- tor-relays - lists.torproject.org

Re: [tor-relays] Future versions and Vidalia?
by Jesse Victors 24 Sep '13

24 Sep '13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 > Date: Mon, 23 Sep 2013 12:54:34 +0300 > From: "J.C." <jc80(a)riseup.net> > To: tor-relays(a)lists.torproject.org > Subject: [tor-relays] Future versions and Vidalia? > Message-ID: <52400FDA.2060309(a)riseup.net> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Are all future versions of Tor Browser Bundle going to have Vidalia > permanently stripped? I'm running a stable relay on Linux with the TBB > (and thus, Vidalia) instead of installing the Tor packages, and i quite > like it this way. I don't remember what exactly went wrong, but some > months ago i tried to get a relay running by installing and configuring > it with the terminal and failed miserably, even though i was following > instructions to the letter. I could try again but i'm a huge fan of the > "if it's not broken, don't touch it" approach, and my relay works > fantastic right now. > > If Vidalia is going to be permanently dropped at some point, is there > any other way to continue running a relay than the terminal? I had a > look at TBBv3 and didn't find a way to enable relaying. I'm in exactly the same boat. I would _highly_ recommend that the current TBB stay exactly the way it is. I'm against having a ton of services start up by themselves. As a Linux user, I enjoy having the power to control what I start things up, and when. Sometimes I start my computer and I don't want certain things to start. The disadvantage of having a service install is that I lose much of that control. I too have tried to set up a Tor relay via packages and such, and I also failed. The TBB was orders of magnitude easier: I just click "configure relay" and things work fine. Vidalia is also extremely easy to use, and I like the interface. I would advise that the dev team reconsider. Jesse V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQF8BAEBCgBmBQJSQPJhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxMjgyMjhENjEyODQ1OTU1NzBCMjgwRkFB RDk3MzY0RkMyMEJFQzgwAAoJEK2XNk/CC+yAWX4H/jp1DlCgdJqRQd9I0pVpozDu VlA75uAtFxIM0VYr+eIVuC2OqQHUUFZLYNwFfePUZvIxy9bedL5WlkdZQCsaenaY wu3sLMpoBz8cH2qM/Ne5JIiFCTUEOL7XwA5d8ehdGSmnZUaBXANwiJ23uh2eVpeE HKvU/bnS5wp0YG7x/xHyQ5SGCpyWXb5H7LnGtNol9GTvbTgepo9rHtVmUCgdA5Wg BJe1yXAy/lAv5GjloejBtTu4whPuZOuY5FU+1LRHt3wnShLgEMy7UXeVQpAK2pDa mEvKD75aIb2AevGAsSdqBs2FsOOimQ7FrWudH3aZHYB6g5+nfOouLxBVcDoVjts= =Bjy+ -----END PGP SIGNATURE-----

2 1

Tor flood symptom?
by David Carlson 23 Sep '13

23 Sep '13

My relay that has been running release 0.2.4.17-rc for several day now has become saturated with what I would consider 'noise' - namely a huge amount of handshake activity. It does respond downward to lowereing the bandwidth setting, but the bandwidth graph is nearly flat. Now I have just noticed two crypto errors in the message log. Sep 23 14:17:32.902 [Notice] Circuit handshake stats since last time: 224326/224887 TAP, 40/40 NTor. Sep 23 15:17:32.999 [Notice] Circuit handshake stats since last time: 224169/225104 TAP, 77/77 NTor. Sep 23 16:17:32.016 [Notice] Circuit handshake stats since last time: 224655/225333 TAP, 63/63 NTor. Sep 23 16:50:14.883 [Warning] crypto error while checking RSA signature: block type is not 01 (in rsa routines:RSA_padding_check_PKCS1_type_1) Sep 23 16:50:14.883 [Warning] crypto error while checking RSA signature: padding check failed (in rsa routines:RSA_EAY_PUBLIC_DECRYPT) Sep 23 17:17:32.782 [Notice] Circuit handshake stats since last time: 222538/222987 TAP, 14/14 NTor. Sep 23 17:36:03.704 [Warning] eventdns: All nameservers have failed Sep 23 17:36:03.829 [Notice] eventdns: Nameserver 192.168.1.254:53 is back up Is this acceptable or should I report this to bugzilla? David?

1 0

Re: [tor-relays] Reimbursement of Exit Operators
by tor＠t-3.net 21 Sep '13

21 Sep '13

On Friday 20/09/2013 at 6:37 am, Moritz Bartl wrote: > > I don't think exit relay operators are in a position to have anonymity > in the first place. It is fine if you manage to pay for and run your > relay anonymously, but I doubt it will survive more than a few LEA > inquiries where they end up with a fake name instead of a real > contact. > I get the sense that there are some exit node operators who can't attempt it or deliberately aren't for reasons related to the direct ownership of abuse complaints. But there are some where there could be ambiguity. It is not always clear-cut who the end-user of each service is. Things like leased servers with multiple sub-users, roommate/shared internet, shared VPNs, shells given away to friends, etc, are a part of it. > > How is the method of transferring funds relevant to liability or risk > in > that respect? What method of transfer would change anything about > that? > It's not all about the method. Thoughts are: - One way to damage Tor would be to mess things up for exit node operators either personally or professionally. IMO the less 'they' know about exit operators, the less damage they can do with that kind of approach. That would include information obtained from getting to know someone on IRC in this context, as you don't really know who you are talking to or if you're being monitored. - If authorities can ever build a case where Tor can be accused of being a dirty little network which hosts criminal content and profits from it, it seems that it could be fucked. I already saw Tor identified by one media source as simply being an internet network that criminals use. We know that this isn't a fair description but I'm not sure that would make a difference if certain cards get played? - When you can be demonstrated to have received money, depending upon what that money was sent for, it can be used against you. If money was to be sent, it seems better if it were done as a consulting sort of agreement? It would be invoiced like any other internet consulting service you are willing to provide (and it wouldn't be the only service offered). It wouldn't involve personal-feeling chats on IRC, it would be a professional relationship. What do you think? I don't want to scare anyone away with this stuff. Just feel like we should be more careful than what I was reading. Doesn't feel right to encourage exit node operators to show up on IRC with their bank account #s ready to go.

2 1

What happens with the time on turtles 76.73.17.194?
by tor-admin 21 Sep '13

21 Sep '13

Hi Mike, I am seeing many of these messages in the logs of torland1/torland2: Sep 21 12:09:34.000 [warn] Received NETINFO cell with skewed time from server at 76.73.17.194:9090. It seems that our clock is ahead by 15969 days, 10 hours, 9 minutes, or that theirs is behind. Tor requires an accurate clock to work: please check your time and date settings. Can you please check turtles. Thanks & regards, torland

2 2

Is this HAL?
by I 21 Sep '13

21 Sep '13

3 2

non-exit risks?
by That Guy 21 Sep '13

21 Sep '13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > You're probably fine, especially if not running an exit. You didn't list your home country, though; I'm assuming United States. > Best, > -Gordon M. While I know you have vastly more knowledge and experience than me and often my observations or worries are doe to me mis-understanding something but about the comment above, I have experienced issues running a non-exit relay pretty soon after it going up and though I have no idea if there is a connection, I started to get more trouble after the doubling of connections at the end of July. I was blocked from a number of websites, Had many of my emails returned because of a flagged IP(the one listed was not my ip) Ended up on a several blacklists within a week of starting my relay, SORBS being the most eager to BL you it seems. a few other small but new issues/quirks that I don't know enough about to attribute to anything Tor other than the timing. anyway, just my .02 btc That Guy grep(a)gmx.us _________________________________________________________________________ GnuPG Fingerprint: 7770 D186 A06E A329 2217 3161 63EB F269 37B8 8644 _________________________________________________________________________ “If you’re doing nothing wrong, you have nothing to hide from the giant surveillance apparatus that the government’s been hiding.” – Stephen Colbert -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJSPFjnAAoJEGPr8mk3uIZErgYQAJFXCfo0C0ekeY82Z6T2+hTO cWNL+S3swDU9Mr3IyT2bVYep3IDrBmJ4HtyixtMo2DzVQjYKsl1cNT6U07GILmdp bSUfOc5PEyn9phZ4bz1dR6dcXn2vMMAXMaiFfCcgbZnQyIZC/Xmkzq8jiwk/SEaU n/k3536nNj/2QToMhd5D702vDl5vJ1VOa174/w5/8LEgHgE7MBKAyFKYnZSVTBbl /BqF5UqucNPZBbOEL4dljawehENlWkBe2LRGmrXtHABgZtN49UQV3lIzPGg6mUOP BPlp5AkKNwRkS1PcH9oGBDFgTXo9ekumT2uxJs5g2fsskYcINXHc8LM18U9M5CLp Zab5AsSwOWnuNX8WNPSTN9Fv2jHgpalboE7ku2CfXQ52YvxytNJ6FS3QWVVJ058J jsXhvK9C/TizFImZssRlBzCoP2xLAtKFy9Z2dtIYXJ+nh9oOwvg9Ps+pX5c9yM6O hS+eG/rStIKNNEunMgM7h9ikBEjjP4ywUY+5Hbqrx5NMqZtHLhU06v0BivR97Gfi Yfg5tKRrgrBLb9kP/7M0RGPcTtVxwMcRTDt4lGR5IoW2VkfUsLhCMoMyMvOaD6bf fFbvkVjB//4l2SMBghppDpUIelw0OhrOKi8ZXOwejzQITtEXgWXOIAuZPqF+OU0f jMtxNs5m1uvZVNyxreTK =8PY+ -----END PGP SIGNATURE-----

6 7

State of the art in NAT busting?
by Gordon Morehouse 20 Sep '13

20 Sep '13

I have a question which relates to my ongoing groundwork to build a Raspberry Pi (and hopefully Beagle and Cubie) friendly set of Debian packaged programs which can turn one of these small, low-power machines into a plug n' forget Tor relay. What is the start of the art in NAT hole punching if one does not have a UPnP or (other-standard-mumble) compliant router? If I'm behind such a router, what's the best I can do to help the Tor network if, for any reason, the user is unable to port forward? Sub-questions: 1. What's the best I can do without any outside help? 2. What's the best I can do with minimal outside help, e.g. STUN+ICE, TURN, etc? Does Tor itself support any of those? Could a Tor relay or bridge + not-yet-written scripts make use of those? 3. Are there any options I'm forgetting to consider, other than wholesale relaying of traffic (eg IP_A:portN -> hole-punched NATed Tor instance where IP_A is another machine handling some or all of the NATed relay's traffic)? Best, -Gordon M.

1 0

Re: [tor-relays] Reimbursement of Exit Operators
by tor＠t-3.net 20 Sep '13

20 Sep '13

Think bigger, say what? Certain of the world's biggest and most well-funded intelligence agencies hate personal privacy on the internet so much that they've been going to extreme efforts to destroy it. They are packet sniffing the NAPs and fiber backbones to pull out everything they can, they hacked/broke HTTPS, they are backdoored into the big content providers, they hacked the banking system, they are apparently 'in' some hardware crypto chips - the list goes on - They infiltrated the tech groups which were designing software and hardware and sabotaged their work, making their crypto be weaker/breakable and their systems easier to hack into. They use the vulnerabilities they created to their own ends. As of today, Tor appears to provide privacy, at least as far as the .onion sites goes. Maybe it even works for it's entire function of providing anonymous internet browsing. 'They' would definitely want to be IN this thing, because they either want to compromise it, or if that doesn't work well enough, destroy it. 'They' are known to infiltrate and be influential in getting what they want. Literally, they are professionals at this. 'Getting to know' the exit relay operators and identifying their bank accounts would help facilitate things when it came time for them to make their move. In the context of September 2013, this whole thing is scary. It was perhaps not scary in September of 2012, when we didn't know anything. Also. It makes me wonder things when, for example, you say "Think bigger" while pointing to a couple of potential dollars in someone's pocket. Safeguarding the operators of the exit relays is a bigger deal than chump change. I'm not making an honest accusation but, to the people who are the most vocal in approving of this - you don't work for the NSA, right? :) On Wednesday 18/09/2013 at 6:08 pm, Roger Dingledine wrote: > On Wed, Sep 18, 2013 at 08:10:25AM -0400, tor(a)t-3.net wrote: >> >> The Wau Holland Foundation can currently only >> reimburse via wire transfer. >> >> This seems to be end-of-story in terms of who, in the end, is >> ultimately getting liability/risk, and points to practically no >> chance at anonymity > > Think bigger --

