Slashdot Mirror

Just use The Onion Router (TOR): http://www.torproject.org/ See "Breaching the Great Chinese Firewall" here: http://www.hrw.org/reports/2006/china0806/3.htm#_Toc142395820

Tor is your friend. Much, much faster than freenet ever was.

http://www.torproject.org/

http://www.torproject.org/

It's a nice idea for a perfect world, but we don't live in a perfect world therefore I see several potential problems. One is that like with Tor, anyone at the end-point could be monkeying with the system. In this case someone could manage to crack the encryption scheme used, and access people's private data. Another problem I see is that if someone is using a service like this to store copyrighted data (mp3's, DVD rips, etc) then, encrypted or not, innocent disk-space-contributors could be implicated in civil or criminal proceedings. Also, some people have bandwidth caps on their internet connections, and even those who don't aren't necessarily going to be happy with our bandwidth being used; I suppose though that if their client software allows bandwidth limiting then it wouldn't be much of a problem. A question I have about this: is there redundancy? What if all or part of a file you're trying to retrieve is on a remote system that's offline?

Tor isn't great for high bandwidth connections, but I think it's just perfect to make sure all of those do-gooder large corporations don't get a choice about anonymizing IP addresses.

http://www.torproject.org/

Alternatively, use Tor.

Go one step further beyond being a leech, by downloading and setting up a Tor exit node.

I would be very careful with that. Running a TOR exit point will get your IP on all kinds of black lists and you will soon find you can't use your internet connection normally, you get strange timeouts, captchas whenever you try to search Google and so on. Just sniff a bit and see exactly what people are doing over your IP - you will be appalled. There are also all kinds of spiders that keep black lists of TOR proxyes (even non-exit nodes !). So I recommend running a TOR server only if you either have a dynamic IP, or you can dedicate a separate static IP to it.

Also note carefully what the parent said, namely, "Use Tor to access the trackers". Tor is, by default, set up to disable bittorrent transfers, since it heavily loads the Tor network.

To emphasize the GP's point, he was talking about setting the tracker (http announce) connection over TOR; this is totally negligible in terms of load (a few 1KB connections per hour, per active torrent) and perfectly effective against the mafia block. Running the actual bittorrent file transfer across TOR is quite a pointless thing to do: most exit nodes allow a very small white list of ports to connect to, so there's little chance of getting decent download speeds - you will only connect to very few peers or only over the very overloaded exit nodes with a more relaxed policy. All this aside from the implicit slowness of TOR. Simply put, I don't think you could download anything (thankfully - we need TOR for other things than piracy).

And, since the usual RIAA fanbois usually pop up once you mention Tor, casting FUD to scare people away from it, here's the EFF's legal FAQ, and here's the Tor FAQ.

Also note carefully what the parent said, namely, "Use Tor to access the trackers". Tor is, by default, set up to disable bittorrent transfers, since it heavily loads the Tor network. Here's one article which well explains Why you shouldn't run bittorrent over Tor.

And if you look at the default exit node policies (see section 4.16 of the Tor FAQ), the standard bittorrent ports are explicitly rejected. So you really don't want to run bittorrent over Tor.

And, since the usual RIAA fanbois usually pop up once you mention Tor, casting FUD to scare people away from it, here's the EFF's legal FAQ, and here's the Tor FAQ.

Also note carefully what the parent said, namely, "Use Tor to access the trackers". Tor is, by default, set up to disable bittorrent transfers, since it heavily loads the Tor network. Here's one article which well explains Why you shouldn't run bittorrent over Tor.

And if you look at the default exit node policies (see section 4.16 of the Tor FAQ), the standard bittorrent ports are explicitly rejected. So you really don't want to run bittorrent over Tor.

And, since the usual RIAA fanbois usually pop up once you mention Tor, casting FUD to scare people away from it, here's the EFF's legal FAQ, and here's the Tor FAQ.

Also note carefully what the parent said, namely, "Use Tor to access the trackers". Tor is, by default, set up to disable bittorrent transfers, since it heavily loads the Tor network. Here's one article which well explains Why you shouldn't run bittorrent over Tor.

And if you look at the default exit node policies (see section 4.16 of the Tor FAQ), the standard bittorrent ports are explicitly rejected. So you really don't want to run bittorrent over Tor.

Are the ruling elite in Italy afraid that the people there will learn that the European Union is a utterly corrupt fascist state by watching any of the many completely legal documentaries about it which are available there? Would they have the people in Italy believe that using BitTorrent is somehow illegal when it is perfectly clear that it is a LEGAL protocol? Yes, some sites do mix Copyright-restricted material with completely free content. The TorrentChannel does NOT, but it does have documentaries critical of the EU. Will they block that next? Why are Italy trying to censor the Internet? Good thing there's the https://www.torproject.org/ which the poor people in Italy can and should use to access all the legal content at TPB. Other people should use it too, covert torture for spreading the "wrong" information is all too common within the NATO alliance these days.

Didn't they say they were going to spy on visitors' traffic too? Nothing about that here, maybe they're hoping we'll forget.

If I was going, I'd take tor with me on my laptop. Also I'd buy a laptop first.

I don't wonder that the Tor people are upset by this study, because it makes some credible-looking claims that Tor does not adequately provide the anonymity it claims to.

I don't know where you get that idea. TOR developers are perfectly aware of TOR's limitations. They even warn you on their website.

They say specifically,

3. No anonymity system is perfect these days, and Tor is no exception: you should not rely solely on the current Tor network if you really need strong anonymity.

And in the list of warnings,

5. While Tor blocks attackers on your local network from discovering or influencing your destination, it opens new risks: malicious or misconfigured Tor exit nodes can send you the wrong page, or even send you embedded Java applets disguised as domains you trust.

Nothing in this study is new or ground-breaking. While I am not familiar enough with TOR to say whether if it will even be marginally useful, but I won't be surprised if there is nothing in this study that TOR developers didn't know or suspect already.

Wait a minute. Are you honestly telling me that you're posting "anonymously" on Slashdot and you're not using Tor? Umm.. expect the FBI at your door, real soon.

Tor (The Onion Router) is a free software implementation of second-generation onion routing - a system enabling its users to communicate anonymously on the Internet. Originally sponsored by the US Naval Research Laboratory, Tor became an Electronic Frontier Foundation (EFF) project in late 2004, and the EFF supported Tor financially until November 2005. The Tor software is now developed by the Tor Project, which since December 2006 is a 501(c)(3) research/education non-profit organization based in the United States of America that receives a diverse base of financial support.
http://www.torproject.org/

Freenet is a decentralized, censorship-resistant distributed data store originally designed by Ian Clarke. Freenet aims to provide freedom of speech through a peer-to-peer network with strong protection of anonymity. Freenet works by pooling the contributed bandwidth and storage space of member computers to allow users to anonymously publish or retrieve various kinds of information. It can be thought of as a large storage device which uses key based routing similar to a distributed hash table to locate peers' data. When a file is stored in Freenet, a key which can be used to retrieve the file is generated. The storage space is distributed among all connected nodes on Freenet.
http://freenetproject.org/

http://www.torproject.org/overview.html.en

I appreciate the original, stated uses. TOR is for privacy.

Personally, I think all routers should be converted to operate the same way TOR does.

TOR does not provide encryption. Snooping at your ISP would still show all packets in the clear.

TOR does provide encryption. The only way to see the unencrypted traffic would be to sniff the traffic as it leaves the tor exit node. Sniffing your tor traffic at the ISP wouldn't show anything but an encrypted data stream. Look it up:

http://www.torproject.org/overview.html.en

The number of posts that were modded up after stating that TOR doesn't provide encryption is absolutely mind boggling. Does anyone here even care how TOR works, or is just sounding like an authority good enough to get you a +5 Insightful no matter how off base your statements are? Christ. I'm disappointed in you slashdot mods.

