Re: cease and desist from my vps provider...
Interesting. Hetzner is officially down on anything which causes them trouble (benji said so himself, repeatedly), so they're effectively accepting of a Tor middleman, but Tor exits are probably going to be pretty short-lived in Hetzner space. If you got your own IP space with own ripe contact, all the abuse mails will go to you, so it does not cause trouble to them at all. Maybe this is what is meant with you are responsible. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: What are email risks?
In email, what are anonymity risks? Header contains sender domain (maybe IP) but what else? Probably the whole header. But except from the obvious I would especially look for the received: lines, the date (because it might contain your timezone) and the X-Mailer header (shows your user agent). best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
Assuming the worse, and disregarding volunteer exit bandwidth without some proper investigation, doesn't sound like a good approach to me... Nobody does that, but I think its fair to say that if you want that somebody can contact you about your node, you publish your contact details in the directory. And if you enter wrong contact infos, you made clear that you dont want to be contacted. I think marking them as bad and waiting for the admin to show up is the easiest way to go. Lets call it a cry-test. Just wait until someone shows up and cries. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
You make it sound as though running an Exit node is a privilege and that people who run them somehow owe the Tor project? They're volunteering bandwidth, for the benefit of the network. This was not my intention. But I think it should be possible to ask a volunteer about what he is doing? And creating a freemail acc somewhere isnt that hard I think? I'm not saying that they should put their real name / email there. But at least some way to contact them would probably make this whole discussion completely useless. They are still working for the benefit of the network, but not as exit at the moment. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
At some point, we intend to shrink exit policies further as Tor scales to more decentralized schemes. Those exit policies will likely be represented as bits representing subsets of ports. When that time comes, we will very likely combine encrypted and unencrypted versions of ports together, removing this option entirely. Sounds good. But what to do for now? Just creating a list of nodes which only allow unencrypted traffic and put them into the ExcludeExitNodes list? Shouldnt these nodes be excluded by default? I'm unsure. I want to stress again that I'm not saying any operator is doing anything evil, but I think we should find some way to avoid nodes which have such weird exitpolicies. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
I'm aware of the fact that it is not recommended to use tor without additional encryption, but some users do. And I dont see any reason for only allowing unencrypted traffic than snooping? [...] I don't see why any of this really matters. Anyone running tor should have the good sense to realize that if you login to webmail.example.com over plaintext then the node operator could grab your details. It states this repeatedly on torproject IIRC. Furthermore anything really important like financial logins are typically done over SSL anyway. Yes, we all know that, hopefully the average user knows that. But in my opinion this has nothing to do with having an exitpolicy that attracts unencrypted traffic. Just the fact that everyone (hopefully) knows that the traffic can be recorded, it does not make it better if I do? I would have asked the specific operator about his exitpolicy, but as I noted, there is no contact info given, which makes it even more suspicious. Not the fact that there is no contact info - there are many nodes without contact infos - but I thought the combination is odd. If some guy gets his facebook account hijacked because he didn't read the FAQ I don't see the issue. I totally disagree. Of course, you could argue that it's his fault and so forth. I would agree to that, but on the other hand, should accept to make this even easier? Additionally, if some guy gets his account somewhere hacked after having used tor, it looks bad. And at that point, the user does not really care about I told you so!!!. He is going to tell his friends I used tor and my account got hacked.. These nodes are marked as BadExits for now, which does not hurt, because if the operators of these nodes care about Tor, they are going to ask why is my node marked as bad exit and you could have a discussion about it. The operators can tell us why they choose these exitpolicy or we can help to improve them. If those nodes - which have sometimes been up for several months - silently disappear, I know what I'll think. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Is gatereloaded a Bad Exit?
