why the term "Onion Service" was introduced.


Indeed. I use Onion Service when starting a conversation, but when 
Hidden Service is already in use, it seems to be less confusing to stick 
with the terminology being used in the existing thread.



A foolproof solution would be, that a relay complains and refuses to
start if a "hidden onion service" is configured on the same instance.
But would run without warning with "public onion services".

I have no idea if a distinction between "public" and "hidden" onion
services is planned or if its just change of wording until now.


I don't think there is a technical difference between and "Onion" vs 
"Hidden" service, although there is obviously a huge real-world difference.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Combined relay and hidden service, good idea or not?

[Dave Warren]

On 2018-01-08 14:09, Tortilla wrote:


On Mon, January 8, 2018 11:25 am, Dave Warren wrote:

On 2018-01-08 03:21, Florentin Rochet wrote:

Perhaps in the case that the HS operator is not trying to mask the HS
location, the act of mixing public relay traffic can be nothing but a
*help* to defeat anyone trying to correlate traffic coming to the HS
with
traffic emanating from any one client.


Yes, if the HS operator does not want to mask the HS location, then it
is all good. For that purpose, I agree that the warning message should
be changed.


Indeed. I run some public resources (e.g. torproject.org mirror) on a
public URL with a .onion site as well. Nothing is intended to be hidden,
I simply want the content of anything I mirror to be available to Tor
users without relying on an exit.

After an "abuse" report warning me that my hidden site is "leaking" its
location, my root robots.txt and a separate README file now both display
the public and .onion addresses with a note that nothing is intended to
be hidden. (I also appreciate the individual who sent the warning!)

On the flip side, to a new/naive hidden service operator the warning
could be useful as it may not be immediately obvious to someone just
dipping their toes in Tor as to why and how this configuration might
reveal their hidden service's real physical location.


Certainly!  I'm not new to Tor/HS and still got tripped up by this,
especially seeing the issue as having been closed, not having realized it
has not in fact been "fixed" and the only thing done was to add a startup
warning.  The issue really should be re-opened.  It's not unreasonable to
conclude that if the issue linked in the warning is closed that the
warning is obsolete.


I think the issue itself should be listed as WONTFIX, as this is simply 
a reality of how the internet works. Even if Tor didn't supply any relay 
statistics, a curious and enterprising individual could "explore" by 
seeing what happens to a particular onion when one launches a DoS attack 
against an external IP that one believes might be connected to the 
.onion service.


Notifying the administrator is sufficient, but I don't think an 
otherwise harmless log WARNING is sufficient to know that the 
administrator has been notified. Given that an administrator may not 
even review the logs if everything is functioning the way they expect, I 
would like to see something that forces the administrator to make a 
conscious choice.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Combined relay and hidden service, good idea or not?

[Dave Warren]

On 2018-01-08 03:21, Florentin Rochet wrote:

Perhaps in the case that the HS operator is not trying to mask the HS
location, the act of mixing public relay traffic can be nothing but a
*help* to defeat anyone trying to correlate traffic coming to the HS with
traffic emanating from any one client.


Yes, if the HS operator does not want to mask the HS location, then it 
is all good. For that purpose, I agree that the warning message should 
be changed.


Indeed. I run some public resources (e.g. torproject.org mirror) on a 
public URL with a .onion site as well. Nothing is intended to be hidden, 
I simply want the content of anything I mirror to be available to Tor 
users without relying on an exit.


After an "abuse" report warning me that my hidden site is "leaking" its 
location, my root robots.txt and a separate README file now both display 
the public and .onion addresses with a note that nothing is intended to 
be hidden. (I also appreciate the individual who sent the warning!)


On the flip side, to a new/naive hidden service operator the warning 
could be useful as it may not be immediately obvious to someone just 
dipping their toes in Tor as to why and how this configuration might 
reveal their hidden service's real physical location.


I avidly dislike warnings appearing in my logs that I intend to ignore, 
I would prefer to see this be controlled by a preference in torrc, 
either by an option to disable the warning, or better, require an 
explicit switch to be set before tor will act as both a relay and a 
hidden service. By making a "allow both HS and relay function" switch 
that is disabled by default, we could place appropriate comments in the 
default torrc file which explain the risks.


