tor-relays May 2019

tor-relays@lists.torproject.org

53 participants
34 discussions

Solving World's Tor Users Being Blocked by Websites (was: Tor exit bridges)
by grarpamp 08 May '19

08 May '19

On 5/7/19, nusenu <nusenu-lists(a)riseup.net> wrote: > > juanjo: >> Tor relays are public and easily blocked by IP. To connect to Tor >> network users where Tor is censored have to use bridges and even PTs. >> But, what happens on the exit? Many websites block Tor IPs so using >> it to access "clearweb" is not possible. Should we allow and start >> using "exit bridges"? In I2P we have not this problem since there is >> no central IP list of relays. > > there is no need to extend to one more hope to achieve this > > https://lists.torproject.org/pipermail/tor-dev/2018-March/013036.html > > https://lists.torproject.org/pipermail/tor-relays/2019-May/017273.html It's possible to augment such outbound solution offerings even further by running an OpenVPN termination service so users can transport UDP between clearnet as well. VPNGate.net project has an idea there too. Even large regional IPv6 pools could be bought and shared by operators and rotated through. More tor relay operators should consider some of the above options, whether as a requested "bridge" service mechanism, or listed in the consensus "contact" field, or as more of a standalone VPNGate support, or "ExitGate" project sort of arrangement. Using only tor right now, a user needs to use a clearnet service that does not scrape consensus, or one not fronted by services doing similar to CloudFlare's spiteful default tor blocking policy, or find a lucky exit within whatever geolocation game the clearnet service uses, or get lucky through traditional vpn or proxy. But those are only fun statistical hacks, not real long term solutions to the underlying problem. It's unfortunate that such braindead blocking, stupid policy regimes, sites refusal to developing creative solutions [1] for so many world's users legitimate privacy, info risk, anonymity needs... often results in users accounts being locked out and escalated into forcing disclosure of users private info and ID to sites to unlock them, thus exposing users to ongoing long term fraud, cost, and stress when that info (in most cases truly unnecessary to collect) is eventually shared misused and stolen by both sites and criminals... or outright auto deletion of user's valued account, built up social networks, etc... all for doing nothing wrong, and harming no one or thing. Death by DriveByExit :( And really shameful to deny world's users the right to simply read a website, be it social, commercial, information, etc or even sadly their own tax-theft funded governmental public sites doing this blocking too. There are some related projects, best practice, as well... https://trac.torproject.org/projects/tor/wiki/org/projects/WeSupportTor https://trac.torproject.org/projects/tor/wiki/org/projects/DontBlockMe https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-access Positive outreach and direct engagement by Tor community is key here, and perhaps not enough of that is happening, at least not publicly. It's a big enough issue that it really needs a dedicated, active, allied, and even funded subproject... a MegaProject that needs to happen. [1] Such as forfeitable cryptocurrency and mailed-in cash deposits refundable in time, increasing account priviledges and features based on account age and activity, community moderation and behaviour support within the sites, opensource third party tracking-free local SecurImage style captcha throughout a sites features, privacy preserving non-SMS non-Google/Apple pure TOTP authenticator protocols, PGP recovery, letting users simply *read* websites without any hindrance, while utilizing these methods only for *write* operations, etc and so many more ways you can envision... Cc'd for awareness and inclusion. *Please remove tor-dev and tor-relays, and move this to tor-talk or tor-access for ongoing discussion and progress. Thanks.

1 0

Pool of IP Addresses
by amytain 06 May '19

06 May '19

Is it possible to have a pool of ip addresses as the outbound ip addresses instead of just one?

4 6

dhcp lease question
by torix＠protonmail.com 06 May '19

06 May '19

Yesterday I put in a new router for my home connexion to Verizon. Up until now, I've had to bring down my router for 18 hours or so for me to get a new ip address, so this has never really come up before. But I noticed in the new interface that my dhcp lease from Verizon is only 2 hours long. I have had 5 or 6 ip changes that I noticed, and found my relay starting all over again this morning, building up its connexions again. I'm hoping that Verizon will settle down and start renewing my ip address instead of giving me another every few hours, but of course I don't know if their pool of addresses is running low and they are scrambling or what. Any thoughts? I don't think I can continue with my home relay in good conscience if people are getting kicked off several times a day. TIA, --Torix Sent with [ProtonMail](https://protonmail.com) Secure Email.

5 5

unique .onion addresses decreasing a lot
by nusenu 05 May '19

05 May '19

Have a look at this graph: https://metrics.torproject.org/hidserv-dir-onions-seen.html?start=2019-02-0… Is this a measurement issue or did some major application migrate to v3 onion services? -- https://twitter.com/nusenu_ https://mastodon.social/@nusenu

2 1

Concern Over Bridge Distribution And Tor Updates
by Keifer Bly 05 May '19

05 May '19

Hello, So I am aware a new version of tor is now available, but am wondering, is there a way for relay / bridge operators to be notified when a new version of tor is available? Right now, it seems like the only way of knowing if an update for tor is available for our OS is to manually check. Thanks. I also wanted to say, I noticed that an available email provider to request bridges from is Yahoo Mail. Here’s my thought, Yahoo (alongside AOL) was bought by Verizon, so they are now owned by a phone carrier / ISP. This makes me wonder if Yahoo is still a safe email provider to send bridges to, seeing as their new privacy policy is essentially allowing them to use emails as public knowledge. Just a thought. Thanks all. --Keifer

3 4

Support tunneling
by amytain 05 May '19

05 May '19

Would it be possible to support gre tunneling for the inbound IP for the exit and outbound ips? Sent with [ProtonMail](https://protonmail.com) Secure Email.

2 1

Anti-Sybil (re: Explain... all the Nodes)
by grarpamp 03 May '19

03 May '19

On 5/2/19, Herbert Karl Mathé <mail(a)hkmathe.de> wrote: > I strongly believe certain issues need be brought up into conscious, and > into presence: into discussion, actually. > > Therefore appreciating this as it might fit too well into context > > Keeping things below surface, or trying so, has too often proven to be a > very bad idea as these will come up sooner or later anyway, then with much > higher magnitude. Even worse, trust is then destroyed. As said before, the category of Anti Sybil Web of Trust Projects needs considered, and could even cover such speculative subjects. It's not about analysing the meta of one node or one operator, even if a true positive hit, in general the yield is approximately zero percent of any overlay network's nodes, it's about stepping back and agnostically analysing them all. Go investigate and collate all the possible meta informations... Node location, payment, OS, ISP, uptimes, anon / nym / PGP / GovID, workplace, politic, blogs, whatever else you can imagine, including incorporating what's already in the consensus, contact, MyFamily, nickname, both real world and virtual infos, operator to operator p2p Web of Trust... No node has to supply any infos. Put it all in a db and give users tools to select node sets. Some users might select State's, or State's workers or even Statist's nodes, over say anon nodes, as maybe they feel they have to play by some "rules" that anon nodes don't. Others might reject operators that post stupid pics on Facebook. Or all Ubuntu relays. Or nodes that engage in free speech they don't like, some in Tor Project would love that selector, lol. It doesn't matter, it's a meta project, with it you can accept or reject on whatever whim you wish by node fingerprints in your client. And if the Sybil WoT project ends up discovering some interesting potential threats classes among the entire node set, you win. Until then, you are potentially missing all of that, and are not raising Sybil's costs of doing business by forcing them to expend much resource into playing real world Web of Trust against users who might select to use various positive-meta-ranking and or WoT structures. Right now Sybil's cost is only a little hosting. If not, you can still report bad exits and other actual technical node and traffic mangling to tor-relays and or bad-relays, at least until someone DHT's or otherwise distributes tor away from the more centralized DA design. Note that Tor's architecture does not protect much against Global Passive Adversary of NSA style fiber Vampires, that threat does not require Sybil nodes, nor do they have to be Global or Govt, even Tier-N backbones can tap, analyse, and do nefarious things like and with that, including sell, give, and partner it all away. Though they can and do run Sybil nodes to help inject, manipulate, block, see, etc traffic, nodes, and clients. On flip perspective, maybe you really don't want to develop WoT's and such, simply because enabling creeping featureism of it all can lead to exclusivity and control whereby valuable anon diversity is selected away from and purged. That would be very bad. Either way, other than the usual design, protocol, code, and "Lawfare" exploit space, and the coming Quantum Compute adversary, Sybil and Vampire are likely todays biggest remaining threats to overlay networks. None of todays networks seem to be trying to do anything to stop Sybil, and only a few networks put Vampire as any sort of priority [1]. While Vampire may perhaps be solved with some technical measures, Sybil may require some sort sort of human based measures. [1] Curiously, cryptocurrencies do employ Anti-Sybil in various proofs of work (adversary cost raising), and can help defund Vampires.

