Re: [tor-talk] [OrNetRadar] >25 new relays in AS "DigitalOcean, LLC" (2019-06-21)
On Jun 22, 2019, at 1:59 PM, grarpamp wrote: > > Dumb Sybil comes in noisy all at once, Smart Sybil sneaks in > 1/week until you're 0wn3d. Tor's been around for over 15y. > No one's ever analyzed for that... > > Anyhow, send this comedian to bad relays until > they at least emit MyFamily. Whomever this bad actor is made their attempt so obvious it makes you wonder if this was the first part of an full scale attack, with this part drawing attention while they implement other measures to capture packets. Respectfully, Conrad Rockenhaus GreyPonyIT -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] TOR Browser safety practices
Hello, Sorry for top posting, but I can’t help but to ask, since you seem overtly cautious about your security, why don’t you utilize a solution such as booting Tails from a USB key (Higher degree of confidence of anonymity and prevention of leakage) or use Tails in a VirtualBox VM? (High degree of confidence of anonymity and prevention of leakage). I know it’s not directly Tor Browser, but it’s Tor Browser integrated into an isolated bootable Operating System for your security. https://tails.boum.org/ Thanks, Conrad > On May 24, 2019, at 10:28 AM, npdflr wrote: > > I would like to ask for some safe practices to maximize security while using > TOR browser. > > > > I understand some of the basics and have gone through the FAQ on pages > https://support.torproject.org/#faq and > https://2019.www.torproject.org/docs/faq.html.en > > > > Here are some questions: > > 1. Is downloading files safe via TOR Browser? > > I got the follownig warning while downloading a PDF file: > > "Tor Browser cannot display this file. You will need to open it with another > application. > > Some types of files can cause applications to connect to the Internet without > using Tor. > > To be safe, you should only open downloaded files while offline, or use a Tor > Live CD such as Tails." > > > > 2. Viewing insecure HTTP sites: > > Any suggestion which insecure HTTP sites one can visit even if one gets the > warning: > > "HTTPS > Everywhere noticed you were navigating to a non-HTTPS page, and tried > to send you to the HTTPS version instead. The HTTPS version is > unavailable. ." > > > > 3. Should one proceed when a website has an error like "invalid certificate > error"? > > > > 4. I am able to open ftp sites without using TLS (only ftp not ftps) > > So, is it advisable to open sites having protocols such as ftp, smtp etc but > are not wrapped inside TLS? > > > > Thank you. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] VPNs and Ports
> On May 23, 2019, at 4:39 AM, Wallichii wrote: > > On Thu, 23 May 2019 04:15:36 -0500 > Conrad Rockenhaus wrote: > >> I’ll be starting a free VPN service soon to allow users that are >> blocked from using Tor at their location to access Tor. To prevent >> abuse of the service, I plan on restricting the ability of the VPN to >> only access 53, 80, 443, 8080, 8443, 9001, and 9030. Are there any >> other ports I should consider keeping open for the service? > > IMO setting up a bridge will help more users because not everyone is > going to trust someone on the internet giving free proxy, you should > run a bridge if you want to help more users. I’m already running a couple of exits and bridges, this was just something in addition to it since I’m bringing some new infrastructure online. Thanks, Conrad-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] VPNs and Ports
Hello, I’ll be starting a free VPN service soon to allow users that are blocked from using Tor at their location to access Tor. To prevent abuse of the service, I plan on restricting the ability of the VPN to only access 53, 80, 443, 8080, 8443, 9001, and 9030. Are there any other ports I should consider keeping open for the service? Thanks, Conrad-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Abuse email bot
Hello, I just figured I would ask to see if anyone had one before I wrote one or looked to see if there was a decent solution out there. Since Irdeto and all of those lovely DMCA companies ignore WHOIS comments that say "please open a web ticket here at https://blah to report DMCA related abuse" I was wondering if anyone had a solution that automatically searches an abuse email for the reply-to email address, since it's usually sent by a nobody@ account or an automated account that bounces emails, will take whatever associated case number there is with the DMCA complaint, and send a reply, explaining that it's a Tor node, if you still want to file a case, open a trouble ticket here at this link? If someone has something already, I would appreciate it some tips. Thanks, Conrad -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Data collection by Tor Browser
ht not be up on the latest Tor Browser moves, so it's possible > > > > there are some open tickets for disabling telemetry or the like which > > > > aren't yet fixed. Keeping up with the constant changes to Firefox is tough > > > > to do perfectly. I'll let the browser team jump in here if they want. > > > > > > > > (3) Other places on the Internet could still keep statistics, based > > > > on your connections to them. I'm thinking in particular of: > > > > > > > > (3a) the addons.mozilla.org server, which ought to see just anonymized > > > > connections over Tor, but that still lets them gather general statistics > > > > like how many Tor users there are, what extensions they have installed, > > > > etc. Similarly, the periodic update pings, and update fetches, happen > > > > over Tor but can still be counted in the aggregate: > > > > https://metrics.torproject.org/webstats-tb.html > > > > https://blog.torproject.org/making-tor-browser-updates-stable-and-reliable-fastly > > > > > > > > and > > > > > > > > (3b) the Tor relays, which see connections from the Tor client that is > > > > part of Tor Browser. Because of the decentralized Tor design, no single > > > > relay should be able to learn both who you are and also what you do on > > > > the Tor network. But they can still collect what they observe about who > > > > you are. Relays collect and publish aggregate statistics about the users > > > > they see (but not what they do, because they can't learn that). For much > > > > more info, see https://metrics.torproject.org/about.html > > > > > > > > and > > > > > > > > (3c) other researchers might perform experiments using their own > > > > internet connections to try to answer questions about Tor performance, > > > > usage, safety, etc. The ones who are doing it right will consider how > > > > to minimize risks while doing their experiments: > > > > https://research.torproject.org/safetyboard.html > > > > > > > > Hope this helps! > > > > --Roger > > > > > > > > -- > > > > tor-talk mailing list - mailto:tor-talk@lists.torproject.org > > > > To unsubscribe or change other settings go to > > > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Well, what exactly are you trying to contribute with your efforts?
Hello, Yes, hiro was speaking as a community council member. The email was verbatim to the email sent to me personally. Thanks, Conrad On Mon, Apr 29, 2019 at 1:09 PM Pili Guerra wrote: > > > > > On 29 Apr 2019, at 19:50, Conrad Rockenhaus wrote: > > > > On Mon, Apr 29, 2019 at 11:01 AM silvia [hiro] wrote: > >> Conrad, > >> > >> You have been kindly asked to stop advertising or repeat commercial offers > >> about > >> your services. > >> > >> Avoid cross posting and stick to the general list guidelines. > >> > >> We maintain these list for technical support and general discussion among > >> Tor users and relay operators. > >> > >> Thanks, > >> > >> hiro > > > > How was my response advertising or a repeat commercial offer? How is > > my service even a commercial offer when it's a 501(c)(3) non-profit > > and I'm not making a profit? How come you don't seem to get so > > offended when Emerald Onions (for example, I have absolutely nothing > > against them at all) supports an update about their services? > > > > Why am I questioned for responding to an email bashing me for > > attempting to contribute to the Tor project in a large way by helping > > others run their own relays by asking that person how they're > > contributing to Tor project themself? I would think that would fall > > under the lines of "general discussion." I don't see where I'm > > advertising for Greypony when all I'm doing is refuting this person's > > demonstrably false statements such as "the project only runs middle > > relays on small virtual machines" or "500 KB/s" bridges" which does > > fall under the guidelines of general discussion and free speech. After > > all, the only counteract to false speech is free speech. > > > > I do wonder why the Tor Community Council wants to have such a > > Chilling Effect on any speech related to GreyPony while allowing all > > others to speak freely. It's kind of odd especially since it was > > previously posted on this list that people could post even about > > COMMERCIAL providers that are Tor friendly once and awhile but we're > > OK a little hypocritical behavior if we don't like someone, amirite? > > > > -- > > Conrad Rockenhaus > > https://www.rockenhaus.com > > Cell: (254) 292-3350 > > Fax: (254) 875-0459 > > Hi, > > I don’t believe hiro was speaking as a community council member but as a tor > project person. > > We want to nurture an open and welcoming environment were people can come to > read and learn about Tor. However, more and more tor-talk feels like > somewhere core tor people don’t particularly want to be and so we are trying > to change that. I’m sorry that in this case you feel you have been singled > out. > > We want people to feel welcome when contributing to these lists and we would > ask everyone to be mindful of the effect their posts have on the list as a > whole to avoid creating a hostile environment. > > Thanks for understanding! > > Pili > > — > Project Manager: Tor Browser, UX and Community teams > pili at torproject dot org > gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45 > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Well, what exactly are you trying to contribute with your efforts?