Whether any of this really matters in the real world, I don't know, but 
getting the attention of an inexperienced operator before they make a 
privacy-reducing mistake seems like A Good Thing.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Please do not use 9.9.9.9 as your DNS on an exit relay

[Dave Warren]

On Wed, Nov 22, 2017, at 15:59, tor wrote:
> I wouldn't recommend Quad9 (9.9.9.9) for personal use either.
> 
> During some very brief testing I ran into performance issues like 1500 ms
> response times and UDP timeouts.
> 
> Also, via the Global Cyber Alliance, there is quite a bit of partnership
> with various government entities:
> 
>   
> https://www.globalcyberalliance.org/community-partners.html#partner-industries
> 
> This leaves many unanswered questions. What criteria is used to define
> "malicious" traffic? Who gets to add domains to the blacklist? Etc.

One note, 9.9.9.10 does no filtering, but sadly also doesn't enforce
DNSSEC. It has the same privacy policy and similar.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] (no subject)

[Dave Warren]

Also, unsubscription requests require you to confirm the request, so you
can't unsubscribe someone else by entering their address.


On Wed, Mar 29, 2017, at 00:34, Dave Warren wrote:

> Why not unsubscribe yourself? You figured out how to subscribe, you
> can figure out how to unsubscribe.
> 

> The first step is to click the link in the footer of every single
> message, then look for "To unsubscribe from tor-relays"
> 

> On Wed, Mar 29, 2017, at 00:31, Nicholas K S Cullen wrote:

>> Please.unsubscribe me

>> _

>> tor-relays mailing list

>> tor-relays@lists.torproject.org

>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

> 

> _

> tor-relays mailing list

> tor-relays@lists.torproject.org

> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] (no subject)

[Dave Warren]

Why not unsubscribe yourself? You figured out how to subscribe, you can
figure out how to unsubscribe.


The first step is to click the link in the footer of every single
message, then look for "To unsubscribe from tor-relays"


On Wed, Mar 29, 2017, at 00:31, Nicholas K S Cullen wrote:

> Please.unsubscribe me

> _

> tor-relays mailing list

> tor-relays@lists.torproject.org

> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Recent events in Tor-Relay.

[Dave Warren]

On Tue, Mar 28, 2017, at 23:24, John Ricketts wrote:
> All,
> 
> Any suggestions short of a restraining order? 
> 
> That was one of the most bizarre interactions I have ever had with anyone
> on the internet.

"If you would like me to block other Tor users from using my exits to
contact your servers, please provide the list of IP(s) and I will do so.
For any other requests, please feel free to serve papers to my lawyer",
or if you don't have a lawyer, just cut the last few words out. 

After that, don't respond to anything other than a specific list of IPs
to block (and I'd sanity check them). Don't engage, don't encourage,
don't try to assume they'll suddenly get not-stupid if you can just get
them to understand why they're stupid, that's not how stupid works.

There's nothing to be gained from further debate or discussion, so why
not let them get bored and go yell at a fast food worker or a poorly
placed traffic sign or something instead of wasting more of your time?

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] FW: What's a "useful" mailing list contributor? (was Re: What's a "useful" relay?)

[Dave Warren]

On Tue, Jan 10, 2017, at 21:09, Rana wrote:
> Wow. I offer to maintain a FAQ for small relays and in return I get this. 
> Unsubscribed.

While the FAQ could have been useful, if being asked to learn how to
post properly on a mailing list causes an instant flameout, I wonder
whether the FAQ would have gone any further.

Too bad, it could make for a useful resource, perhaps someone stable
will volunteer?

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is there a reason for all exit nodes being public?

[Dave Warren]

Again, I think I was quite clear on that: I don't care. I'm not using
Tor to hide anything from Facebook, and I'm quite aware that any data
Facebook can touch is recorded and I assume it is or will be published.
That's not acceptable to everyone but it's fine for me in many cases.


Even here, Tor helps because when you login to Facebook via the
hidden service, and then create a New Identity and continue browsing
other sites, Facebook can no longer associate my general web surfing
with my Facebook account, so suddenly I am in control of what data I
provide to Facebook rather than Facebook collecting anything and
everything they can.


If you have a different threat model, that's fine, use Tor and the
internet appropriate to your needs.


On Thu, Dec 8, 2016, at 00:22, Duncan Guthrie wrote:

> Well, apart from using Facebook...

