Re: [tor-relays] Suggestion to make Tor usage more disguised

[David Stainton]

Why would someone get into trouble for using Tor?
Furthermore, have you have heard of pluggable transports for Tor?

On Sat, Jan 16, 2016 at 1:31 PM, Raúl Martínez  wrote:
> Hi,
> I am writing this message to make a simple suggestion that could help
> driving more adoption to Tor by making using tor less obvious for a network
> administrator.
>
> This suggestion tries to address the user case of a common Tor usage, in
> which the user is not being attacked nor mitm, he is just using tor in his
> work for example.
>
> The network admin of the office is not searching actively for Tor users in
> his network but one day he log-in in the router panel and he sees this:
>
> - Current conexions -
>
> WORKSTATION-98
> 38.29.00.2 [torproxy10.teaxxcu.com]
>
> Is obvious that is using tor. The network admin was not looking for Tor
> usage in his network but it saw this without looking for it. Now this worker
> can be in serious trouble for using Tor.
>
> So my suggestion is to set-up a custom hostname an a Tor-explaining html
> index ONLY in TOR EXIT nodes. They are the only nodes that can get in
> trouble and its helpful to advertise that they are tor nodes.
>
> ENTRY GUARD nodes should not advertise neither in the hostname nor in a
> HTML-index-page that they are Tor nodes. This way the network admin would
> only see an IP and a common hostname, that is a normal behaviour for a HTTPS
> request.
>
> So, having said that I encourage all Entry-Guard owners to unset his
> hostname and to disable the HTML-index-page. That could help a lot of Tor
> users to not draw unwanted attention.
>
>
> Obviously a network-admin can get a list of Tor relays and check if you are
> connecting to one of them but most of network-admins just take a look at his
> router info page without further investigation.
>
> Thanks for your time.
>
>
> TL;DR: I encourage all Entry-Guard owners to unset his hostname and to
> disable the HTML-index-page.
>
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Suggestion to make Tor usage more disguised

[Raúl Martínez]

Most of people are uneducated about what is Tor and what is used for. That
can lead to trouble.

I have used pluggable transports but they are too slow (50KB/s)

2016-01-16 15:00 GMT+01:00 David Stainton :

> Why would someone get into trouble for using Tor?
> Furthermore, have you have heard of pluggable transports for Tor?
>
> On Sat, Jan 16, 2016 at 1:31 PM, Raúl Martínez  wrote:
> > Hi,
> > I am writing this message to make a simple suggestion that could help
> > driving more adoption to Tor by making using tor less obvious for a
> network
> > administrator.
> >
> > This suggestion tries to address the user case of a common Tor usage, in
> > which the user is not being attacked nor mitm, he is just using tor in
> his
> > work for example.
> >
> > The network admin of the office is not searching actively for Tor users
> in
> > his network but one day he log-in in the router panel and he sees this:
> >
> > - Current conexions -
> >
> > WORKSTATION-98
> > 38.29.00.2 [torproxy10.teaxxcu.com]
> >
> > Is obvious that is using tor. The network admin was not looking for Tor
> > usage in his network but it saw this without looking for it. Now this
> worker
> > can be in serious trouble for using Tor.
> >
> > So my suggestion is to set-up a custom hostname an a Tor-explaining html
> > index ONLY in TOR EXIT nodes. They are the only nodes that can get in
> > trouble and its helpful to advertise that they are tor nodes.
> >
> > ENTRY GUARD nodes should not advertise neither in the hostname nor in a
> > HTML-index-page that they are Tor nodes. This way the network admin would
> > only see an IP and a common hostname, that is a normal behaviour for a
> HTTPS
> > request.
> >
> > So, having said that I encourage all Entry-Guard owners to unset his
> > hostname and to disable the HTML-index-page. That could help a lot of Tor
> > users to not draw unwanted attention.
> >
> >
> > Obviously a network-admin can get a list of Tor relays and check if you
> are
> > connecting to one of them but most of network-admins just take a look at
> his
> > router info page without further investigation.
> >
> > Thanks for your time.
> >
> >
> > TL;DR: I encourage all Entry-Guard owners to unset his hostname and to
> > disable the HTML-index-page.
> >
> > ___
> > tor-relays mailing list
> > tor-relays@lists.torproject.org
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
> ___
> tor-relays mailing list
> tor-relays@lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

[tor-relays] Suggestion to make Tor usage more disguised

[Raúl Martínez]

Hi,
I am writing this message to make a simple suggestion that could help
driving more adoption to Tor by making using tor less obvious for a network
administrator.

