- tor-relays - lists.torproject.org

Tor at Defcon 32, Las Vegas (August 8 – August 11, 2024)
by gus 08 Aug '24

08 Aug '24

Hello, A few Tor people & relay operators will be attending Defcon this year! Stop by the Tor booth to meet the team and check out new Tor merch: https://x.com/see_ess/status/1817593609123926047. Don't miss our main presentation, "Measuring the Tor network", happening on August 10th at 3pm. Measuring the Tor Network ========================= Millions of people around the world use Tor every day to protect themselves from surveillance and censorship. While the Tor Browser and its protocol are widely known, the backbone of the Tor ecosystem, its extensive network of volunteer relays, is often subject to speculation and misinformation. The Tor Project is dedicated to supporting this network and fostering a vibrant, diverse community of relay operators. This talk will focus on our efforts to maintain a healthy network and community, and detect and mitigate attacks -- all with the help of metrics and analysis of usage patterns. By illustrating how we collect safe-enough metrics for an anonymity network, we will offer insights into how we identify unusual activity and other noteworthy events on the network. We will also discuss our ongoing strategies for addressing current and future network health challenges. If you are interested in understanding the inner workings of the Tor network and its relay community and how we keep this vital ecosystem running, this talk is for you. For more info, visit: https://defcon.org/html/defcon-32/dc-32-speakers.html https://blog.torproject.org/event/defcon-2024/ cheers, Gus -- The Tor Project Community Team Lead

3 2

Fwd: Introducing & Discussing "Reflec-Tor"s as concept | Exit-Relay as Entry-Relay | Tor & Echo | Adding Entry-Relays as Reflec-Tor to Exit-Nodes
by Sam 07 Aug '24

07 Aug '24

Hello, as tb discussed further with developers of Tor, the concept of "Reflec-Tor"s (and Exit-Nodes to be seen also as an Entry-Node) might have an impact like Snowflakes for Chat and Messaging over Tor and addresses opinions of Relay admins and university research too. Regards ---------- Forwarded message --------- Date: Di., 16. Juli 2024 um 20:36 Uhr Subject: Fwd: Introducing & Discussing "Reflec-Tor"s as concept | Exit-Relay as Entry-Relay | Tor & Echo | Adding Entry-Relays as Reflec-Tor to Exit-Nodes To: <tor-dev(a)lists.torproject.org> System wrote via Tor Project <noreply(a)forum.torproject.org>:Feedback: Please submit the proposal also to tor-dev: tor-dev Info PageIntroducing & Discussing "Reflec-Tor"s as concept | Exit-Relay as Entry-Relay | Tor & Echo | Adding Entry-Relays as Reflec-Tor to Exit-Nodes https://www.reddit.com/r/TOR/comments/1e4te8m/introducing_discussing_reflec… ==============================================================Introducing & Discussing "Reflec-Tor"s as concept | Exit-Relay as Entry-Relay | Tor & Echo | Adding Entry-Relays as Reflec-Tor to Exit-Nodes *Tor-Messaging: Introducing & Discussing "Reflec-Tor"s as concept | Exit-Relay as Entry-Relay |* Hello, I think this belongs to this core, general, relay topic-forum, as it is also a development & community issue, request and efford, I post it here into the reddit forum for your core discussion: The idea is to add next to Bridges, Relays and Exit-Nodes also "Entry-Nodes" as "Reflec-Tor"(s) to the point of Exit-Nodes. Hence: Exit-Nodes are developed futher to be also an Entry-Node. Some may remember when gnutella got hybrid with edonkey and then also with torrent, Mike Stokes from Shareaza did that. The idea today, 20 years later, is to add some Echo-capabilities to Tor in regard of the servers for Exit and Entry. *Vision: Every (updated) Exit-Node is an Echo-Server - For a better Tor-Messaging.* What does that mean? An Echo-Server is a server for chat-messaging to send an incomming message packet again out to all connected clients at the moment. Ping-in and Ping-Out to all. That simple, that's why it is called the Echo. Like a shout in front of a forrest, all connected users can hear and get the (encrypted) shout or message or packet back from the tree wall. There are 3 software applications for Echo-Servers: - https://github.com/textbrowser/spot-on (Desktop, sercer in the Listener Tab) - https://github.com/textbrowser/smokestack (java for Android) - https://github.com/textbrowser/spot-on-lite (headless deamon for Linux) Now, the Listener function with ping in and ping out should be implemented within a Tor-Exit-Node. When it comes to Tor-Messaging, there are some pathes possible: A) Tor-Chat-Client-Alice - Tor - Internet - Echo-Server - Internet - Tor - Tor-Chat-Client-Bob (Tor-proxied Chat-Server, which only accepts encrypted packets) B) Tor-Chat-Client-Alice - Echo - Tor - Tor - Echo - Tor-Chat-Client-Bob (Echo Tor-tunneled) C) Tor-Chat-Client-Alice - Echo-Server - Tor-Chat-Client-Bob (direct connection to Echo-Server with only encypted packets) The request here is to build and develop option A. That is just right now also possible, by an Exit-Node of Tor running the Echo-Server-Software on the same machine in parallel. Just the port is different. This is an idea for some might be new, but thinking Tor Messaging a bit, it comes quickly to this ideas and better soluttion. The way to connect D) Tor-Chat-Client-Alice - Hidden Onion Server v3 - Tor - Tor - Hidden Onion Server v3 - Tor-Chat-Client-Bob is the current given way for clientes like RicoChet Refresh, Quiet or Cwtch. Similar to Briar, even developers of such clients above tell the loss of messages and low reliability of the hidden to hidden path. Some of you might know, that there were use cases with missing messages in a range of 35-45 %. Don't quote me on that, but as core developers and community members you might be in contact with those who experience this. Furthermore the Messaging clients are not advanced in functionality, nor advanced in strong encryption. It would be third a long development way to got that route. It is cost effective and needs cappable developers. Some project have stamped on and made a workable client, but does that unite all our power in the sense of Tor-Messaging? Messaging needs a Vision and Statement from the Tor-Core-Developer team with a discussion in the community in that regard with honor to the individual projects and also with support for their chosen path (Model D). At the same time we have to state that it is as it is, a HTTP-Server in the middle like in Model A is faster than Model D. In the graph-path the Echo-Server in the middle handles only encrypted traffic, so it is just like another Relay. We can call it "Reflec-Tor". The only sense it to multiply incomming encrypted packets from one node to all connected nodes. With that Idea, the Messenger Spot-On could be used as a Tor-Messenger. This Messenger has stong encryption and is full of feature for messaging and also cryptography. it is like adding Firefox to Tor-Browsing, when Spot-On is added to Tor-Messaging. Something to read at the community forum: https://www.reddit.com/r/Spot_On_Encryption/ Also there is a Mobile Client for Android, which also connects to Reflec-Tors, find "Smoke" Messenger at F-Droid.org. Please, get this right, it is not about a technical view on slow and failing chat-packets to hidden servers, and it is not about those start-up clients using this inside technology, some do a good project. It is about the idea, that an Reflec-Tor mirroring and pinging back packets on the Exit-Node this hop within the path of tor is not outside, it is always fully encryted for the messaging packets and should be seen as one Tor-Path, especially if the Listener-Ping-Back function (the Echo capabilities) is build in the Exit-Node-Tor Software. Spot-On is already a Tor-Messenger - as it uses also HTTPs and it sends only encrypted packets. *A test is easy to make:* (1) Start the Tor-Browser, which has always the Port 9051 to Tor, Tor is running. Next to Surfing with Tor-Browser Firefox the Chat with Tor-Messenger Spot-On can start. (2) Start Spot-On on a webserver and create in the Listeners Tab a Listener on Port 4710. (3) Start two Spot-On Instances Alice and Bob on two Laptops, in the Neighbors Tab you connect the Webserver via Tor: Add the IP and Port 4710 to the neighbor and choose Proxy: 127.0.0.1 Port 4710. You get the the Path: Tor-Chat-Client-Alice - Tor - Internet - Echo-Server - Internet - Tor - Tor-Chat-Client-Bob The idea is now to integrate this a bit more: Tor-Chat-Client-Spot-On-Alice - Tor - [Tor-Exit-Node also Reflec-Tor (Echo-Server)] - Tor - Tor-Chat-Client-Spot-On-Bob You see, the way stays all within the Tor-Family. For sure, in case Alice does not want to use Tor, she also can message to Bob, who is behind Tor. Tor-Chat-Client-Spot-On-Alice --> [Tor-Exit-Node as Entry-Node also Reflec-Tor (Echo-Server)] - Tor - Tor-Chat-Client-Spot-On-Bob The IP of an Entry-Node is shown in the Tor-Browser and can get a port added. Then two user can simply cata over that node. We need in times of surveillance, data retention, chat control and for sake of the needs of whistleblowser and people who want to chat privat and anonymously more decentral and open source chat server. *The mission is: Every Tor-Exit Node is an Entry-Node for Chat.* It should be not a lot of code to be added to the ports of an Exit-Node and displaying the Port of the Exit-Node in the Tor-Browser path icon. This makes sense in several effects to be discussed and developed further: - Taking the next Development Step for Tor-Messaging: BTW, A Forum about Tor-Messaging could be made as a category here in the forum please. - directly support Tor-based Messaging for the Spot-On Messaging client To be developed and discussed is, if this infra-structure could help to - support bootstrapping of Tor - support Censorship circumvention of Tor Reflec-Tors as SnowFlakes over the Messenger with EPKS - Accept, that some routing to an HTTPS internet server at the Tor-Node is faster than to an hidden onion server at the Tor Node. Well, to add some "ping-in-and-out" for an packet is what every netcat and socat under linux can do. It is a small development step to make each Tor-Exit node a free chat server for messaging, which is a big step for mankind to have a network of free messaging chat servers. Lets also see, how users and community will test and develop this messaging. So it is not only a discussion for developers, it is also a step forward the needs of the communities *for a free internet:* - *for chat and their discussions.* A few code lines to exit nodes make them a Reflec-Tor and messaging over Tor can start really decentral and open source and free. *What do you think?* does this privacy-concept bring more privacy and reliability in packet delivery to messaging with Tor? Regards

3 3

Opening metrics-api.torproject.org for testing
by Hiro 03 Aug '24

03 Aug '24

Hello everyone, As part of our redesign of the metrics pipeline, we have developed a new API that will eventually replace Onionoo: the Network Status API (aka NSA). We are now opening NSA for testing, and it can be accessed at: https://metrics-api.torproject.org. Documentation is available here: https://gitlab.torproject.org/tpo/network-health/metrics/networkstatusapi/-…. Please note that the API may be unstable at times, and some results might be inconsistent. Onionoo will remain our primary data source for relay search at least until the end of the year. We welcome any suggestions or feedback regarding the types of information that should be included in the API. You can provide feedback by opening an issue on the repository or by replying to this email. Thank you. -hiro

4 3

Tor Metrics 'Running' flag is back for bridges who don't publish the OrPort
by lists＠for-privacy.net 30 Jul '24

30 Jul '24

I don't know if this was mentioned at the Tor Relay Meeting yesterday, if so, I missed it. ;-) A few months ago there was a recommendation to not exposing OrPort for bridges. This had the unpleasant effect that all bridges were 'red' on Tor Metrics, even though they were running perfectly fine. I noticed yesterday after the meeting that everything is 'green' again. https://metrics.torproject.org/rs.html#search/ForPrivacyNET Thank you, I believe these 6 people did that: https://gitlab.torproject.org/tpo/network-health/team/-/issues/318 -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

5 7

Re: [tor-relays] Archive key from deb.torproject.org was renewed!
by boldsuck 25 Jul '24

25 Jul '24

On Donnerstag, 25. Juli 2024 01:29:41 CEST you wrote: > What was the previous key for reminder? The same ;-) > This looks like exactly the one I installed BEFORE all your messages > mentioning the requirement to update... manually. Of course, it is the same key as before. When creating PGP keys, an expiration date is defined by default. The Repo PGP key is always valid for 2 years and the expiry date has been extended for the next 2 years. > I have a problem in that I like to remove ssh before I leave my > installations, to be conscious. What do you mean exactly? 'exit', and you are logged out. > I would have to re-install yet I am pretty sure my key was also 89-ending. > > QUESTION: > > is there any one / way to tell whether my relays have the proper key > from any metrics / torproject admin / version showing up? apt update gives error message that key has expired. apt-key -list /etc/apt/trusted.gpg.d/deb.torproject.org-keyring.gpg ----------------------------------------------------- pub rsa2048 2009-09-04 [SC] [expires: 2028-08-29] A3C4 F0F9 79CA A22C DBA8 F512 EE8C BC9E 886D DD89 uid [ unknown] deb.torproject.org archive signing key sub rsa2048 2009-09-04 [S] [expires: 2026-09-09] -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

1 1

OT: Tor Control Protokoll ADD_ONION
by boldsuck 24 Jul '24

24 Jul '24

Hi, In the control-spec https://spec.torproject.org/control-spec/commands.html#add_onion or https://github.com/torproject/torspec/blob/main/control-spec.txt#L1777 The ADD_ONION 'Flag' include Hidden Service options: MaxStreamsCloseCircuit and MaxStreams, among others. We also want to use the PoWDefenses and IntroDoSDefense parameters. Is the control-spec outdated or is it not possible to set these parameters via Flag? -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

1 0

OT: Tor-Metrics for Hidden Services
by boldsuck 24 Jul '24

24 Jul '24

Does anyone know where I can find information about the MetricsPort output? In particular, hs introduction point and rendezvous point circ build time bucket. What do the numbers represent le="1000.00" - le="6000.00" suggested-effort value Do I understand correctly that the value goes from 0-1000? https://spec.torproject.org/hspow-spec/common-protocol.html#client-limits # HELP tor_hs_intro_circ_build_time The introduction circuit build time in milliseconds # TYPE tor_hs_intro_circ_build_time histogram tor_hs_intro_circ_build_time_bucket{onion="somerandomonionaddress",le="1000.00"} 128 tor_hs_intro_circ_build_time_bucket{onion="somerandomonionaddress",le="5000.00"} 205 tor_hs_intro_circ_build_time_bucket{onion="somerandomonionaddress",le="10000.00"} 205 tor_hs_intro_circ_build_time_bucket{onion="somerandomonionaddress",le="30000.00"} 205 tor_hs_intro_circ_build_time_bucket{onion="somerandomonionaddress",le="60000.00"} 205 tor_hs_intro_circ_build_time_bucket{onion="somerandomonionaddress",le="+Inf"} 205 tor_hs_intro_circ_build_time_sum{onion="somerandomonionaddress"} 210297 tor_hs_intro_circ_build_time_count{onion="somerandomonionaddress"} 205 # HELP tor_hs_rend_circ_build_time The rendezvous circuit build time in milliseconds # TYPE tor_hs_rend_circ_build_time histogram tor_hs_rend_circ_build_time_bucket{onion="somerandomonionaddress",le="1000.00"} 14275 tor_hs_rend_circ_build_time_bucket{onion="somerandomonionaddress",le="5000.00"} 24060 tor_hs_rend_circ_build_time_bucket{onion="somerandomonionaddress",le="10000.00"} 24095 tor_hs_rend_circ_build_time_bucket{onion="somerandomonionaddress",le="30000.00"} 24096 tor_hs_rend_circ_build_time_bucket{onion="somerandomonionaddress",le="60000.00"} 24096 tor_hs_rend_circ_build_time_bucket{onion="somerandomonionaddress",le="+Inf"} 24096 tor_hs_rend_circ_build_time_sum{onion="somerandomonionaddress"} 25308501 tor_hs_rend_circ_build_time_count{onion="somerandomonionaddress"} 24096 # HELP tor_hs_pow_suggested_effort Suggested effort for requests with a proof of work client puzzle # TYPE tor_hs_pow_suggested_effort gauge tor_hs_pow_suggested_effort{onion="somerandomonionaddress"} 1 -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!

1 0

bridges
by Earl M. Northern 22 Jul '24

22 Jul '24

obfs4 49.12.224.203:8001 8E6B9FB7914E9ECA1BD271AB33FF8D868EEA6DE5 cert=zZcPgBgVxKhmhlo2M0yLKTGkxDnSXl2372d5E0POqVMpmzu0tsIlegXR4OolUDudfD+7CA iat-mode=0 obfs4 94.131.97.25:50703 4DF9058B33F6D3E72A4397B09A40503AF51DAA04 cert=HXw+QS4SVjB9/oekpZSQcGDyoNxrp8a/mOQ14qSAuLPp5b9h6H1p4VB8008VHWPwj7vBJA iat-mode=0 obfs4 88.198.12.66:1812 7611DAC3C59A43322D774400F57FDA4D2AC0EEE2 cert=Qo94bPwOyZ9gRUJkyXFV5AhLXOPa+Ilgt8gQ+5a2Mw2NSzzvEY00FhWfeCnfSGs81CYLZA iat-mode=0

3 2

tor middle relay issue
by theyarewatching 22 Jul '24

22 Jul '24

I have had two ubuntu based tor middle relays fail.I am using a proxmox server and have tried both ubuntu server 20.04 and a fresh download of ubuntu 24.04. I follow the tor website install instructions. The results show the same no matter what version of ubuntu. "failed to start Tor(a)default.service. This is the same result with the original install and a brand new VM install on Proxmox. Any input would be greatly appreciated Thank you SDS

1 0

OOM at relay with small RAM if statistic configs are enabled
by Toralf Förster 14 Jul '24

14 Jul '24

Regarding to https://gitlab.torproject.org/tpo/core/tor/-/issues/40958 I do wonder if that issue happened for stable Tor versions too - I do run myself git HEAD only. FWIW at my bare metal relay the RAM consumption per Tor process decreased by about 0.7 GiB. -- Toralf

1 0