On Mon, Apr 29, 2019 at 11:01 AM silvia [hiro] wrote: > Conrad, > > You have been kindly asked to stop advertising or repeat commercial offers > about > your services. > > Avoid cross posting and stick to the general list guidelines. > > We maintain these list for technical support and general discussion among > Tor users and relay operators. > > Thanks, > > hiro How was my response advertising or a repeat commercial offer? How is my service even a commercial offer when it's a 501(c)(3) non-profit and I'm not making a profit? How come you don't seem to get so offended when Emerald Onions (for example, I have absolutely nothing against them at all) supports an update about their services? Why am I questioned for responding to an email bashing me for attempting to contribute to the Tor project in a large way by helping others run their own relays by asking that person how they're contributing to Tor project themself? I would think that would fall under the lines of "general discussion." I don't see where I'm advertising for Greypony when all I'm doing is refuting this person's demonstrably false statements such as "the project only runs middle relays on small virtual machines" or "500 KB/s" bridges" which does fall under the guidelines of general discussion and free speech. After all, the only counteract to false speech is free speech. I do wonder why the Tor Community Council wants to have such a Chilling Effect on any speech related to GreyPony while allowing all others to speak freely. It's kind of odd especially since it was previously posted on this list that people could post even about COMMERCIAL providers that are Tor friendly once and awhile but we're OK a little hypocritical behavior if we don't like someone, amirite? -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Well, what exactly are you trying to contribute with your efforts?
On Wed, Apr 17, 2019 at 5:49 PM Seby wrote: > > Here we go again... > This dude just won't stop harassing us with masked advertising, commercial > offers and monetary asks. Every time even the most boring thing needs to be > publicly shouted on these mail lists, every time he does something > extraordinary, something quite unusual that none of you mortals could ever > do like running a middle relay on a small virtual machine, or a 500KB/s > bridge. > Actually, it's not masked advertising for commercial offers. It's nonprofit solicitation to assist other users that are interested in expanding Tor's FreeBSD Resiliency. There's quite a few people that would like to help but aren't comfortable making the plunge on their own. Increasing the number of FreeBSD machines ensures we don't have a single point of failure as the number of Linux machines presently on Tor greatly outweighs the number of FreeBSD machines on Tor. This was previously discussed, but I'm sure you weren't paying attention, but that's where the project started from and it was always a nonprofit project to begin with. In addition, we're now assisting with AS divestment as well, to try to get people off of highly populated ASes so those don't form single points of failure. Which is another goal of the Project, from what I have been told. I understand you may not get that, so I'll explain it as simply as possible - too many middle relays and exits are getting service from the same service providers. We are trying to help provide another Tor friendly service provider to the table (which runs separately from this since that's a commercial operation). When we had are stuff fully online, we occupied all 15 top spots of the highest bandwidth exits in Canada. Right now my highest performing exit in the US is in the Top 10 but I've been scaling that exit down as I'm not sure if I'm keeping my personal items online anymore at this point. Finally, the GreyPony project has been there to make it be able for an enduser be able to easily setup and get going on their first new relay with dedicated support, sometimes people want that extra hand. Before you trash a project before you should learn about it, but all you've been doing is trashing things. Maybe you should try contributing to something and ignoring things you disagree with or asking questions if you don't understand it, instead of just resorting to talking trash about a project. I just makes it look like you have plenty of free time to mock others because you aren't helping others, but that's my take on things. -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Anyone interested in running FreeBSD or Linux Exit Relays on AS19624?
For a small donation in relation to the number of physical CPUs (and x cores each) plus bandwidth you want, (mbp/s or gbp/s) I can provide you your own instance on my OpenStack cloud that I just built out on AS19624. No exit policy restrictions, I handle all abuse complaints, so you won’t have to worry about any abuse takedowns. This is the only time I’ll mention it here. If anyone is interested, please email me directly. Thanks, Conrad -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] What is the weirdest/creepiest thing you have found on the dark web?
Just adding a little on to this, when I was in the Navy stationed at a Joint Command, there were certain situations which communications, access to hidden services we ran, and access to the Internet required the use of Tor. When I was attached to a particular Naval Security Command, we conducted communications experiments with Tor under the guidance of a sponsoring Laboratory and a Command that was interested in the technology. I got into relays because of that, but the point is I never realized that there was a dark side of Tor until someone I saw it on the news one day. I don't feel that Tor should really be tainted with the name "Dark Web" because of all of the positive uses of the technology - from dissidents, to governments, to journalists, to just end users that want to protect their privacy. "Dark Web" has a bad connotation and confuses uninformed users with the true intent of Tor. The actions of a few (a few drug hidden services that are getting shut down, etc.) shouldn't taint the actions of the many. On Sun, Apr 7, 2019 at 9:01 PM Roger Dingledine wrote: > > On Sun, Apr 07, 2019 at 09:19:11PM -0400, Seth Caldwell wrote: > > I know the dark web can be a terrible place, with content not suitable for > > anyone, basically. Like illegal drug cartel, fake passports/IDs,creepy > > websites, and generally all around messed up stuff. If you feel comfortable > > talking about your experiences. Then, please reply to this Message. > > I'm increasingly realizing that when "threat intelligence" companies > talk about the dark web, they mean anything on the internet that they > think you should be scared of. > > For example, I talk to a growing number of CTOs from these threat > intelligence companies, and the recurring pattern is that they explain > that their marketing people need to say " dark web" to feel like > they're being competitive, but actually almost all of their useful > material comes from watching paste sites like pastebin. > > So increasingly, when I hear somebody breathlessly asking me about all > the spooky stuff on the internet, I wonder what that has to do with Tor, > that is, why they are asking Tor. > > Or taking a step back: when they say dark web, are they talking about > (A) websites on the internet that are reachable via Tor onion services, > (B) websites on the internet that have bad stuff on them, or > (C) websites on the internet that you need to log in to before you can > read the content? > > There was a time a while ago where I think people meant 'A', but nowadays > it seems everybody means 'B' or 'C'. There are a wide variety of websites > in Russia (i.e. that end in .ru) or Malaysia (.my) with all of those > things you mentioned plus more. And of course there is some overlap > between the three categories, but I think the overlap is a lot smaller > than people think, and certainly a lot smaller than the " dark web" > hollywood tv shows want to imply. > > For my most recent discussions about the dark web, and trying to get > some actual facts around it, see minutes 36-44 of the FOSDEM 2019 video: > https://fosdem.org/2019/schedule/event/tor_project/ > > Hope this helps, > --Roger > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Conrad Rockenhaus https://www.rockenhaus.com Cell: (254) 292-3350 Fax: (254) 875-0459 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor VoIP PBX Architecture Discussion
> On Oct 23, 2018, at 2:14 PM, Nathan Freitas wrote: > > On Tue, Oct 23, 2018, at 1:55 AM, Roger Dingledine wrote: >> On Mon, Oct 22, 2018 at 05:13:39PM +0100, Iain Learmonth wrote: >>> It might also be that half-duplex communication (even if implemented >>> with humans saying "over") could bring benefits as this would allow you >>> to increase the buffer sizes without having people talking over each other. >> >> Reminds me of the early days in Guardian Project's voice support in Orbot, >> where they essentially built a "push to talk" feature that encoded your >> thing as an mp3 and sent it across the Tor network and played it on the >> other end. I hear that, once you figured out how to use it, it was >> remarkably usable. > > You can still do this today but with the Plumble android app and any Mumble > protocol server. You can also do this with Signal over Orbot - voice calls > don't work since they are UDP, but voice messages work just fine! Understood about the half-duplex communication, but I’m trying to keep this as close to as standard PSTN usage as possible. My goal for this project is to allow an independent journalist in a hostile country or a censored user that happens to not have any technical knowledge other than to connect a soft phone to a username and a password via a a relay or a bridge and make that phone call to communicate to the world what is really going on. Half Duplex communications are great, but Gulf War I proved to the world how valuable full duplex, real time audio communication can be in a given situation, especially in a situation where no one else is able to provide the world that insight. For the switching portion of this project - once we’ve proven a concept we need to get a project page like has Iain has suggested. I hope that the switching project’s switches will be required to have open IAX2 interconnect policies and a master directory of “Area” Codes :P. Thanks, Conrad signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] PBX Connection Instructions and Extensions to try
Connect to sip.greyponyit.com Here’s some extensions to try out (please let me know if more are needed or if you want your own): 15576 Secret: 75cdaec43cbd0406083fc96f0af5e633 15577 Secret: b80099db8ad73f2ae92c2b8d45e4e1c0 15578 Secret: 6217c9b653467a6130fdfff6ff569002 15579 Secret: af57155964a89b0bf4055e693bb95d56 Thanks, Conrad signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor VoIP PBX Architecture Discussion / Onioncat
