Hello all,
after yesterday watching "State of the Onion", a speech held at 31C3 recently, I spontanuously decided to also run a Tor relay. After some back and forth it appears to be running fine on my OpenWRT based router. The only ORPort is 9001, which is also the only hole punched into the firewall, I hope I did this right.
Today I wanted to continue at Freenode IRC, like I did for years, not even using an anonymous connection. But they wouldn't let me in:
[12:02] * You are banned from this server- Your tor exit node must not allow connections to freenode (tor exit node (chat.freenode.net:8000)). Email tor-kline@freenode.net when corrected. (2015/1/24 09.41)
I understand that my router and my PC share the same IP address to the remaining internet and IRC operators try to identify users by their IP address (which isn't possible). Reading up on the matter I found two texts:
http://www.freenode.org/policy.shtml
"The freenode network welcomes Tor users"
http://www.freenode.org/irc_servers.shtml#tor
"If you do want to be a Tor exit node and still use freenode, you will have to configure your exit policy to block all of the IRC ports we use, in addition to ports 80 and 443 as these are used for webchat."
To me this sounds like "We welcome it, but please block all of its usage". They recommend to add a "reject *:*" rule, but that means the relay is no longer a relay, right? And blocking port 80 and 443 means Tor to become useless.
As I can't find much on the matter by googling: is this actually a misalignment of Freenodes' statement to freedom as bad as it looks? If yes, what could I do about it? I'm a fairly experienced hobbyist hacker and admin, so I wouldn't fear writing some code.
Cheers, Markus
On 2015-01-24 12:48:18 (+0100), Markus Hitter wrote:
Besides the snippet you quoted, that page says "The primary Tor hidden service address for freenode is frxleqtzgvwkv7oz.onion". This is how Freenode welcomes tor users. "Connections to freenode directly from Tor exit nodes are not allowed".
At this point you're not a Tor user, you just set up a relay :). In order to connect to Freenode you should do it through Tor, or either block its usage by others. "If you do want to be a Tor exit node and still use freenode, you will have to [block ports]. Alternatively, you can allow any ports in your exit policy, and always connect to freenode using the hidden service".
Am 24.01.2015 um 14:28 schrieb David Serrano:
On 2015-01-24 12:48:18 (+0100), Markus Hitter wrote:
Besides the snippet you quoted, that page says "The primary Tor hidden service address for freenode is frxleqtzgvwkv7oz.onion". This is how Freenode welcomes tor users.
Thanks for pointing this out, I indeed snipped some of the text there. The reason I did is, it bugged me less that one needs to do extra steps to connect anonymously. That's mostly expected.
What bugs me is that it's apparently impossible or at least severely restricted to participate in IRC the normal, non-tor way and to run a Tor relay at the same time. This doesn't match well, IMHO.
Trying this .onion address results in this:
[14:54] * Looking up frxleqtzgvwkv7oz.onion [14:54] * Unknown host. Maybe you misspelled it?
I take that .onion addresses are available through Tor, only. And even when going through Tor Freenode still requires user authentication by SASL, which is not anonymous, because you have to get this account through a normal connection. Not to mention all the hassles required for running two networks in parallel on one router or PC and the extra load for the Tor network.
Am 24.01.2015 um 14:30 schrieb Lukas Erlacher:
I recommend you reread freenode's explanations carefully.
I did, and the still open question is, doesn't mean restricting ports 80, 443 and the IRC ones make running the relay a pretty useless operation? Without all these ports, which kinds of communication are left?
Markus
Am 24.01.2015 um 14:30 schrieb Lukas Erlacher:
I recommend you reread freenode's explanations carefully.
I did, and the still open question is, doesn't mean restricting ports 80, 443 and the IRC ones make running the relay a pretty useless operation? Without all these ports, which kinds of communication are left?
Markus
Completely disabling exit operation (with the reject *:* line) turns you into a middle relay. Middle relays aren't useless.
Best, Luke
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 24.01.2015 um 15:45 schrieb Lukas Erlacher:
Completely disabling exit operation (with the reject *:* line) turns you into a middle relay.
OK, thanks. Jacob Applebaum stated in this speech he wants to have thousands of relays and make using anonymous connections a normal state of affairs in the long term. This isn't going to fly this way. I'll talk to the Freenode people about removing their prohibitive restrictions and also hope on your support.
Thanks, Markus
- -- - - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/
Your idealism is noble, but it isn't going to work that way. IRC networks aren't going to open up to Tor more than Freenode already does, for the simple reasons that it makes controlling trolls and spammers absolutely impossible.
You should probably run a middle relay until you've learned more about this. (And yes, discovering the knowledge is harder than it should be; I recommend you get on #tor on oftc to talk to people.)
Best, Luke
On 01/24/2015 04:17 PM, Markus Hitter wrote:
Am 24.01.2015 um 15:45 schrieb Lukas Erlacher:
Completely disabling exit operation (with the reject *:* line) turns you into a middle relay.
OK, thanks. Jacob Applebaum stated in this speech he wants to have thousands of relays and make using anonymous connections a normal state of affairs in the long term. This isn't going to fly this way. I'll talk to the Freenode people about removing their prohibitive restrictions and also hope on your support.
Thanks, Markus
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 24.01.2015 um 16:21 schrieb Lukas Erlacher:
Your idealism is noble, but it isn't going to work that way. IRC networks aren't going to open up to Tor more than Freenode already does, for the simple reasons that it makes controlling trolls and spammers absolutely impossible.
Being connected anonymously doesn't mean this connection has to be without authentication. For example, it should be possible to request a NickServ login after connecting and allowing to register a nick, but before entering a room. Without a room there's not much to spam.
It should also be possible to allow connections from exit relays with SASL authentication. Not as good as the above plan, still much better than what we have now.
Nerds are the typical kind of persons predestined to run relays as early adopters and are also the typical population on Freenode. Similar for many other IRC nodes. These two _have_ to match to make Tor popular.
You should probably run a middle relay until you've learned more about this.
What else do I have to "learn"? Using Freenode and running an exit relay don't match, the technical details are secondary. At very least Freenode should be honest and state that they do not welcome anonymous connections and as such make their "welcome to Tor" pointless. I hate marketing speech obfuscating the truth.
Markus
- -- - - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/
Hi,
I've been running a few relays for about a week, so I'm fairly new to all of this fun stuff as well!
I think you've missed a few steps, and have over-reacted a bit to the new technology.
There are many reasons why you cannot, and should not, connect to the network from an exit relay. But I have to ask, why would you want to connect to freenode from an exit relay when you can connect from within? There's a reason they offer the hidden service to connect to their network. Attempting to bypass that seems silly. You've already accepted that you would have to use SASL using the exit relay, through your suggested option #2, so using it within is only a tiny, additional step.
Respectfully, I think you have a _lot_ to learn. I've spent every day, several hours per day, the past 8 days reading as much as I possibly can, and I know enough to know that I don't know enough.
Also,
https://freenode.net/irc_servers.shtml ... "Connections to freenode directly from Tor exit nodes are not allowed, as it is impossible to distinguish traffic originating on that computer from Tor exit traffic. In addition to providing better protection and location privacy, the hidden service gives end-to-end encryption, providing benefits similar to using SSL (ircs/irc-ssl)..."
And,
"We encourage you to consider providing "middleman" bandwidth to the Tor network by setting up your host as a Tor relay. Specify how much bandwidth you want to provide and set your exit policy to reject *:*. It will help us make up for the bandwith we use for freenode's hidden service."
I do hope this helps.
Date: Sat, 24 Jan 2015 16:46:48 +0100 From: mah@jump-ing.de To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] Tor and Freenode
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 24.01.2015 um 16:21 schrieb Lukas Erlacher:
Your idealism is noble, but it isn't going to work that way. IRC networks aren't going to open up to Tor more than Freenode already does, for the simple reasons that it makes controlling trolls and spammers absolutely impossible.
Being connected anonymously doesn't mean this connection has to be without authentication. For example, it should be possible to request a NickServ login after connecting and allowing to register a nick, but before entering a room. Without a room there's not much to spam.
It should also be possible to allow connections from exit relays with SASL authentication. Not as good as the above plan, still much better than what we have now.
Nerds are the typical kind of persons predestined to run relays as early adopters and are also the typical population on Freenode. Similar for many other IRC nodes. These two _have_ to match to make Tor popular.
You should probably run a middle relay until you've learned more about this.
What else do I have to "learn"? Using Freenode and running an exit relay don't match, the technical details are secondary. At very least Freenode should be honest and state that they do not welcome anonymous connections and as such make their "welcome to Tor" pointless. I hate marketing speech obfuscating the truth.
Markus
Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBAgAGBQJUw75oAAoJEKuzOwuAbzo+RRAH/2ZUQQzVVFkVxkIUkP2Rk4jR crDMwMr7txDhW3KlBjxPota93xJjfafG9JnWivHD2+KqV5WJp5gWYun3W7zxU9To sYx9JL5uYKt97+/WkTfUS5SGthoOgdxlKRLcq7uUUCclqZ+08Qjt3O+kPqzWFXhJ eAD6nd1i69lMNd1chOzbEj28Ha9VTTAzh8xyPy6G90Bnc8hGMJZ6rZdWoDIR1pLc XY3OIzIcqIekNKi9gT7/KQUx52kUjBn1wSLJHi2cK2uoDlfW2LGI4X1uEsuRZccB KuKAv+bcXKinXEp3nmIfn0o0L2vbLEsSnx6ws49b5M9DlNvZxgWP5WYT2zqfX00= =Bh0e -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 24.01.2015 um 17:16 schrieb Matthew Anderson:
But I have to ask, why would you want to connect to freenode from an exit relay when you can connect from within?
- - It adds unneccessary load to the Tor network.
- - It triples general network load.
- - It's a hassle to setup. Proxies and such stuff.
- - Even more if I don't want to move my entire PCs over to Tor entirely. Then I have to choose the network on an per application base, which not all applications allow to do.
- - I can no longer use unregistered nicks.
- - I can no longer register a nick.
- - The same applies to all other users, the latter two are prohibitive for users actually in need of anonymity.
There's a reason they offer the hidden service to connect to their network.
I'm entirely fine with them offering this service. No need to forbid other services along with this, though.
Respectfully, I think you have a _lot_ to learn.
Perhaps I'm not that kind of guy who accepts somebody elses decision as a god given. It's a deliberate decision by the Freenode folks. It's not me in need of help, it's them. They need a better way to distinguish spammers from legitimate users.
Seeing pretty much all participants on this list (a Tor list!) are opposed to improving the situation of Tor isn't exactly encouraging to write some code to solve this problem. Perhaps I should return to hacking 3D printers.
Thanks, Markus
- -- - - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/
Seeing pretty much all participants on this list (a Tor list!) are opposed to improving the situation of Tor isn't exactly encouraging to write some code to solve this problem. Perhaps I should return to hacking 3D printers.
You should probably read: https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-...
They need a better way to distinguish spammers from legitimate users.
It’s not an easy problem to solve.
On 24 Jan 2015, at 19:13, Markus Hitter mah@jump-ing.de wrote:
Signed PGP part Am 24.01.2015 um 17:16 schrieb Matthew Anderson:
But I have to ask, why would you want to connect to freenode from an exit relay when you can connect from within?
It adds unneccessary load to the Tor network.
It triples general network load.
It's a hassle to setup. Proxies and such stuff.
Even more if I don't want to move my entire PCs over to Tor entirely. Then I have to choose the network on an per application base, which not all applications allow to do.
I can no longer use unregistered nicks.
I can no longer register a nick.
The same applies to all other users, the latter two are prohibitive for users actually in need of anonymity.
There's a reason they offer the hidden service to connect to their network.
I'm entirely fine with them offering this service. No need to forbid other services along with this, though.
Respectfully, I think you have a _lot_ to learn.
Perhaps I'm not that kind of guy who accepts somebody elses decision as a god given. It's a deliberate decision by the Freenode folks. It's not me in need of help, it's them. They need a better way to distinguish spammers from legitimate users.
Seeing pretty much all participants on this list (a Tor list!) are opposed to improving the situation of Tor isn't exactly encouraging to write some code to solve this problem. Perhaps I should return to hacking 3D printers.
Thanks, Markus
--
Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Am 24.01.2015 um 19:18 schrieb Philipp Defner:
You should probably read: https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-...
Thanks for the pointer. Interesting reading indeed. At least /some/ people sharing my mindset.
