logs archiveIRC Archive / Oftc / #tor / 2010 / May / 29 / 1
nsa
or: mikeperry committed revision 22439 (/torctl/trunk/python/TorCtl):
or: Update the __all__ list so that BaseSelectionManager shows up in pydoc.
mikeperry
collar: hrmm, it should only be the livemarks updates
other addons may be fetching rss completely independently
and are a risk
but it could be using the livemarks system too, I'm really not sure.
collar
newsfox can use either livemarks or feeds you create directly in it.
could you describe the risk? are the xfers not going through tor? is extraneous data xferred?
rtyler
minor question, GET strings are sent over the SSL tunnel when using SSL yes?
Sebastian
yes
rtyler
good to know, i've been experimenting with using tor for casual browsing, wondering if I can jump into using it for connecting to websites that can be linked to me
mikeperry
collar: the risk is that if you fetch the same exact set of RSS feeds through tor as non-tor, you leak information about yourself, often at arbitrary intervals specified by the reader
worse, if you're using authenticated RSS for things like google reader feeds and search alerts, or tracking wikipedia articles you admin, you basically deanonymize yourself every time your rss reader updates
collar
OK. So, if you aren't authenticating and aren't personally linked to the site, and always access with tor enabled, are there any remaining concerns?
Sebastian
your sessions might still be more linkable then you want
you might not be personally linked to the sites, but you might be querying a unique set
         

collar
How is that different from accessing ordinary webpages? Because of a potentially short, regular timing pattern?
Sebastian
yes
collar
OK, so in an app like NewsFox, you can set a feed for regular updates, or for only manual, on-demand polling.
I'm just trying to understand whether the risks are entirely in traffic patterns, or if there are any protocol issues also.
Sebastian
I think it is access of a unique set of ressources concurrently
collar
When I first began using Tor & Firefox, it was obvious to me that features such as the default livemarks were a risk.
Sebastian
or within a short timeframe
collar
But this is the first I've heard that there seems to be a belief that using RSS *at all* is unadvisable (like, say, Flash).
Sebastian
it isn't so much about rss
if everytime you load your browser it loads the same set of 25 websites, that's the same thing
or if your email client queries 10 different email accounts
collar
Well, my apps aren't configured to do any such near-simultaneous, mass accesses.
But on a daily basis of course my accesses include a nearly static set of resources.
darrob
if you used newsbeuter (or something with similarly simple config files) you could easily (e.g. using a script) modify the refresh rate and no. of concurrent downloads.
collar
Are we talking here about anything different than the primary threat of traffic analysis that are defended against by end-to-end encryption and frequent changes of exit node?
(Though of course rss isn't encrypted, I presume.)
darrob: thanks for the reference to newsbeuter.
when I was originally searching for rss apps, newsfox was appealing as something reasonably functional while still being lightweight and, as a FF extension, convenient to use with tor. But I will check out newsbeuter.
be back later.
tcoppi
n/w 2
mikeperry
collar: what os do you use?
collar
mikeperry: at first, win xp. now, am dual-booting with lenny & tor transproxy.
SystemFailure
Hot Wet Vag1na Videos!! http://www.twivert.com/o/hPYi
krit
hi
Manny
question?
krit
i am trying to get hidden serviceto work, it did before but not anymore
log says error launching circuit to node * for service *
Manny
vidalia or manually?
krit
unknownfactor for service *
vidalia
when i first created it, it worked, and i have not changed the hostname and the private key in the hidden_service dir
does strictexitnodes have to do anything with hidden_services ? shouldn't i assume
         

Sebastian
yes it does
it means they don't work anymore
strictexitnodes is for people who don't mind their Tor falling apart in random places
arma
alas, exit nodes have nothing to do with hidden services.
er
also.
krit
ok, so is arma correct or sebastian ? or are they both saying the same ?
arma
don't set exitnodes, strictexitnodes, excludenodes, excludeexitnodes, etc.
Manny
what are they really for?
nsa
or: sebastian committed revision 22440 (/projects/android/trunk/Orbot/src/org/torproject/android): Remove all @Override annotations
or: Some build errors related to these annotations occurred, and they're not
or: necessary. Remove them. Fix suggested by n8fr8.
Sebastian
Manny: Not sure what you mean?
Manny
those config vars, what are they really for?
Sebastian
They exist so that you can get some kind of control over Tor's circuit building choices
None of the developers use them at all, so the bugs that they currently have are low-priority. And it is quite buggy indeed.
krit
i understand strict exitnodes help to do that, but don't see why they should have any connectoin with hidden services
that i can see it doesn't honor the exit nodes (earlier versions seemed to have)
Manny
i c
Sebastian
earlier versions didn't either ;)
krit
i don't see logical connection between exitnodes and hidden services
Sebastian
Usually the last node in a circuit is called the exit
Manny
well presumably if you mess with those vars, tor in general might fail in random ways
Sebastian
some people get really mad when they see that we're making a connection to some place, and one of their excluded exitnodes is used in that position.
there's a proposal out there to fix it
I need to fix the proposal and then write the code.
