April 2009 Progress Report

by phobos | May 12, 2009

New releases
On April 12, we released Read the details in the announcement.

Roger attended an ITSG conference in Chicago.

Roger, Nick, Jacob, and Mike attended the CodeCon conference in San Francisco, http://www.codecon.org/2009/.

Andrew met with the Center for Democracy and Human Rights in Saudi Arabia to discuss using Tor for their mission, http://cdhr.info.

Roger and Andrew met with the Department of Justice CyberCrime Division to give an overview of how Tor works and how we could better work with law enforcement.

Wendy, Roger, and Andrew had a dinner with Internews Central Asia media development staff.

Andrew attended the CIMI/NED panel on World Press Freedom, http://cima.ned.org/860/world-press-freedom-day-2009.html.

Andrew attended Boston Barcamp4 and spoke about Free Network Services and Online Privacy, http://www.barcampboston.org/.

Roger and Andrew met with Human Rights in China to give an overview of Tor and possible applications for their mission.

From the changelog:
Clients replace entry guards that were chosen more than a few months ago. This change should significantly improve client performance, especially once more people upgrade, since relays that have been a guard for a long time are currently overloaded.

Continued work on TorFlow, a tool for scanning the public Tor network and detecting misconfigured, overloaded, and evil nodes.

Count and languages updated:
20 Japanese website
16 Portugese website
3 Polish website
3 Chinese website
7 French website
14 Italian website
31 Norwegian website
1 Danish website
1 Vietnamese torbutton
1 Turkish torbutton
1 Greek torbutton
1 Arabic torbutton
1 Ukranian torcheck
1 Netherland torcheck
1 Thai torcheck
1 Burmese torcheck
1 German website
2 Russian website
1 Hindi torcheck
1 Greek torcheck


Please note that the comment area below has been archived.

May 11, 2009


What on earth do you mean by "better work with law enforcement"? Unless you mean better educate the fruitlessness of going after Tor users/operators. Otherwise it is a scary thing to suggest as it implies Tor's node operators or developers are making it possible to penetrate Tor!

I'll do a blog post about this, since people seem to assume the worst about us talking to law enforcement. We talk to them to educate them. If they know about Tor, it's capabilities and realities separate from the myths, it's better for everyone in the end.

For what people seem to think, no, there is not a backdoor in Tor, nor will we ever put one in. Our FAQ clearly answers this as well, https://www.torproject.org/faq#Backdoor

May 11, 2009


How does CALEA (Communications Assistance for Law Enforcement Act) impact Tor users in the US? It doesn't seem like it actually makes it possible for the US government to locate a user in practice as is suggested by the wikipedia entry on Tor. If I'm not mistaken this would require the simultaneous monitoring of all Tor entry nodes. Normally one might think this would require a search warrant. However the PATRIOT act Section 216 expanded the government's authority to conduct surveillance in criminal investigations using pen registers or trap and trace devices. No warrant is required so long as the government can show relevance to its investigation. Might that open up warrant-less monitoring to the extent a simple timing attack can be performed? Eventually a US Tor user is bound to end up connecting to a Tor entry node within the US that the government can monitor and so long as they monitor all entry nodes without a warrant Tor users are helpless against government spying. Maybe this is not something Tor is trying to protect against- but is it not oppressive governments Tor is trying to protect users from?

Tor is not a telco, therefore we're not subject to CALEA, at least as far as we've been advised.

There are no pen registers, trap, or trace devices that will work with Tor, so I suppose this is right out as well. These terms are also telco terms, as I understand it, and Tor is not a telco.

They don't have to monitor every entry node, they can monitor you at the ISP level.

your comuter - your ISP - Tor Entrynode - Tot Middlenode - Tor Exitnode - Internet

Then when your using an NSA controlled Exitnode they got a match.
The NSA nodes(like nixnix....) are known for "hijacking" circuits witch gives you an increased chance of using one of there nodes if you don't block them in torrc

PS Admin why do you force people to use cookies, you shouldn't do such a thing.

Let me point you to: https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#WhatProtectio…

and http://git.torproject.org/checkout/tor/master/doc/design-paper/tor-desi…

See Section 3.1, "A global passive adversary is the most commonly assumed threat when analyzing theoretical anonymity designs. But like all practical low-latency systems, Tor does not protect against such a strong adversary. Instead, we assume an adversary who can observe some fraction of network traffic; who can generate, modify, delete, or delay traffic; who can operate onion routers of his own; and who can compromise some fraction of the onion routers. "

If your adversary can observe the entire Internet at once, such as NSA is believed capable, Tor won't protect you. I suspect the NSA's actual capabilities and what people believe they can do are highly divergent.

July 15, 2009

In reply to phobos


Yes and no. I have little doubt that if the NSA decided to concentrate a large fraction of it's resources (electronic and protoplasmic) on a single secured target (e.g., you or me), that target would fall quickly, no matter what security measures it employed. The reality, though, is that while NSA resources are vast and of highest quality, they remain finite, and neither you nor I is likely to become a target at that level of interest - the organization has too many "mandatory" adversaries. All security, information and otherwise, rests solely on the premise of making the compromise of a target more expensive than the value of the compromised results. Period. I worry more about DHS. They don't (yet) have the resources of NSA, but they have been expanding what they have rapidly, their charter is schizophrenic, and unlike NSA their mission has been highly politicized from the inception.

After all the work I put into my sites, I wake up to find the Chinese fascists here have shut down Blogspot and my proxy.pac no longer works...
Meanwhile youtube is STILL completely blocked!

You can try setting up a I2P website, its safe the host is anonymous
and its faster then Tor's hidden service, it also has mechanism against ddos.
you can also share your stuff via bt/mule client over I2P.
(i2p is not just a proxy, please use Tor for normal web browsing)

May 18, 2009


I would just like to write a personal thank you for all your efforts. We, the always threatened Middle East human rights activists, could never work here without such software while keeping other technical security precautions in mind.

You job is amazing for real democracy and freedom for us -- the people -- under the current Mideast oppressive regimes which are also ironically supported directly and indirectly by the United States.

That's the kind of freedom the people here are in urgent need for, not the Mcdonalds and CocaCola "democracy" kind.

I would just like to finally ask a small question: what is the level of security damage that can be caused if someone working in activism in hostile regions contributed to Tor using his real identity?

Warm thanks, an NGO delegate.

If you would be at risk in your Country if you express your thoughts about democracy and freedom IRL then it would probably be safest for you to work under an alias when contributing to Tor.

It could be easier for your government to map/track/decrypt your other activities on the internet if they can link some of the traffic that they knew is yours back to you.
Worst case for you would probably mean jail/death depending on what country & how serious these activist activitys are seen by your government.

May 20, 2009


I'd love to get in touch with the current maintainer of the MacOS versions of TOR.
A while back there was an "expert version" of TOR that included TOR & Privoxy (both including nice /Library/StartupItems/ launch scripts. Unfortunately recent "expert versions" only include TOR.

I think it would be great to add Privoxy (including a launchscript) again, because the Vidalia Packet really sucks, compared to the automatically launched TOR & Privoxy that just "wait in the background" until the user enables the firefox "TOR-Button".

This was soooo much nicer.
I'd love to work with the current maintainer on such a package - unfortunately i couldn't find the old packages that included privoxy and the launchscripts.

The change to just Tor in the expert package was to be consistent with the other packages we create, where Tor for experts is just Tor and nothing else. Many people didn't like Tor and Privoxy in a package, they wanted just Tor.

You can always download the Vidalia bundle and just not install vidalia.

July 14, 2009


After some technical issues (with HTTP blocks) brought up the subject of Tor, my ISP sent this comment:

"Using the TOR application opens yourself to multiple possible legal ramifications. Child Porn, illegal downloading, etc. It will not be a situation where the authorities come to us and tell us to tell the user to stop. It will be a situation where it will be beyond our control filed with a CALEA request, in which you will never even be able to tell that they are sniffing your traffic, and we will not be able to tell you either. Encrypted or not, I don’t think I would let myself be open to anything that is beyond my control."

Discouraging, to say the least, regarding being an exit node.

1. Can I be thrown in jail because someone overseas in doing child porn using our network as an exit?
2. Doesn't Tor itself police this?
3. Doesn't the Tor client purposely avoid having the exit node and the entry node on the same subnet? In other words, why would law enforcement think that we were at the beginning of the relay?
4. On the other hand, how do I prove that the request for porn DIDN'T come from my network? After all, the last unencrypted hop did lead back to our network...

Our goal is to help oppressed people in Iran and elsewhere. If we are attacked by law enforcement and saddled by huge legal bills while defending our innocence, what good has that done? We are using virtual machines for Tor, so the law is likely to seize all our servers and destroy our ability to do business for an extended period, since they don't know where the virtual machine is.

Please pass on some answers. Yes, I realize Tor isn't an ISP or Telco-- but the Tor exit traffic must pass through ours, and they will quietly tell the cops everything they know about me in a heartbeat.

Thank you.

Things are getting worse. Our ISP says our IP range is now on the DNSBL, and they have cut our bandwidth. I assume this is because I had allowed e-mail exit, and jerks on the other end used our servers for SPAM.

We run a business here; I cannot afford this kind of issue. I want to help the freedom fighters of Iran, not spam toads. We will no longer run an exit, at least not until I am certain we can avoid having our reputation trashed by greedy jerks out there who don't have the guts to identify themselves.

Please advise; I assume the people running Tor read this blog.

Thank you.

I cannot answer for the TOR team, but I can tell you that policing and making morality judgments on content piped over the TOR network is probably the very last thing that they would want to get involved in. Not only are such judgments frequently highly debatable and disputable, but under some precedent in internet-related law, creating the ability to police content can create a legal obligation to do so, by the standards of the prevalent jurisdiction. You appear to be in an unenviable position, and you have my sympathy, but you have been put in that position by authoritarian government (it isn't just for foreigners any more) and ISPs that willingly serve as its lackeys, not by TOR or its participants.

Your ISP is misguided. Do they actively filter out all bad things on the Internet and vet all customers before they take a single payment? Do they actively hunt down customers infected with trojans/botnets/zombies and help them clean it up? Do they actively watch content looking for 'bad things' and disconnect customers who do so?

I bet in every question, the answer is no.

1. Can I be thrown in jail because someone overseas in doing child porn using our network as an exit?

No. Tor is an anonymizing layer on the Internet, it doesn't concern itself with content. This is like a road system, does the M1 care if bank robbers or grandmothers drive on it?

2. Doesn't Tor itself police this?

See the answer to #1. I don't want Tor to police anything. I want raw, unfiltered access to the Internet. I'll filter what I want, not the network. I want the fat stupid pipe my ISP is supposed to be, but frequently isn't.

3. Doesn't the Tor client purposely avoid having the exit node and the entry node on the same subnet? In other words, why would law enforcement think that we were at the beginning of the relay?

Because they don't understand how Tor works. Or they're just being stupid to scare you into compliance. They should talk to the Tor people to find out more.

4. On the other hand, how do I prove that the request for porn DIDN'T come from my network? After all, the last unencrypted hop did lead back to our network...

You can't prove a negative. In most countries, you are innocent by default. Quickly the world is moving to everyone is a criminal by default, which is a sad state of affairs. Perhaps citizens will throw out the stupid politicians before they have no right to do so.

Misguided or not, my ISP doesn't want a Tor relay anywhere on their large customer base. They claim that we are violating their TOS, because the client allows inbound connections (on port 80 or whatever) which we do not originate. In other words, we are running a web server (in the form of an open proxy) which they don't allow.

Based on several conversations, I think you are right about law enforcement-- they don't understand what Tor does, and therefore may confiscate every computer in the relay, even though there is nothing on it they can use unless they can seize the entire relay chain (and even that is questionable). This greatly concerns the ISP. In their defense, I can see that what we are doing could cause them headaches, which they don't get paid for.

We will not do Tor again except on a VSP, assuming we can find one that allows it. I also wonder if there are settled court cases which back up your "Tor relay innocent until proven guilty" claim in the US. In other words, I don't want to lose our business and spend $20K+ being the precedent setting case!

Thanks for the reply.

Depending how much you want to fight your ISP, ask them for the exact clause Tor violates in the ToS. Some ToS clearly state "no proxy servers of any kind", which technically includes ssh. Perhaps you should re-think your choice of ISP if they're this heavy handed about something as simple as Tor.

Law enforcement will simply see an IP address show up in some log file somewhere. Since they don't know what's behind that IP, they will go collect the machine to find out.

To our knowledge, no one has gone to court over running a Tor node.

If you're concerned about losing business, then run the Tor node(s) on distinct hardware from your business servers.

July 27, 2009


Running the Tor nodes on distinct hardware is one of the solutions. I still don't understand why someone might have problems if they use Tor. It's the internet! The virtual land of freedom and all possibilities...