Hi, while scrolling through the tor status page (torstatus.blutmagie.de), I stumpled upon the following node (the reason why it came to my eye was the long uptime): gatereloaded 550C C972 4FA7 7C7F 9260 B939 89D2 2A70 654D 3B92 This node looks suspicious to me, because there is no contact info given and the exit policy allows only unencrypted traffic: reject 0.0.0.0/8:* reject 169.254.0.0/16:* reject 127.0.0.0/8:* reject 192.168.0.0/16:* reject 10.0.0.0/8:* reject 172.16.0.0/12:* reject 194.154.227.109:* accept *:21 accept *:80 accept *:110 accept *:143 reject *:* Am I missing something? I'm wondering why the status page lists this node as non-exit, because it clearly allows outgoing traffic on ports 21,80,110 and 143? I'm aware of the fact that it is not recommended to use tor without additional encryption, but some users do. And I dont see any reason for only allowing unencrypted traffic than snooping? Can anyone clearify this? If the admin of this node is on the list, would he please explain this situation? best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
Am 29.01.2011 20:13, schrieb Jon: On Sat, Jan 29, 2011 at 12:46 PM, Jan Weiher j...@buksy.de wrote: Hi, while scrolling through the tor status page (torstatus.blutmagie.de), I stumpled upon the following node (the reason why it came to my eye was the long uptime): gatereloaded 550C C972 4FA7 7C7F 9260 B939 89D2 2A70 654D 3B92 This node looks suspicious to me, because there is no contact info given and the exit policy allows only unencrypted traffic: reject 0.0.0.0/8:* reject 169.254.0.0/16:* reject 127.0.0.0/8:* reject 192.168.0.0/16:* reject 10.0.0.0/8:* reject 172.16.0.0/12:* reject 194.154.227.109:* accept *:21 accept *:80 accept *:110 accept *:143 reject *:* Am I missing something? I'm wondering why the status page lists this node as non-exit, because it clearly allows outgoing traffic on ports 21,80,110 and 143? I'm aware of the fact that it is not recommended to use tor without additional encryption, but some users do. And I dont see any reason for only allowing unencrypted traffic than snooping? Can anyone clearify this? If the admin of this node is on the list, would he please explain this situation? best regards, Jan It may possible be a middle node instead of an exit node. As far as I understand the ExitPolicy, the first matching rule applies. Which means, that this is an Exit Node, at least for ports 21,80,110 and 143 to IP adresses that do not match the reject rules above the corresponding accept rules. Anyone is free to correct me if I'm wrong, but a middle node has only _one_ ExitPolicy which is reject *:*. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
Am 29.01.2011 21:27, schrieb Gitano: On 2011-01-29 19:46, Jan Weiher wrote: while scrolling through the tor status page (torstatus.blutmagie.de), I stumpled upon the following node (the reason why it came to my eye was the long uptime): gatereloaded 550C C972 4FA7 7C7F 9260 B939 89D2 2A70 654D 3B92 This node looks suspicious to me, because there is no contact info given and the exit policy allows only unencrypted traffic: reject 0.0.0.0/8:* reject 169.254.0.0/16:* reject 127.0.0.0/8:* reject 192.168.0.0/16:* reject 10.0.0.0/8:* reject 172.16.0.0/12:* reject 194.154.227.109:* accept *:21 accept *:80 accept *:110 accept *:143 reject *:* Am I missing something? I'm wondering why the status page lists this node as non-exit, because it clearly allows outgoing traffic on ports 21,80,110 and 143? See: 'https://gitweb.torproject.org/arma/tor.git/blob_plain/03b9c2cb903cc59f83139039d963f1fdea99b83a:/doc/spec/dir-spec.txt' Exit -- A router is called an 'Exit' iff it allows exits to at least two of the ports 80, 443, and 6667 and allows exits to at least one /8 address space. Also: http://www.mail-archive.com/or-talk@freehaven.net/msg10275.html this explains why the status page does not list the node as an exit node. thanks. But as far as I understand, the node does not get the Exit-Flag, but it is still used for outgoing traffic on the accepted ports? So the main-question is still unanswered. best regars, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Is gatereloaded a Bad Exit?
