I have been running load time tests for duckduckgo.com and
ff.duckduckgo.comthrough the
Tor network.
duckduckgo.com should be on an enclave
node<https://www.dan.me.uk/torcheck?ip=72.94.249.36>,
ff.duckduckgo.com should not be. But they appear to be loading at
comparable times and LoadUI is showing no difference between the two URLs-
even more complex queries such as "what is my IP"
Can anyone tell if duckduckgo.com misconfigured?
Is it the CDN that DuckDuckGo uses that equalizes the …
[View More]load time?
Is the Tor network not utilizing the enclave node as heavily as the
documentation makes it sound?
Or have the exit proxies really gained that much capacity that they are no
longer the bottleneck for such small small requests?
-Zach Lym
[View Less]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
I encourage everyone running a relay to use an up to date Tor version.
(especially directory authority operators - but they should know better
anyway)
This might be an obvious recommendation but there are a lot outdated
relays (~15%).
What are currently recommended Tor versions?
You can find out by going to:
https://metrics.torproject.org/consensus-health.html
(go to "Recommended versions")
0.2.3.1 is also fine (atm).
If you don't know …
[View More]what version you are using, run:
tor --version
If you are running an old version for a specific reason I'd like to hear
about it (off-list if you wish).
make the Tor network safer - update your relays.
tagnaq
PS: Next week I'll try to contact relay operators still running
<0.2.1.29
<0.2.2.21
update if you want to help reduce the effort.
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk3NhE0ACgkQyM26BSNOM7Z7qwEAtao1Z2CPl+GV8lhwG18sSA1N
pFLqVQ4h/EmbzicMuAMA/1U59gNti+hs8wYUh8THXky+aKb7YIR7D0hokdpNcWBY
=YTaA
-----END PGP SIGNATURE-----
[View Less]
Hi all, I hope this is the right place to ask for help with this problem.
I'm working as a research assistant at a university for the summer,
and my project requires me to set up a private Tor network.
I'm attempting to run 3 dirservers on three different linux/unix
machines. Most of the time, the dirservers upload their signatures to
one another as they're supposed to, but I still have problems after
that. I'll usually get messages like "Received http status code 404
("Not found") from …
[View More]server 'IP:PORT' while fetching
"/tor/status-vote/consensus-signatures.z"" (the 404s IP:PORT are
always the same) or "[notice] While fetching directory info, no
running dirservers known. Will try again later. (purpose 5)". Two of
the dirservers give me messages saying "[warn] Configured authority
type does not match authority type in DirServer list. Adjusting. (4 v
6)" when I start them up.
I have little idea of what any of these errors mean, and no idea of
how to fix them. My torrc files are mostly the same for each server,
and I've pasted one below. I hope someone here can help me figure this
out.
Thanks,
Joel
TestingTorNetwork 1
DirServer dir1 v3ident=2D50FCA97045D078CD22E9092C9CF3E300084B87
orport=5151 x.x.x.x:5150 FD65 3AE1 4133 31A9 20DF 8220 1F6F 8DF7 268F
F238
DirServer dir2 v3ident=EAC28AB68522174442AA214DC60C625675B2D1E9
orport=5152 y.y.y.y:5150 95B9 79E9 4A37 161C EFCC EE13 E7C5 D7EA EB76
B695
DirServer dir3 v3ident=24BD756B7660827D0507319A87DD16F31250A29C
orport=5153 z.z.z.z:5150 23D5 E382 86E6 1118 48E9 C848 2ECE B702 23EA
A0E8
DataDirectory .
ORPort 5152
SocksPort 0
Address y.y.y.y
DirPort 5150
V3AuthoritativeDirectory 1
AuthoritativeDirectory 1
ContactInfo test(a)test.test
ExitPolicy accept *:*
AllowSingleHopExits 1
ExcludeSingleHopRelays 0
[View Less]
On Fri, 15 Apr 2011 04:12:53 -0700 Mike Perry <mikeperry(a)fscked.org>
wrote:
>Thus spake Scott Bennett (bennett(a)cs.niu.edu):
>
>> On Sat, 02 Apr 2011 Jacob Appelbaum <jacob(a)appelbaum.net> > wrote:
>> >> On Thu, 10 Mar 2011 10:27:50 -0800 Chris Palmer <chris(a)eff.org> wrote:
>> >>>
>> >>> The Observatory work was not done through Tor.
>> >>=20
>> >> Good.
>> >
>> >I …
[View More]think we need a scan of the SSLiverse through Tor.
>>
>> Use !=3D abuse.
>> If I run sendmail with it configured to accept mail from outside, th=
>at
>> does not mean I agree to receive massmail, malware, or other bad stuff via
>> TCP port 25. Because various idiots with access to the Internet insist u=
>pon
>> attempting to abuse my ability to receive mail does not militate against =
>my
>> defending my system from such malicious activity in any way I see fit.
>
>You are right. It does not. You are entitled and in fact expected to
>defend your system from scans and abuse.
>
>Censor yourself, not others.
Laying aside for the moment the definitional problem with your demand
that I am neither a state nor an employee of one, I think you have gotten
me mixed up with someone else. I have never advocated censorship. You
perhaps have forgotten the many instances in which I have requested a BadExit
flag be assigned to exit nodes that altered the data returned to tor streams
from the destinations or that reliably "failed" to connect to certain
destinations when other exit nodes did connect to them.
I have, OTOH, stated approximately my policy regarding inappropriate
attempts to probe or otherwise access my computer. If you see some connection
between my denial of access to my ORPort and DirPort to systems I deem to be
miscreants based upon their own past behavior and the administration of an
exit node, then please enlighten me because my understanding hitherto of the
design of tor was to render untraceable any relationship between the two,
which would seem to me to require that entry node access restrictions have no
relationship to exit restrictions.
>=20
>> Further, an activity that can be used by one party to cause terminat=
>ion
>> of another, innocent party's Internet connection is an intolerable assault
>> upon the latter party's paid access to the Internet for all purposes, not
>> just to offer additional capacity to the tor network, and upon a private
>> agreement between the latter party and his/her ISP. Defense against such
>> offenses is completely appropriate and in order.
>
>It is not an arbitrary party whose Internet connection risks
>termination. It is a party that signed up to protect Internet freedom
>and resist censorship. People who want to bring censorship to Tor are
>not welcome on the network. The reason is simply because censorship
>does not work.
True enough, though irrelevant to the discussion of entry node access.
>
>> The activity in question also is not easily distinguishable from that
>> of a lot of actual malware that scans for open ports to find a way in.
>
>This justifies Internet censorship? Or censorship at Tor Exits?
It seems that I am not the only one who has misplaced some details here.
I cannot remember ever having advocated filtering of exit traffic in any way
other than by published exit policy. In fact, I have even once asked for a
BadExit flag for a node that returned bad data that it itself may have
received from some intermediating proxy on grounds that the data were still
not what should have been returned. (That was the time that grarpamp
objected on grounds that it might not have been the exit node's fault, even
though the data were still bad.)
I note here again, non-state entities might filter, but by definition,
are not censors because they only exert control over their own property, as
opposed to state entities that do violate the property rights of others by
forcibly exerting control over the private property of others in order to
restrict or adulterate the transmission of information.
>
>Or are we just trying to ethically define "abuse" and "anything that
>looks like malware" is the best we've come up with so far? That's
>a pretty poor standard.
I define it as TCP SYN or UDP packets sent to ports on my system on
which no program is listening, which is the same as saying that they are
attempts of unauthorized access.
>
>> >Google seems to have this data from crawling the web and simply caching
>> >it as a matter of crawling everything - they get the data from lots of
>> >sources such as other urls, toolbars, etc. Google recently published
>> >the Google Certificate Catalog:
>> >http://googleonlinesecurity.blogspot.com/2011/04/improving-ssl-certifica=
>te-security.html
>> >
>> >So is Google's method the only ethical way to collect this certificate
>> >data? Or is there no method for collecting this data without users
>> >manually submitting each certificate they encounter by hand?
>>
>> AFAIK, Google does not use the tor network for its web (or other)
>> crawling activities. For Google's purposes, the tor network would be
>> unusably slow. AFAIK, Google does not use any method that uses someone
>> else's computer(s) to make its connections to a destination.=20
>
>What does using the Tor network have to do with the ethics of crawling
>the web/Internet? What makes it not OK to crawl the Internet
>anonymously, but makes it acceptable to seek that same information so
>long as you are not anonymous? Or are we being Kantian here, and
>saying that if everyone crawled the Internet, we'd be doomed. So
>therefore, only Google can crawl the Internet? That doesn't work
>either.
The problem, as I hoped I had made clear already, is that it incites
damage to the tor network, specifically to both the population of tor exit
nodes and their operators' Internet access. Google, AFAIK, does not use
tor and therefore does not place tor exit nodes at risk.
>
>Again, people sign up to be Tor relays to take a stand against
>Internet censorship and surveillance. It is thus expected that they
>allow all traffic to pass unmolested and unmonitored, or work to
>implement a way to do their programmatic ExitPolicy filtering in a way
>that does not impede client activity.
