November 2014 - tor-relays - lists.torproject.org

Node Operators Web Of Trust
by grarpamp 11 Nov '14

11 Nov '14

Is it not time to establish a node operator web of trust? Look at all the nodes out there with or without 'contact' info, do you really know who runs them? Have you talked with them? What are their motivations? Are they your friends? Do you know where they work, such as you see them every day stocking grocery store, or in some building with a badge on it? Does their story jive? Are they active in the community/spaces we are? Etc. This is huge potential problem. NOWoT participation is optional, it is of course infiltratable, and what it proves may be arguable, but it seems a necessary thing to try as a test of that and to develop a good model. Many operators know each other in person. And the node density per geographic region supports getting out to meet operators even if only for the sole purpose of attesting 'I met this blob of flesh who proved ownership of node[s] x'. That's a big start, even against the sybil agents they'd surely send out to meet you. Many know exactly who the other is in the active community such that they can attest at that level. And so on down the line of different classes of trust that may be developed and asserted over each claimed operator. Assuming a NOWoT that actually says something can be established, is traffic then routable by the user over nodes via trust metrics in addition to the usual metrics and randomness? WoT's are an ancient subject... now what are the possibilities and issues when asserting them over physical nodes, not just over virtual nodes such as an email address found in your pubkey? And what about identities that exist only anonymously yet can prove control over various unique resources? If such WoT's cannot be proven to have non-value, then it seems worth doing. This doesn't just apply to Tor, but to any node based system.

8 11

Bwauths Measures question, friends.
by Rafael Rodriguez 10 Nov '14

10 Nov '14

Anyone knows how often bwauths measures a relay? I don't understand why directory authorities have not lifted the 20KB cap for my older relay. Now I have doubts if it could be a problem with my server. This is a 2MB/s relay with burst of 4MB/s to start tuning it and increase it later if stable, which is not being used and has been running for over 3 days. Is it normal for Relays to take longer than three days to start getting at least some traffic and for directory authorities to lift the 20KB cap? Fingerprint 48ADFCC561402D7EBB1CDE233F206B01D8FA0765

8 15

Windows Tor Server Guide
by Rafael Rodriguez 10 Nov '14

10 Nov '14

Hello fellows, Where can we contribute (post a guide) to deploy Tor in Windows without the extras unneeded stuff? I was looking for a Tor Server installation guide on Windows to run Tor as a service. I did not wanted to install all the extra browser stuff but a plain "Tor server" service and secure it by giving the service its own limited account and write permissions just to the datadir. Since I couldn't find information online to help me out, I ended up using the latest Tor Browser package and removing everything except Tor itself and deployed it in two Windows servers as services. I would like to post somewhere in the Top project about the process for others to benefit from it.

4 6

Re: [tor-relays] Node Operators Web Of Trust (Spencer Rhodes)
by Spencer Rhodes 10 Nov '14

10 Nov '14

> > From: Gareth Llewellyn <gareth(a)networksaremadeofstring.co.uk> > To: tor-relays(a)lists.torproject.org > Date: November 10, 2014 at 5:58:12 AM EST > Reply-To: tor-relays(a)lists.torproject.org > Subject: Re: [tor-relays] Node Operators Web Of Trust > > > On Fri, Nov 7, 2014 at 8:26 PM, grarpamp <grarpamp(a)gmail.com <mailto:grarpamp@gmail.com>> wrote: > Is it not time to establish a node operator web of trust? > Look at all the nodes out there with or without 'contact' info, > do you really know who runs them? Have you talked with > them? What are their motivations? Are they your friends? > Do you know where they work, such as you see them every day > stocking grocery store, or in some building with a badge on it? > Does their story jive? Are they active in the community/spaces > we are? Etc. This is huge potential problem. > > I had an idea for this a little while ago; https://tortbv.link/ <https://tortbv.link/> using the published GPG signature in the contact info to sign the node fingerprint, if you trust the GPG key then you can _possibly_ trust that the node is run by the named operator. > > Never got round to actually doing anything with it though... > > > > _______________________________________________ > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays Strikes me as a very good idea. Perhaps lawyers wielding attorney-client privilege could be used to protect the identities of those node operators who wish to remain anonymous. -- Spencer Rhodes, Esq. 126 East Jefferson Street, Orlando, Florida USA 32801-1830 t: +1.321.332.0407 | f: +1.321.332.0409 | m: +1.407.796.8282