> On Oct 23, 2018, at 7:49 AM, Iain Learmonth wrote: > > Signed PGP part > Hi, > > On 23/10/18 01:27, grarpamp wrote: > >> Yes, one cannot rationally overload all 128 bits for that without colliding >> upon allocated IPv6 space that may appear in one's host stack. >> However the 1:1 key network can be larger than 80 bit. One could >> easily play with up to say 125 bits by squatting on entirely >> unallocated space. (Unlike the clear mistake CJDNS made by >> squatting on space already allocated for a specific and conflicting >> real world in stack purpose.) Obviously the common library widths >> of 96 and 112 could be keyed. And request could be made for a >> formal allocation if compatibility and compliance was felt needed >> by some mental gymnastics. >> >> https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml > > One thing I have discussed with the IETF Internet Architecture Board > (IAB) in the past is some sort of scheme for IPv6 addressing for overlay > networks. The result of that discussion was basically get an allocation > from your RIR. You can get a /32 giving you 96 bits to play with. If you > want you can announce it via BGP and provide gateways to the Internet > but it's not required. This gives you collision-free space. > > The direct mapping between the IP address and an Onion service though is > the problem. How do you discover the Onion service public key when you > only have 96-bits of data? This would be a cool area to research and development on. I think Tor announcing it’s address space and the correlation of users would be a cool area to research. > >> People would like IPv6 and UDP (even raw IP) transport because >> their host stacks support it, the internet is moving to it, >> many applications simply don't speak .onion or torify poorly, >> and it's an interesting capability to plug into other things. > > I think I see it more as a transition-mechanism than an end goal. If I > had the time, it's 50/50 right now whether I would work on v3 OnionCat > or some Onion-native version of a protocol (via some kind of AF_ONION > sockets). An interesting fact I learnt recently is that FTP predates TCP > and was actually "ported" after its original development. > >> Whether in Tor or some other existing or new network, >> try getting together to develop it, or white papering why it >> cannot be done in any network ever. Whichever outcome, >> any good research there would be a useful addition >> to the set other projects might reference in developing >> their own work. > > +1 would encourage anyone that wanted to do research in this area. > I gladly volunteer my time, research, hardware, and network for research in this area. Thanks, Conrad > > > signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor VoIP PBX Architecture Discussion
Iain, If it were to be offered as a non-hidden service, what about the UDP portion of the VoIP services, or do we just force everything to be TCP? Thanks, Conrad > On Oct 22, 2018, at 11:13 AM, Iain Learmonth wrote: > > Signed PGP part > Hi Conrad, > > On 20/10/18 06:07, Conrad Rockenhaus wrote: >> 4) Results of a test were conducted and one second round trip latency was >> noticed from PSTN to a soft phone connected via Tor (via OpenVPN). Hopefully >> performance improvement will be noticed with OnionCat. > > Tor Metrics has some data on average latencies for client to Onion > service. This is your absolute minimum latency, with the only way to > reduce this being to have latency-aware path selection or to reduce > latencies on the Internet (e.g. by swapping fibre for copper or copper > for microwave). > > https://metrics.torproject.org/onionperf-latencies.html > > You get benefit from using an Onion Service over using an exit in that > you're using less constrained resources (exits are scarce) but you also > add extra hops to your circuit. For now, these extra hops do increase > latency. Configuring your onion service to not be location hidden would > improve this. > > It would be interesting to see what kind of overheads are added by > OnionCat, but I see that this is a project that has an end in sight > unless someone comes up with a way to make it work with v3 Onion > Services. IPv6 addresses are not long enough to encode keys into to make > them self-authenticating. Either we need IPv7 or perhaps some > Onion-native network layer or something else. > > If you have the endpoints that support it, Codec2 might give you some > benefits. This was originally designed for amateur-radio low bandwidth > digital voice but is also supported by Asterisk. > > It might also be that half-duplex communication (even if implemented > with humans saying "over") could bring benefits as this would allow you > to increase the buffer sizes without having people talking over each other. > > Thanks, > Iain. > > > signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] GreyPony / Con(rad) now also runs a bridge
Oh wow, I have a whole rack of equipment to use, along with access to a worldwide cloud network which performs better than DigitalOcean, and yet I would put an instance there? Oh, and even if I did, so what. You have serious issues if you’re this obsessed with me, why don’t you get a hobby or something or actually contribute something productive to this project. > On Oct 22, 2018, at 3:58 PM, Seby wrote: > > GreyPony Consultants / Con(rad) now also runs a bridge at DigitalOcean. > > It is not just any bridge, it is an obfs4 bridge. It also has IPv6 enabled. > > All you mortals acknowledge. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor VoIP PBX is online
Hello All, I have the demonstration PBX online right now - rgeg3ziyvgdgxg52.onion - it’s running Onioncat as well. Contact me if you would like an extension so you can try to provision a phone. Thanks, Conrad signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Tor VoIP PBX Architecture Discussion
Hello All, We had a discussion on IRC regarding this and the following suggestions were made: 1) Change the architecture to FreeBSD box<—> Tor <—> OnionCat <—> Asterisk, or even drop the FreeBSD box completely if the Asterisk box is able to handle the load. 2) Traumschule is looking into creating a wiki page or opening a ticket for this project. 3) Every alternate solution we looked at didn’t have the advantages that this solution had, which is the ability to provide PSTN access and interconnections to public Internet XMPP servers. 4) Results of a test were conducted and one second round trip latency was noticed from PSTN to a soft phone connected via Tor (via OpenVPN). Hopefully performance improvement will be noticed with OnionCat. If there’s any questions, comments, or suggestions, or if there’s anyone that’s willing to volunteer their time in helping out with this project please let us know. It would be greatly appreciated. Thanks, Conrad > On Oct 19, 2018, at 2:53 PM, Conrad Rockenhaus wrote: > > Hello All, > > So prior to opening up the service for beta, Iain suggested that we have a > discussion regarding my proposed service and my planned architecture to see > if there’s any room for improvements in the design or any vulnerabilities > that can take away someone’s anonymity. > > So the design is pretty simple, I have an Asterisk box, and in front of that > Asterisk box I have a FreeBSD box that is running Tor, SSHD, and OpenVPN. > SSHD and OpenVPN are exposed as hidden services via Tor. The Tor user > connects to Asterisk via a passwordless OpenVPN or SSH tunnel to route UDP > traffic to Asterisk. > > Asterisk is connected to Internet to allow interconnection with VoIP > providers, termination with with users that don’t care about anonymity, as > well as interconnection with other XMPP servers. > > SMS is enabled, it requires an email address. If you don’t have a reliable > Tor accessible email address, we’re working on a solution. > > Any comments/suggestions would be greatly appreciated! > > Conrad > -- > Conrad Rockenhaus > https://www.rockenhaus.com > -- > Get started with GreyPony Anonymization Today! > https://www.greyponyit.com signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor VoIP PBX Architecture Discussion
Hello All, So prior to opening up the service for beta, Iain suggested that we have a discussion regarding my proposed service and my planned architecture to see if there’s any room for improvements in the design or any vulnerabilities that can take away someone’s anonymity. So the design is pretty simple, I have an Asterisk box, and in front of that Asterisk box I have a FreeBSD box that is running Tor, SSHD, and OpenVPN. SSHD and OpenVPN are exposed as hidden services via Tor. The Tor user connects to Asterisk via a passwordless OpenVPN or SSH tunnel to route UDP traffic to Asterisk. Asterisk is connected to Internet to allow interconnection with VoIP providers, termination with with users that don’t care about anonymity, as well as interconnection with other XMPP servers. SMS is enabled, it requires an email address. If you don’t have a reliable Tor accessible email address, we’re working on a solution. Any comments/suggestions would be greatly appreciated! Conrad -- Conrad Rockenhaus https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Beta Users For Tor Transport OSS Based VoIP PBX Service Requested
What’s your point? Yeah, I personally support two relays, but I provide material support to 16 others. I’m trying to increase the number of BSD based relays on Tor. I’m personally helping out with AS diversity by ordering an interconnect from Level 3 to justify a ASN and IPv4 and IPv6 address space from ARIN so GreyPony can provide services on a unique AS, improving the quality of our exits and relays. Now I’m trying to start a free VoIP, Telepresence, and IM service that has the ability to access the public phone network and do cool things like save voicemails and such. I do these things because I actually care about Tor and it’s users. Did I mention that this service is free, unless you want to dial outside the switch? Other than try to troll me, What have you contributed? On Thu, Oct 18, 2018 at 8:41 AM Seby wrote: > Wow. Thanks. GreyPony is so amazing, unlike anything I've ever seen before. > Could I tattoo it on my neck? Keep on going!! > > I suggest to Tor project to change the logo and write under the onion logo > "powered by GreyPony". Wow > > GreyPony > GreyPony > GreyPony > > Is amazing. Running 2 relays. The king of onionland Conrad. Thanks for this > you are amazing. > > On Thu, Oct 18, 2018, 09:06 Conrad Rockenhaus > wrote: > > > Hello, > > > > GreyPony Consulting is coming out with a OSS PBX Service that will use > Tor > > as a Transport to allow for anonymous VoIP services and I’m looking for > > anyone that might be interested in helping me test it out worldwide for > > call quality purposes, etc. If you’re interested please email me > off-list. > > I greatly appreciate your assistance in advance. > > > > Thanks, > > > > Conrad > > -- > > tor-talk mailing list - tor-talk@lists.torproject.org > > To unsubscribe or change other settings go to > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > > > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- Conrad Rockenhaus https://www.rockenhaus.com -- Get started with GreyPony Anonymization Today! https://www.greyponyit.com -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] 3rd Party Interact (re: BSD ISP VoIP PBX RadPony ...)
