subject:"\[tor\-relays\] Exit in Turkey blocking torproject \(komm EA93C\), BadExit, Node Subscription Services, Censorship"

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Nathaniel Suchy

What if a Tor Bridge blocked connections to the tor network to selective
client IPs? Would we keep it in BridgeDB because its sometimes useful?

On Thu, Aug 30, 2018 at 10:02 PM arisbe  wrote:

> Children should be seen and not herd.  The opposite goes for Tor relays.
> Arisbe
>
>
> On 8/30/2018 2:11 PM, Nathaniel Suchy wrote:
>
> So this exit node is censored by Turkey. That means any site blocked in
> Turkey is blocked on the exit. What about an exit node in China or Syria or
> Iraq? They censor, should exits there be allowed? I don't think they
> should. Make them relay only, (and yes that means no Guard or HSDir flags
> too) situation A could happen. The odds might not be in your favor. Don't
> risk that!
>
> Cordially,
> Nathaniel Suchy
>
> On Thu, Aug 30, 2018 at 3:25 PM grarpamp  wrote:
>
>> This particular case receiving mentions for at least a few months...
>> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114
>>
>> The relay won't [likely] be badexited because neither it nor its upstream
>> is
>> shown to be doing anything malicious. Simple censorship isn't enough.
>> And except for such limited censorship, the nodes are otherwise fully
>> useful, and provide a valuable presence inside such regions / networks.
>>
>> Users, in such censoring regimes, that have sucessfully connected
>> to tor, already have free choice of whatever exits they wish, therefore
>> such censorship is moot for them.
>>
>> For everyone else, and them, workarounds exist such as,,,
>> https://onion.torproject.org/
>> http://yz7lpwfhhzcdyc5y.onion/
>> search engines, sigs, vpns, mirrors, etc
>>
>> Further, whatever gets added to static exitpolicy's might move out
>> from underneath them or the censor, the censor may quit, or the exit
>> may fail to maintain the exitpolicy's. None of which are true
>> representation
>> of the net, and are effectively censorship as result of operator action
>> even though unintentional / delayed.
>>
>> Currently many regimes do limited censorship like this,
>> so you'd lose all those exits too for no good reason, see...
>> https://ooni.torproject.org/
>>
>> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country
>>
>> And arbitrarily hamper spirits, tactics, and success of volunteer
>> resistance communities and operators in, and fighting, such regimes
>> around the world.
>>
>> And if the net goes chaotic, majority of exits will have limited
>> visibility,
>> for which exitpolicy / badexit are hardly manageable solutions either,
>> and would end up footshooting out many partly useful yet needed
>> exits as well.
>>
>>
>> If this situation bothers users, they can use... SIGNAL NEWNYM,
>> New Identity, or ExcludeExitNodes.
>>
>> They can also create, maintain and publish lists of whatever such
>> classes of nodes they wish to determine, including various levels
>> of trust, contactability, verification, ouija, etc... such that others
>> can subscribe to them and Exclude at will.
>> They can further publish patches to make tor automatically
>> read such lists, including some modes that might narrowly exclude
>> and route stream requests around just those lists of censored
>> destination:exit pairings.
>>
>> Ref also...
>> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit
>> https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit
>>
>>
>> In the subect situations, you'd want to show that it is in fact
>> the exit itself, not its upstream, that is doing the censorship.
>>
>> Or that if fault can't be determined to the upstream or exit, what
>> would be the plausible malicious benefit for an exit / upstream
>> to block a given destination such that a badexit is warranted...
>>
>> a) Frustrate and divert off 0.001% of Turk users smart enough to
>> use tor, chancing through tor client random exit selection of your
>> blocking exit, off to one of the workarounds that you're equally
>> unlikely to control and have ranked, through your exit vs one
>> of the others tor has open?
>>
>> b) Prop up weird or otherwise secretly bad nodes on the net,
>> like the hundreds of other ones out there, for which no badexit
>> or diverse subscription services yet exist to qualify them?
>>
>> c) ???
>>
>> Or that some large number of topsites were censored via
>> singular or small numbers of exits / upstreams so as to be
>> exceedingly annoying to the network users as a whole, where
>> no other environment of such / chaotic widespread annoyance
>> is known to exist at the same time.
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
> ___
> tor-relays mailing 
> listtor-relays@lists.torproject.orghttps://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
>
> --
> One person's moral compass is another person's face in the dirt.
>
>