> 

> On 8 December 2016 7:51:09 am GMT+00:00, Dave Warren
> <da...@hireahit.com> wrote:
>> I agree 100%. And yet, it's still useful for those who don't have
>> anything to fear from using Tor, but still want the privacy and
>> security from the last mile.
>> 

>> On Wed, Dec 7, 2016, at 23:45, Duncan Guthrie wrote:

>>> The problem with Facebook is that their policies on real names
>>> somewhat goes against hiding from a repressive regime. Their terms
>>> and conditions mandate that they kick people who use pseudonyms, and
>>> make fellow Facebook users rat on each other.
>>> If I was an activist I would be wary of using it on or off Tor at
>>> all. If I am going to be harassed for using Facebook, it's probably
>>> unsafe to use Tor altogether. It isn't worth the risk, except in a
>>> very limited manner.
>>> I think the hidden service in this case is just gesture politics.
>>> It's not really for citizens in repressive regimes, but people who
>>> have little to fear from using Tor.
>>> 

>>> Duncan

>>> 

>>> On 7 December 2016 3:20:05 pm GMT+00:00, Rana
>>> <ranaventu...@gmail.com> wrote:
>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> -Original Message-
>>>> 

>>>> 
>>>> 
>>>> 

>>>>>  From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org]
>>>>>  On Behalf Of heartsucker
>>>>>
>>>>> 
>>>>> 
>>>>> 

>>>>>  Sent: Wednesday, December 07, 2016 5:11 PM
>>>>> 

>>>>> 
>>>>> 
>>>>> 

>>>>>  : tor-relays@lists.torproject.org
>>>>> 

>>>>> 
>>>>> 
>>>>> 

>>>>>  Subject: Re: [tor-relays] Is there a reason for all exit nodes
>>>>>  being public?
>>>>>
>>>>> 
>>>>> 
>>>>> 

>>>>>  
>>>>> 

>>>>> 
>>>>> 
>>>>> 

>>>>>  As one of the Tor users who connects to services where I have to
>>>>>  use my real name (e.g., my banks), I think it's not helpful to
>>>>>  make assumptions about everyone's use case. Part of why I use Tor
>>>>>  is to
>>>>>
>>>>> 
>>>>> 
>>>>> 

>>>>>  keep my ISPs from snooping on what I'm doing, and it's possible
>>>>>  some of these millions of facebook users are doing the same.
>>>>>
>>>>> 
>>>>> 
>>>>> 

>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> We will never know the breakdown of the Facebook users by the
>>>> reason why they use Tor. However, surely many of them are under
>>>> repressive regimes and do not want their ass kicked for what they
>>>> write on Facebook. Protecting them is fine purpose and anyhow, Tor
>>>> has no control over how people use the network and certainly not
>>>> over why they use it.
>>>>
>>>> 
>>>> 
>>>> 

>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> Rana
>>>> 

>>>> 
>>>> 
>>>> 

>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> 
>>>> 

>>>> 
>>>> 
>>>> 

>>>> tor-relays mailing list
>>>> 

>>>> 
>>>> 
>>>> 

>>>> tor-relays@lists.torproject.org
>>>> 

>>>> 
>>>> 
>>>> 

>>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>>
>>>> 
>>>> 
>>>> 

>>> _

>>> tor-relays mailing list

>>> tor-relays@lists.torproject.org

>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>> 

>> 



>> 
>> 

>> tor-relays mailing list
>> 

>> tor-relays@lists.torproject.org
>> 

>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> _

> tor-relays mailing list

> tor-relays@lists.torproject.org

> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is there a reason for all exit nodes being public?

[Dave Warren]

I agree 100%. And yet, it's still useful for those who don't have
anything to fear from using Tor, but still want the privacy and security
from the last mile.


On Wed, Dec 7, 2016, at 23:45, Duncan Guthrie wrote:

> The problem with Facebook is that their policies on real names
> somewhat goes against hiding from a repressive regime. Their terms and
> conditions mandate that they kick people who use pseudonyms, and make
> fellow Facebook users rat on each other.
>  If I was an activist I would be wary of using it on or off Tor at
>  all. If I am going to be harassed for using Facebook, it's probably
>  unsafe to use Tor altogether. It isn't worth the risk, except in a
>  very limited manner.
>  I think the hidden service in this case is just gesture politics.
>  It's not really for citizens in repressive regimes, but people who
>  have little to fear from using Tor.
> 

>  Duncan

> 

> On 7 December 2016 3:20:05 pm GMT+00:00, Rana
>  wrote:
>> 
>> 

>> 
>> 

>> -Original Message-
>> 

>>>  From: tor-relays [mailto:tor-relays-boun...@lists.torproject.org]
>>>  On Behalf Of heartsucker
>>>
>>>  Sent: Wednesday, December 07, 2016 5:11 PM
>>> 

