[tor-talk] Differences between real exit traffic and exit-generated traffic ?
Let's say I have an exit node handling average traffic and number of connections (whatever that is). Let's also say that port 22 is included in my exit policy. Now let's say that I, as the administrator, log onto the exit node and: ssh u...@host.com I understand that a global observer with traffic analysis blah blah blah. But what about someone just watching the exit node ? Is there anything at all about my ssh connection generate from within the exit node that would distinguish it from real exiting Tor traffic ? ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Differences between real exit traffic and exit-generated traffic ?
Robert, On Fri, 30 Dec 2011, Robert Ransom wrote: On 2011-12-30, John Case c...@sdf.org wrote: Let's say I have an exit node handling average traffic and number of connections (whatever that is). Let's also say that port 22 is included in my exit policy. Now let's say that I, as the administrator, log onto the exit node and: ssh u...@host.com I understand that a global observer with traffic analysis blah blah blah. But what about someone just watching the exit node ? Is there anything at all about my ssh connection generate from within the exit node that would distinguish it from real exiting Tor traffic ? Someone watching all traffic to and from the exit node would be able to distinguish that connection from Tor traffic because traffic on the SSH connection would not be relayed over any OR connection (in either Hmmm... what I meant to say is, the Tor node exits port 22 *in addition to* the rest of its exit policy. So, for example: 20,21,22,80,443,6667 So someone watching all traffic in and out would see a whole lot of unknown incoming connections, all encrypted, from other tor nodes, and coming out of the node would see a whole bunch of traffic to all kinds of arbitrary destinations, over at least 6 different protocols. How would they pick a single SSH outbound (low bandwidth, let's say an interactive shell login) and know that *that* one has no corresponding input ? direction). Someone watching only that SSH connection (e.g. a sniffer at host.com) would be able to distinguish that SSH connection from an exiting Tor stream because your SSH client would respond to messages from the server immediately after they reach the exit node, whereas an SSH client connecting over Tor would not be able to respond until data from the server reached the other end of a Tor circuit. Ok, so there is a response speed fast enough that it *couldn't* have just done a three-hop back and forth ... that's interesting. BTW, is this a FAQ ? I can't be the first exit operator to be tempted by a low latency, almost Tor connection... ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] What is going on with /var/run/tor?
Thanks for the suggestions. I am going to start from the beginning because Vidalia is still weird but Tor seems OK now. First, I removed everything: apt-get purge tor vidalia Second, I installed as suggested here (option two) for Ubuntu lucid: https://www.torproject.org/docs/debian.html.en Third, debian-tor owns /var/run/tor: /var/run/tor drwxr-s--- 2 debian-tor debian-tor 100 2011-12-30 11:29 tor When I run 'tor' from the command line it works: Dec 30 11:30:45.236 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Dec 30 11:30:45.240 [notice] Initialized libevent version 1.4.13-stable using method epoll. Good. Dec 30 11:30:45.240 [notice] Opening Socks listener on 127.0.0.1:9050 Dec 30 11:30:45.503 [notice] Parsing GEOIP file /usr/share/tor/geoip. Dec 30 11:30:46.425 [notice] OpenSSL OpenSSL 0.9.8k 25 Mar 2009 [9080bf] looks like it's older than 0.9.8l, but some vendors have backported 0.9.8l's renegotiation code to earlier versions, and some have backported the code from 0.9.8m or 0.9.8n. I'll set both SSL3_FLAGS and SSL_OP just to be safe. Dec 30 11:30:49.144 [notice] We now have enough directory information to build circuits. Dec 30 11:30:49.144 [notice] Bootstrapped 80%: Connecting to the Tor network. Dec 30 11:30:50.216 [notice] Bootstrapped 85%: Finishing handshake with first hop. Dec 30 11:30:50.737 [notice] Bootstrapped 90%: Establishing a Tor circuit. Dec 30 11:30:51.342 [notice] Tor has successfully opened a circuit. Looks like client functionality is working. Dec 30 11:30:51.342 [notice] Bootstrapped 100%: Done. I assume that this is using the torrc file in /etc/tor/torrc. However, I want to use my own torrc. I try 'tor -f torrc'. This shows: Dec 30 11:49:04.516 [notice] Tor v0.2.2.35 (git-73ff13ab3cc9570d). This is experimental software. Do not rely on it for strong anonymity. (Running on Linux i686) Dec 30 11:49:04.519 [warn] The configuration option 'StrictExitNodes' is deprecated; use 