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread arisbe


  
  
Children should be seen and not herd.  The opposite goes for Tor
relays.
Arisbe

On 8/30/2018 2:11 PM, Nathaniel Suchy
  wrote:


  
  So this exit node is censored by Turkey. That means
any site blocked in Turkey is blocked on the exit. What about an
exit node in China or Syria or Iraq? They censor, should exits
there be allowed? I don't think they should. Make them relay
only, (and yes that means no Guard or HSDir flags too) situation
A could happen. The odds might not be in your favor. Don't risk
that!


Cordially,
Nathaniel Suchy
  
  
  
On Thu, Aug 30, 2018 at 3:25 PM grarpamp 
  wrote:

This
  particular case receiving mentions for at least a few
  months...
  D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov
  185.125.33.114
  
  The relay won't [likely] be badexited because neither it nor
  its upstream is
  shown to be doing anything malicious. Simple censorship isn't
  enough.
  And except for such limited censorship, the nodes are
  otherwise fully
  useful, and provide a valuable presence inside such regions /
  networks.
  
  Users, in such censoring regimes, that have sucessfully
  connected
  to tor, already have free choice of whatever exits they wish,
  therefore
  such censorship is moot for them.
  
  For everyone else, and them, workarounds exist such as,,,
  https://onion.torproject.org/
  http://yz7lpwfhhzcdyc5y.onion/
  search engines, sigs, vpns, mirrors, etc
  
  Further, whatever gets added to static exitpolicy's might move
  out
  from underneath them or the censor, the censor may quit, or
  the exit
  may fail to maintain the exitpolicy's. None of which are true
  representation
  of the net, and are effectively censorship as result of
  operator action
  even though unintentional / delayed.
  
  Currently many regimes do limited censorship like this,
  so you'd lose all those exits too for no good reason, see...
  https://ooni.torproject.org/
  https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country
  
  And arbitrarily hamper spirits, tactics, and success of
  volunteer
  resistance communities and operators in, and fighting, such
  regimes
  around the world.
  
  And if the net goes chaotic, majority of exits will have
  limited visibility,
  for which exitpolicy / badexit are hardly manageable solutions
  either,
  and would end up footshooting out many partly useful yet
  needed
  exits as well.
  
  
  If this situation bothers users, they can use... SIGNAL
  NEWNYM,
  New Identity, or ExcludeExitNodes.
  
  They can also create, maintain and publish lists of whatever
  such
  classes of nodes they wish to determine, including various
  levels
  of trust, contactability, verification, ouija, etc... such
  that others
  can subscribe to them and Exclude at will.
  They can further publish patches to make tor automatically
  read such lists, including some modes that might narrowly
  exclude
  and route stream requests around just those lists of censored
  destination:exit pairings.
  
  Ref also...
  https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit
  https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit
  
  
  In the subect situations, you'd want to show that it is in
  fact
  the exit itself, not its upstream, that is doing the
  censorship.
  
  Or that if fault can't be determined to the upstream or exit,
  what
  would be the plausible malicious benefit for an exit /
  upstream
  to block a given destination such that a badexit is
  warranted...
  
  a) Frustrate and divert off 0.001% of Turk users smart enough
  to
  use tor, chancing through tor client random exit selection of
  your
  blocking exit, off to one of the workarounds that you're
  equally
  unlikely to control and have ranked, through your exit vs one
  of the others tor has open?
  
  b) Prop up weird or otherwise secretly bad nodes on the net,
  like the hundreds of other ones out there, for which no
  badexit
  or diverse subscription services yet

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Pascal Terjan

How is situation 1 different from 2 from the user perspective? In both
cases the user doesn't have access because of the country where the exit is
running.

A lot of countries have various levels of blocky (for example torrent
websites in UK). Is the solution to only run all exits in a few "good"
countries with no filtering but maybe some strong surveillance/analysis?