This suggestion tries to address the user case of a common Tor usage, in
which the user is not being attacked nor mitm, he is just using tor in his
work for example.

The network admin of the office is not searching actively for Tor users in
his network but one day he log-in in the router panel and he sees this:

- Current conexions -

WORKSTATION-98
38.29.00.2 [torproxy10.teaxxcu.com]

Is obvious that is using tor. The network admin was not looking for Tor
usage in his network but it saw this without looking for it. Now this
worker can be in serious trouble for using Tor.

So my suggestion is to set-up a custom hostname an a Tor-explaining html
index ONLY in TOR EXIT nodes. They are the only nodes that can get in
trouble and its helpful to advertise that they are tor nodes.

ENTRY GUARD nodes should not advertise neither in the hostname nor in a
HTML-index-page that they are Tor nodes. This way the network admin would
only see an IP and a common hostname, that is a normal behaviour for a
HTTPS request.

So, having said that *I encourage all Entry-Guard owners to unset his
hostname and to disable the HTML-index-page*. That could help a lot of Tor
users to not draw unwanted attention.


Obviously a network-admin can get a list of Tor relays and check if you are
connecting to one of them but most of network-admins just take a look at
his router info page without further investigation.

Thanks for your time.


TL;DR: I encourage all Entry-Guard owners to unset his hostname and to
disable the HTML-index-page.
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Suggestion to make Tor usage more disguised

[Jesse V]

On 01/16/2016 05:20 AM, Elrippo wrote:
> Well, you are forgetting that all TOR relays are using an IP, and these IP's 
> are stored in a public list.
> So you do not have to check your logs as a network admin, you just have to 
> download the list every 24H and wright and a simple script (and make use of 
> iptables on a Unix Server) to deny the initiative connection to a TOR entry 
> node, simple as that.
> It is more an attitude of the network setup and corporate understanding 
> towards TOR.

Exactly. Furthermore, Tor clients make connections to Tor directory
authorities in order to fetch the consensus documents, in the event that
the client doesn't have the necessary network information. The IP
addresses of the dirauths are hard-coded into Tor clients. System
administrators can simply look for connections to these dirauths to
discover new Tor clients. Existing clients can fetch new consensus data
from existing Tor relays.

There are several ways to detect if someone is using Tor, and most of
those methods can be thwarted by using a bridge with a pluggable
transport, like obfs4. Tor relays should have reverse DNS and a nice
landing page, possibly even one they wrote themselves. It just makes the
whole network more friendly for the rest of the Internet.

It's "Tor", not "TOR".

-- 
Jesse V



signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Suggestion to make Tor usage more disguised

[Yawning Angel]

On Sat, 16 Jan 2016 15:02:18 +0100
Raúl Martínez  wrote:
> Most of people are uneducated about what is Tor and what is used for.
> That can lead to trouble.
> 
> I have used pluggable transports but they are too slow (50KB/s)

So run your own fast bridge?  It's relatively easy, and I assume that's
the main reason why it's slow since all of the non-meek transports are
relatively lightweight.

Anyway, I don't see the point of this.

People that care about masking Tor use should use Bridges with
pluggable transports and expect to take a performance hit for the
extra obfuscation.

People that do not use such things should assume that it is trivial to
figure out if they are using Tor.

It's worth noting that the obfuscation isn't perfect and people should
assume that it's possible to figure out if they're using Tor if they
are being actively targeted as well, but the various transports do
raise the bar by varying amounts.