'StrictNodes' instead. Dec 30 11:49:04.520 [notice] Initialized libevent version 1.4.13-stable using method epoll. Good. Dec 30 11:49:04.521 [notice] Opening Socks listener on 127.0.0.1:9050 This appears to load my torrc rather than (I assume) /etc/tor/torrc. I then want to use Vidalia. I follow the instructions at https://www.torproject.org/docs/debian-vidalia.html.en The way I have managed to get Vidalia to work is as follows: Vidalia loads Tor at /usr/sbin/tor (general tab). I select my own Tor configuration file (advanced tab). The Data Directory is ~/.tor (advanced tab). What I do not understand is the Tor Control aspect of the Advanced tab. If I set the TCP connection (ControlPort) to 127.0.0.1: 9050 then Vidalia works fine. However, I am sure the default setting was Use Unix domain socket (ControlSocket) with the path /var/run/tor/control (maybe I am wrong)? Anyhow, in /var/run/tor is only one file (no control): -rw-r- 1 debian-tor debian-tor 32 2011-12-30 11:40 control.authcookie My question is: should I be using the ControlPort or the ControlSocket? Thanks!!! ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] TBB on GNU and Windows
Hi I realized that the tbb is behaving differently on GNU and Windows. In Windows, one may start tbb before or after starting an instance of Mozilla Firefox. In GNU, one may start tbb only after opening Firefox first. If tbb is started and I attempt to start a fresh instance of Firefox, it will launch another window of tbb. Is this difference intentional? -- Regards Koh Choon Lin ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Why can't I hide/minimize to tray anymore?
Why can't I hide/minimize to tray anymore? -- GnuPG is Free Software (meaning that it respects your freedom). Extensible, customizable text editor---GNU Emacs; Where's yours? signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TBB on GNU and Windows
On Fri, 30 Dec 2011 20:59:14 +0800 Koh Choon Lin 2choon...@gmail.com wrote: I realized that the tbb is behaving differently on GNU and Windows. In Windows, one may start tbb before or after starting an instance of Mozilla Firefox. In GNU, one may start tbb only after opening Firefox first. If tbb is started and I attempt to start a fresh instance of Firefox, it will launch another window of tbb. I've added --no-remote to my non-tor Firefoxes on OSX and Linuxes/FreeBSD to avoid the conflicts. Users call in with the same problems too. Is this difference intentional? I hope it isn't intentional, it makes using tbb with normal firefox a pain in the ass. You have to remember to start non-tor firefox first, and then TBB. Order of starting shouldn't matter. -- Andrew http://tpo.is/contact pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Why can't I hide/minimize to tray anymore?
On Fri, Dec 30, 2011 at 3:00 PM, M Robinson mr.m.robin...@gmail.com wrote: Why can't I hide/minimize to tray anymore? Related to https://trac.torproject.org/projects/tor/ticket/4795, maybe? -- Runa A. Sandvik ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Why can't I hide/minimize to tray anymore?
On Fri, 30 Dec 2011 10:00:55 -0500 M Robinson mr.m.robin...@gmail.com wrote: Why can't I hide/minimize to tray anymore? What are you trying to hide/minimize? which os? which desktop? etc? -- Andrew http://tpo.is/contact pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] newbie: tor browser bundle and privoxy
Hello, list. I am newbie in Tor. By reading an information about tor i found article( http://www.hermann-uwe.de/blog/howto-anonymous-communication-with-tor-some-hints-and-some-pitfalls ), that says: The biggest problem with many applications is that they /leak DNS requests/. That is, although they use Tor to anonymize the traffic, they first send a DNS request /untorified/ in order to get the IP address of the target system. /Then/ they communicate anonymously with that target. The problem: any eavesdropper with more than three brain cells can conclude what website you visited, if they see that you send a DNS request for rsf.org http://www.rsf.org, followed by some anonymous Tor traffic. The solution: *use Tor together with Privoxy*, that prevents DNS leaks. Next, on https://www.torproject.org/projects/torbrowser-details.html.en#contents i found, that *Tor Browser Bundle* consist of: * Vidalia 0.2.15 * Tor 0.2.2.35 (with libevent-2.0.16-stable, zlib-1.2.5, openssl-1.0.0e) * Mozilla Aurora 9.0.1 and Torbutton 1.4.5.1) * Pidgin 2.7.5 and OTR 3.2 (only in Tor IM Browser Bundle) So, Tor Browser Bundle does not contain Privoxy. Now question: does this mean, that Tor Browser Bundle is less secure than separately installed Tor + Privoxy? P.S. sorry for my rough english. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Why can't I hide/minimize to tray anymore?