On Thu, 30 Aug 2018, 16:22 Nathaniel Suchy,  wrote:

> The exit is behind a filtered ISP. Opposed to a website blocking exits.
> That’s the difference.
>
> 1) The content provider causes the block.
> 2) The exit causes the block.
>
> In situation two a censored user may give up on Tor entirely. Should we
> allow exits in China or Iraq or Syria or Turkey or the several other
> countries. What if their governments who can afford it spin up 10,000 exits
> in an effort to censor the Tor Network. Will we sit idly by and allow it?
>
> On Thu, Aug 30, 2018 at 7:17 PM Pascal Terjan  wrote:
>
>> A country's ISPs blocking some websites is not the exit blocking it and
>> the result is the same than websites blocking the country, users of that
>> exit can't access the websites just because the exit is in that country but
>> doesn't do any filtering itself.
>>
>> On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy,  wrote:
>>
>>> That’s a website blocking Tor users. Not a Tor Exit blocking a website.
>>> On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan  wrote:
>>>


 On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy,  wrote:

> So this exit node is censored by Turkey. That means any site blocked
> in Turkey is blocked on the exit. What about an exit node in China or 
> Syria
> or Iraq? They censor, should exits there be allowed? I don't think they
> should. Make them relay only, (and yes that means no Guard or HSDir flags
> too) situation A could happen. The odds might not be in your favor. Don't
> risk that!
>

 Where do you put the limit?

 Various categories of websites are blocked in various countries either
 by ISPs or by content providers.

 For example should exits not be allowed to run in Germany due to
 https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany
 ? Or not allow exits in EU due to the number of US websites deciding to
 block all of EU IPs to not have to comply to GDPR?

 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Nathaniel Suchy

Matthew: Built in functionality, maybe, an addon, no. Also either solution
is a bandaid to the actual problem that we're allowing an exit with no
contact information to censor Tor users with impunity!

On Thu, Aug 30, 2018 at 8:01 PM Matthew Glennon 
wrote:

> Could this be mitigated with a detection addon in Tor Browser? Detect that
> the site may be blocked at the exit and offer to fetch a new circuit for
> the site?
>
>
> On Thu, Aug 30, 2018, 19:22 Nathaniel Suchy  wrote:
>
>> The exit is behind a filtered ISP. Opposed to a website blocking exits.
>> That’s the difference.
>>
>> 1) The content provider causes the block.
>> 2) The exit causes the block.
>>
>> In situation two a censored user may give up on Tor entirely. Should we
>> allow exits in China or Iraq or Syria or Turkey or the several other
>> countries. What if their governments who can afford it spin up 10,000 exits
>> in an effort to censor the Tor Network. Will we sit idly by and allow it?
>>
>> On Thu, Aug 30, 2018 at 7:17 PM Pascal Terjan  wrote:
>>
>>> A country's ISPs blocking some websites is not the exit blocking it and
>>> the result is the same than websites blocking the country, users of that
>>> exit can't access the websites just because the exit is in that country but
>>> doesn't do any filtering itself.
>>>
>>> On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy,  wrote:
>>>
 That’s a website blocking Tor users. Not a Tor Exit blocking a website.
 On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan 
 wrote:

>
>
> On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy,  wrote:
>
>> So this exit node is censored by Turkey. That means any site blocked
>> in Turkey is blocked on the exit. What about an exit node in China or 
>> Syria
>> or Iraq? They censor, should exits there be allowed? I don't think they
>> should. Make them relay only, (and yes that means no Guard or HSDir flags
>> too) situation A could happen. The odds might not be in your favor. Don't
>> risk that!
>>
>
> Where do you put the limit?
>
> Various categories of websites are blocked in various countries either
> by ISPs or by content providers.
>
> For example should exits not be allowed to run in Germany due to
> https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany
> ? Or not allow exits in EU due to the number of US websites deciding to
> block all of EU IPs to not have to comply to GDPR?
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Matthew Glennon

Could this be mitigated with a detection addon in Tor Browser? Detect that
the site may be blocked at the exit and offer to fetch a new circuit for
the site?