>>>  : tor-relays@lists.torproject.org
>>> 

>>>  Subject: Re: [tor-relays] Is there a reason for all exit nodes
>>>  being public?
>>>
>>>  
>>> 

>>>  As one of the Tor users who connects to services where I have to
>>>  use my real name (e.g., my banks), I think it's not helpful to make
>>>  assumptions about everyone's use case. Part of why I use Tor is to
>>>
>>>  keep my ISPs from snooping on what I'm doing, and it's possible
>>>  some of these millions of facebook users are doing the same.
>>>
>> 
>> 

>> We will never know the breakdown of the Facebook users by the reason
>> why they use Tor. However, surely many of them are under repressive
>> regimes and do not want their ass kicked for what they write on
>> Facebook. Protecting them is fine purpose and anyhow, Tor has no
>> control over how people use the network and certainly not over why
>> they use it.
>>
>> 
>> 

>> Rana
>> 

>> 
>> 

>> 
>> 

>> 
>> 

>> 
>> 

>> 
>> 

>> tor-relays mailing list
>> 

>> tor-relays@lists.torproject.org
>> 

>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> _

> tor-relays mailing list

> tor-relays@lists.torproject.org

> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is there a reason for all exit nodes being public?

[Dave Warren]

On 2016-12-07 05:41, Rana wrote:

By the way, I just checked, Gmail works without problems over Tor (both Web and 
IMAPS).

Using Gmail over Tor when they already know who you are is self-defeating. Try 
to register an anonymous Gmail account using Tor.



Doable. They require a phone number for verification, but that's the same with 
and without Tor. Besides, if you want an anonymous email, use _anything but 
Gmail_, eg. ProtonMail.


Providing you phone number during registration = registration is not anonymous, 
so anonymous registration of a Gmail account using Tor is NOT doable.


This depends on your country. In some countries you can purchase a SIM 
and activate service using only cash. If your threat model includes 
includes an adversary that could obtain phone company records, you 
should not reuse the phone or SIM for any other purpose.


Obviously not all countries allow for this approach.



Last time I tried, this did not work. I provided the SMS number in a Tor registration 
attempt and Gmail said we cannot register you "at this time", without even 
trying to send me an SMS.

Protonmail is exactly the same thing, if you want to register a free account you need to 
provide your phone number. You can register "anonymously" in ProtonMail only 
for paid account, and even if you are willing to pay for anonymity, you need to pay in 
bitcoin which ultimately discloses you identity - so again, not anonymous.


As someone who previously ran a small freemail service, I can tell you 
that it's extremely difficult to block abusers from signing up without 
also blocking legitimate users. I gave up trying.


If you can acquire an untrackable prepaid credit card (again, something 
that can be done using only cash here, but perhaps not everywhere), you 
may be able to find a VoIP service which can be used for this purpose.


I have registered both Gmail and Outlook.com accounts at a VoIP SMS 
phone number, although I had to register a few phone numbers in 
different area codes before I found one that would work.


It's a tough problem to solve, I will admit.


On 2016-12-07 04:15, Rana wrote:

Using Gmail over Tor when they already know who you are is self-defeating. Try 
to register an anonymous Gmail account using Tor.


Gmail might know who I am, but my connectivity provider doesn't and I 
might not want them to know I'm using Gmail.



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Is there a reason for all exit nodes being public?

[Dave Warren]

On 2016-12-07 07:20, Rana wrote:

We will never know the breakdown of the Facebook users by the reason why they 
use Tor. However, surely many of them are under repressive regimes and do not 
want their ass kicked for what they write on Facebook. Protecting them is fine 
purpose and anyhow, Tor has no control over how people use the network and 
certainly not over why they use it.


I use Tor to access Facebook because it exists, and because I believe 
that legitimate use of both hidden services and exit nodes improves the 
overall legitimacy of Tor. I believe that if the only use of Tor is 
users with something to hide, it becomes easier to justify blocking and 
therefore is less effective and less useful overall.


I use Facebook with my real name and real photo because I'm not hiding 
anything from anyone in this situation (except perhaps my local 
connectivity provider, should I be traveling at the time).


I'm probably a minority in this case, and certainly an anecdote is not 
of statistical significance, but that's me.




