Anonymous Living

Roger Dingeldine just bumped Tor SVN revision 10982 (/tor/trunk) to 0.2.0.3-alpha and put it in place for immediate testing at http://freehaven.net/~arma/tor-0.2.0.3-alpha.tar.gz

The Changelog.

0.2.0.3-alpha changelog story is this:

Changes in version 0.2.0.3-alpha - 2007-07-29
o Major features:
- Create listener connections before we setuid to the configured
User and Group. Now you can choose port values under 1024, start
Tor as root, and have Tor bind those ports before it changes to
another UID.
- New ConstrainedSockets option to set SO_SNDBUF and SO_RCVBUF on TCP
sockets. Hopefully useful for Tor servers running on “vserver”
accounts. (Patch from coderman.)
- Be even more aggressive about separating local traffic from relayed
traffic when RelayBandwidthRate is set. (Refines proposal 111.)

o Major features (experimental):
- First cut of code for directory authorities to vote on a common
network status document rather than each publishing their own
opinion.  This code needs more testing and more corner-case handling
before it’s ready for use.

o Security fixes:
- Directory authorities now call routers Fast if their bandwidth is
at least 100KB/s, and consider their bandwidth adequate to be a
Guard if it is at least 250KB/s, no matter the medians. This fix
complements proposal 107. [Bugfix on 0.1.2.x]
- Directory authorities now never mark more than 3 servers per IP as
Valid and Running.  (Implements proposal 109, by Kevin Bauer and
Damon McCoy.)
- Minor change to organizationName and commonName generation procedures
in certificates, to invalidate some earlier censorware approaches.
This is not a long-term solution, but applying it will give us a bit of
time to look into the epidemiology of countermeasures as they spread.

o Major bugfixes (directory):
- Rewrite directory tokenization code to never run off the end of
a string. Fixes bug 455. Patch from croup. [Bugfix on 0.1.2.x]

o Minor features (controller):
- Add a SOURCE_ADDR field to STREAM NEW events so that controllers can
match requests to applications. (Patch from Robert Hogan.)
- Report address and port correctly on connections to DNSPort. (Patch
from Robert Hogan.)
- Add a RESOLVE command to launch hostname lookups. (Original patch
from Robert Hogan.)
- Add GETINFO status/enough-dir-info to let controllers tell whether
Tor has downloaded sufficient directory information. (Patch
from Tup.)
- You can now use the ControlSocket option to tell Tor to listen for
controller connections on Unix domain sockets on systems that
support them. (Patch from Peter Palfrader.)
- STREAM NEW events are generated for DNSPort requests and for
tunneled directory connections. (Patch from Robert Hogan.)
- New “GETINFO address-mappings/*” command to get address mappings
with expiry information. “addr-mappings/*” is now deprecated.
(Patch from Tup.)

o Minor features (misc):
- Merge in some (as-yet-unused) IPv6 address manipulation code. (Patch
from croup.)
- The tor-gencert tool now creates all files as readable to the file
creator only, and write-protects the authority identity key.
- When dumping memory usage, list bytes used in buffer memory
free-lists.
- When running with dmalloc, dump more stats on hup and on exit.
- Directory authorities now fail quickly and (relatively) harmlessly
if they generate a network status document that is somehow
malformed.

o Performance improvements:
- Be more aggressive with freeing buffer RAM or putting it on the
free lists.
- If exit bandwidth ever exceeds one third of total bandwidth, then
use the correct formula to weight exit nodes when choosing paths.
(Based on patch from Mike Perry.)
- Use Critical Sections rather than Mutexes for synchronizing threads
on win32; Mutexes are heavier-weight, and designed for synchronizing
between processes.

o Deprecated and removed features:
- RedirectExits is now deprecated.
- Stop allowing address masks that do not correspond to bit prefixes.
We have warned about these for a really long time; now it’s time
to reject them. (Patch from croup.)

o Minor bugfixes (directory):
- Fix another crash bug related to extra-info caching. (Bug found by
Peter Palfrader.) [Bugfix on 0.2.0.2-alpha]
- Directories no longer return a “304 not modified” when they don’t
have the networkstatus the client asked for. Also fix a memory
leak when returning 304 not modified. [Bugfixes on 0.2.0.2-alpha]
- We had accidentally labelled 0.1.2.x directory servers as not
suitable for begin_dir requests, and had labelled no directory
servers as suitable for uploading extra-info documents. [Bugfix
on 0.2.0.1-alpha]