After an email exchange with Iain, I will admit that I did approach this somewhat wrong given the nature of this mailing list. What I should of done is discuss the architecture of the solution and provided an opportunity for input and the feasibility of the solution prior to seeking users to try it out. I will do that in separate correspondence. For failing to discuss the architecture first with the group, I apologize, I just wanted to keep the note short because I didn’t want to sound like I was advertising. To note - I am not providing this service as a commercial service. I am providing this as a free service to benefit the Tor community. It has been a goal of mine to provide VoIP/XMPP/SMS services to the Tor community for some time now, and I intend to provide them as a community service. The only things that will be charged for is if a user wants direct dial access to the outside world (because I have to pay a telecom company) or if a user wants voicemail capability. I think that’s fair to charge for those two items. In reference to my government ties, I served in the US Navy. I was a communications specialist. I was medically retired. My present connection to the government is I receive retirement pay and I am subject to the UCMJ because I receive said retirement pay… therefore I would say my present connection is I only care if my pay comes in on the 1st, otherwise, don’t care. I became interested in Tor because I actually had an opportunity to use Tor while on Active Duty while in the course of my duties. I worked in communications, I cared about computers and radios and didn’t really care about intelligence. I don’t care about your data but I care about protecting it. The fact that I served in the Navy shouldn’t be concerning as lots of people have served in the military. I would say that the military experience truly opened my eyes to what the Constitution really says about Free Speech and the protection thereof. I sincerely appreciate your email and I hope people actually give me a chance and work with me on this project instead of attacking me because I also run a commercial enterprise. All I am trying to do is help the Tor community. GreyPony hosts 18 Tor Relays, we are in the process of obtaining our own ASN and IPv4 and IPv6 net blocks from ARIN since we are now multi homed, and we’ve transitioned our cloud environment to a high availability environment all just to better support the Tor community. I don’t make a profit at all, but I continue to do this because all I want to do is help increase Tor network diversity and capacity. Thanks, Conrad > On Oct 18, 2018, at 12:38 PM, grarpamp wrote: > > Regardless of whether some components may or may not be > fee, or subscription, or strings / rules attached, now or in the future... > (that status or intentions should be made clear by any poster > in this space so that things don't end up undeclared / unexpected > thus trending against them later on)... > > These entities and persons are engaging in interoperation, > testing, concept validation, and providing services to Tor > community in a fairly open mutual feedback model. In this > example so far, Tor users get chances to plug and play > and hack on... > > a) Diverse FreeBSD hosting of Tor nodes > b) IP Telephony apps, comms, and free speech over Tor > > It's hard to deny those as being valuable and fun. > > Nor did you see Cloudflare's CEO or hardly any other ISP > coming straight from the start to Tor to talk / play / help. > (Though to be fair this one has [ex] govt ties too > which some may or not prefer.) > > It's not much different than interacting Zwiebel, Emerald, > Torstatus, funders, etc. > > In the end, you get to choose what services to use, > what interop to hack on, what milters to deploy, what > to put in Bad/Good ISP List wiki, etc. > > So, ease up a bit on who can and can't interact with Tor. > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Beta Users For Tor Transport OSS Based VoIP PBX Service Requested
George, As you notice I never mentioned any pricing or anything like that. That’s probably because I intend on introducing the service to the community as a public service. This isn’t a commercial offering, this is a solicitation to test a new public service that we’re trying to offer the community. The only thing I was going to charge for was a DID, but that’s because I have to, and that’s only if a end user wants one. Thanks, Conrad > On Oct 18, 2018, at 7:35 AM, George wrote: > > Signed PGP part > Conrad Rockenhaus: >> Hello, >> >> GreyPony Consulting is coming out with a OSS PBX Service that will use Tor >> as a Transport to allow for anonymous VoIP services and I’m looking for >> anyone that might be > > Conrad: > > It has been stated multiple times to you and at least one other > collaborator of yours: > > This is not a mailing list for commercial purposes. This list is not an > auxiliary for your firm's (other) communication channels. > > It is appropriate to discuss different providers (though maybe better on > tor-relays@) as users, but to solicit business, even as beta users, is > not acceptable. > > g > > > -- > > 34A6 0A1F F8EF B465 866F F0C5 5D92 1FD1 ECF6 1682 > > > signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Beta Users For Tor Transport OSS Based VoIP PBX Service Requested
Hello, GreyPony Consulting is coming out with a OSS PBX Service that will use Tor as a Transport to allow for anonymous VoIP services and I’m looking for anyone that might be interested in helping me test it out worldwide for call quality purposes, etc. If you’re interested please email me off-list. I greatly appreciate your assistance in advance. Thanks, Conrad signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] [tor-relays] Exit in Turkey blocking torproject (komm EA93C), BadExit, Node Subscription Services, Censorship
Good God every conversation, now. Anyway. This exit isn’t bad exit material. Turkey has been known to block Tor though, I’m actually proud of this guy for having the cajones (also known as balls to those of you who don’t habla espanol) to operate an exit in country such as Turkey, which absolutely hates freedom inducing technologies such as Tor. Let’s give this guy (or gal) the atto-boy by marking the exit as a bad-exit just because stuff gets blocked in autocratic regimes that this operator has no control over. None, absolutely none. They screw with the DNS servers over there, that’s why during the last uprising they were tagging “8.8.8.8” on the walls. Now they’re doing things a little more sophisticated. Either way, this guy gives us a window to see what is blocked and what isn’t blocked within the Turkish thunderdome. -Conrad > On Aug 30, 2018, at 9:24 PM, Nathaniel Suchy wrote: > > What if a Tor Bridge blocked connections to the tor network to selective > client IPs? Would we keep it in BridgeDB because its sometimes useful? > > On Thu, Aug 30, 2018 at 10:02 PM arisbe wrote: > >> Children should be seen and not herd. The opposite goes for Tor relays. >> Arisbe >> >> >> On 8/30/2018 2:11 PM, Nathaniel Suchy wrote: >> >> So this exit node is censored by Turkey. That means any site blocked in >> Turkey is blocked on the exit. What about an exit node in China or Syria or >> Iraq? They censor, should exits there be allowed? I don't think they >> should. Make them relay only, (and yes that means no Guard or HSDir flags >> too) situation A could happen. The odds might not be in your favor. Don't >> risk that! >> >> Cordially, >> Nathaniel Suchy >> >> On Thu, Aug 30, 2018 at 3:25 PM grarpamp wrote: >> >>> This particular case receiving mentions for at least a few months... >>> D1E99DE1E29E05D79F0EF9E083D18229867EA93C kommissarov 185.125.33.114 >>> >>> The relay won't [likely] be badexited because neither it nor its upstream >>> is >>> shown to be doing anything malicious. Simple censorship isn't enough. >>> And except for such limited censorship, the nodes are otherwise fully >>> useful, and provide a valuable presence inside such regions / networks. >>> >>> Users, in such censoring regimes, that have sucessfully connected >>> to tor, already have free choice of whatever exits they wish, therefore >>> such censorship is moot for them. >>> >>> For everyone else, and them, workarounds exist such as,,, >>> https://onion.torproject.org/ >>> http://yz7lpwfhhzcdyc5y.onion/ >>> search engines, sigs, vpns, mirrors, etc >>> >>> Further, whatever gets added to static exitpolicy's might move out >>> from underneath them or the censor, the censor may quit, or the exit >>> may fail to maintain the exitpolicy's. None of which are true >>> representation >>> of the net, and are effectively censorship as result of operator action >>> even though unintentional / delayed. >>> >>> Currently many regimes do limited censorship like this, >>> so you'd lose all those exits too for no good reason, see... >>> https://ooni.torproject.org/ >>> >>> https://en.wikipedia.org/wiki/Internet_censorship_and_surveillance_by_country >>> >>> And arbitrarily hamper spirits, tactics, and success of volunteer >>> resistance communities and operators in, and fighting, such regimes >>> around the world. >>> >>> And if the net goes chaotic, majority of exits will have limited >>> visibility, >>> for which exitpolicy / badexit are hardly manageable solutions either, >>> and would end up footshooting out many partly useful yet needed >>> exits as well. >>> >>> >>> If this situation bothers users, they can use... SIGNAL NEWNYM, >>> New Identity, or ExcludeExitNodes. >>> >>> They can also create, maintain and publish lists of whatever such >>> classes of nodes they wish to determine, including various levels >>> of trust, contactability, verification, ouija, etc... such that others >>> can subscribe to them and Exclude at will. >>> They can further publish patches to make tor automatically >>> read such lists, including some modes that might narrowly exclude >>> and route stream requests around just those lists of censored >>> destination:exit pairings. >>> >>> Ref also... >>> https://metrics.torproject.org/rs.html#search/as:AS197328%20flag:exit >>> https://metrics.torproject.org/rs.html#search/country:tr%20flag:exit >>> >>> >>> In the subect situations, you'd want to show that it is in fact >>> the exit itself, not its upstream, that is doing the censorship. >>> >>> Or that if fault can't be determined to the upstream or exit, what >>> would be the plausible malicious benefit for an exit / upstream >>> to block a given destination such that a badexit is warranted... >>> >>> a) Frustrate and divert off 0.001% of Turk users smart enough to >>> use tor, chancing through tor client random exit selection of your >>> blocking exit, off to one of the workarounds that you're equally >>> unlikely to control and have
Re: [tor-talk] Tor Browser Bundle as a "Snap" package
> On Aug 22, 2018, at 3:50 PM, Nathaniel Suchy wrote: > > The confinement capabilities of "Snap" packages are quite interesting. As > Tor Browser continues to grow in usage, I'm interested in seeing what new > techniques are adopted to improve security. What do you all think about the > usage of a container (Snap or otherwise) to improve security? It takes at least double the amount of time to build a snap than it does to build a deb, and in the end you can get the same result. signature.asc Description: Message signed with OpenPGP -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] EU Intel Property Office Report Hates on Tor, Bitcoin, Bittorrent, Goods Pirates and Models
Just a short answer to your rant - you are correct about the embrace of mp3. Had they done it sooner, they would of banked in quite a bit of money. Regards, Conrad Rockenhaus On 2016-07-25 09:44, Friet Pan wrote: Sounds a bit like the war on drugs. They refuse to look at the cause of the problem, but jump around the effect like their pants are on fire. the effect is so scary, but refuse to see that THEY are the ones who caused it. In case of the music industry, they ignored MP3, then they ignored, napster and co. then they sued napster when the damage was done and out of control. If they had embraced MP3 in the very beginning, and had ran their own donwload sites at fair prices, then there would not have been a need for pirates, it wouldn't even make sense. But the music industry is greedy, and always wants MORE profit, so they make stuff artificially expensive and then moan that people give copies to their friends. I have an insane record collection, and when i download a track that i already own on Vinyl, on CD, or on BOTH, then they still want MORE money, i already paid the damn thing TWICE, so why is it a problem to download it?. Is it illegal? NO. Then why moan about it? And if there is no money in making music, then why do studio's still record music?, Why do record labels still produce music? If there was no profit then there would be no product. They still make music, and still make a living. And now people try before they buy, they download, and find new music that the industry does not promote on the radio. And more artist make a chance to make money, all over the world, not in a small region. So that part is one big lie. Torrents do more music promotion then what radio ever accomplished. But thats off topic i guess... I had to say something about it. It's just silly. If you want fame in the 21th century, then make sure you have a torrent available. And you can make yourself more popular then 21thcentury fox can do for you with all the money in the world. And for TAX it doesn't matter, Servers make TAX, advertisment makes TAX, Concerts make TAX, more then ever before. I'm not promoting piracy, i'm only saying that the music industy is barking up the wrong tree, torrents SELL MUSIC and without the need of bribing corrupt radio hosts.. It's cheaper then radio. The other topic have similar answers, movie industry is a bit different, buy they could have used torrent as a distribution mechanism, and made money without expensive servers and datapipes. It's their own mistake, and now they need someone to blame. So if TOR can protect people who are human and share their cooking recipes then that's all good. Without sharing data the human race would be more like a bunch of chimps fighting over a branch. If the music industry manages to put us in a zoo where we need to pay to look outside, then we are like chimps in a boring zoo without any visitors. thats not human Damn, i got pissed My apologies for my ranting... i'll buy some music next week... - Original Message - A new report published by the European Union Intellectual Property Office -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Graypony
On Sun, Nov 24, 2013 at 8:28 AM, Tempest temp...@tushmail.com wrote: hi, conrad. awhile ago, you'd mentioned you were working on a hidden service e-mail system. i was wondering if you had made any progress on it. - Hello Tempest, Basically Greypony has been mostly configured, but I'm running into some issues doing transparent proxying with Postfix and the edge MTAs. I don't want to store any of the mailboxes on the edge MTAs at all. All of the mailboxes must be stored on Tor in order to assure security and anonymity of sources. I'm hoping that the code that Lunar has that Ruby code that'll allow the configuration of using querying DNS via TCP to prevent DNS leaks outside of Tor. Of course, if anyone has any suggestions, I'm more than open to them, please - I would like to consider this a group effort. For those who don't know - Greypony http://www.greypony.org is a Tor based hidden email solution that allows users on Tor to send emails to the public Internet from within the Tor network, send emails to other Tor users, and allows public Internet users to send emails to Tor users. The goal for the service is to have built in GPG encryption, IMAP, webmail, and all sorts of other goodies. The Internet facing MTAs (the MTAs on the Public Internet) just run a MTA, do not perform any logging whatsoever, and just forward emails to the Tor dataserver. The opposite occurs, the Tor dataserver sends an email to the MTA and it forwards it on the the Public Internet. Again, no logging is performed on the Tor dataservers either. There's no way to recover passwords on the dataservers. Preferred