logs archiveIRC Archive / Oftc / #tor / 2009 / December / 24 / 1
avar
is there a GETINFO command at port 9051 that I can query to find out how many bytes my node has transferred this month or this $time?
I.e. what counts towards AccountingMax
Sebastian
avar: not currently, there's currently a proposal being worked on on the or-dev mailing list
http://archives.seul.org/or/dev/
you might want to chime in
see http://archives.seul.org/or/dev/Dec-2009/msg00004.html and the replies
avar
ah, nice
nsa
or: phobos committed revision 21322 (/website/trunk/en): throw in a title anyway
or: phobos committed revision 21323 (/website/trunk/img): add a screenshot of the vidalia control panel
or: phobos committed revision 21324 (/website/trunk/vidalia/en): abuse a sidebar to put in a screenshot of vidalia.
or: phobos committed revision 21325 (/website/trunk/img): shrink the image a bit
nike
Hmm, I can't seem to get Tor working with Polipo. I've got Firefox 3.5.7 and Torbutton 1.2.3 and I edited the polipo config to uncomment socksParentProxy = localhost:9050
Restarted Polipo and Torbutton...
marlowe
nike: what error message do you get?
nike
The proxy server is refusing connections
phobos
for the logic, your traffic is firefox -> torbutton -> polipo -> tor
which polipo config did you use?
nike
phobos: I have the Debian default config file with 3 lines uncommented I read on a website somewhere I needed to uncomment them, then I restarted polipo and then toggled Torbutton off then on again and still error
         

phobos
did you set
proxyAddress = "127.0.0.1"
proxyPort = 8118
torbutton assumes polipo is on tcp/8118
or you can just replace the debian default polipo config with ours
nike
phobos: Sweet, it works!
Now I'll prevent privoxy from autostarting with my system... =]
MoiraA
is it appropriate to ask in here why I am now connected through tor even though I put no settings in my client?
keb
did you set up a system proxy
murb
MoiraA: how do you know you're connected through tor?
MoiraA
well, I don't live in sweden
and this set tor in my host
and why have quakenet done this?
~moira@c7e24323.tor.gateway.quakenet.org :is now your hidden host
vidalia is running
but that's it
it's a nice easy way to configure stuff
do nothing and it just works
it is a bit of a puzzle
the browsers are not using tor
seriously two servers used it to connect and you can see that
there is nothing in proxy servers in opera
keb
ctcp MoiraA version
er
there should be a proxy setup window somewhere under Preferences, Network Setup
phobos
it depends on which OS too
MoiraA
and my own IP would no doubt have failed the proxy checks, how many times do I have to tell them *I am not running a tor exit node for websites or irc`*
snow leopard
keb
-MoiraA- VERSION X-Chat Aqua 0.16.0 (xchat 2.6.1) Darwin 10.2.0 [i386/2.53GHz/SMP]
phobos
in system preferences, network, did you configure a proxy?
somedude
hi, anyone can test if given node is working correctly?
keb
we can check a few things. what is the fingerprint or ip address
somedude
188.116.33.15
keb
http://torstatus.kgprog.com/router_detail.php?FP=c4423b4c3670a313fde6352aa4be9c542a4dc2b3
somedude
"Self-testing indicates your DirPort is reachable from the outside. Excellent."
so it appears fine
MoiraA
phobos that is what Im saying
no
keb
yep
somedude but no traffic going through it yet
somedude
how do you know that?
keb
see the link i posted
         

somedude
can you connect using it (build manually a circuit using it or somethind)
keb
i dont have tool for that but someone does
somedude
ah, observed field
can you please test? well it is up for like 20 minutes
phobos
it takes a few hours for clients to trust you
keb
ah ok, that directory doesnt update more than every few hours
someone could set it as one of their EntryNodes to try it
phobos
MoiraA: you must have configued something or you are running a node on the same IP
MoiraA
my irc is awesome
I type an amsg, and it not only replicates server wide, but it crosses servers too
and types my greetiung or whatever in every single channel I;'m in on 6 servers
now it connects to proxies when it feels like it
without any intervention
MrDudle
MoiraA, it's awesome
somedude
btw, what about attacks getting real nowdays
keb
what attacks
somedude
it seems quite easy for one to setup sh*tload of nodes and monitor both ends
time correlation by owning 2 nodes in chain (first and exit)
phobos
MoiraA: it seems you are having some issues :0
it's a possible attack, yes
keb
how much money or time do you have, and mathematical expertise to do that correlation
somedude
governemnt can easly set up 1000 nodes and then monitor around... (1/3)^2 = 12% of all connections - so eventually most people (even with entry guards)
MoiraA
attack??
me?
somedude
its nothing for gov to buy 1000 VPSes to set up nodes, is it
USA bought like 1000 PSP's recently or something ;)
or even hope for 3 out of 3 nodes in chain a.k.a total ownage
keb
if the tor network suddenly got bigger by 1000 fast nodes we would have seen it
somedude
its just (1000/3000)^3 probable, so easly could get for example handfull of .cn bloggers or something
keb, or add 3 nodes each day for a year, how do you know if it is not already the case
does TOR have something agains that?
to protect from that
it can be cn gov, it can be influential cyber crime group
keb
well we want people to add fast nodes
MoiraA
(Action) seems to think this is not about her
phobos
MoiraA: this is not about you
MoiraA: but it's odd that your irc client is sentient
somedude
or just one can rent 1000 zombies botnet... and done
keb
and there is ongoing development against those timing attackes
MoiraA correct
somedude
how do we protect from that?
