Fascinating little gizmo. Got a question...sorry I'm just too f'in busy to keep up with this side, but... How long will it take the Greater Tor Network to notice the existence of this little node? In other words, if I go into a Starbucks with this thing, can my laptop or whatever start acting like a temporary Tor node? That's a very fascinating concept: A temporary, transient Tor network. Any node on this network could cease to exist by the time someone tried to jam large portions of it. Or at least, their attacks would have to be a hell of a lot more flexible. -TD

From: Eugen Leitl To: cypherpunks@jfet.org Subject: [syverson@itd.nrl.navy.mil: Re: Tor on USB] Date: Tue, 30 Aug 2005 16:42:27 +0200

----- Forwarded message from Paul Syverson -----

From: Paul Syverson Date: Tue, 30 Aug 2005 10:22:22 -0400 To: or-talk@freehaven.net Cc: Paul Syverson Subject: Re: Tor on USB User-Agent: Mutt/1.4.1i Reply-To: or-talk@freehaven.net

You might also see the following commercial distribution that bundles Tor, a tiny linux, and related software on a USB stick

http://www.virtualprivacymachine.com/products.html

Looks cool and got favorable reviews, but I haven't used or examined it first hand. This is a pointer, not an endorsement.

-Paul

On Tue, Aug 30, 2005 at 12:47:32AM -0500, Arrakis Tor wrote:

...

Interesting implementation. You could use it at a public terminal, a friend's computer, or for plausible deniability on your own computer.

On 8/29/05, Shatadal wrote:

...

Arrakis Tor wrote:

...

Can firefox be installed to run standalone whatsoever?

Yep. Check out http://johnhaller.com/jh/mozilla/portable_firefox/ and http://portablefirefox.mozdev.org/

----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

Damian Gerow replied to the great Tyler Durden:

Thus spake Tyler Durden (camera_lumina@hotmail.com) [02/09/05 19:45]: : How long will it take the Greater Tor Network to notice the existence of : this little node?

A few days after you register.

: In other words, if I go into a Starbucks with this thing, can my laptop or : whatever start acting like a temporary Tor node?

Well, here I meant after registration, etc...in a "regular" IP network it can take seconds to minutes in order for routing tables (at layer 3) or the local MAC Address tables (at layer 2) to recognize that you're back on line. With a Tor node I'm wondering how long it takes for the greater Tor network to both notice your existence and then trust that you're here to stay...for a while. In other words, am I contributing to the greater Tor network if I allow my USB Tor node to function while I'm sucking down a cappucino or two?

Though, you can just skip all that, walk in to Starbucks, sit down, and start using your TOR node as your own entry point. No registration, no wait, no nothing: just sit down and go. I just set a node up a few days ago, and was surprised at how simple it was to get TOR up and going.

In other words, just for me. That, of course, is great. As for simplicity, I need that: I know my way around the BLSR protection switching bytes in an OC-48 4 fiber ring, but I'm a veritable IP dummy (oh, well I DID design parts of a layer 2 GbE switch, but I'm no routing jock). I just don't have time to have to fiddle with the OS myself, so this will be interesting. Think I might get me one of those gizmos and then stick it on my PDA. So: Can Tor support VoIP Yet? I could call up bin Laden from a Starbucks! -TD

Thus spake Tyler Durden (camera_lumina@hotmail.com) [03/09/05 14:03]: : Well, here I meant after registration, etc...in a "regular" IP network it : can take seconds to minutes in order for routing tables (at layer 3) or the : local MAC Address tables (at layer 2) to recognize that you're back on : line. With a Tor node I'm wondering how long it takes for the greater Tor : network to both notice your existence and then trust that you're here to : stay...for a while. : : In other words, am I contributing to the greater Tor network if I allow my : USB Tor node to function while I'm sucking down a cappucino or two? As others have stated, no, likely not: bouncing your connection up and down like that will likely cause great untrust within the TOR routing. Whether you will be /harming/ the TOR network or not is a more interesting question... I'd suspect not, but it's probably worth looking into. : In other words, just for me. That, of course, is great. Good. : As for simplicity, I need that: I know my way around the BLSR protection : switching bytes in an OC-48 4 fiber ring, but I'm a veritable IP dummy (oh, : well I DID design parts of a layer 2 GbE switch, but I'm no routing jock). : I just don't have time to have to fiddle with the OS myself, so this will : be interesting. Think I might get me one of those gizmos and then stick it : on my PDA. It is, quite literally, a matter of installing the binary (whichever OS you are using will determine the method of installation), setting two, maybe three configuration parameters -- things like logging levels, interfaces to use, and other very basic parameters -- starting it up and using it. So I imagine you can handle it quite easily. : So: Can Tor support VoIP Yet? I could call up bin Laden from a Starbucks! In theory, TOR can support anything that can handle a SOCKS connection. So if your VoIP program can do SOCKS, then yes, it can. If your VoIP program can't, wrappers are readily available. The question to ask here is: can TOR support VoIP /well/? I wouldn't put much faith in maintaining a solid VoIP connection: due to the very nature of what TOR does, you're introducing a substantial amount of latency to your connection, and it might be enough to throw off any VoIP connections you try to make. But it's worth trying... - Damian

On Sat, 2005-09-03 at 13:56 -0400, Tyler Durden wrote:

In other words, am I contributing to the greater Tor network if I allow my USB Tor node to function while I'm sucking down a cappucino or two?

For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node "starbuck". Anyway, as others have said, your node will only be able to function as middleman in such a setup, because by the time you register your IP will change unless you camp out in the Starbucks parking lot. Not that middleman is not useful, mind you (this applies to both Tor and Mixmaster). -- Shawn K. Quinn

Thus spake Bill Stewart (bill.stewart@pobox.com) [04/09/05 01:27]: : At 08:53 AM 9/3/2005, Damian Gerow wrote: : >Though, you can just skip all that, walk in to Starbucks, sit down, and : >start using your TOR node as your own entry point. No registration, no : >wait, no nothing: just sit down and go. I just set a node up a few days : >ago, and was surprised at how simple it was to get TOR up and going. : : How does TOR feel about NAT and various firewall things? : I've been at hotels where I can't even get my ipsec VPN to work. Well, the running a server won't work well: http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-802c24d6b147d5596... But given that it's just initiating outbound TCP connections, so long as the firewall permits connections on those ports, it /should/ work fine. Give it a shot, see how it works.

SQ wrote...

A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card

Oh no! Loss of the Houston library card! My passport to knowledge!!!

criminal prosecution if caught.

Well, the idea would be not to get caught. I'm thinking basically of just adding one of those $40 Tor nubbins at the end of a USB cable and then tucking the nubbin under the carpet with a sign saying, "DO NOT TOUCH". If it lasts a month then it might be money well spent, particularly if Al Qaeda successfully nukes DC.

Needless to say, I haven't tried. The best you could do from Houston libraries would be a proxy accessed via HTTPS. At one time you could telnet, but that has long since passed.

Damn. They blocked Telnet? They might as well just block TCP/IP. Do they do this by blocking the likely ports or by merely de-balling the protocol stack somehow? I assume Tor is smart enough to try various open ports.... -TD

Thus spake Tyler Durden (camera_lumina@hotmail.com) [04/09/05 21:14]: : I assume Tor is smart enough to try various open ports.... TOR can only contact other entry/mid/exit nodes on the ports they're listening on. The documentation actually requests that people set up nodes on TCP ports 80 and 443, for the exact case that this Houston, TX library seems to be in. So yes, TOR *is* smart enough to try various open ports, but it will only work if something is listening on said ports.

Thus spake Shawn K. Quinn (skquinn@speakeasy.net) [06/09/05 09:22]: : > TOR can only contact other entry/mid/exit nodes on the ports they're : > listening on. The documentation actually requests that people set up nodes : > on TCP ports 80 and 443, for the exact case that this Houston, TX library : > seems to be in. : : The bigger problem is convincing the library's computer to run your : software without getting caught. Even then, there's no guarantee that : the computers have direct Internet access; it's likely everything is : funneled through proxies. Generally speaking, it's not terribly difficult to convince a library computer to run your software. Especially if there's anything from MS Office installed. And whether or not it's funneled through proxies doesn't matter one bit: you're submitted a valid HTTP request to a valid HTTP port. There's no reason the proxy would reject your request. At this point, I think I'll put my money where my mouth is, and try running a TOR node (client only) at my local library. See what happens.