logs archiveIRC Archive / Oftc / #tor / 2010 / July / 6 / 1
gamambel
node is back at 20mb/s, but i seems i cannot push more than that... why?
*it
atagar
gamambel: there's suspected guard issues that would cause a bottleneck
gamambel
i thought that was fixed?
atagar
though according to olaf it still shouldn't be that low...
evidently not...
cornelius
ciao a tutti, ho appena scoperto il mondo di TOR e vorrei sapere se il mio provider cmq non possa essere considerato un server proxy che conosce il mio traffico?
atagar
pity we don't have a #tor-it
gamambel: btw, FDC doesn't provide SWIP but they do provide RWHOIS
gamambel
they do? they told me they don't
good to know, i'll update that in my wiki
Yarid
since tor uses only three routers to reach a site, why on earth is it ten times more laggy than what i would expect? does anyone have an explanation?
dekar_
the routers are totally overworked
         

atagar
Yarid: http://www.torproject.org/press/presskit/2009-03-11-performance.pdf
or https://www.torproject.org/faq#WhySlow
Yarid
dekar_: but what would be the disadvantages of making them less tolerant of overwork?
dekar_
Yarid, what do you mean?
smaller queues?
I only can think of increased packetloss - but things surely wouldn't get better
Yarid
dekar_: can't they just deny requests when they reach a certain *reasonable* limit?
dekar_
they do I guess
just not enough servers
Yarid
then i guess i just define "reasonable" differently :)
dekar_
there are like 1800 servers and around 200000 people using them
that's why they're overworked
StrangeCharm
why is it crucial for torbutton to block plugins during tor usage?
dekar_
dunno - just prophylactic I'd guess
for plugins which ignore proxy settings?
Yarid
i don't think this will ever change, so perhaps the only solution is to make everyone an exit
StrangeCharm
do plugins ignore ignore proxy settings?
Yarid
StrangeCharm: some do
dekar_
dunno if they do - sure they could
StrangeCharm
do we know which ones?
Yarid
StrangeCharm: java
dekar_
whatever - just use links2 - it's much faster anyway
gamambel
Yarid: http://www.torproject.org/faq.html.en#EverybodyARelay
StrangeCharm
Yarid, that's it?
gamambel
you should really read the faq, that's what it's there for :)
Yarid
:)
StrangeCharm: is there any other plugin that torbutton disables?
         

StrangeCharm
flash
Yarid
StrangeCharm: flash has its own issues, i'm not sure if bypassing proxy settings is one of them, but it's definitely complex enough to cheat torbutton
torbutton won't claim to do what it can't guarantee it can do
for example, iirc, there are some issues with the handling of flash cookies
StrangeCharm
are there sites that will test against my browser, and try to unmask me?
Yarid
yes
there are control freaks everywhere
business and especially marketing are all about that
StrangeCharm
no, i meant sites which will give me the results
Yarid
right, you did say "test"
try stayinvisible and ipchicken
i'm not sure about their tldn and suitability
but google can help you. actually google already knows what you're up to.
atagar
StrangeCharm: Not following, you mean tracking via the user agent? If so, then there's https://panopticlick.eff.org/
StrangeCharm
i've decided to treat google as a trusted party anyway
Yarid
StrangeCharm: when you change your mind, you can use scroogle
atagar
Yarid: not any more - they're down
StrangeCharm
atagar, panopticlick guesses how unique you are. i want somewhere to actively attack me, in order to guess my 'real' ip address
Yarid
atagar: ouch. since when and why?
StrangeCharm
Yarid, trusted!=trustworthy
atagar
Yarid: https://ssl.scroogle.org/cgi-bin/nbbwssl.cgi
Yarid
StrangeCharm: right
atagar
they've been down for about four days now
(Action) has been using ixquick since then and finding it... painful
Yarid
omg! isn't the future bright!
Sebastian_
StrangeCharm: http://anonymous-proxy-servers.net/en/anontest for example
StrangeCharm
thanks, Sebastian_ that's exactly what i was looking for
gamambel
atagar: i'm now using googlesharing (a proxy for google requests) and it's okay
atagar
I was warned away from it
Sebastian_
StrangeCharm: I know ;p
Yarid
StrangeCharm: not fair. i answered some of your questions, even though perhaps not the ultimate/killer question. you should thank me too. :P
Sebastian_
Yarid: just hang around here for a few years and you'll find the occasional oddball who is thankful for help :)
Yarid
atagar: why?