8 9

Re: [tor-relays] Reimbursement of Exit Operators
by tor＠t-3.net 20 Sep '13

20 Sep '13

The OP I saw said: The Wau Holland Foundation can currently only reimburse via wire transfer. This seems to be end-of-story in terms of who, in the end, is ultimately getting liability/risk, and points to practically no chance at anonymity within our currently hacked banking system. It's not related to taxation or what organization may or may not be trusted. It's about what information is being gathered from the system by 3rd parties for possible use tomorrow. There's another perspective to this as well. Speaking objectively and without knowledge of the organization involved, and nothing personal intended. It may be worth noting that certain presumably-Tor-hostile and well-funded agencies are known to infiltrate the tech organizations/efforts which they wish to weaken, and influence them from the inside. In this context, seeing Tor's exit node operators being offered cash via bank transfer is waist-deep into creepy. On Wednesday 18/09/2013 at 7:38 am, Tom Ritter wrote: > create or work with a trusted organization who is willing to shoulder > liability, risk, and expense of investigating the legality and tax > consequences, and then actually executing, reimbursing people through > anonymous means.It's not easy. May not even be possible. But there is > a rigid but not inflexible framework of tax law that must be worked > within. > IMO, this is net gain. Excited to see it happen, and congrats to all > whose hard work has brought it here. > _______________________________________________ > tor-relays mailing list > tor-relays(a)lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >

5 4

Re: [tor-relays] 0.2.4.17-rc on Pi, a couple weeks on
by Joshua Datko 20 Sep '13

20 Sep '13

Just for comparison sake, I'm running a relay on the BeagleBone Black, running Ubuntu (raring), and Tor 0.2.4.17-rc with the following log entries: Sep 19 16:16:40.000 [notice] Circuit handshake stats since last time: 16771/16781 TAP, 13/13 NTor. Sep 19 17:16:40.000 [notice] Circuit handshake stats since last time: 17229/17240 TAP, 14/14 NTor. Sep 19 18:16:40.000 [notice] Circuit handshake stats since last time: 17371/17385 TAP, 13/13 NTor. Sep 19 19:16:40.000 [notice] Circuit handshake stats since last time: 17084/17099 TAP, 17/17 NTor. Sep 19 20:16:40.000 [notice] Circuit handshake stats since last time: 16694/16702 TAP, 13/13 NTor. Sep 19 21:16:40.000 [notice] Circuit handshake stats since last time: 17380/17382 TAP, 20/20 NTor. Sep 19 21:16:45.000 [notice] Heartbeat: Tor's uptime is 11 days 18:00 hours, with 715 circuits open. I've sent 221.93 GB and received 225.81 GB. Sep 19 21:16:45.000 [notice] Average packaged cell fullness: 87.388% Sep 19 21:16:45.000 [notice] TLS write overhead: 8% I currently have the Fast, Guard, Named, Running, Stable and Valid flags. I initially had a "your computer is too slow" message and then I set MaxAdvertisedBandwidth to 200KB and it's be better since. CPU usage is about 70%. The BBB actually has an AES crypto accelerator, but I don't think it's being used and I'm trying to work through that at the moment. Lastly (an somewhat related), I submitted a workshop proposal to 30C3 called "Using the BeagleBone for Fun and Privacy" to talk about BeagleBone hacking and running Tor. I won't find out if it's accepted until November... Josh

1 0