Hi everybody,
i'm in china and when i start tor nodes (on a linux server) i often have to first start up the node using bridges, after i ran tor for a while i can restart the node as a bridge-no-exit-relay-entry-node, or whatever, and it will (through its cached data, I guess) be able to connect to the tor network.. and, importantly, help other nodes to connect to the tor network.
It would be great if the node's mode could automatically change, when I start the tor node it will try to be a bridge relay according to my torrc, if it can not establish a connection it will first use a bridge and when it has enough data (non blocked entry nodes) will return to becoming a relay. Does this make sense?
btw i think bridges.torproject.org is blocked in china (perhaps not surprisingly). And also, on linux servers, couldn't the tor node get the bridges via email by itself, that would be fantastic! each tor node could have its own gmail account, but i guess it would probably somehow be a problem for anonymity..?
take care
:)
On 3/8/11 4:05 PM, Lorenz Kirchner wrote:
btw i think bridges.torproject.org is blocked in china (perhaps not surprisingly). And also, on linux servers, couldn't the tor node get the bridges via email by itself, that would be fantastic! each tor node could have its own gmail account, but i guess it would probably somehow be a problem for anonymity..?
Hi,
made a google spreadsheet available in HTTPS under spreadsheet.google.com domain that load dynamically the bridges information from bridges.torproject.org .
You can load from it: https://spreadsheets.google.com/ccc?key=0Ak268BK3W4GVdDZHeGREWldoZ2o5eFFwaTl...
If chinese want to block it they must inspect https or block the whole spreadsheets.google.com domain.
That's just a prototype that require tuning.
That could be an approach, to replicate the bridge informations over https links of commonly used sites such as google.com or yahoo.com or msn.com .
-naif http://infosecurity.ch
On 3/9/11 6:04 PM, Fabio Pietrosanti (naif) wrote:
Hi, made a google spreadsheet available in HTTPS under spreadsheet.google.com domain that load dynamically the bridges information from bridges.torproject.org .
You can load from it: https://spreadsheets.google.com/ccc?key=0Ak268BK3W4GVdDZHeGREWldoZ2o5eFFwaTl...
very nice idea, alas it does not work..
---------------------------------------------------------------------------------------------------- Data Transfer Interrupted The connection to spreadsheets.google.com has terminated unexpectedly. Some data may have been transferred. Camino connected successfully, but the connection was interrupted while transferring information. Please try again.
* Are you unable to browse other sites? Check the computer's network connection. * Still having trouble? Consult your network administrator or Internet provider for assistance.
----------------------------------------------------------------------------------------------------
the censors here have no shame ;)
On 3/9/11 2:11 PM, Lorenz Kirchner wrote:
On 3/9/11 6:04 PM, Fabio Pietrosanti (naif) wrote:
Hi, made a google spreadsheet available in HTTPS under spreadsheet.google.com domain that load dynamically the bridges information from bridges.torproject.org .
You can load from it: https://spreadsheets.google.com/ccc?key=0Ak268BK3W4GVdDZHeGREWldoZ2o5eFFwaTl...
very nice idea, alas it does not work..
Fucking bastards!
This this: https://sites.google.com/a/infosecurity.ch/testst/
It's the google spreadsheet that load the bridge information embedded into a google site.
-naif http://infosecurity
On 3/9/11 9:42 PM, Fabio Pietrosanti (naif) wrote:
You can load from it: https://spreadsheets.google.com/ccc?key=0Ak268BK3W4GVdDZHeGREWldoZ2o5eFFwaTl...
very nice idea, alas it does not work..
Fucking bastards!
This this: https://sites.google.com/a/infosecurity.ch/testst/
no, same problem
...connection interrupted...
On 3/9/11 2:56 PM, Lorenz Kirchner wrote:
On 3/9/11 9:42 PM, Fabio Pietrosanti (naif) wrote:
You can load from it: https://spreadsheets.google.com/ccc?key=0Ak268BK3W4GVdDZHeGREWldoZ2o5eFFwaTl...
very nice idea, alas it does not work..
Fucking bastards!
This this: https://sites.google.com/a/infosecurity.ch/testst/
no, same problem
...connection interrupted...
Now have no more time, but i am doubt that it's because into the body there is the URL bridges.torproject.org .
Now the spreadsheet can be edited directly: https://spreadsheets.google.com/ccc?key=0Ak268BK3W4GVdDZHeGREWldoZ2o5eFFwaTl...