Sebastian_: heh. (just kidding anyway.)
tyld
flash will give your local IP
beyond having a horrific security history
Yarid
tyld: yeah, i suspected that
Sebastian_
flash also bypasses proxy settings
disabling it is pretty much a no-brainer
tyld
I wasn't familiar with the one Sebastian_ just indicated
but decloak.net
Sebastian_
there are many
tyld
unless you're using transparent proxying, flash is a non-start
er
StrangeCharm
the decloak.net one seems to be the nicest yet, thanks tyld
Sebastian_
the nice thing about decloak.net is that it doesn't give red warning signs when in reality it simply didn't learn stuff.
atagar
gamambel, Yarid: Since Moxie wrote it (have others auditied it?). Reguardless, I'd much prefer avoiding add-ons (too much access).
Sebastian_
The not so nice thing is that it isn't very verbose
gamambel
atagar: in the end, you trusted scroogle, too, didn't you?
Sebastian_
The main problem I see with googlesharing is that it allows the google sharing hoster to analyze what you search for. Not much different from google analyzing it
gamambel
you can use any other proxy script to redirect google requests through his proxy
Sebastian_: not much different from scroogle doing it either
Goldstein
Sebastian_: I wish you would focus on the real problem which is allowing 3rd party apps access to the inet altogether
atagar
gamambel: I trusted scroogle with search queries. Not unlimited access to my browser.
Sebastian_
Goldstein: it is open source, just like firefox. Also, it is easier to audit
gamambel
atagar: yes, that's why you can set the proxy yourself for google requests. i know it's not ideal, but it's the best i could find now that scroogle is dead
Goldstein
I'm talking about your flash policy
StrangeCharm
i know that people fear google a lot, but - unlike many other agents - despite significant opportunity, i've never seen them do anything evil. stupid: yes; evil: no.
Goldstein
StrangeCharm: wifi-gate?
gamambel
StrangeCharm: i remember a case here in germany where someone searched for a bookshop and was raided for that, including taking all his computer equipment
StrangeCharm
Goldstein, i'm putting that down as dumb, not evil
gamambel
turned out that the bookshop had the same name as a left-wing radical organization
Goldstein
Evil to me
StrangeCharm
buzz's launch goes in the same category
atagar
gamambel: Alternative is to fix scroogle. What they were doing isn't terribly difficult (and the mobile interface looks to be pretty simple). The problem is that the scroogle authors don't want to put out any further effort to adapt.
gamambel
right
StrangeCharm
Goldstein, to quote the WSJ, google's more like a scatterbrained grad student than a nefarious evil empire
gamambel
no matter what took them offline, they still are :)
Yarid
i'm not sure how torbutton handles javascript. does it somehow allow a subset of it?
StrangeCharm
gamambel, did google give up that unfo after it was served with a legit search warrant?
gamambel
and i just feel better knowing that my searches are at least not stored at the most prominent and central search provider
Goldstein
You're aware that they sniffed and recorded people's traffic
StrangeCharm: ^
gamambel
StrangeCharm: you don't hear much about it. the whole action was later, one year later, decided to have been illegal
didn't change much of the fact that he still was raided, and it took them 6 months to return the stuff
Sebastian_
Yarid: yes. It hooks dangerous functions
StrangeCharm
Goldstein, yep, they accidentally recorded the occasional packet of people's unencrypted wifi when they were trying to map the world? not evil, quite stupid, not very hamful to anyone
gamambel
i agree that googlesharing is not perfect, neither is any one-hop proxy, but in the end it's up to each user to decide
google is making a lot of money out of it, and i don't know if that's so good. but again, that's for everyone to decide for himself.
Goldstein
StrangeCharm: Who said the occasional packet?
Yarid
Sebastian_: is this known to be reliable? (i.e. since languages are powerful tools, can't some aspects of those functions be emulated?)
Goldstein
I'm assuming every packet until proven otherwise
StrangeCharm
Goldstein, their source code
Sebastian_
Yarid: it is quite good, actually.
StrangeCharm
you can't really record much in a moving car, anyway
gamambel
#nottor
Yarid
Sebastian_: thanks, that's really reassuring
Goldstein
StrangeCharm: #nottor
Yarid
javascript is both useful and scary
just in case you missed this one: http://www.scroogle.org/botnote.html
(three very recent news items)
actually one and two updates
as a method to fix long queues, can't each router pause each queued transfer every transferred 100kb and thus cycle faster between requests? this way small transfers (browsing) will be much faster (usually in one session) and p2p transfers will be much slower. or am i just reinventing the wheel? (in which case, why didn't it do the trick?)
Sebastian_: you still there?
atagar
Yarid: Did you read the paper and faq I mentioned? It outlines the numerous issues and several tactics for addressing them.
Yarid
atagar: i did, but it doesn't mention this potential solution
s/this/this as a/
atagar
Yarid: Ok. Then arma is another person to ping with ideas for improving latency.
Yarid
thanks
my idea includes lowering priority for each stream the longer it turns out to be. there could be five priority levels: highest priority means transfer gets resumed on each queue cycling session, lowest priority means transfer gets resumed every five cycling sessions. priority is lowered with every 5mb worth of transfer.
atagar
Yarid: how does this differ from 2.1 Squeeze over-active circuits?
Yarid
this discourages p2p. also, exits could play a crucial role in regulating this, because they could additionally prioritize by destination ip, potentially implementing an even harsher prioritization system. this will be a natural disincentive for anything p2p.
atagar: wait, let me check. i could have missed something.
atagar: btw (meanwhile), what about the exits part?
atagar
Yarid: "2.2 Throttle certain protocols at exits"?
Yarid
no, certain ips
it would be even more draconian to p2p
i mean protocols too, but ips should be added as a criterion
atagar
seems like stream prioritization would achieve the same thing
anywho, gotta go
Yarid
oh
i think most of my points are mentioned, indeed
it's just that i was not too familiar with the language
the difference is that my ideas don't break any privacy or network neutrality rules.
they are simply "circuit persistence" (or "transfer length") based (also ip-based at exits), no traffic analysis involved. thus, the disincentive is also more legal: long transfers simply face repeated "reconnection" (or make "reconnection" desirable, by lowering priority).
lowering bandwidth instead of (or in addition to) priority management is a good idea, though
also, my idea is lower-impact, but is less exposed to the arms-race risk mentioned in the pdf (page 5, bottom)
s/my/while my/
s/but //
s/but /it /
heh
i am against using "protocol recognition" tools
arma: it's just too... inviting, if you know what i mean
here's what "lower impact" means: basically, we're just shaping everybody's use of tor to resemble web browsing patterns. this means p2peers can still "browse the web" much more heavily than genuine web surfers.
but there's a natural advantage in this: while currently the p2p bastards enjoy better continuity in downloading large files, we poor surfers have to suffer the whole lag/latency before each page starts to load.
so it's just fair to shape tor's traffic patterns to resemble web surfing (and make everything else suffer from the same consequences), because it's the most important protocol, but ironically the most sensitive and always the first victim of abuse
actually i think this is a good design principle ("shape tor's traffic patterns to resemble web surfing") (it shouldn't affect chat and im, i guess)
but are you all AMASSED IN EUROPE? :))
hapsburg
having trouble accessing hidden services, any good reference on how to ensure you can access them?
i'm accessing tor by transparent proxy features, all work perfectly except for hidden services
seems to me that if DNS is going through tor directly by DNSListenAddress then hidden services ought to be resolved just fine but they're not
tor doesn't even try to resolve them
automaphostsresolve is set
velope
hapsburg: hidden services work if you can set a socks proxy to tor. what app are you using where you have to use transparent proxing?
hapsburg
nothing all that special, just want to make sure all outbound tcp goes to tor so i don't have to configure each program to talk with tor... easier to configure tor, build a good firewall than do all that work
ok, so to talk with hidden services the client program needs to talk with socks or a socks speaking proxy
good to know
in my browser i have all traffic proxied to privoxy... should've set socks proxy to tor then
... not working though
my firewall takes all outgoing tcp that isn't tor traffic and sends it to port 9040
velope
with transparent proxying, you probably also want to set DNSPort to 53 and set your system DNS resolver to use 127.0.0.1
hapsburg
did that
velope
one way to know that tor is seeing transparent-proxied traffic is to look at vidalia's network map when using an app -- you'll see the internet destination stream described as 'remapped'
hapsburg
my dnsport is 53, dnslistenaddress is 127.0.0.1... tor works great.... i've been watching the network map and i can in fact see my remapped traffic, no hidden service requests even appear on the map
safesocks is on but i don't think that should matter
velope
sorry, no time to pursue this further. you might try a variety of apps and perhaps via torsocks. at least it looks like you are leaking traffic.
sorry, NOT leaking.
hapsburg
ok
Yarid
you there, arma
?
hapsburg
by the way, i'm watching traffic on wireshark on loopback and when doing a hidden service request i first see and DNS request for the service and the response is that the address is at 127.192.0.2
velope
that could be tor mapping the request to a local address -- which perhaps you could confirm by running tor with debug-level log.
perhaps the app then refuses to send a request to such an address -- or the firewall is blocking it.
hapsburg
i'll try that... the firewall is definitely blocking that ip address, as far as i know that address shouldn't be used at all though
velope
but that's what AutomapHostsOnResolve DOES.
hapsburg
doh... i need to look that up
do i even need that enabled? turning it off and reloading the config doesn't help
well, wireshark says 'no such name' without automaphostsonresolve set, probably should keep it and open the firewall
velope
you need to be sure your firewall allows traffic for such an address to get to tor. debug the firewall by adding logging and/or temporarily disabling (part of) it.
hapsburg
getting a SYN packet to that service listening on 127.192.0.2 and getting a RST, ACK back... not sure if that's the right behaviour or not
« prev 1 2 3 next »