___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Question about relay speed

[Dave Warren]

On Sat, Oct 1, 2016, at 04:54, Sheesh wrote:
> Hello!
> I'm running a non-exit relay on my VPS with small amount of
> traffic/month. That means my advertised bandwidth is ~500 KB/s. I got a
> new VPS where I want to let a relay run with several MB/s - My question
> now is: should I let the slower relay run (aka do 500 KB/s positively
> contribute to the TOR network?) or move my relay key to the new server
> and run this one only?

To me, if the old relay is on a provider/network that isn't already
over-populated, more is better and it's a net good. If that provider is
already well covered, it's less useful.

Your mileage and opinions may vary.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Dave Warren]

Nope. You get root, so with a bit of creativity you could probably do
whatever you want, but I don't think DO officially supports installing
your own OS (and they might make assumptions about your OS version that
cause you issues later)

On Mon, Sep 12, 2016, at 21:20, Petrusko wrote:
> No way to "add" an image .iso with the web interface ?
> 
> > D.O. has images for Debian (8.5, 7.11), Ubuntu (16.04.1, 14.04.5,
> > 12.04.5), but no Gentoo.

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] DigitalOcean pricing (Re: tomhek - the (new) biggest guard relay operator)

[Dave Warren]

On Sun, Sep 11, 2016, at 06:53, Ralph Seichter wrote:
> On 11.09.2016 14:30, Markus Koch wrote:
> 
> > So around 90 terabyte a month for $5. Seems fair :)
> 
> Yeah, it does, doesn't it... ;-) Leaves me with figuring out what Linux
> distro to use, as D.O. does not offer Gentoo. Debian or Ubuntu? Exclusive
> Tor use is what I have in mind. Your thoughts?

D.O. has images for Debian (8.5, 7.11), Ubuntu (16.04.1, 14.04.5,
12.04.5), but no Gentoo.


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor and Diplomatic Immunity

[Dave Warren]

On 2016-09-06 11:29, Green Dream wrote:

The whole idea doesn't sit right with me.

For one, I'm not sure I'd want any more Five Eyes entities running
Exit nodes. Most embassies are already a haven for espionage activity.
You'd pretty much have to assume they'd be sniffing the exit traffic.


All the more reason to add a bunch of unrelated and unimportant traffic 
like a Tor exit node.


If you only shred your Top Secret documents, every piece of shredded 
paper is potentially a secret to an interested party, but if you mix in 
tons of unrelated material, it adds a whole ton of noise.


For the same reason that libraries often stand up for our rights, I'd 
hope embassies would also consider using their resources and unique 
legal position to stand up for rights that "we" believe in.


However, whether they do or not, is unknown to me.



___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor and Diplomatic Immunity

[Dave Warren]

On Mon, Sep 5, 2016, at 11:24, Kenneth Freeman wrote:
> 
> 
> On 09/04/2016 07:31 PM, Mirimir wrote:
> > On 09/04/2016 09:11 AM, Kenneth Freeman wrote:
> >> Do embassies and consulates run Tor nodes? AFAIK no studies have been
> >> done on this, but diplomatic immunity and Tor would seem to be a match
> >> made in Heaven.
> > 
> > Well, they need uplinks, right? I doubt that diplomatic immunity forces
> > ISPs to serve them. Private routing is possible, of course, but is
> > probably too expensive for most.
> 
> Whatever their budgetary considerations, embassies and consulates afford
> diplomatic safe spaces for Tor nodes.

At best, they provide a *legal* safe space, but it would only take an
embassy having their local internet access terminated once or twice
before they'd re-consider, absent any agreements which block service
providers from doing such. I'd be surprise if such exist, although, it's
certainly possible.

Assuming we're talking exit nodes, anyway.

 

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Legal status of operating Tor exit in UK?

[Dave Warren]

On 2015-09-23 15:28, Tim Wilson-Brown - teor wrote:


On 24 Sep 2015, at 08:19, Green Dream <greendream...@gmail.com 
<mailto:greendream...@gmail.com>> wrote:



"I'm still not convinced that ToR isn't just an incredibly clever
US government scheme where the US government stealthily operate a
majority of the ToR (exit and intermediate) nodes, leading
themselves to be able to anonymously inspect / MITM traffic from
any exit node
they operate, as well as correlate flows between non exit nodes
to be able to find the original source of a flow."


If the ISP really feels this way, a logical solution would be to 
allow exits from their network, thereby increasing the capacity of 
non-government nodes. The irony.


Unless they think there's a significant chance *you're* a US 
government agent.




In which case little would annoy the aforementioned gov't agent more 
than one or more ISPs setting up their own network of high capacity exit 
nodes.