(or someone else needs to do that if they care)
subbie3
hey evryone
Manny
how does setiing which ports to exit on not fix that?
subbie3: Question?
subbie3
i did have, will come back to me later cheers
stupid site anontalk.com
Manny
how do you specify (temporarily) that you want a specific exit node
i.e. instead of using localhost:9050 in an app's settings, can you use something else? or do you have to do it via hostname.blah.exit?
arma
it's best to do it by using the control port to build the circuit you want, and attachstream your stream to that circuit
that is of course not very user-serviceable. there are no foolproof trivial-to-use ways to do it.
Manny
can u no longer do hostname.blah.exit?
blah = fingerprint
or something
arma
you have to turn on allowdotexit
it opens you to attacks, which is why it's off by default
Manny
i see
how do you get a list of nodes which exit on a given port?
also, is there a current list of which irc servers allow tor?
and what conditions they may have?
tor-fan
Hello. I wonder if anybody can help me.
Manny
u would have to ask a question 1st
tor-fan
I'm running WinXP, sometimes it happens that I see 2 relays on a connection on Vidalia's network map instead of the usual 3. Could it mean anything abnormal?
Manny
i was under the impression that circuits were minimum 3 nodes. Maybe I was wrong and it's average
i kinda doubt that though
tor-fan
I'm positive it always should be 3
mikeperry
2 relays is odd. one relay is a directory fetch, where the tor client refreshes its directory information
Sebastian
tor-fan: which Tor version is that? Also, is it possible that the circuit is still building?
tor-fan
Sebastian: the circuit was open to a hidden web service, the version is 0.2.1.25
Sebastian
wow
that's a big bug if it is true
(I am not questioning your report, but I wonder if maybe there was some other issue that made the circuit show up wrong)
tor-fan
My only guess is the network map was malfunctioning in showing the connection pane correctly
Manny
how do you get a list of nodes which exit on a given port?
also, is there a current list of which irc servers allow tor and under what conditions?
Sebastian
tor-fan: hm. I mean, bugs are possible :)
tor-fan: it'd be great if you found some way to reproduce the issue
tor-fan
I will try, Sebastian
I'm not sure about it, should a hidden service connection show as 3 nodes?
Manny
any should
Sebastian
yes, it should have at least three hops.
Manny
is it >=3 or =3
swissknife
?
Manny
# of hops
swissknife
>=3
Manny
that' what i thought
swissknife
dir/consensus fetching is 1 hop.
Trystero
im getting this arm warn [ARM-WARN] Tor's state differs from loaded torrc after trying to have hidden service
and i have this notice... Can't return context-sensitive 'HiddenServicePort' on its own... what's the implication of this and correction?
arma
trystero: sounds like an arm bug.
you can't getconf individual hidden service lines. you have to getconf them all at once.
atagar
Trystero: what version of arm?
I'm pretty sure that one was fixed
looks like it was fixed in 1.3.3 (2/27/10)
Trystero
130
i keep getting this ..Can't return context-sensitive 'HiddenServicePort' on its own
atagar
Trystero: the site now has tarballs for 1.3.5 which should fix this issue
http://www.atagar.com/arm/resources/arm-1-3-5.tar.bz2
Trystero
i forgot the right command to unpack it :(
swissknife
tar xf filename
Trystero
thanks. i forgot the drop z from the xzvf.lol
atagar still having the same warning
atagar
Trystero: Hmmmm, that's interesting. On the torrc page is anything in red?
I have an appointment so need to go, but I'll be back in a couple hours (or there's always email if you'd rather that - http://www.atagar.com/contact/)
Trystero
the input for the HiddenServiceDir
its red
i changed a few things and uncommented few lines.so far both warnings are gone.
collar
arma: Did you, or could you, review the above RSS discussion yesterday with mike and seb?
I would be interested in your thoughts regarding the safe use of RSS.
From the limited remarks, one might get the idea that any use is simply Not A Wise Idea, like browser plugins such as flash.
But I'm hoping the situation is not nearly that bad.
To limit the scope, suppose you aren't authenticating to sites or accessing anything that directly reveals personal information, and that you're using an open-source app such as Newsbeuter or the FF NewsFox extension and that all traffic is torified.
Then the question becomes, does using a RSS reader introduce any further significant anonymity risks than regular web browsing (unfortunately lacking end-to-end crypto)?
If doing a mass update of feeds introduces a significant timing/correlation risk, then suppose updates are done irregularly and sporadically. With that additional limitation, would there be any significant difference from plain browsing?
atagar
pity he's gone... I'm still curious what was wrong.
« prev next »