Isn't this called Tor? http://www.torproject.org/

I think since the C64 event is in the USA that it blocks out foreign IP addresses. Try using a Web proxy from the USA and see if that works, or Use Tor to connect to a USA Tor server.

I'll mirror the location of the event if you want information on it:

"05/26/2008: To pre-pay admission and table fee(s) for the C4 Expo, please Paypal your payments to cmdreclub@iglou.com.

When making payment, please ensure you put what you are paying for

in the comments field of the Paypal transaction.

The receipt for the Paypal transaction MUST be presented at the

admission desk in order to gain entrance to the Expo!!

Door Charges: $10/person or $15/family

Selling tables: $15/table or 3 for $35 (The hotel charges $10/table in addition for power usage.)

T-shirts: TBD

The Cincinnati Commodore Computer Club is proud to present the 3rd annual C4 Expo.

June 28-29 at the Drawbridge Inn

located at:

2477 Royal Drive
Fort Mitchell, KY 41017"

I think you can use that email address to ask them why they blocked your IP. Possible some IIS administration script that locks down security also blocked foreign IPs.

Have you ever actually used Freenet, you know apart from just noticing how it sounds cool, like a "free net"? I can assure you it is a piece of shit. Tor http://torproject.org/ is much better. Not only can you access all the same websites as you usually do, but you can host dynamic websites http://eqt5g4fuenphqinx.onion/ using the same software as the regular web. Except your identity is unknown. There is nothing stopping these Iranians from using Tor and a mainstream blogging website, or even hosting their own anonymous Iranian blog site. I know Freenet is /.s lovechild, but it sucks, get over it and start promoting Tor. The more people who relay the better.

Tor is your friend
It may be our only option-onion routers to do what we want.

http://www.truecrypt.org/
http://w2.eff.org/patent/
http://www.gnu.org/software/gnuradio/
http://www.wikileaks.org/
http://www.cryptome.org/
http://www.torproject.org/
http://freenetproject.org/

I haven't seen this listed yet and a lot of great ones have been mentioned but I'd just like to throw Tor out there.

http://www.torproject.org/

Donate to anonymous and open source (unlikely to have back-doors) Internet communication systems like Freenet or Tor. These systems are often disparaged by people because they offer (theoretically) unfettered communication between peoples who have a desire and need to remain anonymous. These systems are important because they offer freedom from reprisal (economic, social, legal, physical, etc) for their THOUGHTS (expressed in text, pictures, videos, etc).

Many people disparage such anonymous communication methods because (in the West) they don't want "child pornography" to be distributed. This of course is FUD and an exaggeration (and a reality of course; so if you believe in repression based on your moral standards, then obviously you don't have any and should not donate). But if you believe that sharing thoughts or ideas (however they may be expressed) should not be a crime (a Thought Crime) then these mechanisms (Freenet and Tor, et al) should be the way to go. These projects lack in funding and support simply because of their 'controversial' nature.

If you believe in Freedom and Liberty, then support Tor and Freenet.

Ref:
http://www.torproject.org/
http://freenetproject.org/

Quote:
"I worry about my child and the Internet all the time, even though she's too young to have logged on yet. Here's what I worry about. I worry that 10 or 15 years from now, she will come to me and say 'Daddy, where were you when they took freedom of the press away from the Internet?'"
--Mike Godwin, Electronic Frontier Foundation

Regarding the recent SSL bungle:

I'm not placing blame on anyone, but let us consider for a moment:

How long would it take a member of a rogue organization, a company such as Microsoft, or an intelligence agency to land a spot into such a role as a code monkey at Debian.org, under the guise of a pro-FOSS person? You do know all three examples above are quite savvy when it comes to infiltration, mafias, corporations, and intelligence agencies do this all of the time. So let us suppose this is what happened here, and considering the wide range of impact with this issue, I believe this is exactly what may have happened.

What checks and balances are in place to weed out potential moles? Any? And would you really know what to look for even if such a policy is in place? Perhaps this question is worthy of an "Ask Slashdot" submission?

How do you deal with the most sinister of rootkits: the human mole?

How many Tor hidden services (.onion) were taken down because of MITM attacks related to this issue? Fucking moles!


You can say "all the checks are in place, we know who did what" but by the time something like this happens again, if the right people are behind it, a dipshit in the dark to take the blame could easily fall without the puppet master being fingered, or an operative in the wise could simply disappear, leaving only his ghostly false identity behind and a bunch of clueless people. You can rub your rhubarb all you want about how the system works, but as this long standing SSL issues shows: you are fucking clueless. What will be the next security issue? Will you react the same way to this mole inquiry? Will you mod this post down while you mod useless replies up which don't solve the issue but only serve to shine someone's e-penis and add to their slashdot karma? You are a fucking joke!

legalize marijuana - jack herer - NORML - MPP

Quit jailing non-violent marijuana smokers/growers they don't need their hineys plundered and lives ruined by poverty and disease for enjoying nature!

If smoking marijuana makes you lazy, why are a majority of sober Americans fat and apathetic, failing to do anything useful about the land of nothing for free other than posting easily forgotten content to their worthless ego-masturbatory blogs?

But why think when you can masturbate? After all, the goverMICROSOFTnment knows how to take care of us.

Don't be an asshat to use Tor for Bittorrent (not you specifically, is anyone who uses Tor)! However, use Tor for proxying tracker communications are fine.

Read:
https://wiki.torproject.org/noreply/TheOnionRouter/TorifyHOWTO/BitTorrent

Tor doesn't allow publishers to create content anonymously at all.

Yes it does. One can set up a server at an anonymous public address under a TLD (.onion) only accessible via the Tor network. The clients never see the server's real IP address. Tor Hidden Services.

If your in darknet mode isnt that the same as a private tracker?

Not really - with a private tracker, the other users (including the tracker) know what you're uploading and downloading. That's not the case in Freenet. Also, any user of a private tracker can invite their friends, who can also see what you're uploading and downloading, so the network becomes less private as it grows. Freenet becomes more private as it grows, because there are more users who might have initiated any given request.

If your not in darknet mode arnt you just as exposed as BT?

No, requests travel for multiple hops through the network, so if you receive a request from an opennet peer it doesn't mean that peer initiated the request - it might be forwarding the request on behalf of another peer.

If you want to carry out conversations, then i suppose BT isnt a good medium, But isnt that what public/private mailing lists are for?

Mailing lists aren't much good if you need to be anonymous. You could use Tor to set up a webmail account, but then the webmail provider can read your email, so you have anonymity but not privacy. You could use Tor and GnuPG and webmail, but by that point it's probably easier to install Freenet.

Another disadvantage of Tor is that even though your traffic is encrypted, it's easy for someone monitoring your network connection to tell when you're using Tor. If they can correlate the times you connect to Tor with the times a certain webmail account is active then your anonymity is broken. By running a Freenet node 24/7 you make it much harder for an eavesdropper to link your activity patterns to anonymous or pseudonymous messages, because your node is always sending and receiving encrypted packets regardless of whether you're active.

I'd love to hear some good solutions from the tinfoil hat crowd on this one. How do YOU avoid contributing to the Google money farm? I set one browser (Opera) not to accept cookies and should probably also look at blocking javascript. To mitigate tracking by IP, I use Tor and Privoxy. I run my searches in this browser and do my "regular" surfing in another (Firefox).

Any other suggestions?

its called tor.

Shame on them ISPs. Makes me wanna signup to proxify, so that I can opt out of the ridiculous eavesdropping that's taking place. incase consumers don't know, here are some tools to protect yourself:

Scroogle with HTTPS, -> i use this as my primary interface for searching on google, since your search queries reveal alot of personal information and gets used for marketing purposes. :(

Tor Anonymity Network, with Firefox plugin to quickly enable/disable anonymous browsing.

Proxify with HTTPS, although for advanced stuff they want you to signup to their service :(

Last but not least: GnuPG, for encrypting your private data.

TOR already does a good job with this! http://www.torproject.org/

http://www.torproject.org/ ?

Replying to my own posting here: Garden Networks' GTunnel works with wine on Linux so if you don't feel like setting up a Tor node and don't want to hunt for anonymizing proxies on the web you can use that instead. If you add the Switchproxy or (preconfigured for GTunnel etc.) GProxy extension to Firefox you can switch between your normal net connection (with or without proxy) and the anonymizer.

from Groklaw:

This posting comes to you through an anonymizing proxy. Not because I'm somewhere behind the Great Firewall of China or on the Microsoft campus in Redmond... but because Ibiblio's carrier (Cogent) has decided it does not want to peer with TeliaSonera anymore. So they blocked all traffic coming from or destined to TeliaSonera. When they found out that those pesky routers did what they were designed to do - route traffic around damaged nodes - they advertised some cheap routes and subsequently dropped traffic, thereby sealing the leaks. Leaving me, and many with me, without access to a substantial part of the internet. OK, everyone who can not reach Groklaw, please post here :-)

As I am actually posting here it is clear that there are ways around these commercial blockades, just as there are ways around political blockades [1]. Anonymizing proxy servers can be used by those hit by Cogent's last temper trantum until either Cogent and TeliaSonera make up or (preferrably) traffic is routed around Cogent.

If this type of behaviour is to be the future for the commercialised internet the need for services like those provided by Garden Networks or the Tor Project will grow. But the real question of course is whether this type of behaviour should be tolerated from a carrier. It essentially boils down to censorship, something which is not allowed in a common carrier as far as I know. If they had just refused to peer with TeliaSonera they would be in the right. Now that they actively attract and subsequently drop traffic they have crossed a line. If I were to be a Cogent customer I would seriously consider to move my business elsewhere or at least consider to relegate Cogent to the role of backup carrier. So Ibiblio, if you are reading this message from behind the wall...

[1]as predicted in many a cyberpunk novel the differences between politics and commerce continue to dwindle until they are all but indiscernible...

First off, I have no idea why this got modded to -1 because that's exactly what they'll most likely do.

The problem is, how would an ISP manage this with any degree of certainty? What is to stop me from logging in to Slashdot using Tor and giving any contact info I wish?

And let's say I do bully someone and it goes to court. Taco could wind up paying thousands in fines for it. So let's say that happens and he decided to get tough and crack down on false IDs.

How do you do it?

The answer is the same one you'd give if you were trying to comply to the "no rain on Thursdays" law. You can't.

So this is a law that is impossible to comply with, even if you wanted to in the first place. That's why it's a bad idea. Well that, and the whole "right to privacy" thing, which is another discussion.

If the data is anonymous, how do you verify its integrity?

If the identifier for a block of data is a hash of the data, you can verify its integrity without knowing a hill of beans about who or where it came from.

If the link pointing to a secured, anonymous site is a hash of the site's public key, you can verify that the site you're talking to can use the corresponding private key, which is the same thing SSL buys you. The high-priced "secure site certificates" just certify that the owner of $DNS_NAME also owns $PUBLIC_KEY; if you got a self-authenticating link from another web site you trust, the level of assurance is comparable.

If the algorithms that underpin this stuff are broken then the whole digital security house of cards is toast, including "High Assurance SSL Certificates" (Now with green pixel paint for your clients' address bars! Sorry, cross-site scripting protection not included.)

At which time please attempt to use some sort of magic software to get you around this restriction...

