- tor-relays - lists.torproject.org

misconfig resolution for Tor startup on linux?
by torserver＠datakanja.de 06 Mar '16

06 Mar '16

Last week, i had been erroneously assuming, the daily reassigned external IP addresses from my provider would kill Tor, as someone suggested in the IRC. So i ran a quick "sudo update-rc.d tor disable". Only later, when i learned, the IP change doesnt cause too much trouble, i reenabled Tor. Since then, the tor service doesnt come up on computer startup any longer. I tried all kind of things, like: sudo update-rc.d tor enable sudo update-rc.d tor defaults i even reinstalled Tor completely, but the service does not start automatically any longer. After finding this to be true, i began to start it manually after each reboot like so: sudo service tor start # this does in fact cause the service to run as debian-tor user, as it should! Unfortunately, it is necessary to reboot from time to time, to prevent acceleration in memory fragmentation caused by several programs i use on a daily basis. If not prevented, the latter causes system instabilities and introduces severe risk of data corruption. So back to the basics: i am just a simple Ubuntu user with a machine, that is connected and running basically 24/7 (except for the daily disconnect, as can be seen from the logs). And i would certainly appreciate any suggestion to check for, why upstart doesnt pick up Tor, as it should. From my own understanding, eveything looks pretty normal, like: find /etc -name ?20tor | xargs ls -l lrwxrwxrwx 1 root root 13 Mär 4 04:19 /etc/rc0.d/K20tor -> ../init.d/tor lrwxrwxrwx 1 root root 13 Mär 4 04:19 /etc/rc1.d/K20tor -> ../init.d/tor lrwxrwxrwx 1 root root 13 Mär 4 04:19 /etc/rc2.d/S20tor -> ../init.d/tor lrwxrwxrwx 1 root root 13 Mär 4 04:19 /etc/rc3.d/S20tor -> ../init.d/tor lrwxrwxrwx 1 root root 13 Mär 4 04:19 /etc/rc4.d/S20tor -> ../init.d/tor lrwxrwxrwx 1 root root 13 Mär 4 04:19 /etc/rc5.d/S20tor -> ../init.d/tor lrwxrwxrwx 1 root root 13 Mär 4 04:19 /etc/rc6.d/K20tor -> ../init.d/tor Sorry for asking such an unadorned question here, i simply ran out of ideas. :-( NewTorKidOnTheBlock

1 0

Re: [tor-relays] Guard Status vs Middle
by starlight.2016q1＠binnacle.cx 05 Mar '16

05 Mar '16

>If your relay has been given guard status does this mean that >one's middle status is put on hold or can a relay be in guard >and middle status at the same time? Guard-flagged relays are both middle and guard nodes. Take a look at the relay in https://atlas.torproject.org/ and https://globe.torproject.org/ to see graph-lines of the probabalities

1 0

Guard Status vs Middle
by stealth＠nym.mixmin.net 04 Mar '16

04 Mar '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 If your relay has been given guard status does this mean that one's middle status is put on hold or can a relay be in guard and middle status at the same time? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (MingW32) iQIcBAEBAgAGBQJW2homAAoJEH1gNwhiMDZuGMAP/335WjiHWFV0XAmUYjowrwwM griNn3j13mUEQXYlNCDeL7lH8QUCf4DYM7zywgJm4VSz/sJyPl8lzO4hJeS09fte Emf4adSxMTrj5/jh+/S8zbVY5iDVfCZISw/5jOsBm3CR7QgarvhSFLOHhPQukr9O gQDo90ViVdz6NeVaDqYFzaFFvN3buN7kkuuN9ZGjNHttfY3AG3Rrx5X4LktkMmRH ZE0Y3B3aYBUlxvdG3oXrPo6JMaSd5ABMxWaj/LucRG2zvOPgUE8v8i4RaFNgnrFB oSCJYFLP8GpLrEUS50WUH5wiM915oWif3Y4TPSsrFanxAeFpboudaqfE7H1GjjBs 7tio+bbzMISjIdI9JFrd4GnOrLSqpe+44ooEA0pjNajiIaYhsOEXhTP4A+vktkcg lmAjK/SrjrNyuSwnpkKx24mw9H9JCWDmm15VFk+t0mloTsxnT0242YrChtAtcEft Qiv+f0Yo3Iek9FP573iq131xDg8/V10GvJnlSo7Zl/IJiQQW9KOzdOaQrIOlSjPr Aw9PWLlBoyeMd4LlRtwFUIKjpJMbSh2QXb+EbLwqoHDK0UAHyjKp+UXMvzb8WKoE rIiu9SV/X0QPmJEYw9HBy9ZDihYaWg69ndE37lb9lvPECDtmrRmcLhY0/1aSKnSU UG8ybdzEVLkfspNWjfex =JSaf -----END PGP SIGNATURE-----

1 0

Release of TheOnionBox v2!
by Ralph Wetzel 04 Mar '16

04 Mar '16

1 0

biggest guard operator apparently left the tor network
by nusenu 03 Mar '16

03 Mar '16

4 4

Network Bandwidth Fine Tuning
by stealth＠nym.mixmin.net 02 Mar '16

02 Mar '16

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I ran the speedtest on my VPS which gave the results below: root$ speedtest-cli Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Testing from ProServe B.V. (81.4.111.251)... Selecting best server based on latency... Hosted by NFOrce Entertainment B.V. (Amsterdam) [0.00 km]: 4.817 ms Testing download speed........................................ Download: 711.10 Mbit/s Testing upload speed.................................................. Upload: 449.12 Mbit/s My Bandwidth results are averaging around 1.5mbs to 3.0mbs via the Tor Globe Stats page. Can someone tell me how to increase my network bandwidth based on what I am capable of uploading and downloading. I am allocated 2TB of bandwidth per month from my VPS Right now the Advertised Bandwidth is 1.7MB/s and when I scroll down further on the page in the Bandwidth section my "mean written bytes" are 226.15 kb/s and my "mean read bytes" are 227.1 kbs/s I see several sites averaging 50MB/s-60MB/s on the Top Ten Relays list -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (MingW32) iQIcBAEBAgAGBQJW0iFwAAoJEH1gNwhiMDZuT60P/jt6YmdvtjR48zhe/fQ2sx4z Uw76B+vjonWqKOaCqyJFBM/buFoXUixTJJ6ksj/KjiVVEdTU4/7WhbwwYTUWGYyc tYhB7nWCxdCNKPy4YMNUG3r+pIaMp1gF+k6wfnHHU+Pqq0H9tTMPNS0Ey44fM0bN BaX2NjuDYpOXDkmKO8xAzKv+KQr9a6pR/DBgC73LniqiZejV3iyMvof7/hypvltq h3QJoFZ8DYjCgk+W0qEWhjCky5RFze1f8ihFsVaM7U8WH6hGcULgXAYZl8Q/MAmN 4jlSogFDSh/e/+0DqVyrkgpyxIPZ43/4y2sn2WYfR8egeocVi6NO9VHtiiygUtcn jOAzaGROGtW6oXNQtGvfeJRwAEsoPmfHF09TJANRB++/KjjSm+cM/ALT1O4b3t5U ZMC5rkoJOUX2jyo3kZpBpobLOW012BnnbGyVV5KNM/BpVkM1sIxOnFhoSfYWij5c QziOvk5wtDXFta2ow12lgruW9wT2moier1WxAxib6u9V05jxckXrpmb3V9yvWBOz SzXh05lh7pEuAfPb2RQXKjGjmkqCweOI2cGhu4B3vDFNKRBhjdXYFZP7/aFe4DRh +J4su48cYVWcnav0c14/27oHxeoYUD8NQV2gBcs7/dCSa1iWHV+PORjBSe+l+IGG R2qL40EDeIgC9TVJqriD =c73J -----END PGP SIGNATURE-----

6 9

Stopping the censoring of tor users (via exit bridges / proxies / OpenVPNs)
by grarpamp 29 Feb '16

29 Feb '16

On 2/25/16, blacklight . <pandakaasftw(a)gmail.com> wrote: > hello there! i don't know if this mailing list works but i thought of > giving it a try. > > i was lately reading an article ( > http://www.pcworld.com/article/3037180/security/tor-users-increasingly-trea… > ) > and it was about tor users getting blocked from accessing alot of website. > but after giving this some thought i think i came up with a possible > solution to the problem :there is a thing called bridges, they are used to > access the tor network without your isp knowing that you use tor, but if > you can use those proxies to enter the network, it might also be possible > to exit the network with them. But then we face a second challenge, the > exit nodes have to be configured in such a way that it will relay traffic > to such a bridge, so the exit node owners also need to know the ip of the > bridge. While this doesn't seem difficult to do, it can become difficult. > You see if the bridges are published on a public list(like normal bridges > are) then the blocking sites in question will be able to block those > address too. While this also posses a problem, a possible solution could be > found in something called flashproxies, flashproxies are bridges with a > really short life span, they are created and destroyed fairly swiftly, when > this is done in a rapid pace, they become really hard to block because the > ip changes all the time. So if the exit nodes can be configured to make use > of such flash proxies, then the problem could be solved. I Must admit that > not an expert on this or anything, and it needs alot of more thought, but > it could work. so i was wondering if there are any experts who could help > me with thinking out this subject and maybe confirm if this idea could > work. Skipping that whoever wants to enumerate, test, block, and share lists of the IP of your final hop will find a way to do so... "flashproxies" - are essentially illegal to use as the operator got stupid, and didn't gave permission. - are unstable as were never intentionally provisioned, and the operators get smart when abuse reports and shut them off. - proxy lists are going to be a pain for you to scrape and maintain Options - run your own volunteer network of last hop "proxies" / bridges - buy them from AWS or wherever "meek" style - partner with or plug into already existing networks of those - get tor relays or bridges to do this I previously wrote in archives that exit relays could bind OpenVPN to extra IP's they configure on their exit relay boxes. Tor daemon has nothing to do with those IP so they never appear in tor's easily blacklistable consensus. Users then OpenVPN over tor to those via use of the relay fingerprint to reach vpn terminator IP over relay localhost to save bandwidth, and on out to clearnet. You can OpenVPN to some list of onions if you don't feel like listing the relay fingerprints / extra input IP's on wikis. But it's not going to stop dedicated blacklisters, and onion doubles bandwidth use. However it could also be used by non-exits that for whatever reason didn't want to be a tor-exit but did want to offer exit via some remote third party vpn service. And strictly social sharing on forums etc could happen for distribution. There are already some exits that for various reasons, intentional or other, do not exit from their OR IP. That is a feature that some tor users do now find and use. And relays don't offer OpenVPN yet which would also give users more than just IPv4-TCP exit scheme. Though it is integrated somewhat, I2P has this manual sort of exit offering model with false.i2p and a few other nodes. [Doesn't seem to require daemon dev work, updated subject, continuing thread reply to relays and talk.]

1 0

What do the huge providers have to do within tor circuits?
by torserver＠datakanja.de 29 Feb '16

29 Feb '16

Hello, slowly getting acquainted with running a Tor relay, i am wondering: >From my gathering, tor is - at times - connecting to many instances of akamai CDN services, amazonaws, and other similar services simultaneously. When i say many instances, i mean: a saw a peak exposure of 30 outgoing ports from my server all going to the above 2 alone (as gathered by iftop. I didn't set up snort just yet). This is seen on a NON-Exit-relay and is troubling me: I am aware of Akamai being the premier CDN provider, serving around 30% of internet traffic alone. Their server power, manpower and know-how is huge. And their ability to draw information from any sort of internet traffic is unparalleled. >From my outsider's perspective, they are in the process of building the tools to effectively dismantle the means and purpose of the Tor network at large. That is what is giving me chills, when i watch them acting from inside the circuits. Clearly, they would be able to hide their identity while doing so. And since they aren't, i may be getting something wrong. So that is why i am asking you: Does anyone KNOW, what is going on? NewTorKidOnTheBlock

2 1

default exit notice
by Markus Koch 29 Feb '16

29 Feb '16

Does anyone have the exit notice in japanese? markus

1 0

Any known Tor relay seizures (in Germany)?
by Thomas 29 Feb '16

29 Feb '16

Hello everybody, do you know of any relay seizures of non-exit relays? In the legal FAQ [1] this "risk" is only listed below exit relays. Have there been any of such events in Germany (either exit- or any other nodes)? Would I have to worry about seizures if I run a guard or middle relay in Germany? Regards, Thomas [1] https://www.torproject.org/eff/tor-legal-faq.html.en

4 3