3 3

[tor-talk] Explain yourself Conrad Rockenhaus
by Stirling Newberry 03 May '19

03 May '19

> I met Conrad online in September 2013, not long after the Washington Navy Yard shootings. Which is how I remember when. He mentioned that he was serving in the Navy then. And I vaguely recall that he's posted on Tor lists about the military using Tor. So you met Conrad on Grindr in September 2013, not long after he was supposed of been shot by the Washington Navy Yard shooter? Did you tell him during the Grindr date that he was lucky to be alive so he could bring us Greypony? I wish the shooter would of killed him because Conrad deserves to be dead because of the hell the Greypony project brought us since 2013. Was he top or were you top? Did you suck or did he suck? or did you both suck? Did you do a good little rim afterwards? Sent with ProtonMail Secure Email.

5 4

ALL GREYPONY SERVERS ARE OPEN FOR DDOS
by Stirling Newberry 03 May '19

03 May '19

ATTENTION GREYPONY USERS ALL GREYPONY EXITS WILL BE TARGETED FOR DDOS. THIS REQUEST HAS COME FROM PRETTY HIGH UP. GAME OVER BITCHES. YOU GUYS ARE GOING TO BE DONE. LOIC WILL BE USED TO TARGET THE NODES. DON'T SAY YOU WERENT WARNED YOU STUPID SACKS OF FAGGOT SHIT. Sent with [ProtonMail](https://protonmail.com) Secure Email.

