[tor-talk] Operating system updates / software installation behind Tor Transparent Proxy

grarpamp grarpamp at gmail.com
Fri Mar 2 06:45:20 UTC 2012

On Thu, Mar 1, 2012 at 11:31 PM, Andrew Lewman <andrew at torproject.is> wrote:
> bittorrent trackers are fine, it's the bulk download of GB of data 7x24
> that loads up the network.

Wanted to add a bit here from another view.

I see no issue with bulk data transfer, so long as you give
back empty bandwidth equal to your impact on Tor.

If you're using an exit, provide an exit/relay at the same bandwidth
as you use by it, 3x-4x your use due to hops.

If you're using an onion, provide 6x-7x what you use in return.

If you can't, then yes, you're being a leech upon Tor.

Whether it's OS updates, pron, youtube, torrents, it's all
the same... bandwith and circuits. Whether entirely within Tor
(onion2onion) or via exits. Please compensate via giving back
your impact accordingly and all should be fine. If not, yes, Tor
will fall over and you are to blame. You know what to do, do the
right thing.

Any OS worth its salt will do updates via TLS and
check certs, etc. But really, why can you NOT adjust your
rules and update times to do your updates over the clearnet
directly??? Seriously, does anyone block or infect clearnet
updates for which Tor would truly be needed? I highly doubt it.
And if they do, is Tor any more trusted being overlaid over
clearnet? No. So just use clearnet.

Yes, I would not trust Windows to not broadcast your MAC
or firmware ID (which is not easily or authoritatively changeable
under win) to their update system, nor your MAC/UUID
(though lesser so) under unix.

But is that such a huge concern regarding updates? It's
going to send ID anyways regardless of network. So hell,
use a legit wifi station for it if you care. And your system
and usage should be configured and datapartitioned well
enough to be strategically immune to zero-day's and other
risks anyways.

> I trust tor exits more than wireless

For that which is corruptable by local third parties, yes.
But once it hits the Tier-n WAN provider, I rate it all
the same.

> In fact, sometimes when I travel, I scp my virtual machines over
> tor rather than risk a laptop search and seizure at a border.

And I have zero doubt that you are somehow giving back
far more than you consume. Whether in data or by other
more philosophical means :) Is that not the goal we all should
strive to?

> I expect that tor the protocol and network should punish me for
> asking to transfer so much data.

This doesn't sound like a suitable metric. I would expect it
to mete out benefit equal to one's donations (which does
not exist yet). Plus some sort of gift for good and penalty for bad.
But since that is undefinable, the broad publication of expected
practices, such as appropriate giveback ratios when using various
protocols over different paths, is a far better approach.

> What do these OSes do in this case? What about freebsd ports? [etc]

It is specificallly for this reason that ALL distribution systems should
heed the by now well publicized warnings and sign and encrypt everything.
Those that do not in this day and age should be treated as laughable.

> The details from a central http://mitmproxy.org/ are fascinating to see

Thanks for this link... very interesting to finally see some projects
getting closer to TLS proxy de/en-capsulators and modifier streams.


More information about the tor-talk mailing list