logs archiveIRC Archive / Oftc / #tor / 2010 / May / 30 / 1
nsa
or: [Tor Bug Tracker & Wiki] #1294 was updated: #1294: Bandwidth weights absent when D=0 - http://trac.torproject.org/projects/tor/ticket/1294#comment:1
or: Old description:
or: > When the directory authorites vote that there are insufficient Exit nodes
or: > for them to be labled as both Exit and[...]
or: [Tor Bug Tracker & Wiki] #1294 was updated: #1294: Bandwidth weights absent when D=0 - http://trac.torproject.org/projects/tor/ticket/1294#comment:2
or: Comment(by mikeperry):
or: Err, bugs #1206, #1116 and #1117
krit
the hidden services seems really flaky
BarkerJr
yes
krit
5 mins back it works, but 5 mins later it can't resolve the hostname
you see that too ?
nsa
or: phobos committed revision 22441 (/website/trunk/include): torbrowser bundle 1.3.6 built and ready.
krit
the hidden services seems really flaky - is this known problem ?
phobos
it depends on the hidden service
but yes, they can be
Manny
would hidden services have extra hops?
phobos
generally, 5 or more
         

Manny
that would cause extra flakiness
phobos
https://www.torproject.org/hidden-services
krit
i saw that link
why extra hops for hidden services, would be nice if the user can set it to something lower
Manny
phobos: talk to the lawyers yet? :)
phobos
then they wouldn't be very hidden
about what?
Manny
i2p
phobos
we're not linking to i2p to encourage file sharing
Manny
i wouldnt characterize it as file sharing
excuse me, 'encouraging'
krit
phobos: wouldn't it make sense to allow the hidden service provider to choose the hops ? if he doesn't need 5, why force him to ?
esp if it is making them as bad as flaky
atagar
krit: there's a reason for having a minimum of five hops (essentially two to hide the service, two to hide the user, and one in the middle)
krit
but it wold be nice to have it configurable
atagar
krit: there's often been discussions about having tor be configurable so you could essentially turn off anonymity (for instance making the hop count one to be essentially a single hop proxy) but that's not what the service is for
if you're looking for a one-hop proxy, then use a one-hop proxy
Trystero
have anyone tried php with thttpd?
atagar
Trystero: generally those sorts of questions belong on #nottor
Trystero
for hidden services
atagar
ah, nm :)
Trystero
;)
arma
i imagine it doesn't work at all
at least, i hope it doesn't
Trystero
oh.so using php could compromise anonymity itself?
not perse but it substantially makes it riskier? despite seeming precautions?
atagar
I'm guessing you're kidding (but if not, no - php is just dynamic server side content)
unless I'm missing something...
         

Trystero
atagar that;s what i thought. and the reason of thinking using php with thttpd. im just clarifying arma's hoping it doesn't work and that have the potential of upping the risk.
collar
arma: ^^[pasting from this afternoon]
Did you, or could you, review the above RSS discussion yesterday with mike and seb?
From the limited remarks, one might get the idea that any use is simply Not A Wise Idea, like browser plugins such as flash.
But I'm hoping the situation is not nearly that bad.
To limit the scope, suppose you aren't authenticating to sites or accessing anything that directly reveals personal information, and that you're using an open-source app such as Newsbeuter or the FF NewsFox extension and that all traffic is torified.
Then the question becomes, does using a RSS reader introduce any further significant anonymity risks than regular web browsing (unfortunately lacking end-to-end crypto)?
If doing a mass update of feeds introduces a significant timing/correlation risk, then suppose updates are done irregularly and sporadically. With that additional limitation, would there be any significant difference from plain browsing?
Sebastian
How do people come up with 5 hops for a hidden service circuit?
Arathorn
I don't get that hidden services thing. When and why must someone use it, and how is it served? :)
Sebastian
Hidden services provide the service operator with anonymity
you only have to use them if you want to access one of those services.