3 2

A forwarded response
by Anonymous Tormaster 03 May '19

03 May '19

I don't believe it's right that trolls get the right to basically accuse Conrad of violating the principles of the Tor network just because he wants to offer donation based FreeBSD VMs to run Tor Exits. He has stated that he is unable to post to the lists and he is not being provided a reason on why he is unable to post to the lists. I can understand somewhat that he might be advertising but I don't understand why he's publicly reprimanded then banished yet now we're allowing people to trash someone who has actually contributed somewhat decently to this community. This action or inaction is disgusting and unacceptable and fosters and unwelcoming and hostile user climate all because Conrad wanted to HELP. So I'm including his full reply he sent me and I'm sending it anonymously because that's what seems to be popular these days: Hello, I'm sure that this original email was a personal attack and trolling, but given that it has aroused some interest in some of the emails I have received off-list, and the fact that Herbert did make the comment that keeping things below the surface may destroy trust, I will answer your points in question, Mr. Revolution. > You worked at the National Reconnaissance Office of the United States which is the most secretive branch of the United States Intelligence Community > You worked at the Naval Security Group Activity which is the United States Navy's version of the National Security Agency I was previously stationed at the NRO/SPAWAR Washington DC and Temporarily Attached to NSGA/NIOC and NRL on several occasions while I was on Active Duty in the Navy. I was stationed at various places, attached to various commands, served in various capacities and I haven't kept my previous affiliation with the US Government a secret by any means at all. I have no reason to, in fact, I'm very proud of what I've done in service of my country. That being said, I've been retired from Active Duty as of February 25, 2015 and in civilian employment since and I haven't had any employment affiliated with any government agency. This point is kind of moot. I've never kept my Naval Service Hidden, in fact, I brought it up as examples of Government/Military uses of Tor on the mailing list. > You have a Security Clearance but you don't specify what type but I wonder why someone with a SECURITY CLEARANCE would want to work with Tor My security clearance serves no purpose at this point other than making criminal background checks easier and allowing me, as a cybersecurity professional, easier trusted access through organizations that utilize the Federal Government's security clearance adjudicative standards the ability to grant me access faster. This point is moot. > Teor called you out months ago as a US Government Spy and I'm glad that the Tor Community Council is calling you out with. People can post all of the advertising in the world but as long as you're called out Mr US Federal Government Spy then they're doing the right thing. I have no idea what you're talking about with Teor, I do know that when a bunch of the users of the previous iteration of GreyPony were posting about their relay speeds and what not he asked for the list to remain on topic, but I don't remember any pointed calls of Teor accusing me ever being a US Government Spy. I don't care for the Tor Community Council, because I believe it's quite odd of them to repeatedly condemn me yet be completely chill with this. Strange. > You are probably trying to push hacked FreeBSD or that hacked HardenedBSD stuff that no one cares about anyway. You should probably do a little research on how BSD operating systems, especially FreeBSD or HardenedBSD work, to realize how impossible it is for this to work. FreeBSD it's hard, HardenedBSD, I think it's about impossible, but I like the fact you're reaching who shot JFK? levels in your analysis here. > If people cared about more FreeBSD on Tor they would do it but obviously it's not a big issue!!! You see, people do care, because what's going to prevent the big bad spies like me from finding that exploit in all of the cool l33t Ubuntu b0xes you're running Tor on and bringing down 2/3s of the overlay network? That's why we have network diversification to prevent such a failure - if there's a bug or an anomaly that effects Linux for example, it won't effect the BSD, MacOS, and Windows relays, and we'll still have a functioning overlay network. That's the point of diversification. That's the point of promoting it. I'm sorry that you don't want to see that, but that's what it is - we have the resources up to prevent a problem prior to a problem occuring. > It's not a big issue to spin up our Hetzner exits at least we know that a spy not you isnt doing it!!! Cool, and when Hetzner finally decides to pull the plug on Tor exits because they had enough, what then? It never hurts to try to diversify AS assets either. Your characterization of me being a spy is completely illogical because if I were to act in such a capacity, I would just do it. I have the bandwidth to do it, I don't need people to do it for me, I would just set up relays and go for it. The question is - what would I be spying on? I mean, you make it sound like that the exit operator has the full picture in his/her view....except they don't. I see connections from other relays. Oh, don't we default to HTTPS-Everywhere in the Tor Browser package as well by the way? What exactly am I trying to spy on Mr. Revolution? In the end, here's what I think is going on. Several newbies started using GreyPony. Everything was fine, in fact, there was support for it on the mailing list until they started bragging about speeds in excess of 1 Gbit/s. Then the following things occurred (and if you look back at the mailing list history, you can see this): 1. There were complaints that said newbies were lying about their exit relay speeds, even though speeds are measured by the bwauths, so user reported speed really doesn't matter anymore, so this wasn't a valid complaint. 2. There were complaints that the relays should all be in the same MyFamily, even though we don't expect relays hosted on OVH, Hetzner, etc. to be reported on the same MyFamily, after all, I didn't have access to any of these relays, so this wasn't a valid complaint, as I was just hosting the relays. 3. Excess traffic was being generated about GreyPony, which Teor asked everyone to stop bringing up GreyPony until October because of all of it. This was a valid complaint. Due to all of the newbie bragging and honestly, because I was proud of the fact that I was helping out several people, I let myself get out of hand and replied to the emails as well, so I understood and cooled it. Now, again, I wind up back in the hospital, things go a little south for the project because I'm not around, but I come back and the project is ready to start again. Now GreyPony is back to the way that we originally intended it to be - a donation only project to provide FreeBSD/HardenedBSD exits to Tor. Most of the same guys that were running relays with the original one want to come back to the new one, plus some new people. I'm sorry that people wanting to help the Tor network by providing high performance FreeBSD Exit Relays angers you and some other of your fellow travellers so much. If it makes you happy, the project will go on with or with out your support.

4 4

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

tor-relays May 2019