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Catch 22 pay, set-up and be banned

[Dave Warren]

On 2015-07-18 22:35, I wrote:
The VPS business was happy for me to sign on and pay knowing it was 
for exits.


The black list operator they rely on  [https://www.dan.me.uk/dnsbl ] 
checks hourly for Tor nodes to match against the VPSs.


What could be the motivation of the black list operator!  If he 
answers I will let you know of any justification.
It's easy to see the rationale of the business. A third of my VPSs 
have dudded me like this.


Doesn't USA have proper trade practices legislation?


Sure. Hire a lawyer and sue, you'll probably get your money back. Beyond 
that, if you paid via credit card and you feel that a vendor failed to 
deliver what type promised, reverse the charge with your credit card 
provider and call it a day.


Note that if you reverse charges in this way, it doesn't alleviate you 
of the debt, but it does force them to pursue you via the legal system, 
which will likely not be possible if they did actually violate the 
agreement (and it won't be worth their time for a small amount of money 
anyway)


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren

___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Subpoena received

[Dave Warren]

On 2015-04-20 10:31, Speak Freely wrote:

A foreign sovereign can command anything to anyone... without a
reasonable expectation that anyone will follow it.

Even in Canada, I am not obliged to respond to American subpoenas unless
and until my government commands me to. Only your sovereign can command
you to do anything. A foreign sovereign has zero right to anything
outside of it's own purview.


Keep in mind that if you do respond at all, the US court may claim to 
have waived jurisdictional arguments and consented to the jurisdiction, 
in which case a court order can be enforced cross-jurisdictionally in 
certain cases. Spamhaus learned the hard way when they hired a US lawyer 
to represent them and that lawyer responded incorrectly and enabled the 
lawsuit to become binding upon themselves despite the lack of physical 
presence within the US.


While they ultimately prevailed on their appeal to the greatest degree 
still available, they were unable to vacate the default judgement 
entirely (only the amount), so while they ended up paying a nominal 
amount and winning for more useful purposes, they technically lost the 
case. Had they failed to appeal or lost the appeal, the resulting order 
would have been binding and enforceable in UK courts because Spamhaus's 
actions consented to the plaintiff's choice of jurisdiction.


On the criminal side, you can also be extradited in certain cases. Kim 
Dotcom is still working through the complexities of this particular 
situation.


So I would highly recommend engaging a lawyer to verify that your 
actions don't waive any arguments or otherwise consent to anything that 
can be enforced across borders.


(And no, odds of any of this impacting a simple Tor operator are not 
very high unless you're otherwise a high profile or high value target)


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Tor and Freenode

[Dave Warren]

On 2015-01-24 07:46, Markus Hitter wrote:

Without a room there's not much to spam.


Unfortunately this is very much not true. There are all sorts of attacks 
on IRC, including bots that use multiple connections where one collects 
data from channels and another actually sends the spam via direct PRIVMSG.


It wouldn't be impossible to neuter the IRC protocol to allow 
registration over Tor but otherwise render unauthenticated users 
harmless to the network, but unless there is some way to verify that the 
user is human, bots would quickly get written to register nicks and set 
themselves up via Tor, abuse the nick until it's burned and move on.


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Linode, DigitalOcean

[Dave Warren]

I've got a number of servers on Linode and DigitalOcean that could 
potentially be candidates for relays or bridges as they have a fair 
amount of otherwise unused resources.


However, I wonder if there are enough people running non-exit nodes on 
these providers due to their large scale, such that more doesn't really 
help due to the lack of overall diversity of the network. Thoughts about 
whether running a few Tor relays in these environments is worthwhile?


Neither is friendly enough to run exit nodes, at least as far as my 
purposes go.


And to be clear, my goal is to utilize and share some otherwise unused 
resources, not to buy new servers to dedicate to Tor. While we're also 
debating sponsoring or operating exit nodes, they will be on dedicated 
servers in Tor friendly environments.


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Reminder: don't run transparent proxies at exits

[Dave Warren]

On 2015-01-09 19:21, eric gisse wrote:

What about ISP's (and openDNS) that NXDOMAIN trap to insert advertising?


Just a quick point, OpenDNS doesn't do that anymore.

https://www.opendns.com/no-more-ads/

(Others do, and it's still a terrible idea there, but OpenDNS has seen 
the light and/or found a business model that doesn't involve selling 
their users as product)


--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren


___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays