Slashdot Mirror
To Connect People Securely, Tor Project Seeks New Bridges
An anonymous reader links to an article at Ars explaining the dropping inventory of bridges available to users of the Tor project's encrypted messaging system. They're looking for more bridges, but that doesn't necessarily mean buying new hardware per se. From the article:
"After campaigning successfully last year to get more volunteers to run obfuscated Tor bridges to support users in Iran trying to evade state monitoring, the network has lost most of those bridges, according to a message to the Tor relays mailing list by Tor volunteer George Kadiankakis. 'Most of those bridges are down, and fresh ones are needed more than ever,' [Tor volunteer George] Kadiankakis wrote in an e-mail, 'since obfuscated bridges are the only way for people to access Tor in some areas of the world (like China, Iran, and Syria).' For those who want to donate bridges to the Tor network, the easiest route is to use Tor Cloud, an Amazon Web Service Elastic Compute Cloud image created by the Tor Project that allows people to leverage Amazon's free usage tier to deploy a bridge."
It turns out that a bridge makes a lousy hiding place
“He’s not deformed, he’s just drunk!”
Can you afford a raspberry pi? That and a 24-7 internet connection is all you need.
Do you even lift?
These aren't the 'roids you're looking for.
This is what I was just wondering. I saw the article linked that talked of cloud-based bridges and I'm wondering if I just goto the tor project homepage can I count on some of that donation helping with this issue?
On the Oregon Cost born and raised, On the beach is where I spent most of my days
https://www.torproject.org/donate/donate.html.en
Cupcake allows you via a browser extension to run a bridge if you won't/can't install the whole Tor suite.
Currently available for Chrome / Chromium, Firefox is in the works.
Please help Tor!
Now someone correct me if I'm wrong but there's entry node (which doesn't know if it's an entry or not) and a bridge then an exit node. The exit node, if the target website isn't using SSL, is vulnerable to looking like it's accessing whatever website/server the original viewer is on. So exit nodes are a bad idea. But bridges don't know the end target or whether it's an entry or intermediary bridge so basically it's just routing SSL traffic from one point to another and adding 1 more layer of encryption with zero ability for anyone to snoop at the content.
How about someone with a fiber connection that I keep hearing about on slashdot just opens vidalia and configures it to run as an intermediary node. Isn't that functioning as a bridge? I have a 10MB connection but the upload is 1MB and my computer doesn't run anywhere near 24/7 or I'd run an intermediate node that way. Why the hell is anyone bother with amazon web services? Just for the bandwidth? Because I think my i5-2400 could encrypt thousands of people's SSL traffic on the fly easily so that just leaves bandwidth. So is there something else I'm missing or can people with massive bandwidth easily self host a bridge?
Tor is totally decentrlized. But surely there has to be a decetralized system that incentives people to bridge in the network. Presently, we're asked to do this out of the goodness of our hearts, like a charity. "Think of the poor Iranian freedom lover's," meh, when we know fully well that much of the traffic is silkroad related and what ever other illegal crap has found a home in the Tor space.
Whoever is running the apparently lucrative silkroad can make small bitcoin donations to "bridging" volunteers. It's cheaper than paying their taxes to a real government. You wanna distribute the north east Iranian goodies? pay for the network!
You are correct, as long as you configure your node as non exit, you are pretty much safe in nearly every european country and plenty of others.
No traffic leaves the tor network through your node and thus nothing should point to you (if the network works, if it doesn't, there are a lot of problems for a lot of people).
Depending on your country this can be very different. In some countries that do not have certain liberties simply having tor may be an issue, while tor does it best to hide everything and itself, it will likely stand out simply by being an encrypted connection, it may lead to you and lead to some questioning or worse.
For the sake of all users in such situation, stop making encrypted connections stand out and make them the norm. There really isn't any reason that everybody should be able to know what you do. Not in a "free" country and not in a non free one. Use SSH wherever you can, just that will be helpful for tor since it can then hide between those connections a bit better. Force encryption on your bittorrent, it may even lead to speedup. And if you believe your country is fine, do host a tor relay, it doesn't have to be an exit node to help the network, although there is a shortage of those as well as non exit nodes. Maybe once upon a time everything everywhere will go through a tor like service, once we get pissed off by all the people being able to see what you do.
Relevant Link: http://www.instructables.com/id/Raspberry-Pi-Tor-relay/
You say things that offend me and I can deal with it. Can you?
If memory serves, four years ago the Iran elections resulted in much oppression and general chaos. A global call went out for Tor nodes and other resources in order to help the Iranian people at the time.
The next Iranian elections will be in June of this year. Perhaps we should be forward-looking and set up a robust network ahead of time?
Anyone remember these Slashdot posts of note?
http://yro.slashdot.org/story/09/06/29/1230216/the-technology-keeping-information-flowing-in-iran
http://yro.slashdot.org/story/09/06/22/1347228/mass-arrests-of-journalists-follow-iran-elections
http://science.slashdot.org/story/09/06/16/2137203/statistical-suspicions-in-irans-election
... While I always see 1-2 Chinese nodes in I2P NetDB, I have not seen any Iranian node. Why? Does it mean that anybody trying to connect is persistently looked for, or just the system is not popular? Or, maybe, TOR client is much less visible than I2P node and so is more secure?
Have a read here:
http://www.torservers.net/donate.html
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Sure, you can donate here. They take paypal.
I volunteer to be a Tor bridge, but just redirect all the traffic to another bridge so I don't get into trouble.
Sleep your way to a whiter smile...date a dentist!
The main concern for me is security. I don't trust anonymous entry into my private network. Perhaps if I had a proper DMZ I would do so, but that requires more equipment and features than my router and ISP permits.
(For those confused: No, that DMZ feature on your linksys router isn't a true DMZ, it's just a static NAT with PAT, and you really shouldn't be using it if you care anything about security. If it is using the same public IP and same subnet and vlan as everything else inside of your network, it is by definition not a DMZ, and is just needlessly enabling the chance of additional attack vectors.)
Careful with names containing L slashdot.org/~AiphaWolf_HK slashdot.org/~AlphaWoif_HK slashdot.org/~AiphaWoif_HK