authentication would be Certificate based authentication (certificated would be generated) and again, GPG would be used to ensure proper security. If there's any suggestions, or any questions, please let me know. -- Conrad Rockenhaus http://www.rockenhaus.com/ http://www.lagparty.org/~conradr/ -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v2.0.22 (MingW32) mQGNBFKLfOwBDADgdC8rA0FY8WFBllGZWogsOGSh7YvwA50OwNnlb//j/U9A8WCi jL+KAHm/eaaHne6R0t2SvIVTkC/tNljb9ylUKSsb8F2+5JDEb1k0Za2bJCM1BqkW M8mpcu+VYdhOqCRKr2mIV34gD8XQhOi9Z95VGH2aUoIShSeTUU9gFC9r9MGiZrue Sdxaq+n1rDaadPwg1fuCmiDyN6kTDGpbxIzSuEuXpat+Yif4styvwXTq5oYHZG5t WikEJUcoY6S2rH/qhfU4K/kuAKK2m5IfawP3+bD3iaD+cQrTtjVdGXCOUVbogVEj uGDugwGAWe8sJoSX/HxbzE6gKFlgbwDRNjDdU21YJJCyYXAdwAIx+uzBcFBtcWtl OEWamE23i0O/koaYQKi5AxBrUTKBfKenmF98L5hCbd8v6dMHhjepJj8OZ1hMOxw+ NnHI38h40TEZmgj8+GuyG2yJIPgl/+baqZciJzsY0tf6k2FAHcebpCuwwXUMyxpF zDlHM+CMwy9LhosAEQEAAbRFQ29ucmFkIFJvY2tlbmhhdXMgKE5ldyBHUEcgS2V5 IC0gUmVwbGFjZW1lbnQpIDxjb25yYWRAcm9ja2VuaGF1cy5jb20+iQG/BBMBAgAp BQJSi3zsAhsDBQkGCTokBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQwzp0 fZg53n+ldgv/dOCxNCDlNNExStot90KZvMELGqDQs7A7LN5LJHLJmPR4s93b3xUB GW6TrJEn+bwrvPsc2IERvYDjHd7618pCm83tRB+yD5xqdd2wzeFO0CxrdhSsCLeQ MvQyW6ObEL/OyZN90jWIIab8KffHdWpnn3cGbEmpGBFT34gV7aEgUtCn3w+sCpll gth6z5tI0Gd6wVCzd02hfjtKvFrHcmI9I6V/HlcF2cKSzJwUPozwelTGl6v80lBf CCGWZ9itJ2kL1H0CZuienwgqielhundCwu+NiJZJE9X5R9kAgqF/6HdZd0DxIlmY 7GDLZn84xBfBLQWtV/skysK81f4HAk2CJF80DO9+k2IqRnwfvhNIzNAI2WE7jjr/ yeZa3H0hvjG2PBhNeMByk3rQoI1Vhp37QAuta6lPRSJV6XOC0ZsMAYvS3PXBkXqO uEx/hgATl24M9Ziyryd3aYtLyQpJup/Q1GB7MRjRoNxUTt96LGef16MiY5qqfEF7 swMm4VnWK5JVuQGNBFKLfOwBDACfae2k6ehQ9q6CTteFbNnrVCJWK/dQlkT53cDS xX+hLI+P/8SVQ3PrTvmHo+6ihTEp11TlmjpB7tGuuSH6kZD3e8vuiqdibzOkjot4 l4dU3K8Rs/pCM8sTsMWUoZlK8iSTWJmi1RVO3A5/MshPFN9X/SSv5wZ8Cop+ME// hvrRpcPwGz4tE9ULkeIRVaPicmh8IeQDfTeKDrwgU+Sm5DKVGTWk74dieQ1jcS7I zJCAv0Z6U+GKNVwby/HX1z3wPGQvHrmMtcXbUYBDYkMgr71YOtwqpfvFej1VrUrR y1jbCtztgCKESN1C9VAQEggSTExMUdYCpImKYk9DAsydl2p96Wo7rFgP1Ryru9oY 76tw5h7AhegJJqY9ZmCP0as4LtASRSXjY8DOAtRnM2V5jB7Cn1mFGTpEps6ykCiG 2vDLEnLZ5zn2l1S+Ka/EsSbQCUFgOyJBlTJLBbd9a4/Z/FxMcIKfWY/WbTyJMTsQ XJoejHzTRDcK6VcXcszEjYv8d3kAEQEAAYkBpQQYAQIADwUCUot87AIbDAUJBgk6 JAAKCRDDOnR9mDnef0YCDAC6YZhvuvIuoykfL6XfFHGNg+EKGPPQ0JkcJXambMnc duINru44VIKFfCi8NeHV9KmPmMKPFXVlpnxqNS9AZJVjBiFSztsET2uDLu3BASza 6sHEIshXrhoU7VoiGQEC17NIurByrAztPXOAGLkeOOH/oPhdkKlyOJ8nxiKxFGzG /No6ejcrzKoZ0Zi62aOp9kOxXan8zyrc5o0mTUnDAyKSU9+niiiwifYVhI284n6G wiCdkCFxG22x5MkYafWIR+z58cTLSTtUfqzxBE/nXTFaS+MvBueCpoo+DhSpsTHw sy3qDpHIRdx+T/E+Nh/g3B5EHgUEt2R3Q8mdgtYUyQkc5VE9XuZ+FaU7yA6kSBRx DdO/0zgSjh78LwwD3BHmZI6dzDRX4MHKjCAWU5YZnL5iu63Msr1EGkfsAYQmuLCk 8NN1ZXJPDT8bS3coPawDMXhrbI6LCiQ2S1GJH4aLhmTfFZ/KAs1IUddlkp0Dm/II V/cr6DHoVJlLzdHp9RdA/2U= =d3ja -END PGP PUBLIC KEY BLOCK- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tordns incapable of MX lookups (was Basics of secure email platform)
On Mon, Nov 25, 2013 at 12:51 PM, Lunar lu...@torproject.org wrote: Conrad Rockenhaus: If you have it laying around, I'm interested. Would you mind uploading it to GitHub or emailing it to me so I can upload it to GitHub (credits to you of course.) I would mind uploading it to GitHub. Benjamin Mako Hill wrote a nice rationale about it: http://mako.cc/writing/hill-free_tools.html In any cases, I'll send you the code, if you can get it to work, you'll be free to do whatever you want with it. Would rather use anything other than Windows. I don't understand why you suddently talk about Windows. Basically, the reason why Windows was brought up in the discussion was due to the fact that ISA Server has a SOCKS4/5 client that will allow client computers (including MS Exchange) to connect to the ISA, which can be configured to route everything through Tor. That's all. I'm not sure of any *nix compatible proxying server that would allow a MTA to connect to a SOCKS4/5 server. That's all. Of course, I could could be wrong and would love to hear other ideas on this concept. -- Conrad Rockenhaus http://www.rockenhaus.com/ http://www.lagparty.org/~conradr/ -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tordns incapable of MX lookups (was Basics of secure email platform)
Lunar, If you have it laying around, I'm interested. Would you mind uploading it to GitHub or emailing it to me so I can upload it to GitHub (credits to you of course.) so we can work on it some more. Would rather use anything other than Windows. I'm going to experiment with the Windows though, just to see if it works or not. I'll get y'all posted. --Rock On Sun, Nov 24, 2013 at 5:56 AM, Lunar lu...@torproject.org wrote: t...@lists.grepular.com: 1) Create a list of tor exit nodes that do not block port 25 2) Command the tor daemon to exit those nodes exclusively. SSL-SMTP configured to works over 465 port in most cases. On Windows Yes. SMTP over ssl/tls is configured on port 25. Starttls, aca submission, is configured for port 587 You guys are getting hung up on the wrong thing. Before talking ports (which is a non-issue), realize that tordns cannot do an MX lookup. This remains the biggest hurdle to sending mail. Postfix must run with a transparent proxy (no SOCKS proxy capability), so it relies wholly on tordns for MX lookups. It is also possible to some advanced magic around Postfix to avoid that. The trick is to use a daemon, hooked up to Postfix using a tcp_table(5) as transport_maps. Then for each mail that Postfix wants to deliver, that daemon open up a new local port where traffic will be redirected through Tor to the SMTP server. Postfix is told to use that local address in order to deliver that particular email. Because that deamon will be the one doing the MX lookup, it can query a DNS over TCP over Tor to get the MX record. I might still have some Ruby code implementing that scheme lying around somewhere if anyone's interested. I was the first one amazed when it actually worked. -- Lunar lu...@torproject.org -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- Conrad Rockenhaus http://www.rockenhaus.com/ http://www.lagparty.org/~conradr/ -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v2.0.22 (MingW32) mQGNBFKLfOwBDADgdC8rA0FY8WFBllGZWogsOGSh7YvwA50OwNnlb//j/U9A8WCi jL+KAHm/eaaHne6R0t2SvIVTkC/tNljb9ylUKSsb8F2+5JDEb1k0Za2bJCM1BqkW M8mpcu+VYdhOqCRKr2mIV34gD8XQhOi9Z95VGH2aUoIShSeTUU9gFC9r9MGiZrue Sdxaq+n1rDaadPwg1fuCmiDyN6kTDGpbxIzSuEuXpat+Yif4styvwXTq5oYHZG5t WikEJUcoY6S2rH/qhfU4K/kuAKK2m5IfawP3+bD3iaD+cQrTtjVdGXCOUVbogVEj uGDugwGAWe8sJoSX/HxbzE6gKFlgbwDRNjDdU21YJJCyYXAdwAIx+uzBcFBtcWtl OEWamE23i0O/koaYQKi5AxBrUTKBfKenmF98L5hCbd8v6dMHhjepJj8OZ1hMOxw+ NnHI38h40TEZmgj8+GuyG2yJIPgl/+baqZciJzsY0tf6k2FAHcebpCuwwXUMyxpF zDlHM+CMwy9LhosAEQEAAbRFQ29ucmFkIFJvY2tlbmhhdXMgKE5ldyBHUEcgS2V5 IC0gUmVwbGFjZW1lbnQpIDxjb25yYWRAcm9ja2VuaGF1cy5jb20+iQG/BBMBAgAp BQJSi3zsAhsDBQkGCTokBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQwzp0 fZg53n+ldgv/dOCxNCDlNNExStot90KZvMELGqDQs7A7LN5LJHLJmPR4s93b3xUB GW6TrJEn+bwrvPsc2IERvYDjHd7618pCm83tRB+yD5xqdd2wzeFO0CxrdhSsCLeQ MvQyW6ObEL/OyZN90jWIIab8KffHdWpnn3cGbEmpGBFT34gV7aEgUtCn3w+sCpll gth6z5tI0Gd6wVCzd02hfjtKvFrHcmI9I6V/HlcF2cKSzJwUPozwelTGl6v80lBf CCGWZ9itJ2kL1H0CZuienwgqielhundCwu+NiJZJE9X5R9kAgqF/6HdZd0DxIlmY 7GDLZn84xBfBLQWtV/skysK81f4HAk2CJF80DO9+k2IqRnwfvhNIzNAI2WE7jjr/ yeZa3H0hvjG2PBhNeMByk3rQoI1Vhp37QAuta6lPRSJV6XOC0ZsMAYvS3PXBkXqO uEx/hgATl24M9Ziyryd3aYtLyQpJup/Q1GB7MRjRoNxUTt96LGef16MiY5qqfEF7 swMm4VnWK5JVuQGNBFKLfOwBDACfae2k6ehQ9q6CTteFbNnrVCJWK/dQlkT53cDS xX+hLI+P/8SVQ3PrTvmHo+6ihTEp11TlmjpB7tGuuSH6kZD3e8vuiqdibzOkjot4 l4dU3K8Rs/pCM8sTsMWUoZlK8iSTWJmi1RVO3A5/MshPFN9X/SSv5wZ8Cop+ME// hvrRpcPwGz4tE9ULkeIRVaPicmh8IeQDfTeKDrwgU+Sm5DKVGTWk74dieQ1jcS7I zJCAv0Z6U+GKNVwby/HX1z3wPGQvHrmMtcXbUYBDYkMgr71YOtwqpfvFej1VrUrR y1jbCtztgCKESN1C9VAQEggSTExMUdYCpImKYk9DAsydl2p96Wo7rFgP1Ryru9oY 76tw5h7AhegJJqY9ZmCP0as4LtASRSXjY8DOAtRnM2V5jB7Cn1mFGTpEps6ykCiG 2vDLEnLZ5zn2l1S+Ka/EsSbQCUFgOyJBlTJLBbd9a4/Z/FxMcIKfWY/WbTyJMTsQ XJoejHzTRDcK6VcXcszEjYv8d3kAEQEAAYkBpQQYAQIADwUCUot87AIbDAUJBgk6 JAAKCRDDOnR9mDnef0YCDAC6YZhvuvIuoykfL6XfFHGNg+EKGPPQ0JkcJXambMnc duINru44VIKFfCi8NeHV9KmPmMKPFXVlpnxqNS9AZJVjBiFSztsET2uDLu3BASza 6sHEIshXrhoU7VoiGQEC17NIurByrAztPXOAGLkeOOH/oPhdkKlyOJ8nxiKxFGzG /No6ejcrzKoZ0Zi62aOp9kOxXan8zyrc5o0mTUnDAyKSU9+niiiwifYVhI284n6G wiCdkCFxG22x5MkYafWIR+z58cTLSTtUfqzxBE/nXTFaS+MvBueCpoo+DhSpsTHw sy3qDpHIRdx+T/E+Nh/g3B5EHgUEt2R3Q8mdgtYUyQkc5VE9XuZ+FaU7yA6kSBRx DdO/0zgSjh78LwwD3BHmZI6dzDRX4MHKjCAWU5YZnL5iu63Msr1EGkfsAYQmuLCk 8NN1ZXJPDT8bS3coPawDMXhrbI6LCiQ2S1GJH4aLhmTfFZ/KAs1IUddlkp0Dm/II V/cr6DHoVJlLzdHp9RdA/2U= =d3ja -END PGP PUBLIC KEY BLOCK- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] tordns incapable of MX lookups (was Basics of secure email platform)