o Minor bugfixes (dns):
- Fix a crash when DNSPort is set more than once. (Patch from Robert
Hogan.) [Bugfix on 0.2.0.2-alpha]
- Add DNSPort connections to the global connection list, so that we
can time them out correctly. (Bug found by Robert Hogan.) [Bugfix
on 0.2.0.2-alpha]
- Fix a dangling reference that could lead to a crash when DNSPort is
changed or closed (Patch from Robert Hogan.) [Bugfix on
0.2.0.2-alpha]

o Minor bugfixes (controller):
- Provide DNS expiry times in GMT, not in local time. For backward
compatibility, ADDRMAP events only provide GMT expiry in an extended
field. “GETINFO address-mappings” always does the right thing.
- Use CRLF line endings properly in NS events.
- Terminate multi-line control events properly. (Original patch from tup.)
[Bugfix on 0.1.2.x-alpha]
- Do not include spaces in SOURCE_ADDR fields in STREAM events. Resolves
bug 472.  [Bugfix on 0.2.0.x-alpha]

o Minor bugfixes (misc):
- Choose perfectly fairly among routers when choosing by bandwidth and
weighting by fraction of bandwidth provided by exits. Previously, we
would choose with only approximate fairness, and correct ourselves
if we ran off the end of the list. [Bugfix on 0.1.2.x]

No announcement yet

The Changelog is in the SVN. The package is packed. 2.0.3 is as good as released.

But it must be mentioned that there is no official announcement at this point in time. However, tor-0.2.0.3-alpha.tar.gz will be available at the official site & mirrors in addition to http://freehaven.net/~arma/tor-0.2.0.3-a… shortly.

You can also get the sourcecode for this exact version using the following command:

svn checkout https://tor-svn.freehaven.net/svn/tor/tr… tor -r 10982

DNS Server

One last detail. The latest Tor version can be used as DNS servers. All you have to do is to add something like this to your torrc:

DNSPort 53
DNSListenAddress 127.0.0.1

Root involvement also nice

New versions can also start as root, bind to low ports and then leave root and run doggedly on as whatever user you’ve set using User and Group in torrc.

Happy upgrading… and good luck. 

Benjamin Schieder as announced that he will no longer develop the ROCKate LiveCD after German laws reciently became even more fascist than they were during World War II. ROCKate is a Linux LiveCD which includes anonymity software such as Tor. It is clear that the tyrannical German government does not want you or your loved ones to have access to this technology. No. Benjamin announced the following information regarding this at OR-Talk:

Hi people.

In response to a law that passed the german legislative today, I will cease
production, development and distribution of ROCKate binaries and - maybe -
even source code soon.

The reasen is §202c StGB which states (IANAL translation):

“Producing, acquiring, selling, giving, distributing or making-accessible of
passwords or other access codes as well as computer programs whose aim it is
to commi a crime … will be punished with up to one year in jail or a fine.”

See also: http://www.phenoelit.de/202/202.html

Basically, these waters are too hot for me to tread in. Though the official
reading of the wall - reading from politicians that is - says that they only
target ‘criminals’ and there is no need to worry with the wording, nobody
knows when some underworked lawyer thinks he might go on to sue the ass off
of everyone in IT.

If someone wants to mirror/host/develop ROCKate further, be my guest. If you
need technical assistance, I can offer guidance, but I probably won’t write
a single line of code anymore. Sorry.

Greetings, Benjamin

If you are in a country which is slightly more free than Germany and you want to help keep the ROCKate project alive then please do so. It is clear

Someone posted a comment saying that it is hard to get a valid copy of a new version of Tor. It’s real easy if you already have a working version of Tor: Go to https://tor.eff.org/download.html.en and download a new copy using Tor. The website is https, the certificate has fingerprint 00:FE:80:50:1A:33:90:B4:97:DE:D7:FF:4D:31:D8:30:7B (issued to *.eff.org) and you can be sure the copy you get is valid since you are using a end-to-end https connection.

It may be slightly harder to get a copy of Tor if you don’t have a working copy of it already if tor.eff.org is blocked in your country (there are many mirrors like https://tor.linuxreviews.org/ which may work if tor.eff.org is blocked). Perhaps the best thing to do is to ask around and find out if anyone you know has a copy if all the sites where it can be downloaded on the net are blocked. If you have a copy of Tor then it’s easy to get a new version: just download the upgrade using Tor..

Random open WIFI networks and pay pr use public WIFIs at cafés and such are great if you have a laptop computer. But can you trust them? Are they perhaps subject to surveillance? How do you know if an adversary or anyone else for that matter are watching your traffic?

Encrypt pass your local adversary

The Google Scraper Scroogle.org are now offering their SSL version under the slogan “(coffee shop WiFi entrance)”. This is great if you just want to hide which search-terms you are submitting to Google via Scroogle from someone who is watching you locally, but there’s a catch:

They know that you’re connected to Scroogle using a HTTPS connection. It is encrypted, but it’s there in plain sites, everyone can see that you’re sending a few bytes thisway and getting sligktly more back thatway and it’s plain obvious that you’ve search for something. It is still easy to profile you and classify you as “the terrorist” by doing traffic analysis of your activities on the Internet even if all the sites you visit are visited using https. Big Brother will just say “We know you’re viewing a lot of pages on all these subversive websites. We don’t know what you are looking at there since you are viewing them using https, but we don’t care, we know all these sites are subversive and we don’t care exactly what subversive activity you are interested in).

Tor is a better solution when you’re at a public cafe. Or using some random WIFI you stumbled upon. It will encrypt your traffic through the wifi, through three random Tor-servers and comes out at some random Tor exit node and goes to the website you are interested in. The only catch is that you can’t submit plaintext login information over Tor since you should assume that all Tor-traffic is eavesdropped (which isn’t near as upsetting as it sounds, all someone watching what goes out of a Tor exit node sees is that “some guy who came through the Tor-network fetched some website”).

Good for non-wifi cafés too.

One last detail: You probably want to buy one of those really cheap 1 GB USB memory sticks and put a Linux distribution which includes Tor or something like that on it. You’ll find that real handy if you come accross an Internet café without a WIFI, in which case you have to use their desktop computers).

Incognito is yet another Linux Live-CD for network anonymity when you are on the movie. It’s based on Gentoo Linux and boots into a complete Linux system where all the network traffic goes through the Tor onion router.

The CD comes in a “small” version with Firefox, Fluxbox as as window manager and Tor/Privoxy and a full version with KDE and a whole lot of network security tools.

The CD may be a specially good investment in fascist-ruled countries such as those with in the NATO alliance since it will allow you to access censored websites and also allow you to download later versions of Tor if the tyrannical G8 dictators in the supposedly “free” world suddenly decide to revoke the common peoples access to uncensored information.

The CD may also be essential if you frequently travel from place to place and use the Internet - that is, if those places allow you to reboot the computers using your own CD, many libraries and Internet cafées will not allow you to do that. However, it’s been rumored that Internet café employees in Egypt only require a very small tip to allow tourist to do this. The same may be true in other parts of the world.

See http://www.patdouble.com/incognito.htm to d0wnload and to et more information.

The relatively unimportant photo sharing website Flickr is now supposedly partly censored when viewed by people from The Middle Kingdom. Flickr story regarding this on their “Help / Forum” is:

Update from Flickr staff (10:00 PDT, June 7th) : It seems that access to our image servers is being blocked for users in much of China. Our technical staff has looked into this at depth and determined this is not a technical issue from our end. We will keep an eye on the situation and update if we get any developments.

Update from Flickr staff [2] (01:00 PDT, June 8th) : We are checking periodically to see if the block is still in place, but haven’t detected any change. We hope that this is a temporary issue and we currently believe that it will be. In the meantime, we are investigating our alternatives. Thank’s for your patience,

Xiamen protest censorship indicated?

Flickr is mostly used by the almost completely mindcontrolled drone-like slaves within the NATO alliance to share pictures of their mostly dumb-as-cows dressed-up-as-dicated-by-television friends and loved ones. Internet rumors indicate that numerous more interesting pictures than usual have been uploaded to Flickr the last few days:

There were huge demonstrations against the building of a chemical plant in Xiamen, China the whole week after construction workers decided to stop working on May 30th. Rumors indicate that many pictures from these protest were uploaded to Flickr and other sites on the Internet. The Flickr-claimed censorship of images to users visiting from China just happened to start shortly after these signifficant demonstrations in Xiamen.

xiamen-2007-06-04.flv

The rumors of censorship are likely true. This is indicated by the heavily-censored crinically-lying western “free” press agency “The Associated Press” claims that the protests were not in the streets by done by text messages. Thus; China already having enlisted the fascist western “news outlets” in their propaganda may compell them to take serious measures to ensure that the truth is heavily supressed.

Tor solution still working

It’s still possile to make connections from China to the whole Tor-network. Thus; it’s still possible to make uncensored connections to Flickr using a Tor-client - which is available from tor.eff.org & tor.linuxreviews.org. Tor is mainly used by people within the NATO alliance to avoid government torture for reading or writing the wrong thing on the Internet, but it also works great to view partially censored sites such as Flickr claims to be when visiting from China right now.

The long-established location hidden Tor-service The Hidden Wiki (http://6sxoyfb3h2nvok2d.onion/) is now gone and now only shows the following message:

“The hidden wiki is gone. If you set up a new one and post the link to the or-talk list I’ll link it from here. 06/07/07.”

There are several location hidden wiki’s. The one knows as The hidden wiki is the one admitted and recommended as a starting point for people who are new to Tor and the only-available-to-Tor-users location hidden services, which possibly explains why this particular hidden wiki is known as The hidden wiki.

Location hidden services are websites and services who are provided using a Tor-server and can only be accessed using a Tor-client. The actual domains for the services are hard to guess (and remember) because the domains are actually hashes of a private key. This provides security since you can be sure that the service you connect to are actually run by the person(s) who have the key for the hash you are visiting. It also makes location hidden services very hard to find by accident.

The hidden wiki was a nice starting point for location hidden services, a “front page” if you will. Now it’s gone. Thus; I feel compelled to provide some other nice starting points for people who are relatively new to Tor and location hidden services.

nnqtnsoohprzqcke

Nnqtnsoohprzqcke(tm) is a Tor-land search-engine based on the free DataParkSearch search engine software. It’s a great first step into the world of location hidden Tor-services for two important reasons:

1. It looks very much like that well-known non-Tor search-engine.
2. It’s fast. Relatively speaking. Tor’s .onion services are slower than normal websites. Searching nnqtnsoohprzqcke is slower than other search-engines for this reason, but the slight deal is limited to the typical “it’s a .onion site”-delay. nnqtnsoohprzqcke itself seems very fast.

Toogle

Toogle is the other good Tor-land search-engine. It’s based on mnogosearch and is a nice startingpoint. It seems to return fewer and less relevant results than Nnqtnsoohprzqcke(tm), but still: It’s relatively fast and it presents a clean search-result page.

..just a few more tips..

The above mentioned search-engines should allow you to find most of the interesting non-closed community location hidden services. Here are a few more startingpointers just for fun:

• onionforum - perhaps the most visited/used forum in onionland.
• APE hidden services links - A wikipage with a list of location hidden services, much like the one which was at the front page of The hidden wiki.

This should be enough links to .onion-land to get you started on the anonymous and uncencored Internet.

One last little detail: There are a few location hidden services who may upset some people. 99.9% of them are labelled as such when linked to, the chance of accidentially visiting a site with content that is disturbing to most people is realtively low. But it may happen. You’ve been warned. Now.. welcome to Tor-land and do enjoy all the subversive sites and services out there!

E-mail spam has been a huge problem for years and it just don’t want to go away. And the line between a spam mailing list and a interesting mailing list is sometimes thin.

“Kyle” had this to say in a reply to a message about problems with the anonymity software Tor on the OR-Talk mailing list:

FIRST AND FINAL WARNING!!!!
You have 48 hours to remove me from your mailing list.
If you do NOT remove me, I will DDOS (Distributed Denial of Service) your
server until you are broke.

Try me, I got 10 OC192’s, 15 OC48’s, and 8 OC12’s just waiting for shit like
this…and I’m getting pissed. If you are working for yourself or some spam
king, either way the “customer” who is paying you to “advertise” will NOT be
happy when they spent their money to be only be attacked in return.

Remove me or else I remove your source of revenue.

Again, FIRST AND FINAL WARNING!!!!

Have a nice day and get a real fucking job.

“Kyle” then got a copy of his message to the mailing list back to him and realized that it was a reply to a legitimate message from a mailing list he subscribes to - and not a reply to spam. He then mailed this to OR-talk:

Subject: IGNORE PREVIOUS MESSAGE
I was testing a spam-reply script and  or-talk at freehaven.net got into it
somehow.
My bad, sorry.

Well, good luck with your spam-reply script, Kyle! I personally think such scripts are a bad idea, because what they really do is tell the spammer is that “You know, this is a valid e-mail account, your spam is getting through, you should mark it as a valid mail account and send it more spam”.

Oh, btw. Don’t mess with Kyle. Remember, he’s got all those 10 OC192’s, 15 OC48’s, and 8 OC12’s just waiting for shit.

Big Brother, in various shapes and forms, is watching you, including what you do on the Internet. Encryption is a good tool for combating surveillance, but i’s not enough: The adversary can still see who you are communicating with even though the communications itself is encrypted. This is why resistance against traffic analysis is important. The network security tool Tor is much likely the best currently available software for resisting.

But how effective is it? The excellent new research paper (draft) titled “Sampled Traffic Analysis by Internet-Exchange-Level Adversaries” by Steven Murdoch and Piotr Zielinksi introduces a new class of adversary: The Internet Exchanges (IX’s). It builds on the PET Award nominated paper, “Location Diversity in Anonymity Networks“, by Nick Feamster and Roger Dingledine, which shows that level 1 tier networks (which is the backbone for many ISPs) is a big threat.  Murdoch and Zielinksi points out that there’s an even bigger threat: The points in various countries where ISPs exchange data with other ISPs. The IX’s are, as their paper points out, excellent places to do surveillance and traffic analysis.

Is there any reason to worry about this if you are using Tor? As Murdoch points out in his blog:

“Right now there is no particular need to worry – this paper introduces a new class of adversary, and reduces the cost estimate of the attack, but fundementally end-to-end traffic analysis is not new. There remains much work to be done before implementation of defences can begin, such as verifying the hypothesis on a larger scale and establishing how to perform secure traceroute-based network mapping on Tor. I think this paper shows that this is a promising area of research and I hope it will spur further development.”

But what if you’re not using Tor? “Sampled Traffic Analysis by Internet-Exchange-Level Adversaries” is, imho, specially worth reading if you’re not taking steps to prevent surveillance and traffic analysis on the Internet. To put it simply: Papers who describe threats when you’re using anonymity software really do show you just how vulnerable you are on the Internet when you’re not taking stepts to protect yourself.

Tor is a Internet security tool which provides properties such as traffic analysis communications and anonymity. It can be used to browse and participate on the Internet without fear of covert government torture in tyrannical pretend-to-be-democracy NATO-regimes such as Norway. A new version of the “stable” branch is now available.

The new version has some software fixes, but more importantly, the addresses of two directory authorities have been changed and their IPs are hardcoded into the Tor software. Thus; you really should upgrade - specially if you happen to be serving location hidden services.

Official Tor maintainers story regarding this release is:

Tor 0.1.2.14 changes the addresses of two directory authorities (this change especially affects those who serve or use hidden services), and fixes several other crash- and security-related bugs.

We’ll put out 0.1.1.27 in the next week or so for people who absolutely can’t upgrade — but really, please upgrade to 0.1.2.14 if you can. Those still running 0.1.0.x should now consider it obsolete and unsupported.

https://tor.eff.org/download.html

Changes in version 0.1.2.14 - 2007-05-25

• Directory authority changes:
  • Two directory authorities (moria1 and moria2) just moved to new
    IP addresses. This change will particularly affect those who serve
    or use hidden services.
• Major bugfixes (crashes):
  • If a directory server runs out of space in the connection table
    as it’s processing a begin_dir request, it will free the exit stream
    but leave it attached to the circuit, leading to unpredictable
    behavior. (Reported by seeess, fixes bug 425.)
  • Fix a bug in dirserv_remove_invalid() that would cause authorities
    to corrupt memory under some really unlikely scenarios.
  • Tighten router parsing rules. (Bugs reported by Benedikt Boss.)
  • Avoid segfaults when reading from mmaped descriptor file. (Reported
    by lodger.)
• Major bugfixes (security):
  • When choosing an entry guard for a circuit, avoid using guards
    that are in the same family as the chosen exit — not just guards
    that are exactly the chosen exit. (Reported by lodger.)
• Major bugfixes (resource management):
  • If a directory authority is down, skip it when deciding where to get
    networkstatus objects or descriptors. Otherwise we keep asking
    every 10 seconds forever. Fixes bug 384.
  • Count it as a failure if we fetch a valid network-status but we
    don’t want to keep it. Otherwise we’ll keep fetching it and keep
    not wanting to keep it. Fixes part of bug 422.
  • If all of our dirservers have given us bad or no networkstatuses
    lately, then stop hammering them once per minute even when we
    think they’re failed. Fixes another part of bug 422.
• Minor bugfixes:
  • - Actually set the purpose correctly for descriptors inserted with
  • purpose=controller.
  • - When we have k non-v2 authorities in our DirServer config,
  • we ignored the last k authorities in the list when updating our
  • network-statuses.
  • - Correctly back-off from requesting router descriptors that we are
  • having a hard time downloading.
  • - Read resolv.conf files correctly on platforms where read() returns
  • partial results on small file reads.
  • - Don’t rebuild the entire router store every time we get 32K of
  • routers: rebuild it when the journal gets very large, or when
  • the gaps in the store get very large.
• Minor features:
  • - When routers publish SVN revisions in their router descriptors,
  • authorities now include those versions correctly in networkstatus
  • documents.
  • - Warn when using a version of libevent before 1.3b to run a server on
  • OSX or BSD: these versions interact badly with userspace threads.