Apart from the cases involving Bridges and PTs, explicitly hiding Tor
use is not in Tor's threat model either (and probably can't be without
a major re-design of how the network works, which is unlikely to
happen).

Regards,

-- 
Yawning Angel


pgpyJokTtZeFO.pgp
Description: OpenPGP digital signature
___
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Re: [tor-relays] Suggestion to make Tor usage more disguised

[Elrippo]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Well, you are forgetting that all TOR relays are using an IP, and these IP's 
are stored in a public list.
So you do not have to check your logs as a network admin, you just have to 
download the list every 24H and wright and a simple script (and make use of 
iptables on a Unix Server) to deny the initiative connection to a TOR entry 
node, simple as that.
It is more an attitude of the network setup and corporate understanding towards 
TOR.

Best regards,
elrippo

Am 16. Jänner 2016 15:02:18 MEZ, schrieb "Raúl Martínez" :
>Most of people are uneducated about what is Tor and what is used for.
>That
>can lead to trouble.
>
>I have used pluggable transports but they are too slow (50KB/s)
>
>2016-01-16 15:00 GMT+01:00 David Stainton :
>
>> Why would someone get into trouble for using Tor?
>> Furthermore, have you have heard of pluggable transports for Tor?
>>
>> On Sat, Jan 16, 2016 at 1:31 PM, Raúl Martínez  wrote:
>> > Hi,
>> > I am writing this message to make a simple suggestion that could
>help
>> > driving more adoption to Tor by making using tor less obvious for a
>> network
>> > administrator.
>> >
>> > This suggestion tries to address the user case of a common Tor
>usage, in
>> > which the user is not being attacked nor mitm, he is just using tor
>in
>> his
>> > work for example.
>> >
>> > The network admin of the office is not searching actively for Tor
>users
>> in
>> > his network but one day he log-in in the router panel and he sees
>this:
>> >
>> > - Current conexions -
>> >
>> > WORKSTATION-98
>> > 38.29.00.2 [torproxy10.teaxxcu.com]
>> >
>> > Is obvious that is using tor. The network admin was not looking for
>Tor
>> > usage in his network but it saw this without looking for it. Now
>this
>> worker
>> > can be in serious trouble for using Tor.
>> >
>> > So my suggestion is to set-up a custom hostname an a Tor-explaining
>html
>> > index ONLY in TOR EXIT nodes. They are the only nodes that can get
>in
>> > trouble and its helpful to advertise that they are tor nodes.
>> >
>> > ENTRY GUARD nodes should not advertise neither in the hostname nor
>in a
>> > HTML-index-page that they are Tor nodes. This way the network admin
>would
>> > only see an IP and a common hostname, that is a normal behaviour
>for a
>> HTTPS
>> > request.
>> >
>> > So, having said that I encourage all Entry-Guard owners to unset
>his
>> > hostname and to disable the HTML-index-page. That could help a lot
>of Tor
>> > users to not draw unwanted attention.
>> >
>> >
>> > Obviously a network-admin can get a list of Tor relays and check if
>you
>> are
>> > connecting to one of them but most of network-admins just take a
>look at
>> his
>> > router info page without further investigation.
>> >
>> > Thanks for your time.
>> >
>> >
>> > TL;DR: I encourage all Entry-Guard owners to unset his hostname and
>to
>> > disable the HTML-index-page.
>> >
>> > ___
>> > tor-relays mailing list
>> > tor-relays@lists.torproject.org
>> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>> >
>> ___
>> tor-relays mailing list
>> tor-relays@lists.torproject.org
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>
>
>
>
>___
>tor-relays mailing list
>tor-relays@lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

- --
We don't bubble you, we don't spoof you ;)
Keep your data encrypted!
Log you soon,
your Admin
elri...@elrippoisland.net

Encrypted messages are welcome.
0x84DF1F7E6AE03644

- -BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd
BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb
UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+
B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5
Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R
9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs
e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9
jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h
q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z
+rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI
KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB
tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs
cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7
uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd
U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW
oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s