Manny
Arathorn: It for people who want to run a server without letting people know *who* is running the server
can one get a list of nodes that exit on a given port?
Sebastian
sure, the Tor clients do that all the time
you can look at consensus data to get a rough overview, or look at descriptors for the exact idea.
Manny
but you cant thru vidalia right?
Sebastian
nope
Manny
i should make a feature request, but that would probably require an acct of some sort
Sebastian
it would be most likely a feature not implemented
it's pretty useless, right?
Manny
not for me
Sebastian
I mean for the general vidalia user
but feel free to file the request. I think you can file vidalia tickets without needing an account.
Manny
i'm a big weirdo I guess
nsa
or: [Tor Bug Tracker & Wiki] #1294 was updated: #1294: Bandwidth weights absent when D=0 - http://trac.torproject.org/projects/tor/ticket/1294#comment:3
or: Changes (by ilter):
or: * cc: ilter (added)
or: [Tor Bug Tracker & Wiki] #1518 filed by Falo: #1518: EntryStatistics config option breaks Tor - http://trac.torproject.org/projects/tor/ticket/1518
or: Two and a half days after enabling entry statistics with config option
or: "EntryStatistics 1" in one of my four Tor process its error logging
or: started and traffic dropped nearly to zero. Since I've never seen this
or: error before I suppose this problem being related to EntryStatistics
or: config option.[...]
or: [Tor Bug Tracker & Wiki] #1518 was updated: #1518: EntryStatistics config option breaks Tor - http://trac.torproject.org/projects/tor/ticket/1518#comment:1
or: Changes (by Falo):
or: * component: Tor-Tor client => Tor-Tor server
or: [...]
or: phobos committed revision 22442 (/website/trunk/torbrowser/en): fix the youtube link.
or: [Tor Bug Tracker & Wiki] #1518 was updated: #1518: EntryStatistics config option breaks Tor - http://trac.torproject.org/projects/tor/ticket/1518#comment:2
or: Comment(by karsten):
or: Can you paste your stats/dirreq-stats here? (It's not secret, but would
or: have been included in the extra-info descriptor anyway.)
nze
what kind of nodes does nodes does tor need these days?
Manny
all kinds
nze
...
Manny
red nodes and blue nodes
xiando
exit nodez!
Manny
i guess exit would be better but everything is needed
nze
is there any kind explicitly missing or is any kind about as useful as any other?
xiando
exits are more usefull than non-exit because they .. uhm.. well, they let you exit
Manny
exit nodes are more useful i suppose
yeah
nze
heard a few times that bridges were sparse, so i'm running two of those now
Manny
If you're looking for other stuff, yeah bridges are good as is running the dir port on port 80
so that people behind firewalls that only allow 80 and 443 can still do stuff
are you aware of that issue?
nze
yeah..
giving me a bit of a headache
but i guess 80 really is by far the most accessible
Manny
i hate firewalls that do that btw. its really dumb
xiando
running exit node which allows port 80 is better than bridges imho, bridges only help those dissidents in china
screw them
Manny
lol
nze
lol
share your opinion on restrictive firewalls though, really bloody annoying
and totally useless ofc..
i mean, you go to the library and have to tunnel to your server or use tor to get on irc? wtf..what's the point..
so if i freed up port 80, do i run the dir or the relay on it?
Manny
yes
the dir
the OrPort goes on 443
nze
443 is in use..
Manny
well that's too bad
nze
(for a bridge now)
i might trade away, dno, pop maybe? or ftp?
Manny
no one can use those AFAIK
either use the default or 443
nze
nothing else that generally goes through?
nsa
or: [Tor Bug Tracker & Wiki] #1518 was updated: #1518: EntryStatistics config option breaks Tor - http://trac.torproject.org/projects/tor/ticket/1518#comment:3
or: Comment(by Falo):
or: I'm sorry, stupidly I didn't back up the dirreq-stats file unlike I did
or: with entry-stats before. Thus I propose to leave this ticket open until[...]
Manny
Well I dont know if other nodes will do onion routing thru ports other than the default and 443
nze
one other thing: running a bridge on my workstation (not always on, ip changes etc) i saw a lot less users than on my server, i guess bridge information takes some time to propagate?
would that be more useful as a regular node (where only the dir needs to get updated and no users)?
Manny
i would strongly recommend the server
nze
no worries, the server is up and running, but as i can provide another node, i'm wondering what kind is more appropriate for a connection that changes more often (once it's online, throughput and stability are fine, but only for ~16h/day)
Manny
id suggest not exiting for services like irc for which interruptions are a problem
so if you're gonna exit, maybe only accept 80
25 would be okay too
Sebastian_
nze: generally, if you can run a full exit node, please do that rather than running a bridge.
Manny: exiting to port 25 is absolutely not advisable.
Manny
why?
I think I disagree
only exception would be if you are running a relay on the same server you wanna run a general mailserver on
Sebastian_
Manny: because that allows your exit node to be used for email spamming.
Manny
not really
Sebastian_
Tor's default exit policy disallows 25 for that reason
nze
because you risk to have problems with your isp and most users with a legitimate need for privacy will rather use a webmailer anyways than sending their mail over tor?
Manny
people will just block you from un-AUTH SMTP connections
nze
which *is* an issue if you manage your mail yourself
Manny
people should block tor from un-AUTH SMTP connections. but no reason to block AUTH SMTP connections
Sebastian_
it is not advisable to suggest that people can turn on port 25 in their exit policies
it really is as simple as that
if they do, they should know what and why they are doing this
Manny
how many people can send un-AUTH mail to other mail servers typically?
even without tor
murble
pretty much everyone?
Manny
so I can telnet to yahoo and just send mail as anyone I want?
murble
Manny: i think you mean to understand SMTP and then the answer would be obvious.
s/mean/need/
Manny
i do undertand smtp
Sebastian_
Manny: yes, you can
Manny
perfectly
Sebastian_: I disagree
and furthermore, I'm really glad that tor as a system currently allows exiting on 25 and i hope it nevers stops doing so
Sebastian_
Manny: I guess it depends what you meant with your question. Can you use yahoo as an open relay? No, probably not. But can you send email to its system, using any made-up email address you want to? Yes, you can.
nze
so, back to my original question: useful ports are 80 > 443 > the-whole-rest-without-any-order?
AstralStorm
nze: no, IM ports are > the-whole-rest
and IRC too
although unfortunately some idiots use(d) tor to spam irc networks
prompting bans and other funny measures
nze
AstralStorm: for running the node i meant, not for exiting
AstralStorm
?
same for running the node
if it's useful as an exit, it's useful to run a node that allows such an exit
exiting on 25 is not useful... and neither is exit to IRC ports generally useful now
nze
AstralStorm: sry if i wasn't clear: what ports do i run tor itself on?
AstralStorm
oh that
Manny
Sebastian_: just tried it and it demanded AUTH
exiting on 25 is incredibly useful
as is irc ports
AstralStorm
you mean the router, middleman. 80 > 443 > 9090 (I think) > rest
Manny
I thank everyone who allows it
AstralStorm
Manny: hahahaha
all them nodes are likely banned
nze
AstralStorm: thx.
Manny
I'm using irc tor right now
AstralStorm
Manny: see, morons use Tor for spamming
nze
AstralStorm: what's 9090 though?
AstralStorm
that's why it gets banned around
nze: the default onion port
it's either 9080 or 9090, not sure which
Sebastian_
erm
9001
AstralStorm
oh that.
;p
my mistake
nze
AstralStorm: IIRC 9001/9030 for dir
Manny
530 authentication required
Sebastian_
it isn't really helpful to exit to port 9001
nze
but isn't about *anything* better than 9001/9030?
AstralStorm
it's not about exit, it's about middleman
nze
mostly about entry
« prev 1 2 3 next »