May 2015 - tor-relays - lists.torproject.org

Enabling obfs4 and obfs3 on 80 and 443
by R-one 05 May '15

05 May '15

I have recently set up a bridge and was reading some old emails on the list. I found some instructions from s7r on setting up obfs4 and obfs3: > Sample torrc entry for enabling obfs4 and obfs3: > ExtORPort auto > ServerTransportPlugin obfs3,obfs4 exec /usr/bin/obfs4proxy > ServerTransportListenAddr obfs3 [::]:port > ServerTransportListenAddr obfs4 [::]:port > > To make the bridge even better, you can bind obfs3 and obfs4 to lower > ports (< 1024), if you have them free, such as obfs3 on 80 and obfs4 > on 443 (for example). This seemed like a good idea (I am not running a web server). I am running tor 0.2.4.27, which does not seem to support ExtORPort. From some other recommended bridge setup I had previously set ORPort to 443. I tried changing my config to: ORPort auto ServerTransportListenAddr obfs3 0.0.0.0:80 ServerTransportListenAddr obfs4 0.0.0.0:443 (and doing the capabilities stuff, of course). This didn't work -- obfs4 complained that 443 was in use (is that because I had previously set it for ORPort?). So, for now, I have set obfs4 to a random high port. I will admit to being pretty confused about the recommended bridge setting for ORPort and the obfs ports (and what ExtORPort does differently). Does anyone have a recommendation for what I should do? Do I need to upgrade to tor 0.2.5?

2 1

Tor Relays Network Survey
by Zoe White 04 May '15

04 May '15

Hello everyone, I am doing a research project called “Understanding Anonymous Network” conducted at the University of Illinois at Urbana-Champaign. The purpose of this project is to investigate what motivates people to participate in Tor project and to run the relay nodes. We also want to know what obstacles may hinder people to run relay(s). Our aim is to increase people’s participation in Tor network through understanding motivation. Your participation will help us have a better understanding about this issue. This survey will take approximately 15 minutes of your time. If you run Tor nodes and are willing to participate in this research project, please click the following link and start the survey! *https://uiuc.qualtrics.com/SE/?SID=SV_9GkkX5zGEkjQhx3* <https://uiuc.qualtrics.com/SE/?SID=SV_9GkkX5zGEkjQhx3> Thank you very much!!

4 6

Re: [tor-relays] T-shirts and Confirming Relay Control
by teor 04 May '15

04 May '15

> Date: Mon, 04 May 2015 13:06:51 +0200 > From: Markus Hitter <mah(a)jump-ing.de> … > > The more demanding part of this is to collect the addresses, especially the software to do so. An application which formats them ready for printing, calculates the stamp required, perhaps also prints some customs stickers depending on destination. Here volunteers can easily help and there's no need to hide such discussions, because such software doesn't require the real data, can be written/tested with dummy data instead. All the trusted person (you) has to do is to run this software on the real data and hit the "print" button. Your post office or shipping company might have software like this already - and if it's done using their software, getting the stamps and stickers right is their responsibility, not yours. Of course, this software might not be free, in either sense of the word. teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

2 1

Determining geographical locations for a new exit relay would help most
by Seth 04 May '15

04 May '15

I'm standing up a new exit relay on the VULTR network. How would a person go about determining which location is in most need of additional exit relay capacity? Available locations: https://www.vultr.com/locations/ * Miami, Florida * Chicago, Illinois * New York / New Jersey * Dallas, Texas * Seattle, Washington * Atlanta, Georgia * Los Angeles, California * Silicon Valley, California * (AU) Sydney, Australia * (Asia) Tokyo, Japan * (EU) Amsterdam, NL * (EU) London, UK * (EU) Paris, France * (EU) Frankfurt, DE Also, curious to hear people's thoughts on any potential jurisdictional arbitrage benefits to be gleaned by choosing a location other than ones country of residence or citizenship. For the sake of argument, consider a VULTR account opened by U.S. citizen residing in the U.S. Choopa LLC (VULTR parent company) is also a US based company. http://start.cortera.com/company/research/k5o8lvm2j/choopa-llc/