On Sat, Nov 23, 2013 at 8:04 PM, t...@lists.grepular.com wrote: 1) Create a list of tor exit nodes that do not block port 25 2) Command the tor daemon to exit those nodes exclusively. SSL-SMTP configured to works over 465 port in most cases. On Windows Yes. SMTP over ssl/tls is configured on port 25. Starttls, aca submission, is configured for port 587 You guys are getting hung up on the wrong thing. Before talking ports (which is a non-issue), realize that tordns cannot do an MX lookup. This remains the biggest hurdle to sending mail. Postfix must run with a transparent proxy (no SOCKS proxy capability), so it relies wholly on tordns for MX lookups. Torsocks has a (now broken) feature to disable TorDNS. If tordns could be disabled, then postfix could do an MX lookup. It would be a leak, but at least it would work. At the moment, the tordns disabler has been removed, so there is no hope of running a mail server... Unless someone comes up with a SOCKS-capable mail server. Well, there's a way to get this done, but it's not a *nix based solution. You can utilize ISA Server, Microsoft Exchange, and the Socksv4 firewall client. Use the ISA Server to centrally connect to Tor, use the Socksv4 client to let Microsoft Exchange connect via socks to the client. It's something I'm willing to try out and see if it works if anyone wants to know the results of such test, but I'm pretty sure this type of solution should work. -Rock -- Conrad Rockenhaus http://www.rockenhaus.com/ http://www.lagparty.org/~conradr/ -BEGIN PGP PUBLIC KEY BLOCK- Version: GnuPG v2.0.22 (MingW32) mQGNBFKLfOwBDADgdC8rA0FY8WFBllGZWogsOGSh7YvwA50OwNnlb//j/U9A8WCi jL+KAHm/eaaHne6R0t2SvIVTkC/tNljb9ylUKSsb8F2+5JDEb1k0Za2bJCM1BqkW M8mpcu+VYdhOqCRKr2mIV34gD8XQhOi9Z95VGH2aUoIShSeTUU9gFC9r9MGiZrue Sdxaq+n1rDaadPwg1fuCmiDyN6kTDGpbxIzSuEuXpat+Yif4styvwXTq5oYHZG5t WikEJUcoY6S2rH/qhfU4K/kuAKK2m5IfawP3+bD3iaD+cQrTtjVdGXCOUVbogVEj uGDugwGAWe8sJoSX/HxbzE6gKFlgbwDRNjDdU21YJJCyYXAdwAIx+uzBcFBtcWtl OEWamE23i0O/koaYQKi5AxBrUTKBfKenmF98L5hCbd8v6dMHhjepJj8OZ1hMOxw+ NnHI38h40TEZmgj8+GuyG2yJIPgl/+baqZciJzsY0tf6k2FAHcebpCuwwXUMyxpF zDlHM+CMwy9LhosAEQEAAbRFQ29ucmFkIFJvY2tlbmhhdXMgKE5ldyBHUEcgS2V5 IC0gUmVwbGFjZW1lbnQpIDxjb25yYWRAcm9ja2VuaGF1cy5jb20+iQG/BBMBAgAp BQJSi3zsAhsDBQkGCTokBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQwzp0 fZg53n+ldgv/dOCxNCDlNNExStot90KZvMELGqDQs7A7LN5LJHLJmPR4s93b3xUB GW6TrJEn+bwrvPsc2IERvYDjHd7618pCm83tRB+yD5xqdd2wzeFO0CxrdhSsCLeQ MvQyW6ObEL/OyZN90jWIIab8KffHdWpnn3cGbEmpGBFT34gV7aEgUtCn3w+sCpll gth6z5tI0Gd6wVCzd02hfjtKvFrHcmI9I6V/HlcF2cKSzJwUPozwelTGl6v80lBf CCGWZ9itJ2kL1H0CZuienwgqielhundCwu+NiJZJE9X5R9kAgqF/6HdZd0DxIlmY 7GDLZn84xBfBLQWtV/skysK81f4HAk2CJF80DO9+k2IqRnwfvhNIzNAI2WE7jjr/ yeZa3H0hvjG2PBhNeMByk3rQoI1Vhp37QAuta6lPRSJV6XOC0ZsMAYvS3PXBkXqO uEx/hgATl24M9Ziyryd3aYtLyQpJup/Q1GB7MRjRoNxUTt96LGef16MiY5qqfEF7 swMm4VnWK5JVuQGNBFKLfOwBDACfae2k6ehQ9q6CTteFbNnrVCJWK/dQlkT53cDS xX+hLI+P/8SVQ3PrTvmHo+6ihTEp11TlmjpB7tGuuSH6kZD3e8vuiqdibzOkjot4 l4dU3K8Rs/pCM8sTsMWUoZlK8iSTWJmi1RVO3A5/MshPFN9X/SSv5wZ8Cop+ME// hvrRpcPwGz4tE9ULkeIRVaPicmh8IeQDfTeKDrwgU+Sm5DKVGTWk74dieQ1jcS7I zJCAv0Z6U+GKNVwby/HX1z3wPGQvHrmMtcXbUYBDYkMgr71YOtwqpfvFej1VrUrR y1jbCtztgCKESN1C9VAQEggSTExMUdYCpImKYk9DAsydl2p96Wo7rFgP1Ryru9oY 76tw5h7AhegJJqY9ZmCP0as4LtASRSXjY8DOAtRnM2V5jB7Cn1mFGTpEps6ykCiG 2vDLEnLZ5zn2l1S+Ka/EsSbQCUFgOyJBlTJLBbd9a4/Z/FxMcIKfWY/WbTyJMTsQ XJoejHzTRDcK6VcXcszEjYv8d3kAEQEAAYkBpQQYAQIADwUCUot87AIbDAUJBgk6 JAAKCRDDOnR9mDnef0YCDAC6YZhvuvIuoykfL6XfFHGNg+EKGPPQ0JkcJXambMnc duINru44VIKFfCi8NeHV9KmPmMKPFXVlpnxqNS9AZJVjBiFSztsET2uDLu3BASza 6sHEIshXrhoU7VoiGQEC17NIurByrAztPXOAGLkeOOH/oPhdkKlyOJ8nxiKxFGzG /No6ejcrzKoZ0Zi62aOp9kOxXan8zyrc5o0mTUnDAyKSU9+niiiwifYVhI284n6G wiCdkCFxG22x5MkYafWIR+z58cTLSTtUfqzxBE/nXTFaS+MvBueCpoo+DhSpsTHw sy3qDpHIRdx+T/E+Nh/g3B5EHgUEt2R3Q8mdgtYUyQkc5VE9XuZ+FaU7yA6kSBRx DdO/0zgSjh78LwwD3BHmZI6dzDRX4MHKjCAWU5YZnL5iu63Msr1EGkfsAYQmuLCk 8NN1ZXJPDT8bS3coPawDMXhrbI6LCiQ2S1GJH4aLhmTfFZ/KAs1IUddlkp0Dm/II V/cr6DHoVJlLzdHp9RdA/2U= =d3ja -END PGP PUBLIC KEY BLOCK- -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Help with getting a good automated sign up script for an email service on TOR
Hello, http://eq4xhu6y7nmemcb2.onion/squirrelmail is almost online. Working out some kinks and need to get the bigger MTAs set up. However, I need to find a good automated sign up script because I don't feel like coding one. Anyone know of a good one? I've tried the Google and came up empty handed. -Rock -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Help with getting a good automated sign up script for an email service on TOR
Thanks. The service that I'm starting up is connecting to external mtas that aren't tor exit nodes. So basically, the way tormail was set up to a degree. Starting out small until so I can prove the viability so people will start using and hopefully donating either bandwidth or etc to keep it alive. There's going to be one major difference between this project and tormail though - the data/web backend won't be in one place. More on that later, I'm trying to get the proof of concept off the ground. -Rock On Sep 17, 2013 10:11 AM, Harold Naparst har...@alum.mit.edu wrote: http://eq4xhu6y7nmemcb2.onion/squirrelmail is almost online. Working out some kinks and need to get the bigger MTAs set up. However, I need to find a good automated sign up script because I don't feel like coding one. Anyone know of a good one? I've tried the Google and came up empty handed. Rock, you can check out mine: http://secmailmzz5xe4do.onion I haven't had time to add a CAPTCHA yet, because I'm more interested in working on getting mail sent to non-onion sites to use the tor network without leaking DNS and so on. The registration script depends on how you are storing your login information, and there are a lot of ways to do that. I'm using vpopmail, and I hacked vqregister, which is mentioned in the squirrelmail plugins page. Vqregister is truly horrible, and I had to hack it pretty badly to get it to work. If you want it, though, you can have it. But probably you're using something else (like postfix/postfixadmin), and so the architecture won't work for you. This hidden mail service will probably only be useful for mail to other .onion sites, because most large e-mail providers block e-mail from tor exit nodes, as I found out during testing. Harold -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Help with getting a good automated sign up script for an email service on TOR