On Thu, Aug 30, 2018, 19:22 Nathaniel Suchy  wrote:

> The exit is behind a filtered ISP. Opposed to a website blocking exits.
> That’s the difference.
>
> 1) The content provider causes the block.
> 2) The exit causes the block.
>
> In situation two a censored user may give up on Tor entirely. Should we
> allow exits in China or Iraq or Syria or Turkey or the several other
> countries. What if their governments who can afford it spin up 10,000 exits
> in an effort to censor the Tor Network. Will we sit idly by and allow it?
>
> On Thu, Aug 30, 2018 at 7:17 PM Pascal Terjan  wrote:
>
>> A country's ISPs blocking some websites is not the exit blocking it and
>> the result is the same than websites blocking the country, users of that
>> exit can't access the websites just because the exit is in that country but
>> doesn't do any filtering itself.
>>
>> On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy,  wrote:
>>
>>> That’s a website blocking Tor users. Not a Tor Exit blocking a website.
>>> On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan  wrote:
>>>


 On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy,  wrote:

> So this exit node is censored by Turkey. That means any site blocked
> in Turkey is blocked on the exit. What about an exit node in China or 
> Syria
> or Iraq? They censor, should exits there be allowed? I don't think they
> should. Make them relay only, (and yes that means no Guard or HSDir flags
> too) situation A could happen. The odds might not be in your favor. Don't
> risk that!
>

 Where do you put the limit?

 Various categories of websites are blocked in various countries either
 by ISPs or by content providers.

 For example should exits not be allowed to run in Germany due to
 https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany
 ? Or not allow exits in EU due to the number of US websites deciding to
 block all of EU IPs to not have to comply to GDPR?

 ___
 tor-relays mailing list
 tor-relays@lists.torproject.org
 https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Nathaniel Suchy

The exit is behind a filtered ISP. Opposed to a website blocking exits.
That’s the difference.

1) The content provider causes the block.
2) The exit causes the block.

In situation two a censored user may give up on Tor entirely. Should we
allow exits in China or Iraq or Syria or Turkey or the several other
countries. What if their governments who can afford it spin up 10,000 exits
in an effort to censor the Tor Network. Will we sit idly by and allow it?

On Thu, Aug 30, 2018 at 7:17 PM Pascal Terjan  wrote:

> A country's ISPs blocking some websites is not the exit blocking it and
> the result is the same than websites blocking the country, users of that
> exit can't access the websites just because the exit is in that country but
> doesn't do any filtering itself.
>
> On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy,  wrote:
>
>> That’s a website blocking Tor users. Not a Tor Exit blocking a website.
>> On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan  wrote:
>>
>>>
>>>
>>> On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy,  wrote:
>>>
 So this exit node is censored by Turkey. That means any site blocked in
 Turkey is blocked on the exit. What about an exit node in China or Syria or
 Iraq? They censor, should exits there be allowed? I don't think they
 should. Make them relay only, (and yes that means no Guard or HSDir flags
 too) situation A could happen. The odds might not be in your favor. Don't
 risk that!

>>>
>>> Where do you put the limit?
>>>
>>> Various categories of websites are blocked in various countries either
>>> by ISPs or by content providers.
>>>
>>> For example should exits not be allowed to run in Germany due to
>>> https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany ?
>>> Or not allow exits in EU due to the number of US websites deciding to block
>>> all of EU IPs to not have to comply to GDPR?
>>>
>>> ___
>>> tor-relays mailing list
>>> tor-relays@lists.torproject.org
>>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Pascal Terjan

A country's ISPs blocking some websites is not the exit blocking it and the
result is the same than websites blocking the country, users of that exit
can't access the websites just because the exit is in that country but
doesn't do any filtering itself.