Windows 7 65-bit It's not Ticket #4795 (new defect) Everything is fine, but PMW (Process Manager for Windows) cannot affect the Tor Window anymore. I'm trying to hide/minimize the aurora window to the tray. this hasn't been a problem in past versions, but now NONE of these type (PMW, DM2, etc) apps will affect the tor/browser window. I Prefer PMW for the quick kill. On 12/30/2011 10:26 AM, Runa A. Sandvik wrote: On Fri, Dec 30, 2011 at 3:00 PM, M Robinson mr.m.robin...@gmail.com wrote: Why can't I hide/minimize to tray anymore? Related to https://trac.torproject.org/projects/tor/ticket/4795, maybe? -- GnuPG is Free Software (meaning that it respects your freedom). Extensible, customizable text editor---GNU Emacs; Where's yours? signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] newbie: tor browser bundle and privoxy
Привет Иван, I am not a Tor developer but I will try to answer (in English, as my Russian is appalling). On 30/12/11 16:31, Ivan Ivanov wrote: i found, that *Tor Browser Bundle* consist of: * Vidalia 0.2.15 * Tor 0.2.2.35 (with libevent-2.0.16-stable, zlib-1.2.5, openssl-1.0.0e) * Mozilla Aurora 9.0.1 and Torbutton 1.4.5.1) * Pidgin 2.7.5 and OTR 3.2 (only in Tor IM Browser Bundle) So, Tor Browser Bundle does not contain Privoxy. Now question: does this mean, that Tor Browser Bundle is less secure than separately installed Tor + Privoxy? P.S. sorry for my rough english. The applications within TBB have been audited for DNS leaks. If you only use those apps then you should not have that problem to worry about. A greater issue is that of your usage pattern, i.e. if you give away your identity by another means (e.g. by posting on a mailing list, or logging into Facebook) there is nothing Tor (or Privoxy) can do about it. If you wish to use other applications with Tor then you may need to take precautions to avoid DNS and other leaks. This is easier said than done, and if you lack the necessary computer science knowledge then I would advise considering whether it's a risk you need to take. Merely installing something like Privoxy will do nothing except give you a false sense of security. If you dig through the torproject.org website you will find information concerning this topic; approaches include creating a separate user account which transparently torifies all network activity, or performing all anonymous work within a dedicated virtual machine. If you can achieve everything you need through the Tor Browser itself then your privacy is primarily dependent on your own discipline. IMHO this would be the best path for a newbie to take. Regards, Julian -- 3072D/D2DE707D Julian Yon (2011 General Use) pgp.2...@jry.me signature.asc Description: OpenPGP digital signature ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] newbie: tor browser bundle and privoxy
Hi So, Tor Browser Bundle does not contain Privoxy. Now question: does this mean, that Tor Browser Bundle is less secure than separately installed Tor + Privoxy? IIRC I think Privoxy has been replaced by Polipo. -- Regards Koh Choon Lin ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Exit/VPN payment and separation options
Without question you can find one that will respond very nicely to an official RFQ and a money order. The real hook is a single, annual payment, which will be impossible for them to resist. True, RFQ puts you in control, and they love prepaid. Though putting a year of funds at risk of a complaint is silly. Try three months. If you buy the MO from an actual bank, it will look very much like a cashiers check, etc. And in the US, bank regs very much require your ID/acct/etc to get one. We're all ears on banks that don't. Try the gas station, grocery, check place if you want a MO. Alternatively, a pre-paid visa from somewhere like Simon malls, etc., works Non in-country transactions may be denied along with other prepaid curiosities such as Netflix denials. Read the fine print. Be prepared to spend down any card buying groceries instead. I'm sure people would love to hear success stories. The other end of the spectrum is a corporate front with an appointed agent, etc. - you can do this for less than $500, and then you can run everything under that. Unless your under $500 means the $499.99 that every lawyer in the US seems to charge to do the same fill in the template shuffle ;) You can file your own with the secretary. It's finding a service/someone to serve and sign as incorporator and agent and who will inform and defer to you instead of rolling you to the inquisitor on the first inquiry. The $500 lawyer will usually get you that level of protection and professionalism. Be sure to look for one that has isp/hoster clients. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Differences between real exit traffic and exit-generated traffic ?
Ok, so there is a response speed fast enough that it *couldn't* have just done a three-hop back and forth ... that's interesting. This is it, a timing and connection pairing thing. If you come in direct from your base to clearnet 22, your outbound line will be extremely keystroke responsive to your login line. Same goes for console login, plus console has no input line. A casual observer might be fooled by you running a shell server for people, and you could login via exit with that. Without clearnet access, an admin HS could be run, your output line would be timeable at twice the avg lag and jitter that an exit input would. Something like that, sketch it on paper. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Why can't I hide/minimize to tray anymore?
