Re: [tor-talk] Tor Project Corporate Document FOI Request

[ITechGeek]

I think you meant this one:
http://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSummary.aspx?FEIN=208096820_TYPE=1
The exact name of the Nonprofit Corporation:   THE TOR PROJECT, INC.
Entity type:   Nonprofit Corporation


---
-ITG (ITechGeek)  |  i...@itechgeek.com 
https://keybase.io/itechgeek  |  https://itg.nu/
Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook:
http://fb.me/Jbwa.Net

On Tue, Aug 9, 2016 at 12:01 AM, grarpamp  wrote:

> On 8/8/16, Ken Cline  wrote:
> > Others  are a matter of public record:  Consult the Massachusetts
> Secretary
> > of State's web site
> > [http://corp.sec.state.ma.us/corpweb/CorpSearch/CorpSearch.aspx]
>
> If you start searching by entity and individual names,
> here's one example of what shows up that is certainly community
> relavant and that I don't recall being publicly announced...
>
> # TOR SOLUTIONS CORPORATION, For Profit, 25 shares
> http://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSummary.aspx?FEIN=
> 001055985
>
> ...at least not until this FOI request from the community came along...
>
> https://lists.torproject.org/pipermail/tor-talk/2013-September/030164.html
> https://lists.torproject.org/pipermail/tor-talk/2013-September/030169.html
> https://www.google.com/search?q="tor+solutions+group;
> https://www.google.com/search?q="tor+solutions+corporation;
>
> Might as well include their bylaws, minutes, etc for transparency too.
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Project Corporate Document FOI Request

[grarpamp]

On 8/8/16, Ken Cline  wrote:
> Others  are a matter of public record:  Consult the Massachusetts Secretary
> of State's web site
> [http://corp.sec.state.ma.us/corpweb/CorpSearch/CorpSearch.aspx]

If you start searching by entity and individual names,
here's one example of what shows up that is certainly community
relavant and that I don't recall being publicly announced...

# TOR SOLUTIONS CORPORATION, For Profit, 25 shares
http://corp.sec.state.ma.us/CorpWeb/CorpSearch/CorpSummary.aspx?FEIN=001055985

...at least not until this FOI request from the community came along...

https://lists.torproject.org/pipermail/tor-talk/2013-September/030164.html
https://lists.torproject.org/pipermail/tor-talk/2013-September/030169.html
https://www.google.com/search?q="tor+solutions+group;
https://www.google.com/search?q="tor+solutions+corporation;

Might as well include their bylaws, minutes, etc for transparency too.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Project Corporate Document FOI Request

[Ken Cline]

> On 8 Aug 2016, at 6:24 PM, grarpamp  wrote:
> 
> On 7/31/16, Paul Syverson  wrote:
>> I don't know the extent to which this covers what you were looking for,
> 
> People are certainly familiar serving on, in, and with boards of
> directors, founding
> positions, and executive positions, as such are surely familiar with the name
> and meaning of the docs listed / requested by name on behalf of the community,
> familiar enough to which you and everyone else that has responded similarly
> above, up to and including proffering the not requested and new docs below,
> or talking FOIA law... that such respondants are, respectfully... full of 
> crap,
> or at least grossly to negligent misreading, regarding docs thought looking 
> for.

I have served on the board of directors of a nonprofit, though I have no 
affiliation with the The Tor Project, Inc.

Some of your requested documents are puzzlingly vague.  For example, I can only 
guess why you might want by "various Licenses and Certificates held", and would 
be at a loss to catalog the "form blanks to be signed by new parties of all 
types" used by my organization.

Others  are a matter of public record:  Consult the Massachusetts Secretary of 
State's web site 
[http://corp.sec.state.ma.us/corpweb/CorpSearch/CorpSearch.aspx] for details 
related to
"Articles Of Incorporation", "Charter", "Bylaws", and "Operating Agreement".  
Except for Bylaws, these named documents do not exist.  You will find their 
Articles of Organization and Annual Reports, which contain relevant information.

