logs archiveIRC Archive / Oftc / #tor / 2010 / March / 22 / 1
Sebastian
Not really. I'd suggest you find a way to allow users to register anonymously, and then don't ban them by IP address. Cloaking Tor users is also a good idea, as well as allowing channels to specify whether Tor users are allowed or not.
Entirely unrestricted access is probably unrealistic
niekie
That's interesting.
Sebastian
Hidden services might be part of your solution.
I'm currently mentoring a group of 5 undergrads working on an irc proxy solution for To
r
and we might have some gsoc students interested
niekie
Currently I don't do anything special for Tor users (though I run a very small IRC network, so yeah, Tor is not even really used on it)
katmagic
The Tor browser bundle (Pidgin) leaks your user name by default.
niekie
Sebastian: ah. That's very interesting.
Sebastian
niekie: if you don't have to treat it specially, I suggest you don't.
Maybe apart from a cloak.
katmagic: please file a bug. Also, whoa.
katmagic
Is there a bug tracker for the browser bundle?
niekie
Yeah, that sounds like a pretty serious bug :)
         

Sebastian
katmagic: just use the regular Tor bug tracker
niekie
It applies only to Pidgin, I assume?
katmagic
I think so. I'm not actually experiencing it myself; someone just joined a channel on a hidden service IRC that I'm in with the username 'Admin' and apparently he had not set it.
Sebastian
ah
so if you set a username, there's no leak?
We should probably set it to tbbuser or something
and then watch polipo use the real username when that's not available -.-
erm
pidgin
not polipo
niekie
Heh.
Sebastian
E_TOO_TIRED
niekie
Sebastian: are there currently any easy ways for doing that? (assigning Tor users cloaks?)
Without any custom programming to the IRCd.
'cause I'm afraid not :)
katmagic
Yeah. It actually works that way on all platforms.
Sebastian
niekie: I don't know. I guess it depends on the ircd. Tor provides a dns list to find exits
katmagic: maybe it's time for the startup script to generate a random username. No idea. Someone who works on tbb should take a look
katmagic
I suspect it would need to be changed in the source.
But it's distributed as a single binary, right?
Sebastian
nah, afaik it's a zipfile or something
that extracts to a folder with a click me to start this thing.exe or something
salty-horse
hi. I noticed that the tor installation manual now mentions polipo before/instead of privoxy. should I use that instead?
narr
it is recommended, yes
pilipo basically feels faster because it passes resources to the browser before it is done loading them (which privoxy doesn't do)
katmagic
The Ubuntu package still uses Privoxy.
narr
from a security/anonymity viewpoint, it does not matter
and you can switch to privoxy on your own if you want to
also see http://www.mail-archive.com/or-talk@freehaven.net/msg12805.html on polipo vs. privoxy
salty-horse
thanks!
what does this mean? switch the recommendation in the installation guide? "we may switch to Chrome before the fix occurs"
formalist
lol
katmagic
Chrome has strange pings to Google.
narr
NOT the chrome discussion again! :)
we had that in #nottor earlier today
grin @ Sebastian
salty-horse
I was just asking what that statement meant :)
         

narr
i think it was somewhat sarcastic in regard to bug 280661 in firefox development
katmagic
Yeah. Is it just that they're ignoring it?
narr
https://bugzilla.mozilla.org/show_bug.cgi?id=280661
i guess it just doesn't have high priority
i think a torbutton for chrome/chromium would be nice to have
katmagic
Apparently someone already wrote a patch for it.
narr
a lot of people like chrome and find firefox to be bloat
yes, chrisd, maintainer of polipo
katmagic
Yeah, but I doubt Google will allow an AdBlock for it.
narr
chromium is an open source variant of chrome
and there are various adblock extensions for chrome already
it really is a nice fast browser
katmagic
Really?
narr
google is not stupid, and google devs are not stupid
https://chrome.google.com/extensions/list/popular
first entry
i haven't looked at the chrome extension design, but judging from the rapidly growing number of firefox extensions being ported it appears to be somewhat straightforward
i've also read that their extension design is better
salty-horse
narr, it's basically javascript. no xul
(duh on the no xul part :)
narr
they were able to benefit from years of mozilla experience, so it should be a better design after all
that's why i suggest to rewrite tor from scratch ;)
salty-horse
and they took their time to come up with the api
katmagic
This *is* interesting.
Hmmm...
If this is the case, is there any reason not to switch to Chromium?
narr
give it a try
i like it
somebody should port torbutton :)
of course, everyone has to make his own moral decision if he wants to use google stuff
pipe
When I had to use windows at work some time ago, Chrome was easily the best browser. The extreme speed easily beat the lack of adblockers, compared to firefox.
narr
but then we're definitely #nottor
katmagic
Well, I'm not going to switch unless TorButton is ported.
pipe
katmagic: Go ahead, port it. ;)
narr
feel free to use multiple browsers on your system,too :)
katmagic
Not really. What I meant was, from the standpoint of anonymity, is there any reason not to use it?
narr
without torbutton, yes
pipe
katmagic: I doubt there are more issues with chromium than any other browser with a similar feature set
narr
[15:54] <MissAlyx> "chrome.exe" --proxy-server=socks5://127.0.0.1:9050 --incognito --disable-java --disable-javascript --process-per-tab --user-data-dir=/tmp
pipe
nice
narr
you can start chrome with multiple setups at the same time, even configure network settings for individual tabs
pipe
That's slick
narr
i also like that you can use incognito mode for specific tabs, without it closing all your browser tabs/windows
but that's a design decision again, and probably not too good for the standard user
katmagic
Why?
