November 2016 - tor-relays - lists.torproject.org

Automatic IPv6 address detection in Tor
by diffusae 11 Nov '16

11 Nov '16

Hi! Is this already solved in 0.2.8.9-1 for addresses with global scope? https://trac.torproject.org/projects/tor/ticket/17153 I was trying to configure a global reachable IPv6 address, but getting the following error: "unable to use configured ipv6 address "[::]" in a descriptor." The only way ist to set a clear global address in the config. The ISP is changing the 64 bit prefix a bit from time to time and I don't want to configure it manually every two weeks or so. Best regards,

2 7

Research - Tor and the shaping of resistance technologies
by COLLIER Ben 09 Nov '16

09 Nov '16

Hello all, Greetings from (currently freezing cold) Scotland and apologies for the cross-posting. I'm a researcher at the University of Edinburgh studying antisurveillance technologies, software development and how these are shaped at different levels by ideas about crime and surveillance. I'd describe my work as criminological but with a strong critical dimension - my research isn't about "fighting crime" or developing cybersecurity policy. I'm interested instead in exploring the power relationships, social and technological factors which determine how actions and communities are labelled criminal, and include harms caused by states and other powerful actors which may not traditionally be considered as "crimes". >From this perspective, I would like to explore how the values and perspectives of people who develop software to resist surveillance and promote anonymity online shape the technologies they work on, and whether this expertise changes how they see these issues. I have a background in (statistical) programming and I'm particularly interested in finding out how people see these issues playing out in practice in their work. While I'd like to carry out more in-depth research in the new year, at this stage I'm interested in making sure I'm asking the right questions. As such, I'd be very grateful if anyone involved in Tor development, either as a core developer or as a volunteer, would be interested in having a chat, or if possible a short interview. Any discussions would be anonymous and carried out in accordance with the ethics policy of the University of Edinburgh, and you would be able to withdraw consent for participation at any time for any reason - or none at all. I'll be contactable at this email address (listed in my signature) and on the IRC channels as JHistone - if you're interested (or just want to say hi or have a chat) please feel free to get in touch. Best wishes, Ben Collier Doctoral Researcher The University of Edinburgh SCCJR profile: http://www.sccjr.ac.uk/about-us/people/ben-collier/ Edinburgh University profile: http://www.law.ed.ac.uk/research/students/viewstudent?ref=339 Twitter: @JohnnyHistone Email: s1263350(a)sms.ed.ac.uk The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336.

1 0

Tor relay balks with "router_pick_published_address(): Success: chose address x.x.x.x"
by Tobias Sachs 09 Nov '16

09 Nov '16

Hey, my Tor relay https://atlas.torproject.org/#details/B567E8E39641F61091C1F2CAAAF73D3D1BF9C… balks with the following message which is repeated in the log with the "info" logging level up to 23251 times at the exact same millisecond. The relay responds at :9030/tor/server/authority with a 503 error. router_pick_published_address(): Success: chose address 'x.x.x.x' This is a counting from the log with the corresponding timestamp. Nov 01 18:37:13.000 - 23251 Nov 01 18:37:22.000 - 59 Nov 01 18:38:17.000 - 23195 Nov 01 18:38:22.000 - 57 Nov 01 19:19:22.000 - 50 Nov 01 19:19:23.000 - 312 Nov 01 19:19:24.000 - 333 Nov 01 19:19:25.000 - 74 Nov 01 19:20:22.000 - 52 Nov 01 19:38:17.000 - 23207 Nov 01 20:38:17.000 - 23232 140 times exactly 49 repeats in around 2 hours. Interesting is that there is no error about this 503 error in the log only my monitoring is aware of the issue. I hope you coul'd help me out with this issue. Best Regards Tobias

3 3

Drop in consensus weight
by r1610091651 09 Nov '16

09 Nov '16

Hi all The consensus weight of the relay I'm running drop recently (5th of nov) to almost half of previous value. To my knowledge there was no changes on my end. https://atlas.torproject.org/#details/36EE8D47E570B8D5515460A9972F3CFD9EDFD… Is there a way to identify the cause of this drop? Is there anyone else in same situation? Thanks Seb

3 8

Interrogated by Finnish police for alleged idendity crimes, fraud and attempts of fraud
by Juuso Lapinlampi 08 Nov '16

08 Nov '16

Putting the word out: I was interrogated by the Finnish police today for multiple alleged counts (15+) of identity crimes, fraud and attempts of fraud. The invitation letter to be interrogated was sent out on 2016-10-21 and received by me on 2016-10-25. Today is 2016-10-31. The police suspects me because of an "IP-address assigned to my name", which I can't confirm or deny to have a relation to me. As a suspect, I was not told what this aclaimed IP-address was on a specific date to my knowledge. It is only speculation if these allegations wrongly against me have something to do with my relation with the Tor community or activism about digital rights online. Pending ongoing investigation, I am not allowed by law to share more specific details about to the investigation. I'd be glad to reveal more details about the case once the investigation is over and share/hear how I became a suspect, once I know about it. (Note that my story is at least slightly opinionated.) I had a witness with me and I feel like my rights were being violated during the interrogation. The officer (not to be named publicly in respect for privacy) didn't want to allow me to write down their badge number by taking the badge away from me while trying to write down the numbers. The officer looked slightly anxious. After refusing to comment on few questions (to which I have a legal right as a suspect), soon after me and my belongings with me were searched for aclaimed "security reasons" and "making sure I'm not recording this interrogation (with a phone)". I'll let you decide on the implications on unwarranted searches and individual legal protection. (See supreme court decision KKO:1990:36.) I audibly and multiple times in calm manner protested to not consent to searches, but alas it happened against my will without being suspected of wrongdoing at the police station in front of my witness. I didn't physically resist but also didn't voluntarily help the officer. The officer asked me inappropriate questions which were not related to the investigation. I was asked about my previous involvement with the police, how much I knew about the law and unsolicited advice about how "it will be easier for me if I talked". I demanded the officer to write down every question since the beginning of interrogation to the interrogation minutes, including the inappropriate ones, but the officer refused, trying to make up a fake reason how they were "irrelevant". The officer raised their voice once or twice during the 45 minutes of interrogation, apparently angry that I would not "make a confession" or "help out and tell more" to prove innocence. Confronting the officer again with a simple question "am I a suspect or a witness" to confirm my position, I was confirmed again that I was a suspect in the case. Subtly reminding that "I have my rights" that should be respected, the officer replied among the lines of "I have my rights too" with disrespect. After the interrogation minutes did not rightfully represent what was actually questioned, the only sensible thing to me was to not sign the minutes. The officer after the officer made threatening claims about how I "would be going to court" over this, but didn't spend too much effort on trying to get my signature. Once the interrogation was concluded, the officer made an unsolicited comment of "gladly not seeing people like [me] often". I told that I would be in contact with my lawyers. I am glad that I was not detained in a cell or arrested, which in my opinion I can likely attribute to having a witness with me. Looking back at what just happened at the police station, I should have demanded a lawyer immediately to the interrogation after having my rights violated, but I'm relying on my witness for now to make a testimony if necessary. I repeat that I absolutely deny being guilty of any suspected crimes. Be safe out there, tor-relays@ and all. (I have legal support behind me and have never been particularly worried about the investigation or outcome of this case.) Proof of invitation letter: https://wubthecaptain.eu/files/legal/2016-10-21-alleged-fraud-identity-crim…

8 11

33C3 Ticket
by pa011 08 Nov '16

08 Nov '16

First poor round of selling is over - anybody holding more tickets than he needs already? Would still take one :-) Paul

1 0

proper way to insert PGP key in torrc?
by anemoi＠tutanota.de 04 Nov '16

04 Nov '16

When I insert my PGP key just like a block of text below the contactinfo line my Tor relay stops working. What is the correct way to insert the PGP key into the torrc file?

11 13

Guard before Stable flag?
by John Ricketts 03 Nov '16

03 Nov '16

Hello Everyone, When looking at my list on Atlas (21 entries) I'm seeing that some of my relays are getting the Guard flag before they become stable. https://atlas.torproject.org/#search/quintex I'm going to make the assumption this is normal behavior but I still find it odd. I also find it odd that I haven't received the stable flag all of the relays given their uptime. Thoughts, anyone? Thank you! John L. Ricketts, PhD Quintex Alliance Consulting john(a)quintex.com<mailto:john@quintex.com> @aquintex on Twitter

3 4

Tor bandwith question
by anemoi＠tutanota.de 03 Nov '16

03 Nov '16

In order to clarify this once and for all: If I setup a Tor relay with 200 kBps, do I slow down the Tor network? What amount of bandwith is needed in order to not slow down the network?

7 7

most (>57% cwfr) of the tor network still vulnerable to CVE-2016-8860 - update your relay!
by nusenu 02 Nov '16

02 Nov '16

just a reminder since most of the tor network (including some of the biggest operators) still runs vulnerable relays https://blog.torproject.org/blog/tor-0289-released-important-fixes Since 2/3 directory authorities removed most vulnerable versions from their 'recommended versions' you should see a log entry if you run outdated versions (except if you run 0.2.5.12). It is not possible to reliable determine the exact CW fraction affected[1] due to the fact that patches were released that didn't increase tor's version number. Therefore it is also possible that you get log entries even if you run a patched version (IMHO this hasn't been handled in the most professional way). Update instructions Debian/Ubuntu ============== make sure you use the Torproject repository: https://www.torproject.org/docs/debian.html.en (you can also use the debian repository but the Torproject's repo will provide you with the latest releases) aptitude update && aptitude install tor CentOS/RHEL/Fedora =================== yum install --enablerepo=epel-testing tor FreeBSD ============ pkg update pkg upgrade OpenBSD =========== pkg_add -u tor Windows ======== No updated binaries available for this platform yet. [1] as of 2016-10-25 18:00 (onionoo data) conservative estimate ---------------------- (counts only 0.2.8.9 and 0.2.9.4-alpha as patched) 31% CW fraction patched optimistic estimate ------------------- (additionally assumes every non-Windows running 0.2.4.27, 0.2.5.12, 0.2.6.10, 0.2.7.6 that restarted since 2016-10-17 is patched): 43% CW fraction patched

9 16