logs archiveIRC Archive / Oftc / #tor / 2010 / June / 2 / 1
ln5
hushmail blocking tor generally or just some of our exits?
MrNaz
can you set the number of hops in your network?
i would like to set up relaying for my server
but i would then like to increase the number of hops from 3 to 4 so that the number of external hops used is still the same
would that increase the strength of my anonymity at all? as i understand, it would, as it would decrease the chance that every server in my circuit happened to be a compromised one
arma
mrnaz: mostly not. there's a faq entry on that.
dr|z3d
http://www.wired.com/threatlevel/2010/06/wikileaks-documents/
(wikileaks launched with docs interceptedfrom Tor)
phobos
(Action) counters your parry with <a href="https://blog.torproject.org/blog/plaintext-over-tor-still-plaintext">https://blog.torproject.org/blog/plaintext-over-tor-still-plaintext</a>
wl wasn't launched that way, but julian can defend himself just fine
dr|z3d
Hmm? Not sure I follow?
If the New Yorker article is legit, which it would seem to be, the initial collection og documents that gave wl legitimacy came from Tor siphoning.
atagar
dr|z3d: Did wired provide any sort of evidence? What sort of fact checking did they do? :)
from what I understand that really isn't what the new yorker article was about...
dr|z3d
It's not the prime focus, this is true, atagar.
Before launching the site, Assange needed to show potential contributors that it was viable. One of the WikiLeaks activists owned a server that was being used as a node for the Tor network. Millions of secret transmissions passed through it. The activist noticed that hackers from China were using the network to gather foreign governments’ information, and began to record this traffic. Only a small
fraction has ever been posted on WikiLeaks, but the initial tranche served as the site’s foundation, and Assange was able to say, “We have received over one million documents from thirteen countries.”
Source: http://www.newyorker.com/reporting/2010/06/07/100607fa_fact_khatchadourian?currentPage=all
There's no reason to disbelieve that claim.. it seems valid to me.
atagar
I'd imagine wl will provide a reply at some point... I'd hold off on entirely trusting that statement if I were you. :)
         

dr|z3d
As for plaintext, phobos, it's high time we had a module for apache that automagically encrypted the data to the server if the client's detected as using Tor. :)
phobos
I believe the eff is taking on that battle
which is otherwise, "ssl everywhere by default"
dr|z3d
phobos: It is? Good to hear. :) Only a year or two since last I suggested it. :)
atagar: Given the New Yorker article was written with JL's direct cooperation, it seems unlikely the author would make up facts just to sell the story, but I take your point. :)
nsa
or: [Tor Bug Tracker & Wiki] #1518 was updated: #1518: EntryStatistics config option breaks Tor - http://trac.torproject.org/projects/tor/ticket/1518#comment:6
or: Comment(by Falo):
or: is there anything I can do?
nze
dr|z3d: totally unlikely that any journalist would make up a story just to sell it ;) i wouldn't be too sure that governments send those amounts of data unencrypted over tor (i'd expect them to have their own networks and especially use end to end encryption at some level..)
nsa
or: [torflow/master] 2010-05-16 04:21:04 John M. Schanck <john@anomos.info>: Cleaning up imports, added __all__ to libsoat.py
or: [torflow/master] 2010-05-16 01:17:01 John M. Schanck <john@anomos.info>: Added cookie_file parameter to check_dns_rebind
or: [torflow/master] 2010-05-31 23:25:33 John M. Schanck <john@anomos.info>: Updated TorCtl
or: [torflow/master] 2010-05-16 01:06:29 John M. Schanck <john@anomos.info>: Fixed system/static BeautifulSoup clashing
or: [torflow/master] 2010-05-16 04:18:18 John M. Schanck <john@anomos.info>: Replaced deprecated sets.Set with set
or: [torflow/master] 2010-05-16 06:25:47 John M. Schanck <john@anomos.info>: Added .empty files to preserve data directory hierarchy
or: [torflow/master] 2010-05-16 01:19:05 John M. Schanck <john@anomos.info>: Exit immediately after failing to connect to Tor
or: [torflow/master] 2010-05-16 01:20:48 John M. Schanck <john@anomos.info>: Single line if statements bug me (sorry)
Trystero
have anyone ever tried php with thttpd?
xiando
it's made for serving static content. I use it to offload images and css for some of my sites. great for that usage. it's not made for php. that's not it's purpose
but if you really want to use a hammer to dig a hole in the ground then so be it
MrNaz
arma re the increasing of the number of hops, i was unable to find the faq entry dealing with this... i would like to know why increasing the number of hops does not decrease the chance of successful attacks from powerful adversaries
arma
https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/TorFAQ#Youshouldletpeoplechoosetheirpathlength.
(what a fu*king horrible url)
MrNaz
arma the attack profile i'm concerned about is a person controlling the last two hops in my circuit, and then knowing which entry was used, which is even worse if i'm using my own node as an entry...
do i understand correctly however, that in this case my path length is 4? are entry nodes considered sensitive?
if not, then an attacker who controls the last two hops in your circuit potentially knows who you are with a reasonable degree of certainty
shahn
mr
MrNaz: the same is always possible on a circ with n hops. if hop 2 and hop n collide you have the same problem
MrNaz
what do you mean collide ?
shahn
never use yourself as entry.
MrNaz
never? i thought that was recommended
shahn
work together
MrNaz
oh you mean coillude
collude*
yeap understood
shahn
recommended? where?
MrNaz
but hold on... if hop 2 and hop n collude, then they can only ascertain who you are using timing rather than actual certain determination, right?
shahn
stupid virtual keyboard aorry.
timing attacks are easy.
         

MrNaz
if there are 5 hops, and hop 2 and 5 are in cahoots, unless they won't be able to know for certain that the data leaving 2 is the same as the data coming to 5
shahn
ok time to get off the bus
MrNaz
is that a euphemism or are you ircing from your iphone? :P
shahn
ircing from my mobile, uyes.
ln5
shahn: good. we miss you when you're at the groceries.
nsa
or: [Tor Bug Tracker & Wiki] #1518 was updated: #1518: EntryStatistics config option breaks Tor - http://trac.torproject.org/projects/tor/ticket/1518#comment:7
or: Comment(by karsten):
or: Can you check if it's working now? All three directories as stated above
or: are now reporting non-zero shares again:[...]
BarkerJr
so I have relays at the same host in the same pool, each accounting for 25% of the bandwidth pool
would it make more sense for me to have just one relay there with 100% of the pool accounted for?
nsa
or: pootle committed revision 22452 (/translation/trunk/projects/website/fr/press): Commit from The Tor Translation Portal by user pierre. 15 of 18 messages translated (0 fuzzy).
or: pootle committed revision 22453 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 33 of 34 messages translated (1 fuzzy).
arma
barkerjr: how much bandwidth are we talking? can one relay handle it all?
nsa
or: pootle committed revision 22454 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 9 of 9 messages translated (0 fuzzy).
or: pootle committed revision 22455 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 34 of 34 messages translated (0 fuzzy).
or: pootle committed revision 22456 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 67 of 67 messages translated (0 fuzzy).
or: pootle committed revision 22457 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 20 of 20 messages translated (0 fuzzy).
shahn
ln5: hush, you
Travis-42
is it safe to use tor with a website that uses SSL? I would get a certificate warning if anything were being intercepted, right?
phobos
correct
yes it is safe
Travis-42
thanks
nsa
or: [Tor Bug Tracker & Wiki] #1519 was updated: #1519: Tor gives me a Socks error when i try to access a hidden service - http://trac.torproject.org/projects/tor/ticket/1519#comment:6
or: Comment(by Randy19):
or: Nope. Even the two links you pasted there give me this error.
or: [...]
or: [Tor Bug Tracker & Wiki] #1519 was updated: #1519: Tor gives me a Socks error when i try to access a hidden service - http://trac.torproject.org/projects/tor/ticket/1519#comment:7
or: Comment(by Randy19):
or: I saved and uploaded the log here. You should see yourself.
or: pootle committed revision 22458 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 60 of 65 messages translated (5 fuzzy).
or: pootle committed revision 22459 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 65 of 65 messages translated (0 fuzzy).
or: pootle committed revision 22460 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 14 of 14 messages translated (0 fuzzy).
or: [Tor Bug Tracker & Wiki] #1518 was updated: #1518: EntryStatistics config option breaks Tor - http://trac.torproject.org/projects/tor/ticket/1518#comment:8
or: Comment(by Falo):
or: everything is working now.
nze
is it possible to run a or relay on :443 while at the same time serving https on :443? ie advertising port 443, running https on 443 and tor on 9001 and rerouting the tor traffic coming in at :443 to :9001?
nsa
or: pootle committed revision 22461 (/translation/trunk/projects/website/fr): Commit from The Tor Translation Portal by user pierre. 56 of 56 messages translated (0 fuzzy).
nze
is it actually possible to separate Tor traffic from other ssl encrypted traffic (ie from my website)?
phobos
yes
well, maybe
for dirport it is easy
I think someone did it with proxy pass once
meaning, someone ran their orport and website on 443
nze
phobos: that is exactly what i'm trying
phobos: do you have any hints or directions to point me to?
phobos
i'm looking
arma
nze: http://dl.dropbox.com/u/37735/index.html
see also #10 on https://www.torproject.org/volunteer#OtherCoding
"not for the faint of heart"
phobos
http://www.theregister.co.uk/2010/06/02/wikileaks_tor_snooping_denial/
nsa
or: [Tor Bug Tracker & Wiki] #1520 filed by seeess: #1520: segmentation fault on 0.2.2.13-alpha - http://trac.torproject.org/projects/tor/ticket/1520
or: tor --version
or: Jun 02 13:09:57.142 [notice] Tor v0.2.2.13-alpha (git-feb8c1b5f67f2c6f).
or: This is experimental software. Do not rely on it for strong anonymity.
or: (Running on Linux i686)
or: Tor version 0.2.2.13-alpha (git-feb8c1b5f67f2c6f).[...]
Arathorn
I am running a bridge, I am getting about ~200kByte/s total bandwidth, with about 10-14 countries listed in the users tab. Are there any measures I can take to contribute more to the tor network?
nsa
or: kloesing committed revision 22462 (/projects/todo): New branch karsten/update-geoip-june-2010.
Meliboeus
Arathorn: Why don't you run a relay?
Arathorn: Or better, an exit node.
Arathorn
Meliboeus, I feel a bridge is more important. What good is tor for people who are forbidden to use it
of course I hardly know the meaning of an exit node
Meliboeus
Arathorn: An exit node is a relay which allows access to the internet. We have way too few of those.
Arathorn
Allows access to the internet? Then what do other relays do? :)
Meliboeus
Arathorn: ah. a bridge and a middle node just relay traffic to other nodes but not back to the internet.
Arathorn: you client will always choose three nodes. One to get to the tor network, one as a middle man, and one to exit to the regular net.
Arathorn: have a look at: https://www.torproject.org/overview.html.en#thesolution
Arathorn
I guess it's not possible to run both a bridge and an exit node? Because bridges are supposed to be secret?
Meliboeus
Arathorn: an exit node is the last node before going to "bob" in the second picture.
Arathorn
Meliboeus, I'm also on 100 Mbit, which wouldn't be a bad thing I guess?
Meliboeus
Arathorn: that would be marvellous. In any case, you can always tell Tor to restrict bandwidth usage.
Arathorn: https://www.torproject.org/docs/tor-doc-relay.html.en
Arathorn: Point 7 is the relevant part.
Arathorn: and in point 6 you see how to reduce bandwidth used.
Arathorn: although, you will probably never use the full 100 Mbits
Arathorn
My concern is what will the people who use my bridge do? Are there enough bridges? Of course bridges are useless without exit nodes ....
Oh, the perils of philantrphy :)
phobos
if you have more IP addresses, run more bridges
Arathorn
I have ten IP adresses, but wouldn't I need ten computers? Or can I tell tor to use a certain ethernet card?
phobos
you can assign tor to use an ip:port
Arathorn
And I have to run ten instances of tor?
or as many as I feel of course
but one process per IP?
that sounds a bit tricky
phobos
well, yeah
nsa
or: pootle committed revision 22463 (/projects/gettor/i18n/fr): Commit from The Tor Translation Portal by user pierre. 42 of 42 messages translated (0 fuzzy).
or: pootle committed revision 22464 (/translation/trunk/projects/torbutton/fr): Commit from The Tor Translation Portal by user pierre. 106 of 106 messages translated (0 fuzzy).
Meliboeus
Arathorn: which system do you run?
nsa
or: [Tor Bug Tracker & Wiki] #1520 was updated: #1520: segmentation fault on 0.2.2.13-alpha - http://trac.torproject.org/projects/tor/ticket/1520#comment:1
or: Comment(by seeess):
or: uhh yeah i forgot the trace didn't I
or: [...]
Arathorn
Meliboeus, ubuntu
Meliboeus
Arathorn: well, then maybe you can run them in something like a chrooted environment. In FreeBSD (what I use), this would be a jail.
Arathorn: just to answer your previous question. There are about 500 Bridges around. I don't know if there are as many exit relays.
nsa
or: phobos committed revision 22465 (/website/trunk/include): osx ppc -alpha bundle updated to vidalia 0.2.9.
nze
arma: phobos , alright, running now: :80 http, :443 https, :80/tor/ dir, :443/tor/ or
seems to be working, i can connect when i choose it as bridge
but vidalia still claims that 'no clients have used [my] relay recently'
how can i get vidalia to update?
phobos
vidalia reports every 24h
look in your tor datadir for a stats directory, that's live
Sebastian_
nope
it shouldn't at least afaik
phobos
does for me
Sebastian_
wow
karsten: is that intended?
nze
it doesn't seem to be for me
phobos
well
hmm
my bridge has been up for 40 days
Sebastian_
I think it would be a big bug if that is true for you
phobos
so maybe not "live" per se
but recent
nze
well
Sebastian_
it should be updated every 8 hours I think once you have 24h hours of data
nze
so how can i trigger an update?
Sebastian_
you cannot
nze
or where is that data anyways?
Sebastian_
this is a safety feature
nze
err
Sebastian_
it only exists in Tor's memory
Tor will write it out once enough time has passed
nze
well that's kind of.. encouraging active traffic monitoring
i mean, in my case, i need to test some different configs
Sebastian_
your case is best handled in a test network
nze
playing with port proxy settings in apache etc
Sebastian_
to not screw with the users of the live network so much
nze
good point
is there something like a public test network?
Sebastian_
no, but it is trivial to set up a test network on your local machin
e
https://gitweb.torproject.org/sebastian/tor-utils.git/blob/ce66d486d3f4f2f97bdfce5dd3b1908e8ddff350:/make_private_network.sh
following the script should be easy to see what kind of steps you need to take to do it yourself, if you want to not use some script.
nze
just wondering about the 8h delay, what exactly does that accomplish? i guess that's hardcoded somewhere, but if someone would really want to monitor the stats, couldn't they just...you know, compile their own version that writes the stats directly?
Sebastian_
yes, they could. Tor defends against some people doing that. But if every Tor did this by default, Tor servers would become a way more juicy target for law enforcement to pick up the machines/third parties to pressure the operator/hack the machine, and it would thus be more difficult for the average guy who is a sane operator without intentions of fu*king with the user to run their relay
nze
alright, see your point there
Sebastian_
also, we as the Tor project don't support nor recommend that anyone does this, and if we made our software to allow that, that would be really weird.
There is nothing we can do to prevent operators to log 100% of all encrypted traffic they see, including timestamps with arbitrary precision etc.
That doesn't mean that we should make it easier for them to achieve that goal, or recommend it, etc.
« prev 1 2 next »