narr
the standard user might be tempted to reuse a "non-incognito" tab and not notice it
pipe
yep
narr
firefox opted for complete switch, which i like better
pipe
I've switched to running two separate firefox profiles, one with torbutton always on, and one without
narr
yes, that should be the way to do it
pipe
Now I just need to make the one with Tor use different background colours or something like that.
narr
i am lazy, so when i have torbutton enabled, i open opera (or chome) for other things instead
i switched from opera to chromium because i can sync my bookmarks between chrome and firefox
pipe
gitweb.torproject.org seems to be down ;(
Sebastian
not just gitweb
more like everything
arianna
Help?
Sebastian
what can we do to save you today
arianna
Well, I asked a question in #nottor, but have not received help.
Sebastian
That doesn't mean you should ask it in #tor. If nobody has a clue or is interested in the question, it'll go unanswered.
katmagic
I doubt anyone knows.
suspense
I can't connect to oftc's hidden service
could someone please help
katmagic
Are you getting an error message?
suspense
yes
katmagic
Which is ...?
suspense
SOCKS Proxy failed to connect to host (error 4).
Proxy traversal failed.
* Stopped previous connection attempt (pid=
katmagic
What address are you using?
suspense
37lng2veifl4kar7.onion
katmagic
Are you trying to use SSL?
suspense
I don't know how to check that in XChat.
katmagic
In the thing where you put in the server name, check that it's 37...onion:6667 and 'Use SSL' is NOT checked.
arianna
Maybe it's down. It won't work for me at the moment either, but it has in the past.
katmagic
I'm on it right now.
arianna
It could be a publication problem - that is, the server is still working, but the publication recently stopped working, or certain clients are not able to receive the publication.
suspense
katmagic: yeah, it's giving me the same error
katmagic
Well, maybe.
I gotta go, now. So, bye.
arianna
[warn] Invalid onion hostname [scrubbed]; rejecting
Bye.
suspense
arianna: do you know what's going on?
arianna
A publication issue, most likely.
suspense
this has been going on for quite some time
arianna: I don't get any messages about a publication issue
arianna
[warn] Invalid onion hostname [scrubbed]; rejecting
That message is from the Tor client, not the IRC client.
suspense
nope
don't get that
arianna
How do you run the Tor client?
suspense
can anyone please help
as a daemon in the background
arianna
Do you know where error messages are written to?
suspense
oh
no
arianna
OS?
suspense
ubuntu
arianna: ubuntu
arianna
Sorry, got a phone call.
/var/log/tor/
Look there.
Alternatively, you could shut off the daemon and run Tor out of the shell, so that the error messages are printed directly to the shell.
Now mine says: [notice] Closing stream for '[scrubbed].onion': hidden service is unavailable (try again later).
Dunha
is there any way to report a tor2web website hosting illegal stuff?
pipe
what would that do?
Dunha
hosting child pornography
katmagic
Yes, but it's somewhat futile.
pipe
well, report it to the police
that's where you should go
good luck though
katmagic
tor2web is a proxy, it doesn't actually host anything.
Though it does cache; I'm not sure what the legal standing of that is.
Dunha
i know, katmagic, but removing the url could help
katmagic
At least, I think they cache.
pipe
katmagic: depends on the country, but I think even in the US they don't count the cache as an actual stored copy
Dunha: You mean you want a blacklist in tor2web?
Dunha
but cache is an actual stored copy, no?
something like this, piebeer
pipe*
katmagic
Dunha: if you have an urgent complaint, call +1-206-338-2267
It's listed right on the tor2web.com website.
Dunha
katmagic is the only way to report? making a phone call?
pipe
there are also email addresses
katmagic
It would depend upon whom you wish to report it to.
pipe
but if you actually care, you should report it to your local police
there's a chance the pictures are new etc
Dunha
i don't know how local police can help... or any police at all, as it's somewhat impossible to determine in wich country the website os hosted
is hosted*
katmagic
Hence the futility.
pipe
Depends what your goal is I suppose. If the goal is to protect children from harm, then the police can help. If your goal is to prevent people from ma******ting, then it's enough to contact the tor2web people
Dunha
I'm understanding your point, pipe, but would be really hard to find the website owners or even people who took the pictures, taking the website off could be something
katmagic
The website can't be taken down, it can only be removed from the tor2web proxy.
It would still be accessible at its .onion URL.
pipe
And temporarily, since anyone can set up proxies
Dunha
that's what i meant
as katmagic said... is somewhat futile
pipe
yup
accessing child porn through tor2web sounds quite stupid anyway, since you're not really anonymous anymore
Dunha
not anonymous anymore? what do you mean?
formalist
pipe. if the cache is stored in ram, it might be inadmissable.
Dunha
oh, i get it
katmagic
tor2web.com provides anonymity only to *content providers*, not consumers.
Dunha
since tor2web don't need tor
katmagic
WARNING: tor2web isn't intended to protect readers, only publishers. You won't get the level of anonymity, confidentiality, or authentication that you would get if you were using a Tor client yourself. Using tor2web trades off security for convenience; install Tor for better results.
formalist
i think tor2web could be forced for one reason or another to make cp onions unreachable.
« prev 1 2 3 next »