Others are on the Tor Web site itself:  The personnel you want to know about 
("List of Officeholders", "Executives", "Voting Members", and "Shareholders") 
appear to be listed on the Tor Project Web site 
[https://www.torproject.org/about/corepeople.html.en].  Of course, there are no 
shareholders, and precisely which people have voting power will be detailed in 
the Articles of Organization or Bylaws.

Still others appear not yet available.  It looks like you'll need some patience 
in obtaining the audited 2015 financials.

Finally, "Meeting Minutes covering years 2010 ~ 2015" should be available.  I 
would contact the Tor Project directly (Executive Director's office, maybe).

> It's been almost three weeks now and the silence by those in position
> to execute this request, to even officially publicly acknowledge and
> put it in queue... is becoming suspect in some circles.

Tortalk doesn't seem like the right forum for your request.  The issue you 
filed in the tracking system was given medium priority, which seems proper to 
me.  Given the lack of specificity and redundancy or your request, I would 
expect it to take some time to complete.



signature.asc
Description: Message signed with OpenPGP using GPGMail
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Medium removed the captchas for Tor users!

[Sadiq Saif]

On 08-Aug-16 21:42, Joe Btfsplk wrote:
> I still don't know what those statements were about.
> I've seen no change in Cloudfront captchas working better for Tor.
> Meaning, they don't work at all.
> 
> Even major news outlets using CloudFlare, where I'd like to read
> controversial articles don't work w/ Tor Browser.
> Haven't for the longest time, regardless of having JS enabled.

The OP was referring to a specific site - Medium.com (using Cloudflare)
that was previously presenting captchas to Tor users and is no longer
doing so (this is an option in Cloudflare site settings that you can
enable).

It was not a statement on the general usability of Cloudflare's captchas
for Tor Browser users.

-- 
Sadiq Saif (AS393949)
https://asininetech.com
@staticsafe
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Medium removed the captchas for Tor users!

[Joe Btfsplk]

On 7/14/2016 4:49 PM, Griffin Boyce wrote:

That is really awesome! :-) Thanks for the update.


On Thu, Jul 14, 2016 at 5:42 PM, Kate Krauss < k...@torproject.org
[k...@torproject.org] > wrote:
I don't say much on Tor-Talk, but I will say this:

Thanks, Medium, for removing all those CloudFlare captchas for Tor
users. As an activist from East Africa once reminded me, the Internet
means *all* of the Internet. Otherwise it isn't quite itself--it is
meant to be accessible and comprehensive; a nearly inexhaustible catalog
of the world.

Thank you for helping out.

Cheers,

Kate Krauss


I still don't know what those statements were about.
I've seen no change in Cloudfront captchas working better for Tor. 
Meaning, they don't work at all.


Even major news outlets using CloudFlare, where I'd like to read 
controversial articles don't work w/ Tor Browser.

Haven't for the longest time, regardless of having JS enabled.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor Project Corporate Document FOI Request

[grarpamp]

On 7/31/16, Paul Syverson  wrote:
> I don't know the extent to which this covers what you were looking for,

People are certainly familiar serving on, in, and with boards of
directors, founding
positions, and executive positions, as such are surely familiar with the name
and meaning of the docs listed / requested by name on behalf of the community,
familiar enough to which you and everyone else that has responded similarly
above, up to and including proffering the not requested and new docs below,
or talking FOIA law... that such respondants are, respectfully... full of crap,
or at least grossly to negligent misreading, regarding docs thought looking for.

It's been almost three weeks now and the silence by those in position
to execute this request, to even officially publicly acknowledge and
put it in queue... is becoming suspect in some circles.

At least there seems now some movement by unofficials around it.
Let that not be taken to excuse officials.

> but you might want to look at/participate in the thread
> https://lists.torproject.org/pipermail/tor-project/2016-July/000559.html
> that discusses various Tor documents.

Maybe later as time permit :)

> The second message (from Alison) specifically includes several
> documents that seem to cover at least some of what you were asking about.

Nice for future, but see new docs above and below.

> The thread I reference in general discusses the need for having a good
> place to put all such documents and the pros and cons of various
> choices.

Could be seen as excuse / delay. Nor is a committee on that needed.
But hey, fixed that for ya...

https://trac.torproject.org/projects/tor/wiki/org/TorProjectCorporateDocuments

> So, while I think it's true that the particular thread we're
> currently in remains unanswered by anyone from TPI,

I'll accept that.

> there is clearly
> ongoing expenditure of nontrivial time and effort on the general
> topic.  No doubt plenty of room for improvement. HTH.

And that too... while noting that the request calls for existing past
docs, not future improved ones. The time and effort required to produce
the narrow list therein is trivial matter of pulling them from file drawer.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Tor 0.2.9.1-alpha is released

[Nick Mathewson]

Hi, everybody!

  Tor 0.2.9.1-alpha is the first alpha release in the 0.2.9 development
  series. It improves our support for hardened builds and compiler
  warnings, deploys some critical infrastructure for improvements to
  hidden services, includes a new timing backend that we hope to use for
  better support for traffic padding, makes it easier for programmers to
  log unexpected events, and contains other small improvements to
  security, correctness, and performance.

You can download the source from the usual place on the website.
Packages should be available over the next several days. Remember
to check the signatures!

Please note: This is an alpha release. You should only try this one if
you are interested in tracking Tor development, testing new features,
making sure that Tor still builds on unusual platforms, or generally
trying to hunt down bugs.

Below are the changes since 0.2.8.6.

Changes in version 0.2.9.1-alpha - 2016-08-08
 o New system requirements:
- Tor now requires Libevent version 2.0.10-stable or later. Older
  versions of Libevent have less efficient backends for several
  platforms, and lack the DNS code that we use for our server-side
  DNS support. This implements ticket 19554.
- Tor now requires zlib version 1.2 or later, for security,
  efficiency, and (eventually) gzip support. (Back when we started,
  zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was
  released in 2003. We recommend the latest version.)

  o Major features (build, hardening):
- Tor now builds with -ftrapv by default on compilers that support
  it. This option detects signed integer overflow (which C forbids),
  and turns it into a hard-failure. We do not apply this option to
  code that needs to run in constant time to avoid side-channels;
  instead, we use -fwrapv in that code. Closes ticket 17983.
- When --enable-expensive-hardening is selected, stop applying the
  clang/gcc sanitizers to code that needs to run in constant time.
  Although we are aware of no introduced side-channels, we are not
  able to prove that there are none. Related to ticket 17983.

  o Major features (compilation):
- Our big list of extra GCC warnings is now enabled by default when
  building with GCC (or with anything like Clang that claims to be
  GCC-compatible). To make all warnings into fatal compilation
  errors, pass --enable-fatal-warnings to configure. Closes
  ticket 19044.
- Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically
  turn on C and POSIX extensions. (Previously, we attempted to do
  this on an ad hoc basis.) Closes ticket 19139.

  o Major features (directory authorities, hidden services):
- Directory authorities can now perform the shared randomness
  protocol specified by proposal 250. Using this protocol, directory
  authorities generate a global fresh random value every day. In the
  future, this value will be used by hidden services to select
  HSDirs. This release implements the directory authority feature;
  the hidden service side will be implemented in the future as part
  of proposal 224. Resolves ticket 16943; implements proposal 250.

  o Major features (downloading, random exponential backoff):
- When we fail to download an object from a directory service, wait
  for an (exponentially increasing) randomized amount of time before
  retrying, rather than a fixed interval as we did before. This
  prevents a group of Tor instances from becoming too synchronized,
  or a single Tor instance from becoming too predictable, in its
  download schedule. Closes ticket 15942.

  o Major bugfixes (exit policies):
- Avoid disclosing exit outbound bind addresses, configured port
  bind addresses, and local interface addresses in relay descriptors
  by default under ExitPolicyRejectPrivate. Instead, only reject
  these (otherwise unlisted) addresses if
  ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on
  0.2.7.2-alpha. Patch by teor.

  o Major bugfixes (hidden service client):
- Allow Tor clients with appropriate controllers to work with
  FetchHidServDescriptors set to 0. Previously, this option also
  disabled descriptor cache lookup, thus breaking hidden services
  entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim".

  o Minor features (build, hardening):
- Detect and work around a libclang_rt problem that would prevent
  clang from finding __mulodi4() on some 32-bit platforms, and thus
  keep -ftrapv from linking on those systems. Closes ticket 19079.
- When building on a system without runtime support for the runtime
  hardening options, try to log a useful warning at configuration
  time, rather than an incomprehensible warning at link time. If
  expensive hardening was requested, this warning becomes an error.
  Closes ticket 

Re: [tor-talk] onion.torproject.org

[grarpamp]

And the ones listed not in torproject.org should be signed
for by someone in authority in their respective domains.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] onion.torproject.org

[grarpamp]

The above list of onions should come with an openpgp signature.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor protocol classification

[Spencer]

Hi,



Allen:
https://gitweb.torproject.org/torspec.git/tree/



I understand everything now XD

Wordlife,
Spencer



--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Tor protocol classification

[Allen]

>
> 1. Can anyone give me a description of what Tor is doing during the
> following stages of bootstrapping:
>

https://gitweb.torproject.org/torspec.git/tree/


> The reason I picked these stages of bootstrapping is because they’re the
> places where Tor is recognized and blocked by DPI equipment from Cyberoam.


It might just be blocking specific destination IP addresses, or it might be
recognizing unique properties of the TLS handshake implementation between
the user's Tor client and network's Tor relays.

https://tools.ietf.org/html/rfc5246


On Mon, Aug 8, 2016 at 3:01 PM, Justin  wrote:

> Hi,
> I’ve been interested in Tor censorship for a few years now, and had some
> questions.
> 1. Can anyone give me a description of what Tor is doing during the
> following stages of bootstrapping:
> A. 10% Finishing handshake with directory server.  What happens during the
> handshake and what makes it fingerprintable by a DPI box?
> B. 20% Asking for network status consensus.  Same questions as A.
> C. 45% Asking for relay descriptors.
> D. 85% Finishing handshake with first hop.
> E. 90% Establishing a Tor circuit.
> The reason I picked these stages of bootstrapping is because they’re the
> places where Tor is recognized and blocked by DPI equipment from Cyberoam.
> Keep in mind this is Vanilla Tor, no PT are used.
> Thanks very much,
> Justin.
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Tor protocol classification

[Justin]

Hi,
I’ve been interested in Tor censorship for a few years now, and had some 
questions.
1. Can anyone give me a description of what Tor is doing during the following 
stages of bootstrapping:
A. 10% Finishing handshake with directory server.  What happens during the 
handshake and what makes it fingerprintable by a DPI box?
B. 20% Asking for network status consensus.  Same questions as A.
C. 45% Asking for relay descriptors.
D. 85% Finishing handshake with first hop.
E. 90% Establishing a Tor circuit.
The reason I picked these stages of bootstrapping is because they’re the places 
where Tor is recognized and blocked by DPI equipment from Cyberoam.  Keep in 
mind this is Vanilla Tor, no PT are used.
Thanks very much,
Justin.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Am I successfully using Torsocks, SSH, and a VPS? Please advise, thanks!

[Ben Tasker]

> I do not know if the same issue of identity linkability can
arise with a VPN service.

Depends on a few things including whether the account can be linked to you
in some way. Also depends on whether the service keeps logs, and there's no
way to tell whether claims they don't are true.

