[syverson@itd.nrl.navy.mil: Re: Tor on USB]
----- Forwarded message from Paul Syverson <syverson@itd.nrl.navy.mil> -----
Fascinating little gizmo. Got a question...sorry I'm just too f'in busy to keep up with this side, but... How long will it take the Greater Tor Network to notice the existence of this little node? In other words, if I go into a Starbucks with this thing, can my laptop or whatever start acting like a temporary Tor node? That's a very fascinating concept: A temporary, transient Tor network. Any node on this network could cease to exist by the time someone tried to jam large portions of it. Or at least, their attacks would have to be a hell of a lot more flexible. -TD
From: Eugen Leitl <eugen@leitl.org> To: cypherpunks@jfet.org Subject: [syverson@itd.nrl.navy.mil: Re: Tor on USB] Date: Tue, 30 Aug 2005 16:42:27 +0200
----- Forwarded message from Paul Syverson <syverson@itd.nrl.navy.mil> -----
From: Paul Syverson <syverson@itd.nrl.navy.mil> Date: Tue, 30 Aug 2005 10:22:22 -0400 To: or-talk@freehaven.net Cc: Paul Syverson <syverson@itd.nrl.navy.mil> Subject: Re: Tor on USB User-Agent: Mutt/1.4.1i Reply-To: or-talk@freehaven.net
You might also see the following commercial distribution that bundles Tor, a tiny linux, and related software on a USB stick
http://www.virtualprivacymachine.com/products.html
Looks cool and got favorable reviews, but I haven't used or examined it first hand. This is a pointer, not an endorsement.
-Paul
On Tue, Aug 30, 2005 at 12:47:32AM -0500, Arrakis Tor wrote:
Interesting implementation. You could use it at a public terminal, a friend's computer, or for plausible deniability on your own computer.
On 8/29/05, Shatadal <shatadal@vfemail.net> wrote:
Arrakis Tor wrote:
Can firefox be installed to run standalone whatsoever?
Yep. Check out http://johnhaller.com/jh/mozilla/portable_firefox/ and http://portablefirefox.mozdev.org/
----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Thus spake Tyler Durden (camera_lumina@hotmail.com) [02/09/05 19:45]: : How long will it take the Greater Tor Network to notice the existence of : this little node? A few days after you register. : In other words, if I go into a Starbucks with this thing, can my laptop or : whatever start acting like a temporary Tor node? Yep. But I'm not sure you'd want to do that... AFAIK, TOR can handle dynamic addresses. So long as you've got a public address, you can act as a TOR entry/exit point. So you could, in theory, set up a TOR entry/exit point on your local Starbuck's network. All you'd have to do is register, and jump a few hoops to register your dynamic address. I don't know if the same holds true if it's not a public address. Though, you can just skip all that, walk in to Starbucks, sit down, and start using your TOR node as your own entry point. No registration, no wait, no nothing: just sit down and go. I just set a node up a few days ago, and was surprised at how simple it was to get TOR up and going.
Damian Gerow replied to the great Tyler Durden:
Thus spake Tyler Durden (camera_lumina@hotmail.com) [02/09/05 19:45]: : How long will it take the Greater Tor Network to notice the existence of : this little node?
A few days after you register.
: In other words, if I go into a Starbucks with this thing, can my laptop or : whatever start acting like a temporary Tor node?
Well, here I meant after registration, etc...in a "regular" IP network it can take seconds to minutes in order for routing tables (at layer 3) or the local MAC Address tables (at layer 2) to recognize that you're back on line. With a Tor node I'm wondering how long it takes for the greater Tor network to both notice your existence and then trust that you're here to stay...for a while. In other words, am I contributing to the greater Tor network if I allow my USB Tor node to function while I'm sucking down a cappucino or two?
Though, you can just skip all that, walk in to Starbucks, sit down, and start using your TOR node as your own entry point. No registration, no wait, no nothing: just sit down and go. I just set a node up a few days ago, and was surprised at how simple it was to get TOR up and going.
In other words, just for me. That, of course, is great. As for simplicity, I need that: I know my way around the BLSR protection switching bytes in an OC-48 4 fiber ring, but I'm a veritable IP dummy (oh, well I DID design parts of a layer 2 GbE switch, but I'm no routing jock). I just don't have time to have to fiddle with the OS myself, so this will be interesting. Think I might get me one of those gizmos and then stick it on my PDA. So: Can Tor support VoIP Yet? I could call up bin Laden from a Starbucks! -TD
On Thu, Sep 01, 2005 at 07:44:36PM -0400, Tyler Durden wrote:
In other words, if I go into a Starbucks with this thing, can my laptop or whatever start acting like a temporary Tor node?
I don't see why not, you'd be just middleman. If you want to wind up on this list http://serifos.eecs.harvard.edu:8000/cgi-bin/exit.pl you'll have to submit your stats, and it will take a day or two.
That's a very fascinating concept: A temporary, transient Tor network. Any node on this network could cease to exist by the time someone tried to jam large portions of it. Or at least, their attacks would have to be a hell of a lot more flexible.
An ephemeral P2P traffic remixing system with high node density in address space could bootstrap very quickly just from rendezvousing/scanning some random net blocks. -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Thus spake Tyler Durden (camera_lumina@hotmail.com) [03/09/05 14:03]: : Well, here I meant after registration, etc...in a "regular" IP network it : can take seconds to minutes in order for routing tables (at layer 3) or the : local MAC Address tables (at layer 2) to recognize that you're back on : line. With a Tor node I'm wondering how long it takes for the greater Tor : network to both notice your existence and then trust that you're here to : stay...for a while. : : In other words, am I contributing to the greater Tor network if I allow my : USB Tor node to function while I'm sucking down a cappucino or two? As others have stated, no, likely not: bouncing your connection up and down like that will likely cause great untrust within the TOR routing. Whether you will be /harming/ the TOR network or not is a more interesting question... I'd suspect not, but it's probably worth looking into. : In other words, just for me. That, of course, is great. Good. : As for simplicity, I need that: I know my way around the BLSR protection : switching bytes in an OC-48 4 fiber ring, but I'm a veritable IP dummy (oh, : well I DID design parts of a layer 2 GbE switch, but I'm no routing jock). : I just don't have time to have to fiddle with the OS myself, so this will : be interesting. Think I might get me one of those gizmos and then stick it : on my PDA. It is, quite literally, a matter of installing the binary (whichever OS you are using will determine the method of installation), setting two, maybe three configuration parameters -- things like logging levels, interfaces to use, and other very basic parameters -- starting it up and using it. So I imagine you can handle it quite easily. : So: Can Tor support VoIP Yet? I could call up bin Laden from a Starbucks! In theory, TOR can support anything that can handle a SOCKS connection. So if your VoIP program can do SOCKS, then yes, it can. If your VoIP program can't, wrappers are readily available. The question to ask here is: can TOR support VoIP /well/? I wouldn't put much faith in maintaining a solid VoIP connection: due to the very nature of what TOR does, you're introducing a substantial amount of latency to your connection, and it might be enough to throw off any VoIP connections you try to make. But it's worth trying... - Damian
At 08:53 AM 9/3/2005, Damian Gerow wrote:
Though, you can just skip all that, walk in to Starbucks, sit down, and start using your TOR node as your own entry point. No registration, no wait, no nothing: just sit down and go. I just set a node up a few days ago, and was surprised at how simple it was to get TOR up and going.
How does TOR feel about NAT and various firewall things? I've been at hotels where I can't even get my ipsec VPN to work.
On Sat, 2005-09-03 at 13:56 -0400, Tyler Durden wrote:
In other words, am I contributing to the greater Tor network if I allow my USB Tor node to function while I'm sucking down a cappucino or two?
For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node "starbuck". Anyway, as others have said, your node will only be able to function as middleman in such a setup, because by the time you register your IP will change unless you camp out in the Starbucks parking lot. Not that middleman is not useful, mind you (this applies to both Tor and Mixmaster). -- Shawn K. Quinn <skquinn@speakeasy.net>
Shawn Quinn wrote...
For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node "starbuck".
So: How hard would it be to surreptitiously install a Tor node into a computer at a public library? -TD
Thus spake Bill Stewart (bill.stewart@pobox.com) [04/09/05 01:27]: : At 08:53 AM 9/3/2005, Damian Gerow wrote: : >Though, you can just skip all that, walk in to Starbucks, sit down, and : >start using your TOR node as your own entry point. No registration, no : >wait, no nothing: just sit down and go. I just set a node up a few days : >ago, and was surprised at how simple it was to get TOR up and going. : : How does TOR feel about NAT and various firewall things? : I've been at hotels where I can't even get my ipsec VPN to work. Well, the running a server won't work well: <http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#head-802c24d6b147d55961204105863eed70362ed57f> But given that it's just initiating outbound TCP connections, so long as the firewall permits connections on those ports, it /should/ work fine. Give it a shot, see how it works.
On Sun, 2005-09-04 at 11:49 -0400, Tyler Durden wrote:
Shawn Quinn wrote...
For the people that only route stuff like HTTP traffic through your Tor node, it will be a benefit. If I'm IRCing and get routed through your node, that's a different story (but it's no different than the bad old days of IIP where people dropped off by the dozens when someone shut down their computer). A Mixmaster remailer where the mail was transacted at public Internet access points would be much more useful. It would actually be funny if someone did this and named the node "starbuck".
So: How hard would it be to surreptitiously install a Tor node into a computer at a public library?
A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card and possible criminal prosecution if caught. Needless to say, I haven't tried. The best you could do from Houston libraries would be a proxy accessed via HTTPS. At one time you could telnet, but that has long since passed. Other public libraries? Who knows. -- Shawn K. Quinn <skquinn@speakeasy.net>
SQ wrote...
A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card
Oh no! Loss of the Houston library card! My passport to knowledge!!!
criminal prosecution if caught.
Well, the idea would be not to get caught. I'm thinking basically of just adding one of those $40 Tor nubbins at the end of a USB cable and then tucking the nubbin under the carpet with a sign saying, "DO NOT TOUCH". If it lasts a month then it might be money well spent, particularly if Al Qaeda successfully nukes DC.
Needless to say, I haven't tried. The best you could do from Houston libraries would be a proxy accessed via HTTPS. At one time you could telnet, but that has long since passed.
Damn. They blocked Telnet? They might as well just block TCP/IP. Do they do this by blocking the likely ports or by merely de-balling the protocol stack somehow? I assume Tor is smart enough to try various open ports.... -TD
On Sun, 2005-09-04 at 21:03 -0400, Tyler Durden wrote:
SQ wrote...
A Houston (TX, USA) public library? Could be next to impossible, as well as excellent cause for revocation of your library card and criminal prosecution if caught.
Well, the idea would be not to get caught. I'm thinking basically of just adding one of those $40 Tor nubbins at the end of a USB cable and then tucking the nubbin under the carpet with a sign saying, "DO NOT TOUCH". If it lasts a month then it might be money well spent, particularly if Al Qaeda successfully nukes DC.
Damn. They blocked Telnet? They might as well just block TCP/IP. Do they do this by blocking the likely ports or by merely de-balling the protocol stack somehow? I assume Tor is smart enough to try various open ports....
All you get access to as a library card holder is a Web browser (or pathetic excuse for same, as I think it's a hacked-up IE). The computers at the Houston libraries don't allow access to the USB ports from what I have seen, and in order to get access to anything besides a Web browser you would probably need to reboot the machine and you then have maybe 15-20 minutes before a librarian notices you. Now, the Harris County libraries might be different; I have not gone to one. -- Shawn K. Quinn <skquinn@speakeasy.net>
Thus spake Tyler Durden (camera_lumina@hotmail.com) [04/09/05 21:14]: : I assume Tor is smart enough to try various open ports.... TOR can only contact other entry/mid/exit nodes on the ports they're listening on. The documentation actually requests that people set up nodes on TCP ports 80 and 443, for the exact case that this Houston, TX library seems to be in. So yes, TOR *is* smart enough to try various open ports, but it will only work if something is listening on said ports.
On Mon, 2005-09-05 at 21:32 -0400, Damian Gerow wrote:
Thus spake Tyler Durden (camera_lumina@hotmail.com) [04/09/05 21:14]: : I assume Tor is smart enough to try various open ports....
TOR can only contact other entry/mid/exit nodes on the ports they're listening on. The documentation actually requests that people set up nodes on TCP ports 80 and 443, for the exact case that this Houston, TX library seems to be in.
The bigger problem is convincing the library's computer to run your software without getting caught. Even then, there's no guarantee that the computers have direct Internet access; it's likely everything is funneled through proxies. -- Shawn K. Quinn <skquinn@speakeasy.net>
Thus spake Shawn K. Quinn (skquinn@speakeasy.net) [06/09/05 09:22]: : > TOR can only contact other entry/mid/exit nodes on the ports they're : > listening on. The documentation actually requests that people set up nodes : > on TCP ports 80 and 443, for the exact case that this Houston, TX library : > seems to be in. : : The bigger problem is convincing the library's computer to run your : software without getting caught. Even then, there's no guarantee that : the computers have direct Internet access; it's likely everything is : funneled through proxies. Generally speaking, it's not terribly difficult to convince a library computer to run your software. Especially if there's anything from MS Office installed. And whether or not it's funneled through proxies doesn't matter one bit: you're submitted a valid HTTP request to a valid HTTP port. There's no reason the proxy would reject your request. At this point, I think I'll put my money where my mouth is, and try running a TOR node (client only) at my local library. See what happens.
participants (5)
-
Bill Stewart -
Damian Gerow -
Eugen Leitl -
Shawn K. Quinn -
Tyler Durden