On Thu, 30 Aug 2018, 16:14 Nathaniel Suchy,  wrote:

> That’s a website blocking Tor users. Not a Tor Exit blocking a website.
> On Thu, Aug 30, 2018 at 7:06 PM Pascal Terjan  wrote:
>
>>
>>
>> On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy,  wrote:
>>
>>> So this exit node is censored by Turkey. That means any site blocked in
>>> Turkey is blocked on the exit. What about an exit node in China or Syria or
>>> Iraq? They censor, should exits there be allowed? I don't think they
>>> should. Make them relay only, (and yes that means no Guard or HSDir flags
>>> too) situation A could happen. The odds might not be in your favor. Don't
>>> risk that!
>>>
>>
>> Where do you put the limit?
>>
>> Various categories of websites are blocked in various countries either by
>> ISPs or by content providers.
>>
>> For example should exits not be allowed to run in Germany due to
>> https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany ?
>> Or not allow exits in EU due to the number of US websites deciding to block
>> all of EU IPs to not have to comply to GDPR?
>>
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Pascal Terjan

On Thu, 30 Aug 2018, 14:11 Nathaniel Suchy,  wrote:

> So this exit node is censored by Turkey. That means any site blocked in
> Turkey is blocked on the exit. What about an exit node in China or Syria or
> Iraq? They censor, should exits there be allowed? I don't think they
> should. Make them relay only, (and yes that means no Guard or HSDir flags
> too) situation A could happen. The odds might not be in your favor. Don't
> risk that!
>

Where do you put the limit?

Various categories of websites are blocked in various countries either by
ISPs or by content providers.

For example should exits not be allowed to run in Germany due to
https://en.m.wikipedia.org/wiki/Blocking_of_YouTube_videos_in_Germany ? Or
not allow exits in EU due to the number of US websites deciding to block
all of EU IPs to not have to comply to GDPR?
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Nathaniel Suchy

Then assign a bad exit flag and let it middle relay.
On Thu, Aug 30, 2018 at 5:58 PM Gary  wrote:

> Hello
>
> On Thu, Aug 30, 2018 at 3:25 PM grarpamp  wrote:
>
>> This particular case receiving mentions for at least a few months...
>> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114
>
>
> On Thu, 30 Aug 2018 at 22:11, Nathaniel Suchy  wrote:
>
>> So this exit node is censored by Turkey. That means any site blocked in
>> Turkey is blocked on the exit. What about an exit node in China or Syria or
>> Iraq? They censor, should exits there be allowed? I don't think they
>> should. Make them relay only, (and yes that means no Guard or HSDir flags
>> too) situation A could happen. The odds might not be in your favor. Don't
>> risk that!
>>
>
> Personally I think living with a small amount of country-by-country
> censorship is preferable to an "exitpolicy:exitsite" method, for example
> you are always going to get different areas/peoples thinking topics/sites
> things are acceptable while others dont think so. A tor user can simply
> change circuit and all will be fine.
>
> Also, if relay operators were able to produce a list of sites that they
> don't allow exits so, it would allow bad operators to game the system and
> perform correlation attacks.
>
> Even if a particular relay blocks exits to most .com's, it would still
> provide a valuable guard / middle service.
>
>
>>
>> Cordially,
>> Nathaniel Suchy
>>
>> On Thu, Aug 30, 2018 at 3:25 PM grarpamp  wrote:
>>
>>> This particular case receiving mentions for at least a few months...
>>> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114
>>>
>>> The relay won't [likely] be badexited because neither it nor its
>>> upstream is
>>> shown to be doing anything malicious. Simple censorship isn't enough.
>>> And except for such limited censorship, the nodes are otherwise fully
>>> useful, and provide a valuable presence inside such regions / networks.
>>>
>>> Users, in such censoring regimes, that have sucessfully connected
>>> to tor, already have free choice of whatever exits they wish, therefore
>>> such censorship is moot for them.
>>>
>>> For everyone else, and them, workarounds exist such as,,,
>>> https://onion.torproject.org/
>>> http://yz7lpwfhhzcdyc5y.onion/
>>> search engines, sigs, vpns, mirrors, etc
>>>
>>> Further, whatever gets added to static exitpolicy's might move out
>>> from underneath them or the censor, the censor may quit, or the exit
>>> may fail to maintain the exitpolicy's. None of which are true
>>> representation
>>> of the net, and are effectively censorship as result of operator action
>>> even though unintentional / delayed.
>>>
>>> Currently many regimes do limited censorship like this,
>>> so you'd lose all those exits too for no good reason, see...
>>> https://ooni.torproject.org/
>>>
>>> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country
>>>
>>> And arbitrarily hamper spirits, tactics, and success of volunteer
>>> resistance communities and operators in, and fighting, such regimes
>>> around the world.
>>>
>>> And if the net goes chaotic, majority of exits will have limited
>>> visibility,
>>> for which exitpolicy / badexit are hardly manageable solutions either,
>>> and would end up footshooting out many partly useful yet needed
>>> exits as well.
>>>
>>>
>>> If this situation bothers users, they can use... SIGNAL NEWNYM,
>>> New Identity, or ExcludeExitNodes.
>>>
>>> They can also create, maintain and publish lists of whatever such
>>> classes of nodes they wish to determine, including various levels
>>> of trust, contactability, verification, ouija, etc... such that others
>>> can subscribe to them and Exclude at will.
>>> They can further publish patches to make tor automatically
>>> read such lists, including some modes that might narrowly exclude
>>> and route stream requests around just those lists of censored
>>> destination:exit pairings.
>>>
>>> Ref also...
>>> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit
>>> https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit
>>>
>>>
>>> In the subect situations, you'd want to show that it is in fact
>>> the exit itself, not its upstream, that is doing the censorship.
>>>
>>> Or that if fault can't be determined to the upstream or exit, what
>>> would be the plausible malicious benefit for an exit / upstream
>>> to block a given destination such that a badexit is warranted...
>>>
>>> a) Frustrate and divert off 0.001% of Turk users smart enough to
>>> use tor, chancing through tor client random exit selection of your
>>> blocking exit, off to one of the workarounds that you're equally
>>> unlikely to control and have ranked, through your exit vs one
>>> of the others tor has open?
>>>
>>> b) Prop up weird or otherwise secretly bad nodes on the net,
>>> like the hundreds of other ones out there, for which no badexit
>>> or diverse subscription services yet exist to qualify them?
>>>
>>>

