Delivery-Date: Sat, 21 May 2016 17:22:50 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [138.201.14.202])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 6AFA31E0330;
	Sat, 21 May 2016 17:22:48 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 3CEE3E057B;
	Sat, 21 May 2016 21:22:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 3BD58E056F
 for <tor-talk@lists.torproject.org>; Sat, 21 May 2016 21:22:40 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id mchSuPcotT9I for <tor-talk@lists.torproject.org>;
 Sat, 21 May 2016 21:22:40 +0000 (UTC)
Received: from mout.kundenserver.de (mout.kundenserver.de [212.227.17.24])
 (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 16303E054E
 for <tor-talk@lists.torproject.org>; Sat, 21 May 2016 21:22:39 +0000 (UTC)
X-Greylist: delayed 334 seconds by postgrey-1.34 at eugeni;
 Sat, 21 May 2016 21:22:40 UTC
Received: from [192.168.0.197] ([95.62.203.29]) by mrelayeu.kundenserver.de
 (mreue101) with ESMTPSA (Nemesis) id 0LiCmZ-1brKo82XkR-00nRkk for
 <tor-talk@lists.torproject.org>; Sat, 21 May 2016 23:17:03 +0200
To: tor-talk@lists.torproject.org
References: <5740A15F.7080009@avanix.es> <5740AECB.5050904@torservers.net>
From: juanjo fornes <juanjo@avanix.es>
Message-ID: <5740D04C.3040000@avanix.es>
Date: Sat, 21 May 2016 23:17:00 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <5740AECB.5050904@torservers.net>
X-Provags-ID: V03:K0:ddI/9fzQVH3Da8wDVo0wTNwoSs6LSs77ruDJR0ONzox21VBCUXI
 WRsmRXibqPHiSzb3rfzODhQ++Qzf01oKmcFBQ/czGNoIcZj4dqoo5GRU6cHvuGz5AjHwc4H
 W1FRgIR21GHkXEP3K3uR9s41KaTAyYaSQp2dC5pa7LtsgtTYrkyrKzmqCcOKiJWiPUuWbll
 WXpvs0Y2x2hJauajiLhwQ==
X-UI-Out-Filterresults: notjunk:1;V01:K0:xxfgXr/SLgY=:5aVcg5aff3JLKVOB4EAETl
 7z5ZkZweiOKUhFoHaXGMqsAN566WUXoPpEpgCsQDMqecLxeSkxo+rV/2JW7qJa23+qalIGx7p
 5hVjKI2V3hQ+wEd1okz2M60dNE/qbu9JvQ37t1/BIZPAeLENyj00hNAp3wMYcnO0s/K7aDvgA
 t9yYAt4McuYgdosie+7IJMwGjSk77LnmF1sfCAk3z00Db0brnq19M5uYepWCFDOT81nmryfJ4
 7povcgTF5Xqh6f4Ajg/GPu4Li/qKV6z8qEE/XxEbdbuTc2LCiyK6kpjHcx92jDWw4P6m66XAb
 KgEOkAcj6id8OS131x6BwASD8rS/no3UVZYvse+OV3+xIlvSZbuCCAiWAgcCbeVjfWO7ZWbIA
 h+XE7bu1fge73aZLGHFY68y6gJ3II6U43XX9+EbGpSVejHvNgkUIRwnFOQzOBm8g1jqV2/jIw
 mpUkBoyYFVlbwVnBNdSVsSQ9Jaow3fWE8kanB4fS07T9JI6ONlSeHtALJ76sd6nZp+aO6Cf/N
 pmzYxOwSXHxbqf2e8meJ79mnTBhv+tMQqSTJU+kpvwa/xX0BGm3UhFxtREYLQJ2xzGjFd3dDd
 0iSn19w6KRiwGtbF9NJoSR6HHKECf/tM+jvRMG4I0B7F0WCbHRbSR21HExlRYWCe5o5R6VBMF
 KWI8VzDTItKksm5ifsR/hkBvmnB1xYVImgG2uI8ZeME6U5hs7Usr8TTcCbb75vEd9lAYMarDS
 k2HH9hCKiT1O202u
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Some thoughts about Tor Project
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="windows-1252"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>