It does the import with: =importxml("http://bridges.torproject.org%22,%22//pre%5B@id=%27bridges']")
The google sites embedding it is: https://sites.google.com/a/infosecurity.ch/testst/newtest
Unfortunately google automatically leave the trace relevant to bridges.torproject.org into the spreadsheet. IMHO if we can work on it to make it load the bridge without using that hostname chinese will not block it.
-naif http://infosecurity.ch
On 3/9/11 2:56 PM, Lorenz Kirchner wrote:
This this: https://sites.google.com/a/infosecurity.ch/testst/
no, same problem
...connection interrupted...
Sounds interesting that they are doing SSL MiTM probably because they have control of some rough chinese-government-affiliated CA certification authority.
May i ask you, being in china, to go https://spreadsheet.google.com and report via email which are the SSL digital certificate information that you read?
From Europe i see in the certificate information
SHA1 Fingerprint (last digits are DC:8E:74:12:93) Serial (last digits are 00:00:22:63)
The Root Certificate have as chain: EquifaxSecureCA: C = US, O = Equifax, OU = Equifax Secure Certificate Authority That signed the Google CA: GoogleInternetAuthority: C = US, O = Google Inc, CN = Google Internet Authority
What do you see with your browser related to the digital certificate parameters?
Maybe we can find which are the rough CA with which they can do Deep Packet Inspection?
On 3/9/11 10:21 PM, Fabio Pietrosanti (naif) wrote:
May i ask you, being in china, to go https://spreadsheet.google.com and report via email which are the SSL digital certificate information that you read?
;) not wanting to sound boring but the answer is monotonous...
can't go to https://sites.google.com https://spreadsheet.google.com/
...connection interrupted...
I tried with firefox and it says: ----------------------------------------------------------------------------------- The connection was reset The connection to the server was reset while the page was loading. The site could be temporarily unavailable or too busy. Try again in a few moments. If you are unable to load any pages, check your computer's network connection. If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. -----------------------------------------------------------------------------------
i don't think it has anything to do with what's on the page, the domains are blocked for me at this moment.
https://www.google.com/ is also not reachable after all these attempts although it usually is reachable. So i tried in firefox browser https://www.google.com/ and it works the certificate is verified by thawte consulting (pty) ltd.. not spreadsheets.google.com and sites.google.com though
On Wed, 09 Mar 2011 14:42:30 +0100 "Fabio Pietrosanti (naif)" lists@infosecurity.ch allegedly wrote:
You can load from it: https://spreadsheets.google.com/ccc?key=0Ak268BK3W4GVdDZHeGREWldoZ2o5eFFwaTl...
very nice idea, alas it does not work..
Fucking bastards!
This this: https://sites.google.com/a/infosecurity.ch/testst/
It's the google spreadsheet that load the bridge information embedded into a google site.
I need a google account for that. What if I don't want one?
Mick ---------------------------------------------------------------------
The text file for RFC 854 contains exactly 854 lines. Do you think there is any cosmic significance in this?
Douglas E Comer - Internetworking with TCP/IP Volume 1
http://www.ietf.org/rfc/rfc854.txt ---------------------------------------------------------------------
On 3/9/11 11:29 PM, mick wrote:
This this: https://sites.google.com/a/infosecurity.ch/testst/
It's the google spreadsheet that load the bridge information embedded into a google site.
I need a google account for that. What if I don't want one?
So, any new ideas anybody? I still feel it would be best if 1. there was a special function within tor to change from using a bridge to becoming a bridge whithin the censored network, and 2. spreading this bridge-status info locally... perhaps like dht in torrent.. only revealing a small selection of available bridges nearby.. i obviously only have a very dim idea of what i'm talking about.. sorry about that
anyways, if these two problems could be addressed tor could be a biggie with a lot of people here.. ;) -- think: cheap openwrt low maintenance appliance..
Loz
On 3/9/11 6:04 PM, Fabio Pietrosanti (naif) wrote:
If chinese want to block it they must inspect https or block the whole spreadsheets.google.com domain.
and so they do, apparently! What about the idea that bridges could be distributed via bittorrent perhaps in pgp signed files with some sort of timestamp system... is that feasible you think?
but i really would like to get to the stage that a node will eventually become a relay and entry/bridge /to/ the tor network. If computers in china first need to connect to a bridge outside china it just takes too long with all the latency.. would be much better if they could connect to a bridge inside china or am I thinking about it the wrong way? I'm no IT guy, just like to solve a challenge so forgive my ignorance ;)
tor-relays@lists.torproject.org
-
Fabio Pietrosanti (naif) -
Lorenz Kirchner -
mick -
Teun Nijssen