..just look up whilst driving on the motorways (and smile for the pretty cameras)....

if you're really bothered, outfox them with Tor http://www.torproject.org/

WikiLeaks on The Onion appears to be unaffected. Gotta love that that server is anonymously located. If you want to read the document, follow the link above and install TOR, then punch in the URL in the subject...

Guess I should have posted this as an anonymous coward ;-).

"I am, technically, a pedophile, because I have fantasies with little girls. However, it's underage characters from fiction works, and not real girls. I mean, I am not willing to touch a little girl or see photos of real girls being raped."

"However, I fear to be treated as someone that deals with real photos or actually abuses kids."

"I know many of you are already condemning me to crucifixion or worse."

"I fear to be prosecuted while really dangerous pedophiles are out there doing trips to sex paradises or having videos of a (real) little girl being raped."

"I know this might not be a really interesting post, but I needed to take that out, even as AC."

"Oh, I am posting from a cibercafé and behind a proxy, so don't bother to track me down"

"To put it in a simple question: Is it as bad to fantasize with underage girls (without breaking laws or harming girls) than consuming real material (raped girls) or abusing them?"

free proxy can be found here! http://www.torproject.org/

Sounds kinda like a variation on Tor Imagine a commune of internet sharing.

You have a few options, the first being Havenco in the micro-nation of Sealand, which is an old WWII off shore platform that claims sovereignty. They have not, however, been recognized by other states, leaving their international legal status in limbo. They do claim, however, to not be under the jurisdiction of other nations laws.

Your second and cheaper option is hosting via Tor network. There are a few blogs and other sites hosted via Tor, although there are some technical difficulties involved.

Be aware, if your privacy blog angers a powerful entity such as China, they can choose to just block all traffic to your site, rather than forcing your site offline.

Tor has a few blog hosts available. That way nobody would know who's hosting it. Of course, only tor clients could see the blog....

OTOH, you could just create an account on blogspot while you're on Tor, and only post to it via Tor. That should keep you kinda safe, as long as you don't reveal yourself on the blog.

I wonder if they would stop if the requests were routed through Tor. I bet they are flagging the IP of the requester.

Not necessarily.

Since nearly every router can be presumed to have a wide-open (and likely quite fast) pipe to the Internet, there are plenty of ways to get around the need to have a central server. Some others are rather unknown, or even a bit old, but those reasons by themselves don't make them inapplicable to the role.

Storage for all of this can be a problem, but that's an easy one to solve: The small size that such a worm must be combined with the relatively large amount of bandwidth available on each infected host means that only a very small percentage of them need to be able to store a quantity of files for the rest of the network to consume. As luck will have it, a substantial portion of these routers will be connected by fast Ethernet to Windows share, which these days means that there's a good chance of having multiple gigabytes of storage available without anyone ever noticing, let alone anything being logged.

(And, of course, the routers will be able to share and relay different versions of the worm amongst themselves locally over WiFi -- just try tracking that.)

It doesn't take a rocket scientist to connect the rest of the dots, so I won't bother.

An ambitious programmer of the caliber needed to devise such a beast to begin with wouldn't see much of an impediment with these vast resources. With careful and diverse seeding of the first round of infection, such a worm would be very hard to stop, let alone trace back to its originator.

It is clear that the idea is to make the DEFAULT internet environment more benign and "Kid Safe" there is no indication that adults will be restricted in what they can access. In particular they have the choice of using http://www.torproject.org/ to ensure their private access to anything they wish.

Filtering the content access of naive adults is also a good idea, it could significantly reduce the harm done to some people by online criminals.

Close the door, just don't lock it and make me sign for the key if I choose, as a worldly and competent adult, to walk through it.

Saw this story a day or two ago here. I don't think they have any right to be modifying content that does not belong to them. They are modifying content for purposes that the site owner's did not intend and many site owners would consider that misuse of their site content. The fact that they are modifying that content also clearly shows their systems are taking a look at every single web page viewed by a subscriber and the privacy implications are beyond creepy. Seems like protocols like Tor to protect privacy are becoming increasingly justified.