>
>Exits are not so scarce that we need to flex our morals on this point.
I am not going to get into a discussion of morals because morals vary
from one person to another based upon anything from religion to culture to
personal whim. I limit my discussion to points of ethics, which are invariant
and can therefore be addressed with consistency.
>
>> An EFF employee, OTOH, has confessed to doing so on this list. The
>> latter, then, is burning CPU time, as well as network connection
>> throughput capacity, on not just one system, but on routelen + 1
>> systems for each scanned system times the number of ports scanned on
>> that system.
>
>Nobody confessed to doing anything over Tor. Chris and Jake simply
>defended the idea of crawling the net over Tor. At no point did
>anybody state that the scan did happen over Tor. In fact, several
>people said the opposite.
>
You are correct in this matter. I misremembered that detail, and
I apologize for my misstatement. Nevertheless, Chris, IIRC, did say that
he supported such abuse of tor exits, even though he had not (yet) done
so himself.
>Perhaps if your mail client supported threading this would be more
>apparent to you? Actually, it's right there in the very first text you
No, it has nothing to do with mail software, as you observe in your
next sentence.
>quoted, though. So perhaps something else is amiss. Is the pager in
>UNIX 'mail' still the original 'more' or something? Or are you still
less(1).
>using 'ed' to type your mails? :)
The problem was (and still is, though less so already) the delay
in catching up to current mail due to an immense backlog in my in box.
Ever since I unsubscribed from tor-talk several weeks ago, I have slowly
been gaining ground on the extent of the running backlog, so the situation
can be expected to improve over time. My apologies for my confusion.
>
>> Another point, though irrelevant due to the ethical considerations
>> that we've been discussing so far, is that there is no particular
>> reason to use tor rather than some other proxy to look at the
>> Internet from different locations. Anonymity is not necessary to
>> achieve that end.
>
>It is very useful to be able to scan the Internet from multiple,
>stable vantage points with anonymity.
That seems likely true. However, it doesn't justify doing damage
to third parties, who have committed no offense other than to offer a
service to a community of users who desire to access the Internet
anonymously, nor to that community of users by reducing the size of the
pools of exit nodes and of any other circuit positions in which those same
nodes may serve.
>
>So long as the resources of any one site are not unreasonably
>consumed, and so long as the scanner is not substantially occupying Tor
>exit bandwidth, I really don't see what is so ethically complicated
>about this.=20
As noted before, the ethical problem is that exit nodes are put at
much greater risk of elimination. I realize full well that there are
plenty of other tor users who act in similarly damaging ways for actually
nefarious ends, but the point remains that the means are wrong, regardless
of the ends.
>
>By occupying this topic with our attention, we are allowing ISPs who
>seek to impose restrictions on Tor traffic in one form or another to
>have their way and dictate what is acceptable on our network. Such
I would be interested to know what evidence you have to support
that claim. From what I've seen thus far, ISPs, especially gigantic
ones like Comcast, have not the slightest interest in which programs
one runs, much less the often esoteric discussions on mailing lists
related to those programs. Instead, they care about dividing their
services into two classes: one class that is relatively cheap but is
definitely *not* a full-service for Internet access and another class that
costs at least twice as much and usually provides something approximating
full Internet access. In the U.S., the partial service has sometimes been
falsely, and therefore illegally, advertised as "full Internet service"
or "unlimited Internet access/service".
>ISPs do not deserve any Tor-related revenue.
Agreed. However, in many locations there is no or greatly restricted
competition, often due to governmental intervention, so the individual
subscriber's options may be limited to either working with such
degenerate corporations or not being connected to the Internet at all.
>
>It is that simple. We can worry about compromising our principles for
>precious few kilobits when all else has failed.
>
If you are so willing to compromise on principles, then why do you
devote your professional life's work to the tor project? Do you secretly
aim to undermine the goals of the project in some way? After all, you
recently opined that exit nodes with throughput capacities less than
100 kB/s were basically a nuisance and/or not worth bothering with, just
caused load distribution problems, and so forth, an opinion discouraging
volunteers from running such exits. If that discouragement were to succeed
in reducing the size of the exit pool, that would seem to reduce the
anonymity of tor users correspondingly, something that would also seem in
order for someone trying to sabotage a project for which he worked. I trust
that wasn't your real intention, but it surely could have been interpreted
that way by someone outside your inner circle. I was astonished when I
first read it.
Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet: bennett at cs.niu.edu *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good *
* objection to the introduction of that bane of all free governments *
* -- a standing army." *
* -- Gov. John Hancock, New York Journal, 28 January 1790 *
**********************************************************************
[View Less]