Am 29.01.2011 21:44, schrieb Andrew Lewman: On Sat, 29 Jan 2011 19:46:20 +0100 Jan Weiher j...@buksy.de wrote: This node looks suspicious to me, because there is no contact info given and the exit policy allows only unencrypted traffic: It hasn't shown up in any of the exit scans as suspicious. What kind of scans do you perform? I thought these scans do only check for content manipulation? I dont see how to recognize if the traffic is recorded? Lack of contact info isn't a concern. I think if you run one of the fastest nodes, it is at least very odd not to have a contact info. If you are concerned about your privacy, just go on and create a freemail account somewhere. The exit policy is odd, yes. However, arguably those are also very popular ports as well. Yeah, I'm not saying this is evil, but want to bring it into discussion, because I was unable to get any reasonable explanation for this exitpolicy. Of course these ports are popular, but 443 is popular as well? So for me it looked like pick all the popular _unencrypted_ ports. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: exit node config for egypt IP range
Am 28.01.2011 19:13, schrieb Moritz Bartl: According to some Twitter users, only DNS is down. Third party DNS (or Tor) work. This differs from ISP to ISP, it looks like they tried to f*ck up the net as much as possible. A lot of routes to egyptian ISPs just disappeared from the global routing table, so I think third party DNS wont help there. But maybe some ISPs just shut down their DNS... And to the original question: Due to the way tor works, it is not possible to configure an exit node to only allow traffic from egypt. You are only able to configure what types of outbound connections you allow. best regards, Jan Moritz On 28.01.2011 18:09, Peter Thoenen wrote: All Egypt ISP are offline, the gov has turned the full internet OFF. This isn't true. I have access to some machines in Noor - this is an ISP currently active in Cairo. http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/ *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Tor relay on vserver exeeding numtcpsock
2011/1/13 Olaf Selke olaf.se...@blutmagie.de: On 12.01.2011 22:02, coderman wrote: On Wed, Jan 12, 2011 at 7:57 AM, Klaus Layer klaus.la...@gmx.de wrote: ... Error creating network socket: No buffer space available errors. The numtcpsocks parameter limit is set to 550 on the vserver. Before asking the ISP to increase the value I would like to ask you what a reasonable value of this parameter would be. 550 is ridiculous. it should be at least 4096, more if they are accomodating. here's some data for the machine running my four nodes: anonymizer2:~# netstat -tn | wc -l 54157 anonymizer2:~# netstat -tn | grep ESTABLISHED | wc -l 30708 regards Olaf *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ Well, I don't think a cheap VPS is capable of creating this much connections anyways. I got a relay with a limit of 800kb/sec (I don't think a cheap VPS can do more traffic due to traffic limitations) and I got this: jan@puerta:~$ netstat -tn | wc -l 1002 jan@puerta:~$ netstat -tn | grep ESTABLISHED | wc -l 976 But I would agree that diversity is needed and good, and there are plenty of ISPs out there. I would advice to look for a smaller one. Those are often more helpful if you have got some special requests. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: geeez...
Am 12.01.2011 09:32, schrieb Timo Schoeler: thus Mike Perry spake: Some of us are also compiling abuse response templates. The goal for abuse responses is to inform people about Tor, and to suggest solutions for their security problems that involve improving their computer security for the Internet at large (open wifi, open proxies, botnets), rather than seeking vengeance and chasing ghosts. The difference between these two approaches to abuse is the difference between decentralized fault-tolerant Internet freedom, and fragile, corruptible totalitarian control. Is there any place (e.g. in a wiki) where one could find or even upload his own 'response template', as I might assume that they will be very specific to the country's law they're issued? Such a thing could be helpful for many of us. Timo Here are some: http://www.wiredwings.com/wiki/Torservers.net_Main_Page#Abuse regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Debian/Ubuntu tor users, please check for core files
Hi, no core files on my Ubuntu 8.04 relay. regards, Jan Am 25.11.2010 04:29, schrieb Walt Mankowski: On Wed, Nov 17, 2010 at 03:17:41PM -0500, Roger Dingledine wrote: Hi folks, If you use our debs on Debian or Ubuntu, can you please do ls -la /var/lib/tor/core* as root, and let us know if you have any? No cores on my bridge node. Walt *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Crypto for hidden services [was: TorFaq on https]
Hi, just wanted to add one thing: There is no real reason not to use another layer of cryptography on top of Tor hidden services. Using HTTPS, and convincing users to use HTTPS, is far harder than merely using another layer of cryptography, and provides no real benefit. And (from a user point of view) if your HS uses https, the user sees always the BSCE (Big Scary Certificate Error), for no additional security. This makes the user feel less secure, although he is not. best regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Hi, I don't understand, too and in my opinion, this is utter nonsense. I'm not aware of any negative impacts on privacy due to the usage of https://, but without, there is the danger of eavesdropping at the exit node. best regards, Jan Am 27.10.2010 20:19, schrieb Matthew: Hello, There is a Hints and Tips for Whistleblowers Guide available at http://ht4w.co.uk/. The section on proxies includes Tor-related information which I fail to understand: You may actually get more anonymity when using the Tor cloud by *not* using the https:// version of a web page (if there is an alternative, unencrypted version available), since all the Tor traffic is encrypted anyway between your PC and the final exit node in the Tor cloud, which will probably not be physically in the United Kingdom. ---I have no idea what this means. I thought the whole point of using https:// was to prevent Tor exit nodes from snooping and / or potentially injecting content. This applies especially to websites like the reasonably anonymous whistleblowing website _wikileaks.org http://wikileaks.org/_ (based in Sweden) , which offer both http://, https:/and Tor Hidden Service methods of uploading whistleblower leak documents, but who tend to, mistakenly, insist on using https:// encryption for when someone comments on their wiki discussion pages. When (not if) the wikileaks.org servers, or a blog or a discussion forum like the activist news site _Indymedia UK http://www.indymedia.org.uk/_ are physically seized (this happened to IndyMedia UK at least 3 times now) , this may, in some circumstances, betray the real IP addresses of commentators with inside knowledge of a whistleblower leak i.e. suspects for a leak investigation. -How on earth can it be mistaken to insist on using https:// encryption? Why would using https:// betray the real IP addresses? *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Hi, Am 27.10.2010 20:55, schrieb Joe Btfsplk: On 10/27/2010 1:19 PM, Matthew wrote: Hello, There is a Hints and Tips for Whistleblowers Guide available at http://ht4w.co.uk/. Thanks for the link. I'm not sure this is a good ressource, due to the misinformation it is spreading. Don't know the answer to most of your questions, but you raise some important ones. I'm not sure how, even if records of some sites you mention are seized, they could trace directly back to you (a Tor user) - IF using it properly, because all the seized records would show is the exit node's address. Am I correct on this, Tor gurus? Yes, I thought this is the reason for using tor? confused, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Hints and Tips for Whistleblowers - their comments on Tor and SSL - I don't understand.
Am 27.10.2010 21:04, schrieb Andrew Lewman: On Wed, 27 Oct 2010 19:19:02 +0100 Matthew pump...@cotse.net wrote: There is a Hints and Tips for Whistleblowers Guide available at http://ht4w.co.uk/. The first problem is the content is actually served up by hostingprod.com and not ht4w.co.uk. As far as the content in question, it is dangerously wrong. Like the rest of the page in question (https://p10.secure.hostingprod.com/@spyblog.org.uk/ssl/ht4w/2009/12/open-proxy-servers.html) Tor exit nodes do not always allow SSL/TLS encrypted sessions either, but since these are vital for e-commerce, many do, even behind otherwise restrictive firewalls and censorware. The Tor system will, after a short delay, find a reasonably randomly chosen exit node, which does accept SSL/TLS connection, statistically, this will usually be located outside of the United Kingdom. Uhm? I think every legit exit node allows https. Remember that using any SSL/TLS https:// encrypted proxy server session, or the mostly encrypted Tor proxy cloud, may protect the contents of your traffic from local snoopers, but if you have to login or otherwise authenticate to a web server or email system etc., then those details (including your real IP address) will still probably be logged by the target server, regardless of the link or session encryption, and so your whistleblower details may still be exposed, if that server is physically seized as evidence by the police or is sneakily compromised by intelligence agencies etc., either through technical hacking or bugging or by putting pressure on the systems administrators. Uhm - well I think it is true that the page I'm logging in to knows my user credentials, but I don't get the point why they should need to snoop them from my traffic, as its probably in their database. Conclusion: I wouldn't trust any of the contents of this page ;) regards, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: Virtual Machines - what is their use?
Hello, I think there are two useful usecases for a vm in combination with tor: For Hidden Services: If you run your HS inside a VM, it is harder for a imaginary attacker to gather the location / identity of the HS. For a simple User: If you run all the applications inside a vm, it is easier for you to ensure that there is no leaking application, which means that an application sends traffic which does not go through tor. good day, Jan Am 12.10.2010 17:01, schrieb Matthew: Hello, There are, from time to time, exhortations to use Virtual Machines alongside Tor. If an individual is using Tor, Polipo, Torbutton, NoScript, and BetterPrivacy then why is a VM needed? How can VMs improve one's Tor experience? Thanks. *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
Re: How does Gmail know my local time zone (therefore ignoring the time zone of the Tor exit node) and what else can it see?
If Gmail can get the time zone via JavaScript (when the client is using Tor) then why can it not get the real IP also via JavaScript (when the client is using Tor)? I don't think it can get the real IP since I have used various tests including http://www.decloak.net/ and Tor with JavaScript does not reveal the real IP. But why not? Because there are JavaScript functions to get the current time and timezone and there are (afaik) no such functions to get some of your network settings greetings, Jan *** To unsubscribe, send an e-mail to majord...@torproject.org with unsubscribe or-talkin the body. http://archives.seul.org/or/talk/