4 12

Why can't I see authorities bandwith stats
by Dedalo 04 May '15

04 May '15

Hi, I was making some changes in my relay configuration and I made some queries in GLOBE and ATLAS and something happened. I noticed that all authorities are not showing bandwidth stats from the last week and I was wondering why. Regards, Dedalo. -- twitter: @SeguridadBlanca Github: Dedal0 Blog: https://blog.dedalo.in

2 1

Re: [tor-relays] T-shirts and Confirming Relay Control
by JovianMallard 04 May '15

04 May '15

Matt, Inspired by the options to confirm domain ownership with Google, Could you ask the relay operator to include a randomly generated (by you) token in their contact field? It may take a while to propagate and it requires action on the operator's part, but it's not difficult and I expect it provides the assurance you need. > On 05/03/2015 04:20 PM, Matthew Finkel wrote: >> On Sun, May 03, 2015 at 12:05:49PM -0700, Aaron Hopkins wrote: >>> On Sun, 3 May 2015, Matthew Finkel wrote: > >>> Or as Robert suggests, just send verification mail to the listed contact >>> address of the relay. If they don't list one on their config, find an >>> alternate verification mechanism like e-mailing whois contacts for the IP or >>> domain name, or refuse the request. >> >> I'd prefer not denying them a t-shirt because they don't want to publish >> an email address publically, but using whois seems like a stretch and >> usually ends at the hosting provider instead of the operator. >

2 1

Re: [tor-relays] T-shirts and Confirming Relay Control
by teor 03 May '15

03 May '15

> Date: Sun, 3 May 2015 17:44:39 +0000 > From: Matthew Finkel <Matthew.Finkel(a)gmail.com> > … > > Another disadvantage of this is PSS wasn't implemented in openssl's > apps until 1.0.1. I wonder how many relays are running on servers which > are still using openssl 0.9.8 (and 1.0.0?). For these servers we can > fallback on pkcs#1 v1.5 signatures. OS X still ships with OpenSSL 0.9.8 by default. But Darwin is such a small fraction of the network, and it's less likely that a Darwin server would push enough data to get a t-shirt unless it had an OpenSSL version with aes-ni. teor teor2345 at gmail dot com pgp 0xABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7

1 0

Drop in relay count
by Linus Nordberg 03 May '15

03 May '15

Hi, Looking at the graphs showing the number of relays in the network it seems like we've lost about 500 (-7%) relays since the beginning of this year. https://metrics.torproject.org/networksize.html?graph=networksize&start=201… https://metrics.torproject.org/networksize.html?graph=networksize&start=201… Looking at the graphs showing the total relay bandwidth of the network it seems like the advertised bandwidth has increased with about 25 Mbps (+23%). https://metrics.torproject.org/bandwidth.html?graph=bandwidth&start=2015-01… https://metrics.torproject.org/bandwidth.html?graph=bandwidth&start=2012-01… Seems a bit contradictory at first sight. A guess would be that a lower number of fast relays have replaced a higher number of slow ones but I haven't looked into it more. Anyone who's looked into this? And can back up their theory with some numbers. Thanks, Linus

4 5

Re: [tor-relays] tor-relays Digest, Vol 52, Issue 1
by aredocilla＠gmail.com 02 May '15

02 May '15

> Date: Sat, 2 May 2015 15:52:07 +0800 > From: Geo Rift <tim.cochrane.laptop(a)gmail.com> > To: tor-relays(a)lists.torproject.org > Subject: Re: [tor-relays] Determining geographical locations for a new > exit relay would help most > Message-ID: > <CAO3ZnMfdf9Q6FUHXhZtYAy1orS607DA_SYDuQi08p9Z7YKJVgQ(a)mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I would love to see some more nodes in Australia. I'm located in Perth > and the speed of the network it horrible. Not usable for day to day > internet which is unfortunate, hopefully it will pick up soon. Unless you've been really messing with your configuration, you're likely to end up hopping out of your home country at least once per circuit anyway. And if the network is slow, you'd want your traffic to get out of there as soon as possible; no/little sense adding a relay in a slow network area. Exit relay positioning is more dependent on filtering and network diversity rather than geographical proximity; I can only see that being helpful for guard relays. That said, if we're low on Australian relays it'd be good to get more there. I believe both UK and Australia keep bouncing around ideas for legally-required net filtering; that's the only thing I'd keep in mind other than speed when choosing between them. -- PGP key available on request

1 0