....................by virusessince starting relay. I run several anti viral and malware routines daily and ever since deciding to start relaying, they are all being stretched to their capacity. Let me know when the sys is cleaned up. Maybe include an anti viral with the relay setup and update it thru the software. Make it so no one can connect to Tor unless they are certified clean.
they are all being stretched to their capacity.
1: Anti virus and malware detection don't have a 'capacity' - no idea what you're talking about.
Make it so no one can connect to Tor unless they are certified clean.
2: Whether your an exit relay or not, viruses would not come from Tor. Your relay is just a tunnel for encrypted traffic to pass through, there is simply no way a virus could get onto your machine that way as nothing stops at your machine and if you were to sniff what went through it would all be encrypted.
If you've been on Tor yourself and downloaded things from the onion sites then it's your own fault, same as the regular web. You're blaming the wrong program.
On Tue, Aug 27, 2013 at 12:52:14PM -0400, Allan Moon wrote:
....................by virusessince starting relay.
What signs do you have that this is happening? Are you running AV on your relay node, or something? What messages are you getting?
Good luck cleaning up your system. You mightw want to run a relay on a cheap Linux computer like a rpi instead of on a Windows machine.
Considering that several AV programs consider *Tor* to be malware, it wouldn't be a good idea to require AV for Tor!
-andy
On 13-08-27 12:52 PM, Allan Moon wrote:
....................by virusessince starting relay. I run several anti viral and malware routines daily and ever since deciding to start relaying, they are all being stretched to their capacity. Let me know when the sys is cleaned up. Maybe include an anti viral with the relay setup and update it thru the software. Make it so no one can connect to Tor unless they are certified clean.
You should not be scanning the traffic exiting your Tor relay, and especially not altering it by removing "viruses" or anything else. Doing so will get your node listed as a "bad exit". Try adding an exception to your firewall or anti-virus rules for the Tor.exe program's traffic exiting (and returning via) your computer.
Likely your virus detectors are seeing the drive-by exploits on websites and bogus search engines that surfers typically click on. Your own machine should not be affected by these things as it is just passing them through to the requestor at the other end of the Tor network.
If you do not want to deal with viruses or other end-user content, you can change your exit policy to reject *:* in other words, become a non-exit node.
The Tor devs go to great lengths to try to keep "evil" governments from using Tor against itself. Why not devote some effort toward keeping "evil" traffic off of Tor?
I agree. Why not block the most obvious abuse? All professional Apache webservers install a module named 'mod_secure' that will filter out trivial hacking attempts such as:
GET /index.php?id=123" OR 1=1 GET /index.php?file=../../../../../../../etc/passwd
Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent. The examples above are not a matter of taste/moral conviction/opinion, so why not implement a 'mod_security'-like filter in Tor?
Define "evil" (or its converse "good"). I'd bet that given any random selection of people in a room you'd get a broad spectrum of views. The only way you can safely meet /all/ those views is not to take a position at all and remain neutral.
Yes, this is a gray area. Moreover, there is not a solid technical solution to reliably "label" or "classify" content. However, suppose that in ten years technology has advanced and we can reliably classify websites as "gay porn", "controversial political views", "child porn", "weapons", etc. Then I see no harm in a tor exit operator to choose an exit policy that matches his own moral beliefs. Don't forget Tor exits are operated by volunteers that donate time and money to provide anonymity and provide access to content they think is important to the world and should be freely accessible at all cost.
Others may regard this as censorship, but they are free to operate a Tor exit node themselves to provide access to more grim content. Everybody has their own reasons to join the torproject. Be it providing access to information for those living under an oppressing regime, or because they don't want their health care insurance to know what diseases they search on Google, or because they have a sexual orientation that is unacceptable in the community they live in.
Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs?
On 13-08-27 05:12 PM, Tor Exit wrote:
The Tor devs go to great lengths to try to keep "evil" governments from using Tor against itself. Why not devote some effort toward keeping "evil" traffic off of Tor?
I agree. Why not block the most obvious abuse? All professional Apache webservers install a module named 'mod_secure' that will filter out trivial hacking attempts such as:
GET /index.php?id=123" OR 1=1 GET /index.php?file=../../../../../../../etc/passwd
Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent. The examples above are not a matter of taste/moral conviction/opinion, so why not implement a 'mod_security'-like filter in Tor?
Define "evil" (or its converse "good"). I'd bet that given any random selection of people in a room you'd get a broad spectrum of views. The only way you can safely meet /all/ those views is not to take a position at all and remain neutral.
Yes, this is a gray area. Moreover, there is not a solid technical solution to reliably "label" or "classify" content. However, suppose that in ten years technology has advanced and we can reliably classify websites as "gay porn", "controversial political views", "child porn", "weapons", etc. Then I see no harm in a tor exit operator to choose an exit policy that matches his own moral beliefs. Don't forget Tor exits are operated by volunteers that donate time and money to provide anonymity and provide access to content they think is important to the world and should be freely accessible at all cost.
Others may regard this as censorship, but they are free to operate a Tor exit node themselves to provide access to more grim content. Everybody has their own reasons to join the torproject. Be it providing access to information for those living under an oppressing regime, or because they don't want their health care insurance to know what diseases they search on Google, or because they have a sexual orientation that is unacceptable in the community they live in.
Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs?