On Fri, 30 Dec 2011 12:59:50 -0500 M Robinson mr.m.robin...@gmail.com wrote: Windows 7 65-bit You probably mean 64-bit. What patch level are you at? I cannot replicate this on my win7 64bit test machine. TBB 0.2.3.35-3 works fine. -- Andrew http://tpo.is/contact pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Exit/VPN payment and separation options
On 2011-12-30, grarpamp wrote: [On 2011-12-28,John Case wrote:] Alternatively, a pre-paid visa from somewhere like Simon malls, etc., works Non in-country transactions may be denied along with other prepaid curiosities such as Netflix denials. Read the fine print. Be prepared to spend down any card buying groceries instead. I'm sure people would love to hear success stories. I've had some success with Simon gift cards. However, any serious use (such as Amazon, Google checkout and VoIP accounts) requires confirmation by telephone. They call you, and you either enter a code from the webpage on the phone, or vice versa. That requires getting an anonymous cellphone, which must be activated by telephone. Pay phones are hard to find these days in the USA. Small towns seem to be the best bet. It's also good to have a voicemail-to-email account, given that you probably won't be answering that cellphone very much. You never use it from your home area, of course. You also need a snailmail address, and it must be valid. I've had good luck with recently-failed businesses, such as restaurants. It's not hard to find comments on food review websites. Also, some payment processors decline transactions made through VPNs, so you may need to visit a relatively distant city, and use a free WiFi hotspot. I typically use the same metro area for VPN exit IP, snailmail address, cellphone number and free WiFi hotspot. Be sure to spoof your WiFi MAC address (macchanger on Linux) before connecting. You can use your anonymous cellphone while you're there. I typically use anonymous TCP VPN through Tor through semianonymous UDP VPN. By the way, this identity is one that didn't work out very well, with many failed experiments that may have attracted attention. A little more won't hurt. ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] newbie: tor browser bundle and privoxy
On Fri, Dec 30, 2011 at 08:31:18PM +0400, grobokopa...@list.ru wrote 1.5K bytes in 35 lines about: : So, Tor Browser Bundle does not contain Privoxy. : Now question: does this mean, that Tor Browser Bundle is less secure : than separately installed Tor + Privoxy? No. The old answer for this is here, https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ#WhydoweneedPolipoorPrivoxywithTorWhichisbetter The current answer is that Aurora/Firefox 6 and newer use SOCKS correctly and do not leak DNS queries. Other applications you may use with Tor may leak DNS requests. The Vidalia Message log will generally report these leaks correctly. -- Andrew http://tpo.is/contact pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Automatic vulnerability scanning of Tor Network?
On Fri, Dec 30, 2011 at 04:50:57AM +, c...@sdf.org wrote 1.4K bytes in 38 lines about: : Either way your name is not attached to it, and your home address, : etc., isn't either. It's trivial for law enforcement to make the one hop from your company to you and then to your house. Stupid criminals use a front company all the time. While this may provide some legal protection after you're raided and talking to a lawyer, you still get the swat team if your local police are prone to overreaction. : The list may not appreciate my criticism, but the reality is we get : about one post every six months from someone who literally has their : door kicked in and their property stolen by the state. So what? Just because there are overzealous police forces doesn't mean running a Tor relay isn't legal and not your right to use the banwidth for which you pay monthly. The vast majority of people will never experience the exception to the rule; the SWAT team at 5 AM. https://blog.torproject.org/blog/five-years-exit-node-operator is my experience. This is still the case four years later. One raided relay out of 3000 relays every six months is a fantastic ratio. I wish it were zero, but running Tor is not illegal, nor is relaying traffic for others. The vast majority of Tor traffic is benign, normal traffic from people who need Tor. I'm going to trust the probability that says I'm very unlikely to get raided for a Tor exit node at home. We also have the start of a legal directory for relay operators, https://blog.torproject.org/blog/start-tor-legal-support-directory. At the worst, call me, I'll try to help. I've helped many over the past few years, some of them as the police were in the house asking questions. I'm not a lawyer, but I'll try to help you find one, if needed. -- Andrew http://tpo.is/contact pgp 0x74ED336B ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] remailers
I used to run a remailer and would like to again. There is a Mixminion package, so I installed it and tried to join the group. What's going on these days with remailers? Should we design a remailer that uses Tor in some way? cmeclax ___ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk