logs archiveIRC Archive / Oftc / #tor / 2015 / November / 4 / 1
srg
I'm "safe" using TBB on a campus network, right?
butthead
depends of your definition of "safe"
a good network admin will know you're using tor but won't know what you're doing with it
srg
Hence the quotes, heh. I suppose they can yell at me for using tor, but they can't tell what....exactly what you said
_opal_
only real uptight campuses would care about you using tor
i know there are some universities that host their own tor relays and exits
KevinMGranger
Suppose, for a student project, someone wanted to inspect tor traffic and turn it into generated fiction. That's technically tampering with traffic, right? A quick trip to the BadExit list?
kvm234
is there a way to set TBB to only connect using https?
Dmole
is there a recent statement on tor and bittorrent?
KevinMGranger
As in something other than "don't" ?
Dmole
yah like why and if the reason is likely to change ever.
like why is Tribler able to and tor not?
(they use similar but not connected networks)
like was the reason just "we don't have enugh quality exit nodes?"
         

KevinMGranger
Dmole: first, have you read this? https://blog.torproject.org/blog/bittorrent-over-tor-isnt-good-idea
Although yes, saturating an already strained network is also an issue
arma
also, tribler is not actually very similar, it just likes to say that it is because people seem to like tor
Dmole
well it uses onion routing dose it not?
That blog post is from 2010 and just mentions some people configure there torrent clients. It dose not give a give any reasons for people who have configures the torrent client properly, though seeding might be hard without an IP~
so like it should be "don't unless you configure it properly". I guess I'll try it out.
kernelcorn
these still apply 1) adds significant load to the network, 2) likely adds more copyright notices to exit node operators
Dmole
presumably the exit nodes have more heat from more illegal activities, so I doubt copyright even ranks.
network load I can see as the main issue, but like that's kind of an general scaling issue.
velope
it is impossible to "configure it properly"
for torrenting use your vpn (only)
you are rationalizing
Dmole
yes I'm trying to get a rational answer.
what part can't be configured?
it's trivial to set reply address to localhost, and that was the main issue that stemmed out to the other ones mentioned in that blog.
well if anyone comes up with a reson, be sure to get it on the aforementioned blog.
roguism
Does Tor Messenger use a different Tor route for each account?
Is this the right place to ask Tor Messenger questions?
sukhe
roguism: yes
the right place
and no, not yet. see #14382
roguism
Cool, thanks for pointing that out. I'll track that
arma
sukhe: is there a simple summary of the xmpp protocol somewhere, from the point of view of metadata?
like, do my messages go through the center server too? and if i'm on one jabber server and the other person is on another, do the messages go through both of them? or is it only presence?
special: you might have an answer for that one too. explaining it to the world could help ricochet users understand what they're getting.
qwerty1
messages and presence both do
special
I will have to think a bit to come up with a non-technical reference on it; but yes. We can't write enough about what metadata is and where it appears
another notable one is your contact list.
arma
'who exactly gets it?' is a great question
also, the same question for the textsecure protocol
and google hangout, and signal/redphone... the list goes on. somebody should make a chart or something.
whoever makes the chart gets to lead the discussion :)
sukhe
arma: that's a very good idea. we should do that
special
the EFF has something similar to this, but it doesn't go into metadata issues; https://www.eff.org/secure-messaging-scorecard
sukhe
(Action) volunteers for doing that for Tor Messenger
arma
special: that right there is what i meant -- eff made their chart, so they totally left out "omg you mean the central server gets it all? how do they get five stars then??"
special
so is it better to make our own chart, or help eff learn why theirs is incomplete?
arma
it would be a win to get an extra column in eff's chart
         

special
I'm not sure it can be simplified to just one
arma
but that's a political game
step one, write things down. step two, engage with eff.
perhaps in step one, the act of organizing the information produces...a table. :)
special
sounds like the kind of task one of those newfangled wiki things would be good for
roguism
A wiki? What's that?! [citation needed]
special
does tor messenger's first-time-use make it clear what server you're using?
arma
sukhe: also, if i am talking to two people, using xmpp, does my tor messenger have one tcp connection, over tor, to the central server, and it carries both conversations?
qwerty1
yes
arma
special: you have to explicitly tell it. if you mean xmpp server.
special: which is either great, because transparency, or terrible, because usability
(or both)
sukhe
we decided we would default to jabber.ccc.de. we were told it's a bad idea to use a default. I am glad we didn't
in today's meeting, we discussed suggesting a few servers that support in-band so that a user can choose between them. we will do that most likely
arma: OK to quote you on trac?
(with the above things)
(Action) is saving work of summarizing it
qwerty1
the operators of jabber.ccc.de definitely don't want people using them as a default and i agree no default is best
special
oh no, "facebook chat" is an option. does this actually still support facebook chat after they turned off their xmpp bridge?
sukhe
well they said they turned it off. but it works. we got in touch with FB today for them to clarify. let's see what they say
we also asked them to provide chat.facebookwwwi*.onion
special
..really? huh. I was pretty sure I recalled the actual shutdown.
sukhe
yeah but it works, which is what is puzzling so depending on what FB says, we will act accordingly ;)
special
interesting
sukhe
qwerty1: yeah. but we should at least tell users which servers they can use and which support in-band. we will do that
(we do include the leaf cert for jabber.ccc.de so users can connect to it without any warnings. in a way, we do support it I guess)
special
but jabber.ccc.de is bad because of server-to-server TLS, isn't it?
qwerty1
i can understand where the jabber.ccc.de operators are coming from not liking people depending on it
sukhe
special: in what sense?
roguism
Do you need server-to-server TLS with OTR?
qwerty1
no, but it's a good idea
special
yes; presence and contact metadata is visible over that connection
qwerty1
yeah
roguism
ahh, right
qwerty1
if you only use otr only your messages are encrypted
special
sukhe: it's a self-signed certificate, right? so other xmpp servers can't authenticate jabber.ccc.de, unless they've gone out of their way to whitelist it.
also, without TLS, it's not just visible - it can be modified in transit
I bet there are fun things you could do with that
arma
sukhe: quoting what i say on public channels is always fine with me
sukhe
special: ah yes. something else we should also check. thanks
arma: great (work saved :P)
roguism: we enforce TLS. at least try to for the known protocols
special
sukhe: that also makes me wonder if xmpp servers are enforcing valid certificates at all. hmm.
arma
when you say 'in-band', what is in-band?
sukhe
arma: in-band XMPP registration. from within Tor Messenger
didn't I say registration? sorry if I didn't
arma
ah. yes, jabber servers that don't let you make an account should not be presented as prominently as those that do, i think
i'm just imagining the average first user, who acts like greg norcie's walk-through acts
« prev 1 2 3 next »