Over time, I'd imagine always using the same endpoint (on services that let
you choose) probably does you some harm too, especially if there's anything
(like unusualish user-agent strings) that act as an otherwise weak
identifier, with that being accelerated if you often log into google,
facebook or anyone else with an interest in tracking you across the net
On 8 Aug 2016 16:29, "Cristian Consonni"  wrote:

> 2016-08-08 17:19 GMT+02:00  :
> > There was a discussion of the same issue recently in
> > https://lists.torproject.org/pipermail/tor-talk/2016-July/041721.html .
> Ben
> > Tasker is right, if the VPS is registered in your name, you is not
> > anonymous. Even if the VPS is not linked to you, it is your pseudonym.
>
> The same can be said for the VPN if you have set up your own VPN using
> a VPS. I do not know if the same issue of identity linkability can
> arise with a VPN service.
>
> Cristian
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Am I successfully using Torsocks, SSH, and a VPS? Please advise, thanks!

[Cristian Consonni]

2016-08-08 17:19 GMT+02:00  :
> There was a discussion of the same issue recently in
> https://lists.torproject.org/pipermail/tor-talk/2016-July/041721.html . Ben
> Tasker is right, if the VPS is registered in your name, you is not
> anonymous. Even if the VPS is not linked to you, it is your pseudonym.

The same can be said for the VPN if you have set up your own VPN using
a VPS. I do not know if the same issue of identity linkability can
arise with a VPN service.

Cristian
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Am I successfully using Torsocks, SSH, and a VPS? Please advise, thanks!

[me]

On 08.08.16 13:55, blo...@openmailbox.org wrote:
I, like many other uses of Tor, have become increasingly frustrated 
with sites like Craigslist which discriminate against Tor. It makes 
these sites hard to use. I therefore decided to discover if it is 
possible to use Tor but end up with a non-Tor IP.

There was a discussion of the same issue recently in
https://lists.torproject.org/pipermail/tor-talk/2016-July/041721.html . 
Ben Tasker is right, if the VPS is registered in your name, you is not 
anonymous. Even if the VPS is not linked to you, it is your pseudonym.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Am I successfully using Torsocks, SSH, and a VPS? Please advise, thanks!

[Ben Tasker]

If you're using Firefox, one thing you want to consider is DNS leakage.

If you go into about:config, see whether network.proxy.socks_remote_dns
exists. If not create it and set to True.

Without that, DNS won't use the tunnel. As you've got a VPN running it'll
likely egress from the VPN endpoint instead.

> VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 3) ---> VPS
---> Internet.

How do you pay for the VPS? If it's in your name (or can be linked to you)
then all you're doing is preventing your local ISP from seeing what you're
connecting to (which might, of course, be your aim). You do, in effect,
have a fixed exit point though, so it's worth bearing in mind that in some
ways it makes you more identifiable from the point of view of services
you're connecting to.





On Mon, Aug 8, 2016 at 11:55 AM,  wrote:

> I, like many other uses of Tor, have become increasingly frustrated with
> sites like Craigslist which discriminate against Tor. It makes these sites
> hard to use. I therefore decided to discover if it is possible to use Tor
> but end up with a non-Tor IP.
>
> I use Torsocks to login to a VPS server via SSH and bind SSH to a specific
> port with SSH’s -D option.
>
> My configuration is: torsocks ssh -D 3 n...@vps.com (3 is just a
> random unused port).
>
> My normal Firefox browser (not the Tor Browser Bundle) has in Preferences
> / Advanced / Connection the SOCKS host set to 127.0.0.1, the port set to
> 3, SOCKS v5 is ticked, and remote DNS is ticked. The “No proxy for” box
> is blank.
>
> I also use a VPN for added privacy to ensure that my ISP cannot tell that
> I am connecting to Tor. The result is (in my opinion):
>
> VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 3) ---> VPS
> ---> Internet.
>
> First, I connect to my VPN provider. Second, I connect to port 3 on
> 127.0.0.1 where Tor (via Torsocks) and SSH is running. Third, I connect to
> a VPS (over SSH) and SSH is bound to port 3. Torsocks transmits the
> HTTP(S) traffic through three Tor nodes. Finally, the Tor routing ends at
> the VPS and the traffic goes out onto the internet from the infrastructure
> of the VPS.
>
> In my browser, I checked https://www.whatismyip.com/ which shows the IP
> address of the VPS. When I SSH into the VPS, I see that the last IP that
> logged in is that of a Tor exit node. In Wireshark, I see that my VPN
> interface connects to the IP address of a Tor entry node.
>
> I have two questions. Does this setup appear sensible and secure? I am
> sure there are other ways to achieve the same goal but I would like to know
> my system is valid. I think my system is secure but I would appreciate
> opinions from more experienced users.
>
> The result of this model is that my IP is that of the VPS which is static.
> I did add a HTTP proxy to Preferences / Advanced / Connection in Firefox
> but the result was that the SOCKS proxy (and thus Torsocks and SSH) were
> ignored so the result was VPN –-> HTTP proxy –-> Internet (which bypasses
> Tor). Is it possible to use a HTTP(S) (or another type) of proxy to alter
> the IP. The ideal model would be: VPN –-> Torsocks (on 127.0.0.1) –-> SSH
> (bound to port 3) –-> VPS –-> Proxy (e.g. HTTP(S)) –-> Internet.
>
> Thank you for your help. I appreciate any advice and suggestions.
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Ben Tasker
https://www.bentasker.co.uk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

[tor-talk] Am I successfully using Torsocks, SSH, and a VPS? Please advise, thanks!

[blobby]

I, like many other uses of Tor, have become increasingly frustrated with 
sites like Craigslist which discriminate against Tor. It makes these 
sites hard to use. I therefore decided to discover if it is possible to 
use Tor but end up with a non-Tor IP.


I use Torsocks to login to a VPS server via SSH and bind SSH to a 
specific port with SSH’s -D option.


My configuration is: torsocks ssh -D 3 n...@vps.com (3 is just a 
random unused port).


My normal Firefox browser (not the Tor Browser Bundle) has in 
Preferences / Advanced / Connection the SOCKS host set to 127.0.0.1, the 
port set to 3, SOCKS v5 is ticked, and remote DNS is ticked. The “No 
proxy for” box is blank.


I also use a VPN for added privacy to ensure that my ISP cannot tell 
that I am connecting to Tor. The result is (in my opinion):


VPN ---> Torsocks (on 127.0.0.1) ---> SSH (bound to port 3) ---> VPS 
---> Internet.


First, I connect to my VPN provider. Second, I connect to port 3 on 
127.0.0.1 where Tor (via Torsocks) and SSH is running. Third, I connect 
to a VPS (over SSH) and SSH is bound to port 3. Torsocks transmits 
the HTTP(S) traffic through three Tor nodes. Finally, the Tor routing 
ends at the VPS and the traffic goes out onto the internet from the 
infrastructure of the VPS.


In my browser, I checked https://www.whatismyip.com/ which shows the IP 
address of the VPS. When I SSH into the VPS, I see that the last IP that 
logged in is that of a Tor exit node. In Wireshark, I see that my VPN 
interface connects to the IP address of a Tor entry node.


I have two questions. Does this setup appear sensible and secure? I am 
sure there are other ways to achieve the same goal but I would like to 
know my system is valid. I think my system is secure but I would 
appreciate opinions from more experienced users.


The result of this model is that my IP is that of the VPS which is 
static. I did add a HTTP proxy to Preferences / Advanced / Connection in 
Firefox but the result was that the SOCKS proxy (and thus Torsocks and 
SSH) were ignored so the result was VPN –-> HTTP proxy –-> Internet 
(which bypasses Tor). Is it possible to use a HTTP(S) (or another type) 
of proxy to alter the IP. The ideal model would be: VPN –-> Torsocks (on 
127.0.0.1) –-> SSH (bound to port 3) –-> VPS –-> Proxy (e.g. 
HTTP(S)) –-> Internet.


Thank you for your help. I appreciate any advice and suggestions.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk