irc logs archive
IRC Archive / Oftc / #tor / 2010 / April / 12 / 1
donovan
question: how can i increse browsing site when im using tor ?
anyone ? , thanx
..incresing browsing speed at maximum
darrob
donovan: consider using polipo and/or squid. maybe even a dns caching proxy though i haven't looked into that myself.
frodo
Just started using Tor. I'm in the US. When I go to www.google.com I get the russian page www.google.ru. Is this normal when using Tor? I guess this is because google is getting a Russia IP address from the last server that my request went through?
darrob
frodo: correct
murb
frodo: go to http://www.google.com/ncr
frodo
Thanks guys. I tried http://www.google.com/ncr and that brought up the English page.
dr|z3d
frodo: add your own language search via mycroft, or specify google.us or google.co.nz. or google.co.uk for English results.
http://mycroft.mozdev.org .. you might also consider adding https://ssl.scroogle.org to your Firefox quicksearch bar, assuming you're using Firefox..



frodo
dr|z3d: Good ideas. Thanks.
dr|z3d
frodo: No worries. Also you might like to browse to about:config in Firefox, filter for keyword, and then amend the url you'll see there.
frodo
Another question... With Tor your http requests gets bounced around to different To servers to make who is the origial sender. I see from the Tor site that anyone can sign up to be a Tor server. Does this not mean that someone with bad intentions could sign up to be a Tor server, capture all of the packets I am sending and then extract personal information from them? For instance if I'm doing on-line banking of shopping. I guess in those
case the packets would be encrypted but what about when the packets are not encyrpted. Am I right about this or am I missing somehting?
katmagic
You're absolutely right.
dr|z3d
frodo: Exactly right.
katmagic
That's an inherent flaw in the Tor design.
dr|z3d
The exit server is the weakest link.
katmagic
Or in the design of the Internet in general, actually.
dr|z3d
For best results, ensure all traffic that passes over Tor is encrypted.
katmagic
Your ISP can do that to you when you're not using Tor.
Or any of the servers in between.
Try running a traceroute. It's scary.
rudi_s
frodo: And make sure you verify SSL certificates to prevent Man-In-The-Middle attacks.
katmagic
https://addons.mozilla.org/en-US/firefox/addon/6415
^ That's a pretty cool add-on.
phobos
cert patrol is neat
petname used to do something similar
but then stopped tracking changes to certs
katmagic
I wish there was an option to disable the pop-ups the first time you see a site, though.



mikeperry
does cert patrol do anything other than be annoying?
I've been running it for a while
I still don't understand what it actually does
other than make me click OK sometimes to a big bunch of text
phobos
it simply records the cert fingerprint
so you can get a warning if the cert doesn't match in the future
otherwise, no, it does nothing else
mikeperry
does it ever tell you if it has actually changed? or is it still the same big bunch of text?
or perhaps a very similar big bunch of text that I've already clicked OK to after being owned without realizing it :)
katmagic
It tells you if a certificate's changed.
The big bunch of text at the beginning is the annoying first show.
mikeperry
tell me the warning looks significantly differnet
katmagic
I've never had a certificate change, though, so I don't know what happens.
mikeperry
if its a also a big grey window, its a pretty useless addon
way too much warning fatigue
phobos
this is why i remove all CAs
mikeperry
no preferences for it either
katmagic
Yeah, that's really annoying.
phobos
nope
mikeperry
yep, the warning looks almost exactly the same as the new cert window, which you can't seem to disable
phobos
and you can't see what it has stored
katmagic
Really? That's vexing.
phobos
nor can you stop it from saving a cert
mikeperry
when is this certlock thingy coming out?
that sounds like it could actually be useful
phobos
and i'd like it so say "this same cert was used on domains x, y, z"
mikeperry
or is it just a reasearch paper, and forever so it will remain just to pad someone's CV
phobos
i wonder if you could enumerate this domains cert patrol has saved and get a browsing history
s/this/the/
i'm sure it's in someone's CV for a good decade
mikeperry
you can do that with normal SSL certs
there actually is some torbutton code written to try to isolate the SSL cert stores between tor states. but the firefox apis for interacting with the cert store are super buggy and prone to crash bugs
phobos
sweet
mikeperry
and other weirdness with client certs
phobos
fail, extremely, and brittle
mikeperry
I should reinvestigate them in a recent FF release
katmagic
I suppose I'm going to uninstall CertPatrol, then.
phobos
i worry about the enumeration attack for not using CAs too
katmagic
Someone should become a Tor liaison to Firefox.
phobos
i'm sure i have a unique set of certs saved
which would leave a fine fingerprint
we have two people who know firefox people well
it's firefox that doesn't seem to care so much
or, doesn't prioritize what we do
mikeperry
hrmm Soghoian did certlock. he is pretty good at releasing code, at least. maybe he's just busy..
phobos
clearly we need to just exploit ff, do a defcon/blackhat talk, and then wait for the fix
i'm sure he's busy taking on the entire ad industry
abusing his ftc powers
"have a taco, punks"
nsa
or: phobos committed revision 22170 (/torbrowser/trunk): update tbb todo to current state.
Hamra
greetings everyone. my tor setup is set to intercept packets transparently. is there anyway i can filter out torrent data out?
Sebastian
your firewall might have a way to filter data by application
Hamra
the most plausible idea was using --cmd-owner in iptables to filter ktorrent packets, but alas, ubuntu doesn't support it
katmagic
You could use a different user account for torrenting.
Hamra
yeah, i thought of that. iptables becomes a piece of cake, but will mean chowning soe directories, and an edit to sudoers to avoid having to type a password everytime. i think this would be the simplest way so far
torrent is all TCP, right?
katmagic
Use gksudo.
(if you're having X problems.)
Some torrents use UDP.
dr|z3d
Torrent is mostly TCP, but there is some UDP support as well.
katmagic
Especially for trackers.
dr|z3d
(Action) stops being an echo and leaves katmagic to it.
katmagic
They sometimes have udp:// URLs.
lol
Hamra
as long as it has an http tracker this shouldn'r be a problem, almost all do.
katmagic
But you want the torrents to _not_ go over Tor, right?
Hamra
yeah
everything goes through tor now, i want torrent data to go directly, with the exception of the tracker bit, which can be easily configured in ktorrent's settings itself
katmagic
Yes. So the answer is to run it as a different user.
I do not believe you can filter traffic by the process's binary's location. I might be wrong, though.
Hamra
there is a parameter called --cmd-owner for ptables, but it needs to be compiled in the kernel. it was removed from mainstream kernel a while ago, and most distros dont use it anymore
katmagic
Well, cool.
Then start using Gentoo, I guess.
Hamra
lol, nah
my peers disappeared from the tor network map, and i can see them in iftop, everything working fine :D
dr|z3d
Vidalia's just not managed to connect to Tor properly, then..
Maybe Tor's running as a service?
Hamra
no no, that's the intended response. i *want* them to disappear from the network map, i dont want my torrents running through tor
katmagic
I think Hamra means the BitTorrent peers.
dr|z3d
Ah, my bad. As you were.
Hamra
and my tor is running in a chroot jail. vidalia cant start it, but if set to not try and start tor, it can connect it, but cant modify its settings. vidalia should include an option for blindly connecting to tor, without access to its files
ktor can do it, but IMHO it's not as useful and friendly as vidalia
dr|z3d
Is that distinct from TorK?
Hamra
oops, i meant torK :P not sure why ktor came to my mind
dr|z3d
Ah, thought you might have meant TorK :) Well, for some things, I find TorK actually streets ahead of Vidalia.. connection monitoring, automatic application proxying to name but two.
figaro
anyone have a URL (non tor) list somewhere on the internet of IRC based networks, and or web based IRC networks who do not block tor as policy?
dr|z3d
Not afaik, figaro, no.
If there's a list out there, likely google knows it.
See ya!
(Don't rush back)
ln5
looks like one of my relays got thrown out of the consensus at midnight (GMT). the tor process seems happy enough. anybody else seeing the same?
arma
a couple of people have been reporting something similar lately
no clue what it might be.
my first guess is that it tried to publish a new descriptor, but it didn't get the descriptor to enough authorities, so not enough people voted Running
ln5
arma: hmm, anything i can do in helping debugging it?
arma
nickname?
ln5
maatuska
arma
yep. i see four votes for it
only three of them vote Running
(ides doesn't like you)
i think my diagnosis is right
we screwed up the network by ditching the v2 directory system too early
i have a patch in my git, but it doesn't quite work right
"restart your relay" is my only suggestion for now.
or wait 16 hours and it'll publish again
ln5
it's been restarted, we'll see what happens
thanks
why would ides not like it btw?
arma
no idea
katmagic
http://arxiv.org/abs/1004.1267v1
TJ
how and where can i have 0.9.8n?
openssl
TJ
is there an rpm ready for this? im a noob
katmagic
(1.0.0 is the latest stable version, though.)
I'd suggest searching for OpenSSLl in your package manager or compiling it from source. (It's quite easy, though you won't get automatic upgrades.)
TJ
the thing is disto dont have that version and im particularly need it to have my node work
Runa
TJ: what if you downgrade? (not very pretty, but it might be a solution)
TJ
i did for several times. here's the thing downgrade or upgrade it works initially but as soon as i restart tor. it goes back to the same problem
katmagic
Does Tor require 0.9.8n?
TJ
i wondering if those centos nodes owners have no problem after retarting :(
someone claimed that 0.9.8n fixed his problem so im freaking find a way to have that but it'snot included in my distro update (
katmagic
Tor builds just fine without it.
http://www.linuxquestions.org/linux/answers/Applications_GUI_Multimedia/Compiling_Programs_from_Source
Use the link I provided before and that if you really feel you need the new version.
(Actually, you should probably use 1.0.0.)
TJ
so i have to compile to have such version?
katmagic
As far as I know, no pre-made RPMs of 1.0.0 exist. If you can find one, cool. If not, then you either need to get someone to make an RPM for you or compile it yourself.
It's really just three commands. `./configure; make; sudo make install`.
Or `./configure; make; su` then `make install`, depending on whether or not your distribution uses sudo.
TJ
oh.ok.i will try it now
katmagic
(Yes, it is supposed to make that big mess on your screen.)
I'm not sure how well this will coexist with your vendor-supplied version, though.
You may have to compile Tor relinked with the new location, too.
You should ask someone who knows about Red Hat.
(I don't think this is going to help, either.)
Dragon_Eros
hello
katmagic
Hi.
Dragon_Eros
how do I connect to a TOR version of Firefox?
katmagic
You can access the Internet over Tor with Firefox by using TorButton, which should be included in the Tor Browser Bundle or can be found at https://www.torproject.org/torbutton/ .
Dragon_Eros
I d/l the Vadalia bundle....I do not see a "Tor Button"
katmagic
Did you restart Firefox?
Dragon_Eros
I am on the tor button page now...........gimme a sec plz
does it matter if I install from tor sire or mozella site?
katmagic
Yes. Apparently the version at addons.mozilla.org will no longer automatically update.
Dragon_Eros
see..........I always thought that when I started Tor it would open a new Firefox browser.....but it never does
katmagic
No. You toggle TorButton to switch the browser.
(The rationale for discontinuing auto-updates is at https://blog.torproject.org/blog/torbutton-release-125-google-captchas-and-addonsmozillaorg .)
Dragon_Eros
it says it can not instal
katmagic
Why?
Dragon_Eros
Invalid file hash
katmagic
*Very* interesting. Do you mind if I ask who your ISP is?
Dragon_Eros
I am on a SSL Server
I think
everything to and from My PC is run through a tunnel
katmagic
You restarted Firefox after installing the bundle, right?
Dragon_Eros
yes..........I installed the bundle months ago
katmagic
It looks like TorButton goes over clear text even if you're accessing the HTTPS version of the web site.
So your ISP would be able to tamper with the file.
(Though obviously not allow it to install.)
Dragon_Eros
Embarq is My servrer
katmagic
And you don't have a 'Tor Disabled' button on the right side of your Firefox status bar?
Dragon_Eros
yes
but the onion is green
it says tor is disabled
katmagic
Click on it.
Dragon_Eros
just switched tgo "tor enabled"
katmagic
(The Vidalia icon means that the Tor daemon is running; the 'Tor Enabled' means that Firefox is using Tor.)
Dragon_Eros
but............