1 0

Re: [tor-relays] Node Operators Web Of Trust
by Eric Hocking 10 Nov '14

10 Nov '14

That sounds like an excellent idea. if the site nowot.com is available, someone could register it. Maybe we could even get providers on board with the idea. > On Nov 10, 2014, at 7:00 AM, tor-relays-request(a)lists.torproject.org wrote: > > Send tor-relays mailing list submissions to > tor-relays(a)lists.torproject.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > or, via email, send a message with subject or body 'help' to > tor-relays-request(a)lists.torproject.org > > You can reach the person managing the list at > tor-relays-owner(a)lists.torproject.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of tor-relays digest..." > > > Today's Topics: > > 1. Node Operators Web Of Trust (grarpamp) > 2. Re: Node Operators Web Of Trust (Gareth Llewellyn) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 7 Nov 2014 15:26:40 -0500 > From: grarpamp <grarpamp(a)gmail.com> > To: tor-relays(a)lists.torproject.org > Cc: cypherpunks(a)cpunks.org > Subject: [tor-relays] Node Operators Web Of Trust > Message-ID: > <CAD2Ti2__JyLd2CYfWOitEOkPfOFDOiGb7_xqtUCgo+cKrJRVKw(a)mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > Is it not time to establish a node operator web of trust? > Look at all the nodes out there with or without 'contact' info, > do you really know who runs them? Have you talked with > them? What are their motivations? Are they your friends? > Do you know where they work, such as you see them every day > stocking grocery store, or in some building with a badge on it? > Does their story jive? Are they active in the community/spaces > we are? Etc. This is huge potential problem. > NOWoT participation is optional, it is of course infiltratable, > and what it proves may be arguable, but it seems a necessary > thing to try as a test of that and to develop a good model. > Many operators know each other in person. And the node > density per geographic region supports getting out to meet > operators even if only for the sole purpose of attesting 'I met > this blob of flesh who proved ownership of node[s] x'. > That's a big start, even against the sybil agents they'd surely > send out to meet you. > Many know exactly who the other is in the active community > such that they can attest at that level. And so on down the > line of different classes of trust that may be developed > and asserted over each claimed operator. > Assuming a NOWoT that actually says something can > be established, is traffic then routable by the user over nodes > via trust metrics in addition to the usual metrics and randomness? > WoT's are an ancient subject... now what are the possibilities and > issues when asserting them over physical nodes, not just over > virtual nodes such as an email address found in your pubkey? > And what about identities that exist only anonymously yet > can prove control over various unique resources? > If such WoT's cannot be proven to have non-value, then it seems > worth doing. > > This doesn't just apply to Tor, but to any node based system. > > > ------------------------------ > > Message: 2 > Date: Mon, 10 Nov 2014 10:58:12 +0000 > From: Gareth Llewellyn <gareth(a)networksaremadeofstring.co.uk> > To: tor-relays(a)lists.torproject.org > Subject: Re: [tor-relays] Node Operators Web Of Trust > Message-ID: > <CAM8M=ki3y0xgOEdsTJPU_Y7DPVRQ37uZ5rPrE1W4i_TjByNNaQ(a)mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > >> On Fri, Nov 7, 2014 at 8:26 PM, grarpamp <grarpamp(a)gmail.com> wrote: >> >> Is it not time to establish a node operator web of trust? >> Look at all the nodes out there with or without 'contact' info, >> do you really know who runs them? Have you talked with >> them? What are their motivations? Are they your friends? >> Do you know where they work, such as you see them every day >> stocking grocery store, or in some building with a badge on it? >> Does their story jive? Are they active in the community/spaces >> we are? Etc. This is huge potential problem. >> > > I had an idea for this a little while ago; https://tortbv.link/ using the > published GPG signature in the contact info to sign the node fingerprint, > if you trust the GPG key then you can _possibly_ trust that the node is run > by the named operator. > > Never got round to actually doing anything with it though... >