Nathan, That's exactly what I'm doing with this project. InternetMTAs(Just running Postfix with ABSOLUTELY no logging) also running TOR as a (client only)--Data Server(Running as Hidden Service only, no logging)-TOR End User Basically, to the normal Internet, it will just be a plain jane email address that is coming from a plain jane MTA. The MTAs will not know the IP address of the data servers because they will only deliver the email via TORified SMTP to the data server. Of course, standard SPAM limiting measures will be in place (limits on number of addressees in a message, limits on how many messages can be sent per minute, per hour, etc.) Now I've got the MTAs, I'm just perfecting the configuration and trying to figure out a good domain name to use for the service (I would rather not use networks.rockenhaus.com, which is the placeholder for now.) I also need to come up with a secondary domain name in case people start blocking emails from the domain. I'm funding the initial proof of concept. What I'll be asking for is either a honor system payment (so those who can't afford to pay can still use the service) or a donation based model, and also try to fund the service with tor based web hosting (which I doubt will bring in any needed cash) and ask for donations of bandwidth and servers. The primary main objective, heh, is to ensure a failsafe system to provide freedom of expression, freedom of government intrusion, and freedom of ensuring access to an experimental anonymous email system that won't turn over anything on it's servers, as if authorities seize MTAs, they won't find any evidence on there, and if they seize a data server, there's another data server standing by to automatically fail over (not putting the eggs in one basket like tormail.) The only lines of compromise are sniffing the traffic in the MTAs, most TOR users are capable of utilizing encryption for their emails anyway. Sorry for the long response. I just wanted to paint a picture of how it would work. Now, for those who are curious about a guy who appeared out of no where and started building this - I've been lurking for a while, and I didn't want to say anything until I had the resources to build this. If you want further information about me please feel free to contact me and I'll let you know who I am and why I am very pro free speech and pro tor, even when it's used to personally attack me. Thanks, Rock On Tue, Sep 17, 2013 at 3:51 PM, Nathan Suchy theusernameiwantista...@gmail.com wrote: If your willing to use a few servers one could be a Tor Node and one could be an Email Relay which seemed normal and custom code your project.. Sent from my Android so do not expect a fast, long, or perfect response... On Sep 17, 2013 10:26 AM, Conrad Rockenhaus con...@rockenhaus.com wrote: Thanks. The service that I'm starting up is connecting to external mtas that aren't tor exit nodes. So basically, the way tormail was set up to a degree. Starting out small until so I can prove the viability so people will start using and hopefully donating either bandwidth or etc to keep it alive. There's going to be one major difference between this project and tormail though - the data/web backend won't be in one place. More on that later, I'm trying to get the proof of concept off the ground. -Rock On Sep 17, 2013 10:11 AM, Harold Naparst har...@alum.mit.edu wrote: http://eq4xhu6y7nmemcb2.onion/squirrelmail is almost online. Working out some kinks and need to get the bigger MTAs set up. However, I need to find a good automated sign up script because I don't feel like coding one. Anyone know of a good one? I've tried the Google and came up empty handed. Rock, you can check out mine: http://secmailmzz5xe4do.onion I haven't had time to add a CAPTCHA yet, because I'm more interested in working on getting mail sent to non-onion sites to use the tor network without leaking DNS and so on. The registration script depends on how you are storing your login information, and there are a lot of ways to do that. I'm using vpopmail, and I hacked vqregister, which is mentioned in the squirrelmail plugins page. Vqregister is truly horrible, and I had to hack it pretty badly to get it to work. If you want it, though, you can have it. But probably you're using something else (like postfix/postfixadmin), and so the architecture won't work for you. This hidden mail service will probably only be useful for mail to other .onion sites, because most large e-mail providers block e-mail from tor exit nodes, as I found out during testing. Harold -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change
Re: [tor-talk] Help with getting a good automated sign up script for an email service on TOR
Nathan, The development servers are in separate jurisdictions throughout the world. For the initial proof of concept, I have two MTAs and two Data Servers, with one spare server. Each one is in a separate jurisdiction to make it more difficult to tap. I won't go into details, but let's just say that the United States wasn't an option for the Data Servers. I may consider the US for MTAs in the future... Rock On Tue, Sep 17, 2013 at 6:10 PM, Nathan Suchy theusernameiwantista...@gmail.com wrote: You should send email from a separate server in a different location and have legal protection. Keep it in a Europe country that would help... Sent from my Android so do not expect a fast, long, or perfect response... On Sep 17, 2013 5:45 PM, Conrad Rockenhaus con...@rockenhaus.com wrote: Nathan, That's exactly what I'm doing with this project. InternetMTAs(Just running Postfix with ABSOLUTELY no logging) also running TOR as a (client only)--Data Server(Running as Hidden Service only, no logging)-TOR End User Basically, to the normal Internet, it will just be a plain jane email address that is coming from a plain jane MTA. The MTAs will not know the IP address of the data servers because they will only deliver the email via TORified SMTP to the data server. Of course, standard SPAM limiting measures will be in place (limits on number of addressees in a message, limits on how many messages can be sent per minute, per hour, etc.) Now I've got the MTAs, I'm just perfecting the configuration and trying to figure out a good domain name to use for the service (I would rather not use networks.rockenhaus.com, which is the placeholder for now.) I also need to come up with a secondary domain name in case people start blocking emails from the domain. I'm funding the initial proof of concept. What I'll be asking for is either a honor system payment (so those who can't afford to pay can still use the service) or a donation based model, and also try to fund the service with tor based web hosting (which I doubt will bring in any needed cash) and ask for donations of bandwidth and servers. The primary main objective, heh, is to ensure a failsafe system to provide freedom of expression, freedom of government intrusion, and freedom of ensuring access to an experimental anonymous email system that won't turn over anything on it's servers, as if authorities seize MTAs, they won't find any evidence on there, and if they seize a data server, there's another data server standing by to automatically fail over (not putting the eggs in one basket like tormail.) The only lines of compromise are sniffing the traffic in the MTAs, most TOR users are capable of utilizing encryption for their emails anyway. Sorry for the long response. I just wanted to paint a picture of how it would work. Now, for those who are curious about a guy who appeared out of no where and started building this - I've been lurking for a while, and I didn't want to say anything until I had the resources to build this. If you want further information about me please feel free to contact me and I'll let you know who I am and why I am very pro free speech and pro tor, even when it's used to personally attack me. Thanks, Rock On Tue, Sep 17, 2013 at 3:51 PM, Nathan Suchy theusernameiwantista...@gmail.com wrote: If your willing to use a few servers one could be a Tor Node and one could be an Email Relay which seemed normal and custom code your project.. Sent from my Android so do not expect a fast, long, or perfect response... On Sep 17, 2013 10:26 AM, Conrad Rockenhaus con...@rockenhaus.com wrote: Thanks. The service that I'm starting up is connecting to external mtas that aren't tor exit nodes. So basically, the way tormail was set up to a degree. Starting out small until so I can prove the viability so people will start using and hopefully donating either bandwidth or etc to keep it alive. There's going to be one major difference between this project and tormail though - the data/web backend won't be in one place. More on that later, I'm trying to get the proof of concept off the ground. -Rock On Sep 17, 2013 10:11 AM, Harold Naparst har...@alum.mit.edu wrote: http://eq4xhu6y7nmemcb2.onion/squirrelmail is almost online. Working out some kinks and need to get the bigger MTAs set up. However, I need to find a good automated sign up script because I don't feel like coding one. Anyone know of a good one? I've tried the Google and came up empty handed. Rock, you can check out mine: http://secmailmzz5xe4do.onion I haven't had time to add a CAPTCHA yet, because I'm more interested in working on getting mail sent to non-onion sites to use the tor