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Gary

Hello

On Thu, Aug 30, 2018 at 3:25 PM grarpamp  wrote:

> This particular case receiving mentions for at least a few months...
> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114


On Thu, 30 Aug 2018 at 22:11, Nathaniel Suchy  wrote:

> So this exit node is censored by Turkey. That means any site blocked in
> Turkey is blocked on the exit. What about an exit node in China or Syria or
> Iraq? They censor, should exits there be allowed? I don't think they
> should. Make them relay only, (and yes that means no Guard or HSDir flags
> too) situation A could happen. The odds might not be in your favor. Don't
> risk that!
>

Personally I think living with a small amount of country-by-country
censorship is preferable to an "exitpolicy:exitsite" method, for example
you are always going to get different areas/peoples thinking topics/sites
things are acceptable while others dont think so. A tor user can simply
change circuit and all will be fine.

Also, if relay operators were able to produce a list of sites that they
don't allow exits so, it would allow bad operators to game the system and
perform correlation attacks.

Even if a particular relay blocks exits to most .com's, it would still
provide a valuable guard / middle service.


>
> Cordially,
> Nathaniel Suchy
>
> On Thu, Aug 30, 2018 at 3:25 PM grarpamp  wrote:
>
>> This particular case receiving mentions for at least a few months...
>> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114
>>
>> The relay won't [likely] be badexited because neither it nor its upstream
>> is
>> shown to be doing anything malicious. Simple censorship isn't enough.
>> And except for such limited censorship, the nodes are otherwise fully
>> useful, and provide a valuable presence inside such regions / networks.
>>
>> Users, in such censoring regimes, that have sucessfully connected
>> to tor, already have free choice of whatever exits they wish, therefore
>> such censorship is moot for them.
>>
>> For everyone else, and them, workarounds exist such as,,,
>> https://onion.torproject.org/
>> http://yz7lpwfhhzcdyc5y.onion/
>> search engines, sigs, vpns, mirrors, etc
>>
>> Further, whatever gets added to static exitpolicy's might move out
>> from underneath them or the censor, the censor may quit, or the exit
>> may fail to maintain the exitpolicy's. None of which are true
>> representation
>> of the net, and are effectively censorship as result of operator action
>> even though unintentional / delayed.
>>
>> Currently many regimes do limited censorship like this,
>> so you'd lose all those exits too for no good reason, see...
>> https://ooni.torproject.org/
>>
>> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country
>>
>> And arbitrarily hamper spirits, tactics, and success of volunteer
>> resistance communities and operators in, and fighting, such regimes
>> around the world.
>>
>> And if the net goes chaotic, majority of exits will have limited
>> visibility,
>> for which exitpolicy / badexit are hardly manageable solutions either,
>> and would end up footshooting out many partly useful yet needed
>> exits as well.
>>
>>
>> If this situation bothers users, they can use... SIGNAL NEWNYM,
>> New Identity, or ExcludeExitNodes.
>>
>> They can also create, maintain and publish lists of whatever such
>> classes of nodes they wish to determine, including various levels
>> of trust, contactability, verification, ouija, etc... such that others
>> can subscribe to them and Exclude at will.
>> They can further publish patches to make tor automatically
>> read such lists, including some modes that might narrowly exclude
>> and route stream requests around just those lists of censored
>> destination:exit pairings.
>>
>> Ref also...
>> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit
>> https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit
>>
>>
>> In the subect situations, you'd want to show that it is in fact
>> the exit itself, not its upstream, that is doing the censorship.
>>
>> Or that if fault can't be determined to the upstream or exit, what
>> would be the plausible malicious benefit for an exit / upstream
>> to block a given destination such that a badexit is warranted...
>>
>> a) Frustrate and divert off 0.001% of Turk users smart enough to
>> use tor, chancing through tor client random exit selection of your
>> blocking exit, off to one of the workarounds that you're equally
>> unlikely to control and have ranked, through your exit vs one
>> of the others tor has open?
>>
>> b) Prop up weird or otherwise secretly bad nodes on the net,
>> like the hundreds of other ones out there, for which no badexit
>> or diverse subscription services yet exist to qualify them?
>>
>> c) ???
>>
>> Or that some large number of topsites were censored via
>> singular or small numbers of exits / upstreams so as to be
>> exceedingly annoying to the network users as a whole, where
>> no other environment of such

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread Nathaniel Suchy

So this exit node is censored by Turkey. That means any site blocked in
Turkey is blocked on the exit. What about an exit node in China or Syria or
Iraq? They censor, should exits there be allowed? I don't think they
should. Make them relay only, (and yes that means no Guard or HSDir flags
too) situation A could happen. The odds might not be in your favor. Don't
risk that!

Cordially,
Nathaniel Suchy

On Thu, Aug 30, 2018 at 3:25 PM grarpamp  wrote:

> This particular case receiving mentions for at least a few months...
> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114
>
> The relay won't [likely] be badexited because neither it nor its upstream
> is
> shown to be doing anything malicious. Simple censorship isn't enough.
> And except for such limited censorship, the nodes are otherwise fully
> useful, and provide a valuable presence inside such regions / networks.
>
> Users, in such censoring regimes, that have sucessfully connected
> to tor, already have free choice of whatever exits they wish, therefore
> such censorship is moot for them.
>
> For everyone else, and them, workarounds exist such as,,,
> https://onion.torproject.org/
> http://yz7lpwfhhzcdyc5y.onion/
> search engines, sigs, vpns, mirrors, etc
>
> Further, whatever gets added to static exitpolicy's might move out
> from underneath them or the censor, the censor may quit, or the exit
> may fail to maintain the exitpolicy's. None of which are true
> representation
> of the net, and are effectively censorship as result of operator action
> even though unintentional / delayed.
>
> Currently many regimes do limited censorship like this,
> so you'd lose all those exits too for no good reason, see...
> https://ooni.torproject.org/
>
> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country
>
> And arbitrarily hamper spirits, tactics, and success of volunteer
> resistance communities and operators in, and fighting, such regimes
> around the world.
>
> And if the net goes chaotic, majority of exits will have limited
> visibility,
> for which exitpolicy / badexit are hardly manageable solutions either,
> and would end up footshooting out many partly useful yet needed
> exits as well.
>
>
> If this situation bothers users, they can use... SIGNAL NEWNYM,
> New Identity, or ExcludeExitNodes.
>
> They can also create, maintain and publish lists of whatever such
> classes of nodes they wish to determine, including various levels
> of trust, contactability, verification, ouija, etc... such that others
> can subscribe to them and Exclude at will.
> They can further publish patches to make tor automatically
> read such lists, including some modes that might narrowly exclude
> and route stream requests around just those lists of censored
> destination:exit pairings.
>
> Ref also...
> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit
> https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit
>
>
> In the subect situations, you'd want to show that it is in fact
> the exit itself, not its upstream, that is doing the censorship.
>
> Or that if fault can't be determined to the upstream or exit, what
> would be the plausible malicious benefit for an exit / upstream
> to block a given destination such that a badexit is warranted...
>
> a) Frustrate and divert off 0.001% of Turk users smart enough to
> use tor, chancing through tor client random exit selection of your
> blocking exit, off to one of the workarounds that you're equally
> unlikely to control and have ranked, through your exit vs one
> of the others tor has open?
>
> b) Prop up weird or otherwise secretly bad nodes on the net,
> like the hundreds of other ones out there, for which no badexit
> or diverse subscription services yet exist to qualify them?
>
> c) ???
>
> Or that some large number of topsites were censored via
> singular or small numbers of exits / upstreams so as to be
> exceedingly annoying to the network users as a whole, where
> no other environment of such / chaotic widespread annoyance
> is known to exist at the same time.
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

2018-08-30 Thread grarpamp

This particular case receiving mentions for at least a few months...
D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114

The relay won't [likely] be badexited because neither it nor its upstream is
shown to be doing anything malicious. Simple censorship isn't enough.
And except for such limited censorship, the nodes are otherwise fully
useful, and provide a valuable presence inside such regions / networks.

Users, in such censoring regimes, that have sucessfully connected
to tor, already have free choice of whatever exits they wish, therefore
such censorship is moot for them.

For everyone else, and them, workarounds exist such as,,,
https://onion.torproject.org/
http://yz7lpwfhhzcdyc5y.onion/
search engines, sigs, vpns, mirrors, etc

Further, whatever gets added to static exitpolicy's might move out
from underneath them or the censor, the censor may quit, or the exit
may fail to maintain the exitpolicy's. None of which are true representation
of the net, and are effectively censorship as result of operator action
even though unintentional / delayed.

Currently many regimes do limited censorship like this,
so you'd lose all those exits too for no good reason, see...
https://ooni.torproject.org/
https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country

And arbitrarily hamper spirits, tactics, and success of volunteer
resistance communities and operators in, and fighting, such regimes
around the world.

And if the net goes chaotic, majority of exits will have limited visibility,
for which exitpolicy / badexit are hardly manageable solutions either,
and would end up footshooting out many partly useful yet needed
exits as well.


If this situation bothers users, they can use... SIGNAL NEWNYM,
New Identity, or ExcludeExitNodes.

They can also create, maintain and publish lists of whatever such
classes of nodes they wish to determine, including various levels
of trust, contactability, verification, ouija, etc... such that others
can subscribe to them and Exclude at will.
They can further publish patches to make tor automatically
read such lists, including some modes that might narrowly exclude
and route stream requests around just those lists of censored
destination:exit pairings.

Ref also...
https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit
https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit


In the subect situations, you'd want to show that it is in fact
the exit itself, not its upstream, that is doing the censorship.

Or that if fault can't be determined to the upstream or exit, what
would be the plausible malicious benefit for an exit / upstream
to block a given destination such that a badexit is warranted...

a) Frustrate and divert off 0.001% of Turk users smart enough to
use tor, chancing through tor client random exit selection of your
blocking exit, off to one of the workarounds that you're equally
unlikely to control and have ranked, through your exit vs one
of the others tor has open?

b) Prop up weird or otherwise secretly bad nodes on the net,
like the hundreds of other ones out there, for which no badexit
or diverse subscription services yet exist to qualify them?

c) ???

Or that some large number of topsites were censored via
singular or small numbers of exits / upstreams so as to be
exceedingly annoying to the network users as a whole, where
no other environment of such / chaotic widespread annoyance
is known to exist at the same time.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

Re: [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

[tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship

12 matches

Site Navigation

Mail list logo

Footer information