Markus
- -- - - - - - - - - - - - - - - - - - - - - Dipl. Ing. (FH) Markus Hitter http://www.jump-ing.de/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Markus Hitter:
Am 24.01.2015 um 17:16 schrieb Matthew Anderson:
But I have to ask, why would you want to connect to freenode from an exit relay when you can connect from within?
- It adds unneccessary load to the Tor network.
Most of the network is under-utilised guards and middle nodes, hidden services don't stress exits, which are the limited resource.
- It triples general network load.
Triples?
- It's a hassle to setup. Proxies and such stuff.
Running Tor Browser and setting some options on your IRC client?
- Even more if I don't want to move my entire PCs over to Tor
entirely. Then I have to choose the network on an per application base, which not all applications allow to do.
Consider using better applications ;) There's no other fix for this.
- I can no longer use unregistered nicks.
Take this up with freenode
- I can no longer register a nick.
Take this up with freenode
- The same applies to all other users, the latter two are
prohibitive for users actually in need of anonymity.
Take this up with freenode
There's a reason they offer the hidden service to connect to their network.
I'm entirely fine with them offering this service. No need to forbid other services along with this, though.
Take this up with freenode
Respectfully, I think you have a _lot_ to learn.
Perhaps I'm not that kind of guy who accepts somebody elses decision as a god given. It's a deliberate decision by the Freenode folks. It's not me in need of help, it's them. They need a better way to distinguish spammers from legitimate users.
So you know it's something to take up with freenode?
Seeing pretty much all participants on this list (a Tor list!) are opposed to improving the situation of Tor isn't exactly encouraging to write some code to solve this problem. Perhaps I should return to hacking 3D printers.
I would like a pony, why is everyone opposed to Tor downloads and Tor contributions being rewarded with a pony, it would improve the situation of Tor? Tor cannot influence freenode policy....take this up with freenode
Thanks, Markus
_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On 2015-01-24 20:16:13 (+0000), cacahuatl wrote:
Markus Hitter:
- It's a hassle to setup. Proxies and such stuff.
Running Tor Browser and setting some options on your IRC client?
Tor Browser isn't even needed. Once he has a relay in place, all he has to do is teach the IRC client to connect through it.
On Sat, 24 Jan 2015 12:32:24 -0800, David Serrano tor@dserrano5.es wrote:
On 2015-01-24 20:16:13 (+0000), cacahuatl wrote:
Markus Hitter:
- It's a hassle to setup. Proxies and such stuff.
Running Tor Browser and setting some options on your IRC client?
Tor Browser isn't even needed. Once he has a relay in place, all he has to do is teach the IRC client to connect through it.
I run a Tor relay 24/7 at home on a dedicated computer. I like to setup a ZNC IRC bouncer on the same host have have it connect the Tor relay's SOCKS5 port via Proxychains. You'll need to authenticate the ZNC Freenode server nick via SASL if memory serves correctly.
Then configure your IRC client to connect to the ZNC bouncer. Set it and forget it.
The only non Tor trafic exposure is registering the Freenode nick.
Am 25.01.2015 um 01:46 schrieb Seth:
I run a Tor relay 24/7 at home on a dedicated computer. I like to setup a ZNC IRC bouncer on the same host have have it connect the Tor relay's SOCKS5 port via Proxychains. You'll need to authenticate the ZNC Freenode server nick via SASL if memory serves correctly.
Then configure your IRC client to connect to the ZNC bouncer. Set it and forget it.
The only non Tor trafic exposure is registering the Freenode nick.
Thanks for describing what I meant with "extra hassle". Makes also a more detailed description than what I could find on the web so far.
:-)
Markus
On Sat, 24 Jan 2015 18:06:40 -0800, Markus Hitter mah@jump-ing.de wrote:
Thanks for describing what I meant with "extra hassle". Makes also a more detailed description than what I could find on the web so far.
It is sort a of pain in the neck I agree, especially when you have to go about figuring it out for yourself.
I need to write this up anyway for my own personal reference, I'll post a HOWTO to the list if enough people are interested and feel that it's relevant.
Am 25.01.2015 um 18:40 schrieb Seth:
I need to write this up anyway for my own personal reference, I'll post a HOWTO to the list if enough people are interested and feel that it's relevant.