MoiraA
I have a screen shot to show you shortly
somedude
seriously, with I guess 10.000 usd I can own tor, just rent 300 zombies for a week and thats all
phobos
actually, there was a paper on that
somedude
* own = unmask noticible amount of connections on tor to public internet (a bit harder for .onion)
yeah I read some papers.. but, do we in the end have means (or, in development?) to protect from that very serious thread
increasing to 5 hops will not help.. but what if the nodes add random delay also, then attacker needs to own all 5, right?
keb
somedude see proposal https://git.torproject.org/checkout/tor/master/doc/spec/proposals/144-enforce-distinct-providers.txt
phobos
http://conspicuouschatter.wordpress.com/2009/11/13/in-real-time-from-ccsw09-more-website-fingerprinting/
and http://www.cs.rpi.edu/~edmanm2/ccs159-edman.pdf
and http://conspicuouschatter.files.wordpress.com/2009/08/ccsinfer1.pdf
arma would be a better person to answer the question
MoiraA
drat, I get the screenshot mixed up with my real page
phobos can I email it to the tor address??
or if you like I can upload it but not now I'm dead tired
phobos
email is fine
MoiraA
could you please remind me of the address?
phobos
or you could sleep and we can figure this out in the morning
tor-assistants@torproject.org works
MoiraA
thank you
somedude
keb, cool I was about to say that... to force nodes to be on different /8 class or something
MoiraA
sorry phobos I've had enough! It won't find the grab shot now, gets as far as the folder it ought to be in then just shows it as an empty folder
I'm too tired for all this
and my plastic duck won't paste into applications
mib_4m1twf61rr8k
my extension doesn't work anymore
XML Parsing Error: undefined entity Location: chrome://torbutton/content/preferences.xul Line Number 6, Column 1:
that's what i get instead of the options
keb
did you uninstall and reinstall
mib_4m1twf61rr8k
no
Alcasar
i'm trying to use Vidalia Tor with Offbyone browser
am i in the right channel?
keb
probably
what is your question
hehe i'll let someone else answer the next one from him
Goldstein
why is it that sometimes when you cant connect, you have to wait for it for like 10 minutes before you can?
keb
well tor builds a new circuit every 10 minutes or so
Goldstein
yeah i figured
keb
you could use the New Identity button in vidalia to do it quicker
Goldstein
but why is the first on bad
one
why do bad circuits happen?
keb
some nodes may be slow or have firewalls or other non-exit policy things blocking them from the ports you want
so the tor network doesnt know about that and cant route around it
Goldstein
you mean they accept on a certain port in their torrc but cant actually forward it really?
keb
yeah
shouldnt happen often. they could get labelled bad exit after a while
Goldstein
liar
s
join me on nottor for a sec
why isnt just using tor on one's ip considered bad? like in north korea or china, cant they just block it or round up people who use it?
keb
tor tries to look like normal SSL traffic
if they want to ban encryption such as for web commerce, that will be the end of tor usage too
lots of schools and other institutions have installed restrictive firewall services that do block tor
or try
sahal
if you can run software you should be able to exit using one of the exit nodes that listen on 443 or 80
Goldstein
i'm talking about entering I think
I'm talking about as a client, if i wanna not be obvious to my isp that I'm using tor
arma
goldstein: at this point 50000+ people use tor in china. most of them use it to do simple innocuous things. they're not all criminals. in fact, tor isn't illegal in china.
Goldstein
but what if it were
arma
north korea is a separate question. internet there is basically non-existent, so whether they use tor is a moot question.
sahal
lots of things aren't 'illegal' in china
arma
what if it were illegal? there's no place that tor is illegal. except i guess burma where encryption is illegal. i can't keep up with the laws there.
but burma is on the 'no internet' end of the discussion anyway
Goldstein
and what if you just dont want your isp to know period for anonymity's sake
agreed
arma
to know what?
Goldstein
that you're using tor
arma
ah. if you don't use a bridge, then it's very easy for them to discover that you're using tor.
if you do use a bridge, it is harder but probably still not impossible.
Goldstein
no way around that?
arma
depends how far you want to go, and how far they want to go.
keb
you could ssh tunnel all your traffic to a computer on another isp and then use tor from there
arma
our primary defense is that tor has a widely diverse set of users, and uses. so the fact that you have tor doesn't give much hint about why.
Goldstein
I guess I'll assume easy
yeah but I'm thinking that if there arent too many ppl that use it in my neighborhood, if I move, it'd be too obvious where
arma
getting around the firewall in china is not a crime. millions of people do it. getting around the firewall to post certain content? sure. but roughly none of the tor users do that.
(roughly none, not exactly none)
Goldstein
can you set tor to always choose entry nodes using port 443
arma
yes. try 'fascistfirewall 1' in your torrc
or 'reachableaddresses *:443' if you want to be more precise
Goldstein
cool, thanks
nsa
or: [wiki] keb updated TheOnionRouter/TorFAQ - http://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ
Goldstein
that's about the level at which I would be comfortable
keb
oops
Goldstein
I think it would be more trouble than it's worth for an ISP to try to beat that
unless the site's youd be connecting to on 443 are in the tor directory
is that the case?
i think it would have to be
oh well
arma
the way to identify a tor user is to fetch the directory listing of tor servers, and see if you're connecting to one.
you'd have to know that tor exists, and know the basics of how the directory system works,
Goldstein
yep
arma
but once you're at that point it's quite simple.
Goldstein
So my only other option is a server i run elsewhere
in between
problem there is, it probably might as well be myssn.com for all the anonymity I'd have with it
anything I'd trust to forward my tor traffic would probably be too closely id'ed with me
so my next question would be, how likely is it that my town has like 5 tor users?
is there a general rule about say for every 100,000 ppl, there's a tor user
keb
that depends on your town, is it a modern western town or a rural place
« prev 1 2 3 next »