El 21/05/2016 a las 20:54, Moritz Bartl escribi=F3:
> Hi juanjo,
>
> Welcome! :)
>
> On 05/21/2016 07:56 PM, juanjo wrote:
>> -A circuit should never have all hops from the same country: days ago I
>> was on a web with the latest version of Tor Browser and I advised all
>> hops from the circuit were from the same country. This is bad, since
>> with bulk data collection and traffic analysis this country could
>> deanonymize me easily.
> The decision is hard to make across all users. You want a uniform
> strategy for all 2 million+ users. Crossing country borders might
> actually make it legally and technically *more* easy for your adversary
> to collect and analyze traffic. If, say, all relays in your circuit
> happen to be on ISPs that peer with each other, there might not be a
> tapping device installed at all in between those. Internet routing is
> complex.
>
> But, yes, for many users it may be useful to cross borders. You seem to
> be interested in anonymity, so you will love
> http://freehaven.net/anonbib/ :-)
> http://freehaven.net/anonbib/#ccs2013-usersrouted is a quite good
> overview paper that looks at the problem you touch.

Well, Tor Browser by default chooses randomly the nodes which will be =

part of a circuit, so most of them actually are not from the same =

country. I don't understand your point here... there could be cases and =

users where crossing borders might be illegal or more dangerous, but I =

think most of the people who use Tor Browser by default, doesnt choose =

all hops from the same country... I think what most of the people needs =

to protect their anonymity is to choose nodes from different countries, =

or at least not all from the same country like happened to me.
Maybe we can work here on the Tor Browser config dialog and put there an =

option like "forbid to choose all hops from the same country" or even =

say "all hops from different countries".
>> cheap VPS to install Tor nodes, but I think thats bad. We should advice
>> Tor node operators to move their nodes to other countries if possible...
>> or even a campaign with crowdfunding to create more nodes in countries
>> where there aren't many...
> While I agree that for many users crossing borders might be useful, I am
> not sure this is the perfect strategy for everyone. We had a script to
> distribute donations that we receive as Torservers, and as a first
> approximation the money you would get would be higher if the exit relay
> was in a country with low total exit capacity. You might like it.
> Unfortunately it is buggy, someone should do a rewrite and potentially
> work in more criteria.
>
> https://github.com/torservers/exit-funding
>
> There is also http://www.tor-roster.org/ , a project that awards
> "points" based on some of the potential criteria.
As I said, maybe for some people crossing borders might not be a good =

strategy, but right now for most people I think it makes sense. But the =

problem is still the servers are in too few countries, and I think this =

is bad for all users... Just think that many european countries are =

starting to make laws against privacy and even considering bulk data =

analysis so if USA do this, Germany too and France too, like I said, =

most of the Tor users will be deanonymized... I will look into that exit =

funding code too, but I don't have much free time...
>> -Maybe we should think a way of introducing high latency features on
>> Tor, I know this is troublesome but we need to think a way to protect
>> people even if NSA and Europe works together against Tor users...
> Some time ago, researchers from Ruhr-University mentioned on tor-dev@
> that they were working on something like it. Pond was a similar
> experiment. I would love to see high-latency support integrated in Tor,
> but there's a lot of open research questions. Maybe, if you have time to
> dig into this, a great outcome would be to bug Tor developers and
> collect all the open questions and potential design decisions into a
> wiki page!
>
>> -What about Tor traffic obfuscation by default? I mean the traffic
>> between all Tor nodes. Will it help on something?
> You might like https://arxiv.org/abs/1512.00524 and
> https://blog.torproject.org/blog/critique-website-traffic-fingerprinting-=
attacks
> .
>
>> -More public libraries with Tor nodes. Great work with that, this
>> initiative should spread.
> It is slowly spreading :) Take it on and get in touch with local librarie=
s!
>
>> And maybe how Tor Browser users can help the
>> network in the future being a relay...
> https://www.torproject.org/docs/faq.html.en#EverybodyARelay
>
>> -I heard making a pluggable transport work in a privileged port (less
>> than 1024) is a hard work. we have to fix it.
> It's worse, the instructions on the website are quite outdated. It's a
> surprise we even have bridges with latest pluggable transports...

I think that should be a priority right now: this works against =

censorship and even could work against traffic analisys... I can't help =

developing anything here, but maybe if I have time, I can work on the =

documentation...

>> -Better node testing: I think some people is working on this already. I
>> mean more and better ways to test if a exit node is a bad exit, or if
>> any other node is making traffic shaping attack.
> Yes, this is actively being worked on.
>
>> So this is it. Thank you all again for all your hard work and see you in
>> other time.
> Great feedback, great questions and comments! Spot on! :)
>

Yes, I will work spreading the word about privacy, why it is important, =

the Tor Project, etc...
-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

