logs archiveIRC Archive / Oftc / #tor / 2015 / November / 14 / 1
Amnez777
is it safe to run 2 separate programs inside Linux containers over tor? lets say i got 2 ZNC servers running from different containers but one is running over TOR, will one leak the other?
cacahuatl
That's really a question about linux containers, not tor.
dan
Hey, I'm looking for guidance as to whether I should operate a relay vs a bridge node on a slower cable connection (about 7mbps upload, probably going to limit it to 5 to avoid bufferbloat)
I run a few tor relays on servers with 100mbps connections, and I can probably set a few up on lower bandwidth connections like this, but I'm generally thinking they'd be most useful as bridges rather than as relays due to the bandwidth limitations
kernelcorn
dan: obsf4 bridges would be very helpful to the network
dan
ok
I've never set one up before, but I'm sure I can modify the ansible script to set one up
kernelcorn
dan: there should be instructions on torproject.org
you will need the obsf4 server software, since clients will be tunneling Tor traffic through the obsf4 protocol
dan
Is it bundled with Tor in the Debian stable repos, or should I add the tor project deb repo?
murb
probably best using the tor project deb repo.
dan
yeah, but you can end up with frankendebian that way, which is never fin
*fun
         

Steven_M
Hi all, I've heard that tor slows down internet traffic a lot. If I use tor just to connect to irc how much lag can I expect?
cacahuatl
It depends on the circuit you pick to connect to IRC.
xfr038
hello, there is an error when i try to add the torproject rep in debian wheezy
# gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg: requesting key 886DDD89 from hkp server keys.gnupg.net
gpgkeys: key 886DDD89 not found on keyserver
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0
is something wrong on the gnupg.net side?
irf
Steven_M: typically not more than a second or two.
only something you would notice if you had two connect clients
xfr038
it seems like the tor key was removed from gnupg.net
is there a new one?
cacahuatl
I don't think you're likely to even be seeing a second but a lot of IRC networks don't allow connections from Tor.
seems fine to me xfr038
Steven_M
irf: thanks :)
xfr038
working now
Steven_M
irf: I'm a total tor noob, may I ask two more very noobish questions?
irf
Steven_M: shoot
tnnn
gnupg.net seems to have some issues from time to time. You can also use sks pool: gpg --keyserver pool.sks-keyservers.net --recv 886DDD89
keys.gnupg.net is an alias for pool.sks-keyservers.net
Steven_M
irf: Can I install tor on my main computer (the one I use for IRC and many other things), or do I need to install it on a seperate server, and then connect to that server?
s7r
dan: hello. set up your obfs4 bridge?
irf
Steven_M: tor on your computer is better
assuming you don't want to just irc off of your server
but if you need to connect to tor through your server (i.e. if you don't want your isp to know), then you could setup a bridge on your server (or just use a public bridge)
Chmod000
I had a quick question
How has China not blocked all the Tor obfuscated bridges?
cacahuatl
They did a cost/benefit analysis
Chmod000
Couldn't they just email Tor to get all the bridges?
Since they're freely available?
(pretend to be a user)
They could do that just by sending the "get bridges" email multiple times from multiple proxies, right?
cacahuatl
Not all bridges are published to bridgedb and bridgedb tries to resist that kind of attack.
and there will always be churn, new bridges added, old bridges shut down.
Chmod000
How would a bridge that isn't published on bridgedb be accessible?
cacahuatl
Manual distribution.
         

Chmod000
Ah
apx
so much DDoS on my exit nodes right now
:-(
s7r
apx: :( hang on there man
apx
apx2 was just hit by 3 gbit/s out of nowhere, someone seems to target the whole family
s7r
hope the provider won't be pissed off
Chmod000
And what methods does bridgedb have to resist that kind of attack?
apx
fortunately, I do not pay for incoming traffic :-)
s7r
Chmod000: what is your concern exactly? bridges are divided into separate rings. a ring is a distribution channel. some are distributed via email, some via website, etc.
one cannot get all the bridges via email or vice versa
Chmod000
Not so much a concern I have.
I'm not in a "Tor unfriendly" country.
irf
is using a bridge less secure than connecting to the tor network directly, if you don't need to hide your tor use?
s7r
right. well, it's not impossible for a censor or an attacker to learn some of the bridges, but we assume it's hard to get them all.
Chmod000
I was just thinking about possible methods authoritarian governments could use to prevent people from using Tor.
cacahuatl
"secure" is a vague term.
s7r
plus there are better ways to enumarate the bridges in the Tor network, which we know about and work on them as we speak
Chmod000
So bridges are separated by their distribution channel -- but is there any other separation?
apx
Chmod000 deep packet analysis?
Chmod000
Like, is there anything preventing a user from sending numerous emails to get all of the bridges?
In that "ring"
cacahuatl
Well the point is to offload account creation and verification to the email provider
the set of providers who are allowed to request bridges is limited
irf
cacahuatl: in that i assume you'd normally have more entry points if you connect directly, so the bridge operator would have an easier time pulling off a correlation attack
cacahuatl
And even if you got all the email ones, as s7r explained, you still wouldn't get all the bridges in bridgedb
There must be a design doc on gitweb somewhere
s7r
yes, you have to request from an @yahoo or @gmail address. which when you create, it asks for a phone number and so on. so it gets more and more complicated to request unlimited bridges
plus you sometimes get the same bridges you already got, they are distributed randomly
Chmod000
Can't nation-state attackers subvert that email restriction?
cacahuatl
There are better ways, as mentioned.
Chmod000
What methods are there?
cacahuatl
Left as an exercise to the reader.
Steven_M
irf: Okay, If I install tor on my computer, can I just use tor for IRC, or does all my internet traffic have to go through tor, just like it does with a VPN?
apx
I was interrogated by the police today for fraud on apx2.. ... ... ... because somebody didn't pay another player for counter strike gun-skins :s
waste of tax money
irf
Steven_M: you'll have a socks 5 proxy on 127.0.0.1:9050 that you can configure applications to use
cacahuatl
Steven_M: Tor normally provides a SOCKS proxy, you point your IRC client at the SOCKS proxy to connect through Tor to IRC. You probably don't want to route all your traffic over tor.
Steven_M
irf: Sorry, I'm a very slow typer, due only having a one arm. going to lunch now, but will leave irc open
kernelcorn
Steven_M: I don't know what operating system you are running, but I recommend that you look into voice-to-text software. There's software for this for Windows and Linux.
qwerty1
is there good non-proprietary speech recognition for linux?
thought such things need huge corpora to train them
hm, apparently there is
kernelcorn
yes, at least in the Ubuntu repos
I think it's called Simon
Steven_M
kernelcorn: back from lunch
kernelcorn: cool, thanks :) I didn't know there was VR for Lunix.
irf: cool, thanks for the explanations guys :-)
kernelcorn
glad to help
Simon is also in the Fedora repos
Steven_M
okay, I'm running ubuntu at the moment.
« prev 1 2 next »