Ultimate solution

Arrakis arrakistor at gmail.com
Wed Mar 28 06:29:12 UTC 2007


1. People may not want to use it if it starts sharing their IP for
the network. Although, acting as a middleman may be a good compromise.
In Torpark 3.0, we can probably do most of these.

2. Where will this be displayed, and who is going to read it?

3. Why keep any cookies at all after a session?

4. Sure. We can do this with Torpark 3.0

5. Already covered

6. I especially like #6, now how to we get the tor network to route this
as an exit node? Well... it would be great that instead of hashes we
could name the onion addresses fully. So if you wanted to check if
torrify.com had an exit node you could use to access it, you could
simply do torrify.com.onion... a simple naming convention.


Regards,
Arrakis

> It sounds to me like we need:
> 1. Absolutely easy to use client software that automatically acts as a
> router/server
> -- Needs to determine the lower (upstream) bandwidth, and not clog it
> -- Needs to be able to prioritize local originating connections to
> eliminate the desire to run separate client and server tor processes
> -- -- This includes using as much upstream as the local origination
> needs, even if it means nearly starving all "through me" traffic
> -- -- This means getting flow control working inside Tor, unless I
> missed something.
> -- Needs to be able to work with dynamic IP transparantly
> -- -- Tor currently does this if NO Address line is in the config
> file, but Vidallia insists on putting one in there anyways.

> 2. Simple instructions to end users
> -- Anonimity != privacy
> -- Things like flash, etc, can break privacy and reveal who you are
> -- Some sort of 'This is known to be safe, this is most likely unsafe,
> this is "maybe" ' list.

> 3. A preconfigured set of cookies for the major known cookie tracking
> sites (ads, etc), so that every Tor user looks the same.

> 4. Ideally a patch for Firefox. IE allows you to say "Accept 1st party
> cookies, reject 3rd party cookies." Safari allows you to say "Only
> accept cookies from sites I navigate to, but not from sites linked to
> them (Advertisements)". Firefox doesn't have that.

> 5. (Privoxy already strips referrer information, so that's not leaking
> your search history, etc, to third parties).

> ** 6 **. Since Tor will route to an exit node on the same machine as
> your target, giving end-to-end transparent encryption, some sort of
> push to get the major web sites to run at least a "local exit" tor
> node. In particular, we need an absolutely trivial, out of the box,
> "Local only, any port" tor exit config.


> On 3/27/07, Freemor <freemor at yahoo.ca> wrote:
>> On Mon, 2007-26-03 at 23:53 -0700, JT wrote:
>> > You are making a very big mistake! In theory your are correct with what
>> > you are saying but you are assuming the total noob can learn how to safe
>> > anonymously but also give grandma a chance to surf anonymously. Grandma
>> > knows what a browser is but has never heard about encryption or TCP/IP.
>> >
>>
>> I think that if the information is geared to the new user that they will
>> be able to pick it up. You don't need to get all technical to explain
>> everything. you could just say "if your browser doesn't display the lock
>> icon, like when using a banking site, your communication is anonymous
>> but not confidential, and may reveal identifying information."
>>
>> I also think there is a real problem with the "a new user could never
>> understand this" thinking. One should never assume that ones audience is
>> less intelligent then you are. Also, even if the effort manages to only
>> educate 30% of the new users this is far superior to not making the
>> effort and having only the very enthusiastic users who have the skills
>> to dig up the documentation they need being educated.
>>
>> Freemor




More information about the tor-talk mailing list