It's certainly relevant. Nicely, Tor project's wiki is writeable for mere users, so you can use that for a more permanently visible place. Only registration required. Syntax is the same as in Wikipedia.
Might fit into the FAQ (scroll down to see not everything was moved away) ...
https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ
... or into a new page with a link from where the Freenode matter is mentioned:
https://trac.torproject.org/projects/tor/wiki/org/doc/ListOfServicesBlocking...
Markus
On 2015-01-24 07:46, Markus Hitter wrote:
Without a room there's not much to spam.
Unfortunately this is very much not true. There are all sorts of attacks on IRC, including bots that use multiple connections where one collects data from channels and another actually sends the spam via direct PRIVMSG.
It wouldn't be impossible to neuter the IRC protocol to allow registration over Tor but otherwise render unauthenticated users harmless to the network, but unless there is some way to verify that the user is human, bots would quickly get written to register nicks and set themselves up via Tor, abuse the nick until it's burned and move on.
On 01/24/2015 04:46 PM, Markus Hitter wrote:
What else do I have to "learn"? Using Freenode and running an exit relay don't match, the technical details are secondary.
First of all, thanks for running a relay! This is very important indeed.
I suggest today's lesson is that the anonymity Tor provides can also be very useful for (end-to-end) authenticated connections. Remember, Tor is not always only about hiding your identity from the destination!
You might like https://dud.inf.tu-dresden.de/Anon_Terminology.shtml , and compare the terms to what Tor provides.
The history of Tor and Freenode is quite long and we currently can't seem to change how they treat Tor users. Better ways could be implemented, but someone would have to implemented it for their homebrew grown IRCd.
In any case, if you share an IP for both ordinary traffic and exit traffic, you will unfortunately run into many more problems over time. Did you read https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines ? I strongly advise against running exits from residential connections these days, it's just too much of a hassle. Run a middle relay at home, and an exit at an exit-friendly hosting company!
Am 02.02.2015 um 05:59 schrieb Moritz Bartl:
The history of Tor and Freenode is quite long and we currently can't seem to change how they treat Tor users. Better ways could be implemented, but someone would have to implemented it for their homebrew grown IRCd.
Thanks. At least one person understanding the disappointment about the current state of affairs.
Markus
On 2015-01-24 15:40:38 (+0100), Markus Hitter wrote:
What bugs me is that it's apparently impossible or at least severely restricted to participate in IRC the normal, non-tor way and to run a Tor relay at the same time. This doesn't match well, IMHO.
Keep in mind that you're running an /exit/ relay. I just verified that I'm able to connect to freenode from the IP associated with my non-exit relay without issues.
Hello,
I recommend you reread freenode's explanations carefully.
If you do want to be a Tor exit node and still use freenode, you will have to configure your exit policy to block all of the IRC ports http://www.freenode.org/irc_servers.shtml#ports we use, in addition to ports 80 and 443 as these are used for webchat. Alternatively, you can allow any ports in your exit policy, and always connect to freenode using the hidden service.
Best, Luke
-----BEGIN PGP MESSAGE----- Version: GnuPG v2
hQEMA22Nc/OMyTy8AQgAt76bA92YgnGcymH4H+jGorceD36/o6UsQKDGctj22eip BduAfsf+0P+QSz+oeGgzjord/LemSNzL8HfhxRaLvk+HzymNGwrJ23sbC9ftQnbn G/u5F1VCQeYf+JF6I19esTfqa20mvJjk3vgrMkYo3D7q030EjYJGOyxFEd2ajW58 oks8litJzFhHihJlq1d1nJCd+1KOfS9zMVqKulgr5lFJRrft5VPKN7Qz6wZuU407 tyddH/H0m2y5ILZI+TIXe86VjaAvoWxKQ0N/+r5Y001uVRpaNGq+kIPN/LVqSC3r iX5AFfllhJukYlxmJ/ymSwrUS19Cqipxtpf2c5GK8dLqARtGbIKcPHGhnFIk6sTZ +jR5KhEgkDDgMEGXsov+k1P6YJwhgFyyInl1Ay+aAPklvmqtnoO/4GbAuDpgYHKz zSxUemNLF/dlHRiwx/IN13qJayM/5bHSbMP0jFSgZccml3Jo7IpdT8gmmiUdkxb2 l1lH+zTsFAOcXrTktHUe3h/yFbx4kFrbFZeeolMU9mlAPvrl5jA/YgEfhG3AX+wp wCN20BFjQzzJpJpqeUmzC7Jk4rpYtWrjm6N/PVaqxIHkJIYZbqHc2T276CEVr8SF svW0skmCB7ZMi0FZvVdbWGkIvO1KW/YTKTwl0js9hcizDXMjBDPwP7HNxKsgKqxv w1BmOigPVQ0BtH1gWYAXSX/uWXRm1aoD7d0LQi/2iQdAozHbcZTDC5eAkc5VRkp0 NlLY9cJ4I5tdqzDJeV4loTggUwMCvqZSH2HhaCmSOgqlWrbG//TuDtVBaXNZAnsh rR9i6etxYjqAU2piZS4r+ut5vsJnWo2li5i7fCuvHnNXABAkXaosK1s1IMlgCiz1 AnydCUWOe434VV4u5yEpJNGtYWJpZ1SaqnnP8sGKBmsX7i4WO3mUQUH9uVsvXvXj 1MJMaPZoudJ+8CsLtyHnYELUfRJrFTw+7AxN1W8sPlv0Anit6YnEUy7VwhWEkrQZ fe990Y48AwJEDaEiyz50DRT4q3rPlDAN07c9w40lgtPT3WsOkpLKuKGW8SwE3Pq5 oph2wZ85qSBbGvCHvyhZaig8seZ4KBQOY2BZAu0nSAE9iLnZh3UV4ZJf8ZniLPcV BcHBmgAGritItUheCv+7M9yyF9RD8FN9I5aeKYA8l64oLjmblHJPxel/BM+uQK9G UXKjwUt+1pnaXavljX5q4NeFr+P5qekSmctZw1lNsClWlfhHlQiz5BWvrvfWBzbR rS4J8azGMWJ2V8FcJmWjHlKORhlr5OOCW72OJK7EZJDq0SpgG8zwdgndOX0D6ssF lBum50HDdxJ29SG0lY+5G+x59IeJxmOemtg1tDuwDVqKiDSdCQrBexE52qHHZs3Q c/UelZ8NIRicpLZsdH86gn5UqpdEitMiVE9V7HvcSqtg/zPZdsA7YJw7OKk1LAte J2PioR8pDzg9uj5sZl1c43eGq9Vb5HazsV7oA73auPDHNXr42vNKGMUmkuVaZBJm Modi/5uXaRjqsUlZn1n4x/gaCmsCdyYp1VCtT1p296/5M/BQGnTt9husDcfiru92 vRLhjDWpHhqIUMbHU7McNadjPpkcsnTO81n0aFmqFQR0oPKUaigJYT2U2sxznjxY pXBVjyejtX1YUfPy1w7dIl+8rNfvpe1hqoWFHKaH9KG+Q9jRYjZPEyO+hpnS6x0u bsEK4m0Ve7g1N7gROt2HaDBV/0iwwYUl/0AscnxRdKA9yxqNx8mhw2Sq+BwcCGlS dJKMdLytg2SaS2qU8CLK7wh4ALLOndc3yLKx4ERlYXe79/K+zPSY5MdBjyu7Jjcn yJXuCuPm9+2ICUAjYkwV7WhX40Gj7wNeHBkr1abBnt+B+JCL3iIpDtHeXGKzmk7q q+EqfyXU653qq/BgP+Jz93t1uqCMzPVFDJ+FAZQN61XHWUrJ3v6qhzK5jso1LAbE KAuo7XhkqAsZbFWohLoDFodAlV4Ga+OUyLrGM0atv94ExpFl0nekcLRPqHkyLJ/r bprZiK94VybLdH2Gjie86n5TDzPvf3WDrrH33UogRMr3+DD3UFyjxUj8i6laNNjV GgN0aFkYEHZBcdWwedS/lJITGUghbsFM+xhfyj4WbeS3sO8QU72z8c3VhTYFLMfa s7wJTXIwbWMwU7ppSSCoEtciz8bF9WN7HpR0KkxPQy3Xyx52939uegRFJNnNiA3T tkkEhGMlcfGBQumdrPEr5jfAoaA/tYMl2ER8i/ZtOectIn8mwjFG87FDoimdWK5O F66VnsCRirMmQARsEhgDJ2D860SgFL/pr2pbrkk= =2jml -----END PGP MESSAGE-----