You can do that if you choose, but consequences may include:
- getting listed as a BadExit: https://trac.torproject.org/projects/tor/wiki/doc/badRelays
- becoming liable for not stopping illegal activity passing through your node, or get charged with illegal wiretapping. See the Snoop question in: https://www.torproject.org/eff/tor-legal-faq.html.en
- creating uncertainty about whether exit node operators snoop on traffic or retain data, which puts all of them at risk of being seized during police investigations;
- impeding police investigations of the "evil" sites: https://www.torproject.org/about/torusers.html.en#lawenforcement
On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote:
GET /index.php?file=../../../../../../../etc/passwd
Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent.
No, you can't be sure. That request could quite well be totally legitimate; you are not in a position to judge for the site owner.
(I'm just fighting against a 'transparent proxy' that thinks POST with more than 1000 bytes are evil. Please don't add more points of failure to an already fragile web.)
Andreas
On Wed, 28 Aug 2013 07:22:16 +0200 Andreas Krey a.krey@gmx.de allegedly wrote:
On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote:
GET /index.php?file=../../../../../../../etc/passwd
Why not employ similar techniques on a Tor exit? We can be 100% sure about the malicious intent.
No, you can't be sure. That request could quite well be totally legitimate; you are not in a position to judge for the site owner.
Absolutely true. I could be using tor to test my own website's security mechanisms. In fact, I /have/ used tor to test my own websites......
Best
Mick ---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/27/2013 05:12 PM, Tor Exit wrote:
Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs?
Exercising one's moral beliefs can censor others. It would make it implicitly okay for exit node operators to decide to not relay traffic destined to sites about religion, LGBT issues, censorship, political beliefs, alternative social systems.. aren't these things that Tor is used to give people access to?
- -- The Doctor [412/724/301/703] [ZS] Developer, Project Byzantium: http://project-byzantium.org/
PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/
"Jack the sound barrier. Bring the noise."
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 08/28/2013 11:36 AM, The Doctor wrote:
On 08/27/2013 05:12 PM, Tor Exit wrote:
Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs?
Exercising one's moral beliefs can censor others. It would make it implicitly okay for exit node operators to decide to not relay traffic destined to sites about religion, LGBT issues, censorship, political beliefs, alternative social systems.. aren't these things that Tor is used to give people access to?
Exactly. Anyway when i want to do research on sites i find dangerous or repugnant i use tor to add protection from the site operator.
If i want to see what neo-nazis are doing i do not really want them having my ip address.
- --- Marina
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Tue, Aug 27, 2013 at 11:12:01PM +0200, Tor Exit wrote:
Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs?
I really would like to support this if I could.
Specifically, I'd love a way for exit relay operators to only allow people to do things *via their exit relay* that they're comfortable with.
The trouble is, I only want to do it if we can have a way for Tor clients to automatically learn what each exit will allow, so they can pick an exit that will allow their connection.
We have that working with exit policies right now: each relay advertises what IP blocks and ports it will allow, and then clients learn all the exit policies and automatically choose an exit that will support their stream. See Andy's post for details: https://lists.torproject.org/pipermail/tor-relays/2013-August/002560.html
The trouble with more fine-grained approaches, where you look at the content of the communication rather than the address of it, is that the Tor client doesn't know the entirety of the communication when it's selecting the path to use. This seems like an inherent contradiction, especially since the client will need to know, ahead of time, everything the *destination* (e.g. website) will send too.
(Ok, that's just the technical trouble. There are also legal troubles with filtering some things you consider bad while not filtering everything that anybody could consider bad. See the EFF Tor legal faq.)
--Roger
On Aug 28, 2013, at 5:09 PM, Roger Dingledine arma@mit.edu wrote:
On Tue, Aug 27, 2013 at 11:12:01PM +0200, Tor Exit wrote:
Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs?
I really would like to support this if I could.
I appreciate your kind and well-reasoned response, Roger.
For those others who, through (unkind, often poorly spelled, and logically flawed) mockery and name-calling, hypocritically demanded censorship of the very idea that individual liberty necessarily involves individual moral responsibility, I have composed a poem.
A few puerile punks would use Tor To browse for big boobs, nothing more "Rights of humanity" Was just false piety So bit by bit all the web closed the door.
If you want to use Tor for immoral things, go ahead--it will obviously accommodate you--but please stop pretending to speak for those of us who run Tor nodes because we actually care about human rights and liberty, and aren't just using those nice catch-phrases as a cover for licentiousness and mindless self-gratification. You're a large part of the reason that Tor is "technology non grata" in so many places, to so many people that would otherwise fully support its mission.
Hugs, Jon
I'm not sure if this applies but -
[1]http://thenextweb.com/asia/2013/08/01/vietnam-adopts-regulations-to- ban-internet-users-from-sharing-news-reports-online/
Sustain
On Sun, Sep 1, 2013, at 05:43 PM, Jon Gardner wrote:
On Aug 28, 2013, at 5:09 PM, Roger Dingledine arma@mit.edu wrote:
On Tue, Aug 27, 2013 at 11:12:01PM +0200, Tor Exit wrote:
Why is it so bad if a Tor exit operator tries to match the use of their node with their own moral beliefs?
References
1. http://thenextweb.com/asia/2013/08/01/vietnam-adopts-regulations-to-ban-inte...
tor-relays@lists.torproject.org