1 0

How's your relay doing? Reporting Bad Relays
by Matthew Finkel 08 Nov '14

08 Nov '14

Hi Relay Operators, A few months ago[0], we announced the bad-relays(a)lists.torproject.org mailing list and asked everyone to send reports to that list if they suspected a relay was...bad. We've already received many reports, so please keep them coming. We also want to ask all of you to use that list, as well. If at anytime you think your relay is no longer safe for use, please tell us. Roger tweeted about this yesterday[1][2], too. The Tor network exists because of all of you and we can only keep it safe with your help. Let us know if you have any questions. Thanks! Matt [0] https://blog.torproject.org/blog/how-report-bad-relays [1] https://twitter.com/RogerDingledine/status/530878388605423616 [2] For those who don't want to open Twitter: If your #Tor relay is stolen or you lose control of it, please report it so we can blacklist it: https://blog.torproject.org/blog/how-report-bad-relays @TorProject

1 0

This may be a stupid question to you but how do I unsubscribe from these posts? Graeme.
by Graeme Briggs-White 07 Nov '14

07 Nov '14

As above....

3 2

Re: [tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
by grarpamp 07 Nov '14

07 Nov '14

On Fri, Nov 7, 2014 at 11:31 AM, Adrian Chadd <adrian(a)freebsd.org> wrote: > ... that's .. odd. > > Let's poke the freebsd crypto and network stack people and ask. I > can't imagine why this is a problem anymore and we should default to > it being on. I don't think there's a crypto@ list, though security@ might represent. > The other thing you could do is have the tor port require > it be turned on before tor runs. That would not cover people who compile and use upstream Tor. Ideally, the Tor client could check for any system parameters it feels are critical before running, or simply delegate them and/or any parameters of lesser importance to platform specific guides on the Tor wiki. > On 7 November 2014 00:20, grarpamp <grarpamp(a)gmail.com> wrote: >> On Thu, Nov 6, 2014 at 8:52 AM, Philipp Winter <phw(a)nymity.ch> wrote: >>> >>> FreeBSD still seems to use globally incrementing IP IDs by default. >>> That's an issue as it leaks fine-grained information about how many >>> packets a relay's networking stack processes. (However, nobody >>> investigated the exact impact on Tor relays so far, which makes this a >>> FUD-heavy topic.) It looks like approximately 50 out of the 131 FreeBSD >>> relays I tested (38%) use global IP IDs. >>> >>> There's a sysctl variable called "net.inet.ip.random_id" which makes a >>> FreeBSD's IP ID behaviour random. FreeBSD relay operators should set >>> this to "1". >>> >>> Note that this issue was already discussed earlier this year in a thread >>> called "Lots of tor relays send out sequential IP IDs; please fix >>> that!". >> >> It's been default off since before it was a sysctl over a decade ago. >> Anyone know what the deal is with that? Some objection, or >> forgotten flag day, or oversight that really should be set to 1? >> https://svnweb.freebsd.org/base?view=revision&revision=133720

1 0

Re: [tor-relays] Unexpected sendme cell from client. Closing circ (window 1000)." error message.
by K. Besig 06 Nov '14

06 Nov '14

Thanks for all the informative responses, they were truly underwhelming...

2 1

Re: [tor-relays] Adding relays with a click
by Nan 04 Nov '14

04 Nov '14

SiNA Thank you -- that looks like the script we need. Even though it was written for Ubuntu it should work just as well on debian. We probably can simplify it because every GoodCrypto server is already a tor proxy. Thanks again, Nan ----- On Nov 4, 2014, at 17:41:37, SiNA Rabbani sina(a)redteam.net wrote: > You mind find this script interesting: > > https://gitweb.torproject.org/tor-cloud.git/blob/ce98487e1174bff3a76c1f9f03… > > --SiNA GoodCrypto warning: Anyone could have read this message. Use encryption, it works.

1 0