Please send this in an unencrypted form. On 01/24/2015 06:16 PM, Michael Edwards wrote:
-----BEGIN PGP MESSAGE----- Version: GnuPG v2
hQEMA22Nc/OMyTy8AQgAt76bA92YgnGcymH4H+jGorceD36/o6UsQKDGctj22eip BduAfsf+0P+QSz+oeGgzjord/LemSNzL8HfhxRaLvk+HzymNGwrJ23sbC9ftQnbn G/u5F1VCQeYf+JF6I19esTfqa20mvJjk3vgrMkYo3D7q030EjYJGOyxFEd2ajW58 oks8litJzFhHihJlq1d1nJCd+1KOfS9zMVqKulgr5lFJRrft5VPKN7Qz6wZuU407 tyddH/H0m2y5ILZI+TIXe86VjaAvoWxKQ0N/+r5Y001uVRpaNGq+kIPN/LVqSC3r iX5AFfllhJukYlxmJ/ymSwrUS19Cqipxtpf2c5GK8dLqARtGbIKcPHGhnFIk6sTZ +jR5KhEgkDDgMEGXsov+k1P6YJwhgFyyInl1Ay+aAPklvmqtnoO/4GbAuDpgYHKz zSxUemNLF/dlHRiwx/IN13qJayM/5bHSbMP0jFSgZccml3Jo7IpdT8gmmiUdkxb2 l1lH+zTsFAOcXrTktHUe3h/yFbx4kFrbFZeeolMU9mlAPvrl5jA/YgEfhG3AX+wp wCN20BFjQzzJpJpqeUmzC7Jk4rpYtWrjm6N/PVaqxIHkJIYZbqHc2T276CEVr8SF svW0skmCB7ZMi0FZvVdbWGkIvO1KW/YTKTwl0js9hcizDXMjBDPwP7HNxKsgKqxv w1BmOigPVQ0BtH1gWYAXSX/uWXRm1aoD7d0LQi/2iQdAozHbcZTDC5eAkc5VRkp0 NlLY9cJ4I5tdqzDJeV4loTggUwMCvqZSH2HhaCmSOgqlWrbG//TuDtVBaXNZAnsh rR9i6etxYjqAU2piZS4r+ut5vsJnWo2li5i7fCuvHnNXABAkXaosK1s1IMlgCiz1 AnydCUWOe434VV4u5yEpJNGtYWJpZ1SaqnnP8sGKBmsX7i4WO3mUQUH9uVsvXvXj 1MJMaPZoudJ+8CsLtyHnYELUfRJrFTw+7AxN1W8sPlv0Anit6YnEUy7VwhWEkrQZ fe990Y48AwJEDaEiyz50DRT4q3rPlDAN07c9w40lgtPT3WsOkpLKuKGW8SwE3Pq5 oph2wZ85qSBbGvCHvyhZaig8seZ4KBQOY2BZAu0nSAE9iLnZh3UV4ZJf8ZniLPcV BcHBmgAGritItUheCv+7M9yyF9RD8FN9I5aeKYA8l64oLjmblHJPxel/BM+uQK9G UXKjwUt+1pnaXavljX5q4NeFr+P5qekSmctZw1lNsClWlfhHlQiz5BWvrvfWBzbR rS4J8azGMWJ2V8FcJmWjHlKORhlr5OOCW72OJK7EZJDq0SpgG8zwdgndOX0D6ssF lBum50HDdxJ29SG0lY+5G+x59IeJxmOemtg1tDuwDVqKiDSdCQrBexE52qHHZs3Q c/UelZ8NIRicpLZsdH86gn5UqpdEitMiVE9V7HvcSqtg/zPZdsA7YJw7OKk1LAte J2PioR8pDzg9uj5sZl1c43eGq9Vb5HazsV7oA73auPDHNXr42vNKGMUmkuVaZBJm Modi/5uXaRjqsUlZn1n4x/gaCmsCdyYp1VCtT1p296/5M/BQGnTt9husDcfiru92 vRLhjDWpHhqIUMbHU7McNadjPpkcsnTO81n0aFmqFQR0oPKUaigJYT2U2sxznjxY pXBVjyejtX1YUfPy1w7dIl+8rNfvpe1hqoWFHKaH9KG+Q9jRYjZPEyO+hpnS6x0u bsEK4m0Ve7g1N7gROt2HaDBV/0iwwYUl/0AscnxRdKA9yxqNx8mhw2Sq+BwcCGlS dJKMdLytg2SaS2qU8CLK7wh4ALLOndc3yLKx4ERlYXe79/K+zPSY5MdBjyu7Jjcn yJXuCuPm9+2ICUAjYkwV7WhX40Gj7wNeHBkr1abBnt+B+JCL3iIpDtHeXGKzmk7q q+EqfyXU653qq/BgP+Jz93t1uqCMzPVFDJ+FAZQN61XHWUrJ3v6qhzK5jso1LAbE KAuo7XhkqAsZbFWohLoDFodAlV4Ga+OUyLrGM0atv94ExpFl0nekcLRPqHkyLJ/r bprZiK94VybLdH2Gjie86n5TDzPvf3WDrrH33UogRMr3+DD3UFyjxUj8i6laNNjV GgN0aFkYEHZBcdWwedS/lJITGUghbsFM+xhfyj4WbeS3sO8QU72z8c3VhTYFLMfa s7wJTXIwbWMwU7ppSSCoEtciz8bF9WN7HpR0KkxPQy3Xyx52939uegRFJNnNiA3T tkkEhGMlcfGBQumdrPEr5jfAoaA/tYMl2ER8i/ZtOectIn8mwjFG87FDoimdWK5O F66VnsCRirMmQARsEhgDJ2D860SgFL/pr2pbrkk= =2jml -----END PGP MESSAGE-----
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Uh sorry, I just sent an encrypted draft email that I meant to delete...
Ignore me while I cower in shame in the corner!
Mike
On 01/24/2015 04:48 AM, Markus Hitter wrote:
Hello all,
after yesterday watching "State of the Onion", a speech held at 31C3 recently, I spontanuously decided to also run a Tor relay. After some back and forth it appears to be running fine on my OpenWRT based router. The only ORPort is 9001, which is also the only hole punched into the firewall, I hope I did this right.
Today I wanted to continue at Freenode IRC, like I did for years, not even using an anonymous connection. But they wouldn't let me in:
[12:02] * You are banned from this server- Your tor exit node must not allow connections to freenode (tor exit node (chat.freenode.net:8000)). Email tor-kline@freenode.net when corrected. (2015/1/24 09.41)
I understand that my router and my PC share the same IP address to the remaining internet and IRC operators try to identify users by their IP address (which isn't possible). Reading up on the matter I found two texts:
<SNIP>
Even if you resolve the issue with Freenode, you may find that other sites have banned your IP address. As a practical matter, it's best to dedicate a distinct IP address to a Tor node, especially an exit.
Hello Markus,
I know that maybe it's too late to answer, and I don't even know if the answer is right but, Freenode has some hidden servers don't you know? Take a look at https://freenode.net/irc_servers.shtml, there are 4 addresses to connect to freenode through Tor Onion network. I don't know if I'm right, but I actually want to use freenode even with a tor relay running on my router, let's try to do that helping each other...
Sorry about my poor english...
Best regards, UserX
Hello Markus, it's correct that Freenode is blocken every Tor exit node because they don't want you to connect over the internet. Please use the hidden service from Freenode. There should be a howto on the website of Freenode.
Regards from germany Am 20.04.2015 17:00 schrieb "User_X" user_x@riseup.net:
Hello Markus,
I know that maybe it's too late to answer, and I don't even know if the answer is right but, Freenode has some hidden servers don't you know? Take a look at https://freenode.net/irc_servers.shtml, there are 4 addresses to connect to freenode through Tor Onion network. I don't know if I'm right, but I actually want to use freenode even with a tor relay running on my router, let's try to do that helping each other...
Sorry about my poor english...
Best regards, UserX
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
cacahuatl -
Dave Warren -
David Serrano -
DerTor Steher -
Justaguy -
Lukas Erlacher -
Markus Hitter -
Matthew Anderson -
Michael Edwards -
Mirimir -
Moritz Bartl -
Philipp Defner -
Seth -
User_X